Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.07.2014, 02:13   #1
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Liebes Trojaner-Board-Team,

bräuchte unbedingt eure Hilfe.

Habe gestern von meinem Internet - Anbieter einen Brief bekommen, mit der Mitteilung dass von meinen Anschluss Spam-Mails versendet wurden. Es folgten die Hinweise, ich sollte Computer auf Viren und Trojaner durchsuchen.

Daraufhin habe ich Avira mal alles durchscannen lassen und dabei wurde TR/Agent.37888.248 entdeckt. Hatte es einige male versucht zu entfernen bzw. in Quarantäne zu stecken, was mir nicht gelungen ist. Computer startet neu, aber beim erneuten Durchsuchen ist es immer noch da. Hinzu kommt das Problem, dass Echtzeit-Scanner lahm gelegt wurde und nicht mehr aktiviert werden kann. Bis zum gestrigen Tag hatte ich keine ernsthafte Probleme feststellen können, kann deshalb nicht einschätzen seit wann Trojaner drauf ist.

defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 01:48 on 07/07/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read 8a6a6eefe4cb1615.sys
Unable to read tdx.sys
Unable to read termdd.sys
Unable to read tssecsrv.sys
Unable to read TsUsbFlt.sys
Unable to read tunnel.sys
Unable to read UAGP35.SYS
Unable to read udfs.sys
Unable to read ULIAGPKX.SYS
Unable to read umbus.sys
Unable to read umpass.sys
Unable to read usb8023.sys
Unable to read usbccgp.sys
Unable to read usbcir.sys
Unable to read usbd.sys
Unable to read usbehci.sys
Unable to read usbhub.sys
Unable to read usbohci.sys
Unable to read usbport.sys
Unable to read usbprint.sys
Unable to read usbscan.sys
Unable to read USBSTOR.SYS
Unable to read usbuhci.sys
Unable to read usbvideo.sys
Unable to read vdrvroot.sys
Unable to read vga.sys
Unable to read vgapnp.sys
Unable to read vhdmp.sys
Unable to read VIAAGP.SYS
Unable to read viac7.sys
Unable to read viaide.sys
Unable to read videoprt.sys
Unable to read volmgr.sys
Unable to read volmgrx.sys
Unable to read volsnap.sys
Unable to read vpnva.sys
Unable to read vsmraid.sys
Unable to read vwifibus.sys
Unable to read vwififlt.sys
Unable to read vwifimp.sys
Unable to read wacompen.sys
Unable to read wanarp.sys
Unable to read watchdog.sys
Unable to read wd.sys
Unable to read Wdf01000.sys
Unable to read WdfLdr.sys
Unable to read wfplwf.sys
Unable to read wimmount.sys
Unable to read winusb.sys
Unable to read wmiacpi.sys
Unable to read wmilib.sys
Unable to read ws2ifsl.sys
Unable to read WSDPrint.sys
Unable to read WSDScan.sys
Unable to read WUDFPf.sys
Unable to read WUDFRd.sys


-=E.O.F=-




FRST.txt:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by *****(administrator) on *****-PC on 07-07-2014 01:54:45
Running from C:\Users\*****\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
() C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MSIService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
() C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
() C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Micro-Star International Co., Ltd.) C:\Program Files\System Control Manager\MGSysCtrl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(CyberLink Corp.) C:\Program Files\CyberLink\YouCam\YouCamTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(CANON INC.) C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(1und1 Mail und Media GmbH) C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [MGSysCtrl] => C:\Program Files\System Control Manager\MGSysCtrl.exe [2064384 2009-08-05] (Micro-Star International Co., Ltd.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1541416 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [PDVD9LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirror Tray icon] => C:\Program Files\CyberLink\YouCam\YouCamTray.exe [171104 2010-02-10] (CyberLink Corp.)
HKLM\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-04] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [527864 2012-12-10] (Cisco Systems, Inc.)
HKLM\...\Run: [MailCheck IE Broker] => C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1810496 2014-04-24] (1und1 Mail und Media GmbH)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-05-09] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Anna Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Anna Schröder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://suche.web.de/webhp?src=br_startpage_ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {29684CFD-8CF8-477C-B5DD-D316698CC245} URL = hxxp://go.mail.com/tb/en-us/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {4480DF41-E315-4A99-9736-88E977EF4CF5} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&origin=searchplugin
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
SearchScopes: HKCU - {E9EC7059-435D-4A4F-9E8D-7C02A139395C} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?q={searchTerms}&enc=UTF-8
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} https://asavpn-cluster-1.hrz.uni-bielefeld.de/CACHE/stc/1/binaries/vpnweb.cab
DPF: {85C86CCC-2158-4123-9C7D-785190CED875} hxxp://www.digitalpublishing.de/launcher/dpLaunchPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @mytalkpal.com/ffplugin - C:\Program Files\Talkpal\Speech Plugin For EF\npTalkpalPlugin.dll No File
FF Plugin: @t-immersion.com/DFusionHomeWebPlugIn - C:\Program Files\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: go.mail.ru
CHR DefaultSearchProvider: Поиск@Mail.Ru
CHR DefaultSearchURL: hxxp://go.mail.ru/search?q={searchTerms}&fr=chrome
CHR DefaultNewTabURL:
CHR Extension: (Google Wallet) - C:\Users\Anna Schröder\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-12]
CHR HKLM\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\*****\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.24.0.crx [2014-05-12]
CHR HKLM\...\Chrome\Extension: [ieadcoanfjloocmfafkebdnfefmohngj] - C:\Program Files\BonanzaDeals\BonanzaDeals.crx [2014-05-12]

