| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Probleme mit dem Virenscanner/schutzWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
28.03.2014, 15:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Probleme mit dem Virenscanner/schutz Da ist noch was Aktives...bitte mal denn TDSS-Killer ausführen: Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.03.2014, 16:33
| #17 |
 | Probleme mit dem Virenscanner/schutz Da kam jetzt dass es ein Update des TDSSKiller gibt, habe es aber nicht gemacht.. folgender Report kam heraus:
__________________Code:
ATTFilter 16:29:35.0355 5140 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:29:36.0968 5140 ============================================================
16:29:36.0968 5140 Current date / time: 2014/03/28 16:29:36.0968
16:29:36.0968 5140 SystemInfo:
16:29:36.0968 5140
16:29:36.0968 5140 OS Version: 6.1.7601 ServicePack: 1.0
16:29:36.0968 5140 Product type: Workstation
16:29:36.0968 5140 ComputerName: DANIEL-PC
16:29:36.0968 5140 UserName: Daniel
16:29:36.0968 5140 Windows directory: C:\Windows
16:29:36.0968 5140 System windows directory: C:\Windows
16:29:36.0968 5140 Running under WOW64
16:29:36.0968 5140 Processor architecture: Intel x64
16:29:36.0968 5140 Number of processors: 4
16:29:36.0968 5140 Page size: 0x1000
16:29:36.0968 5140 Boot type: Normal boot
16:29:36.0968 5140 ============================================================
16:29:37.0960 5140 Raw registry subsystem init failed!
16:29:38.0137 5140 !crdlk
16:29:38.0153 5140 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:29:38.0153 5140 ============================================================
16:29:38.0153 5140 \Device\Harddisk0\DR0:
16:29:38.0153 5140 MBR partitions:
16:29:38.0153 5140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:29:38.0153 5140 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
16:29:38.0153 5140 ============================================================
16:29:38.0194 5140 C: <-> \Device\Harddisk0\DR0\Partition2
16:29:38.0194 5140 ============================================================
16:29:38.0194 5140 Initialize success
16:29:38.0194 5140 ============================================================
16:29:55.0744 7088 ============================================================
16:29:55.0744 7088 Scan started
16:29:55.0744 7088 Mode: Manual; SigCheck; TDLFS;
16:29:55.0744 7088 ============================================================
16:29:55.0744 7088 ================ Scan system memory ========================
16:29:55.0744 7088 System memory - ok
16:29:55.0744 7088 ================ Scan services =============================
16:29:55.0744 7088 ================ Scan global ===============================
16:29:55.0884 7088 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:29:55.0900 7088 [Global] - ok
16:29:55.0900 7088 ================ Scan MBR ==================================
16:29:55.0900 7088 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:29:56.0368 7088 \Device\Harddisk0\DR0 - ok
16:29:56.0368 7088 ================ Scan VBR ==================================
16:29:56.0399 7088 [ 5FAA6B590057CE7E6C4833D451512C91 ] \Device\Harddisk0\DR0\Partition1
16:29:56.0399 7088 \Device\Harddisk0\DR0\Partition1 - ok
16:29:56.0415 7088 [ D49881AFAB9F756E045C58CEE7FB5F34 ] \Device\Harddisk0\DR0\Partition2
16:29:56.0415 7088 \Device\Harddisk0\DR0\Partition2 - ok
16:29:56.0415 7088 ============================================================
16:29:56.0415 7088 Scan finished
16:29:56.0415 7088 ============================================================
16:29:56.0415 6252 Detected object count: 0
16:29:56.0415 6252 Actual detected object count: 0
16:30:05.0837 4040 ============================================================
16:30:05.0837 4040 Scan started
16:30:05.0837 4040 Mode: Manual; SigCheck; TDLFS;
16:30:05.0837 4040 ============================================================
16:30:05.0837 4040 ================ Scan system memory ========================
16:30:05.0837 4040 System memory - ok
16:30:05.0837 4040 ================ Scan services =============================
16:30:05.0837 4040 ================ Scan global ===============================
16:30:05.0868 4040 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:30:05.0868 4040 [Global] - ok
16:30:05.0868 4040 ================ Scan MBR ==================================
16:30:05.0884 4040 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:30:07.0288 4040 \Device\Harddisk0\DR0 - ok
16:30:07.0288 4040 ================ Scan VBR ==================================
16:30:07.0319 4040 [ 5FAA6B590057CE7E6C4833D451512C91 ] \Device\Harddisk0\DR0\Partition1
16:30:07.0319 4040 \Device\Harddisk0\DR0\Partition1 - ok
16:30:07.0335 4040 [ D49881AFAB9F756E045C58CEE7FB5F34 ] \Device\Harddisk0\DR0\Partition2
16:30:07.0335 4040 \Device\Harddisk0\DR0\Partition2 - ok
16:30:07.0335 4040 ============================================================
16:30:07.0335 4040 Scan finished
16:30:07.0335 4040 ============================================================
16:30:07.0350 6096 Detected object count: 0
16:30:07.0350 6096 Actual detected object count: 0
|
|
29.03.2014, 00:22
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit dem Virenscanner/schutzZitat:
__________________ |
|
29.03.2014, 09:58
| #19 |
| | Probleme mit dem Virenscanner/schutz Muss es in 2 Beiträge machen, zu viele Zeichen... Code:
ATTFilter
09:36:48.0242 0x0be4 TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
09:36:50.0256 0x0be4 ============================================================
09:36:50.0256 0x0be4 Current date / time: 2014/03/29 09:36:50.0256
09:36:50.0256 0x0be4 SystemInfo:
09:36:50.0256 0x0be4
09:36:50.0256 0x0be4 OS Version: 6.1.7601 ServicePack: 1.0
09:36:50.0256 0x0be4 Product type: Workstation
09:36:50.0256 0x0be4 ComputerName: DANIEL-PC
09:37:07.0589 0x0be4 UserName: Daniel
09:37:07.0589 0x0be4 Windows directory: C:\Windows
09:37:07.0589 0x0be4 System windows directory: C:\Windows
09:37:07.0589 0x0be4 Running under WOW64
09:37:07.0589 0x0be4 Processor architecture: Intel x64
09:37:07.0589 0x0be4 Number of processors: 4
09:37:07.0589 0x0be4 Page size: 0x1000
09:37:07.0589 0x0be4 Boot type: Normal boot
09:37:07.0589 0x0be4 ============================================================
09:37:07.0589 0x0be4 BG loaded
09:37:09.0695 0x0be4 System UUID: {EAE129F4-5D34-3278-CED2-689D74B81AE2}
09:37:12.0035 0x0be4 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:37:12.0050 0x0be4 ============================================================
09:37:12.0050 0x0be4 \Device\Harddisk0\DR0:
09:37:12.0050 0x0be4 MBR partitions:
09:37:12.0050 0x0be4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
09:37:12.0050 0x0be4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
09:37:12.0050 0x0be4 ============================================================
09:37:12.0378 0x0be4 C: <-> \Device\Harddisk0\DR0\Partition2
09:37:12.0378 0x0be4 ============================================================
09:37:12.0378 0x0be4 Initialize success
09:37:12.0378 0x0be4 ============================================================
09:37:32.0798 0x12dc ============================================================
09:37:32.0798 0x12dc Scan started
09:37:32.0798 0x12dc Mode: Manual; SigCheck; TDLFS;
09:37:32.0798 0x12dc ============================================================
09:37:32.0798 0x12dc KSN ping started
09:37:35.0357 0x12dc KSN ping finished: true
09:37:36.0948 0x12dc ================ Scan system memory ========================
09:37:36.0948 0x12dc System memory - ok
09:37:36.0948 0x12dc ================ Scan services =============================
09:37:38.0586 0x12dc 0292681395908944mcinstcleanup - ok
09:37:39.0553 0x12dc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:37:39.0678 0x12dc 1394ohci - ok
09:37:39.0756 0x12dc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:37:39.0772 0x12dc ACPI - ok
09:37:39.0834 0x12dc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:37:39.0928 0x12dc AcpiPmi - ok
09:37:40.0162 0x12dc [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:37:40.0177 0x12dc AdobeFlashPlayerUpdateSvc - ok
09:37:40.0255 0x12dc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:37:40.0286 0x12dc adp94xx - ok
09:37:40.0333 0x12dc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:37:40.0364 0x12dc adpahci - ok
09:37:40.0442 0x12dc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:37:40.0458 0x12dc adpu320 - ok
09:37:40.0520 0x12dc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:37:40.0754 0x12dc AeLookupSvc - ok
09:37:40.0770 0x12dc Suspicious service (NoAccess): af45d0f59a6a795
09:37:40.0817 0x12dc [ B1F752C4040087F88B0908BB3676900F, 7E9B8B26EF650826686CF235E79BB6A893B6D4EEE4F7F9C48917AB32051070C7 ] af45d0f59a6a795 C:\Windows\System32\Drivers\af45d0f59a6a795.sys
09:37:40.0817 0x12dc Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\af45d0f59a6a795.sys. md5: B1F752C4040087F88B0908BB3676900F, sha256: 7E9B8B26EF650826686CF235E79BB6A893B6D4EEE4F7F9C48917AB32051070C7
09:37:40.0848 0x12dc af45d0f59a6a795 - detected Rootkit.Win32.Necurs.gen ( 0 )
09:37:50.0941 0x12dc af45d0f59a6a795 ( Rootkit.Win32.Necurs.gen ) - infected
09:37:50.0941 0x12dc Force sending object to P2P due to detect: C:\Windows\System32\Drivers\af45d0f59a6a795.sys
09:37:54.0529 0x12dc Object send P2P result: true
09:37:57.0212 0x12dc [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
09:37:57.0322 0x12dc AFD - ok
09:37:57.0368 0x12dc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
09:37:57.0400 0x12dc agp440 - ok
09:37:57.0431 0x12dc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
09:37:57.0524 0x12dc ALG - ok
09:37:57.0571 0x12dc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
09:37:57.0602 0x12dc aliide - ok
09:37:57.0680 0x12dc [ FF779F9DE1CDF477033858B7681CEDA8, F190057C680F41BEF49FA7BE26A5827C124EC0BFE19D3E21ED93A3287E732D99 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:37:57.0758 0x12dc AMD External Events Utility - ok
09:37:57.0774 0x12dc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
09:37:57.0790 0x12dc amdide - ok
09:37:57.0821 0x12dc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:37:57.0899 0x12dc AmdK8 - ok
09:37:58.0180 0x12dc [ EF2B99DCEE397B45F50594696D7B5339, 568BD4AFD14C32A1602AE98D00A6C05372C0AE48D17CBC9257272A57F72E69D4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:37:58.0398 0x12dc amdkmdag - ok
09:37:58.0445 0x12dc [ 239DCE60BEE6E1576C803948AB4D54C5, BC346ACD57E9BDBBC4C659B1C9CB4D696A42B2AB3DBC387A169C89D11D15A673 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:37:58.0492 0x12dc amdkmdap - ok
09:37:58.0523 0x12dc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:37:58.0570 0x12dc AmdPPM - ok
09:37:58.0616 0x12dc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:37:58.0648 0x12dc amdsata - ok
09:37:58.0694 0x12dc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:37:58.0726 0x12dc amdsbs - ok
09:37:58.0741 0x12dc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:37:58.0757 0x12dc amdxata - ok
09:37:58.0804 0x12dc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
09:37:58.0991 0x12dc AppID - ok
09:37:59.0022 0x12dc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:37:59.0131 0x12dc AppIDSvc - ok
09:37:59.0194 0x12dc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
09:37:59.0272 0x12dc Appinfo - ok
09:37:59.0428 0x12dc [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:37:59.0459 0x12dc Apple Mobile Device - ok
09:37:59.0521 0x12dc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:37:59.0552 0x12dc arc - ok
09:37:59.0568 0x12dc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:37:59.0584 0x12dc arcsas - ok
09:37:59.0740 0x12dc [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:37:59.0818 0x12dc aspnet_state - ok
09:37:59.0864 0x12dc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:37:59.0958 0x12dc AsyncMac - ok
09:38:00.0020 0x12dc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
09:38:00.0036 0x12dc atapi - ok
09:38:00.0098 0x12dc [ 1C60A629AD4FFD06D80CD522B92CDB7C, 68F45BC4B0BA505548E2191677C74B1B6291E56765987347F7EAAF1C8C761A97 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
09:38:00.0098 0x12dc AthBTPort - ok
09:38:00.0192 0x12dc [ A31F72621C938048CBA02E82542F0715, 2C9EBCCA819A11FF2A9141D069B2ABE0CA4A2F374B842B4AA24790931126E4C1 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
09:38:00.0239 0x12dc AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:38:02.0797 0x12dc Detect skipped due to KSN trusted
09:38:02.0797 0x12dc AtherosSvc - ok
09:38:02.0938 0x12dc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:38:03.0016 0x12dc AudioEndpointBuilder - ok
09:38:03.0047 0x12dc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
09:38:03.0109 0x12dc AudioSrv - ok
09:38:03.0203 0x12dc [ BE5047191368D2C014202AB2775768B7, 5EC5B88B7FA7F9A9A6A665FD8638A3DF8030D6CD72C15C53CC3C34A88C1B9B27 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
09:38:03.0234 0x12dc Avgdiska - ok
09:38:03.0499 0x12dc [ 9D5EA7BD5E29F404CD158AED17B40A15, BC38F90AD8BBB51C27D9D325E400DF10B8A8BE34A497A7207F2E73E46E9AB3EE ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
09:38:03.0655 0x12dc AVGIDSAgent - ok
09:38:03.0749 0x12dc [ EE48CA8AB25E2B0EE3D3E5A463C5A37E, 06A0AF4CB8D3715701ABD272E42F7CCF406C61AF838F5F53A7F6630D4A600905 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:38:03.0780 0x12dc AVGIDSDriver - ok
09:38:03.0842 0x12dc [ 494D668B4CB866A1D6835E5F01B13EF1, A2989DB82F31F9B30E4DC1F814BD0D7E286B33DB033C63796E2020BD18648EF3 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
09:38:03.0889 0x12dc AVGIDSHA - ok
09:38:03.0952 0x12dc [ 4BE8BB177B4C2BC3564845EF6D1073F1, 4ACA54EA54F5ABA96A73BD83C0C5A83C37090FEB7CBE67AE94E9CD3E364931C8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
09:38:03.0983 0x12dc Avgldx64 - ok
09:38:04.0030 0x12dc [ D3772CC086FB81F76B5A82C85E1C7C8E, B1BEFD7AC658F28AECEF5468F5815504BDDC8A4203207B6F0CA53C5B216F782D ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
09:38:04.0061 0x12dc Avgloga - ok
09:38:04.0092 0x12dc [ A0BCE5DC2C1F1EE5C1CA19A33375AC23, 517663AEDD7A45607E17910DE60B2847E521472F9C0AB56034617BE2F351DE8D ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
09:38:04.0108 0x12dc Avgmfx64 - ok
09:38:04.0139 0x12dc [ 12FAAF366975B2BF2E93F1866C0E480D, 559480A1434E6805CF4F3DB5352E98387053194BB7B0DB18099B53D306D9951D ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
09:38:04.0170 0x12dc Avgrkx64 - ok
09:38:04.0217 0x12dc [ 4E364FABBD147F59E5D524C9EA86D772, 5D2B1E35EDBF68C23C5BF38B8B7AC484E3430219E0072C4831F58A9E8386A5FD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
09:38:04.0248 0x12dc Avgtdia - ok
09:38:04.0326 0x12dc [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
09:38:04.0357 0x12dc avgwd - ok
09:38:04.0420 0x12dc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:38:04.0544 0x12dc AxInstSV - ok
09:38:04.0685 0x12dc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
09:38:04.0856 0x12dc b06bdrv - ok
09:38:05.0090 0x12dc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
09:38:05.0231 0x12dc b57nd60a - ok
09:38:06.0713 0x12dc [ 2D659B569A76CDB83B815675A80D7096, 8246BD350017B6CBADA4BBDBAB8B708B0A8F1AD5ADD4B2DE1BA610B4A188C262 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
09:38:06.0853 0x12dc BCM43XX - ok
09:38:07.0025 0x12dc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
09:38:07.0150 0x12dc BDESVC - ok
09:38:07.0306 0x12dc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
09:38:07.0415 0x12dc Beep - ok
09:38:07.0727 0x12dc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
09:38:07.0805 0x12dc BFE - ok
09:38:08.0054 0x12dc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
09:38:08.0226 0x12dc BITS - ok
09:38:08.0273 0x12dc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:38:08.0366 0x12dc blbdrive - ok
09:38:08.0491 0x12dc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:38:08.0585 0x12dc bowser - ok
09:38:08.0694 0x12dc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:38:09.0427 0x12dc BrFiltLo - ok
09:38:09.0443 0x12dc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:38:09.0490 0x12dc BrFiltUp - ok
09:38:09.0552 0x12dc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
09:38:09.0661 0x12dc BridgeMP - ok
09:38:09.0739 0x12dc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
09:38:09.0833 0x12dc Browser - ok
09:38:09.0880 0x12dc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:38:09.0958 0x12dc Brserid - ok
09:38:09.0989 0x12dc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:38:10.0020 0x12dc BrSerWdm - ok
09:38:10.0067 0x12dc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:38:10.0114 0x12dc BrUsbMdm - ok
09:38:10.0145 0x12dc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:38:10.0192 0x12dc BrUsbSer - ok
09:38:10.0238 0x12dc [ 89F5586E80B42CA4E98B3EFDAFCAD1B8, FDBD3B5455A7F4F0F680A18AE925B971E9F19626EDAAB79C3AFCD48E047D1A34 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
09:38:10.0254 0x12dc BTATH_A2DP - ok
09:38:10.0285 0x12dc [ BC14A513C0120919A019E18061FACA46, BFD4A0D3AAEFC797E2DC34A51A098BB7F48672E7F3238D346CF090A43B711EEB ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
09:38:10.0301 0x12dc BTATH_BUS - ok
09:38:10.0332 0x12dc [ 76E867C34242D16E3418AA9A9430D96A, 9F0FDE76CD51D5F9C8500CB4123448F58FD180EBEB24FE9723E0E3F06E5531BB ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
09:38:10.0348 0x12dc BTATH_HCRP - ok
09:38:10.0379 0x12dc [ 6409827297DAF3699643E9F6EC5C2CD2, BA1945AFABCDBB0147A54992E808C25FF729C55294D5E9393014C5203A8AE26B ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
09:38:10.0394 0x12dc BTATH_LWFLT - ok
09:38:10.0441 0x12dc [ 2B53167C52A1730A59EDFD3C83DEFF70, 3E327AEEB3EF22B9BEFF1E7F59F1739CC62C9CD0E33300402AA11E83131BF88B ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
09:38:10.0472 0x12dc BTATH_RCP - ok
09:38:10.0519 0x12dc [ 832B121E4532919CC49F2438F1DCAA21, 70FFDD505A64D3CF03220D6422EDD47CA2E0DF711BBF2ED057F32A688CB2E2E8 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
09:38:10.0566 0x12dc BthAvrcp - ok
09:38:10.0628 0x12dc [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
09:38:10.0722 0x12dc BthEnum - ok
09:38:10.0769 0x12dc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:38:10.0831 0x12dc BTHMODEM - ok
09:38:10.0878 0x12dc [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:38:10.0940 0x12dc BthPan - ok
09:38:11.0034 0x12dc [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:38:11.0143 0x12dc BTHPORT - ok
09:38:11.0206 0x12dc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
09:38:11.0299 0x12dc bthserv - ok
09:38:11.0346 0x12dc [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:38:11.0408 0x12dc BTHUSB - ok
09:38:11.0440 0x12dc catchme - ok
09:38:11.0471 0x12dc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:38:11.0580 0x12dc cdfs - ok
09:38:11.0627 0x12dc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
09:38:11.0674 0x12dc cdrom - ok
09:38:11.0736 0x12dc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
09:38:11.0798 0x12dc CertPropSvc - ok
09:38:11.0845 0x12dc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:38:11.0892 0x12dc circlass - ok
09:38:11.0970 0x12dc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
09:38:12.0017 0x12dc CLFS - ok
09:38:12.0110 0x12dc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:12.0126 0x12dc clr_optimization_v2.0.50727_32 - ok
09:38:12.0173 0x12dc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:12.0188 0x12dc clr_optimization_v2.0.50727_64 - ok
09:38:12.0313 0x12dc [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:12.0516 0x12dc clr_optimization_v4.0.30319_32 - ok
09:38:12.0547 0x12dc [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:12.0610 0x12dc clr_optimization_v4.0.30319_64 - ok
09:38:12.0656 0x12dc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:38:12.0688 0x12dc CmBatt - ok
09:38:12.0719 0x12dc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:38:12.0734 0x12dc cmdide - ok
09:38:12.0797 0x12dc [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
09:38:12.0844 0x12dc CNG - ok
09:38:12.0890 0x12dc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:38:12.0906 0x12dc Compbatt - ok
09:38:12.0984 0x12dc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:38:13.0046 0x12dc CompositeBus - ok
09:38:13.0062 0x12dc COMSysApp - ok
09:38:13.0093 0x12dc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:38:13.0109 0x12dc crcdisk - ok
09:38:13.0171 0x12dc [ D8129C49798CBBFB2E4351D4B7B8EF9C, 7C125DBA3F88E7C6D98AE0869EDB7995360904A913923528ABD0429B2608C313 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:38:13.0218 0x12dc CryptSvc - ok
09:38:13.0265 0x12dc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:38:13.0358 0x12dc DcomLaunch - ok
09:38:13.0421 0x12dc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
09:38:13.0546 0x12dc defragsvc - ok
09:38:13.0592 0x12dc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:38:13.0639 0x12dc DfsC - ok
09:38:13.0717 0x12dc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:38:13.0795 0x12dc Dhcp - ok
09:38:13.0826 0x12dc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
09:38:13.0904 0x12dc discache - ok
09:38:13.0951 0x12dc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:38:13.0967 0x12dc Disk - ok
09:38:14.0029 0x12dc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:38:14.0092 0x12dc Dnscache - ok
09:38:14.0154 0x12dc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
09:38:14.0263 0x12dc dot3svc - ok
09:38:14.0294 0x12dc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
09:38:14.0388 0x12dc DPS - ok
09:38:14.0435 0x12dc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:38:14.0497 0x12dc drmkaud - ok
09:38:14.0575 0x12dc [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
09:38:14.0606 0x12dc DsiWMIService - ok
09:38:14.0716 0x12dc [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:38:14.0747 0x12dc DXGKrnl - ok
09:38:14.0794 0x12dc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
09:38:14.0872 0x12dc EapHost - ok
09:38:15.0043 0x12dc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
09:38:15.0246 0x12dc ebdrv - ok
09:38:15.0293 0x12dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
09:38:15.0355 0x12dc EFS - ok
09:38:15.0464 0x12dc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:38:15.0589 0x12dc ehRecvr - ok
09:38:15.0620 0x12dc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
09:38:15.0714 0x12dc ehSched - ok
09:38:15.0792 0x12dc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:38:15.0823 0x12dc elxstor - ok
09:38:15.0948 0x12dc [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
09:38:15.0979 0x12dc ePowerSvc - ok
09:38:16.0042 0x12dc [ 7DB097F4F6786307168C0DDDEC43A565, 963C0D3D88FB4BF9C2FBCB296B03603E2F8AA8B4E8976162842863B7538C1A9F ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
09:38:16.0104 0x12dc EPSON_EB_RPCV4_04 - ok
09:38:16.0135 0x12dc [ 258AA65A0862E19B7DE6981FDA3758AD, C090F19BEDC2CFB0B5265BCE48BD52102E06CBC15EEFE4CDB747D44F2E42D545 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
09:38:16.0166 0x12dc EPSON_PM_RPCV4_04 - ok
09:38:16.0213 0x12dc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:38:16.0244 0x12dc ErrDev - ok
09:38:16.0322 0x12dc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
09:38:16.0385 0x12dc EventSystem - ok
09:38:16.0416 0x12dc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
09:38:16.0478 0x12dc exfat - ok
09:38:16.0510 0x12dc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:38:16.0588 0x12dc fastfat - ok
09:38:16.0666 0x12dc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
09:38:16.0744 0x12dc Fax - ok
09:38:16.0790 0x12dc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:38:16.0837 0x12dc fdc - ok
09:38:16.0884 0x12dc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
09:38:16.0993 0x12dc fdPHost - ok
09:38:17.0009 0x12dc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
09:38:17.0071 0x12dc FDResPub - ok
09:38:17.0134 0x12dc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:38:17.0134 0x12dc FileInfo - ok
09:38:17.0165 0x12dc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:38:17.0258 0x12dc Filetrace - ok
09:38:17.0617 0x12dc [ 923B1F7EA2A3DE6790D9193FFC355A4D, 36EC6DD4D36AA65A32D924CBC6DD448A2CB9E915395BE621004B858786E86CB4 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
09:38:17.0945 0x12dc FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
09:38:20.0503 0x12dc Detect skipped due to KSN trusted
09:38:20.0503 0x12dc FirebirdServerDefaultInstance - ok
09:38:20.0581 0x12dc [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:38:20.0644 0x12dc FLEXnet Licensing Service - ok
09:38:20.0675 0x12dc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:38:20.0706 0x12dc flpydisk - ok
09:38:20.0768 0x12dc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:38:20.0800 0x12dc FltMgr - ok
09:38:20.0893 0x12dc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
09:38:21.0002 0x12dc FontCache - ok
09:38:21.0112 0x12dc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:21.0143 0x12dc FontCache3.0.0.0 - ok
09:38:21.0158 0x12dc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:38:21.0190 0x12dc FsDepends - ok
09:38:21.0221 0x12dc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:38:21.0252 0x12dc Fs_Rec - ok
09:38:21.0314 0x12dc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:38:21.0361 0x12dc fvevol - ok
09:38:21.0408 0x12dc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:38:21.0439 0x12dc gagp30kx - ok
09:38:21.0502 0x12dc [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:38:21.0517 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: E403AACF8C7BB11375122D2464560311, sha256: 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF
09:38:21.0533 0x12dc GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
09:38:24.0091 0x12dc Detect skipped due to KSN trusted
09:38:24.0091 0x12dc GEARAspiWDM - ok
09:38:24.0185 0x12dc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
09:38:24.0278 0x12dc gpsvc - ok
09:38:24.0325 0x12dc [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
09:38:24.0356 0x12dc GREGService - ok
09:38:24.0481 0x12dc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:24.0497 0x12dc gupdate - ok
09:38:24.0512 0x12dc [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:24.0528 0x12dc gupdatem - ok
09:38:24.0559 0x12dc [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
09:38:24.0575 0x12dc hamachi - ok
09:38:24.0606 0x12dc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:38:24.0606 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
09:38:24.0606 0x12dc hcw85cir - detected LockedFile.Multi.Generic ( 1 )
09:38:27.0164 0x12dc Detect skipped due to KSN trusted
09:38:27.0164 0x12dc hcw85cir - ok
09:38:27.0274 0x12dc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:38:27.0274 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
09:38:27.0289 0x12dc HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
09:38:29.0832 0x12dc Detect skipped due to KSN trusted
09:38:29.0832 0x12dc HdAudAddService - ok
09:38:29.0926 0x12dc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:38:29.0926 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
09:38:29.0972 0x12dc HDAudBus - detected LockedFile.Multi.Generic ( 1 )
09:38:32.0532 0x12dc Detect skipped due to KSN trusted
09:38:32.0532 0x12dc HDAudBus - ok
09:38:32.0594 0x12dc [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
09:38:32.0594 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
09:38:32.0594 0x12dc HECIx64 - detected LockedFile.Multi.Generic ( 1 )
09:38:35.0153 0x12dc Detect skipped due to KSN trusted
09:38:35.0153 0x12dc HECIx64 - ok
09:38:35.0184 0x12dc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:38:35.0184 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
09:38:35.0184 0x12dc HidBatt - detected LockedFile.Multi.Generic ( 1 )
09:38:37.0742 0x12dc Detect skipped due to KSN trusted
09:38:37.0742 0x12dc HidBatt - ok
09:38:37.0805 0x12dc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:38:37.0805 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
09:38:37.0805 0x12dc HidBth - detected LockedFile.Multi.Generic ( 1 )
09:38:40.0363 0x12dc Detect skipped due to KSN trusted
09:38:40.0363 0x12dc HidBth - ok
09:38:40.0457 0x12dc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:38:40.0457 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
09:38:40.0457 0x12dc HidIr - detected LockedFile.Multi.Generic ( 1 )
09:38:43.0015 0x12dc Detect skipped due to KSN trusted
09:38:43.0015 0x12dc HidIr - ok
09:38:43.0093 0x12dc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
09:38:43.0187 0x12dc hidserv - ok
09:38:43.0327 0x12dc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:38:43.0327 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
09:38:43.0327 0x12dc HidUsb - detected LockedFile.Multi.Generic ( 1 )
09:38:45.0854 0x12dc Detect skipped due to KSN trusted
09:38:45.0854 0x12dc HidUsb - ok
09:38:45.0948 0x12dc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:38:46.0010 0x12dc hkmsvc - ok
09:38:46.0166 0x12dc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:38:46.0275 0x12dc HomeGroupListener - ok
09:38:46.0369 0x12dc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:38:46.0400 0x12dc HomeGroupProvider - ok
09:38:46.0478 0x12dc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:38:46.0478 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
09:38:46.0478 0x12dc HpSAMD - detected LockedFile.Multi.Generic ( 1 )
09:38:49.0037 0x12dc Detect skipped due to KSN trusted
09:38:49.0037 0x12dc HpSAMD - ok
09:38:49.0317 0x12dc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:38:49.0317 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
09:38:49.0333 0x12dc HTTP - detected LockedFile.Multi.Generic ( 1 )
09:38:51.0891 0x12dc Detect skipped due to KSN trusted
09:38:51.0891 0x12dc HTTP - ok
09:38:51.0938 0x12dc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:38:51.0938 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
09:38:51.0938 0x12dc hwpolicy - detected LockedFile.Multi.Generic ( 1 )
09:38:54.0512 0x12dc Detect skipped due to KSN trusted
09:38:54.0512 0x12dc hwpolicy - ok
09:38:54.0653 0x12dc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:38:54.0653 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
09:38:54.0668 0x12dc i8042prt - detected LockedFile.Multi.Generic ( 1 )
09:39:04.0683 0x12dc Object is SCO, delete is not allowed
09:39:04.0683 0x12dc i8042prt ( LockedFile.Multi.Generic ) - warning
09:39:09.0239 0x12dc [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:39:09.0239 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1384872112E8E7FD5786ECEB8BDDF4C9, sha256: DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02
09:39:09.0270 0x12dc iaStor - detected LockedFile.Multi.Generic ( 1 )
09:39:11.0813 0x12dc Detect skipped due to KSN trusted
09:39:11.0813 0x12dc iaStor - ok
09:39:11.0875 0x12dc [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
09:39:11.0906 0x12dc IAStorDataMgrSvc - ok
09:39:11.0969 0x12dc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:39:11.0969 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
09:39:11.0969 0x12dc iaStorV - detected LockedFile.Multi.Generic ( 1 )
09:39:14.0527 0x12dc Detect skipped due to KSN trusted
09:39:14.0527 0x12dc iaStorV - ok
09:39:14.0652 0x12dc [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:39:14.0699 0x12dc IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
09:39:17.0257 0x12dc Detect skipped due to KSN trusted
09:39:17.0257 0x12dc IDriverT - ok
09:39:17.0351 0x12dc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:39:17.0397 0x12dc idsvc - ok
09:39:17.0444 0x12dc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:39:17.0444 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
09:39:17.0444 0x12dc iirsp - detected LockedFile.Multi.Generic ( 1 )
09:39:19.0971 0x12dc Detect skipped due to KSN trusted
09:39:19.0971 0x12dc iirsp - ok
09:39:20.0143 0x12dc [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
09:39:20.0221 0x12dc IKEEXT - ok
09:39:20.0377 0x12dc [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:39:20.0393 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 235362D403D9D677514649D88DB31914, sha256: 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965
09:39:20.0393 0x12dc IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
09:39:22.0951 0x12dc Detect skipped due to KSN trusted
09:39:22.0951 0x12dc IntcAzAudAddService - ok
09:39:23.0013 0x12dc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
09:39:23.0013 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
09:39:23.0013 0x12dc intelide - detected LockedFile.Multi.Generic ( 1 )
09:39:25.0572 0x12dc Detect skipped due to KSN trusted
09:39:25.0572 0x12dc intelide - ok
09:39:25.0634 0x12dc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:39:25.0650 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
09:39:25.0665 0x12dc intelppm - detected LockedFile.Multi.Generic ( 1 )
09:39:28.0208 0x12dc Detect skipped due to KSN trusted
09:39:28.0208 0x12dc intelppm - ok
09:39:28.0271 0x12dc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:39:28.0349 0x12dc IPBusEnum - ok
09:39:28.0380 0x12dc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:39:28.0380 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
09:39:28.0380 0x12dc IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
09:39:30.0954 0x12dc Detect skipped due to KSN trusted
09:39:30.0954 0x12dc IpFilterDriver - ok
09:39:31.0063 0x12dc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:39:31.0110 0x12dc iphlpsvc - ok
09:39:31.0141 0x12dc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:39:31.0141 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
09:39:31.0141 0x12dc IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
09:39:33.0715 0x12dc Detect skipped due to KSN trusted
09:39:33.0715 0x12dc IPMIDRV - ok
09:39:33.0778 0x12dc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:39:33.0778 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
09:39:33.0778 0x12dc IPNAT - detected LockedFile.Multi.Generic ( 1 )
09:39:36.0320 0x12dc Detect skipped due to KSN trusted
09:39:36.0320 0x12dc IPNAT - ok
09:39:36.0476 0x12dc [ 50D6CCC6FF5561F9F56946B3E6164FB8, 27529E751D3CB13B651B54474F04A17DF5737AD0170CD41F601E779F90603D11 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:39:36.0523 0x12dc iPod Service - ok
09:39:36.0570 0x12dc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:39:36.0570 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
09:39:36.0570 0x12dc IRENUM - detected LockedFile.Multi.Generic ( 1 )
09:39:39.0128 0x12dc Detect skipped due to KSN trusted
09:39:39.0128 0x12dc IRENUM - ok
09:39:39.0175 0x12dc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:39:39.0175 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
09:39:39.0175 0x12dc isapnp - detected LockedFile.Multi.Generic ( 1 )
09:39:41.0749 0x12dc Detect skipped due to KSN trusted
09:39:41.0749 0x12dc isapnp - ok
09:39:41.0827 0x12dc [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:39:41.0827 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
09:39:41.0827 0x12dc iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
09:39:44.0386 0x12dc Detect skipped due to KSN trusted
09:39:44.0386 0x12dc iScsiPrt - ok
09:39:44.0479 0x12dc [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
09:39:44.0479 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 37E053A2CF8F0082B689ED74106E0CEC, sha256: 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7
09:39:44.0479 0x12dc k57nd60a - detected LockedFile.Multi.Generic ( 1 )
09:39:47.0022 0x12dc Detect skipped due to KSN trusted
09:39:47.0022 0x12dc k57nd60a - ok
09:39:47.0084 0x12dc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:39:47.0084 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
09:39:47.0084 0x12dc kbdclass - detected LockedFile.Multi.Generic ( 1 )
09:39:49.0643 0x12dc Detect skipped due to KSN trusted
09:39:49.0643 0x12dc kbdclass - ok
09:39:49.0690 0x12dc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:39:49.0690 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
09:39:49.0690 0x12dc kbdhid - detected LockedFile.Multi.Generic ( 1 )
09:39:52.0248 0x12dc Detect skipped due to KSN trusted
09:39:52.0248 0x12dc kbdhid - ok
09:39:52.0310 0x12dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
09:39:52.0342 0x12dc KeyIso - ok
09:39:52.0388 0x12dc [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:39:52.0388 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4, sha256: 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8
09:39:52.0388 0x12dc KSecDD - detected LockedFile.Multi.Generic ( 1 )
09:39:54.0962 0x12dc Detect skipped due to KSN trusted
09:39:54.0962 0x12dc KSecDD - ok
09:39:55.0025 0x12dc [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:39:55.0025 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07, sha256: 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B
09:39:55.0025 0x12dc KSecPkg - detected LockedFile.Multi.Generic ( 1 )
09:39:57.0568 0x12dc Detect skipped due to KSN trusted
09:39:57.0568 0x12dc KSecPkg - ok
09:39:57.0646 0x12dc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
09:39:57.0646 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
09:39:57.0646 0x12dc ksthunk - detected LockedFile.Multi.Generic ( 1 )
09:40:00.0220 0x12dc Detect skipped due to KSN trusted
09:40:00.0220 0x12dc ksthunk - ok
09:40:00.0282 0x12dc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