========================== Services (Whitelisted) =================

Locked "8a6a6eefe4cb1615" service could not be unlocked. <===== ATTENTION

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-04] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 Guard.Mail.ru; C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe [6989856 2014-07-06] ()
R2 Micro Star SCM; C:\Program Files\System Control Manager\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-27] ()
R2 syshost32; C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe [99328 2014-06-24] () [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [479224 2012-12-10] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] () [File not signed]
R0 ACPI; C:\Windows\System32\drivers\ACPI.sys [274304 2010-11-20] () [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [10240 2010-11-20] () [File not signed]
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-10] () [File not signed]
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [422976 2009-07-14] () [File not signed]
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [297552 2009-07-14] () [File not signed]
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [146512 2009-07-14] () [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [338944 2013-09-14] () [File not signed]
S3 agp440; C:\Windows\system32\drivers\agp440.sys [53312 2009-07-14] () [File not signed]
S3 aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [70720 2009-07-14] () [File not signed]
S3 aliide; C:\Windows\system32\drivers\aliide.sys [14400 2009-07-14] () [File not signed]
S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [53312 2009-07-14] () [File not signed]
S3 amdide; C:\Windows\system32\drivers\amdide.sys [14912 2009-07-14] () [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [55296 2009-07-14] () [File not signed]
S3 AmdPPM; C:\Windows\system32\DRIVERS\amdppm.sys [52736 2009-07-14] () [File not signed]
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [80256 2011-03-11] () [File not signed]
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [159312 2009-07-14] () [File not signed]
R0 amdxata; C:\Windows\System32\drivers\amdxata.sys [22400 2011-03-11] () [File not signed]
S3 androidusb; C:\Windows\System32\Drivers\ssadadb.sys [30312 2011-05-13] () [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [50176 2010-11-20] () [File not signed]
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [76368 2009-07-14] () [File not signed]
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [86608 2009-07-14] () [File not signed]
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [17920 2009-07-14] () [File not signed]
S3 atapi; C:\Windows\system32\drivers\atapi.sys [21584 2009-07-14] () [File not signed]
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] () [File not signed]
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-02] () [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbdx.sys [430080 2009-07-14] () [File not signed]
S3 b57nd60x; C:\Windows\System32\DRIVERS\b57nd60x.sys [229888 2009-07-14] () [File not signed]
R1 Beep; C:\Windows\system32\Drivers\Beep.sys [6144 2009-07-14] () [File not signed]
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [35328 2009-07-14] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [69632 2011-02-23] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [13568 2009-07-14] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [5248 2009-07-14] () [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [78336 2009-07-14] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [272128 2009-07-14] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [62336 2009-07-14] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [12160 2009-07-14] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [11904 2009-07-14] () [File not signed]
R3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [34816 2009-07-14] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [56320 2009-07-14] () [File not signed]
R3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [93696 2009-07-14] () [File not signed]
S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [392704 2009-07-14] () [File not signed]
R3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [58880 2009-07-14] () [File not signed]
R3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [86056 2009-07-01] () [File not signed]
R3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [108072 2009-07-01] () [File not signed]
R3 btwl2cap; C:\Windows\System32\DRIVERS\btwl2cap.sys [29472 2009-04-07] () [File not signed]
R3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [18344 2009-07-01] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [70656 2009-07-14] () [File not signed]
S3 cdrom; C:\Windows\system32\drivers\cdrom.sys [108544 2010-11-20] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [37888 2009-07-14] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] () [File not signed]
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [14080 2009-07-14] () [File not signed]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [15952 2009-07-14] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [369848 2013-07-04] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [19024 2009-07-14] () [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [31232 2010-11-20] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [22096 2009-07-14] () [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [78336 2010-11-20] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [32256 2009-07-14] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [57424 2009-07-14] () [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5120 2009-07-14] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [729024 2013-08-01] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbdx.sys [3100160 2009-07-14] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [453712 2009-07-14] () [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [7168 2009-07-14] () [File not signed]
S3 exfat; C:\Windows\system32\Drivers\exfat.sys [142336 2009-07-14] () [File not signed]
S3 fastfat; C:\Windows\system32\Drivers\fastfat.sys [148480 2009-07-14] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [25088 2009-07-14] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [58448 2009-07-14] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [28160 2009-07-14] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [19968 2009-07-14] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [198208 2009-07-14] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [46160 2009-07-14] () [File not signed]
U0 Fs_Rec; C:\Windows\system32\Drivers\Fs_Rec.sys [19824 2012-03-01] () [File not signed]
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [196328 2013-01-24] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [57936 2009-07-14] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [26624 2009-07-14] () [File not signed]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [304128 2010-11-20] () [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [108544 2010-11-20] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [21504 2009-07-14] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [91136 2009-07-14] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [37888 2009-07-14] () [File not signed]
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2010-11-20] () [File not signed]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [67152 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513536 2010-11-20] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14208 2010-11-20] () [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [80896 2009-07-14] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [330264 2009-06-04] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [332160 2011-03-11] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [9024512 2010-08-25] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] () [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [2745760 2009-08-05] () [File not signed]
R3 IntcHdmiAddService; C:\Windows\System32\drivers\IntcHdmi.sys [122368 2009-05-26] () [File not signed]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [15424 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [65536 2010-11-20] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [46656 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [234432 2014-02-04] () [File not signed]
R3 kbdclass; C:\Windows\system32\drivers\kbdclass.sys [42576 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [28160 2010-11-20] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67520 2014-04-12] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [136640 2014-04-12] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\system32\drivers\mouclass.sys [41552 2009-07-14] () [File not signed]
S3 mouhid; C:\Windows\system32\DRIVERS\mouhid.sys [26112 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78208 2010-11-20] () [File not signed]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [130432 2010-11-20] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2013-07-04] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123904 2011-04-27] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [223744 2011-07-09] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [96768 2011-04-27] () [File not signed]
S3 msahci; C:\Windows\system32\drivers\msahci.sys [28032 2010-11-20] () [File not signed]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [116096 2010-11-20] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] () [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [13888 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [28240 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [712048 2012-08-22] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [46080 2010-11-20] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2010-11-20] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48640 2010-11-20] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2010-11-20] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1212352 2014-01-24] () [File not signed]
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [117120 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [143744 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [105024 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [62464 2009-07-14] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56176 2012-03-17] () [File not signed]
S2 Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\drivers\pci.sys [153984 2010-11-20] () [File not signed]
S3 pciide; C:\Windows\system32\drivers\pciide.sys [12368 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [242688 2010-11-20] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2010-11-20] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [183808 2012-04-28] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173440 2010-11-20] () [File not signed]
R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [129536 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [167424 2009-06-24] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [167936 2009-05-22] () [File not signed]
R3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1009184 2010-04-01] () [File not signed]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [85376 2010-11-20] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2010-11-20] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-13] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [11264 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [12288 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [12800 2010-11-20] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] () [File not signed]
S3 sisagp; C:\Windows\system32\drivers\sisagp.sys [52304 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [311808 2011-04-29] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [310272 2011-04-29] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [114688 2011-04-29] () [File not signed]
S3 ssadbus; C:\Windows\System32\DRIVERS\ssadbus.sys [121064 2011-05-13] () [File not signed]
S3 ssadmdfl; C:\Windows\System32\DRIVERS\ssadmdfl.sys [12776 2011-05-13] () [File not signed]
S3 ssadmdm; C:\Windows\System32\DRIVERS\ssadmdm.sys [136808 2011-05-13] () [File not signed]
S3 ssadserd; C:\Windows\System32\DRIVERS\ssadserd.sys [114280 2011-05-13] () [File not signed]
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-05-29] (Avira GmbH)
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12240 2009-07-14] () [File not signed]
R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [212656 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1294272 2014-04-05] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1294272 2014-04-05] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [35328 2012-10-03] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [18432 2010-11-20] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24576 2012-02-17] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74752 2010-11-20] () [File not signed]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [53120 2010-11-20] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [31232 2013-06-15] () [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [52224 2010-11-20] () [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2010-11-20] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2010-11-20] () [File not signed]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [57424 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [39936 2010-11-20] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] () [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [86016 2013-07-12] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [43520 2013-11-27] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2013-11-27] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2013-11-27] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [36352 2013-07-03] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [76288 2011-03-11] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [24064 2013-11-27] () [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [146176 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [32832 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [160128 2010-11-20] () [File not signed]
S3 viaagp; C:\Windows\system32\drivers\viaagp.sys [53328 2009-07-14] () [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [16976 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [53120 2010-11-20] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [245632 2010-11-20] () [File not signed]
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva.sys [23976 2012-12-10] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] () [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [14336 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2010-11-20] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [527064 2013-06-26] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [35968 2010-11-20] () [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [11264 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [17920 2009-07-14] () [File not signed]
S3 WSDScan; C:\Windows\system32\drivers\WSDScan.sys [20480 2009-07-14] () [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [66560 2012-07-26] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [155136 2012-07-26] () [File not signed]
U5 8a6a6eefe4cb1615; C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys [37888 2014-06-24] () <===== ATTENTION Necurs Rootkit?
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [25168 2009-07-14] () [File not signed]
S3 catchme; \??\C:\Users\ANNASC~1\AppData\Local\Temp\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-07 01:54 - 2014-07-07 01:55 - 00041131 _____ () C:\Users\*****\Desktop\FRST.txt
2014-07-07 01:54 - 2014-07-07 01:54 - 00000000 ____D () C:\FRST