09:40:00.0360 0x12dc KtmRm - ok
09:40:00.0438 0x12dc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
09:40:00.0500 0x12dc LanmanServer - ok
09:40:00.0563 0x12dc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:40:00.0641 0x12dc LanmanWorkstation - ok
09:40:00.0672 0x12dc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:40:00.0672 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
09:40:00.0672 0x12dc lltdio - detected LockedFile.Multi.Generic ( 1 )
09:40:03.0230 0x12dc Detect skipped due to KSN trusted
09:40:03.0230 0x12dc lltdio - ok
09:40:03.0324 0x12dc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:40:03.0386 0x12dc lltdsvc - ok
09:40:03.0418 0x12dc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:40:03.0480 0x12dc lmhosts - ok
09:40:03.0589 0x12dc [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
09:40:03.0620 0x12dc LMS - ok
09:40:03.0667 0x12dc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:40:03.0667 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
09:40:03.0667 0x12dc LSI_FC - detected LockedFile.Multi.Generic ( 1 )
09:40:06.0226 0x12dc Detect skipped due to KSN trusted
09:40:06.0226 0x12dc LSI_FC - ok
09:40:06.0272 0x12dc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:40:06.0272 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
09:40:06.0272 0x12dc LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
09:40:08.0831 0x12dc Detect skipped due to KSN trusted
09:40:08.0831 0x12dc LSI_SAS - ok
09:40:08.0878 0x12dc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:40:08.0878 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
09:40:08.0878 0x12dc LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
09:40:18.0893 0x12dc LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
09:40:18.0893 0x12dc Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:40:22.0496 0x12dc Object send P2P result: true
09:40:25.0039 0x12dc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:40:25.0039 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
09:40:25.0039 0x12dc LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
09:40:27.0598 0x12dc Detect skipped due to KSN trusted
09:40:27.0598 0x12dc LSI_SCSI - ok
09:40:27.0644 0x12dc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
09:40:27.0644 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
09:40:27.0644 0x12dc luafv - detected LockedFile.Multi.Generic ( 1 )
09:40:30.0733 0x12dc Detect skipped due to KSN trusted
09:40:30.0733 0x12dc luafv - ok
09:40:30.0811 0x12dc [ CD51E1D0D638F1E07A6EDC98CD7F5DDA, 360AC29DFE46C96BB41045DE325729397F17912DBAF83D5119EBD2A3A8C9A5FB ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
09:40:30.0842 0x12dc mbamchameleon - ok
09:40:30.0889 0x12dc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:40:30.0952 0x12dc Mcx2Svc - ok
09:40:30.0983 0x12dc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:40:30.0983 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
09:40:30.0983 0x12dc megasas - detected LockedFile.Multi.Generic ( 1 )
09:40:33.0541 0x12dc Detect skipped due to KSN trusted
09:40:33.0541 0x12dc megasas - ok
09:40:33.0604 0x12dc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:40:33.0604 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
09:40:33.0604 0x12dc MegaSR - detected LockedFile.Multi.Generic ( 1 )
09:40:36.0178 0x12dc Detect skipped due to KSN trusted
09:40:36.0178 0x12dc MegaSR - ok
09:40:36.0287 0x12dc Microsoft SharePoint Workspace Audit Service - ok
09:40:36.0318 0x12dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
09:40:36.0380 0x12dc MMCSS - ok
09:40:36.0427 0x12dc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
09:40:36.0427 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
09:40:36.0427 0x12dc Modem - detected LockedFile.Multi.Generic ( 1 )
09:40:38.0986 0x12dc Detect skipped due to KSN trusted
09:40:38.0986 0x12dc Modem - ok
09:40:39.0048 0x12dc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:40:39.0048 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
09:40:39.0048 0x12dc monitor - detected LockedFile.Multi.Generic ( 1 )
09:40:41.0622 0x12dc Detect skipped due to KSN trusted
09:40:41.0622 0x12dc monitor - ok
09:40:41.0700 0x12dc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:40:41.0700 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
09:40:41.0700 0x12dc mouclass - detected LockedFile.Multi.Generic ( 1 )
09:40:44.0258 0x12dc Detect skipped due to KSN trusted
09:40:44.0258 0x12dc mouclass - ok
09:40:44.0352 0x12dc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:40:44.0352 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
09:40:44.0352 0x12dc mouhid - detected LockedFile.Multi.Generic ( 1 )
09:40:46.0910 0x12dc Detect skipped due to KSN trusted
09:40:46.0910 0x12dc mouhid - ok
09:40:46.0973 0x12dc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:40:46.0973 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
09:40:46.0973 0x12dc mountmgr - detected LockedFile.Multi.Generic ( 1 )
09:40:49.0531 0x12dc Detect skipped due to KSN trusted
09:40:49.0531 0x12dc mountmgr - ok
09:40:49.0578 0x12dc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
09:40:49.0578 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
09:40:49.0578 0x12dc mpio - detected LockedFile.Multi.Generic ( 1 )
09:40:52.0136 0x12dc Detect skipped due to KSN trusted
09:40:52.0136 0x12dc mpio - ok
09:40:52.0230 0x12dc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:40:52.0230 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
09:40:52.0230 0x12dc mpsdrv - detected LockedFile.Multi.Generic ( 1 )
09:40:54.0788 0x12dc Detect skipped due to KSN trusted
09:40:54.0788 0x12dc mpsdrv - ok
09:40:54.0944 0x12dc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
09:40:55.0054 0x12dc MpsSvc - ok
09:40:55.0100 0x12dc [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:40:55.0100 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
09:40:55.0100 0x12dc MRxDAV - detected LockedFile.Multi.Generic ( 1 )
09:40:57.0659 0x12dc Detect skipped due to KSN trusted
09:40:57.0659 0x12dc MRxDAV - ok
09:40:57.0721 0x12dc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:40:57.0721 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
09:40:57.0721 0x12dc mrxsmb - detected LockedFile.Multi.Generic ( 1 )
09:41:00.0295 0x12dc Detect skipped due to KSN trusted
09:41:00.0295 0x12dc mrxsmb - ok
09:41:00.0373 0x12dc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:41:00.0373 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
09:41:00.0373 0x12dc mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
09:41:02.0947 0x12dc Detect skipped due to KSN trusted
09:41:02.0947 0x12dc mrxsmb10 - ok
09:41:02.0994 0x12dc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:41:02.0994 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
09:41:02.0994 0x12dc mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
09:41:05.0568 0x12dc Detect skipped due to KSN trusted
09:41:05.0568 0x12dc mrxsmb20 - ok
09:41:05.0646 0x12dc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
09:41:05.0646 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
09:41:05.0646 0x12dc msahci - detected LockedFile.Multi.Generic ( 1 )
09:41:08.0204 0x12dc Detect skipped due to KSN trusted
09:41:08.0204 0x12dc msahci - ok
09:41:08.0329 0x12dc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:41:08.0329 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
09:41:08.0329 0x12dc msdsm - detected LockedFile.Multi.Generic ( 1 )
09:41:10.0903 0x12dc Detect skipped due to KSN trusted
09:41:10.0903 0x12dc msdsm - ok
09:41:10.0950 0x12dc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
09:41:10.0997 0x12dc MSDTC - ok
09:41:11.0028 0x12dc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:41:11.0028 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
09:41:11.0028 0x12dc Msfs - detected LockedFile.Multi.Generic ( 1 )
09:41:13.0586 0x12dc Detect skipped due to KSN trusted
09:41:13.0586 0x12dc Msfs - ok
09:41:13.0649 0x12dc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:41:13.0649 0x12dc Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
09:41:13.0649 0x12dc mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
09:41:16.0207 0x12dc Detect skipped due to KSN trusted
09:41:16.0207 0x12dc mshidkmdf - ok
09:41:16.0270 0x12dc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:41:16.0270 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
09:41:16.0270 0x12dc msisadrv - detected LockedFile.Multi.Generic ( 1 )
09:41:18.0844 0x12dc Detect skipped due to KSN trusted
09:41:18.0844 0x12dc msisadrv - ok
09:41:18.0906 0x12dc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:41:19.0000 0x12dc MSiSCSI - ok
09:41:19.0000 0x12dc msiserver - ok
09:41:19.0031 0x12dc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:41:19.0031 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
09:41:19.0031 0x12dc MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
09:41:21.0589 0x12dc Detect skipped due to KSN trusted
09:41:21.0589 0x12dc MSKSSRV - ok
09:41:21.0667 0x12dc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:41:21.0667 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
09:41:21.0667 0x12dc MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
09:41:31.0683 0x12dc Object is SCO, delete is not allowed
09:41:31.0683 0x12dc MSPCLOCK ( LockedFile.Multi.Generic ) - warning
09:41:31.0683 0x12dc Force sending object to P2P due to detect: C:\Windows\system32\drivers\MSPCLOCK.sys
09:41:36.0035 0x12dc Object send P2P result: true
09:41:38.0527 0x12dc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:41:38.0527 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
09:41:38.0527 0x12dc MSPQM - detected LockedFile.Multi.Generic ( 1 )
09:41:41.0081 0x12dc Detect skipped due to KSN trusted
09:41:41.0081 0x12dc MSPQM - ok
09:41:41.0159 0x12dc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:41:41.0159 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
09:41:41.0159 0x12dc MsRPC - detected LockedFile.Multi.Generic ( 1 )
09:41:43.0733 0x12dc Detect skipped due to KSN trusted
09:41:43.0733 0x12dc MsRPC - ok
09:41:43.0795 0x12dc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:41:43.0795 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
09:41:43.0795 0x12dc mssmbios - detected LockedFile.Multi.Generic ( 1 )
09:41:46.0369 0x12dc Detect skipped due to KSN trusted
09:41:46.0369 0x12dc mssmbios - ok
09:41:46.0416 0x12dc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:41:46.0416 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
09:41:46.0416 0x12dc MSTEE - detected LockedFile.Multi.Generic ( 1 )
09:41:48.0990 0x12dc Detect skipped due to KSN trusted
09:41:48.0990 0x12dc MSTEE - ok
09:41:49.0068 0x12dc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:41:49.0068 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
09:41:49.0068 0x12dc MTConfig - detected LockedFile.Multi.Generic ( 1 )
09:41:51.0626 0x12dc Detect skipped due to KSN trusted
09:41:51.0626 0x12dc MTConfig - ok
09:41:51.0673 0x12dc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
09:41:51.0673 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
09:41:51.0689 0x12dc Mup - detected LockedFile.Multi.Generic ( 1 )
09:41:54.0247 0x12dc Detect skipped due to KSN trusted
09:41:54.0247 0x12dc Mup - ok
09:41:54.0325 0x12dc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
09:41:54.0419 0x12dc napagent - ok
09:41:54.0481 0x12dc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:41:54.0481 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
09:41:54.0481 0x12dc NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
09:41:57.0039 0x12dc Detect skipped due to KSN trusted
09:41:57.0039 0x12dc NativeWifiP - ok
09:41:57.0258 0x12dc [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B, 5D568AD63FC8D24439C3DEA7AF5240BBEE8136542FDE7030816795F8D7A5EC73 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
09:41:57.0336 0x12dc NBService - detected UnsignedFile.Multi.Generic ( 1 )
09:41:59.0894 0x12dc Detect skipped due to KSN trusted
09:41:59.0894 0x12dc NBService - ok
09:42:00.0019 0x12dc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
09:42:00.0019 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
09:42:00.0019 0x12dc NDIS - detected LockedFile.Multi.Generic ( 1 )
09:42:02.0609 0x12dc Detect skipped due to KSN trusted
09:42:02.0609 0x12dc NDIS - ok
09:42:02.0655 0x12dc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:42:02.0655 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
09:42:02.0655 0x12dc NdisCap - detected LockedFile.Multi.Generic ( 1 )
09:42:05.0229 0x12dc Detect skipped due to KSN trusted
09:42:05.0229 0x12dc NdisCap - ok
09:42:05.0276 0x12dc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:42:05.0276 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
09:42:05.0276 0x12dc NdisTapi - detected LockedFile.Multi.Generic ( 1 )
09:42:07.0850 0x12dc Detect skipped due to KSN trusted
09:42:07.0850 0x12dc NdisTapi - ok
09:42:07.0959 0x12dc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:42:07.0959 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
09:42:07.0959 0x12dc Ndisuio - detected LockedFile.Multi.Generic ( 1 )
09:42:10.0518 0x12dc Detect skipped due to KSN trusted
09:42:10.0518 0x12dc Ndisuio - ok
09:42:10.0580 0x12dc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:42:10.0580 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
09:42:10.0611 0x12dc NdisWan - detected LockedFile.Multi.Generic ( 1 )
09:42:13.0170 0x12dc Detect skipped due to KSN trusted
09:42:13.0170 0x12dc NdisWan - ok
09:42:13.0232 0x12dc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:42:13.0232 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
09:42:13.0232 0x12dc NDProxy - detected LockedFile.Multi.Generic ( 1 )
09:42:15.0791 0x12dc Detect skipped due to KSN trusted
09:42:15.0791 0x12dc NDProxy - ok
09:42:15.0853 0x12dc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:42:15.0853 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
09:42:15.0869 0x12dc NetBIOS - detected LockedFile.Multi.Generic ( 1 )
09:42:18.0427 0x12dc Detect skipped due to KSN trusted
09:42:18.0427 0x12dc NetBIOS - ok
09:42:18.0489 0x12dc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:42:18.0489 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
09:42:18.0521 0x12dc NetBT - detected LockedFile.Multi.Generic ( 1 )
09:42:21.0079 0x12dc Detect skipped due to KSN trusted
09:42:21.0079 0x12dc NetBT - ok
09:42:21.0126 0x12dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
09:42:21.0157 0x12dc Netlogon - ok
09:42:21.0235 0x12dc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
09:42:21.0329 0x12dc Netman - ok
09:42:21.0391 0x12dc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:21.0438 0x12dc NetMsmqActivator - ok
09:42:21.0453 0x12dc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:21.0469 0x12dc NetPipeActivator - ok
09:42:21.0485 0x12dc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
09:42:21.0547 0x12dc netprofm - ok
09:42:21.0563 0x12dc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:21.0563 0x12dc NetTcpActivator - ok
09:42:21.0578 0x12dc [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:42:21.0594 0x12dc NetTcpPortSharing - ok
09:42:21.0625 0x12dc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:42:21.0625 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
09:42:21.0625 0x12dc nfrd960 - detected LockedFile.Multi.Generic ( 1 )
09:42:24.0183 0x12dc Detect skipped due to KSN trusted
09:42:24.0183 0x12dc nfrd960 - ok
09:42:24.0246 0x12dc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:42:24.0308 0x12dc NlaSvc - ok
09:42:24.0371 0x12dc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:42:24.0371 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
09:42:24.0371 0x12dc Npfs - detected LockedFile.Multi.Generic ( 1 )
09:42:26.0929 0x12dc Detect skipped due to KSN trusted
09:42:26.0929 0x12dc Npfs - ok
09:42:27.0007 0x12dc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
|
|
29.03.2014, 09:58
| #20 |
| | Probleme mit dem Virenscanner/schutz Teil 2: Code:
ATTFilter 09:42:27.0101 0x12dc nsi - ok
09:42:27.0116 0x12dc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:42:27.0116 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
09:42:27.0116 0x12dc nsiproxy - detected LockedFile.Multi.Generic ( 1 )
09:42:29.0675 0x12dc Detect skipped due to KSN trusted
09:42:29.0675 0x12dc nsiproxy - ok
09:42:29.0799 0x12dc [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:42:29.0799 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E
09:42:29.0799 0x12dc Ntfs - detected LockedFile.Multi.Generic ( 1 )
09:42:32.0358 0x12dc Detect skipped due to KSN trusted
09:42:32.0358 0x12dc Ntfs - ok
09:42:32.0467 0x12dc [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
09:42:32.0483 0x12dc NTI IScheduleSvc - ok
09:42:32.0545 0x12dc [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
09:42:32.0545 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NTIDrvr.sys. md5: EE3BA1024594D5D09E314F206B94069E, sha256: 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6
09:42:32.0545 0x12dc NTIDrvr - detected LockedFile.Multi.Generic ( 1 )
09:42:35.0103 0x12dc Detect skipped due to KSN trusted
09:42:35.0103 0x12dc NTIDrvr - ok
09:42:35.0150 0x12dc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
09:42:35.0150 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
09:42:35.0150 0x12dc Null - detected LockedFile.Multi.Generic ( 1 )
09:42:45.0165 0x12dc Object is SCO, delete is not allowed
09:42:45.0165 0x12dc Null ( LockedFile.Multi.Generic ) - warning
09:42:48.0410 0x12dc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:42:48.0410 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
09:42:48.0410 0x12dc nvraid - detected LockedFile.Multi.Generic ( 1 )
09:42:50.0984 0x12dc Detect skipped due to KSN trusted
09:42:50.0984 0x12dc nvraid - ok
09:42:51.0015 0x12dc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:42:51.0015 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
09:42:51.0015 0x12dc nvstor - detected LockedFile.Multi.Generic ( 1 )
09:42:53.0574 0x12dc Detect skipped due to KSN trusted
09:42:53.0574 0x12dc nvstor - ok
09:42:53.0636 0x12dc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:42:53.0636 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
09:42:53.0636 0x12dc nv_agp - detected LockedFile.Multi.Generic ( 1 )
09:42:56.0210 0x12dc Detect skipped due to KSN trusted
09:42:56.0210 0x12dc nv_agp - ok
09:42:56.0273 0x12dc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:42:56.0273 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
09:42:56.0273 0x12dc ohci1394 - detected LockedFile.Multi.Generic ( 1 )
09:42:58.0831 0x12dc Detect skipped due to KSN trusted
09:42:58.0831 0x12dc ohci1394 - ok
09:42:58.0971 0x12dc [ DA345DE3B450E9E1691E7B9956D8FFC3, 23115188E82F7D2681D697D306F64B3CC4AF43F0AFDFAB73E1BB570115B9D84E ] OMSI download service C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
09:42:59.0049 0x12dc OMSI download service - detected UnsignedFile.Multi.Generic ( 1 )
09:43:01.0608 0x12dc Detect skipped due to KSN trusted
09:43:01.0608 0x12dc OMSI download service - ok
09:43:01.0717 0x12dc [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:43:01.0748 0x12dc ose64 - ok
09:43:01.0998 0x12dc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:43:02.0216 0x12dc osppsvc - ok
09:43:02.0357 0x12dc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:43:02.0450 0x12dc p2pimsvc - ok
09:43:02.0497 0x12dc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
09:43:02.0559 0x12dc p2psvc - ok
09:43:02.0591 0x12dc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:43:02.0606 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
09:43:02.0606 0x12dc Parport - detected LockedFile.Multi.Generic ( 1 )
09:43:05.0165 0x12dc Detect skipped due to KSN trusted
09:43:05.0165 0x12dc Parport - ok
09:43:05.0227 0x12dc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:43:05.0227 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
09:43:05.0227 0x12dc partmgr - detected LockedFile.Multi.Generic ( 1 )
09:43:07.0801 0x12dc Detect skipped due to KSN trusted
09:43:07.0801 0x12dc partmgr - ok
09:43:07.0863 0x12dc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
09:43:07.0926 0x12dc PcaSvc - ok
09:43:07.0957 0x12dc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
09:43:07.0957 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
09:43:07.0957 0x12dc pci - detected LockedFile.Multi.Generic ( 1 )
09:43:10.0515 0x12dc Detect skipped due to KSN trusted
09:43:10.0515 0x12dc pci - ok
09:43:10.0578 0x12dc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
09:43:10.0593 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
09:43:10.0593 0x12dc pciide - detected LockedFile.Multi.Generic ( 1 )
09:43:13.0152 0x12dc Detect skipped due to KSN trusted
09:43:13.0152 0x12dc pciide - ok
09:43:13.0230 0x12dc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:43:13.0230 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
09:43:13.0230 0x12dc pcmcia - detected LockedFile.Multi.Generic ( 1 )
09:43:16.0069 0x12dc Detect skipped due to KSN trusted
09:43:16.0069 0x12dc pcmcia - ok
09:43:16.0116 0x12dc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
09:43:16.0116 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
09:43:16.0116 0x12dc pcw - detected LockedFile.Multi.Generic ( 1 )
09:43:18.0674 0x12dc Detect skipped due to KSN trusted
09:43:18.0674 0x12dc pcw - ok
09:43:18.0752 0x12dc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:43:18.0752 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
09:43:18.0784 0x12dc PEAUTH - detected LockedFile.Multi.Generic ( 1 )
09:43:21.0436 0x12dc Detect skipped due to KSN trusted
09:43:21.0436 0x12dc PEAUTH - ok
09:43:21.0607 0x12dc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
09:43:21.0654 0x12dc PerfHost - ok
09:43:21.0763 0x12dc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
09:43:21.0888 0x12dc pla - ok
09:43:21.0982 0x12dc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:43:22.0013 0x12dc PlugPlay - ok
09:43:22.0044 0x12dc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:43:22.0075 0x12dc PNRPAutoReg - ok
09:43:22.0122 0x12dc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:43:22.0153 0x12dc PNRPsvc - ok
09:43:22.0231 0x12dc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:43:22.0325 0x12dc PolicyAgent - ok
09:43:22.0356 0x12dc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
09:43:22.0434 0x12dc Power - ok
09:43:22.0481 0x12dc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:43:22.0481 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
09:43:22.0481 0x12dc PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
09:43:25.0039 0x12dc Detect skipped due to KSN trusted
09:43:25.0039 0x12dc PptpMiniport - ok
09:43:25.0102 0x12dc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:43:25.0102 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
09:43:25.0102 0x12dc Processor - detected LockedFile.Multi.Generic ( 1 )
09:43:27.0660 0x12dc Detect skipped due to KSN trusted
09:43:27.0660 0x12dc Processor - ok
09:43:27.0738 0x12dc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
09:43:27.0816 0x12dc ProfSvc - ok
09:43:27.0832 0x12dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
09:43:27.0847 0x12dc ProtectedStorage - ok
09:43:27.0894 0x12dc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:43:27.0894 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
09:43:27.0894 0x12dc Psched - detected LockedFile.Multi.Generic ( 1 )
09:43:30.0452 0x12dc Detect skipped due to KSN trusted
09:43:30.0452 0x12dc Psched - ok
09:43:30.0577 0x12dc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:43:30.0577 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
09:43:30.0577 0x12dc ql2300 - detected LockedFile.Multi.Generic ( 1 )
09:43:33.0136 0x12dc Detect skipped due to KSN trusted
09:43:33.0136 0x12dc ql2300 - ok
09:43:33.0182 0x12dc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:43:33.0182 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
09:43:33.0182 0x12dc ql40xx - detected LockedFile.Multi.Generic ( 1 )
09:43:35.0741 0x12dc Detect skipped due to KSN trusted
09:43:35.0741 0x12dc ql40xx - ok
09:43:35.0803 0x12dc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
09:43:35.0850 0x12dc QWAVE - ok
09:43:35.0881 0x12dc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:43:35.0881 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
09:43:35.0881 0x12dc QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
09:43:38.0440 0x12dc Detect skipped due to KSN trusted
09:43:38.0440 0x12dc QWAVEdrv - ok
09:43:38.0611 0x12dc [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
09:43:38.0642 0x12dc RapiMgr - ok
09:43:38.0674 0x12dc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:43:38.0674 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
09:43:38.0674 0x12dc RasAcd - detected LockedFile.Multi.Generic ( 1 )
09:43:41.0216 0x12dc Detect skipped due to KSN trusted
09:43:41.0216 0x12dc RasAcd - ok
09:43:41.0279 0x12dc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:43:41.0294 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
09:43:41.0294 0x12dc RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
09:43:43.0853 0x12dc Detect skipped due to KSN trusted
09:43:43.0853 0x12dc RasAgileVpn - ok
09:43:43.0931 0x12dc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
09:43:43.0993 0x12dc RasAuto - ok
09:43:44.0040 0x12dc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:43:44.0040 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
09:43:44.0040 0x12dc Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
09:43:46.0598 0x12dc Detect skipped due to KSN trusted
09:43:46.0598 0x12dc Rasl2tp - ok
09:43:46.0708 0x12dc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
09:43:46.0786 0x12dc RasMan - ok
09:43:46.0832 0x12dc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:43:46.0832 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
09:43:46.0832 0x12dc RasPppoe - detected LockedFile.Multi.Generic ( 1 )
09:43:56.0848 0x12dc Object is SCO, delete is not allowed
09:43:56.0848 0x12dc RasPppoe ( LockedFile.Multi.Generic ) - warning
09:43:56.0848 0x12dc Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\raspppoe.sys
09:44:01.0434 0x12dc Object send P2P result: true
09:44:03.0961 0x12dc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:44:03.0961 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
09:44:03.0961 0x12dc RasSstp - detected LockedFile.Multi.Generic ( 1 )
09:44:06.0520 0x12dc Detect skipped due to KSN trusted
09:44:06.0520 0x12dc RasSstp - ok
09:44:06.0598 0x12dc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:44:06.0598 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
09:44:06.0598 0x12dc rdbss - detected LockedFile.Multi.Generic ( 1 )
09:44:09.0156 0x12dc Detect skipped due to KSN trusted
09:44:09.0156 0x12dc rdbss - ok
09:44:09.0203 0x12dc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:44:09.0203 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
09:44:09.0203 0x12dc rdpbus - detected LockedFile.Multi.Generic ( 1 )
09:44:11.0761 0x12dc Detect skipped due to KSN trusted
09:44:11.0761 0x12dc rdpbus - ok
09:44:11.0824 0x12dc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:44:11.0824 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
09:44:11.0824 0x12dc RDPCDD - detected LockedFile.Multi.Generic ( 1 )
09:44:14.0382 0x12dc Detect skipped due to KSN trusted
09:44:14.0382 0x12dc RDPCDD - ok
09:44:14.0398 0x12dc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:44:14.0398 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
09:44:14.0398 0x12dc RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
09:44:16.0956 0x12dc Detect skipped due to KSN trusted
09:44:16.0956 0x12dc RDPENCDD - ok
09:44:17.0034 0x12dc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:44:17.0034 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
09:44:17.0034 0x12dc RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
09:44:19.0592 0x12dc Detect skipped due to KSN trusted
09:44:19.0592 0x12dc RDPREFMP - ok
09:44:19.0655 0x12dc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:44:19.0655 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
09:44:19.0655 0x12dc RDPWD - detected LockedFile.Multi.Generic ( 1 )
09:44:22.0213 0x12dc Detect skipped due to KSN trusted
09:44:22.0213 0x12dc RDPWD - ok
09:44:22.0307 0x12dc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:44:22.0307 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
09:44:22.0307 0x12dc rdyboost - detected LockedFile.Multi.Generic ( 1 )
09:44:24.0881 0x12dc Detect skipped due to KSN trusted
09:44:24.0881 0x12dc rdyboost - ok
09:44:24.0959 0x12dc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:44:25.0037 0x12dc RemoteAccess - ok
09:44:25.0115 0x12dc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:44:25.0208 0x12dc RemoteRegistry - ok
09:44:25.0255 0x12dc [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:44:25.0255 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932, sha256: 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D
09:44:25.0255 0x12dc RFCOMM - detected LockedFile.Multi.Generic ( 1 )
09:44:27.0814 0x12dc Detect skipped due to KSN trusted
09:44:27.0814 0x12dc RFCOMM - ok
09:44:27.0860 0x12dc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:44:27.0954 0x12dc RpcEptMapper - ok
09:44:27.0985 0x12dc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
09:44:28.0001 0x12dc RpcLocator - ok
09:44:28.0094 0x12dc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
09:44:28.0157 0x12dc RpcSs - ok
09:44:28.0204 0x12dc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:44:28.0204 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
09:44:28.0219 0x12dc rspndr - detected LockedFile.Multi.Generic ( 1 )
09:44:30.0778 0x12dc Detect skipped due to KSN trusted
09:44:30.0778 0x12dc rspndr - ok
09:44:30.0856 0x12dc [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
09:44:30.0856 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 763AE0C6D9DF4C24B7E2C26036A8188A, sha256: 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48
09:44:30.0856 0x12dc RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
09:44:33.0430 0x12dc Detect skipped due to KSN trusted
09:44:33.0430 0x12dc RSUSBSTOR - ok
09:44:33.0539 0x12dc [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
09:44:33.0539 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: D6D381B76056C668679723938F06F16C, sha256: A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341
09:44:33.0539 0x12dc RTHDMIAzAudService - detected LockedFile.Multi.Generic ( 1 )
09:44:36.0097 0x12dc Detect skipped due to KSN trusted
09:44:36.0097 0x12dc RTHDMIAzAudService - ok
09:44:36.0191 0x12dc [ 032F537623A7B2FB81AAA184C30B70C3, C9E0569322A173D62D357CEA7BFECB0CF9D5817E3AE4B46955760BF98F5D16B3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
09:44:36.0191 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017bus.sys. md5: 032F537623A7B2FB81AAA184C30B70C3, sha256: C9E0569322A173D62D357CEA7BFECB0CF9D5817E3AE4B46955760BF98F5D16B3
09:44:36.0191 0x12dc s0017bus - detected LockedFile.Multi.Generic ( 1 )
09:44:38.0749 0x12dc Detect skipped due to KSN trusted
09:44:38.0749 0x12dc s0017bus - ok
09:44:38.0843 0x12dc [ 9964A28E569B4FF105B446EF8978FD5C, 7872699B528C31E8B8699B6F8D2127440CD67A3BEAD0E5941BD58FDCD73DBE2C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
09:44:38.0843 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017mdfl.sys. md5: 9964A28E569B4FF105B446EF8978FD5C, sha256: 7872699B528C31E8B8699B6F8D2127440CD67A3BEAD0E5941BD58FDCD73DBE2C
09:44:38.0843 0x12dc s0017mdfl - detected LockedFile.Multi.Generic ( 1 )
09:44:41.0401 0x12dc Detect skipped due to KSN trusted
09:44:41.0401 0x12dc s0017mdfl - ok
09:44:41.0464 0x12dc [ 06347087D274C23DCFA8C4AB5C4314DB, 757DDAC72524EB59854A05E46A16CE2B0AF0CE1FC411110712576327D3984E91 ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
09:44:41.0464 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017mdm.sys. md5: 06347087D274C23DCFA8C4AB5C4314DB, sha256: 757DDAC72524EB59854A05E46A16CE2B0AF0CE1FC411110712576327D3984E91
09:44:41.0464 0x12dc s0017mdm - detected LockedFile.Multi.Generic ( 1 )
09:44:44.0038 0x12dc Detect skipped due to KSN trusted
09:44:44.0038 0x12dc s0017mdm - ok
09:44:44.0100 0x12dc [ F0F0747B3FA50272DE6B1BF575FA4700, FCB9007C630A0FD23CA0A8286BA9E498F6B36F1090F717B4A713286EEC4346C0 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
09:44:44.0100 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017mgmt.sys. md5: F0F0747B3FA50272DE6B1BF575FA4700, sha256: FCB9007C630A0FD23CA0A8286BA9E498F6B36F1090F717B4A713286EEC4346C0
09:44:44.0100 0x12dc s0017mgmt - detected LockedFile.Multi.Generic ( 1 )
09:44:46.0658 0x12dc Detect skipped due to KSN trusted
09:44:46.0658 0x12dc s0017mgmt - ok
09:44:46.0705 0x12dc [ 3FEADBC7F09B8B596CBFB82F12ABA87F, FBA6209893FF7C07823AB6F89FF7E36CF116C9FE202868DB4289233AF85E659A ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
09:44:46.0705 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017obex.sys. md5: 3FEADBC7F09B8B596CBFB82F12ABA87F, sha256: FBA6209893FF7C07823AB6F89FF7E36CF116C9FE202868DB4289233AF85E659A
09:44:46.0705 0x12dc s0017obex - detected LockedFile.Multi.Generic ( 1 )
09:44:49.0279 0x12dc Detect skipped due to KSN trusted
09:44:49.0279 0x12dc s0017obex - ok
09:44:49.0342 0x12dc [ 2B63BEA31D939888B2A8F3F14D89B5C1, 0C1333885DB315A63C1FAA53ED2160695F97C1B336B8DA986A48B97F39A46954 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
09:44:49.0342 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017unic.sys. md5: 2B63BEA31D939888B2A8F3F14D89B5C1, sha256: 0C1333885DB315A63C1FAA53ED2160695F97C1B336B8DA986A48B97F39A46954
09:44:49.0342 0x12dc s0017unic - detected LockedFile.Multi.Generic ( 1 )
09:44:51.0900 0x12dc Detect skipped due to KSN trusted
09:44:51.0900 0x12dc s0017unic - ok
09:44:51.0962 0x12dc [ 6C90231046FB9FC4123C42179832817F, 68161EC19787C074B9B3B3426E744FBDD637E8A72ABB51436ED83DD1554A68C6 ] s117bus C:\Windows\system32\DRIVERS\s117bus.sys
09:44:51.0962 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117bus.sys. md5: 6C90231046FB9FC4123C42179832817F, sha256: 68161EC19787C074B9B3B3426E744FBDD637E8A72ABB51436ED83DD1554A68C6
09:44:51.0962 0x12dc s117bus - detected LockedFile.Multi.Generic ( 1 )
09:44:54.0536 0x12dc Detect skipped due to KSN trusted
09:44:54.0536 0x12dc s117bus - ok
09:44:54.0599 0x12dc [ 3279341C90EF8F226AF77623039F4495, DAE52030277454601A401DBCE8ABACB9952362968C2C1D848AD594DC7CBB478D ] s117mdfl C:\Windows\system32\DRIVERS\s117mdfl.sys
09:44:54.0599 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117mdfl.sys. md5: 3279341C90EF8F226AF77623039F4495, sha256: DAE52030277454601A401DBCE8ABACB9952362968C2C1D848AD594DC7CBB478D
09:44:54.0599 0x12dc s117mdfl - detected LockedFile.Multi.Generic ( 1 )
09:44:57.0157 0x12dc Detect skipped due to KSN trusted
09:44:57.0157 0x12dc s117mdfl - ok
09:44:57.0235 0x12dc [ 73E331F555279E753B312675DDAF4516, 07592A944057B613E5BC19BE459F221423A16E792A3B0421DABE6D74A414C147 ] s117mdm C:\Windows\system32\DRIVERS\s117mdm.sys
09:44:57.0235 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117mdm.sys. md5: 73E331F555279E753B312675DDAF4516, sha256: 07592A944057B613E5BC19BE459F221423A16E792A3B0421DABE6D74A414C147
09:44:57.0235 0x12dc s117mdm - detected LockedFile.Multi.Generic ( 1 )
09:44:59.0794 0x12dc Detect skipped due to KSN trusted
09:44:59.0794 0x12dc s117mdm - ok
09:44:59.0872 0x12dc [ D420731FD2880F0F40F20771EFAAD671, 6CFE6B5FD22530A6BD55BC0E7C1BB4A3701D51F36613FAB07BB1E361C1B0A7A1 ] s117mgmt C:\Windows\system32\DRIVERS\s117mgmt.sys
09:44:59.0872 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117mgmt.sys. md5: D420731FD2880F0F40F20771EFAAD671, sha256: 6CFE6B5FD22530A6BD55BC0E7C1BB4A3701D51F36613FAB07BB1E361C1B0A7A1
09:44:59.0872 0x12dc s117mgmt - detected LockedFile.Multi.Generic ( 1 )
09:45:09.0902 0x12dc s117mgmt ( LockedFile.Multi.Generic ) - warning
09:45:09.0902 0x12dc Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\s117mgmt.sys
09:45:14.0505 0x12dc Object send P2P result: true
09:45:17.0063 0x12dc [ 98236CA5A9A77D0983AC3F6D6527C796, D27C1C123CC4FCDF2EC54C12EE1A60FBCA9252EDA3D5635A45C2CDAF5763AE9E ] s117nd5 C:\Windows\system32\DRIVERS\s117nd5.sys
09:45:17.0063 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117nd5.sys. md5: 98236CA5A9A77D0983AC3F6D6527C796, sha256: D27C1C123CC4FCDF2EC54C12EE1A60FBCA9252EDA3D5635A45C2CDAF5763AE9E
09:45:17.0063 0x12dc s117nd5 - detected LockedFile.Multi.Generic ( 1 )
09:45:19.0621 0x12dc Detect skipped due to KSN trusted
09:45:19.0621 0x12dc s117nd5 - ok
09:45:19.0684 0x12dc [ 1DD613909477AE298C98E86617EC356B, FA848B6BFB0C5313BB9AC37B0196D2B49F4AE0E8906C92624F10E602614654D3 ] s117obex C:\Windows\system32\DRIVERS\s117obex.sys
09:45:19.0684 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117obex.sys. md5: 1DD613909477AE298C98E86617EC356B, sha256: FA848B6BFB0C5313BB9AC37B0196D2B49F4AE0E8906C92624F10E602614654D3
09:45:19.0684 0x12dc s117obex - detected LockedFile.Multi.Generic ( 1 )
09:45:22.0258 0x12dc Detect skipped due to KSN trusted
09:45:22.0258 0x12dc s117obex - ok
09:45:22.0305 0x12dc [ 9A22DF5FE9B6BE279D820776A6ADB56F, 77790E331C7C10850B40EBE8FD99A536BB467935832D895D082639DAA3A86E6A ] s117unic C:\Windows\system32\DRIVERS\s117unic.sys
09:45:22.0305 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117unic.sys. md5: 9A22DF5FE9B6BE279D820776A6ADB56F, sha256: 77790E331C7C10850B40EBE8FD99A536BB467935832D895D082639DAA3A86E6A
09:45:22.0305 0x12dc s117unic - detected LockedFile.Multi.Generic ( 1 )
09:45:24.0879 0x12dc Detect skipped due to KSN trusted
09:45:24.0879 0x12dc s117unic - ok
09:45:24.0925 0x12dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
09:45:24.0957 0x12dc SamSs - ok
09:45:25.0003 0x12dc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:45:25.0003 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
09:45:25.0003 0x12dc sbp2port - detected LockedFile.Multi.Generic ( 1 )
09:45:27.0562 0x12dc Detect skipped due to KSN trusted
09:45:27.0562 0x12dc sbp2port - ok
09:45:27.0640 0x12dc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:45:27.0702 0x12dc SCardSvr - ok
09:45:27.0749 0x12dc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:45:27.0749 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
09:45:27.0749 0x12dc scfilter - detected LockedFile.Multi.Generic ( 1 )
09:45:30.0307 0x12dc Detect skipped due to KSN trusted
09:45:30.0307 0x12dc scfilter - ok
09:45:30.0417 0x12dc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
09:45:30.0526 0x12dc Schedule - ok
09:45:30.0573 0x12dc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:45:30.0604 0x12dc SCPolicySvc - ok
09:45:30.0651 0x12dc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:45:30.0697 0x12dc SDRSVC - ok
09:45:30.0760 0x12dc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:45:30.0760 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
09:45:30.0760 0x12dc secdrv - detected LockedFile.Multi.Generic ( 1 )
09:45:33.0318 0x12dc Detect skipped due to KSN trusted
09:45:33.0318 0x12dc secdrv - ok
09:45:33.0365 0x12dc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
09:45:33.0459 0x12dc seclogon - ok
09:45:33.0537 0x12dc [ EDE7A1D2715AAC2190D51DC07AFD44E3, 992EDC724AC30AAAA9164805F801A73483AC36E8D355CD523B69C4E544EB55CB ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
09:45:33.0537 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\seehcri.sys. md5: EDE7A1D2715AAC2190D51DC07AFD44E3, sha256: 992EDC724AC30AAAA9164805F801A73483AC36E8D355CD523B69C4E544EB55CB
09:45:33.0537 0x12dc seehcri - detected LockedFile.Multi.Generic ( 1 )
09:45:36.0095 0x12dc Detect skipped due to KSN trusted
09:45:36.0095 0x12dc seehcri - ok
09:45:36.0173 0x12dc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
09:45:36.0235 0x12dc SENS - ok
09:45:36.0251 0x12dc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:45:36.0313 0x12dc SensrSvc - ok
09:45:36.0329 0x12dc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:45:36.0329 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
09:45:36.0329 0x12dc Serenum - detected LockedFile.Multi.Generic ( 1 )
09:45:38.0887 0x12dc Detect skipped due to KSN trusted
09:45:38.0887 0x12dc Serenum - ok
09:45:38.0965 0x12dc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:45:38.0965 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
09:45:38.0965 0x12dc Serial - detected LockedFile.Multi.Generic ( 1 )
09:45:41.0524 0x12dc Detect skipped due to KSN trusted
09:45:41.0524 0x12dc Serial - ok
09:45:41.0602 0x12dc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:45:41.0602 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
09:45:41.0602 0x12dc sermouse - detected LockedFile.Multi.Generic ( 1 )
09:45:44.0160 0x12dc Detect skipped due to KSN trusted
09:45:44.0160 0x12dc sermouse - ok
09:45:44.0223 0x12dc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
09:45:44.0316 0x12dc SessionEnv - ok
09:45:44.0363 0x12dc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:45:44.0363 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
09:45:44.0363 0x12dc sffdisk - detected LockedFile.Multi.Generic ( 1 )
09:45:46.0921 0x12dc Detect skipped due to KSN trusted
09:45:46.0921 0x12dc sffdisk - ok
09:45:46.0968 0x12dc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:45:46.0968 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
09:45:46.0968 0x12dc sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
09:45:49.0527 0x12dc Detect skipped due to KSN trusted
09:45:49.0527 0x12dc sffp_mmc - ok
09:45:49.0573 0x12dc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:45:49.0573 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
09:45:49.0573 0x12dc sffp_sd - detected LockedFile.Multi.Generic ( 1 )
09:45:52.0132 0x12dc Detect skipped due to KSN trusted
09:45:52.0132 0x12dc sffp_sd - ok
09:45:52.0194 0x12dc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:45:52.0194 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
09:45:52.0194 0x12dc sfloppy - detected LockedFile.Multi.Generic ( 1 )
09:45:54.0753 0x12dc Detect skipped due to KSN trusted
09:45:54.0753 0x12dc sfloppy - ok
09:45:54.0862 0x12dc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:45:54.0971 0x12dc SharedAccess - ok
09:45:55.0033 0x12dc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:45:55.0111 0x12dc ShellHWDetection - ok
09:45:55.0143 0x12dc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:45:55.0143 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
09:45:55.0143 0x12dc SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
09:45:57.0717 0x12dc Detect skipped due to KSN trusted
09:45:57.0717 0x12dc SiSRaid2 - ok
09:45:57.0763 0x12dc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:45:57.0763 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
09:45:57.0763 0x12dc SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
09:46:00.0322 0x12dc Detect skipped due to KSN trusted
09:46:00.0322 0x12dc SiSRaid4 - ok
09:46:00.0400 0x12dc [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:46:00.0431 0x12dc SkypeUpdate - ok
09:46:00.0478 0x12dc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:46:00.0478 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
09:46:00.0493 0x12dc Smb - detected LockedFile.Multi.Generic ( 1 )
09:46:03.0052 0x12dc Detect skipped due to KSN trusted
09:46:03.0052 0x12dc Smb - ok
09:46:03.0130 0x12dc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:46:03.0177 0x12dc SNMPTRAP - ok
09:46:03.0177 0x12dc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
09:46:03.0177 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
09:46:03.0177 0x12dc spldr - detected LockedFile.Multi.Generic ( 1 )
09:46:05.0735 0x12dc Detect skipped due to KSN trusted
09:46:05.0735 0x12dc spldr - ok
09:46:05.0829 0x12dc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
09:46:05.0938 0x12dc Spooler - ok
09:46:06.0109 0x12dc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
09:46:06.0359 0x12dc sppsvc - ok
09:46:06.0390 0x12dc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:46:06.0437 0x12dc sppuinotify - ok
09:46:06.0531 0x12dc [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\system32\Drivers\sptd.sys
09:46:06.0531 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA
09:46:06.0531 0x12dc sptd - detected LockedFile.Multi.Generic ( 1 )
09:46:09.0089 0x12dc Detect skipped due to KSN trusted
09:46:09.0089 0x12dc sptd - ok
09:46:09.0183 0x12dc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:46:09.0183 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
09:46:09.0183 0x12dc srv - detected LockedFile.Multi.Generic ( 1 )
09:46:11.0741 0x12dc Detect skipped due to KSN trusted
09:46:11.0741 0x12dc srv - ok
09:46:11.0788 0x12dc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:46:11.0788 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
09:46:11.0788 0x12dc srv2 - detected LockedFile.Multi.Generic ( 1 )
09:46:14.0346 0x12dc Detect skipped due to KSN trusted
09:46:14.0346 0x12dc srv2 - ok
09:46:14.0393 0x12dc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:46:14.0393 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
09:46:14.0393 0x12dc srvnet - detected LockedFile.Multi.Generic ( 1 )
09:46:24.0408 0x12dc Object is SCO, delete is not allowed
09:46:24.0408 0x12dc srvnet ( LockedFile.Multi.Generic ) - warning
09:46:24.0408 0x12dc Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\srvnet.sys
09:46:30.0071 0x12dc Object send P2P result: true
09:46:32.0614 0x12dc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:46:32.0723 0x12dc SSDPSRV - ok
09:46:32.0739 0x12dc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:46:32.0801 0x12dc SstpSvc - ok
09:46:32.0848 0x12dc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:46:32.0848 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
09:46:32.0848 0x12dc stexstor - detected LockedFile.Multi.Generic ( 1 )
09:46:35.0406 0x12dc Detect skipped due to KSN trusted
09:46:35.0406 0x12dc stexstor - ok
09:46:35.0515 0x12dc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
09:46:35.0562 0x12dc stisvc - ok
09:46:35.0609 0x12dc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
09:46:35.0609 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
09:46:35.0625 0x12dc swenum - detected LockedFile.Multi.Generic ( 1 )
09:46:38.0199 0x12dc Detect skipped due to KSN trusted
09:46:38.0199 0x12dc swenum - ok
09:46:38.0277 0x12dc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
09:46:38.0370 0x12dc swprv - ok
09:46:38.0433 0x12dc [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:46:38.0433 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 064A2530A4A7C7CEC1BE6A1945645BE4, sha256: 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D
09:46:38.0433 0x12dc SynTP - detected LockedFile.Multi.Generic ( 1 )
09:46:40.0991 0x12dc Detect skipped due to KSN trusted
09:46:40.0991 0x12dc SynTP - ok
09:46:41.0131 0x12dc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
09:46:41.0225 0x12dc SysMain - ok
09:46:41.0272 0x12dc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:46:41.0334 0x12dc TabletInputService - ok
09:46:41.0381 0x12dc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
09:46:41.0459 0x12dc TapiSrv - ok
09:46:41.0506 0x12dc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
09:46:41.0599 0x12dc TBS - ok
09:46:41.0740 0x12dc [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:46:41.0740 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 9849EA3843A2ADBDD1497E97A85D8CAE, sha256: 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C
09:46:41.0755 0x12dc Tcpip - detected LockedFile.Multi.Generic ( 1 )
09:46:44.0298 0x12dc Detect skipped due to KSN trusted
09:46:44.0298 0x12dc Tcpip - ok
09:46:44.0439 0x12dc [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:46:44.0439 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 9849EA3843A2ADBDD1497E97A85D8CAE, sha256: 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C
09:46:44.0454 0x12dc TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
09:46:44.0454 0x12dc Detect skipped due to KSN trusted
09:46:44.0454 0x12dc TCPIP6 - ok
09:46:44.0501 0x12dc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:46:44.0501 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 1B16D0BD9841794A6E0CDE0CEF744ABC, sha256: 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C
09:46:44.0501 0x12dc tcpipreg - detected LockedFile.Multi.Generic ( 1 )
09:46:47.0044 0x12dc Detect skipped due to KSN trusted
09:46:47.0044 0x12dc tcpipreg - ok
09:46:47.0091 0x12dc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:46:47.0091 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
09:46:47.0091 0x12dc TDPIPE - detected LockedFile.Multi.Generic ( 1 )
09:46:49.0649 0x12dc Detect skipped due to KSN trusted
09:46:49.0649 0x12dc TDPIPE - ok
09:46:49.0696 0x12dc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:46:49.0696 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
09:46:49.0696 0x12dc TDTCP - detected LockedFile.Multi.Generic ( 1 )
09:46:52.0254 0x12dc Detect skipped due to KSN trusted
09:46:52.0254 0x12dc TDTCP - ok
09:46:52.0332 0x12dc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:46:52.0332 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
09:46:52.0332 0x12dc tdx - detected LockedFile.Multi.Generic ( 1 )
09:46:54.0891 0x12dc Detect skipped due to KSN trusted
09:46:54.0891 0x12dc tdx - ok
09:46:54.0969 0x12dc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
09:46:54.0969 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
09:46:54.0969 0x12dc TermDD - detected LockedFile.Multi.Generic ( 1 )
09:46:57.0527 0x12dc Detect skipped due to KSN trusted
09:46:57.0527 0x12dc TermDD - ok
09:46:57.0621 0x12dc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
09:46:57.0714 0x12dc TermService - ok
09:46:57.0761 0x12dc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
09:46:57.0808 0x12dc Themes - ok
09:46:57.0855 0x12dc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
09:46:57.0917 0x12dc THREADORDER - ok
09:46:57.0933 0x12dc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
09:46:57.0995 0x12dc TrkWks - ok
09:46:58.0089 0x12dc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:46:58.0182 0x12dc TrustedInstaller - ok
09:46:58.0213 0x12dc [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:46:58.0213 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30, sha256: CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC
09:46:58.0213 0x12dc tssecsrv - detected LockedFile.Multi.Generic ( 1 )
09:47:00.0772 0x12dc Detect skipped due to KSN trusted
09:47:00.0772 0x12dc tssecsrv - ok
09:47:00.0865 0x12dc [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:47:00.0865 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
09:47:00.0865 0x12dc TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
09:47:03.0439 0x12dc Detect skipped due to KSN trusted
09:47:03.0439 0x12dc TsUsbFlt - ok
09:47:03.0517 0x12dc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:47:03.0517 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
09:47:03.0517 0x12dc tunnel - detected LockedFile.Multi.Generic ( 1 )
09:47:06.0107 0x12dc Detect skipped due to KSN trusted
09:47:06.0107 0x12dc tunnel - ok
09:47:06.0169 0x12dc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:47:06.0169 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
09:47:06.0169 0x12dc uagp35 - detected LockedFile.Multi.Generic ( 1 )
09:47:08.0728 0x12dc Detect skipped due to KSN trusted
09:47:08.0728 0x12dc uagp35 - ok
09:47:08.0822 0x12dc [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
09:47:08.0822 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\UBHelper.sys. md5: A17D5E1A6DF4EAB0A480F2C490DE4C9D, sha256: 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B
09:47:08.0822 0x12dc UBHelper - detected LockedFile.Multi.Generic ( 1 )
09:47:11.0396 0x12dc Detect skipped due to KSN trusted
09:47:11.0396 0x12dc UBHelper - ok
09:47:11.0474 0x12dc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:47:11.0474 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
09:47:11.0474 0x12dc udfs - detected LockedFile.Multi.Generic ( 1 )
09:47:14.0048 0x12dc Detect skipped due to KSN trusted
09:47:14.0048 0x12dc udfs - ok
09:47:14.0094 0x12dc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:47:14.0126 0x12dc UI0Detect - ok
09:47:14.0172 0x12dc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:47:14.0172 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
09:47:14.0172 0x12dc uliagpkx - detected LockedFile.Multi.Generic ( 1 )
09:47:16.0731 0x12dc Detect skipped due to KSN trusted
09:47:16.0731 0x12dc uliagpkx - ok
09:47:16.0856 0x12dc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:47:16.0856 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
09:47:16.0871 0x12dc umbus - detected LockedFile.Multi.Generic ( 1 )
09:47:19.0430 0x12dc Detect skipped due to KSN trusted
09:47:19.0430 0x12dc umbus - ok
09:47:19.0508 0x12dc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:47:19.0508 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
09:47:19.0508 0x12dc UmPass - detected LockedFile.Multi.Generic ( 1 )
09:47:22.0082 0x12dc Detect skipped due to KSN trusted
09:47:22.0082 0x12dc UmPass - ok
09:47:22.0253 0x12dc [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
09:47:22.0316 0x12dc UNS - ok
09:47:22.0362 0x12dc [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
09:47:22.0394 0x12dc Updater Service - ok
09:47:22.0440 0x12dc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
09:47:22.0518 0x12dc upnphost - ok
09:47:22.0581 0x12dc [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
09:47:22.0581 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: FB251567F41BC61988B26731DEC19E4B, sha256: 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2
09:47:22.0581 0x12dc USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
09:47:25.0170 0x12dc Detect skipped due to KSN trusted
09:47:25.0170 0x12dc USBAAPL64 - ok
09:47:25.0217 0x12dc [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:47:25.0217 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C, sha256: 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12
09:47:25.0217 0x12dc usbccgp - detected LockedFile.Multi.Generic ( 1 )
09:47:27.0776 0x12dc Detect skipped due to KSN trusted
09:47:27.0776 0x12dc usbccgp - ok
09:47:27.0854 0x12dc [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:47:27.0854 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
09:47:27.0854 0x12dc usbcir - detected LockedFile.Multi.Generic ( 1 )
09:47:30.0412 0x12dc Detect skipped due to KSN trusted
09:47:30.0412 0x12dc usbcir - ok
09:47:30.0459 0x12dc [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\drivers\usbehci.sys
09:47:30.0459 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B, sha256: D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9
09:47:30.0459 0x12dc usbehci - detected LockedFile.Multi.Generic ( 1 )
09:47:40.0474 0x12dc Object is SCO, delete is not allowed
09:47:40.0474 0x12dc usbehci ( LockedFile.Multi.Generic ) - warning
09:47:44.0015 0x12dc [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:47:44.0015 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24, sha256: 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E
09:47:44.0046 0x12dc usbhub - detected LockedFile.Multi.Generic ( 1 )
09:47:46.0605 0x12dc Detect skipped due to KSN trusted
09:47:46.0605 0x12dc usbhub - ok
09:47:46.0652 0x12dc [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:47:46.0652 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31, sha256: 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0
09:47:46.0652 0x12dc usbohci - detected LockedFile.Multi.Generic ( 1 )
09:47:49.0226 0x12dc Detect skipped due to KSN trusted
09:47:49.0226 0x12dc usbohci - ok
09:47:49.0288 0x12dc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:47:49.0288 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
09:47:49.0288 0x12dc usbprint - detected LockedFile.Multi.Generic ( 1 )
09:47:51.0831 0x12dc Detect skipped due to KSN trusted
09:47:51.0831 0x12dc usbprint - ok
09:47:51.0893 0x12dc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:47:51.0893 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
09:47:51.0893 0x12dc USBSTOR - detected LockedFile.Multi.Generic ( 1 )
09:47:54.0467 0x12dc Detect skipped due to KSN trusted
09:47:54.0467 0x12dc USBSTOR - ok
09:47:54.0530 0x12dc [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
09:47:54.0530 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD, sha256: C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25
09:47:54.0530 0x12dc usbuhci - detected LockedFile.Multi.Generic ( 1 )
09:47:57.0088 0x12dc Detect skipped due to KSN trusted
09:47:57.0088 0x12dc usbuhci - ok
09:47:57.0182 0x12dc [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:47:57.0182 0x12dc Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50, sha256: 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44
09:47:57.0182 0x12dc usbvideo - detected LockedFile.Multi.Generic ( 1 )
09:47:59.0740 0x12dc Detect skipped due to KSN trusted
09:47:59.0740 0x12dc usbvideo - ok
09:47:59.0802 0x12dc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
09:47:59.0896 0x12dc UxSms - ok
09:47:59.0927 0x12dc [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
09:47:59.0943 0x12dc VaultSvc - ok
09:47:59.0974 0x12dc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:47:59.0974 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
09:48:00.0005 0x12dc vdrvroot - detected LockedFile.Multi.Generic ( 1 )
09:48:02.0564 0x12dc Detect skipped due to KSN trusted
09:48:02.0564 0x12dc vdrvroot - ok
09:48:02.0657 0x12dc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
09:48:02.0766 0x12dc vds - ok
09:48:02.0829 0x12dc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:48:02.0829 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
09:48:02.0844 0x12dc vga - detected LockedFile.Multi.Generic ( 1 )
09:48:05.0403 0x12dc Detect skipped due to KSN trusted
09:48:05.0403 0x12dc vga - ok
09:48:05.0450 0x12dc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:48:05.0450 0x12dc Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
09:48:05.0450 0x12dc VgaSave - detected LockedFile.Multi.Generic ( 1 )
09:48:08.0008 0x12dc Detect skipped due to KSN trusted
09:48:08.0008 0x12dc VgaSave - ok
09:48:08.0086 0x12dc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:48:08.0086 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
09:48:08.0086 0x12dc vhdmp - detected LockedFile.Multi.Generic ( 1 )
09:48:10.0644 0x12dc Detect skipped due to KSN trusted
09:48:10.0644 0x12dc vhdmp - ok
09:48:10.0707 0x12dc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
09:48:10.0707 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
09:48:10.0707 0x12dc viaide - detected LockedFile.Multi.Generic ( 1 )
09:48:13.0281 0x12dc Detect skipped due to KSN trusted
09:48:13.0281 0x12dc viaide - ok
09:48:13.0343 0x12dc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:48:13.0343 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
09:48:13.0343 0x12dc volmgr - detected LockedFile.Multi.Generic ( 1 )
09:48:15.0917 0x12dc Detect skipped due to KSN trusted
09:48:15.0917 0x12dc volmgr - ok
09:48:15.0995 0x12dc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:48:15.0995 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
09:48:15.0995 0x12dc volmgrx - detected LockedFile.Multi.Generic ( 1 )
09:48:18.0554 0x12dc Detect skipped due to KSN trusted
09:48:18.0554 0x12dc volmgrx - ok
09:48:18.0632 0x12dc [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:48:18.0632 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
09:48:18.0632 0x12dc volsnap - detected LockedFile.Multi.Generic ( 1 )
09:48:21.0190 0x12dc Detect skipped due to KSN trusted
09:48:21.0190 0x12dc volsnap - ok
09:48:21.0252 0x12dc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:48:21.0252 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
09:48:21.0252 0x12dc vsmraid - detected LockedFile.Multi.Generic ( 1 )
09:48:23.0795 0x12dc Detect skipped due to KSN trusted
09:48:23.0795 0x12dc vsmraid - ok
09:48:23.0920 0x12dc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
09:48:24.0045 0x12dc VSS - ok
09:48:24.0045 0x12dc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:48:24.0045 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
09:48:24.0045 0x12dc vwifibus - detected LockedFile.Multi.Generic ( 1 )
09:48:26.0604 0x12dc Detect skipped due to KSN trusted
09:48:26.0604 0x12dc vwifibus - ok
09:48:26.0651 0x12dc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:48:26.0651 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
09:48:26.0651 0x12dc vwififlt - detected LockedFile.Multi.Generic ( 1 )
09:48:29.0287 0x12dc Detect skipped due to KSN trusted
09:48:29.0287 0x12dc vwififlt - ok
09:48:29.0334 0x12dc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:48:29.0334 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
09:48:29.0334 0x12dc vwifimp - detected LockedFile.Multi.Generic ( 1 )
09:48:31.0908 0x12dc Detect skipped due to KSN trusted
09:48:31.0908 0x12dc vwifimp - ok
09:48:31.0986 0x12dc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
09:48:32.0095 0x12dc W32Time - ok
09:48:32.0111 0x12dc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:48:32.0111 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
09:48:32.0111 0x12dc WacomPen - detected LockedFile.Multi.Generic ( 1 )
09:48:34.0669 0x12dc Detect skipped due to KSN trusted
09:48:34.0669 0x12dc WacomPen - ok
09:48:34.0747 0x12dc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:48:34.0747 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
09:48:34.0747 0x12dc WANARP - detected LockedFile.Multi.Generic ( 1 )
09:48:37.0306 0x12dc Detect skipped due to KSN trusted
09:48:37.0306 0x12dc WANARP - ok
09:48:37.0337 0x12dc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:48:37.0337 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
09:48:37.0337 0x12dc Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
09:48:37.0337 0x12dc Detect skipped due to KSN trusted
09:48:37.0337 0x12dc Wanarpv6 - ok
09:48:37.0462 0x12dc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:48:37.0555 0x12dc WatAdminSvc - ok
09:48:37.0649 0x12dc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
09:48:37.0743 0x12dc wbengine - ok
09:48:37.0789 0x12dc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:48:37.0821 0x12dc WbioSrvc - ok
09:48:37.0899 0x12dc [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
09:48:37.0930 0x12dc WcesComm - ok
09:48:37.0961 0x12dc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:48:38.0023 0x12dc wcncsvc - ok
09:48:38.0039 0x12dc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:48:38.0117 0x12dc WcsPlugInService - ok
09:48:38.0164 0x12dc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:48:38.0164 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
09:48:38.0164 0x12dc Wd - detected LockedFile.Multi.Generic ( 1 )
09:48:40.0722 0x12dc Detect skipped due to KSN trusted
09:48:40.0722 0x12dc Wd - ok
09:48:40.0831 0x12dc [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:48:40.0831 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 442783E2CB0DA19873B7A63833FF4CB4, sha256: 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F
09:48:40.0831 0x12dc Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
09:48:43.0390 0x12dc Detect skipped due to KSN trusted
09:48:43.0390 0x12dc Wdf01000 - ok
09:48:43.0452 0x12dc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:48:43.0546 0x12dc WdiServiceHost - ok
09:48:43.0561 0x12dc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:48:43.0593 0x12dc WdiSystemHost - ok
09:48:43.0639 0x12dc [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
09:48:43.0717 0x12dc WebClient - ok
09:48:43.0764 0x12dc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:48:43.0873 0x12dc Wecsvc - ok
09:48:43.0905 0x12dc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:48:43.0967 0x12dc wercplsupport - ok
09:48:44.0014 0x12dc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
09:48:44.0076 0x12dc WerSvc - ok
09:48:44.0123 0x12dc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:48:44.0123 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
09:48:44.0139 0x12dc WfpLwf - detected LockedFile.Multi.Generic ( 1 )
09:48:54.0154 0x12dc WfpLwf ( LockedFile.Multi.Generic ) - warning
09:48:54.0154 0x12dc Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\wfplwf.sys
09:48:58.0787 0x12dc Object send P2P result: true
09:49:01.0299 0x12dc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:49:01.0299 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
09:49:01.0299 0x12dc WIMMount - detected LockedFile.Multi.Generic ( 1 )
09:49:03.0873 0x12dc Detect skipped due to KSN trusted
09:49:03.0873 0x12dc WIMMount - ok
09:49:03.0966 0x12dc WinDefend - ok
09:49:03.0982 0x12dc WinHttpAutoProxySvc - ok
09:49:04.0060 0x12dc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:49:04.0185 0x12dc Winmgmt - ok
09:49:04.0325 0x12dc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
09:49:04.0450 0x12dc WinRM - ok
09:49:04.0559 0x12dc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:49:04.0559 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
09:49:04.0559 0x12dc WinUsb - detected LockedFile.Multi.Generic ( 1 )
09:49:07.0118 0x12dc Detect skipped due to KSN trusted
09:49:07.0118 0x12dc WinUsb - ok
09:49:07.0211 0x12dc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:49:07.0258 0x12dc Wlansvc - ok
09:49:07.0476 0x12dc [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:49:07.0539 0x12dc wlidsvc - ok
09:49:07.0601 0x12dc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:49:07.0601 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
09:49:07.0601 0x12dc WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
09:49:10.0175 0x12dc Detect skipped due to KSN trusted
09:49:10.0175 0x12dc WmiAcpi - ok
09:49:10.0253 0x12dc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:49:10.0316 0x12dc wmiApSrv - ok
09:49:10.0347 0x12dc WMPNetworkSvc - ok
09:49:10.0394 0x12dc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:49:10.0425 0x12dc WPCSvc - ok
09:49:10.0456 0x12dc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:49:10.0503 0x12dc WPDBusEnum - ok
09:49:10.0534 0x12dc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:49:10.0534 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
09:49:10.0534 0x12dc ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
09:49:13.0092 0x12dc Detect skipped due to KSN trusted
09:49:13.0092 0x12dc ws2ifsl - ok
09:49:13.0170 0x12dc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
09:49:13.0248 0x12dc wscsvc - ok
09:49:13.0295 0x12dc [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
09:49:13.0295 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 8D918B1DB190A4D9B1753A66FA8C96E8, sha256: DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE
09:49:13.0295 0x12dc WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
09:49:15.0854 0x12dc Detect skipped due to KSN trusted
09:49:15.0854 0x12dc WSDPrintDevice - ok
09:49:15.0916 0x12dc [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
09:49:15.0916 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDScan.sys. md5: 4A2A5C50DD1A63577D3ACA94269FBC7F, sha256: F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047
09:49:15.0916 0x12dc WSDScan - detected LockedFile.Multi.Generic ( 1 )
09:49:18.0490 0x12dc Detect skipped due to KSN trusted
09:49:18.0490 0x12dc WSDScan - ok
09:49:18.0506 0x12dc WSearch - ok
09:49:18.0662 0x12dc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
09:49:18.0786 0x12dc wuauserv - ok
09:49:18.0833 0x12dc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:49:18.0833 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6
09:49:18.0833 0x12dc WudfPf - detected LockedFile.Multi.Generic ( 1 )
09:49:21.0392 0x12dc Detect skipped due to KSN trusted
09:49:21.0392 0x12dc WudfPf - ok
09:49:21.0470 0x12dc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:49:21.0470 0x12dc Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978
09:49:21.0470 0x12dc WUDFRd - detected LockedFile.Multi.Generic ( 1 )
09:49:24.0012 0x12dc Detect skipped due to KSN trusted
09:49:24.0012 0x12dc WUDFRd - ok
09:49:24.0075 0x12dc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:49:24.0153 0x12dc wudfsvc - ok
09:49:24.0215 0x12dc [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:49:24.0309 0x12dc WwanSvc - ok
09:49:24.0402 0x12dc ================ Scan global ===============================
09:49:24.0434 0x12dc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
09:49:24.0496 0x12dc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
09:49:24.0512 0x12dc [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
09:49:24.0543 0x12dc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
09:49:24.0574 0x12dc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
09:49:24.0574 0x12dc [ Global ] - ok
09:49:24.0574 0x12dc ================ Scan MBR ==================================
09:49:24.0605 0x12dc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:49:25.0104 0x12dc \Device\Harddisk0\DR0 - ok
09:49:25.0104 0x12dc ================ Scan VBR ==================================
09:49:25.0120 0x12dc [ 5FAA6B590057CE7E6C4833D451512C91 ] \Device\Harddisk0\DR0\Partition1
09:49:25.0167 0x12dc \Device\Harddisk0\DR0\Partition1 - ok
09:49:25.0198 0x12dc [ D49881AFAB9F756E045C58CEE7FB5F34 ] \Device\Harddisk0\DR0\Partition2
09:49:25.0214 0x12dc \Device\Harddisk0\DR0\Partition2 - ok
09:49:25.0214 0x12dc Waiting for KSN requests completion. In queue: 2
09:49:26.0228 0x12dc Waiting for KSN requests completion. In queue: 2
09:49:27.0242 0x12dc Waiting for KSN requests completion. In queue: 2
09:49:28.0349 0x12dc AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x40010 ( disabled : outofdate )
09:49:28.0412 0x12dc Win FW state via NFP2: enabled
09:49:30.0876 0x12dc ============================================================
09:49:30.0876 0x12dc Scan finished
09:49:30.0876 0x12dc ============================================================
09:49:30.0892 0x12d4 Detected object count: 10
09:49:30.0892 0x12d4 Actual detected object count: 10
09:51:24.0117 0x12d4 af45d0f59a6a795 ( Rootkit.Win32.Necurs.gen ) - skipped by user
09:51:24.0133 0x12d4 af45d0f59a6a795 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip
09:51:24.0133 0x12d4 i8042prt ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 i8042prt ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 LSI_SAS2 ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 LSI_SAS2 ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 MSPCLOCK ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 MSPCLOCK ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 Null ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 Null ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 RasPppoe ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 RasPppoe ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 s117mgmt ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 s117mgmt ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 srvnet ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 srvnet ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 usbehci ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 usbehci ( LockedFile.Multi.Generic ) - User select action: Skip
09:51:24.0133 0x12d4 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
09:51:24.0133 0x12d4 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
|
|
29.03.2014, 12:48
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit dem Virenscanner/schutzZitat:
__________________ --> Probleme mit dem Virenscanner/schutz |
|
29.03.2014, 15:06
| #22 |
| | Probleme mit dem Virenscanner/schutz Wieder gesplitet, Teil 1: Code:
ATTFilter 14:46:08.0922 0x0960 TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
14:46:11.0247 0x0960 ============================================================
14:46:11.0247 0x0960 Current date / time: 2014/03/29 14:46:11.0247
14:46:11.0247 0x0960 SystemInfo:
14:46:11.0247 0x0960
14:46:11.0247 0x0960 OS Version: 6.1.7601 ServicePack: 1.0
14:46:11.0247 0x0960 Product type: Workstation
14:46:11.0247 0x0960 ComputerName: DANIEL-PC
14:46:11.0247 0x0960 UserName: Daniel
14:46:11.0247 0x0960 Windows directory: C:\Windows
14:46:11.0247 0x0960 System windows directory: C:\Windows
14:46:11.0247 0x0960 Running under WOW64
14:46:11.0247 0x0960 Processor architecture: Intel x64
14:46:11.0247 0x0960 Number of processors: 4
14:46:11.0247 0x0960 Page size: 0x1000
14:46:11.0247 0x0960 Boot type: Normal boot
14:46:11.0247 0x0960 ============================================================
14:46:11.0247 0x0960 BG loaded
14:46:11.0356 0x0960 System UUID: {EAE129F4-5D34-3278-CED2-689D74B81AE2}
14:46:11.0715 0x0960 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:46:11.0715 0x0960 ============================================================
14:46:11.0715 0x0960 \Device\Harddisk0\DR0:
14:46:11.0715 0x0960 MBR partitions:
14:46:11.0715 0x0960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
14:46:11.0715 0x0960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
14:46:11.0715 0x0960 ============================================================
14:46:11.0746 0x0960 C: <-> \Device\Harddisk0\DR0\Partition2
14:46:11.0746 0x0960 ============================================================
14:46:11.0746 0x0960 Initialize success
14:46:11.0746 0x0960 ============================================================
14:46:17.0346 0x13c0 ============================================================
14:46:17.0346 0x13c0 Scan started
14:46:17.0346 0x13c0 Mode: Manual; SigCheck; TDLFS;
14:46:17.0346 0x13c0 ============================================================
14:46:17.0346 0x13c0 KSN ping started
14:46:31.0230 0x13c0 KSN ping finished: true
14:46:31.0667 0x13c0 ================ Scan system memory ========================
14:46:31.0667 0x13c0 System memory - ok
14:46:31.0667 0x13c0 ================ Scan services =============================
14:46:31.0870 0x13c0 0292681395908944mcinstcleanup - ok
14:46:32.0042 0x13c0 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:46:32.0104 0x13c0 1394ohci - ok
14:46:32.0182 0x13c0 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:46:32.0198 0x13c0 ACPI - ok
14:46:32.0276 0x13c0 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:46:32.0307 0x13c0 AcpiPmi - ok
14:46:32.0525 0x13c0 [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:46:32.0541 0x13c0 AdobeFlashPlayerUpdateSvc - ok
14:46:32.0619 0x13c0 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:46:32.0650 0x13c0 adp94xx - ok
14:46:32.0697 0x13c0 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:46:32.0712 0x13c0 adpahci - ok
14:46:32.0775 0x13c0 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:46:32.0790 0x13c0 adpu320 - ok