2014-07-07 01:52 - 2014-07-07 01:52 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-07-07 01:48 - 2014-07-07 01:49 - 00003582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-07-07 01:48 - 2014-07-07 01:48 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-07-07 01:46 - 2014-07-07 01:46 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-07-06 22:16 - 2014-07-06 22:16 - 00103680 _____ (GMER) C:\fwkdrfoc.sys
2014-06-24 00:18 - 2014-06-24 00:18 - 00037888 _____ () C:\Windows\system32\Drivers\8a6a6eefe4cb1615.sys
2014-06-23 22:43 - 2014-06-23 22:43 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SketchUp
2014-06-23 22:42 - 2014-06-23 22:42 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-06-23 22:40 - 2014-06-23 22:40 - 00000000 ____D () C:\ProgramData\SketchUp
2014-06-18 16:03 - 2014-06-18 16:03 - 00146600 _____ () C:\Windows\Minidump\061814-26832-01.dmp
2014-06-11 13:32 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 13:32 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 13:32 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 13:32 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 13:32 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 13:32 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 13:32 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 13:32 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 13:32 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 13:32 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 13:32 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 13:32 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 13:32 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 13:32 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 13:32 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 13:32 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 13:32 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 13:32 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 13:32 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 13:32 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 13:32 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 13:32 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 13:32 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 13:32 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 13:32 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 13:32 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 13:31 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 13:31 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 13:30 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 13:30 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 13:30 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 13:30 - 2014-04-05 04:25 - 01294272 _____ () C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 13:30 - 2014-04-05 04:24 - 00187840 _____ () C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 13:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 13:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 13:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 13:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-07 01:55 - 2014-07-07 01:54 - 00041131 _____ () C:\Users\*****\Desktop\FRST.txt
2014-07-07 01:55 - 2012-11-21 00:05 - 00000000 ____D () C:\Users\*****\AppData\Local\Mail.Ru
2014-07-07 01:54 - 2014-07-07 01:54 - 00000000 ____D () C:\FRST
2014-07-07 01:52 - 2014-07-07 01:52 - 01074688 _____ (Farbar) C:\Users\*****\Desktop\FRST.exe
2014-07-07 01:49 - 2014-07-07 01:48 - 00003582 _____ () C:\Users\*****\Desktop\defogger_disable.log
2014-07-07 01:48 - 2014-07-07 01:48 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-07-07 01:48 - 2010-09-30 20:40 - 00000000 ____D () C:\Users\*****
2014-07-07 01:46 - 2014-07-07 01:46 - 00050477 _____ () C:\Users\*****\Desktop\Defogger.exe
2014-07-07 01:26 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-07 01:06 - 2013-05-03 22:34 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 01:04 - 2014-02-14 01:04 - 00000314 _____ () C:\Windows\Tasks\Digital Sites.job
2014-07-07 01:04 - 2013-10-07 23:01 - 00000314 _____ () C:\Windows\Tasks\DigitalSite.job
2014-07-07 01:00 - 2013-02-20 11:53 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-07 00:45 - 2009-07-14 06:34 - 00009920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-07 00:45 - 2009-07-14 06:34 - 00009920 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-07 00:39 - 2013-02-20 11:53 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-07 00:39 - 2010-09-30 20:40 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HomeCinema
2014-07-07 00:38 - 2013-05-27 19:51 - 00012172 _____ () C:\Windows\setupact.log
2014-07-07 00:38 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-07 00:04 - 2013-10-08 00:01 - 00000038 _____ () C:\Users\*****\AppData\Roaming\WB.CFG
2014-07-06 22:16 - 2014-07-06 22:16 - 00103680 _____ (GMER) C:\fwkdrfoc.sys
2014-07-06 22:13 - 2013-05-29 18:35 - 00215558 _____ () C:\Windows\PFRO.log
2014-07-06 21:44 - 2012-11-21 00:10 - 00000000 ____D () C:\ProgramData\Guard.Mail.Ru
2014-07-06 21:42 - 2011-11-10 22:47 - 01788614 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 21:41 - 2013-05-14 22:12 - 00045568 _____ () C:\Users\*****\Documents\Arbeit OnlineMedia.wps
2014-07-06 21:38 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-04 23:07 - 2013-05-29 21:12 - 00097648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-01 19:29 - 2011-02-20 23:00 - 00041218 _____ () C:\Users\*****\AppData\Roaming\wklnhst.dat
2014-07-01 19:28 - 2013-05-20 16:31 - 00000000 ____D () C:\Users\*****\Documents\Suchex
2014-06-26 23:45 - 2013-10-09 21:08 - 00000000 ____D () C:\Users\*****\Downloads\Audiobücher
2014-06-25 11:14 - 2013-12-27 15:31 - 00000000 ____D () C:\Users\*****\Documents\Calibre Library
2014-06-25 01:37 - 2013-12-27 03:07 - 00000936 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-06-25 01:37 - 2013-12-27 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2014-06-25 01:36 - 2013-12-27 03:06 - 00000000 ____D () C:\Program Files\Calibre2
2014-06-24 00:18 - 2014-06-24 00:18 - 00037888 _____ () C:\Windows\system32\Drivers\8a6a6eefe4cb1615.sys
2014-06-23 22:43 - 2014-06-23 22:43 - 00000000 ____D () C:\Users\*****\AppData\Roaming\SketchUp
2014-06-23 22:42 - 2014-06-23 22:42 - 00003120 _____ () C:\Windows\system32\ALLFSAF14a.ocx
2014-06-23 22:40 - 2014-06-23 22:40 - 00000000 ____D () C:\ProgramData\SketchUp
2014-06-21 00:42 - 2009-09-04 18:53 - 00393064 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-19 17:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-18 16:04 - 2014-05-02 00:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-18 16:03 - 2014-06-18 16:03 - 00146600 _____ () C:\Windows\Minidump\061814-26832-01.dmp
2014-06-18 16:03 - 2013-09-03 14:35 - 290608158 _____ () C:\Windows\MEMORY.DMP
2014-06-18 16:03 - 2011-05-16 15:05 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 13:55 - 2013-08-20 21:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-18 13:50 - 2009-09-17 15:31 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-15 22:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-15 21:30 - 2014-04-25 12:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 23:06 - 2013-12-27 15:31 - 00000000 ____D () C:\Users\*****\AppData\Local\calibre-cache
2014-06-12 23:05 - 2013-12-27 03:08 - 00000000 ____D () C:\Users\*****\AppData\Roaming\calibre
2014-06-12 01:03 - 2013-05-27 14:51 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-08 10:48 - 2014-06-11 13:30 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-11 13:30 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\*****\AppData\Local\temp\2sysconf.exe
C:\Users\*****\AppData\Local\temp\avgnt.exe
C:\Users\*****\AppData\Local\temp\jre-7u51-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\temp\jre-7u60-windows-i586-iftw.exe
C:\Users\*****\AppData\Local\temp\NativeUtilities0.dll
C:\Users\*****\AppData\Local\temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\*****\AppData\Local\temp\WEB.DE_Toolbar_IE_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2011-07-03 02:44] - [2010-11-20 14:30] - 0245632 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys No Company Name <===== ATTENTION!