14:46:32.0837 0x13c0 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:46:32.0884 0x13c0 AeLookupSvc - ok
14:46:32.0915 0x13c0 Suspicious service (NoAccess): af45d0f59a6a795
14:46:32.0962 0x13c0 [ B1F752C4040087F88B0908BB3676900F, 7E9B8B26EF650826686CF235E79BB6A893B6D4EEE4F7F9C48917AB32051070C7 ] af45d0f59a6a795 C:\Windows\System32\Drivers\af45d0f59a6a795.sys
14:46:32.0962 0x13c0 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\af45d0f59a6a795.sys. md5: B1F752C4040087F88B0908BB3676900F, sha256: 7E9B8B26EF650826686CF235E79BB6A893B6D4EEE4F7F9C48917AB32051070C7
14:46:32.0978 0x13c0 af45d0f59a6a795 - detected Rootkit.Win32.Necurs.gen ( 0 )
14:46:35.0583 0x13c0 af45d0f59a6a795 ( Rootkit.Win32.Necurs.gen ) - infected
14:46:35.0583 0x13c0 Force sending object to P2P due to detect: C:\Windows\System32\Drivers\af45d0f59a6a795.sys
14:46:38.0219 0x13c0 Object send P2P result: true
14:46:41.0074 0x13c0 [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
14:46:41.0105 0x13c0 AFD - ok
14:46:41.0152 0x13c0 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
14:46:41.0183 0x13c0 agp440 - ok
14:46:41.0214 0x13c0 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
14:46:41.0230 0x13c0 ALG - ok
14:46:41.0277 0x13c0 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
14:46:41.0292 0x13c0 aliide - ok
14:46:41.0339 0x13c0 [ FF779F9DE1CDF477033858B7681CEDA8, F190057C680F41BEF49FA7BE26A5827C124EC0BFE19D3E21ED93A3287E732D99 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:46:41.0370 0x13c0 AMD External Events Utility - ok
14:46:41.0386 0x13c0 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
14:46:41.0402 0x13c0 amdide - ok
14:46:41.0448 0x13c0 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:46:41.0464 0x13c0 AmdK8 - ok
14:46:41.0729 0x13c0 [ EF2B99DCEE397B45F50594696D7B5339, 568BD4AFD14C32A1602AE98D00A6C05372C0AE48D17CBC9257272A57F72E69D4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:46:41.0979 0x13c0 amdkmdag - ok
14:46:42.0041 0x13c0 [ 239DCE60BEE6E1576C803948AB4D54C5, BC346ACD57E9BDBBC4C659B1C9CB4D696A42B2AB3DBC387A169C89D11D15A673 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:46:42.0057 0x13c0 amdkmdap - ok
14:46:42.0072 0x13c0 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:46:42.0088 0x13c0 AmdPPM - ok
14:46:42.0150 0x13c0 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:46:42.0166 0x13c0 amdsata - ok
14:46:42.0213 0x13c0 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:46:42.0228 0x13c0 amdsbs - ok
14:46:42.0244 0x13c0 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:46:42.0260 0x13c0 amdxata - ok
14:46:42.0306 0x13c0 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
14:46:42.0353 0x13c0 AppID - ok
14:46:42.0384 0x13c0 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:46:42.0431 0x13c0 AppIDSvc - ok
14:46:42.0509 0x13c0 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
14:46:42.0525 0x13c0 Appinfo - ok
14:46:42.0696 0x13c0 [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:46:42.0696 0x13c0 Apple Mobile Device - ok
14:46:42.0759 0x13c0 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:46:42.0774 0x13c0 arc - ok
14:46:42.0806 0x13c0 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:46:42.0821 0x13c0 arcsas - ok
14:46:42.0977 0x13c0 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:46:42.0993 0x13c0 aspnet_state - ok
14:46:43.0040 0x13c0 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:46:43.0071 0x13c0 AsyncMac - ok
14:46:43.0133 0x13c0 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
14:46:43.0149 0x13c0 atapi - ok
14:46:43.0211 0x13c0 [ 1C60A629AD4FFD06D80CD522B92CDB7C, 68F45BC4B0BA505548E2191677C74B1B6291E56765987347F7EAAF1C8C761A97 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
14:46:43.0211 0x13c0 AthBTPort - ok
14:46:43.0320 0x13c0 [ A31F72621C938048CBA02E82542F0715, 2C9EBCCA819A11FF2A9141D069B2ABE0CA4A2F374B842B4AA24790931126E4C1 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
14:46:43.0320 0x13c0 AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:46:45.0879 0x13c0 Detect skipped due to KSN trusted
14:46:45.0879 0x13c0 AtherosSvc - ok
14:46:46.0004 0x13c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:46:46.0066 0x13c0 AudioEndpointBuilder - ok
14:46:46.0113 0x13c0 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:46:46.0175 0x13c0 AudioSrv - ok
14:46:46.0269 0x13c0 [ BE5047191368D2C014202AB2775768B7, 5EC5B88B7FA7F9A9A6A665FD8638A3DF8030D6CD72C15C53CC3C34A88C1B9B27 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
14:46:46.0284 0x13c0 Avgdiska - ok
14:46:47.0283 0x13c0 [ 9D5EA7BD5E29F404CD158AED17B40A15, BC38F90AD8BBB51C27D9D325E400DF10B8A8BE34A497A7207F2E73E46E9AB3EE ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
14:46:47.0454 0x13c0 AVGIDSAgent - ok
14:46:47.0564 0x13c0 [ EE48CA8AB25E2B0EE3D3E5A463C5A37E, 06A0AF4CB8D3715701ABD272E42F7CCF406C61AF838F5F53A7F6630D4A600905 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
14:46:47.0579 0x13c0 AVGIDSDriver - ok
14:46:47.0657 0x13c0 [ 494D668B4CB866A1D6835E5F01B13EF1, A2989DB82F31F9B30E4DC1F814BD0D7E286B33DB033C63796E2020BD18648EF3 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
14:46:47.0673 0x13c0 AVGIDSHA - ok
14:46:47.0766 0x13c0 [ 4BE8BB177B4C2BC3564845EF6D1073F1, 4ACA54EA54F5ABA96A73BD83C0C5A83C37090FEB7CBE67AE94E9CD3E364931C8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
14:46:47.0782 0x13c0 Avgldx64 - ok
14:46:47.0844 0x13c0 [ D3772CC086FB81F76B5A82C85E1C7C8E, B1BEFD7AC658F28AECEF5468F5815504BDDC8A4203207B6F0CA53C5B216F782D ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
14:46:47.0860 0x13c0 Avgloga - ok
14:46:47.0891 0x13c0 [ A0BCE5DC2C1F1EE5C1CA19A33375AC23, 517663AEDD7A45607E17910DE60B2847E521472F9C0AB56034617BE2F351DE8D ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
14:46:47.0907 0x13c0 Avgmfx64 - ok
14:46:47.0954 0x13c0 [ 12FAAF366975B2BF2E93F1866C0E480D, 559480A1434E6805CF4F3DB5352E98387053194BB7B0DB18099B53D306D9951D ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
14:46:47.0954 0x13c0 Avgrkx64 - ok
14:46:48.0032 0x13c0 [ 4E364FABBD147F59E5D524C9EA86D772, 5D2B1E35EDBF68C23C5BF38B8B7AC484E3430219E0072C4831F58A9E8386A5FD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
14:46:48.0063 0x13c0 Avgtdia - ok
14:46:48.0141 0x13c0 [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
14:46:48.0156 0x13c0 avgwd - ok
14:46:48.0219 0x13c0 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:46:48.0234 0x13c0 AxInstSV - ok
14:46:48.0297 0x13c0 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:46:48.0359 0x13c0 b06bdrv - ok
14:46:48.0422 0x13c0 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:46:48.0453 0x13c0 b57nd60a - ok
14:46:48.0624 0x13c0 [ 2D659B569A76CDB83B815675A80D7096, 8246BD350017B6CBADA4BBDBAB8B708B0A8F1AD5ADD4B2DE1BA610B4A188C262 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:46:48.0827 0x13c0 BCM43XX - ok
14:46:48.0874 0x13c0 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
14:46:48.0890 0x13c0 BDESVC - ok
14:46:48.0952 0x13c0 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
14:46:48.0999 0x13c0 Beep - ok
14:46:49.0077 0x13c0 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
14:46:49.0155 0x13c0 BFE - ok
14:46:49.0233 0x13c0 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
14:46:49.0326 0x13c0 BITS - ok
14:46:49.0373 0x13c0 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:46:49.0389 0x13c0 blbdrive - ok
14:46:49.0436 0x13c0 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:46:49.0467 0x13c0 bowser - ok
14:46:49.0514 0x13c0 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:46:49.0529 0x13c0 BrFiltLo - ok
14:46:49.0529 0x13c0 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:46:49.0560 0x13c0 BrFiltUp - ok
14:46:49.0592 0x13c0 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:46:49.0638 0x13c0 BridgeMP - ok
14:46:49.0685 0x13c0 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
14:46:49.0701 0x13c0 Browser - ok
14:46:49.0748 0x13c0 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:46:49.0763 0x13c0 Brserid - ok
14:46:49.0779 0x13c0 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:46:49.0794 0x13c0 BrSerWdm - ok
14:46:49.0841 0x13c0 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:46:49.0857 0x13c0 BrUsbMdm - ok
14:46:49.0872 0x13c0 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:46:49.0888 0x13c0 BrUsbSer - ok
14:46:49.0950 0x13c0 [ 89F5586E80B42CA4E98B3EFDAFCAD1B8, FDBD3B5455A7F4F0F680A18AE925B971E9F19626EDAAB79C3AFCD48E047D1A34 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
14:46:49.0966 0x13c0 BTATH_A2DP - ok
14:46:50.0013 0x13c0 [ BC14A513C0120919A019E18061FACA46, BFD4A0D3AAEFC797E2DC34A51A098BB7F48672E7F3238D346CF090A43B711EEB ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
14:46:50.0013 0x13c0 BTATH_BUS - ok
14:46:50.0075 0x13c0 [ 76E867C34242D16E3418AA9A9430D96A, 9F0FDE76CD51D5F9C8500CB4123448F58FD180EBEB24FE9723E0E3F06E5531BB ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:46:50.0091 0x13c0 BTATH_HCRP - ok
14:46:50.0122 0x13c0 [ 6409827297DAF3699643E9F6EC5C2CD2, BA1945AFABCDBB0147A54992E808C25FF729C55294D5E9393014C5203A8AE26B ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:46:50.0138 0x13c0 BTATH_LWFLT - ok
14:46:50.0184 0x13c0 [ 2B53167C52A1730A59EDFD3C83DEFF70, 3E327AEEB3EF22B9BEFF1E7F59F1739CC62C9CD0E33300402AA11E83131BF88B ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
14:46:50.0200 0x13c0 BTATH_RCP - ok
14:46:50.0262 0x13c0 [ 832B121E4532919CC49F2438F1DCAA21, 70FFDD505A64D3CF03220D6422EDD47CA2E0DF711BBF2ED057F32A688CB2E2E8 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
14:46:50.0278 0x13c0 BthAvrcp - ok
14:46:50.0340 0x13c0 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
14:46:50.0372 0x13c0 BthEnum - ok
14:46:50.0418 0x13c0 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:46:50.0450 0x13c0 BTHMODEM - ok
14:46:50.0481 0x13c0 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:46:50.0512 0x13c0 BthPan - ok
14:46:50.0590 0x13c0 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:46:50.0668 0x13c0 BTHPORT - ok
14:46:50.0730 0x13c0 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
14:46:50.0777 0x13c0 bthserv - ok
14:46:50.0840 0x13c0 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:46:50.0855 0x13c0 BTHUSB - ok
14:46:50.0886 0x13c0 catchme - ok
14:46:50.0933 0x13c0 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:46:50.0980 0x13c0 cdfs - ok
14:46:51.0042 0x13c0 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:46:51.0074 0x13c0 cdrom - ok
14:46:51.0136 0x13c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
14:46:51.0183 0x13c0 CertPropSvc - ok
14:46:51.0245 0x13c0 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:46:51.0261 0x13c0 circlass - ok
14:46:51.0323 0x13c0 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
14:46:51.0339 0x13c0 CLFS - ok
14:46:51.0417 0x13c0 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:51.0432 0x13c0 clr_optimization_v2.0.50727_32 - ok
14:46:51.0448 0x13c0 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:46:51.0464 0x13c0 clr_optimization_v2.0.50727_64 - ok
14:46:51.0588 0x13c0 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:51.0604 0x13c0 clr_optimization_v4.0.30319_32 - ok
14:46:51.0651 0x13c0 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:46:51.0666 0x13c0 clr_optimization_v4.0.30319_64 - ok
14:46:51.0698 0x13c0 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:46:51.0713 0x13c0 CmBatt - ok
14:46:51.0729 0x13c0 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:46:51.0744 0x13c0 cmdide - ok
14:46:51.0807 0x13c0 [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
14:46:51.0854 0x13c0 CNG - ok
14:46:51.0900 0x13c0 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:46:51.0916 0x13c0 Compbatt - ok
14:46:51.0978 0x13c0 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:46:51.0994 0x13c0 CompositeBus - ok
14:46:52.0025 0x13c0 COMSysApp - ok
14:46:52.0041 0x13c0 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:46:52.0056 0x13c0 crcdisk - ok
14:46:52.0103 0x13c0 [ D8129C49798CBBFB2E4351D4B7B8EF9C, 7C125DBA3F88E7C6D98AE0869EDB7995360904A913923528ABD0429B2608C313 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:46:52.0134 0x13c0 CryptSvc - ok
14:46:52.0197 0x13c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:46:52.0259 0x13c0 DcomLaunch - ok
14:46:52.0290 0x13c0 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
14:46:52.0353 0x13c0 defragsvc - ok
14:46:52.0400 0x13c0 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:46:52.0446 0x13c0 DfsC - ok
14:46:52.0524 0x13c0 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:46:52.0556 0x13c0 Dhcp - ok
14:46:52.0587 0x13c0 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
14:46:52.0634 0x13c0 discache - ok
14:46:52.0712 0x13c0 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:46:52.0727 0x13c0 Disk - ok
14:46:52.0821 0x13c0 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:46:52.0836 0x13c0 Dnscache - ok
14:46:52.0930 0x13c0 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
14:46:52.0992 0x13c0 dot3svc - ok
14:46:53.0039 0x13c0 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
14:46:53.0086 0x13c0 DPS - ok
14:46:53.0133 0x13c0 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:46:53.0148 0x13c0 drmkaud - ok
14:46:53.0242 0x13c0 [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
14:46:53.0258 0x13c0 DsiWMIService - ok
14:46:53.0336 0x13c0 [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:46:53.0398 0x13c0 DXGKrnl - ok
14:46:53.0445 0x13c0 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
14:46:53.0507 0x13c0 EapHost - ok
14:46:53.0632 0x13c0 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:46:53.0835 0x13c0 ebdrv - ok
14:46:53.0944 0x13c0 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
14:46:53.0975 0x13c0 EFS - ok
14:46:54.0069 0x13c0 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:46:54.0131 0x13c0 ehRecvr - ok
14:46:54.0162 0x13c0 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
14:46:54.0194 0x13c0 ehSched - ok
14:46:54.0240 0x13c0 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:46:54.0272 0x13c0 elxstor - ok
14:46:54.0381 0x13c0 [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
14:46:54.0443 0x13c0 ePowerSvc - ok
14:46:54.0552 0x13c0 [ 7DB097F4F6786307168C0DDDEC43A565, 963C0D3D88FB4BF9C2FBCB296B03603E2F8AA8B4E8976162842863B7538C1A9F ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
14:46:54.0584 0x13c0 EPSON_EB_RPCV4_04 - ok
14:46:54.0599 0x13c0 [ 258AA65A0862E19B7DE6981FDA3758AD, C090F19BEDC2CFB0B5265BCE48BD52102E06CBC15EEFE4CDB747D44F2E42D545 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
14:46:54.0615 0x13c0 EPSON_PM_RPCV4_04 - ok
14:46:54.0662 0x13c0 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:46:54.0693 0x13c0 ErrDev - ok
14:46:54.0771 0x13c0 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
14:46:54.0818 0x13c0 EventSystem - ok
14:46:54.0849 0x13c0 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
14:46:54.0911 0x13c0 exfat - ok
14:46:54.0927 0x13c0 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:46:54.0974 0x13c0 fastfat - ok
14:46:55.0052 0x13c0 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
14:46:55.0114 0x13c0 Fax - ok
14:46:55.0161 0x13c0 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:46:55.0176 0x13c0 fdc - ok
14:46:55.0208 0x13c0 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
14:46:55.0239 0x13c0 fdPHost - ok
14:46:55.0254 0x13c0 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
14:46:55.0301 0x13c0 FDResPub - ok
14:46:55.0317 0x13c0 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:46:55.0332 0x13c0 FileInfo - ok
14:46:55.0364 0x13c0 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:46:55.0410 0x13c0 Filetrace - ok
14:46:55.0785 0x13c0 [ 923B1F7EA2A3DE6790D9193FFC355A4D, 36EC6DD4D36AA65A32D924CBC6DD448A2CB9E915395BE621004B858786E86CB4 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
14:46:56.0144 0x13c0 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
14:46:58.0686 0x13c0 Detect skipped due to KSN trusted
14:46:58.0686 0x13c0 FirebirdServerDefaultInstance - ok
14:46:58.0842 0x13c0 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:46:58.0889 0x13c0 FLEXnet Licensing Service - ok
14:46:58.0936 0x13c0 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:46:58.0952 0x13c0 flpydisk - ok
14:46:58.0998 0x13c0 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:46:59.0014 0x13c0 FltMgr - ok
14:46:59.0108 0x13c0 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
14:46:59.0154 0x13c0 FontCache - ok
14:46:59.0248 0x13c0 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:46:59.0248 0x13c0 FontCache3.0.0.0 - ok
14:46:59.0279 0x13c0 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:46:59.0295 0x13c0 FsDepends - ok
14:46:59.0326 0x13c0 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:46:59.0342 0x13c0 Fs_Rec - ok
14:46:59.0404 0x13c0 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:46:59.0435 0x13c0 fvevol - ok
14:46:59.0482 0x13c0 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:46:59.0498 0x13c0 gagp30kx - ok
14:46:59.0560 0x13c0 [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:46:59.0576 0x13c0 GEARAspiWDM - ok
14:46:59.0638 0x13c0 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
14:46:59.0716 0x13c0 gpsvc - ok
14:46:59.0763 0x13c0 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
14:46:59.0778 0x13c0 GREGService - ok
14:46:59.0903 0x13c0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:46:59.0903 0x13c0 gupdate - ok
14:46:59.0934 0x13c0 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:46:59.0950 0x13c0 gupdatem - ok
14:46:59.0966 0x13c0 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
14:46:59.0981 0x13c0 hamachi - ok
14:47:00.0012 0x13c0 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:47:00.0075 0x13c0 hcw85cir - ok
14:47:00.0137 0x13c0 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:47:00.0184 0x13c0 HdAudAddService - ok
14:47:00.0231 0x13c0 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:47:00.0278 0x13c0 HDAudBus - ok
14:47:00.0324 0x13c0 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:47:00.0340 0x13c0 HECIx64 - ok
14:47:00.0371 0x13c0 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:00.0371 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
14:47:00.0371 0x13c0 HidBatt - detected LockedFile.Multi.Generic ( 1 )
14:47:02.0914 0x13c0 Detect skipped due to KSN trusted
14:47:02.0914 0x13c0 HidBatt - ok
14:47:02.0961 0x13c0 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:47:03.0008 0x13c0 HidBth - ok
14:47:03.0039 0x13c0 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:47:03.0070 0x13c0 HidIr - ok
14:47:03.0117 0x13c0 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
14:47:03.0164 0x13c0 hidserv - ok
14:47:03.0242 0x13c0 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:47:03.0257 0x13c0 HidUsb - ok
14:47:03.0304 0x13c0 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:47:03.0351 0x13c0 hkmsvc - ok
14:47:03.0398 0x13c0 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:47:03.0429 0x13c0 HomeGroupListener - ok
14:47:03.0476 0x13c0 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:47:03.0491 0x13c0 HomeGroupProvider - ok
14:47:03.0569 0x13c0 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:47:03.0569 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
14:47:03.0569 0x13c0 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
14:47:06.0096 0x13c0 Detect skipped due to KSN trusted
14:47:06.0096 0x13c0 HpSAMD - ok
14:47:06.0159 0x13c0 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:47:06.0159 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
14:47:06.0159 0x13c0 HTTP - detected LockedFile.Multi.Generic ( 1 )
14:47:08.0703 0x13c0 Detect skipped due to KSN trusted
14:47:08.0703 0x13c0 HTTP - ok
14:47:08.0765 0x13c0 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:47:08.0765 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
14:47:08.0765 0x13c0 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
14:47:11.0292 0x13c0 Detect skipped due to KSN trusted
14:47:11.0292 0x13c0 hwpolicy - ok
14:47:11.0386 0x13c0 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:47:11.0386 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
14:47:11.0386 0x13c0 i8042prt - detected LockedFile.Multi.Generic ( 1 )
14:47:13.0898 0x13c0 Detect skipped due to KSN trusted
14:47:13.0898 0x13c0 i8042prt - ok
14:47:14.0007 0x13c0 [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:47:14.0007 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1384872112E8E7FD5786ECEB8BDDF4C9, sha256: DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02
14:47:14.0022 0x13c0 iaStor - detected LockedFile.Multi.Generic ( 1 )
14:47:16.0565 0x13c0 Detect skipped due to KSN trusted
14:47:16.0565 0x13c0 iaStor - ok
14:47:16.0643 0x13c0 [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:47:16.0659 0x13c0 IAStorDataMgrSvc - ok
14:47:16.0706 0x13c0 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:47:16.0706 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: AAAF44DB3BD0B9D1FB6969B23ECC8366, sha256: 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385
14:47:16.0706 0x13c0 iaStorV - detected LockedFile.Multi.Generic ( 1 )
14:47:19.0248 0x13c0 Detect skipped due to KSN trusted
14:47:19.0248 0x13c0 iaStorV - ok
14:47:19.0389 0x13c0 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:47:19.0389 0x13c0 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:47:21.0932 0x13c0 Detect skipped due to KSN trusted
14:47:21.0932 0x13c0 IDriverT - ok
14:47:22.0041 0x13c0 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:47:22.0088 0x13c0 idsvc - ok
14:47:22.0134 0x13c0 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:47:22.0134 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
14:47:22.0134 0x13c0 iirsp - detected LockedFile.Multi.Generic ( 1 )
14:47:24.0693 0x13c0 Detect skipped due to KSN trusted
14:47:24.0693 0x13c0 iirsp - ok
14:47:24.0771 0x13c0 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
14:47:24.0849 0x13c0 IKEEXT - ok
14:47:24.0989 0x13c0 [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:47:24.0989 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 235362D403D9D677514649D88DB31914, sha256: 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965
14:47:24.0989 0x13c0 IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
14:47:27.0532 0x13c0 Detect skipped due to KSN trusted
14:47:27.0532 0x13c0 IntcAzAudAddService - ok
14:47:27.0594 0x13c0 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
14:47:27.0594 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
14:47:27.0594 0x13c0 intelide - detected LockedFile.Multi.Generic ( 1 )
14:47:30.0137 0x13c0 Detect skipped due to KSN trusted
14:47:30.0137 0x13c0 intelide - ok
14:47:30.0215 0x13c0 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:47:30.0215 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
14:47:30.0246 0x13c0 intelppm - detected LockedFile.Multi.Generic ( 1 )
14:47:40.0262 0x13c0 Object is SCO, delete is not allowed
14:47:40.0262 0x13c0 intelppm ( LockedFile.Multi.Generic ) - warning
14:47:44.0740 0x13c0 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:47:44.0787 0x13c0 IPBusEnum - ok
14:47:44.0833 0x13c0 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:47:44.0833 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
14:47:44.0833 0x13c0 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
14:47:47.0376 0x13c0 Detect skipped due to KSN trusted
14:47:47.0376 0x13c0 IpFilterDriver - ok
14:47:47.0485 0x13c0 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:47:47.0517 0x13c0 iphlpsvc - ok
14:47:47.0579 0x13c0 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:47:47.0579 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
14:47:47.0579 0x13c0 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
14:47:50.0153 0x13c0 Detect skipped due to KSN trusted
14:47:50.0153 0x13c0 IPMIDRV - ok
14:47:50.0215 0x13c0 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:47:50.0215 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
14:47:50.0215 0x13c0 IPNAT - detected LockedFile.Multi.Generic ( 1 )
14:47:52.0727 0x13c0 Detect skipped due to KSN trusted
14:47:52.0727 0x13c0 IPNAT - ok
14:47:52.0852 0x13c0 [ 50D6CCC6FF5561F9F56946B3E6164FB8, 27529E751D3CB13B651B54474F04A17DF5737AD0170CD41F601E779F90603D11 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:47:52.0899 0x13c0 iPod Service - ok
14:47:52.0945 0x13c0 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:47:52.0945 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
14:47:52.0945 0x13c0 IRENUM - detected LockedFile.Multi.Generic ( 1 )
14:47:55.0488 0x13c0 Detect skipped due to KSN trusted
14:47:55.0488 0x13c0 IRENUM - ok
14:47:55.0551 0x13c0 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:47:55.0551 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
14:47:55.0551 0x13c0 isapnp - detected LockedFile.Multi.Generic ( 1 )
14:47:58.0093 0x13c0 Detect skipped due to KSN trusted
14:47:58.0093 0x13c0 isapnp - ok
14:47:58.0156 0x13c0 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:47:58.0156 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
14:47:58.0156 0x13c0 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
14:48:00.0699 0x13c0 Detect skipped due to KSN trusted
14:48:00.0699 0x13c0 iScsiPrt - ok
14:48:00.0777 0x13c0 [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
14:48:00.0777 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\k57nd60a.sys. md5: 37E053A2CF8F0082B689ED74106E0CEC, sha256: 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7
14:48:00.0777 0x13c0 k57nd60a - detected LockedFile.Multi.Generic ( 1 )
14:48:03.0335 0x13c0 Detect skipped due to KSN trusted
14:48:03.0335 0x13c0 k57nd60a - ok
14:48:03.0413 0x13c0 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:03.0413 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
14:48:03.0413 0x13c0 kbdclass - detected LockedFile.Multi.Generic ( 1 )
14:48:05.0940 0x13c0 Detect skipped due to KSN trusted
14:48:05.0940 0x13c0 kbdclass - ok
14:48:06.0049 0x13c0 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:48:06.0049 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
14:48:06.0049 0x13c0 kbdhid - detected LockedFile.Multi.Generic ( 1 )
14:48:08.0561 0x13c0 Detect skipped due to KSN trusted
14:48:08.0561 0x13c0 kbdhid - ok
14:48:08.0592 0x13c0 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
14:48:08.0608 0x13c0 KeyIso - ok
14:48:08.0670 0x13c0 [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:48:08.0670 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 97A7070AEA4C058B6418519E869A63B4, sha256: 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8
14:48:08.0670 0x13c0 KSecDD - detected LockedFile.Multi.Generic ( 1 )
14:48:11.0182 0x13c0 Detect skipped due to KSN trusted
14:48:11.0182 0x13c0 KSecDD - ok
14:48:11.0244 0x13c0 [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:48:11.0244 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 26C43A7C2862447EC59DEDA188D1DA07, sha256: 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B
14:48:11.0244 0x13c0 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
14:48:13.0756 0x13c0 Detect skipped due to KSN trusted
14:48:13.0756 0x13c0 KSecPkg - ok
14:48:13.0818 0x13c0 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:48:13.0818 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
14:48:13.0818 0x13c0 ksthunk - detected LockedFile.Multi.Generic ( 1 )
14:48:16.0345 0x13c0 Detect skipped due to KSN trusted
14:48:16.0345 0x13c0 ksthunk - ok
14:48:16.0408 0x13c0 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
14:48:16.0470 0x13c0 KtmRm - ok
14:48:16.0517 0x13c0 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:48:16.0564 0x13c0 LanmanServer - ok
14:48:16.0626 0x13c0 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:48:16.0673 0x13c0 LanmanWorkstation - ok
14:48:16.0720 0x13c0 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:48:16.0720 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
14:48:16.0720 0x13c0 lltdio - detected LockedFile.Multi.Generic ( 1 )
14:48:19.0263 0x13c0 Detect skipped due to KSN trusted
14:48:19.0263 0x13c0 lltdio - ok
14:48:19.0325 0x13c0 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:48:19.0372 0x13c0 lltdsvc - ok
14:48:19.0403 0x13c0 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:48:19.0450 0x13c0 lmhosts - ok
14:48:19.0543 0x13c0 [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:48:19.0559 0x13c0 LMS - ok
14:48:19.0606 0x13c0 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:48:19.0606 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
14:48:19.0606 0x13c0 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
14:48:22.0180 0x13c0 Detect skipped due to KSN trusted
14:48:22.0180 0x13c0 LSI_FC - ok
14:48:22.0227 0x13c0 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:48:22.0227 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
14:48:22.0227 0x13c0 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
14:48:24.0738 0x13c0 Detect skipped due to KSN trusted
14:48:24.0738 0x13c0 LSI_SAS - ok
14:48:24.0769 0x13c0 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:48:24.0769 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
14:48:24.0769 0x13c0 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
14:48:27.0468 0x13c0 Detect skipped due to KSN trusted
14:48:27.0468 0x13c0 LSI_SAS2 - ok
14:48:27.0546 0x13c0 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:48:27.0546 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
14:48:27.0546 0x13c0 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
14:48:30.0073 0x13c0 Detect skipped due to KSN trusted
14:48:30.0073 0x13c0 LSI_SCSI - ok
14:48:30.0120 0x13c0 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
14:48:30.0120 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
14:48:30.0120 0x13c0 luafv - detected LockedFile.Multi.Generic ( 1 )
14:48:32.0663 0x13c0 Detect skipped due to KSN trusted
14:48:32.0663 0x13c0 luafv - ok
14:48:32.0757 0x13c0 [ CD51E1D0D638F1E07A6EDC98CD7F5DDA, 360AC29DFE46C96BB41045DE325729397F17912DBAF83D5119EBD2A3A8C9A5FB ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
14:48:32.0757 0x13c0 mbamchameleon - ok
14:48:32.0835 0x13c0 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:48:32.0850 0x13c0 Mcx2Svc - ok
14:48:32.0881 0x13c0 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:48:32.0881 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
14:48:32.0881 0x13c0 megasas - detected LockedFile.Multi.Generic ( 1 )
14:48:35.0409 0x13c0 Detect skipped due to KSN trusted
14:48:35.0409 0x13c0 megasas - ok
14:48:35.0455 0x13c0 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:48:35.0455 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
14:48:35.0455 0x13c0 MegaSR - detected LockedFile.Multi.Generic ( 1 )
14:48:37.0937 0x13c0 Detect skipped due to KSN trusted
14:48:37.0937 0x13c0 MegaSR - ok
14:48:38.0047 0x13c0 Microsoft SharePoint Workspace Audit Service - ok
14:48:38.0078 0x13c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
14:48:38.0125 0x13c0 MMCSS - ok
14:48:38.0140 0x13c0 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
14:48:38.0140 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
14:48:38.0156 0x13c0 Modem - detected LockedFile.Multi.Generic ( 1 )
14:48:40.0683 0x13c0 Detect skipped due to KSN trusted
14:48:40.0683 0x13c0 Modem - ok
14:48:40.0730 0x13c0 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:48:40.0730 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
14:48:40.0730 0x13c0 monitor - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0257 0x13c0 Detect skipped due to KSN trusted
14:48:43.0257 0x13c0 monitor - ok
14:48:43.0319 0x13c0 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:48:43.0319 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
14:48:43.0319 0x13c0 mouclass - detected LockedFile.Multi.Generic ( 1 )
14:48:53.0335 0x13c0 Object is SCO, delete is not allowed
14:48:53.0335 0x13c0 mouclass ( LockedFile.Multi.Generic ) - warning
14:48:53.0335 0x13c0 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\mouclass.sys
14:48:56.0923 0x13c0 Object send P2P result: true
14:48:59.0419 0x13c0 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:48:59.0419 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
14:48:59.0419 0x13c0 mouhid - detected LockedFile.Multi.Generic ( 1 )
14:49:01.0946 0x13c0 Detect skipped due to KSN trusted
14:49:01.0946 0x13c0 mouhid - ok
14:49:02.0008 0x13c0 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:49:02.0008 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
14:49:02.0008 0x13c0 mountmgr - detected LockedFile.Multi.Generic ( 1 )
14:49:04.0551 0x13c0 Detect skipped due to KSN trusted
14:49:04.0551 0x13c0 mountmgr - ok
14:49:04.0598 0x13c0 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
14:49:04.0598 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
14:49:04.0598 0x13c0 mpio - detected LockedFile.Multi.Generic ( 1 )
14:49:07.0125 0x13c0 Detect skipped due to KSN trusted
14:49:07.0125 0x13c0 mpio - ok
14:49:07.0172 0x13c0 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:49:07.0172 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
14:49:07.0172 0x13c0 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
14:49:09.0699 0x13c0 Detect skipped due to KSN trusted
14:49:09.0699 0x13c0 mpsdrv - ok
14:49:09.0855 0x13c0 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:49:09.0964 0x13c0 MpsSvc - ok
14:49:09.0996 0x13c0 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:49:09.0996 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
14:49:09.0996 0x13c0 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
14:49:12.0538 0x13c0 Detect skipped due to KSN trusted
14:49:12.0538 0x13c0 MRxDAV - ok
14:49:12.0601 0x13c0 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:49:12.0601 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
14:49:12.0601 0x13c0 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
14:49:15.0144 0x13c0 Detect skipped due to KSN trusted
14:49:15.0144 0x13c0 mrxsmb - ok
14:49:15.0206 0x13c0 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:49:15.0206 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
14:49:15.0206 0x13c0 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
14:49:17.0733 0x13c0 Detect skipped due to KSN trusted
14:49:17.0733 0x13c0 mrxsmb10 - ok
14:49:17.0796 0x13c0 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:49:17.0796 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
14:49:17.0796 0x13c0 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
14:49:20.0323 0x13c0 Detect skipped due to KSN trusted
14:49:20.0323 0x13c0 mrxsmb20 - ok
14:49:20.0385 0x13c0 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
14:49:20.0385 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
14:49:20.0385 0x13c0 msahci - detected LockedFile.Multi.Generic ( 1 )
14:49:22.0912 0x13c0 Detect skipped due to KSN trusted
14:49:22.0912 0x13c0 msahci - ok
14:49:22.0959 0x13c0 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:49:22.0959 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
14:49:22.0959 0x13c0 msdsm - detected LockedFile.Multi.Generic ( 1 )
14:49:25.0502 0x13c0 Detect skipped due to KSN trusted
14:49:25.0502 0x13c0 msdsm - ok
14:49:25.0549 0x13c0 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
14:49:25.0596 0x13c0 MSDTC - ok
14:49:25.0642 0x13c0 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:49:25.0642 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
14:49:25.0642 0x13c0 Msfs - detected LockedFile.Multi.Generic ( 1 )
14:49:28.0185 0x13c0 Detect skipped due to KSN trusted
14:49:28.0185 0x13c0 Msfs - ok
14:49:28.0232 0x13c0 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:49:28.0232 0x13c0 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
14:49:28.0232 0x13c0 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
14:49:30.0759 0x13c0 Detect skipped due to KSN trusted
14:49:30.0759 0x13c0 mshidkmdf - ok
14:49:30.0806 0x13c0 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:49:30.0806 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
14:49:30.0806 0x13c0 msisadrv - detected LockedFile.Multi.Generic ( 1 )
14:49:33.0333 0x13c0 Detect skipped due to KSN trusted
14:49:33.0333 0x13c0 msisadrv - ok
14:49:33.0396 0x13c0 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:49:33.0442 0x13c0 MSiSCSI - ok
14:49:33.0458 0x13c0 msiserver - ok
14:49:33.0489 0x13c0 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:49:33.0489 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
14:49:33.0489 0x13c0 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
14:49:36.0016 0x13c0 Detect skipped due to KSN trusted
14:49:36.0016 0x13c0 MSKSSRV - ok
14:49:36.0110 0x13c0 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:49:36.0110 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
14:49:36.0110 0x13c0 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
14:49:38.0622 0x13c0 Detect skipped due to KSN trusted
14:49:38.0622 0x13c0 MSPCLOCK - ok
14:49:38.0637 0x13c0 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:49:38.0637 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
14:49:38.0637 0x13c0 MSPQM - detected LockedFile.Multi.Generic ( 1 )
14:49:41.0149 0x13c0 Detect skipped due to KSN trusted
14:49:41.0149 0x13c0 MSPQM - ok
14:49:41.0211 0x13c0 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:49:41.0211 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
14:49:41.0211 0x13c0 MsRPC - detected LockedFile.Multi.Generic ( 1 )
14:49:43.0738 0x13c0 Detect skipped due to KSN trusted
14:49:43.0738 0x13c0 MsRPC - ok
14:49:43.0801 0x13c0 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:49:43.0801 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
14:49:43.0801 0x13c0 mssmbios - detected LockedFile.Multi.Generic ( 1 )
14:49:46.0312 0x13c0 Detect skipped due to KSN trusted
14:49:46.0312 0x13c0 mssmbios - ok
14:49:46.0375 0x13c0 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:49:46.0375 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
14:49:46.0375 0x13c0 MSTEE - detected LockedFile.Multi.Generic ( 1 )
14:49:48.0886 0x13c0 Detect skipped due to KSN trusted
14:49:48.0886 0x13c0 MSTEE - ok
14:49:48.0933 0x13c0 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:49:48.0933 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
14:49:48.0933 0x13c0 MTConfig - detected LockedFile.Multi.Generic ( 1 )
14:49:51.0476 0x13c0 Detect skipped due to KSN trusted
14:49:51.0476 0x13c0 MTConfig - ok
14:49:51.0523 0x13c0 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
14:49:51.0538 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
14:49:51.0538 0x13c0 Mup - detected LockedFile.Multi.Generic ( 1 )
14:49:54.0050 0x13c0 Detect skipped due to KSN trusted
14:49:54.0050 0x13c0 Mup - ok
14:49:54.0112 0x13c0 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
14:49:54.0175 0x13c0 napagent - ok
14:49:54.0222 0x13c0 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:49:54.0222 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
14:49:54.0222 0x13c0 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
14:49:56.0749 0x13c0 Detect skipped due to KSN trusted
14:49:56.0749 0x13c0 NativeWifiP - ok
14:49:56.0952 0x13c0 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B, 5D568AD63FC8D24439C3DEA7AF5240BBEE8136542FDE7030816795F8D7A5EC73 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
14:49:56.0998 0x13c0 NBService - detected UnsignedFile.Multi.Generic ( 1 )
14:50:06.0999 0x13c0 NBService ( UnsignedFile.Multi.Generic ) - warning
14:50:10.0571 0x13c0 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
14:50:10.0571 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 760E38053BF56E501D562B70AD796B88, sha256: F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D
14:50:10.0571 0x13c0 NDIS - detected LockedFile.Multi.Generic ( 1 )
14:50:13.0099 0x13c0 Detect skipped due to KSN trusted
14:50:13.0099 0x13c0 NDIS - ok
14:50:13.0161 0x13c0 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:13.0161 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
14:50:13.0161 0x13c0 NdisCap - detected LockedFile.Multi.Generic ( 1 )
14:50:15.0673 0x13c0 Detect skipped due to KSN trusted
14:50:15.0673 0x13c0 NdisCap - ok
14:50:15.0735 0x13c0 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:15.0735 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
14:50:15.0735 0x13c0 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
14:50:18.0262 0x13c0 Detect skipped due to KSN trusted
14:50:18.0262 0x13c0 NdisTapi - ok
14:50:18.0371 0x13c0 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:18.0371 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
14:50:18.0371 0x13c0 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
14:50:20.0883 0x13c0 Detect skipped due to KSN trusted
14:50:20.0883 0x13c0 Ndisuio - ok
14:50:20.0930 0x13c0 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:20.0930 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
14:50:20.0930 0x13c0 NdisWan - detected LockedFile.Multi.Generic ( 1 )
14:50:23.0457 0x13c0 Detect skipped due to KSN trusted
14:50:23.0457 0x13c0 NdisWan - ok
14:50:23.0504 0x13c0 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:50:23.0504 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
14:50:23.0504 0x13c0 NDProxy - detected LockedFile.Multi.Generic ( 1 )
14:50:26.0031 0x13c0 Detect skipped due to KSN trusted
14:50:26.0031 0x13c0 NDProxy - ok
14:50:26.0093 0x13c0 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:50:26.0093 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
14:50:26.0093 0x13c0 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
14:50:28.0621 0x13c0 Detect skipped due to KSN trusted
14:50:28.0621 0x13c0 NetBIOS - ok
14:50:28.0714 0x13c0 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:50:28.0714 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
14:50:28.0730 0x13c0 NetBT - detected LockedFile.Multi.Generic ( 1 )
14:50:31.0257 0x13c0 Detect skipped due to KSN trusted
14:50:31.0257 0x13c0 NetBT - ok
14:50:31.0304 0x13c0 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
14:50:31.0319 0x13c0 Netlogon - ok
14:50:31.0366 0x13c0 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
14:50:31.0429 0x13c0 Netman - ok
14:50:31.0475 0x13c0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:31.0491 0x13c0 NetMsmqActivator - ok
14:50:31.0491 0x13c0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:31.0522 0x13c0 NetPipeActivator - ok
14:50:31.0538 0x13c0 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
14:50:31.0600 0x13c0 netprofm - ok
14:50:31.0616 0x13c0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:31.0631 0x13c0 NetTcpActivator - ok
14:50:31.0631 0x13c0 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:50:31.0647 0x13c0 NetTcpPortSharing - ok
14:50:31.0694 0x13c0 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:50:31.0694 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
14:50:31.0694 0x13c0 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
14:50:34.0205 0x13c0 Detect skipped due to KSN trusted
14:50:34.0205 0x13c0 nfrd960 - ok
14:50:34.0268 0x13c0 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:50:34.0299 0x13c0 NlaSvc - ok
14:50:34.0393 0x13c0 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:50:34.0393 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
14:50:34.0393 0x13c0 Npfs - detected LockedFile.Multi.Generic ( 1 )
14:50:36.0925 0x13c0 Detect skipped due to KSN trusted
14:50:36.0925 0x13c0 Npfs - ok
14:50:36.0957 0x13c0 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
14:50:37.0003 0x13c0 nsi - ok
14:50:37.0019 0x13c0 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:50:37.0019 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
14:50:37.0019 0x13c0 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
14:50:39.0546 0x13c0 Detect skipped due to KSN trusted
14:50:39.0546 0x13c0 nsiproxy - ok
14:50:39.0655 0x13c0 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:50:39.0655 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E
14:50:39.0671 0x13c0 Ntfs - detected LockedFile.Multi.Generic ( 1 )
14:50:42.0183 0x13c0 Detect skipped due to KSN trusted
14:50:42.0183 0x13c0 Ntfs - ok
14:50:42.0292 0x13c0 [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
14:50:42.0307 0x13c0 NTI IScheduleSvc - ok
14:50:42.0339 0x13c0 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
14:50:42.0339 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NTIDrvr.sys. md5: EE3BA1024594D5D09E314F206B94069E, sha256: 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6
14:50:42.0339 0x13c0 NTIDrvr - detected LockedFile.Multi.Generic ( 1 )
14:50:44.0866 0x13c0 Detect skipped due to KSN trusted
14:50:44.0866 0x13c0 NTIDrvr - ok
14:50:44.0913 0x13c0 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
14:50:44.0913 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
14:50:44.0913 0x13c0 Null - detected LockedFile.Multi.Generic ( 1 )
14:50:47.0440 0x13c0 Detect skipped due to KSN trusted
14:50:47.0440 0x13c0 Null - ok
14:50:47.0518 0x13c0 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:50:47.0518 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 0A92CB65770442ED0DC44834632F66AD, sha256: 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7
14:50:47.0518 0x13c0 nvraid - detected LockedFile.Multi.Generic ( 1 )
14:50:50.0045 0x13c0 Detect skipped due to KSN trusted
14:50:50.0045 0x13c0 nvraid - ok
14:50:50.0092 0x13c0 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:50:50.0092 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: DAB0E87525C10052BF65F06152F37E4A, sha256: AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37
14:50:50.0092 0x13c0 nvstor - detected LockedFile.Multi.Generic ( 1 )
14:50:53.0290 0x13c0 Detect skipped due to KSN trusted
14:50:53.0290 0x13c0 nvstor - ok
14:50:53.0337 0x13c0 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:50:53.0337 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
14:50:53.0352 0x13c0 nv_agp - detected LockedFile.Multi.Generic ( 1 )
14:50:55.0864 0x13c0 Detect skipped due to KSN trusted
14:50:55.0864 0x13c0 nv_agp - ok
14:50:55.0926 0x13c0 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:50:55.0926 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
14:50:55.0926 0x13c0 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
14:50:58.0438 0x13c0 Detect skipped due to KSN trusted
14:50:58.0438 0x13c0 ohci1394 - ok
14:50:58.0563 0x13c0 [ DA345DE3B450E9E1691E7B9956D8FFC3, 23115188E82F7D2681D697D306F64B3CC4AF43F0AFDFAB73E1BB570115B9D84E ] OMSI download service C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
14:50:58.0578 0x13c0 OMSI download service - detected UnsignedFile.Multi.Generic ( 1 )
14:51:01.0090 0x13c0 Detect skipped due to KSN trusted
14:51:01.0090 0x13c0 OMSI download service - ok
14:51:01.0215 0x13c0 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:51:01.0230 0x13c0 ose64 - ok
14:51:01.0449 0x13c0 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:51:01.0652 0x13c0 osppsvc - ok
14:51:01.0745 0x13c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:51:01.0761 0x13c0 p2pimsvc - ok
14:51:01.0792 0x13c0 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
14:51:01.0839 0x13c0 p2psvc - ok
14:51:01.0854 0x13c0 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:51:01.0854 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
14:51:01.0854 0x13c0 Parport - detected LockedFile.Multi.Generic ( 1 )
14:51:04.0382 0x13c0 Detect skipped due to KSN trusted
14:51:04.0382 0x13c0 Parport - ok
|
|
29.03.2014, 15:08
| #23 |
| | Probleme mit dem Virenscanner/schutz Teil 2: Code:
ATTFilter 14:51:04.0428 0x13c0 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:51:04.0428 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
14:51:04.0428 0x13c0 partmgr - detected LockedFile.Multi.Generic ( 1 )
14:51:06.0971 0x13c0 Detect skipped due to KSN trusted
14:51:06.0971 0x13c0 partmgr - ok
14:51:06.0987 0x13c0 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
14:51:07.0018 0x13c0 PcaSvc - ok
14:51:07.0065 0x13c0 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
14:51:07.0065 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
14:51:07.0065 0x13c0 pci - detected LockedFile.Multi.Generic ( 1 )
14:51:09.0576 0x13c0 Detect skipped due to KSN trusted
14:51:09.0576 0x13c0 pci - ok
14:51:09.0639 0x13c0 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
14:51:09.0639 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
14:51:09.0639 0x13c0 pciide - detected LockedFile.Multi.Generic ( 1 )
14:51:19.0654 0x13c0 Object is SCO, delete is not allowed
14:51:19.0654 0x13c0 pciide ( LockedFile.Multi.Generic ) - warning
14:51:19.0654 0x13c0 Force sending object to P2P due to detect: C:\Windows\system32\drivers\pciide.sys
14:51:23.0273 0x13c0 Object send P2P result: true
14:51:25.0769 0x13c0 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:51:25.0769 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
14:51:25.0769 0x13c0 pcmcia - detected LockedFile.Multi.Generic ( 1 )
14:51:28.0281 0x13c0 Detect skipped due to KSN trusted
14:51:28.0281 0x13c0 pcmcia - ok
14:51:28.0328 0x13c0 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
14:51:28.0328 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
14:51:28.0328 0x13c0 pcw - detected LockedFile.Multi.Generic ( 1 )
14:51:30.0839 0x13c0 Detect skipped due to KSN trusted
14:51:30.0839 0x13c0 pcw - ok
14:51:30.0902 0x13c0 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:51:30.0902 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
14:51:30.0917 0x13c0 PEAUTH - detected LockedFile.Multi.Generic ( 1 )
14:51:33.0429 0x13c0 Detect skipped due to KSN trusted
14:51:33.0429 0x13c0 PEAUTH - ok
14:51:33.0569 0x13c0 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:51:33.0585 0x13c0 PerfHost - ok
14:51:33.0694 0x13c0 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
14:51:33.0803 0x13c0 pla - ok
14:51:33.0881 0x13c0 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:51:33.0912 0x13c0 PlugPlay - ok
14:51:33.0928 0x13c0 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:51:33.0944 0x13c0 PNRPAutoReg - ok
14:51:33.0975 0x13c0 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:51:34.0006 0x13c0 PNRPsvc - ok
14:51:34.0053 0x13c0 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:51:34.0131 0x13c0 PolicyAgent - ok
14:51:34.0162 0x13c0 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
14:51:34.0224 0x13c0 Power - ok
14:51:34.0287 0x13c0 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:51:34.0287 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
14:51:34.0287 0x13c0 PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
14:51:36.0814 0x13c0 Detect skipped due to KSN trusted
14:51:36.0814 0x13c0 PptpMiniport - ok
14:51:36.0876 0x13c0 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:51:36.0876 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
14:51:36.0876 0x13c0 Processor - detected LockedFile.Multi.Generic ( 1 )
14:51:39.0404 0x13c0 Detect skipped due to KSN trusted
14:51:39.0404 0x13c0 Processor - ok
14:51:39.0466 0x13c0 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
14:51:39.0497 0x13c0 ProfSvc - ok
14:51:39.0497 0x13c0 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
14:51:39.0513 0x13c0 ProtectedStorage - ok
14:51:39.0575 0x13c0 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:51:39.0575 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
14:51:39.0575 0x13c0 Psched - detected LockedFile.Multi.Generic ( 1 )
14:51:42.0102 0x13c0 Detect skipped due to KSN trusted
14:51:42.0102 0x13c0 Psched - ok
14:51:42.0196 0x13c0 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:51:42.0196 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
14:51:42.0212 0x13c0 ql2300 - detected LockedFile.Multi.Generic ( 1 )
14:51:44.0723 0x13c0 Detect skipped due to KSN trusted
14:51:44.0723 0x13c0 ql2300 - ok
14:51:44.0770 0x13c0 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:51:44.0770 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
14:51:44.0770 0x13c0 ql40xx - detected LockedFile.Multi.Generic ( 1 )
14:51:47.0391 0x13c0 Detect skipped due to KSN trusted
14:51:47.0391 0x13c0 ql40xx - ok
14:51:47.0469 0x13c0 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
14:51:47.0484 0x13c0 QWAVE - ok
14:51:47.0516 0x13c0 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:51:47.0516 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
14:51:47.0516 0x13c0 QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
14:51:50.0058 0x13c0 Detect skipped due to KSN trusted
14:51:50.0058 0x13c0 QWAVEdrv - ok
14:51:50.0214 0x13c0 [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
14:51:50.0230 0x13c0 RapiMgr - ok
14:51:50.0261 0x13c0 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:51:50.0261 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
14:51:50.0261 0x13c0 RasAcd - detected LockedFile.Multi.Generic ( 1 )
14:51:52.0788 0x13c0 Detect skipped due to KSN trusted
14:51:52.0788 0x13c0 RasAcd - ok
14:51:52.0866 0x13c0 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:51:52.0866 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
14:51:52.0866 0x13c0 RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
14:51:55.0394 0x13c0 Detect skipped due to KSN trusted
14:51:55.0394 0x13c0 RasAgileVpn - ok
14:51:55.0456 0x13c0 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
14:51:55.0518 0x13c0 RasAuto - ok
14:51:55.0565 0x13c0 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:51:55.0565 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
14:51:55.0565 0x13c0 Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
14:51:58.0092 0x13c0 Detect skipped due to KSN trusted
14:51:58.0092 0x13c0 Rasl2tp - ok
14:51:58.0155 0x13c0 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
14:51:58.0202 0x13c0 RasMan - ok
14:51:58.0233 0x13c0 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:51:58.0233 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
14:51:58.0233 0x13c0 RasPppoe - detected LockedFile.Multi.Generic ( 1 )
14:52:00.0760 0x13c0 Detect skipped due to KSN trusted
14:52:00.0760 0x13c0 RasPppoe - ok
14:52:00.0807 0x13c0 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:52:00.0807 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
14:52:00.0807 0x13c0 RasSstp - detected LockedFile.Multi.Generic ( 1 )
14:52:03.0334 0x13c0 Detect skipped due to KSN trusted
14:52:03.0334 0x13c0 RasSstp - ok
14:52:03.0412 0x13c0 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:52:03.0412 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
14:52:03.0412 0x13c0 rdbss - detected LockedFile.Multi.Generic ( 1 )
14:52:05.0939 0x13c0 Detect skipped due to KSN trusted
14:52:05.0939 0x13c0 rdbss - ok
14:52:06.0002 0x13c0 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:52:06.0002 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
14:52:06.0002 0x13c0 rdpbus - detected LockedFile.Multi.Generic ( 1 )
14:52:08.0529 0x13c0 Detect skipped due to KSN trusted
14:52:08.0529 0x13c0 rdpbus - ok
14:52:08.0576 0x13c0 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:08.0576 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
14:52:08.0576 0x13c0 RDPCDD - detected LockedFile.Multi.Generic ( 1 )
14:52:11.0103 0x13c0 Detect skipped due to KSN trusted
14:52:11.0103 0x13c0 RDPCDD - ok
14:52:11.0118 0x13c0 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:52:11.0118 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
14:52:11.0118 0x13c0 RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
14:52:13.0630 0x13c0 Detect skipped due to KSN trusted
14:52:13.0630 0x13c0 RDPENCDD - ok
14:52:13.0677 0x13c0 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:52:13.0677 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
14:52:13.0677 0x13c0 RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
14:52:16.0204 0x13c0 Detect skipped due to KSN trusted
14:52:16.0204 0x13c0 RDPREFMP - ok
14:52:16.0266 0x13c0 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:52:16.0266 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
14:52:16.0266 0x13c0 RDPWD - detected LockedFile.Multi.Generic ( 1 )
14:52:18.0809 0x13c0 Detect skipped due to KSN trusted
14:52:18.0809 0x13c0 RDPWD - ok
14:52:18.0887 0x13c0 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:52:18.0887 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
14:52:18.0903 0x13c0 rdyboost - detected LockedFile.Multi.Generic ( 1 )
14:52:21.0430 0x13c0 Detect skipped due to KSN trusted
14:52:21.0430 0x13c0 rdyboost - ok
14:52:21.0492 0x13c0 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:52:21.0539 0x13c0 RemoteAccess - ok
14:52:21.0570 0x13c0 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:52:21.0633 0x13c0 RemoteRegistry - ok
14:52:21.0664 0x13c0 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:52:21.0664 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932, sha256: 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D
14:52:21.0664 0x13c0 RFCOMM - detected LockedFile.Multi.Generic ( 1 )
14:52:31.0679 0x13c0 RFCOMM ( LockedFile.Multi.Generic ) - warning
14:52:36.0156 0x13c0 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:52:36.0203 0x13c0 RpcEptMapper - ok
14:52:36.0234 0x13c0 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
14:52:36.0250 0x13c0 RpcLocator - ok
14:52:36.0312 0x13c0 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
14:52:36.0375 0x13c0 RpcSs - ok
14:52:36.0422 0x13c0 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:52:36.0422 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
14:52:36.0437 0x13c0 rspndr - detected LockedFile.Multi.Generic ( 1 )
14:52:38.0980 0x13c0 Detect skipped due to KSN trusted
14:52:38.0980 0x13c0 rspndr - ok
14:52:39.0042 0x13c0 [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:52:39.0042 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 763AE0C6D9DF4C24B7E2C26036A8188A, sha256: 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48
14:52:39.0042 0x13c0 RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
14:52:41.0554 0x13c0 Detect skipped due to KSN trusted
14:52:41.0554 0x13c0 RSUSBSTOR - ok
14:52:41.0663 0x13c0 [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
14:52:41.0663 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RtHDMIVX.sys. md5: D6D381B76056C668679723938F06F16C, sha256: A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341
14:52:41.0663 0x13c0 RTHDMIAzAudService - detected LockedFile.Multi.Generic ( 1 )
14:52:44.0175 0x13c0 Detect skipped due to KSN trusted
14:52:44.0175 0x13c0 RTHDMIAzAudService - ok
14:52:44.0268 0x13c0 [ 032F537623A7B2FB81AAA184C30B70C3, C9E0569322A173D62D357CEA7BFECB0CF9D5817E3AE4B46955760BF98F5D16B3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
14:52:44.0268 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017bus.sys. md5: 032F537623A7B2FB81AAA184C30B70C3, sha256: C9E0569322A173D62D357CEA7BFECB0CF9D5817E3AE4B46955760BF98F5D16B3
14:52:44.0284 0x13c0 s0017bus - detected LockedFile.Multi.Generic ( 1 )
14:52:46.0811 0x13c0 Detect skipped due to KSN trusted
14:52:46.0811 0x13c0 s0017bus - ok
14:52:46.0874 0x13c0 [ 9964A28E569B4FF105B446EF8978FD5C, 7872699B528C31E8B8699B6F8D2127440CD67A3BEAD0E5941BD58FDCD73DBE2C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
14:52:46.0874 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017mdfl.sys. md5: 9964A28E569B4FF105B446EF8978FD5C, sha256: 7872699B528C31E8B8699B6F8D2127440CD67A3BEAD0E5941BD58FDCD73DBE2C
14:52:46.0874 0x13c0 s0017mdfl - detected LockedFile.Multi.Generic ( 1 )
14:52:49.0401 0x13c0 Detect skipped due to KSN trusted
14:52:49.0401 0x13c0 s0017mdfl - ok
14:52:49.0463 0x13c0 [ 06347087D274C23DCFA8C4AB5C4314DB, 757DDAC72524EB59854A05E46A16CE2B0AF0CE1FC411110712576327D3984E91 ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
14:52:49.0463 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017mdm.sys. md5: 06347087D274C23DCFA8C4AB5C4314DB, sha256: 757DDAC72524EB59854A05E46A16CE2B0AF0CE1FC411110712576327D3984E91
14:52:49.0463 0x13c0 s0017mdm - detected LockedFile.Multi.Generic ( 1 )
14:52:51.0990 0x13c0 Detect skipped due to KSN trusted
14:52:51.0990 0x13c0 s0017mdm - ok
14:52:52.0053 0x13c0 [ F0F0747B3FA50272DE6B1BF575FA4700, FCB9007C630A0FD23CA0A8286BA9E498F6B36F1090F717B4A713286EEC4346C0 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
14:52:52.0053 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017mgmt.sys. md5: F0F0747B3FA50272DE6B1BF575FA4700, sha256: FCB9007C630A0FD23CA0A8286BA9E498F6B36F1090F717B4A713286EEC4346C0
14:52:52.0053 0x13c0 s0017mgmt - detected LockedFile.Multi.Generic ( 1 )
14:52:54.0580 0x13c0 Detect skipped due to KSN trusted
14:52:54.0580 0x13c0 s0017mgmt - ok
14:52:54.0642 0x13c0 [ 3FEADBC7F09B8B596CBFB82F12ABA87F, FBA6209893FF7C07823AB6F89FF7E36CF116C9FE202868DB4289233AF85E659A ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
14:52:54.0642 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017obex.sys. md5: 3FEADBC7F09B8B596CBFB82F12ABA87F, sha256: FBA6209893FF7C07823AB6F89FF7E36CF116C9FE202868DB4289233AF85E659A
14:52:54.0642 0x13c0 s0017obex - detected LockedFile.Multi.Generic ( 1 )
14:52:57.0154 0x13c0 Detect skipped due to KSN trusted
14:52:57.0154 0x13c0 s0017obex - ok
14:52:57.0201 0x13c0 [ 2B63BEA31D939888B2A8F3F14D89B5C1, 0C1333885DB315A63C1FAA53ED2160695F97C1B336B8DA986A48B97F39A46954 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
14:52:57.0217 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s0017unic.sys. md5: 2B63BEA31D939888B2A8F3F14D89B5C1, sha256: 0C1333885DB315A63C1FAA53ED2160695F97C1B336B8DA986A48B97F39A46954
14:52:57.0217 0x13c0 s0017unic - detected LockedFile.Multi.Generic ( 1 )
14:52:59.0728 0x13c0 Detect skipped due to KSN trusted
14:52:59.0728 0x13c0 s0017unic - ok
14:52:59.0791 0x13c0 [ 6C90231046FB9FC4123C42179832817F, 68161EC19787C074B9B3B3426E744FBDD637E8A72ABB51436ED83DD1554A68C6 ] s117bus C:\Windows\system32\DRIVERS\s117bus.sys
14:52:59.0791 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117bus.sys. md5: 6C90231046FB9FC4123C42179832817F, sha256: 68161EC19787C074B9B3B3426E744FBDD637E8A72ABB51436ED83DD1554A68C6
14:52:59.0791 0x13c0 s117bus - detected LockedFile.Multi.Generic ( 1 )
14:53:02.0318 0x13c0 Detect skipped due to KSN trusted
14:53:02.0318 0x13c0 s117bus - ok
14:53:02.0411 0x13c0 [ 3279341C90EF8F226AF77623039F4495, DAE52030277454601A401DBCE8ABACB9952362968C2C1D848AD594DC7CBB478D ] s117mdfl C:\Windows\system32\DRIVERS\s117mdfl.sys
14:53:02.0411 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117mdfl.sys. md5: 3279341C90EF8F226AF77623039F4495, sha256: DAE52030277454601A401DBCE8ABACB9952362968C2C1D848AD594DC7CBB478D
14:53:02.0411 0x13c0 s117mdfl - detected LockedFile.Multi.Generic ( 1 )
14:53:04.0923 0x13c0 Detect skipped due to KSN trusted
14:53:04.0923 0x13c0 s117mdfl - ok
14:53:05.0001 0x13c0 [ 73E331F555279E753B312675DDAF4516, 07592A944057B613E5BC19BE459F221423A16E792A3B0421DABE6D74A414C147 ] s117mdm C:\Windows\system32\DRIVERS\s117mdm.sys
14:53:05.0001 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117mdm.sys. md5: 73E331F555279E753B312675DDAF4516, sha256: 07592A944057B613E5BC19BE459F221423A16E792A3B0421DABE6D74A414C147
14:53:05.0001 0x13c0 s117mdm - detected LockedFile.Multi.Generic ( 1 )
14:53:07.0544 0x13c0 Detect skipped due to KSN trusted
14:53:07.0544 0x13c0 s117mdm - ok
14:53:07.0606 0x13c0 [ D420731FD2880F0F40F20771EFAAD671, 6CFE6B5FD22530A6BD55BC0E7C1BB4A3701D51F36613FAB07BB1E361C1B0A7A1 ] s117mgmt C:\Windows\system32\DRIVERS\s117mgmt.sys
14:53:07.0606 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117mgmt.sys. md5: D420731FD2880F0F40F20771EFAAD671, sha256: 6CFE6B5FD22530A6BD55BC0E7C1BB4A3701D51F36613FAB07BB1E361C1B0A7A1
14:53:07.0606 0x13c0 s117mgmt - detected LockedFile.Multi.Generic ( 1 )
14:53:10.0118 0x13c0 Detect skipped due to KSN trusted
14:53:10.0118 0x13c0 s117mgmt - ok
14:53:10.0196 0x13c0 [ 98236CA5A9A77D0983AC3F6D6527C796, D27C1C123CC4FCDF2EC54C12EE1A60FBCA9252EDA3D5635A45C2CDAF5763AE9E ] s117nd5 C:\Windows\system32\DRIVERS\s117nd5.sys
14:53:10.0196 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117nd5.sys. md5: 98236CA5A9A77D0983AC3F6D6527C796, sha256: D27C1C123CC4FCDF2EC54C12EE1A60FBCA9252EDA3D5635A45C2CDAF5763AE9E
14:53:10.0196 0x13c0 s117nd5 - detected LockedFile.Multi.Generic ( 1 )
14:53:12.0723 0x13c0 Detect skipped due to KSN trusted
14:53:12.0723 0x13c0 s117nd5 - ok
14:53:12.0801 0x13c0 [ 1DD613909477AE298C98E86617EC356B, FA848B6BFB0C5313BB9AC37B0196D2B49F4AE0E8906C92624F10E602614654D3 ] s117obex C:\Windows\system32\DRIVERS\s117obex.sys
14:53:12.0801 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117obex.sys. md5: 1DD613909477AE298C98E86617EC356B, sha256: FA848B6BFB0C5313BB9AC37B0196D2B49F4AE0E8906C92624F10E602614654D3
14:53:12.0801 0x13c0 s117obex - detected LockedFile.Multi.Generic ( 1 )
14:53:15.0328 0x13c0 Detect skipped due to KSN trusted
14:53:15.0328 0x13c0 s117obex - ok
14:53:15.0375 0x13c0 [ 9A22DF5FE9B6BE279D820776A6ADB56F, 77790E331C7C10850B40EBE8FD99A536BB467935832D895D082639DAA3A86E6A ] s117unic C:\Windows\system32\DRIVERS\s117unic.sys
14:53:15.0375 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\s117unic.sys. md5: 9A22DF5FE9B6BE279D820776A6ADB56F, sha256: 77790E331C7C10850B40EBE8FD99A536BB467935832D895D082639DAA3A86E6A
14:53:15.0375 0x13c0 s117unic - detected LockedFile.Multi.Generic ( 1 )
14:53:17.0902 0x13c0 Detect skipped due to KSN trusted
14:53:17.0902 0x13c0 s117unic - ok
14:53:17.0949 0x13c0 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
14:53:17.0965 0x13c0 SamSs - ok
14:53:17.0996 0x13c0 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:53:17.0996 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
14:53:17.0996 0x13c0 sbp2port - detected LockedFile.Multi.Generic ( 1 )
14:53:20.0523 0x13c0 Detect skipped due to KSN trusted
14:53:20.0523 0x13c0 sbp2port - ok
14:53:20.0585 0x13c0 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:53:20.0632 0x13c0 SCardSvr - ok
14:53:20.0679 0x13c0 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:53:20.0679 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
14:53:20.0679 0x13c0 scfilter - detected LockedFile.Multi.Generic ( 1 )
14:53:23.0222 0x13c0 Detect skipped due to KSN trusted
14:53:23.0222 0x13c0 scfilter - ok
14:53:23.0315 0x13c0 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
14:53:23.0409 0x13c0 Schedule - ok
14:53:23.0456 0x13c0 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:53:23.0487 0x13c0 SCPolicySvc - ok
14:53:23.0534 0x13c0 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:53:23.0549 0x13c0 SDRSVC - ok
14:53:23.0581 0x13c0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:53:23.0581 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
14:53:23.0581 0x13c0 secdrv - detected LockedFile.Multi.Generic ( 1 )
14:53:26.0123 0x13c0 Detect skipped due to KSN trusted
14:53:26.0123 0x13c0 secdrv - ok
14:53:26.0170 0x13c0 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
14:53:26.0217 0x13c0 seclogon - ok
14:53:26.0279 0x13c0 [ EDE7A1D2715AAC2190D51DC07AFD44E3, 992EDC724AC30AAAA9164805F801A73483AC36E8D355CD523B69C4E544EB55CB ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
14:53:26.0279 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\seehcri.sys. md5: EDE7A1D2715AAC2190D51DC07AFD44E3, sha256: 992EDC724AC30AAAA9164805F801A73483AC36E8D355CD523B69C4E544EB55CB
14:53:26.0279 0x13c0 seehcri - detected LockedFile.Multi.Generic ( 1 )
14:53:28.0807 0x13c0 Detect skipped due to KSN trusted
14:53:28.0807 0x13c0 seehcri - ok
14:53:28.0853 0x13c0 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
14:53:28.0931 0x13c0 SENS - ok
14:53:28.0963 0x13c0 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:53:28.0978 0x13c0 SensrSvc - ok
14:53:29.0025 0x13c0 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:53:29.0025 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
14:53:29.0025 0x13c0 Serenum - detected LockedFile.Multi.Generic ( 1 )
14:53:31.0552 0x13c0 Detect skipped due to KSN trusted
14:53:31.0552 0x13c0 Serenum - ok
14:53:31.0615 0x13c0 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:53:31.0615 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
14:53:31.0615 0x13c0 Serial - detected LockedFile.Multi.Generic ( 1 )
14:53:34.0142 0x13c0 Detect skipped due to KSN trusted
14:53:34.0142 0x13c0 Serial - ok
14:53:34.0204 0x13c0 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:53:34.0204 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
14:53:34.0204 0x13c0 sermouse - detected LockedFile.Multi.Generic ( 1 )
14:53:44.0219 0x13c0 Object is SCO, delete is not allowed
14:53:44.0219 0x13c0 sermouse ( LockedFile.Multi.Generic ) - warning
14:53:44.0219 0x13c0 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\sermouse.sys
14:53:48.0806 0x13c0 Object send P2P result: true
14:53:51.0302 0x13c0 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
14:53:51.0349 0x13c0 SessionEnv - ok
14:53:51.0395 0x13c0 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:53:51.0395 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
14:53:51.0395 0x13c0 sffdisk - detected LockedFile.Multi.Generic ( 1 )
14:53:53.0938 0x13c0 Detect skipped due to KSN trusted
14:53:53.0938 0x13c0 sffdisk - ok
14:53:53.0985 0x13c0 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:53:53.0985 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
14:53:53.0985 0x13c0 sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
14:53:56.0497 0x13c0 Detect skipped due to KSN trusted
14:53:56.0497 0x13c0 sffp_mmc - ok
14:53:56.0528 0x13c0 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:53:56.0528 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
14:53:56.0528 0x13c0 sffp_sd - detected LockedFile.Multi.Generic ( 1 )
14:53:59.0055 0x13c0 Detect skipped due to KSN trusted
14:53:59.0055 0x13c0 sffp_sd - ok
14:53:59.0102 0x13c0 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:53:59.0102 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
14:53:59.0102 0x13c0 sfloppy - detected LockedFile.Multi.Generic ( 1 )
14:54:01.0629 0x13c0 Detect skipped due to KSN trusted
14:54:01.0629 0x13c0 sfloppy - ok
14:54:01.0723 0x13c0 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:54:01.0785 0x13c0 SharedAccess - ok
14:54:01.0832 0x13c0 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:54:01.0910 0x13c0 ShellHWDetection - ok
14:54:01.0957 0x13c0 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:54:01.0957 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
14:54:01.0957 0x13c0 SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
14:54:04.0468 0x13c0 Detect skipped due to KSN trusted
14:54:04.0468 0x13c0 SiSRaid2 - ok
14:54:04.0499 0x13c0 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:54:04.0499 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
14:54:04.0499 0x13c0 SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
14:54:07.0011 0x13c0 Detect skipped due to KSN trusted
14:54:07.0011 0x13c0 SiSRaid4 - ok
14:54:07.0089 0x13c0 [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:54:07.0105 0x13c0 SkypeUpdate - ok
14:54:07.0136 0x13c0 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:54:07.0136 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
14:54:07.0151 0x13c0 Smb - detected LockedFile.Multi.Generic ( 1 )
14:54:09.0694 0x13c0 Detect skipped due to KSN trusted
14:54:09.0694 0x13c0 Smb - ok
14:54:09.0788 0x13c0 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:54:09.0803 0x13c0 SNMPTRAP - ok
14:54:09.0850 0x13c0 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
14:54:09.0850 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
14:54:09.0850 0x13c0 spldr - detected LockedFile.Multi.Generic ( 1 )
14:54:12.0362 0x13c0 Detect skipped due to KSN trusted
14:54:12.0362 0x13c0 spldr - ok
14:54:12.0440 0x13c0 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
14:54:12.0471 0x13c0 Spooler - ok
14:54:12.0643 0x13c0 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
14:54:12.0830 0x13c0 sppsvc - ok
14:54:12.0877 0x13c0 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:54:12.0939 0x13c0 sppuinotify - ok
14:54:13.0017 0x13c0 [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\system32\Drivers\sptd.sys
14:54:13.0017 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA
14:54:13.0017 0x13c0 sptd - detected LockedFile.Multi.Generic ( 1 )
14:54:15.0544 0x13c0 Detect skipped due to KSN trusted
14:54:15.0544 0x13c0 sptd - ok
14:54:15.0622 0x13c0 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:54:15.0622 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
14:54:15.0622 0x13c0 srv - detected LockedFile.Multi.Generic ( 1 )
14:54:18.0134 0x13c0 Detect skipped due to KSN trusted
14:54:18.0134 0x13c0 srv - ok
14:54:18.0196 0x13c0 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:54:18.0196 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
14:54:18.0196 0x13c0 srv2 - detected LockedFile.Multi.Generic ( 1 )
14:54:21.0067 0x13c0 Detect skipped due to KSN trusted
14:54:21.0067 0x13c0 srv2 - ok
14:54:21.0113 0x13c0 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:54:21.0113 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
14:54:21.0113 0x13c0 srvnet - detected LockedFile.Multi.Generic ( 1 )
14:54:23.0641 0x13c0 Detect skipped due to KSN trusted
14:54:23.0641 0x13c0 srvnet - ok
14:54:23.0719 0x13c0 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:54:23.0781 0x13c0 SSDPSRV - ok
14:54:23.0812 0x13c0 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:54:23.0875 0x13c0 SstpSvc - ok
14:54:23.0906 0x13c0 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:54:23.0906 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
14:54:23.0906 0x13c0 stexstor - detected LockedFile.Multi.Generic ( 1 )
14:54:26.0433 0x13c0 Detect skipped due to KSN trusted
14:54:26.0433 0x13c0 stexstor - ok
14:54:26.0527 0x13c0 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
14:54:26.0589 0x13c0 stisvc - ok
14:54:26.0620 0x13c0 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
14:54:26.0620 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
14:54:26.0651 0x13c0 swenum - detected LockedFile.Multi.Generic ( 1 )
14:54:29.0194 0x13c0 Detect skipped due to KSN trusted
14:54:29.0194 0x13c0 swenum - ok
14:54:29.0272 0x13c0 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
14:54:29.0335 0x13c0 swprv - ok
14:54:29.0381 0x13c0 [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:54:29.0381 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 064A2530A4A7C7CEC1BE6A1945645BE4, sha256: 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D
14:54:29.0381 0x13c0 SynTP - detected LockedFile.Multi.Generic ( 1 )
14:54:31.0909 0x13c0 Detect skipped due to KSN trusted
14:54:31.0909 0x13c0 SynTP - ok
14:54:32.0018 0x13c0 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
14:54:32.0143 0x13c0 SysMain - ok
14:54:32.0189 0x13c0 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:54:32.0221 0x13c0 TabletInputService - ok