LastRegBack: 2014-06-28 20:57

==================== End Of Log ============================



Addition.txt:



Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by ***** at 2014-07-07 01:56:15
Running from C:\Users\***** \Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 11 (HKLM\...\Adobe Shockwave Player) (Version: 11 - Adobe Systems, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
calibre (HKLM\...\{E0601182-5F00-4513-95D0-AFDCB7A0C658}) (Version: 1.41.0 - Kovid Goyal)
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.11 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.11042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.0.11042 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink PowerDVD 9 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1719 - CyberLink Corp.)
CyberLink PowerDVD 9 (Version: 9.0.1719 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2609 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.2609 - CyberLink Corp.) Hidden
Download Accelerator Packages (HKCU\...\Download Accelerator Packages) (Version: - ) <==== ATTENTION
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Guard.Mail.ru (HKLM\...\Guard.Mail.ru) (Version: 1.0.0.453 - Mail.ru) <==== ATTENTION
Image Editor Packages (HKCU\...\Image Editor Packages) (Version: - ) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lidl-Fotos (HKLM\...\Lidl-Fotos_is1) (Version: - )
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Qtrax Player (HKLM\...\{89505A66-35F0-4401-B3AD-D077051F8698}) (Version: 01.001.0001 - Qtrax)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30094 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM\...\{9D3D8C60-A55F-4fed-B2B9-173F09590E16}) (Version: 1.00.0145 - REALTEK Semiconductor Corp.)
Roadster for Windows Beta 3 (HKLM\...\Roadster for Windows Beta 3) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
System Control Manager (HKLM\...\{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}) (Version: 2.209.0805.OE005.02 - Micro-Star International Co., Ltd.)
Total Immersion D'Fusion @Home Web Plug-In (HKLM\...\D'Fusion @Home Web Plug-In) (Version: - Total Immersion)
Update for Image Editor (HKCU\...\DigitalSite) (Version: - ) <==== ATTENTION
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WEB.DE Desktop Icons (HKLM\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
WEB.DE MailCheck für Internet Explorer (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
WEB.DE Softwareaktualisierung (HKLM\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Кулинарный Блокнот, версия 0.7.4 (HKLM\...\Кулинарный Блокнот_is1) (Version: 0.7.4 - Maxxi Soft)

==================== Restore Points =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2013-05-29 18:29 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {25B9D6E4-92C2-45CC-81B5-1D196BDB3860} - System32\Tasks\DealPly => C:\Users\ANNASC~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {2879A743-CC3F-4B6A-9CFC-79AC1E31A869} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2B2DD82F-66C8-4AEE-93B4-B9EE5846F128} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {367C0385-6C17-4B48-93CF-3880F18C6C7A} - System32\Tasks\DigitalSite => C:\Users\***** \AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {5040A2B1-2F43-41FC-B4C2-87A89FEB003C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {552477B5-0143-4D50-B9B6-B44DEE3D9222} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-15] (Microsoft Corporation)
Task: {5C1D5F3D-361A-4DA3-8054-4B851F350CA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-15] (Microsoft Corporation)
Task: {5FA78D2C-E437-43DF-93A5-D8573E520754} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {7BF3A44C-B76B-4F4B-BAA4-931A918B59D5} - System32\Tasks\Registration 1und1 Task => C:\Program Files\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {8E028077-6A10-4C41-ADF4-59B76CF052F7} - System32\Tasks\4792 => Wscript.exe C:\Users\ANNASC~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {94C05804-4549-4F01-A3B2-FF16E115324E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-15] (Microsoft Corporation)
Task: {BB6C26BE-0285-44A9-A103-11A2D5DB2BF2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {C038ED19-ED35-4D95-BF4D-AB0959A94A1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {C0F4EF46-A7CF-4E52-97AE-D36B34CD07A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {F574264E-E877-48AA-95F3-1BE3F69AA255} - System32\Tasks\Digital Sites => C:\Users\ANNASC~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F9C21999-028E-4D72-BC6A-3DD9351693D8} - System32\Tasks\1und1 Konfiguration => C:\ProgramData\1und1InternetExplorerAddon\ConfigTask.exe [2011-04-19] (1und1 Mail und Media GmbH)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\***** ~1\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\***** ~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-09 21:31 - 2013-03-19 06:48 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:11 - 2009-07-14 03:16 - 00033280 _____ () c:\windows\system32\pcwum.dll
2014-04-25 12:23 - 2013-10-31 18:14 - 00077992 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2012-11-21 00:04 - 2014-07-06 21:45 - 06989856 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
2009-09-17 15:12 - 2009-04-27 12:22 - 00271760 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2014-02-06 23:34 - 2014-02-06 23:34 - 00052608 _____ () C:\Program Files\Mail.Ru\Guard\GuardMailRu.dll
2009-07-01 18:03 - 2009-07-01 18:03 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-06-15 21:11 - 2014-06-15 21:11 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2011-01-17 16:19 - 2011-05-10 00:16 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: ssmdrv
Description: ssmdrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ssmdrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.


Kontext:
Volumename: \\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\

Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)". hr = 0x80070005, Zugriff verweigert
.

Error: (07/07/2014 01:52:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:13 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:10 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator


System errors:
=============
Error: (07/07/2014 01:51:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Software Protection" wurde mit folgendem Fehler beendet:
%%5

Error: (07/07/2014 01:49:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/07/2014 01:39:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/07/2014 01:29:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/07/2014 01:19:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/07/2014 01:09:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/07/2014 00:59:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/07/2014 00:49:49 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/07/2014 00:40:18 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ssmdrv

Error: (07/07/2014 00:40:19 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.


Microsoft Office Sessions:
=========================
Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)0x80070005, Zugriff verweigert


Kontext:
Volumename: \\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\

Error: (07/07/2014 01:57:00 AM) (Source: VSS) (EventID: 12289) (User: )
Description: CreateFileW(\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963},0xc0000000,0x00000003,...)0x80070005, Zugriff verweigert

Error: (07/07/2014 01:52:38 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:34 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:19 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:18 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:16 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:13 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:10 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator

Error: (07/07/2014 01:52:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Error calling CreateFile on volume '\\?\Volume{adb270e7-ccc0-11df-a00b-806e6f6e6963}\'0x80070005, Zugriff verweigert


Vorgang:
Überprüfen, ob das Volume vom Anbieter unterstützt wird
Volume einem Schattenkopiesatz hinzufügen

Kontext:
Ausführungskontext: Coordinator
Anbieter-ID: {00000000-0000-0000-0000-000000000000}
Volumename: C:\
Ausführungskontext: Coordinator


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 2011.16 MB
Available physical RAM: 801.59 MB
Total Pagefile: 4022.32 MB
Available Pagefile: 2334.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.95 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:434.66 GB) (Free:372.51 GB) NTFS
Drive d: (Recovery) (Fixed) (Total:30 GB) (Free:11.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=435 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================




gmer:

da habe ich leider den Fehler gemacht, da ich das Programm bereits auf meinem Rechner hatte, es durchscannen zu lassen bevor ich mich an euch gewendet habe. Dabei habe ich zu Anfang nicht auf NEIN gedrückt. Es wurde ein Bericht erstellt, den ich allerdings nicht abgespeichert habe. Habe es jetzt noch mal laufen lassen, und nun wird kein Bericht erstellt.
Wie kann ich das ändern?