14:54:32.0267 0x13c0 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:54:32.0330 0x13c0 TapiSrv - ok
14:54:32.0361 0x13c0 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
14:54:32.0408 0x13c0 TBS - ok
14:54:32.0517 0x13c0 [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:54:32.0517 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 9849EA3843A2ADBDD1497E97A85D8CAE, sha256: 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C
14:54:32.0548 0x13c0 Tcpip - detected LockedFile.Multi.Generic ( 1 )
14:54:35.0060 0x13c0 Detect skipped due to KSN trusted
14:54:35.0060 0x13c0 Tcpip - ok
14:54:35.0185 0x13c0 [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:54:35.0185 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 9849EA3843A2ADBDD1497E97A85D8CAE, sha256: 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C
14:54:35.0200 0x13c0 TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
14:54:35.0200 0x13c0 Detect skipped due to KSN trusted
14:54:35.0200 0x13c0 TCPIP6 - ok
14:54:35.0247 0x13c0 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:54:35.0247 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 1B16D0BD9841794A6E0CDE0CEF744ABC, sha256: 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C
14:54:35.0247 0x13c0 tcpipreg - detected LockedFile.Multi.Generic ( 1 )
14:54:37.0759 0x13c0 Detect skipped due to KSN trusted
14:54:37.0759 0x13c0 tcpipreg - ok
14:54:37.0805 0x13c0 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:54:37.0821 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
14:54:37.0821 0x13c0 TDPIPE - detected LockedFile.Multi.Generic ( 1 )
14:54:40.0333 0x13c0 Detect skipped due to KSN trusted
14:54:40.0333 0x13c0 TDPIPE - ok
14:54:40.0379 0x13c0 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:54:40.0379 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
14:54:40.0379 0x13c0 TDTCP - detected LockedFile.Multi.Generic ( 1 )
14:54:42.0907 0x13c0 Detect skipped due to KSN trusted
14:54:42.0907 0x13c0 TDTCP - ok
14:54:42.0969 0x13c0 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:54:42.0969 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
14:54:42.0969 0x13c0 tdx - detected LockedFile.Multi.Generic ( 1 )
14:54:45.0512 0x13c0 Detect skipped due to KSN trusted
14:54:45.0512 0x13c0 tdx - ok
14:54:45.0574 0x13c0 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
14:54:45.0574 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
14:54:45.0574 0x13c0 TermDD - detected LockedFile.Multi.Generic ( 1 )
14:54:48.0086 0x13c0 Detect skipped due to KSN trusted
14:54:48.0086 0x13c0 TermDD - ok
14:54:48.0179 0x13c0 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
14:54:48.0242 0x13c0 TermService - ok
14:54:48.0273 0x13c0 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
14:54:48.0304 0x13c0 Themes - ok
14:54:48.0335 0x13c0 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
14:54:48.0382 0x13c0 THREADORDER - ok
14:54:48.0398 0x13c0 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
14:54:48.0460 0x13c0 TrkWks - ok
14:54:48.0523 0x13c0 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:54:48.0570 0x13c0 TrustedInstaller - ok
14:54:48.0616 0x13c0 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:48.0616 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: CE18B2CDFC837C99E5FAE9CA6CBA5D30, sha256: CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC
14:54:48.0616 0x13c0 tssecsrv - detected LockedFile.Multi.Generic ( 1 )
14:54:58.0632 0x13c0 Object is SCO, delete is not allowed
14:54:58.0632 0x13c0 tssecsrv ( LockedFile.Multi.Generic ) - warning
14:55:02.0173 0x13c0 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:55:02.0173 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
14:55:02.0173 0x13c0 TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
14:55:04.0700 0x13c0 Detect skipped due to KSN trusted
14:55:04.0700 0x13c0 TsUsbFlt - ok
14:55:04.0762 0x13c0 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:55:04.0762 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
14:55:04.0762 0x13c0 tunnel - detected LockedFile.Multi.Generic ( 1 )
14:55:07.0290 0x13c0 Detect skipped due to KSN trusted
14:55:07.0290 0x13c0 tunnel - ok
14:55:07.0336 0x13c0 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:55:07.0336 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
14:55:07.0336 0x13c0 uagp35 - detected LockedFile.Multi.Generic ( 1 )
14:55:09.0848 0x13c0 Detect skipped due to KSN trusted
14:55:09.0848 0x13c0 uagp35 - ok
14:55:09.0895 0x13c0 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:55:09.0895 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\UBHelper.sys. md5: A17D5E1A6DF4EAB0A480F2C490DE4C9D, sha256: 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B
14:55:09.0895 0x13c0 UBHelper - detected LockedFile.Multi.Generic ( 1 )
14:55:12.0406 0x13c0 Detect skipped due to KSN trusted
14:55:12.0406 0x13c0 UBHelper - ok
14:55:12.0469 0x13c0 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:55:12.0469 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
14:55:12.0469 0x13c0 udfs - detected LockedFile.Multi.Generic ( 1 )
14:55:14.0996 0x13c0 Detect skipped due to KSN trusted
14:55:14.0996 0x13c0 udfs - ok
14:55:15.0043 0x13c0 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:55:15.0058 0x13c0 UI0Detect - ok
14:55:15.0074 0x13c0 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:55:15.0074 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
14:55:15.0074 0x13c0 uliagpkx - detected LockedFile.Multi.Generic ( 1 )
14:55:17.0601 0x13c0 Detect skipped due to KSN trusted
14:55:17.0601 0x13c0 uliagpkx - ok
14:55:17.0679 0x13c0 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:55:17.0679 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
14:55:17.0695 0x13c0 umbus - detected LockedFile.Multi.Generic ( 1 )
14:55:20.0222 0x13c0 Detect skipped due to KSN trusted
14:55:20.0222 0x13c0 umbus - ok
14:55:20.0269 0x13c0 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:55:20.0269 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
14:55:20.0269 0x13c0 UmPass - detected LockedFile.Multi.Generic ( 1 )
14:55:22.0812 0x13c0 Detect skipped due to KSN trusted
14:55:22.0812 0x13c0 UmPass - ok
14:55:22.0968 0x13c0 [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:55:23.0046 0x13c0 UNS - ok
14:55:23.0108 0x13c0 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
14:55:23.0124 0x13c0 Updater Service - ok
14:55:23.0170 0x13c0 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
14:55:23.0233 0x13c0 upnphost - ok
14:55:23.0295 0x13c0 [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:55:23.0295 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: FB251567F41BC61988B26731DEC19E4B, sha256: 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2
14:55:23.0295 0x13c0 USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
14:55:25.0807 0x13c0 Detect skipped due to KSN trusted
14:55:25.0807 0x13c0 USBAAPL64 - ok
14:55:25.0869 0x13c0 [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:55:25.0869 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 6F1A3157A1C89435352CEB543CDB359C, sha256: 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12
14:55:25.0869 0x13c0 usbccgp - detected LockedFile.Multi.Generic ( 1 )
14:55:28.0396 0x13c0 Detect skipped due to KSN trusted
14:55:28.0396 0x13c0 usbccgp - ok
14:55:28.0474 0x13c0 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:55:28.0474 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: AF0892A803FDDA7492F595368E3B68E7, sha256: F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07
14:55:28.0474 0x13c0 usbcir - detected LockedFile.Multi.Generic ( 1 )
14:55:30.0987 0x13c0 Detect skipped due to KSN trusted
14:55:30.0987 0x13c0 usbcir - ok
14:55:31.0034 0x13c0 [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:55:31.0034 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: C025055FE7B87701EB042095DF1A2D7B, sha256: D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9
14:55:31.0034 0x13c0 usbehci - detected LockedFile.Multi.Generic ( 1 )
14:55:33.0561 0x13c0 Detect skipped due to KSN trusted
14:55:33.0561 0x13c0 usbehci - ok
14:55:33.0623 0x13c0 [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:55:33.0623 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 287C6C9410B111B68B52CA298F7B8C24, sha256: 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E
14:55:33.0639 0x13c0 usbhub - detected LockedFile.Multi.Generic ( 1 )
14:55:36.0182 0x13c0 Detect skipped due to KSN trusted
14:55:36.0182 0x13c0 usbhub - ok
14:55:36.0244 0x13c0 [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:55:36.0244 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 9840FC418B4CBD632D3D0A667A725C31, sha256: 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0
14:55:36.0244 0x13c0 usbohci - detected LockedFile.Multi.Generic ( 1 )
14:55:38.0818 0x13c0 Detect skipped due to KSN trusted
14:55:38.0818 0x13c0 usbohci - ok
14:55:38.0881 0x13c0 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:55:38.0881 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
14:55:38.0881 0x13c0 usbprint - detected LockedFile.Multi.Generic ( 1 )
14:55:41.0408 0x13c0 Detect skipped due to KSN trusted
14:55:41.0408 0x13c0 usbprint - ok
14:55:41.0455 0x13c0 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:55:41.0455 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: FED648B01349A3C8395A5169DB5FB7D6, sha256: DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96
14:55:41.0455 0x13c0 USBSTOR - detected LockedFile.Multi.Generic ( 1 )
14:55:43.0982 0x13c0 Detect skipped due to KSN trusted
14:55:43.0982 0x13c0 USBSTOR - ok
14:55:44.0044 0x13c0 [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:55:44.0044 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: 62069A34518BCF9C1FD9E74B3F6DB7CD, sha256: C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25
14:55:44.0044 0x13c0 usbuhci - detected LockedFile.Multi.Generic ( 1 )
14:55:46.0571 0x13c0 Detect skipped due to KSN trusted
14:55:46.0571 0x13c0 usbuhci - ok
14:55:46.0649 0x13c0 [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:55:46.0649 0x13c0 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 454800C2BC7F3927CE030141EE4F4C50, sha256: 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44
14:55:46.0665 0x13c0 usbvideo - detected LockedFile.Multi.Generic ( 1 )
14:55:49.0192 0x13c0 Detect skipped due to KSN trusted
14:55:49.0192 0x13c0 usbvideo - ok
14:55:49.0239 0x13c0 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
14:55:49.0286 0x13c0 UxSms - ok
14:55:49.0301 0x13c0 [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
14:55:49.0317 0x13c0 VaultSvc - ok
14:55:49.0348 0x13c0 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:55:49.0348 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
14:55:49.0379 0x13c0 vdrvroot - detected LockedFile.Multi.Generic ( 1 )
14:55:51.0907 0x13c0 Detect skipped due to KSN trusted
14:55:51.0907 0x13c0 vdrvroot - ok
14:55:52.0016 0x13c0 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
14:55:52.0094 0x13c0 vds - ok
14:55:52.0141 0x13c0 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:55:52.0141 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
14:55:52.0141 0x13c0 vga - detected LockedFile.Multi.Generic ( 1 )
14:55:54.0699 0x13c0 Detect skipped due to KSN trusted
14:55:54.0699 0x13c0 vga - ok
14:55:54.0730 0x13c0 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:55:54.0730 0x13c0 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
14:55:54.0730 0x13c0 VgaSave - detected LockedFile.Multi.Generic ( 1 )
14:55:57.0257 0x13c0 Detect skipped due to KSN trusted
14:55:57.0257 0x13c0 VgaSave - ok
14:55:57.0320 0x13c0 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:55:57.0320 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
14:55:57.0320 0x13c0 vhdmp - detected LockedFile.Multi.Generic ( 1 )
14:55:59.0831 0x13c0 Detect skipped due to KSN trusted
14:55:59.0831 0x13c0 vhdmp - ok
14:55:59.0878 0x13c0 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
14:55:59.0878 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
14:55:59.0878 0x13c0 viaide - detected LockedFile.Multi.Generic ( 1 )
14:56:02.0390 0x13c0 Detect skipped due to KSN trusted
14:56:02.0390 0x13c0 viaide - ok
14:56:02.0452 0x13c0 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:56:02.0452 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
14:56:02.0452 0x13c0 volmgr - detected LockedFile.Multi.Generic ( 1 )
14:56:12.0467 0x13c0 Object is SCO, delete is not allowed
14:56:12.0467 0x13c0 volmgr ( LockedFile.Multi.Generic ) - warning
14:56:16.0976 0x13c0 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:56:16.0976 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
14:56:16.0976 0x13c0 volmgrx - detected LockedFile.Multi.Generic ( 1 )
14:56:19.0519 0x13c0 Detect skipped due to KSN trusted
14:56:19.0519 0x13c0 volmgrx - ok
14:56:19.0565 0x13c0 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:56:19.0565 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
14:56:19.0565 0x13c0 volsnap - detected LockedFile.Multi.Generic ( 1 )
14:56:22.0109 0x13c0 Detect skipped due to KSN trusted
14:56:22.0109 0x13c0 volsnap - ok
14:56:22.0172 0x13c0 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:56:22.0172 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
14:56:22.0172 0x13c0 vsmraid - detected LockedFile.Multi.Generic ( 1 )
14:56:24.0699 0x13c0 Detect skipped due to KSN trusted
14:56:24.0699 0x13c0 vsmraid - ok
14:56:24.0839 0x13c0 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
14:56:24.0933 0x13c0 VSS - ok
14:56:24.0964 0x13c0 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:56:24.0964 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
14:56:24.0964 0x13c0 vwifibus - detected LockedFile.Multi.Generic ( 1 )
14:56:27.0491 0x13c0 Detect skipped due to KSN trusted
14:56:27.0491 0x13c0 vwifibus - ok
14:56:27.0538 0x13c0 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:56:27.0538 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
14:56:27.0538 0x13c0 vwififlt - detected LockedFile.Multi.Generic ( 1 )
14:56:30.0065 0x13c0 Detect skipped due to KSN trusted
14:56:30.0065 0x13c0 vwififlt - ok
14:56:30.0081 0x13c0 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:56:30.0081 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
14:56:30.0081 0x13c0 vwifimp - detected LockedFile.Multi.Generic ( 1 )
14:56:32.0608 0x13c0 Detect skipped due to KSN trusted
14:56:32.0608 0x13c0 vwifimp - ok
14:56:32.0670 0x13c0 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
14:56:32.0733 0x13c0 W32Time - ok
14:56:32.0764 0x13c0 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:56:32.0764 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
14:56:32.0764 0x13c0 WacomPen - detected LockedFile.Multi.Generic ( 1 )
14:56:35.0276 0x13c0 Detect skipped due to KSN trusted
14:56:35.0276 0x13c0 WacomPen - ok
14:56:35.0354 0x13c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:56:35.0354 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
14:56:35.0354 0x13c0 WANARP - detected LockedFile.Multi.Generic ( 1 )
14:56:37.0896 0x13c0 Detect skipped due to KSN trusted
14:56:37.0896 0x13c0 WANARP - ok
14:56:37.0943 0x13c0 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:56:37.0943 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
14:56:37.0943 0x13c0 Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
14:56:37.0943 0x13c0 Detect skipped due to KSN trusted
14:56:37.0943 0x13c0 Wanarpv6 - ok
14:56:38.0037 0x13c0 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:56:38.0084 0x13c0 WatAdminSvc - ok
14:56:38.0162 0x13c0 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
14:56:38.0224 0x13c0 wbengine - ok
14:56:38.0271 0x13c0 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:56:38.0302 0x13c0 WbioSrvc - ok
14:56:38.0364 0x13c0 [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
14:56:38.0380 0x13c0 WcesComm - ok
14:56:38.0427 0x13c0 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:56:38.0474 0x13c0 wcncsvc - ok
14:56:38.0489 0x13c0 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:56:38.0505 0x13c0 WcsPlugInService - ok
14:56:38.0536 0x13c0 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:56:38.0536 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
14:56:38.0536 0x13c0 Wd - detected LockedFile.Multi.Generic ( 1 )
14:56:41.0063 0x13c0 Detect skipped due to KSN trusted
14:56:41.0063 0x13c0 Wd - ok
14:56:41.0141 0x13c0 [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:56:41.0141 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 442783E2CB0DA19873B7A63833FF4CB4, sha256: 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F
14:56:41.0157 0x13c0 Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
14:56:43.0669 0x13c0 Detect skipped due to KSN trusted
14:56:43.0669 0x13c0 Wdf01000 - ok
14:56:43.0715 0x13c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:56:43.0747 0x13c0 WdiServiceHost - ok
14:56:43.0762 0x13c0 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:56:43.0793 0x13c0 WdiSystemHost - ok
14:56:43.0840 0x13c0 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
14:56:43.0871 0x13c0 WebClient - ok
14:56:43.0903 0x13c0 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:56:43.0949 0x13c0 Wecsvc - ok
14:56:43.0981 0x13c0 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:56:44.0027 0x13c0 wercplsupport - ok
14:56:44.0043 0x13c0 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
14:56:44.0090 0x13c0 WerSvc - ok
14:56:44.0137 0x13c0 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:56:44.0137 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
14:56:44.0152 0x13c0 WfpLwf - detected LockedFile.Multi.Generic ( 1 )
14:56:46.0695 0x13c0 Detect skipped due to KSN trusted
14:56:46.0695 0x13c0 WfpLwf - ok
14:56:46.0742 0x13c0 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:56:46.0742 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
14:56:46.0742 0x13c0 WIMMount - detected LockedFile.Multi.Generic ( 1 )
14:56:49.0269 0x13c0 Detect skipped due to KSN trusted
14:56:49.0269 0x13c0 WIMMount - ok
14:56:49.0363 0x13c0 WinDefend - ok
14:56:49.0378 0x13c0 WinHttpAutoProxySvc - ok
14:56:49.0456 0x13c0 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:56:49.0503 0x13c0 Winmgmt - ok
14:56:49.0628 0x13c0 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
14:56:49.0737 0x13c0 WinRM - ok
14:56:49.0846 0x13c0 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:56:49.0846 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
14:56:49.0846 0x13c0 WinUsb - detected LockedFile.Multi.Generic ( 1 )
14:56:52.0389 0x13c0 Detect skipped due to KSN trusted
14:56:52.0389 0x13c0 WinUsb - ok
14:56:52.0467 0x13c0 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:56:52.0514 0x13c0 Wlansvc - ok
14:56:52.0701 0x13c0 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:56:52.0779 0x13c0 wlidsvc - ok
14:56:52.0841 0x13c0 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:56:52.0841 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
14:56:52.0841 0x13c0 WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
14:56:55.0369 0x13c0 Detect skipped due to KSN trusted
14:56:55.0369 0x13c0 WmiAcpi - ok
14:56:55.0447 0x13c0 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:56:55.0462 0x13c0 wmiApSrv - ok
14:56:55.0493 0x13c0 WMPNetworkSvc - ok
14:56:55.0525 0x13c0 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:56:55.0540 0x13c0 WPCSvc - ok
14:56:55.0587 0x13c0 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:56:55.0618 0x13c0 WPDBusEnum - ok
14:56:55.0634 0x13c0 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:56:55.0634 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
14:56:55.0634 0x13c0 ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
14:56:58.0161 0x13c0 Detect skipped due to KSN trusted
14:56:58.0161 0x13c0 ws2ifsl - ok
14:56:58.0239 0x13c0 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
14:56:58.0270 0x13c0 wscsvc - ok
14:56:58.0317 0x13c0 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:56:58.0317 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 8D918B1DB190A4D9B1753A66FA8C96E8, sha256: DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE
14:56:58.0317 0x13c0 WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
14:57:00.0844 0x13c0 Detect skipped due to KSN trusted
14:57:00.0844 0x13c0 WSDPrintDevice - ok
14:57:00.0922 0x13c0 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
14:57:00.0922 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDScan.sys. md5: 4A2A5C50DD1A63577D3ACA94269FBC7F, sha256: F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047
14:57:00.0922 0x13c0 WSDScan - detected LockedFile.Multi.Generic ( 1 )
14:57:03.0449 0x13c0 Detect skipped due to KSN trusted
14:57:03.0449 0x13c0 WSDScan - ok
14:57:03.0465 0x13c0 WSearch - ok
14:57:03.0605 0x13c0 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
14:57:03.0683 0x13c0 wuauserv - ok
14:57:03.0730 0x13c0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:57:03.0730 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: AB886378EEB55C6C75B4F2D14B6C869F, sha256: D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6
14:57:03.0730 0x13c0 WudfPf - detected LockedFile.Multi.Generic ( 1 )
14:57:06.0242 0x13c0 Detect skipped due to KSN trusted
14:57:06.0242 0x13c0 WudfPf - ok
14:57:06.0367 0x13c0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:57:06.0367 0x13c0 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: DDA4CAF29D8C0A297F886BFE561E6659, sha256: 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978
14:57:06.0367 0x13c0 WUDFRd - detected LockedFile.Multi.Generic ( 1 )
14:57:08.0878 0x13c0 Detect skipped due to KSN trusted
14:57:08.0878 0x13c0 WUDFRd - ok
14:57:08.0941 0x13c0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:57:08.0972 0x13c0 wudfsvc - ok
14:57:09.0019 0x13c0 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:57:09.0050 0x13c0 WwanSvc - ok
14:57:09.0112 0x13c0 ================ Scan global ===============================
14:57:09.0143 0x13c0 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:57:09.0190 0x13c0 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
14:57:09.0221 0x13c0 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
14:57:09.0253 0x13c0 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:57:09.0299 0x13c0 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:57:09.0315 0x13c0 [ Global ] - ok
14:57:09.0315 0x13c0 ================ Scan MBR ==================================
14:57:09.0331 0x13c0 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:57:09.0721 0x13c0 \Device\Harddisk0\DR0 - ok
14:57:09.0721 0x13c0 ================ Scan VBR ==================================
14:57:09.0721 0x13c0 [ 5FAA6B590057CE7E6C4833D451512C91 ] \Device\Harddisk0\DR0\Partition1
14:57:09.0767 0x13c0 \Device\Harddisk0\DR0\Partition1 - ok
14:57:09.0799 0x13c0 [ D49881AFAB9F756E045C58CEE7FB5F34 ] \Device\Harddisk0\DR0\Partition2
14:57:09.0830 0x13c0 \Device\Harddisk0\DR0\Partition2 - ok
14:57:09.0830 0x13c0 Waiting for KSN requests completion. In queue: 2
14:57:10.0844 0x13c0 Waiting for KSN requests completion. In queue: 2
14:57:11.0858 0x13c0 Waiting for KSN requests completion. In queue: 2
14:57:12.0887 0x13c0 AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x40010 ( disabled : outofdate )
14:57:12.0887 0x13c0 Win FW state via NFP2: enabled
14:57:15.0305 0x13c0 ============================================================
14:57:15.0305 0x13c0 Scan finished
14:57:15.0305 0x13c0 ============================================================
14:57:15.0305 0x158c Detected object count: 9
14:57:15.0305 0x158c Actual detected object count: 9
14:57:47.0317 0x158c C:\Windows\System32\Drivers\af45d0f59a6a795.sys - copied to quarantine
14:57:47.0317 0x158c HKLM\SYSTEM\ControlSet001\services\af45d0f59a6a795 - will be deleted on reboot
14:57:47.0332 0x158c HKLM\SYSTEM\ControlSet002\services\af45d0f59a6a795 - will be deleted on reboot
14:57:47.0566 0x158c C:\Windows\System32\Drivers\af45d0f59a6a795.sys - will be deleted on reboot
14:57:47.0566 0x158c af45d0f59a6a795 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
14:57:47.0582 0x158c intelppm ( LockedFile.Multi.Generic ) - skipped by user
14:57:47.0582 0x158c intelppm ( LockedFile.Multi.Generic ) - User select action: Skip
14:57:47.0582 0x158c mouclass ( LockedFile.Multi.Generic ) - skipped by user
14:57:47.0582 0x158c mouclass ( LockedFile.Multi.Generic ) - User select action: Skip
14:57:47.0582 0x158c NBService ( UnsignedFile.Multi.Generic ) - skipped by user
14:57:47.0582 0x158c NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:57:47.0582 0x158c pciide ( LockedFile.Multi.Generic ) - skipped by user
14:57:47.0582 0x158c pciide ( LockedFile.Multi.Generic ) - User select action: Skip
14:57:47.0582 0x158c RFCOMM ( LockedFile.Multi.Generic ) - skipped by user
14:57:47.0582 0x158c RFCOMM ( LockedFile.Multi.Generic ) - User select action: Skip
14:57:47.0582 0x158c sermouse ( LockedFile.Multi.Generic ) - skipped by user
14:57:47.0582 0x158c sermouse ( LockedFile.Multi.Generic ) - User select action: Skip
14:57:47.0582 0x158c tssecsrv ( LockedFile.Multi.Generic ) - skipped by user
14:57:47.0582 0x158c tssecsrv ( LockedFile.Multi.Generic ) - User select action: Skip
14:57:47.0597 0x158c volmgr ( LockedFile.Multi.Generic ) - skipped by user
14:57:47.0597 0x158c volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
14:57:47.0660 0x158c KLMD registered as C:\Windows\system32\drivers\19115903.sys
|
|
29.03.2014, 22:56
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit dem Virenscanner/schutzZitat:
Windows neustarten, neues Log mit TDSS-Killer machen und auch das posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.03.2014, 10:50
| #25 |
| | Probleme mit dem Virenscanner/schutzCode:
ATTFilter 11:43:41.0733 0x1194 TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
11:43:44.0915 0x1194 ============================================================
11:43:44.0915 0x1194 Current date / time: 2014/03/30 11:43:44.0915
11:43:44.0915 0x1194 SystemInfo:
11:43:44.0915 0x1194
11:43:44.0915 0x1194 OS Version: 6.1.7601 ServicePack: 1.0
11:43:44.0915 0x1194 Product type: Workstation
11:43:44.0915 0x1194 ComputerName: DANIEL-PC
11:43:44.0915 0x1194 UserName: Daniel
11:43:44.0915 0x1194 Windows directory: C:\Windows
11:43:44.0915 0x1194 System windows directory: C:\Windows
11:43:44.0915 0x1194 Running under WOW64
11:43:44.0915 0x1194 Processor architecture: Intel x64
11:43:44.0915 0x1194 Number of processors: 4
11:43:44.0915 0x1194 Page size: 0x1000
11:43:44.0915 0x1194 Boot type: Normal boot
11:43:44.0915 0x1194 ============================================================
11:43:47.0864 0x1194 KLMD registered as C:\Windows\system32\drivers\19266241.sys
11:43:48.0472 0x1194 System UUID: {EAE129F4-5D34-3278-CED2-689D74B81AE2}
11:43:48.0956 0x1194 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:43:48.0971 0x1194 ============================================================
11:43:48.0971 0x1194 \Device\Harddisk0\DR0:
11:43:48.0971 0x1194 MBR partitions:
11:43:48.0971 0x1194 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
11:43:48.0971 0x1194 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800
11:43:48.0971 0x1194 ============================================================
11:43:49.0237 0x1194 C: <-> \Device\Harddisk0\DR0\Partition2
11:43:49.0237 0x1194 ============================================================
11:43:49.0237 0x1194 Initialize success
11:43:49.0237 0x1194 ============================================================
11:45:36.0518 0x12ac ============================================================
11:45:36.0518 0x12ac Scan started
11:45:36.0518 0x12ac Mode: Manual; SigCheck; TDLFS;
11:45:36.0518 0x12ac ============================================================
11:45:36.0518 0x12ac KSN ping started
11:45:50.0215 0x12ac KSN ping finished: true
11:45:50.0901 0x12ac ================ Scan system memory ========================
11:45:50.0901 0x12ac System memory - ok
11:45:50.0901 0x12ac ================ Scan services =============================
11:45:51.0962 0x12ac 0292681395908944mcinstcleanup - ok
11:45:52.0508 0x12ac [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:45:52.0742 0x12ac 1394ohci - ok
11:45:53.0023 0x12ac [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:45:53.0054 0x12ac ACPI - ok
11:45:53.0241 0x12ac [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:45:54.0255 0x12ac AcpiPmi - ok
11:45:55.0924 0x12ac [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:45:56.0470 0x12ac AdobeFlashPlayerUpdateSvc - ok
11:45:56.0642 0x12ac [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:45:56.0673 0x12ac adp94xx - ok
11:45:56.0798 0x12ac [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:45:56.0845 0x12ac adpahci - ok
11:45:56.0938 0x12ac [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:45:56.0985 0x12ac adpu320 - ok
11:45:57.0032 0x12ac [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:45:57.0126 0x12ac AeLookupSvc - ok
11:45:57.0391 0x12ac [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\Windows\system32\drivers\afd.sys
11:45:57.0734 0x12ac AFD - ok
11:45:57.0843 0x12ac [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
11:45:57.0874 0x12ac agp440 - ok
11:45:57.0999 0x12ac [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
11:45:58.0015 0x12ac ALG - ok
11:45:58.0186 0x12ac [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
11:45:58.0218 0x12ac aliide - ok
11:45:58.0420 0x12ac [ FF779F9DE1CDF477033858B7681CEDA8, F190057C680F41BEF49FA7BE26A5827C124EC0BFE19D3E21ED93A3287E732D99 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:45:58.0452 0x12ac AMD External Events Utility - ok
11:45:58.0623 0x12ac [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
11:45:58.0654 0x12ac amdide - ok
11:45:58.0842 0x12ac [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:45:59.0013 0x12ac AmdK8 - ok
11:45:59.0746 0x12ac [ EF2B99DCEE397B45F50594696D7B5339, 568BD4AFD14C32A1602AE98D00A6C05372C0AE48D17CBC9257272A57F72E69D4 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:46:00.0480 0x12ac amdkmdag - ok
11:46:00.0589 0x12ac [ 239DCE60BEE6E1576C803948AB4D54C5, BC346ACD57E9BDBBC4C659B1C9CB4D696A42B2AB3DBC387A169C89D11D15A673 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:46:01.0010 0x12ac amdkmdap - ok
11:46:01.0104 0x12ac [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:46:01.0260 0x12ac AmdPPM - ok
11:46:01.0494 0x12ac [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:46:01.0915 0x12ac amdsata - ok
11:46:02.0040 0x12ac [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:02.0086 0x12ac amdsbs - ok
11:46:02.0164 0x12ac [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:46:02.0196 0x12ac amdxata - ok
11:46:02.0367 0x12ac [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
11:46:02.0430 0x12ac AppID - ok
11:46:02.0508 0x12ac [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:46:02.0664 0x12ac AppIDSvc - ok
11:46:02.0866 0x12ac [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
11:46:02.0960 0x12ac Appinfo - ok
11:46:03.0381 0x12ac [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:46:03.0397 0x12ac Apple Mobile Device - ok
11:46:03.0568 0x12ac [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
11:46:03.0615 0x12ac arc - ok
11:46:03.0693 0x12ac [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:46:03.0709 0x12ac arcsas - ok
11:46:04.0801 0x12ac [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:46:05.0440 0x12ac aspnet_state - ok
11:46:05.0784 0x12ac [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:05.0924 0x12ac AsyncMac - ok
11:46:06.0486 0x12ac [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
11:46:06.0501 0x12ac atapi - ok
11:46:06.0610 0x12ac [ 1C60A629AD4FFD06D80CD522B92CDB7C, 68F45BC4B0BA505548E2191677C74B1B6291E56765987347F7EAAF1C8C761A97 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
11:46:06.0782 0x12ac AthBTPort - ok
11:46:08.0061 0x12ac [ A31F72621C938048CBA02E82542F0715, 2C9EBCCA819A11FF2A9141D069B2ABE0CA4A2F374B842B4AA24790931126E4C1 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
11:46:08.0155 0x12ac AtherosSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:46:10.0682 0x12ac Detect skipped due to KSN trusted
11:46:10.0682 0x12ac AtherosSvc - ok
11:46:10.0978 0x12ac [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:46:11.0743 0x12ac AudioEndpointBuilder - ok
11:46:12.0148 0x12ac [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:46:12.0211 0x12ac AudioSrv - ok
11:46:12.0663 0x12ac [ BE5047191368D2C014202AB2775768B7, 5EC5B88B7FA7F9A9A6A665FD8638A3DF8030D6CD72C15C53CC3C34A88C1B9B27 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
11:46:12.0882 0x12ac Avgdiska - ok
11:46:14.0754 0x12ac [ 9D5EA7BD5E29F404CD158AED17B40A15, BC38F90AD8BBB51C27D9D325E400DF10B8A8BE34A497A7207F2E73E46E9AB3EE ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
11:46:14.0863 0x12ac AVGIDSAgent - ok
11:46:15.0128 0x12ac [ EE48CA8AB25E2B0EE3D3E5A463C5A37E, 06A0AF4CB8D3715701ABD272E42F7CCF406C61AF838F5F53A7F6630D4A600905 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:46:15.0159 0x12ac AVGIDSDriver - ok
11:46:15.0487 0x12ac [ 494D668B4CB866A1D6835E5F01B13EF1, A2989DB82F31F9B30E4DC1F814BD0D7E286B33DB033C63796E2020BD18648EF3 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
11:46:15.0565 0x12ac AVGIDSHA - ok
11:46:16.0282 0x12ac [ 4BE8BB177B4C2BC3564845EF6D1073F1, 4ACA54EA54F5ABA96A73BD83C0C5A83C37090FEB7CBE67AE94E9CD3E364931C8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
11:46:16.0329 0x12ac Avgldx64 - ok
11:46:16.0594 0x12ac [ D3772CC086FB81F76B5A82C85E1C7C8E, B1BEFD7AC658F28AECEF5468F5815504BDDC8A4203207B6F0CA53C5B216F782D ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
11:46:16.0626 0x12ac Avgloga - ok
11:46:16.0969 0x12ac [ A0BCE5DC2C1F1EE5C1CA19A33375AC23, 517663AEDD7A45607E17910DE60B2847E521472F9C0AB56034617BE2F351DE8D ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
11:46:16.0984 0x12ac Avgmfx64 - ok
11:46:17.0062 0x12ac [ 12FAAF366975B2BF2E93F1866C0E480D, 559480A1434E6805CF4F3DB5352E98387053194BB7B0DB18099B53D306D9951D ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
11:46:17.0078 0x12ac Avgrkx64 - ok
11:46:17.0437 0x12ac [ 4E364FABBD147F59E5D524C9EA86D772, 5D2B1E35EDBF68C23C5BF38B8B7AC484E3430219E0072C4831F58A9E8386A5FD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
11:46:17.0499 0x12ac Avgtdia - ok
11:46:17.0889 0x12ac [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
11:46:17.0920 0x12ac avgwd - ok
11:46:18.0139 0x12ac [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:46:18.0279 0x12ac AxInstSV - ok
11:46:18.0544 0x12ac [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:46:18.0669 0x12ac b06bdrv - ok
11:46:18.0903 0x12ac [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:18.0934 0x12ac b57nd60a - ok
11:46:19.0512 0x12ac [ 2D659B569A76CDB83B815675A80D7096, 8246BD350017B6CBADA4BBDBAB8B708B0A8F1AD5ADD4B2DE1BA610B4A188C262 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:46:19.0621 0x12ac BCM43XX - ok
11:46:19.0746 0x12ac [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
11:46:19.0870 0x12ac BDESVC - ok
11:46:20.0026 0x12ac [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
11:46:20.0182 0x12ac Beep - ok
11:46:20.0448 0x12ac [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
11:46:20.0682 0x12ac BFE - ok
11:46:21.0087 0x12ac [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
11:46:21.0212 0x12ac BITS - ok
11:46:21.0337 0x12ac [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:21.0508 0x12ac blbdrive - ok
11:46:21.0649 0x12ac [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:46:21.0805 0x12ac bowser - ok
11:46:21.0992 0x12ac [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:23.0022 0x12ac BrFiltLo - ok
11:46:23.0115 0x12ac [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:23.0162 0x12ac BrFiltUp - ok
11:46:23.0349 0x12ac [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:46:23.0458 0x12ac BridgeMP - ok
11:46:23.0661 0x12ac [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
11:46:23.0786 0x12ac Browser - ok
11:46:23.0973 0x12ac [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:46:24.0254 0x12ac Brserid - ok
11:46:24.0316 0x12ac [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:46:24.0363 0x12ac BrSerWdm - ok
11:46:24.0457 0x12ac [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:46:24.0504 0x12ac BrUsbMdm - ok
11:46:24.0550 0x12ac [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:46:24.0613 0x12ac BrUsbSer - ok
11:46:24.0769 0x12ac [ 89F5586E80B42CA4E98B3EFDAFCAD1B8, FDBD3B5455A7F4F0F680A18AE925B971E9F19626EDAAB79C3AFCD48E047D1A34 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
11:46:24.0816 0x12ac BTATH_A2DP - ok
11:46:24.0956 0x12ac [ BC14A513C0120919A019E18061FACA46, BFD4A0D3AAEFC797E2DC34A51A098BB7F48672E7F3238D346CF090A43B711EEB ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
11:46:24.0972 0x12ac BTATH_BUS - ok
11:46:25.0206 0x12ac [ 76E867C34242D16E3418AA9A9430D96A, 9F0FDE76CD51D5F9C8500CB4123448F58FD180EBEB24FE9723E0E3F06E5531BB ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
11:46:25.0237 0x12ac BTATH_HCRP - ok
11:46:25.0486 0x12ac [ 6409827297DAF3699643E9F6EC5C2CD2, BA1945AFABCDBB0147A54992E808C25FF729C55294D5E9393014C5203A8AE26B ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
11:46:25.0518 0x12ac BTATH_LWFLT - ok
11:46:25.0970 0x12ac [ 2B53167C52A1730A59EDFD3C83DEFF70, 3E327AEEB3EF22B9BEFF1E7F59F1739CC62C9CD0E33300402AA11E83131BF88B ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
11:46:26.0001 0x12ac BTATH_RCP - ok
11:46:26.0266 0x12ac [ 832B121E4532919CC49F2438F1DCAA21, 70FFDD505A64D3CF03220D6422EDD47CA2E0DF711BBF2ED057F32A688CB2E2E8 ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
11:46:26.0376 0x12ac BthAvrcp - ok
11:46:26.0594 0x12ac [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
11:46:26.0812 0x12ac BthEnum - ok
11:46:26.0922 0x12ac [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:46:27.0031 0x12ac BTHMODEM - ok
11:46:27.0171 0x12ac [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:46:27.0280 0x12ac BthPan - ok
11:46:27.0561 0x12ac [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:46:27.0717 0x12ac BTHPORT - ok
11:46:27.0858 0x12ac [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
11:46:27.0951 0x12ac bthserv - ok
11:46:28.0123 0x12ac [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:46:28.0248 0x12ac BTHUSB - ok
11:46:28.0388 0x12ac catchme - ok
11:46:28.0482 0x12ac [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:46:28.0653 0x12ac cdfs - ok
11:46:28.0825 0x12ac [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:46:28.0903 0x12ac cdrom - ok
11:46:29.0184 0x12ac [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
11:46:29.0277 0x12ac CertPropSvc - ok
11:46:29.0464 0x12ac [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:46:29.0574 0x12ac circlass - ok
11:46:29.0776 0x12ac [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
11:46:29.0808 0x12ac CLFS - ok
11:46:29.0995 0x12ac [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:46:30.0026 0x12ac clr_optimization_v2.0.50727_32 - ok
11:46:31.0118 0x12ac [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:46:31.0336 0x12ac clr_optimization_v2.0.50727_64 - ok
11:46:31.0664 0x12ac [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:46:32.0506 0x12ac clr_optimization_v4.0.30319_32 - ok
11:46:32.0709 0x12ac [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:46:32.0974 0x12ac clr_optimization_v4.0.30319_64 - ok
11:46:33.0052 0x12ac [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:33.0130 0x12ac CmBatt - ok
11:46:33.0146 0x12ac [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:46:33.0240 0x12ac cmdide - ok
11:46:33.0598 0x12ac [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\Windows\system32\Drivers\cng.sys
11:46:33.0723 0x12ac CNG - ok
11:46:33.0817 0x12ac [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:46:33.0848 0x12ac Compbatt - ok
11:46:33.0973 0x12ac [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:46:34.0113 0x12ac CompositeBus - ok
11:46:34.0176 0x12ac COMSysApp - ok
11:46:34.0332 0x12ac [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:46:34.0363 0x12ac crcdisk - ok
11:46:34.0566 0x12ac [ D8129C49798CBBFB2E4351D4B7B8EF9C, 7C125DBA3F88E7C6D98AE0869EDB7995360904A913923528ABD0429B2608C313 ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:46:34.0737 0x12ac CryptSvc - ok
11:46:35.0018 0x12ac [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:46:35.0143 0x12ac DcomLaunch - ok
11:46:35.0236 0x12ac [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
11:46:35.0346 0x12ac defragsvc - ok
11:46:35.0455 0x12ac [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:46:35.0564 0x12ac DfsC - ok
11:46:35.0860 0x12ac [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
11:46:36.0001 0x12ac Dhcp - ok
11:46:36.0110 0x12ac [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
11:46:36.0235 0x12ac discache - ok
11:46:36.0360 0x12ac [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:46:36.0375 0x12ac Disk - ok
11:46:36.0484 0x12ac [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:46:36.0625 0x12ac Dnscache - ok
11:46:36.0781 0x12ac [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
11:46:36.0906 0x12ac dot3svc - ok
11:46:37.0077 0x12ac [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
11:46:37.0171 0x12ac DPS - ok
11:46:37.0280 0x12ac [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:46:37.0374 0x12ac drmkaud - ok
11:46:37.0826 0x12ac [ 9CF46FDF163E06B83D03FF929EF2296C, 40BB0226361DEC2E6CBFE79CA092083986BD3D94564ED5F3E54CA2EE9A756837 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
11:46:37.0857 0x12ac DsiWMIService - ok
11:46:38.0216 0x12ac [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:46:38.0263 0x12ac DXGKrnl - ok
11:46:38.0356 0x12ac [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
11:46:38.0481 0x12ac EapHost - ok
11:46:39.0542 0x12ac [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:46:40.0197 0x12ac ebdrv - ok
11:46:40.0306 0x12ac [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\Windows\System32\lsass.exe
11:46:40.0338 0x12ac EFS - ok
11:46:40.0915 0x12ac [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:46:41.0367 0x12ac ehRecvr - ok
11:46:41.0445 0x12ac [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
11:46:41.0648 0x12ac ehSched - ok
11:46:41.0882 0x12ac [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:46:41.0929 0x12ac elxstor - ok
11:46:42.0334 0x12ac [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
11:46:42.0381 0x12ac ePowerSvc - ok
11:46:42.0662 0x12ac [ 7DB097F4F6786307168C0DDDEC43A565, 963C0D3D88FB4BF9C2FBCB296B03603E2F8AA8B4E8976162842863B7538C1A9F ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
11:46:42.0787 0x12ac EPSON_EB_RPCV4_04 - ok
11:46:42.0834 0x12ac [ 258AA65A0862E19B7DE6981FDA3758AD, C090F19BEDC2CFB0B5265BCE48BD52102E06CBC15EEFE4CDB747D44F2E42D545 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
11:46:42.0880 0x12ac EPSON_PM_RPCV4_04 - ok
11:46:42.0958 0x12ac [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:46:43.0099 0x12ac ErrDev - ok
11:46:43.0551 0x12ac [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
11:46:43.0723 0x12ac EventSystem - ok
11:46:43.0754 0x12ac [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
11:46:43.0863 0x12ac exfat - ok
11:46:43.0926 0x12ac [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:46:44.0050 0x12ac fastfat - ok
11:46:44.0284 0x12ac [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
11:46:44.0409 0x12ac Fax - ok
11:46:44.0534 0x12ac [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:46:44.0674 0x12ac fdc - ok
11:46:44.0815 0x12ac [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
11:46:44.0971 0x12ac fdPHost - ok
11:46:45.0064 0x12ac [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
11:46:45.0111 0x12ac FDResPub - ok
11:46:45.0252 0x12ac [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:46:45.0283 0x12ac FileInfo - ok
11:46:45.0657 0x12ac [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:46:45.0829 0x12ac Filetrace - ok
11:46:47.0248 0x12ac [ 923B1F7EA2A3DE6790D9193FFC355A4D, 36EC6DD4D36AA65A32D924CBC6DD448A2CB9E915395BE621004B858786E86CB4 ] FirebirdServerDefaultInstance C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
11:46:49.0323 0x12ac FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic ( 1 )
11:46:59.0401 0x12ac FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
11:47:04.0237 0x12ac [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:47:04.0299 0x12ac FLEXnet Licensing Service - ok
11:47:04.0393 0x12ac [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:47:04.0487 0x12ac flpydisk - ok
11:47:04.0627 0x12ac [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:47:04.0658 0x12ac FltMgr - ok
11:47:05.0142 0x12ac [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
11:47:05.0298 0x12ac FontCache - ok
11:47:05.0501 0x12ac [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:47:05.0547 0x12ac FontCache3.0.0.0 - ok
11:47:05.0657 0x12ac [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:47:05.0688 0x12ac FsDepends - ok
11:47:05.0797 0x12ac [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:47:05.0813 0x12ac Fs_Rec - ok
11:47:06.0047 0x12ac [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:47:06.0078 0x12ac fvevol - ok
11:47:06.0218 0x12ac [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:47:06.0249 0x12ac gagp30kx - ok
11:47:06.0437 0x12ac [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:47:06.0468 0x12ac GEARAspiWDM - ok
11:47:06.0733 0x12ac [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
11:47:06.0842 0x12ac gpsvc - ok
11:47:07.0107 0x12ac [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
11:47:07.0123 0x12ac GREGService - ok
11:47:07.0466 0x12ac [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:47:07.0497 0x12ac gupdate - ok
11:47:07.0763 0x12ac [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:47:07.0794 0x12ac gupdatem - ok
11:47:07.0950 0x12ac [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
11:47:08.0043 0x12ac hamachi - ok
11:47:08.0153 0x12ac [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:47:08.0340 0x12ac hcw85cir - ok
11:47:08.0558 0x12ac [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:47:08.0667 0x12ac HdAudAddService - ok
11:47:08.0839 0x12ac [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:47:08.0933 0x12ac HDAudBus - ok
11:47:09.0151 0x12ac [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:47:09.0182 0x12ac HECIx64 - ok
11:47:09.0276 0x12ac [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:47:09.0354 0x12ac HidBatt - ok
11:47:09.0463 0x12ac [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:47:09.0525 0x12ac HidBth - ok
11:47:09.0603 0x12ac [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:47:09.0697 0x12ac HidIr - ok
11:47:09.0837 0x12ac [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
11:47:09.0947 0x12ac hidserv - ok
11:47:10.0118 0x12ac [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
11:47:10.0212 0x12ac HidUsb - ok
11:47:10.0305 0x12ac [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:47:10.0415 0x12ac hkmsvc - ok
11:47:10.0633 0x12ac [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:47:10.0773 0x12ac HomeGroupListener - ok
11:47:10.0929 0x12ac [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:47:10.0961 0x12ac HomeGroupProvider - ok
11:47:11.0179 0x12ac [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:47:11.0210 0x12ac HpSAMD - ok
11:47:11.0366 0x12ac [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:47:11.0475 0x12ac HTTP - ok
11:47:11.0553 0x12ac [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:47:11.0569 0x12ac hwpolicy - ok
11:47:11.0725 0x12ac [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:47:11.0756 0x12ac i8042prt - ok
11:47:12.0162 0x12ac [ 1384872112E8E7FD5786ECEB8BDDF4C9, DC7844691740805A94F2901F8CB56F1591AF4F0F9C6D92D6B8595F89E6FA5F02 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:47:12.0193 0x12ac iaStor - ok
11:47:12.0489 0x12ac [ 6B24D1C3096DE796D15571079EA5E98C, 89566A7BDEDA7A663110F72B6301998651937E1E3E541EAB054169CEC8C7353F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:47:12.0521 0x12ac IAStorDataMgrSvc - ok
11:47:12.0677 0x12ac [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:47:12.0723 0x12ac iaStorV - ok
11:47:13.0129 0x12ac [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:47:13.0254 0x12ac IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
11:47:15.0875 0x12ac Detect skipped due to KSN trusted
11:47:15.0875 0x12ac IDriverT - ok
11:47:16.0218 0x12ac [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:47:17.0294 0x12ac idsvc - ok
11:47:17.0403 0x12ac [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:47:17.0513 0x12ac iirsp - ok
11:47:17.0903 0x12ac [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
11:47:18.0059 0x12ac IKEEXT - ok
11:47:18.0792 0x12ac [ 235362D403D9D677514649D88DB31914, 522F5BA88169ADEC1EEB595BFBBCD6417DF38CD93A0D2B2FD0AF4C907FF6D965 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
11:47:18.0948 0x12ac IntcAzAudAddService - ok
11:47:19.0104 0x12ac [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
11:47:19.0119 0x12ac intelide - ok
11:47:19.0244 0x12ac [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:47:19.0353 0x12ac intelppm - ok
11:47:19.0509 0x12ac [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:47:19.0619 0x12ac IPBusEnum - ok
11:47:19.0697 0x12ac [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:47:19.0759 0x12ac IpFilterDriver - ok
11:47:19.0899 0x12ac [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:47:20.0024 0x12ac iphlpsvc - ok
11:47:20.0102 0x12ac [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:47:20.0180 0x12ac IPMIDRV - ok
11:47:20.0258 0x12ac [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:47:20.0352 0x12ac IPNAT - ok
11:47:20.0601 0x12ac [ 50D6CCC6FF5561F9F56946B3E6164FB8, 27529E751D3CB13B651B54474F04A17DF5737AD0170CD41F601E779F90603D11 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:47:20.0648 0x12ac iPod Service - ok
11:47:20.0773 0x12ac [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:47:21.0662 0x12ac IRENUM - ok
11:47:21.0740 0x12ac [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:47:21.0787 0x12ac isapnp - ok
11:47:21.0927 0x12ac [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:47:21.0990 0x12ac iScsiPrt - ok
11:47:22.0349 0x12ac [ 37E053A2CF8F0082B689ED74106E0CEC, 431D3A3212152A76878C9CA347056B62B2A5A3E0211C4D930639C426EE73A0B7 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
11:47:22.0395 0x12ac k57nd60a - ok
11:47:22.0505 0x12ac [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
11:47:22.0536 0x12ac kbdclass - ok
11:47:22.0770 0x12ac [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
11:47:22.0832 0x12ac kbdhid - ok
11:47:22.0863 0x12ac [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\Windows\system32\lsass.exe
11:47:22.0879 0x12ac KeyIso - ok
11:47:23.0004 0x12ac [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:47:23.0019 0x12ac KSecDD - ok
11:47:23.0129 0x12ac [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:47:23.0160 0x12ac KSecPkg - ok
11:47:23.0269 0x12ac [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:47:23.0441 0x12ac ksthunk - ok
11:47:23.0565 0x12ac [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
11:47:23.0706 0x12ac KtmRm - ok
11:47:23.0862 0x12ac [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:47:23.0924 0x12ac LanmanServer - ok
11:47:24.0065 0x12ac [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:47:24.0158 0x12ac LanmanWorkstation - ok
11:47:24.0299 0x12ac [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:47:24.0455 0x12ac lltdio - ok
11:47:24.0579 0x12ac [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:47:24.0704 0x12ac lltdsvc - ok
11:47:24.0813 0x12ac [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:47:24.0891 0x12ac lmhosts - ok
11:47:25.0281 0x12ac [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:47:25.0297 0x12ac LMS - ok
11:47:25.0453 0x12ac [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:47:25.0500 0x12ac LSI_FC - ok
11:47:25.0593 0x12ac [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:47:25.0640 0x12ac LSI_SAS - ok
11:47:25.0812 0x12ac [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:47:25.0874 0x12ac LSI_SAS2 - ok
11:47:26.0015 0x12ac [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:47:26.0046 0x12ac LSI_SCSI - ok
11:47:26.0139 0x12ac [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
11:47:26.0295 0x12ac luafv - ok
11:47:26.0498 0x12ac [ CD51E1D0D638F1E07A6EDC98CD7F5DDA, 360AC29DFE46C96BB41045DE325729397F17912DBAF83D5119EBD2A3A8C9A5FB ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
11:47:26.0529 0x12ac mbamchameleon - ok
11:47:26.0623 0x12ac [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:47:26.0919 0x12ac Mcx2Svc - ok
11:47:27.0309 0x12ac [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:47:27.0341 0x12ac megasas - ok
11:47:27.0450 0x12ac [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:47:27.0497 0x12ac MegaSR - ok
11:47:28.0339 0x12ac Microsoft SharePoint Workspace Audit Service - ok
11:47:28.0620 0x12ac [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
11:47:28.0713 0x12ac MMCSS - ok
11:47:28.0885 0x12ac [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
11:47:28.0979 0x12ac Modem - ok
11:47:29.0275 0x12ac [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:47:29.0369 0x12ac monitor - ok
11:47:29.0525 0x12ac [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:47:29.0556 0x12ac mouclass - ok
11:47:29.0805 0x12ac [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:47:29.0915 0x12ac mouhid - ok
11:47:30.0039 0x12ac [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:47:30.0071 0x12ac mountmgr - ok
11:47:30.0180 0x12ac [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
11:47:30.0211 0x12ac mpio - ok
11:47:30.0305 0x12ac [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:47:30.0351 0x12ac mpsdrv - ok
11:47:31.0256 0x12ac [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:47:31.0397 0x12ac MpsSvc - ok
11:47:31.0490 0x12ac [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:47:31.0537 0x12ac MRxDAV - ok
11:47:31.0693 0x12ac [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:47:31.0787 0x12ac mrxsmb - ok
11:47:31.0880 0x12ac [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:47:32.0036 0x12ac mrxsmb10 - ok
11:47:32.0114 0x12ac [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:47:32.0301 0x12ac mrxsmb20 - ok
11:47:32.0364 0x12ac [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
11:47:32.0395 0x12ac msahci - ok
11:47:32.0489 0x12ac [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:47:32.0535 0x12ac msdsm - ok
11:47:32.0645 0x12ac [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
11:47:32.0691 0x12ac MSDTC - ok
11:47:32.0801 0x12ac [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:47:32.0847 0x12ac Msfs - ok
11:47:33.0066 0x12ac [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:47:33.0269 0x12ac mshidkmdf - ok
11:47:33.0425 0x12ac [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:47:33.0456 0x12ac msisadrv - ok
11:47:33.0596 0x12ac [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:47:33.0690 0x12ac MSiSCSI - ok
11:47:33.0690 0x12ac msiserver - ok
11:47:33.0830 0x12ac [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:47:33.0924 0x12ac MSKSSRV - ok
11:47:34.0002 0x12ac [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:47:34.0064 0x12ac MSPCLOCK - ok
11:47:34.0127 0x12ac [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:47:34.0283 0x12ac MSPQM - ok
11:47:34.0454 0x12ac [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:47:34.0470 0x12ac MsRPC - ok
11:47:34.0563 0x12ac [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:47:34.0579 0x12ac mssmbios - ok
11:47:34.0735 0x12ac [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:47:34.0829 0x12ac MSTEE - ok
11:47:34.0875 0x12ac [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:47:34.0969 0x12ac MTConfig - ok
11:47:35.0031 0x12ac [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
11:47:35.0047 0x12ac Mup - ok
11:47:35.0250 0x12ac [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
11:47:35.0343 0x12ac napagent - ok
11:47:35.0796 0x12ac [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:47:35.0889 0x12ac NativeWifiP - ok
11:47:36.0747 0x12ac [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B, 5D568AD63FC8D24439C3DEA7AF5240BBEE8136542FDE7030816795F8D7A5EC73 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
11:47:38.0136 0x12ac NBService - detected UnsignedFile.Multi.Generic ( 1 )
11:47:40.0757 0x12ac Detect skipped due to KSN trusted
11:47:40.0757 0x12ac NBService - ok
11:47:41.0303 0x12ac [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
11:47:41.0334 0x12ac NDIS - ok
11:47:41.0490 0x12ac [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:47:41.0552 0x12ac NdisCap - ok
11:47:41.0646 0x12ac [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:41.0724 0x12ac NdisTapi - ok
11:47:41.0837 0x12ac [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:41.0907 0x12ac Ndisuio - ok
11:47:42.0071 0x12ac [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:42.0227 0x12ac NdisWan - ok
11:47:42.0414 0x12ac [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:47:42.0539 0x12ac NDProxy - ok
11:47:42.0664 0x12ac [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:47:42.0757 0x12ac NetBIOS - ok
11:47:43.0038 0x12ac [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:47:43.0147 0x12ac NetBT - ok
11:47:43.0241 0x12ac [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\Windows\system32\lsass.exe
11:47:43.0257 0x12ac Netlogon - ok
11:47:43.0397 0x12ac [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
11:47:43.0491 0x12ac Netman - ok
11:47:43.0569 0x12ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:43.0740 0x12ac NetMsmqActivator - ok
11:47:43.0756 0x12ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:43.0756 0x12ac NetPipeActivator - ok
11:47:43.0959 0x12ac [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
11:47:44.0115 0x12ac netprofm - ok
11:47:44.0146 0x12ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:44.0161 0x12ac NetTcpActivator - ok
11:47:44.0161 0x12ac [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:47:44.0177 0x12ac NetTcpPortSharing - ok
11:47:44.0286 0x12ac [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:47:44.0395 0x12ac nfrd960 - ok
11:47:44.0489 0x12ac [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:47:44.0583 0x12ac NlaSvc - ok
11:47:44.0707 0x12ac [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:47:44.0817 0x12ac Npfs - ok
11:47:44.0879 0x12ac [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
11:47:44.0957 0x12ac nsi - ok
11:47:44.0988 0x12ac [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:47:45.0066 0x12ac nsiproxy - ok
11:47:46.0345 0x12ac [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:47:46.0470 0x12ac Ntfs - ok
11:47:46.0782 0x12ac [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
11:47:46.0813 0x12ac NTI IScheduleSvc - ok
11:47:46.0923 0x12ac [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
11:47:46.0938 0x12ac NTIDrvr - ok
11:47:46.0969 0x12ac [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
11:47:47.0063 0x12ac Null - ok
11:47:47.0250 0x12ac [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:47:47.0593 0x12ac nvraid - ok
11:47:47.0781 0x12ac [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:47:48.0046 0x12ac nvstor - ok
11:47:48.0514 0x12ac [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:47:48.0561 0x12ac nv_agp - ok
11:47:48.0670 0x12ac [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:47:49.0013 0x12ac ohci1394 - ok
11:47:50.0199 0x12ac [ DA345DE3B450E9E1691E7B9956D8FFC3, 23115188E82F7D2681D697D306F64B3CC4AF43F0AFDFAB73E1BB570115B9D84E ] OMSI download service C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
11:47:50.0495 0x12ac OMSI download service - detected UnsignedFile.Multi.Generic ( 1 )
11:47:53.0007 0x12ac Detect skipped due to KSN trusted
11:47:53.0007 0x12ac OMSI download service - ok
11:47:53.0662 0x12ac [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:47:53.0724 0x12ac ose64 - ok
11:47:55.0456 0x12ac [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:01.0743 0x12ac osppsvc - ok
11:48:02.0133 0x12ac [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:48:02.0195 0x12ac p2pimsvc - ok
11:48:02.0523 0x12ac [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
11:48:02.0569 0x12ac p2psvc - ok
11:48:02.0835 0x12ac [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:48:03.0490 0x12ac Parport - ok
11:48:03.0615 0x12ac [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:48:03.0646 0x12ac partmgr - ok
11:48:03.0724 0x12ac [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
11:48:03.0833 0x12ac PcaSvc - ok
11:48:03.0911 0x12ac [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
11:48:03.0942 0x12ac pci - ok
11:48:04.0051 0x12ac [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
11:48:04.0083 0x12ac pciide - ok
11:48:04.0223 0x12ac [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:48:04.0254 0x12ac pcmcia - ok
11:48:04.0285 0x12ac [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
11:48:04.0301 0x12ac pcw - ok
11:48:04.0426 0x12ac [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:48:04.0535 0x12ac PEAUTH - ok
11:48:06.0579 0x12ac [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:48:06.0641 0x12ac PerfHost - ok
11:48:07.0203 0x12ac [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
11:48:07.0390 0x12ac pla - ok
11:48:07.0733 0x12ac [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:48:07.0811 0x12ac PlugPlay - ok
11:48:07.0873 0x12ac [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:48:07.0936 0x12ac PNRPAutoReg - ok
11:48:08.0170 0x12ac [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:48:08.0201 0x12ac PNRPsvc - ok
11:48:08.0326 0x12ac [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:48:08.0497 0x12ac PolicyAgent - ok
11:48:08.0731 0x12ac [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
11:48:08.0778 0x12ac Power - ok
11:48:08.0903 0x12ac [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:48:09.0075 0x12ac PptpMiniport - ok
11:48:09.0340 0x12ac [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:48:09.0480 0x12ac Processor - ok
11:48:09.0605 0x12ac [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
11:48:09.0839 0x12ac ProfSvc - ok
11:48:09.0870 0x12ac [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:09.0886 0x12ac ProtectedStorage - ok
11:48:10.0104 0x12ac [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:48:10.0229 0x12ac Psched - ok
11:48:10.0697 0x12ac [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:48:11.0290 0x12ac ql2300 - ok
11:48:11.0352 0x12ac [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:48:11.0664 0x12ac ql40xx - ok
11:48:11.0789 0x12ac [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
11:48:11.0867 0x12ac QWAVE - ok
11:48:11.0929 0x12ac [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:48:11.0992 0x12ac QWAVEdrv - ok
11:48:12.0709 0x12ac [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
11:48:12.0725 0x12ac RapiMgr - ok
11:48:12.0834 0x12ac [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:48:12.0959 0x12ac RasAcd - ok
11:48:13.0365 0x12ac [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:48:13.0427 0x12ac RasAgileVpn - ok
11:48:13.0505 0x12ac [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
11:48:13.0552 0x12ac RasAuto - ok
11:48:13.0661 0x12ac [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:48:13.0770 0x12ac Rasl2tp - ok
11:48:13.0895 0x12ac [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
11:48:14.0082 0x12ac RasMan - ok
11:48:14.0145 0x12ac [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:48:14.0223 0x12ac RasPppoe - ok
11:48:14.0347 0x12ac [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:48:14.0550 0x12ac RasSstp - ok
11:48:14.0644 0x12ac [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:48:14.0753 0x12ac rdbss - ok
11:48:14.0831 0x12ac [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:48:15.0034 0x12ac rdpbus - ok
11:48:15.0049 0x12ac [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:48:15.0127 0x12ac RDPCDD - ok
11:48:15.0237 0x12ac [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:48:15.0330 0x12ac RDPENCDD - ok
11:48:15.0408 0x12ac [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:48:15.0595 0x12ac RDPREFMP - ok
11:48:15.0783 0x12ac [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:48:15.0923 0x12ac RDPWD - ok
11:48:16.0048 0x12ac [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:48:16.0063 0x12ac rdyboost - ok
11:48:16.0110 0x12ac [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:48:16.0219 0x12ac RemoteAccess - ok
11:48:16.0344 0x12ac [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:48:16.0438 0x12ac RemoteRegistry - ok
11:48:16.0516 0x12ac [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:48:16.0641 0x12ac RFCOMM - ok
11:48:16.0781 0x12ac [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:48:16.0875 0x12ac RpcEptMapper - ok
11:48:16.0968 0x12ac [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
11:48:16.0999 0x12ac RpcLocator - ok
11:48:17.0171 0x12ac [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
11:48:17.0233 0x12ac RpcSs - ok
11:48:17.0327 0x12ac [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:48:17.0467 0x12ac rspndr - ok
11:48:17.0608 0x12ac [ 763AE0C6D9DF4C24B7E2C26036A8188A, 1728D9BDF910324988B3D28459AB0A15C57CBBA79D2DFE377342DF3486BA9D48 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:48:17.0670 0x12ac RSUSBSTOR - ok
11:48:17.0857 0x12ac [ D6D381B76056C668679723938F06F16C, A26C35EB588BF32F5CD22554BE5A05380D50FF1B7D399687EE50DC24C32DA341 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
11:48:17.0920 0x12ac RTHDMIAzAudService - ok
11:48:18.0138 0x12ac [ 032F537623A7B2FB81AAA184C30B70C3, C9E0569322A173D62D357CEA7BFECB0CF9D5817E3AE4B46955760BF98F5D16B3 ] s0017bus C:\Windows\system32\DRIVERS\s0017bus.sys
11:48:18.0154 0x12ac s0017bus - ok
11:48:18.0357 0x12ac [ 9964A28E569B4FF105B446EF8978FD5C, 7872699B528C31E8B8699B6F8D2127440CD67A3BEAD0E5941BD58FDCD73DBE2C ] s0017mdfl C:\Windows\system32\DRIVERS\s0017mdfl.sys
11:48:18.0435 0x12ac s0017mdfl - ok
11:48:18.0591 0x12ac [ 06347087D274C23DCFA8C4AB5C4314DB, 757DDAC72524EB59854A05E46A16CE2B0AF0CE1FC411110712576327D3984E91 ] s0017mdm C:\Windows\system32\DRIVERS\s0017mdm.sys
11:48:18.0856 0x12ac s0017mdm - ok
11:48:18.0981 0x12ac [ F0F0747B3FA50272DE6B1BF575FA4700, FCB9007C630A0FD23CA0A8286BA9E498F6B36F1090F717B4A713286EEC4346C0 ] s0017mgmt C:\Windows\system32\DRIVERS\s0017mgmt.sys
11:48:19.0012 0x12ac s0017mgmt - ok
11:48:19.0090 0x12ac [ 3FEADBC7F09B8B596CBFB82F12ABA87F, FBA6209893FF7C07823AB6F89FF7E36CF116C9FE202868DB4289233AF85E659A ] s0017obex C:\Windows\system32\DRIVERS\s0017obex.sys
11:48:19.0152 0x12ac s0017obex - ok
11:48:19.0277 0x12ac [ 2B63BEA31D939888B2A8F3F14D89B5C1, 0C1333885DB315A63C1FAA53ED2160695F97C1B336B8DA986A48B97F39A46954 ] s0017unic C:\Windows\system32\DRIVERS\s0017unic.sys
11:48:19.0308 0x12ac s0017unic - ok
11:48:19.0371 0x12ac [ 6C90231046FB9FC4123C42179832817F, 68161EC19787C074B9B3B3426E744FBDD637E8A72ABB51436ED83DD1554A68C6 ] s117bus C:\Windows\system32\DRIVERS\s117bus.sys
11:48:19.0402 0x12ac s117bus - ok
11:48:19.0495 0x12ac [ 3279341C90EF8F226AF77623039F4495, DAE52030277454601A401DBCE8ABACB9952362968C2C1D848AD594DC7CBB478D ] s117mdfl C:\Windows\system32\DRIVERS\s117mdfl.sys
11:48:19.0542 0x12ac s117mdfl - ok
11:48:19.0714 0x12ac [ 73E331F555279E753B312675DDAF4516, 07592A944057B613E5BC19BE459F221423A16E792A3B0421DABE6D74A414C147 ] s117mdm C:\Windows\system32\DRIVERS\s117mdm.sys
11:48:19.0745 0x12ac s117mdm - ok
11:48:19.0854 0x12ac [ D420731FD2880F0F40F20771EFAAD671, 6CFE6B5FD22530A6BD55BC0E7C1BB4A3701D51F36613FAB07BB1E361C1B0A7A1 ] s117mgmt C:\Windows\system32\DRIVERS\s117mgmt.sys
11:48:19.0901 0x12ac s117mgmt - ok
11:48:20.0104 0x12ac [ 98236CA5A9A77D0983AC3F6D6527C796, D27C1C123CC4FCDF2EC54C12EE1A60FBCA9252EDA3D5635A45C2CDAF5763AE9E ] s117nd5 C:\Windows\system32\DRIVERS\s117nd5.sys
11:48:20.0119 0x12ac s117nd5 - ok
11:48:20.0275 0x12ac [ 1DD613909477AE298C98E86617EC356B, FA848B6BFB0C5313BB9AC37B0196D2B49F4AE0E8906C92624F10E602614654D3 ] s117obex C:\Windows\system32\DRIVERS\s117obex.sys
11:48:20.0322 0x12ac s117obex - ok
11:48:20.0478 0x12ac [ 9A22DF5FE9B6BE279D820776A6ADB56F, 77790E331C7C10850B40EBE8FD99A536BB467935832D895D082639DAA3A86E6A ] s117unic C:\Windows\system32\DRIVERS\s117unic.sys
11:48:20.0509 0x12ac s117unic - ok
11:48:20.0556 0x12ac [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\Windows\system32\lsass.exe
11:48:20.0572 0x12ac SamSs - ok
11:48:20.0665 0x12ac [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:48:20.0697 0x12ac sbp2port - ok
11:48:20.0806 0x12ac [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:48:20.0868 0x12ac SCardSvr - ok
11:48:20.0962 0x12ac [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:48:21.0289 0x12ac scfilter - ok
11:48:21.0492 0x12ac [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
11:48:21.0586 0x12ac Schedule - ok
11:48:21.0679 0x12ac [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
11:48:21.0757 0x12ac SCPolicySvc - ok
11:48:21.0851 0x12ac [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:48:21.0913 0x12ac SDRSVC - ok
11:48:22.0085 0x12ac [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:48:22.0194 0x12ac secdrv - ok
11:48:22.0272 0x12ac [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
11:48:22.0381 0x12ac seclogon - ok
11:48:22.0522 0x12ac [ EDE7A1D2715AAC2190D51DC07AFD44E3, 992EDC724AC30AAAA9164805F801A73483AC36E8D355CD523B69C4E544EB55CB ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
11:48:22.0631 0x12ac seehcri - ok
11:48:22.0693 0x12ac [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
11:48:22.0787 0x12ac SENS - ok
11:48:22.0834 0x12ac [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:48:22.0865 0x12ac SensrSvc - ok
11:48:22.0913 0x12ac [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:48:22.0991 0x12ac Serenum - ok
11:48:23.0272 0x12ac [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:48:23.0318 0x12ac Serial - ok
11:48:23.0474 0x12ac [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:48:23.0552 0x12ac sermouse - ok
11:48:23.0646 0x12ac [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
11:48:23.0724 0x12ac SessionEnv - ok
11:48:23.0802 0x12ac [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:48:23.0911 0x12ac sffdisk - ok
11:48:23.0974 0x12ac [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:48:24.0036 0x12ac sffp_mmc - ok
11:48:24.0083 0x12ac [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:48:24.0192 0x12ac sffp_sd - ok
11:48:24.0239 0x12ac [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:48:24.0332 0x12ac sfloppy - ok
11:48:24.0613 0x12ac [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:48:24.0754 0x12ac SharedAccess - ok
11:48:24.0816 0x12ac [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:48:24.0925 0x12ac ShellHWDetection - ok
11:48:24.0988 0x12ac [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:48:25.0019 0x12ac SiSRaid2 - ok
11:48:25.0034 0x12ac [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:48:25.0066 0x12ac SiSRaid4 - ok
11:48:25.0175 0x12ac [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:48:25.0206 0x12ac SkypeUpdate - ok
11:48:25.0268 0x12ac [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:48:25.0362 0x12ac Smb - ok
11:48:25.0518 0x12ac [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:48:25.0580 0x12ac SNMPTRAP - ok
11:48:25.0612 0x12ac [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
11:48:25.0627 0x12ac spldr - ok
11:48:25.0690 0x12ac [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
11:48:25.0736 0x12ac Spooler - ok
11:48:26.0370 0x12ac [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
11:48:26.0520 0x12ac sppsvc - ok
11:48:26.0598 0x12ac [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:48:26.0644 0x12ac sppuinotify - ok
11:48:27.0003 0x12ac [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd C:\Windows\system32\Drivers\sptd.sys
11:48:27.0346 0x12ac sptd - ok
11:48:27.0487 0x12ac [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
11:48:27.0580 0x12ac srv - ok
11:48:27.0799 0x12ac [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:48:27.0861 0x12ac srv2 - ok
11:48:27.0924 0x12ac [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:48:27.0955 0x12ac srvnet - ok
11:48:28.0017 0x12ac [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:48:28.0126 0x12ac SSDPSRV - ok
11:48:28.0204 0x12ac [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:48:28.0267 0x12ac SstpSvc - ok
11:48:28.0345 0x12ac [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:48:28.0360 0x12ac stexstor - ok
11:48:28.0532 0x12ac [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
11:48:28.0579 0x12ac stisvc - ok
11:48:28.0641 0x12ac [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
11:48:28.0677 0x12ac swenum - ok
11:48:28.0865 0x12ac [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
11:48:28.0924 0x12ac swprv - ok
11:48:29.0080 0x12ac [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:48:29.0146 0x12ac SynTP - ok
11:48:29.0781 0x12ac [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
11:48:29.0921 0x12ac SysMain - ok
11:48:29.0984 0x12ac [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:48:30.0031 0x12ac TabletInputService - ok
11:48:30.0140 0x12ac [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
11:48:30.0249 0x12ac TapiSrv - ok
11:48:30.0296 0x12ac [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
11:48:30.0373 0x12ac TBS - ok
11:48:31.0180 0x12ac [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:48:31.0501 0x12ac Tcpip - ok
11:48:32.0162 0x12ac [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:48:32.0234 0x12ac TCPIP6 - ok
11:48:32.0286 0x12ac [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:48:32.0340 0x12ac tcpipreg - ok
11:48:32.0365 0x12ac [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:48:32.0458 0x12ac TDPIPE - ok
11:48:32.0558 0x12ac [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:48:32.0633 0x12ac TDTCP - ok
11:48:32.0738 0x12ac [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:48:32.0840 0x12ac tdx - ok
11:48:32.0869 0x12ac [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
11:48:32.0915 0x12ac TermDD - ok
11:48:33.0155 0x12ac [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
11:48:33.0287 0x12ac TermService - ok
11:48:33.0338 0x12ac [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
11:48:33.0379 0x12ac Themes - ok
11:48:33.0438 0x12ac [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