Bitte um eure Hilfe.

Alt 07.07.2014, 06:13   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Adware & Co. deinstallieren
  • Lade Dir bitte von hier Revo Uninstaller herunter.
  • Installiere und starte das Programm.
  • Suche im Uninstallerfeld nach den Programmen, die unter:

    diesen Zusatz haben:
  • Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 07.07.2014, 15:31   #3
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Hallo Schrauber,

vielen Dank für deine Hilfe. Ich hoffe, dass ich alles richtig gemacht habe.


Code:
ATTFilter
16:13:07.0325 0x2088  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
16:13:35.0499 0x2088  ============================================================
16:13:35.0499 0x2088  Current date / time: 2014/07/07 16:13:35.0499
16:13:35.0499 0x2088  SystemInfo:
16:13:35.0499 0x2088  
16:13:35.0499 0x2088  OS Version: 6.1.7601 ServicePack: 1.0
16:13:35.0499 0x2088  Product type: Workstation
16:13:35.0499 0x2088  ComputerName: *****-PC
16:13:35.0499 0x2088  UserName: *****
16:13:35.0499 0x2088  Windows directory: C:\Windows
16:13:35.0499 0x2088  System windows directory: C:\Windows
16:13:35.0499 0x2088  Processor architecture: Intel x86
16:13:35.0499 0x2088  Number of processors: 2
16:13:35.0499 0x2088  Page size: 0x1000
16:13:35.0499 0x2088  Boot type: Normal boot
16:13:35.0499 0x2088  ============================================================
16:13:35.0998 0x2088  KLMD registered as C:\Windows\system32\drivers\79481579.sys
16:14:41.0877 0x2088  System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
16:14:42.0485 0x2088  !crdlk
16:14:42.0688 0x2088  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
16:14:42.0704 0x2088  ============================================================
16:14:42.0704 0x2088  \Device\Harddisk0\DR0:
16:14:42.0704 0x2088  MBR partitions:
16:14:42.0704 0x2088  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:14:42.0704 0x2088  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
16:14:42.0704 0x2088  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
16:14:42.0704 0x2088  ============================================================
16:14:42.0735 0x2088  C: <-> \Device\Harddisk0\DR0\Partition2
16:14:42.0782 0x2088  D: <-> \Device\Harddisk0\DR0\Partition3
16:14:42.0782 0x2088  ============================================================
16:14:42.0782 0x2088  Initialize success
16:14:42.0782 0x2088  ============================================================
16:16:11.0811 0x2280  ============================================================
16:16:11.0811 0x2280  Scan started
16:16:11.0811 0x2280  Mode: Manual; SigCheck; TDLFS; 
16:16:11.0811 0x2280  ============================================================
16:16:11.0811 0x2280  KSN ping started
16:16:14.0682 0x2280  KSN ping finished: true
16:16:15.0852 0x2280  ================ Scan system memory ========================
16:16:15.0852 0x2280  System memory - ok
16:16:15.0852 0x2280  ================ Scan services =============================
16:16:16.0132 0x2280  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:16:16.0320 0x2280  1394ohci - ok
16:16:16.0351 0x2280  Suspicious service (NoAccess): 8a6a6eefe4cb1615
16:16:16.0398 0x2280  [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
16:16:16.0398 0x2280  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
16:16:16.0444 0x2280  8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
16:16:19.0533 0x2280  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
16:16:19.0533 0x2280  Force sending object to P2P due to detect: 8a6a6eefe4cb1615
16:16:23.0574 0x2280  Object send P2P result: false
16:16:26.0569 0x2280  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:16:26.0616 0x2280  ACPI - ok
16:16:26.0662 0x2280  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:16:26.0725 0x2280  AcpiPmi - ok
16:16:26.0787 0x2280  [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
16:16:26.0834 0x2280  acsock - ok
16:16:26.0959 0x2280  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:16:26.0974 0x2280  AdobeARMservice - ok
16:16:27.0115 0x2280  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:16:27.0130 0x2280  AdobeFlashPlayerUpdateSvc - ok
16:16:27.0224 0x2280  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:16:27.0286 0x2280  adp94xx - ok
16:16:27.0349 0x2280  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:16:27.0396 0x2280  adpahci - ok
16:16:27.0442 0x2280  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:16:27.0474 0x2280  adpu320 - ok
16:16:27.0567 0x2280  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:16:27.0614 0x2280  AeLookupSvc - ok
16:16:27.0692 0x2280  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
16:16:27.0770 0x2280  AFD - ok
16:16:27.0848 0x2280  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
16:16:27.0864 0x2280  agp440 - ok
16:16:27.0957 0x2280  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
16:16:27.0988 0x2280  aic78xx - ok
16:16:28.0066 0x2280  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
16:16:28.0098 0x2280  ALG - ok
16:16:28.0160 0x2280  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:16:28.0191 0x2280  aliide - ok
16:16:28.0254 0x2280  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:16:28.0285 0x2280  amdagp - ok
16:16:28.0347 0x2280  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:16:28.0363 0x2280  amdide - ok
16:16:28.0425 0x2280  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:16:28.0472 0x2280  AmdK8 - ok
16:16:28.0503 0x2280  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:16:28.0534 0x2280  AmdPPM - ok
16:16:28.0628 0x2280  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:16:28.0659 0x2280  amdsata - ok
16:16:28.0737 0x2280  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:16:28.0768 0x2280  amdsbs - ok
16:16:28.0800 0x2280  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:16:28.0846 0x2280  amdxata - ok
16:16:28.0893 0x2280  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
16:16:28.0956 0x2280  androidusb - ok
16:16:29.0080 0x2280  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:16:29.0127 0x2280  AntiVirSchedulerService - ok
16:16:29.0236 0x2280  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:16:29.0268 0x2280  AntiVirService - ok