11:48:33.0518 0x12ac THREADORDER - ok
11:48:33.0608 0x12ac [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
11:48:33.0687 0x12ac TrkWks - ok
11:48:33.0860 0x12ac [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:48:33.0946 0x12ac TrustedInstaller - ok
11:48:33.0994 0x12ac [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:48:34.0032 0x12ac tssecsrv - ok
11:48:34.0177 0x12ac [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:48:34.0266 0x12ac TsUsbFlt - ok
11:48:34.0371 0x12ac [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:48:34.0443 0x12ac tunnel - ok
11:48:34.0506 0x12ac [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:48:34.0540 0x12ac uagp35 - ok
11:48:34.0586 0x12ac [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
11:48:34.0635 0x12ac UBHelper - ok
11:48:34.0791 0x12ac [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:48:34.0890 0x12ac udfs - ok
11:48:34.0952 0x12ac [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:48:34.0999 0x12ac UI0Detect - ok
11:48:35.0030 0x12ac [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:48:35.0061 0x12ac uliagpkx - ok
11:48:35.0202 0x12ac [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
11:48:35.0264 0x12ac umbus - ok
11:48:35.0326 0x12ac [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:48:35.0389 0x12ac UmPass - ok
11:48:35.0921 0x12ac [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:48:35.0996 0x12ac UNS - ok
11:48:36.0165 0x12ac [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
11:48:36.0186 0x12ac Updater Service - ok
11:48:36.0318 0x12ac [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
11:48:36.0397 0x12ac upnphost - ok
11:48:36.0517 0x12ac [ FB251567F41BC61988B26731DEC19E4B, 6A535F5A18EB43DD2E18AF0A05301630A1D1484B7D85DA79A7CD122DA4D018E2 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:48:36.0681 0x12ac USBAAPL64 - ok
11:48:36.0743 0x12ac [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:48:36.0873 0x12ac usbccgp - ok
11:48:36.0930 0x12ac [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:48:37.0015 0x12ac usbcir - ok
11:48:37.0056 0x12ac [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:48:37.0170 0x12ac usbehci - ok
11:48:37.0251 0x12ac [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:48:37.0327 0x12ac usbhub - ok
11:48:37.0350 0x12ac [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:48:37.0438 0x12ac usbohci - ok
11:48:37.0492 0x12ac [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:48:37.0549 0x12ac usbprint - ok
11:48:37.0623 0x12ac [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:48:37.0705 0x12ac USBSTOR - ok
11:48:37.0767 0x12ac [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:48:37.0834 0x12ac usbuhci - ok
11:48:37.0958 0x12ac [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:48:38.0021 0x12ac usbvideo - ok
11:48:38.0068 0x12ac [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
11:48:38.0130 0x12ac UxSms - ok
11:48:38.0146 0x12ac [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\Windows\system32\lsass.exe
11:48:38.0161 0x12ac VaultSvc - ok
11:48:38.0208 0x12ac [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:48:38.0224 0x12ac vdrvroot - ok
11:48:38.0364 0x12ac [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
11:48:38.0551 0x12ac vds - ok
11:48:38.0629 0x12ac [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:48:38.0707 0x12ac vga - ok
11:48:38.0754 0x12ac [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
11:48:38.0816 0x12ac VgaSave - ok
11:48:38.0937 0x12ac [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:48:38.0972 0x12ac vhdmp - ok
11:48:39.0006 0x12ac [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
11:48:39.0037 0x12ac viaide - ok
11:48:39.0094 0x12ac [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:48:39.0110 0x12ac volmgr - ok
11:48:39.0169 0x12ac [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:48:39.0202 0x12ac volmgrx - ok
11:48:39.0282 0x12ac [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:48:39.0369 0x12ac volsnap - ok
11:48:39.0405 0x12ac [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:48:39.0470 0x12ac vsmraid - ok
11:48:39.0751 0x12ac [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
11:48:39.0919 0x12ac VSS - ok
11:48:39.0984 0x12ac [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:48:40.0062 0x12ac vwifibus - ok
11:48:40.0093 0x12ac [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:48:40.0171 0x12ac vwififlt - ok
11:48:40.0218 0x12ac [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:48:40.0249 0x12ac vwifimp - ok
11:48:40.0375 0x12ac [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
11:48:40.0463 0x12ac W32Time - ok
11:48:40.0566 0x12ac [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:48:40.0649 0x12ac WacomPen - ok
11:48:40.0701 0x12ac [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:48:40.0840 0x12ac WANARP - ok
11:48:40.0871 0x12ac [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:48:40.0933 0x12ac Wanarpv6 - ok
11:48:41.0429 0x12ac [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:48:41.0749 0x12ac WatAdminSvc - ok
11:48:41.0892 0x12ac [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
11:48:42.0014 0x12ac wbengine - ok
11:48:42.0069 0x12ac [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:48:42.0112 0x12ac WbioSrvc - ok
11:48:42.0179 0x12ac [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
11:48:42.0210 0x12ac WcesComm - ok
11:48:42.0303 0x12ac [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:48:42.0401 0x12ac wcncsvc - ok
11:48:42.0416 0x12ac [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:48:42.0455 0x12ac WcsPlugInService - ok
11:48:42.0507 0x12ac [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:48:42.0535 0x12ac Wd - ok
11:48:42.0644 0x12ac [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:48:42.0691 0x12ac Wdf01000 - ok
11:48:42.0722 0x12ac [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:48:42.0899 0x12ac WdiServiceHost - ok
11:48:42.0899 0x12ac [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:48:42.0945 0x12ac WdiSystemHost - ok
11:48:43.0231 0x12ac [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
11:48:43.0314 0x12ac WebClient - ok
11:48:43.0368 0x12ac [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:48:43.0444 0x12ac Wecsvc - ok
11:48:43.0552 0x12ac [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:48:43.0669 0x12ac wercplsupport - ok
11:48:43.0806 0x12ac [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
11:48:43.0916 0x12ac WerSvc - ok
11:48:44.0113 0x12ac [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:48:44.0175 0x12ac WfpLwf - ok
11:48:44.0360 0x12ac [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:48:44.0400 0x12ac WIMMount - ok
11:48:44.0767 0x12ac WinDefend - ok
11:48:44.0937 0x12ac WinHttpAutoProxySvc - ok
11:48:45.0127 0x12ac [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:48:45.0192 0x12ac Winmgmt - ok
11:48:45.0457 0x12ac [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
11:48:45.0565 0x12ac WinRM - ok
11:48:45.0837 0x12ac [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:48:45.0935 0x12ac WinUsb - ok
11:48:46.0152 0x12ac [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
11:48:46.0202 0x12ac Wlansvc - ok
11:48:47.0590 0x12ac [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:48:47.0680 0x12ac wlidsvc - ok
11:48:47.0780 0x12ac [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:48:47.0800 0x12ac WmiAcpi - ok
11:48:47.0870 0x12ac [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:48:47.0950 0x12ac wmiApSrv - ok
11:48:47.0990 0x12ac WMPNetworkSvc - ok
11:48:48.0070 0x12ac [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:48:48.0140 0x12ac WPCSvc - ok
11:48:48.0227 0x12ac [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:48:48.0305 0x12ac WPDBusEnum - ok
11:48:48.0367 0x12ac [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:48:48.0422 0x12ac ws2ifsl - ok
11:48:48.0645 0x12ac [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
11:48:48.0687 0x12ac wscsvc - ok
11:48:48.0787 0x12ac [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
11:48:48.0850 0x12ac WSDPrintDevice - ok
11:48:48.0935 0x12ac [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
11:48:49.0322 0x12ac WSDScan - ok
11:48:49.0335 0x12ac WSearch - ok
11:48:49.0640 0x12ac [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
11:48:49.0727 0x12ac wuauserv - ok
11:48:49.0947 0x12ac [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:48:49.0982 0x12ac WudfPf - ok
11:48:50.0092 0x12ac [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:48:50.0147 0x12ac WUDFRd - ok
11:48:50.0210 0x12ac [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:48:50.0260 0x12ac wudfsvc - ok
11:48:50.0352 0x12ac [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\Windows\System32\wwansvc.dll
11:48:50.0420 0x12ac WwanSvc - ok
11:48:50.0507 0x12ac ================ Scan global ===============================
11:48:50.0597 0x12ac [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
11:48:50.0655 0x12ac [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
11:48:50.0677 0x12ac [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
11:48:50.0730 0x12ac [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
11:48:50.0867 0x12ac [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
11:48:50.0877 0x12ac [ Global ] - ok
11:48:50.0880 0x12ac ================ Scan MBR ==================================
11:48:50.0907 0x12ac [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:49:02.0017 0x12ac \Device\Harddisk0\DR0 - ok
11:49:02.0022 0x12ac ================ Scan VBR ==================================
11:49:02.0052 0x12ac [ 5FAA6B590057CE7E6C4833D451512C91 ] \Device\Harddisk0\DR0\Partition1
11:49:02.0112 0x12ac \Device\Harddisk0\DR0\Partition1 - ok
11:49:02.0152 0x12ac [ D49881AFAB9F756E045C58CEE7FB5F34 ] \Device\Harddisk0\DR0\Partition2
11:49:02.0230 0x12ac \Device\Harddisk0\DR0\Partition2 - ok
11:49:02.0230 0x12ac Waiting for KSN requests completion. In queue: 193
11:49:03.0237 0x12ac Waiting for KSN requests completion. In queue: 193
11:49:04.0237 0x12ac Waiting for KSN requests completion. In queue: 193
11:49:05.0237 0x12ac Waiting for KSN requests completion. In queue: 193
11:49:06.0242 0x12ac Waiting for KSN requests completion. In queue: 193
11:49:07.0242 0x12ac Waiting for KSN requests completion. In queue: 193
11:49:08.0242 0x12ac Waiting for KSN requests completion. In queue: 193
11:49:09.0767 0x12ac AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41000 ( enabled : updated )
11:49:10.0187 0x12ac Win FW state via NFP2: enabled
11:49:12.0867 0x12ac ============================================================
11:49:12.0867 0x12ac Scan finished
11:49:12.0867 0x12ac ============================================================
11:49:12.0882 0x0c90 Detected object count: 1
11:49:12.0882 0x0c90 Actual detected object count: 1
11:49:17.0162 0x0c90 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:17.0162 0x0c90 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
30.03.2014, 23:18
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit dem Virenscanner/schutz Frische FRST Logs bitte, Haken setzen bei additions und dann auf Scan klicken
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2014, 06:58
| #27 |
| | Probleme mit dem Virenscanner/schutz FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Daniel (administrator) on DANIEL-PC on 31-03-2014 07:41:42
Running from C:\Users\Daniel\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [Ocs_SM] - C:\Users\Daniel\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [585376 2010-05-25] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [354464 2010-05-25] (Atheros Commnucations)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3312866003-2049396336-1487248635-1000\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {1C2039CF-A89E-490A-A2DB-8DCE87F2660E} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=d5639e83-625b-43d0-8909-86cdafa827bf&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {3E107333-BD3B-46A3-A931-463435C2DE80} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=d5639e83-625b-43d0-8909-86cdafa827bf&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {4E6E48F9-0BC5-4841-A144-56DEAF7CC8D2} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE662&p={SearchTerms}
SearchScopes: HKCU - {6FC9FE2C-3B42-4047-9EBA-7A3E1C295E83} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=d5639e83-625b-43d0-8909-86cdafa827bf&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {81418B17-2C97-43F0-8D21-04F0C3ECEE01} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=d5639e83-625b-43d0-8909-86cdafa827bf&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {90156AD3-92F7-40FF-93CD-B5302FF2EC9B} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=d5639e83-625b-43d0-8909-86cdafa827bf&pid=icqt&mode=bounce&k=0
SearchScopes: HKCU - {F5B585C5-5A25-4046-ADC6-8DBA18BDB212} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=d5639e83-625b-43d0-8909-86cdafa827bf&pid=icqt&mode=bounce&k=0
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Avira Sparberater) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-03-27]
CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-03-27]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-27]
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe [5708800 2013-03-19] (Firebird Project)
R2 OMSI download service; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
S2 0292681395908944mcinstcleanup; C:\Users\Daniel\AppData\Local\Temp\029268~1.EXE -cleanup -nolog [X]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
R0 mbamchameleon; C:\Windows\System32\drivers\mbamchameleon.sys [91352 2014-03-27] (Malwarebytes Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R3 seehcri; C:\Windows\System32\DRIVERS\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-31] (Duplex Secure Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-31 07:43 - 2014-03-31 07:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-31 07:43 - 2014-03-31 07:43 - 00000000 ____D () C:\728828be4ec002fe1ecaab
2014-03-31 07:41 - 2014-03-31 07:48 - 00014357 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-03-31 07:39 - 2014-03-31 07:39 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-03-30 11:29 - 2013-12-21 11:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-30 11:29 - 2013-12-21 09:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-30 11:21 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-30 11:21 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-30 11:21 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-30 11:21 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-30 11:20 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-30 11:20 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-30 11:20 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-30 11:20 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-30 11:20 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-30 11:20 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-30 11:20 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-30 11:20 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-30 11:20 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-30 11:20 - 2014-02-23 07:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-30 11:20 - 2014-02-23 07:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-30 10:54 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-03-29 15:58 - 2014-03-29 15:58 - 00172592 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-03-29 15:57 - 2014-03-29 15:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-29 13:04 - 2014-03-29 13:04 - 00002018 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-03-29 10:33 - 2014-03-29 10:34 - 00000000 ____D () C:\Users\Daniel\Desktop\TDSSKiller
2014-03-29 10:33 - 2014-03-24 08:30 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Daniel\Desktop\TDSSKiller.exe
2014-03-28 14:09 - 2014-03-28 14:09 - 00000000 ____D () C:\Windows\ERUNT
2014-03-27 22:26 - 2014-03-27 22:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 21:45 - 2014-03-27 22:26 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 21:44 - 2014-03-27 22:54 - 00000000 ____D () C:\Users\Daniel\Desktop\mbar
2014-03-27 21:44 - 2014-03-27 22:20 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 14:33 - 2014-03-27 14:33 - 00022448 _____ () C:\ComboFix.txt
2014-03-27 12:24 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-27 12:24 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-27 12:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-27 12:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-27 12:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-27 12:24 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-27 12:24 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-27 12:24 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-27 12:06 - 2014-03-27 14:33 - 00000000 ____D () C:\Qoobox
2014-03-27 12:06 - 2014-03-27 14:25 - 00000000 ____D () C:\Windows\erdnt
2014-03-27 11:54 - 2014-03-31 07:41 - 00000000 ____D () C:\FRST
2014-03-27 11:10 - 2014-03-27 11:10 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\AVG2014
2014-03-27 11:09 - 2014-03-27 11:09 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-27 11:09 - 2014-03-27 11:09 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\TuneUp Software
2014-03-27 11:08 - 2014-03-27 11:10 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-27 11:08 - 2014-03-27 11:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-27 11:08 - 2014-03-27 11:08 - 00000000 ____D () C:\$AVG
2014-03-27 11:07 - 2014-03-31 07:43 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-27 11:07 - 2014-03-27 11:10 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Avg2014
2014-03-27 11:07 - 2014-03-27 11:07 - 00000000 ____D () C:\Users\Daniel\AppData\Local\MFAData
2014-03-27 10:18 - 2014-03-27 10:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-08 16:16 - 2014-03-08 16:19 - 00000000 ____D () C:\Users\Daniel\Documents\Uni Ulm
==================== One Month Modified Files and Folders =======
2014-03-31 07:48 - 2014-03-31 07:41 - 00014357 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-03-31 07:43 - 2014-03-31 07:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-31 07:43 - 2014-03-31 07:43 - 00000000 ____D () C:\728828be4ec002fe1ecaab
2014-03-31 07:43 - 2014-03-27 11:07 - 00000000 ____D () C:\ProgramData\MFAData
2014-03-31 07:43 - 2010-10-05 04:55 - 01196611 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 07:41 - 2014-03-27 11:54 - 00000000 ____D () C:\FRST
2014-03-31 07:39 - 2014-03-31 07:39 - 02157056 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-03-31 07:38 - 2013-11-22 18:54 - 00000043 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-03-30 11:50 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-30 11:50 - 2009-07-14 06:45 - 00010240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-30 11:49 - 2010-10-05 14:46 - 00697098 _____ () C:\Windows\system32\perfh007.dat
2014-03-30 11:49 - 2010-10-05 14:46 - 00148362 _____ () C:\Windows\system32\perfc007.dat
2014-03-30 11:49 - 2009-07-14 07:13 - 01613412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-30 11:42 - 2012-05-20 13:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-30 11:42 - 2012-05-20 13:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-30 11:42 - 2009-07-14 06:51 - 00078993 _____ () C:\Windows\setupact.log
2014-03-30 11:40 - 2010-12-31 15:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-30 11:20 - 2012-06-18 15:57 - 01591306 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-30 11:12 - 2009-07-14 04:34 - 00000478 _____ () C:\Windows\win.ini
2014-03-29 15:58 - 2014-03-29 15:58 - 00172592 _____ () C:\Users\Daniel\Desktop\Neues Textdokument.txt
2014-03-29 15:57 - 2014-03-29 15:57 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-03-29 13:04 - 2014-03-29 13:04 - 00002018 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-03-29 10:34 - 2014-03-29 10:33 - 00000000 ____D () C:\Users\Daniel\Desktop\TDSSKiller
2014-03-28 14:09 - 2014-03-28 14:09 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 14:03 - 2013-11-24 11:55 - 00000000 ____D () C:\AdwCleaner
2014-03-27 22:54 - 2014-03-27 22:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-27 22:54 - 2014-03-27 21:44 - 00000000 ____D () C:\Users\Daniel\Desktop\mbar
2014-03-27 22:26 - 2014-03-27 21:45 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 22:22 - 2010-10-05 04:52 - 00254316 _____ () C:\Windows\PFRO.log
2014-03-27 22:20 - 2014-03-27 21:44 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 21:03 - 2014-02-10 14:07 - 00000000 ____D () C:\Users\Daniel\Desktop\Ticketverkauf
2014-03-27 14:33 - 2014-03-27 14:33 - 00022448 _____ () C:\ComboFix.txt
2014-03-27 14:33 - 2014-03-27 12:06 - 00000000 ____D () C:\Qoobox
2014-03-27 14:27 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-27 14:26 - 2009-07-14 04:34 - 86245376 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-03-27 14:26 - 2009-07-14 04:34 - 24641536 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-03-27 14:26 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-03-27 14:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-03-27 14:26 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-03-27 14:25 - 2014-03-27 12:06 - 00000000 ____D () C:\Windows\erdnt
2014-03-27 12:42 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-03-27 11:11 - 2010-08-30 11:24 - 00000000 ____D () C:\Program Files (x86)\EgisTec MyWinLocker
2014-03-27 11:10 - 2014-03-27 11:10 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\AVG2014
2014-03-27 11:10 - 2014-03-27 11:08 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-27 11:10 - 2014-03-27 11:07 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Avg2014
2014-03-27 11:09 - 2014-03-27 11:09 - 00000985 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-27 11:09 - 2014-03-27 11:09 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\TuneUp Software
2014-03-27 11:08 - 2014-03-27 11:08 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-27 11:08 - 2014-03-27 11:08 - 00000000 ____D () C:\$AVG
2014-03-27 11:07 - 2014-03-27 11:07 - 00000000 ____D () C:\Users\Daniel\AppData\Local\MFAData
2014-03-27 10:53 - 2010-08-30 11:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-27 10:50 - 2010-08-30 11:12 - 00000000 ____D () C:\Program Files (x86)\Acer GameZone
2014-03-27 10:32 - 2013-07-10 22:45 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-27 10:30 - 2010-12-31 13:22 - 00000000 ___RD () C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-27 10:30 - 2010-08-30 11:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-27 10:28 - 2013-02-07 09:08 - 00000000 ____D () C:\Program Files\McAfee
2014-03-27 10:18 - 2014-03-27 10:18 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-27 10:18 - 2013-07-10 22:45 - 00000000 ____D () C:\ProgramData\Avira
2014-03-27 10:08 - 2013-03-17 22:36 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-03-27 10:01 - 2013-03-17 22:36 - 00000000 ____D () C:\Users\Daniel\Documents\Anti-Malware
2014-03-27 08:08 - 2012-03-27 20:24 - 00000000 ____D () C:\Users\Daniel\Documents\DHBW Ravensburg
2014-03-24 08:30 - 2014-03-29 10:33 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\Daniel\Desktop\TDSSKiller.exe
2014-03-08 16:19 - 2014-03-08 16:16 - 00000000 ____D () C:\Users\Daniel\Documents\Uni Ulm
2014-03-06 22:57 - 2013-01-19 14:07 - 00000000 ____D () C:\Users\Daniel\Documents\Outlook-Dateien
2014-03-02 14:05 - 2011-01-01 17:16 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
LastRegBack: 2013-07-24 20:02
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Daniel at 2014-03-31 07:50:25
Running from C:\Users\Daniel\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)
Acer Crystal Eye webcam (HKLM-x32\...\{51F026FA-5146-4232-A8BA-1364740BD053}) (Version: 1.0.4.3 - Liteon)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0707.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.2 64-bit (HKLM\...\{A94AABAE-52F0-48C4-9F94-A4CA4B423576}) (Version: 3.2.1 - Adobe)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Age of Empires III (HKLM-x32\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{BAF4695F-7867-D8B2-528A-A1EF2EE0A9EF}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avanquest update (HKLM-x32\...\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}) (Version: 1.29 - Avanquest Software)
AvERP Version 2014.02 (HKLM-x32\...\AvERP_is1) (Version: - SYNERPY GmbH)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4354 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4354 - AVG Technologies) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden
Battlefield 2(TM) (HKLM-x32\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.01.000.18 - Atheros Communications)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0825.2205.37769 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0825.2205.37769 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0825.2205.37769 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help English (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help French (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help German (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0825.2204.37769 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0825.2205.37769 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0825.2205.37769 - ATI) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.0.2905 - CDBurnerXP)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.3216.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version: - Microsoft)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Dropbox (HKCU\...\Dropbox) (Version: 1.6.4 - Dropbox, Inc.)
Druckerdeinstallation für EPSON SX525WD Series (HKLM\...\EPSON SX525WD Series) (Version: - SEIKO EPSON Corporation)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FIFA 11 (HKLM-x32\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
Firebird 2.5.2.26540 (x64) (HKLM\...\FBDBServer_2_5_x64_is1) (Version: 2.5.2.26540 - Firebird Project)
Free Audio CD Burner version 1.5.3.920 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Ltd.)
Free Studio version 5.3.3 (HKLM-x32\...\Free Studio_is1) (Version: - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
iCloud (HKLM\...\{8B485965-8EFE-464A-842F-CF8F18C3DFD7}) (Version: 1.1.0.40 - Apple Inc.)
ICQ Away Reader 1.4 (HKLM-x32\...\{C1A80F67-656F-4DF3-A6C4-DE18A47477C5}_is1) (Version: - murb.com)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java(TM) 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{EBFC96E5-4409-426E-88B7-650ADB342E78}) (Version: 8.0.50727.42 - The Firebird Project)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM-x32\...\{2D7D9D86-923A-41A8-919F-437332AB1031}) (Version: 7.02.2760 - Nero AG)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
Opera 11.61 (HKLM-x32\...\Opera 11.61.1250) (Version: 11.61.1250 - Opera Software ASA)
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30122 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )
Secure Download Manager (HKLM-x32\...\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}) (Version: 3.0.3 - e-academy Inc.)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Sony Ericsson PC Suite 6.012.00 (HKLM-x32\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.012.00 - Sony Ericsson)
SopCast 3.3.2 (HKLM-x32\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
TuneUp Companion 2.2.5 (HKLM-x32\...\TuneUpMedia) (Version: 2.2.5 - TuneUp Media, Inc.)
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{57CEB66B-DD29-4883-92A2-671331657B52}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3E381AC3-30C3-41D7-9B27-B3F3E17BDCB8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition (HKLM\...\{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{61A3A423-93E5-467D-80F1-B5EC686474D0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A6C194EA-C6CB-4314-9E43-AD1F4A1E9D74}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7750DF63-F5DC-4198-8B8B-AE03B212F462}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7750DF63-F5DC-4198-8B8B-AE03B212F462}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{204B60A2-CCEA-4075-9F58-B7BC1BA5E742}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.PROPLUSR_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition (HKLM\...\{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{AA344E1A-06FE-4EA1-8040-A3AA2A3A87EF}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{EE34F250-0C70-4774-82A8-B1EAAEB89991}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7861C766-2AA2-4A50-AB75-A57D451CEA76}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version: - Microsoft)
Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.18 - Veetle, Inc)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: - NCH Software)
Videora iPhone 4 Converter 6 (HKLM-x32\...\Videora iPhone 4 Converter) (Version: 6 - Red Kawa)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter: Treiberupdate (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Xilisoft Online Video Downloader (HKLM-x32\...\Xilisoft Online Video Downloader) (Version: 2.1.0.1216 - Xilisoft)
YouTube Downloader App 3.00 (HKLM-x32\...\YouTube Downloader App) (Version: 3.00 - Regensoft)
==================== Restore Points =========================
22-07-2013 09:15:41 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-03-27 14:27 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {15974E15-EE34-4D7D-91C3-80E18D063D20} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3312866003-2049396336-1487248635-1000UA => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30] (Facebook Inc.)
Task: {15FA8E09-3B04-454D-98EE-3D4D47284097} - System32\Tasks\EQXNUXYNK => Rundll32.exe "C:\Windows\SysWOW64\mtxclub.dll",DDRQGBQE
Task: {3C336E20-840E-4E45-8635-687C35800002} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {9A39537A-E834-448C-BC8C-EC844FD9DA34} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3312866003-2049396336-1487248635-1000Core => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30] (Facebook Inc.)
Task: {B124274C-D88B-4C79-8E92-A895D2938DD1} - System32\Tasks\{4AF484DB-684D-4BF0-9989-B1738EDEA207} => c:\program files (x86)\opera\opera.exe [2013-07-10] (Opera Software)
Task: {D0411A54-D29E-47AB-A55F-B3C608F30F0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {E6B1F542-207A-4685-8C0B-70BF2DEB336F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3312866003-2049396336-1487248635-1000Core.job => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3312866003-2049396336-1487248635-1000UA.job => C:\Users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf28ee75952824.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-06-16 17:19 - 2009-04-30 13:23 - 00090112 _____ () C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-08-30 11:45 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2013-01-15 22:51 - 2013-01-15 22:51 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\99bd60d446f190d3f787f8eb02442187\IsdiInterop.ni.dll
2010-08-30 11:03 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-01-04 08:52 - 2012-01-04 08:52 - 07581696 _____ () c:\program files (x86)\adobe\reader 9.0\reader\rdlang32.deu
2009-02-28 01:40 - 2009-02-28 01:40 - 01712128 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.DEU
2014-02-23 13:53 - 2014-02-23 13:53 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
2009-02-27 21:52 - 2009-02-27 21:52 - 00258048 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2011-12-18 13:18 - 2013-07-10 22:55 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2010-12-31 13:50 - 2013-07-10 22:55 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2009-10-03 11:45 - 2009-10-03 11:45 - 00012288 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Updater.DEU
2009-10-03 11:48 - 2009-10-03 11:48 - 00106496 _____ () C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\EScript.DEU
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:1A60DE96
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\76040350.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\77336226.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\76040350.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\77336226.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: sptd
Description: sptd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: sptd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/29/2014 10:38:28 AM) (Source: Software Protection Platform Service) (User: )
Description: Fehler beim Starten des Softwareschutzdiensts. 0xD0000022
6.1.7601.17514
System errors:
=============
Error: (03/30/2014 11:43:43 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/30/2014 11:42:51 AM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error: (03/30/2014 11:41:14 AM) (Source: sptd) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt.
Error: (03/30/2014 11:41:12 AM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon failed to initiate Object Manager filtering - C01C0007
Error: (03/30/2014 11:41:12 AM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon failed to initiate File System filtering - C01C0007
Error: (03/29/2014 04:01:08 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/29/2014 04:00:37 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error: (03/29/2014 03:59:03 PM) (Source: sptd) (User: )
Description: Der Treiber hat einen internen Fehler in seinen Datenstrukturen für festgestellt.
Error: (03/29/2014 03:59:01 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon failed to initiate Object Manager filtering - C01C0007
Error: (03/29/2014 03:59:01 PM) (Source: mbamchameleon) (User: )
Description: Mbamchameleon failed to initiate File System filtering - C01C0007
Microsoft Office Sessions:
=========================
Error: (03/29/2014 10:38:28 AM) (Source: Software Protection Platform Service)(User: )
Description: 0xD00000226.1.7601.17514
CodeIntegrity Errors:
===================================
Date: 2014-03-27 13:25:18.006
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-27 13:25:17.851
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-27 13:25:17.705
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-03-27 13:25:17.555
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-07-02 08:30:31.717
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\86f8216.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-07-02 08:30:31.514
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\86f8216.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 74%
Total physical RAM: 3958.71 MB
Available physical RAM: 1028.01 MB
Total Pagefile: 7915.61 MB
Available Pagefile: 4632.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:165.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 2FA7803C)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
31.03.2014, 09:09
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit dem Virenscanner/schutz Ok, Kontrollscans bitte Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.03.2014, 15:03
| #29 |
| | Probleme mit dem Virenscanner/schutzCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 31.03.2014 Suchlauf-Zeit: 12:08:38 Logdatei: mbam.txt Administrator: Ja Version: 2.00.0.1000 Malware Datenbank: v2014.03.31.03 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Aktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Daniel Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 269780 Verstrichene Zeit: 1 Std, 20 Min, 11 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, In Quarantäne, [ea163ac6b94735cb15c41074d231ae52], Registrierungswerte: 1 PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [ea163ac6b94735cb15c41074d231ae52] Registrierungsdaten: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[52aec838bc44c7390ac6e72519eb9a66] Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.SweetIM, C:\Windows\Installer\291082bc.msi, In Quarantäne, [6d93fc0427d989777200ce61eb193bc5], PUP.Optional.SweetIM, C:\Windows\Installer\2910831f.msi, In Quarantäne, [15eb1ee21ee2847c076b60cfa95bb947], PUP.Optional.SweetIM, C:\Windows\Installer\29108324.msi, In Quarantäne, [87793dc3966a857b6e04c66921e3857b], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2d6f20bb16b26c4e9dd1d09ee8b507ad
# engine=17688
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-31 01:59:19
# local_time=2014-03-31 03:59:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 13496 147904209 0 0
# scanned=261506
# found=2
# cleaned=0
# scan_time=12544
sh=BA544310CAF1B006232A11989BFC1D150ECDCAAF ft=1 fh=42d192a6ff578360 vn="a variant of Win64/Rootkit.Kryptik.G trojan" ac=I fn="C:\TDSSKiller_Quarantine\29.03.2014_14.46.11\necurs0000\svc0000\tsk0000.dta"
sh=AC594AB5E2C071D992E07FDB3DBFAEB587A21DF2 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2013-1493.BW trojan" ac=I fn="C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\1d4f3fbe-5a59bb6d"
|
|
31.03.2014, 15:19
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit dem Virenscanner/schutz Nur Reste. Das Rootkit wurde eliminiert. TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Probleme mit dem Virenscanner/schutz |
| antivir, autorun, avira, bho, browser, converter, downloader, error, firefox, format, home, homepage, installation, launch, logfile, mp3, object, preferences, problem, realtek, registry, scan, senden, siteadvisor, software, virus, windows |
Probleme mit dem Virenscanner/schutz
Linear-Darstellung