16:16:29.0330 0x2280  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
16:16:29.0470 0x2280  AppID - ok
16:16:29.0533 0x2280  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:16:29.0595 0x2280  AppIDSvc - ok
16:16:29.0673 0x2280  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
16:16:29.0736 0x2280  Appinfo - ok
16:16:29.0814 0x2280  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:16:29.0845 0x2280  arc - ok
16:16:29.0892 0x2280  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:16:29.0923 0x2280  arcsas - ok
16:16:30.0063 0x2280  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:16:30.0094 0x2280  aspnet_state - ok
16:16:30.0141 0x2280  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:16:30.0235 0x2280  AsyncMac - ok
16:16:30.0313 0x2280  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:16:30.0344 0x2280  atapi - ok
16:16:30.0438 0x2280  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:16:30.0547 0x2280  AudioEndpointBuilder - ok
16:16:30.0609 0x2280  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:16:30.0672 0x2280  Audiosrv - ok
16:16:30.0781 0x2280  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
16:16:30.0812 0x2280  avgntflt - ok
16:16:30.0890 0x2280  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
16:16:30.0921 0x2280  avipbb - ok
16:16:30.0984 0x2280  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
16:16:30.0999 0x2280  avkmgr - ok
16:16:31.0093 0x2280  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:16:31.0140 0x2280  AxInstSV - ok
16:16:31.0218 0x2280  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
16:16:31.0296 0x2280  b06bdrv - ok
16:16:31.0358 0x2280  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
16:16:31.0405 0x2280  b57nd60x - ok
16:16:31.0530 0x2280  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
16:16:31.0576 0x2280  BDESVC - ok
16:16:31.0639 0x2280  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:16:31.0701 0x2280  Beep - ok
16:16:31.0810 0x2280  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
16:16:31.0904 0x2280  BFE - ok
16:16:31.0998 0x2280  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
16:16:32.0091 0x2280  BITS - ok
16:16:32.0154 0x2280  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:16:32.0200 0x2280  blbdrive - ok
16:16:32.0310 0x2280  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:16:32.0356 0x2280  bowser - ok
16:16:32.0419 0x2280  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:16:32.0481 0x2280  BrFiltLo - ok
16:16:32.0528 0x2280  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:16:32.0559 0x2280  BrFiltUp - ok
16:16:32.0622 0x2280  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
16:16:32.0700 0x2280  BridgeMP - ok
16:16:32.0778 0x2280  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
16:16:32.0824 0x2280  Browser - ok
16:16:32.0887 0x2280  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:16:32.0934 0x2280  Brserid - ok
16:16:32.0980 0x2280  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:16:33.0043 0x2280  BrSerWdm - ok
16:16:33.0090 0x2280  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:16:33.0136 0x2280  BrUsbMdm - ok
16:16:33.0183 0x2280  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:16:33.0246 0x2280  BrUsbSer - ok
16:16:33.0308 0x2280  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:16:33.0402 0x2280  BthEnum - ok
16:16:33.0480 0x2280  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:16:33.0526 0x2280  BTHMODEM - ok
16:16:33.0604 0x2280  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:16:33.0651 0x2280  BthPan - ok
16:16:33.0729 0x2280  [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:16:33.0823 0x2280  BTHPORT - ok
16:16:33.0901 0x2280  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
16:16:33.0963 0x2280  bthserv - ok
16:16:34.0026 0x2280  [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:16:34.0072 0x2280  BTHUSB - ok
16:16:34.0150 0x2280  [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
16:16:34.0166 0x2280  btwaudio - ok
16:16:34.0244 0x2280  [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
16:16:34.0275 0x2280  btwavdt - ok
16:16:34.0369 0x2280  [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:16:34.0431 0x2280  btwdins - ok
16:16:34.0478 0x2280  [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
16:16:34.0494 0x2280  btwl2cap - ok
16:16:34.0556 0x2280  [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
16:16:34.0572 0x2280  btwrchid - ok
16:16:34.0681 0x2280  catchme - ok
16:16:34.0743 0x2280  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:16:34.0821 0x2280  cdfs - ok
16:16:34.0915 0x2280  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:16:34.0962 0x2280  cdrom - ok
16:16:35.0040 0x2280  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:16:35.0164 0x2280  CertPropSvc - ok
16:16:35.0227 0x2280  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:16:35.0289 0x2280  circlass - ok
16:16:35.0367 0x2280  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
16:16:35.0398 0x2280  CLFS - ok
16:16:35.0601 0x2280  [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
16:16:35.0726 0x2280  ClickToRunSvc - ok
16:16:35.0835 0x2280  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:16:35.0866 0x2280  clr_optimization_v2.0.50727_32 - ok
16:16:35.0944 0x2280  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:16:35.0976 0x2280  clr_optimization_v4.0.30319_32 - ok
16:16:36.0038 0x2280  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:16:36.0069 0x2280  CmBatt - ok
16:16:36.0132 0x2280  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:16:36.0147 0x2280  cmdide - ok
16:16:36.0225 0x2280  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
16:16:36.0303 0x2280  CNG - ok
16:16:36.0366 0x2280  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:16:36.0381 0x2280  Compbatt - ok
16:16:36.0459 0x2280  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:16:36.0490 0x2280  CompositeBus - ok
16:16:36.0537 0x2280  COMSysApp - ok
16:16:36.0584 0x2280  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:16:36.0600 0x2280  crcdisk - ok
16:16:36.0693 0x2280  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:16:36.0740 0x2280  CryptSvc - ok
16:16:36.0896 0x2280  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:16:36.0974 0x2280  DcomLaunch - ok
16:16:37.0052 0x2280  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
16:16:37.0114 0x2280  defragsvc - ok
16:16:37.0177 0x2280  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:16:37.0239 0x2280  DfsC - ok
16:16:37.0348 0x2280  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:16:37.0395 0x2280  Dhcp - ok
16:16:37.0426 0x2280  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
16:16:37.0489 0x2280  discache - ok
16:16:37.0551 0x2280  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:16:37.0582 0x2280  Disk - ok
16:16:37.0645 0x2280  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:16:37.0692 0x2280  Dnscache - ok
16:16:37.0754 0x2280  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:16:37.0816 0x2280  dot3svc - ok
16:16:37.0926 0x2280  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
16:16:38.0019 0x2280  DPS - ok
16:16:38.0097 0x2280  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:16:38.0160 0x2280  drmkaud - ok
16:16:38.0269 0x2280  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:16:38.0331 0x2280  DXGKrnl - ok
16:16:38.0409 0x2280  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
16:16:38.0487 0x2280  EapHost - ok
16:16:38.0721 0x2280  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
16:16:38.0986 0x2280  ebdrv - ok
16:16:39.0064 0x2280  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
16:16:39.0111 0x2280  EFS - ok
16:16:39.0236 0x2280  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:16:39.0314 0x2280  ehRecvr - ok
16:16:39.0376 0x2280  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
16:16:39.0423 0x2280  ehSched - ok
16:16:39.0517 0x2280  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:16:39.0579 0x2280  elxstor - ok
16:16:39.0642 0x2280  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:16:39.0673 0x2280  ErrDev - ok
16:16:39.0798 0x2280  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
16:16:39.0891 0x2280  EventSystem - ok
16:16:39.0938 0x2280  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:16:40.0000 0x2280  exfat - ok
16:16:40.0032 0x2280  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:16:40.0110 0x2280  fastfat - ok
16:16:40.0188 0x2280  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
16:16:40.0266 0x2280  Fax - ok
16:16:40.0297 0x2280  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:16:40.0344 0x2280  fdc - ok
16:16:40.0406 0x2280  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
16:16:40.0484 0x2280  fdPHost - ok
16:16:40.0531 0x2280  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:16:40.0593 0x2280  FDResPub - ok
16:16:40.0656 0x2280  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:16:40.0687 0x2280  FileInfo - ok
16:16:40.0734 0x2280  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:16:40.0796 0x2280  Filetrace - ok
16:16:40.0843 0x2280  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:16:40.0874 0x2280  flpydisk - ok
16:16:40.0936 0x2280  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:16:40.0968 0x2280  FltMgr - ok
16:16:41.0108 0x2280  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
16:16:41.0217 0x2280  FontCache - ok
16:16:41.0311 0x2280  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:16:41.0326 0x2280  FontCache3.0.0.0 - ok
16:16:41.0389 0x2280  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:16:41.0420 0x2280  FsDepends - ok
16:16:41.0467 0x2280  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:16:41.0482 0x2280  Fs_Rec - ok
16:16:41.0560 0x2280  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:16:41.0607 0x2280  fvevol - ok
16:16:41.0670 0x2280  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:16:41.0685 0x2280  gagp30kx - ok
16:16:41.0794 0x2280  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:16:41.0935 0x2280  gpsvc - ok
16:16:42.0060 0x2280  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
16:16:42.0075 0x2280  gupdate - ok
16:16:42.0138 0x2280  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
16:16:42.0153 0x2280  gupdatem - ok
16:16:42.0200 0x2280  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:16:42.0247 0x2280  hcw85cir - ok
16:16:42.0325 0x2280  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:16:42.0403 0x2280  HdAudAddService - ok
16:16:42.0450 0x2280  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:16:42.0496 0x2280  HDAudBus - ok
16:16:42.0559 0x2280  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:16:42.0606 0x2280  HidBatt - ok
16:16:42.0684 0x2280  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:16:42.0730 0x2280  HidBth - ok
16:16:42.0777 0x2280  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:16:42.0824 0x2280  HidIr - ok
16:16:42.0886 0x2280  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
16:16:42.0949 0x2280  hidserv - ok
16:16:43.0011 0x2280  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:16:43.0074 0x2280  HidUsb - ok
16:16:43.0152 0x2280  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:16:43.0214 0x2280  hkmsvc - ok
16:16:43.0292 0x2280  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:16:43.0339 0x2280  HomeGroupListener - ok
16:16:43.0401 0x2280  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:16:43.0464 0x2280  HomeGroupProvider - ok
16:16:43.0526 0x2280  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:16:43.0542 0x2280  HpSAMD - ok
16:16:43.0651 0x2280  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:16:43.0744 0x2280  HTTP - ok
16:16:43.0822 0x2280  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:16:43.0838 0x2280  hwpolicy - ok
16:16:43.0932 0x2280  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:16:43.0963 0x2280  i8042prt - ok
16:16:44.0072 0x2280  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:16:44.0134 0x2280  IAANTMON - ok
16:16:44.0244 0x2280  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:16:44.0275 0x2280  iaStor - ok
16:16:44.0353 0x2280  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:16:44.0400 0x2280  iaStorV - ok
16:16:44.0524 0x2280  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:16:44.0602 0x2280  idsvc - ok
16:16:44.0680 0x2280  IEEtwCollectorService - ok
16:16:45.0180 0x2280  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
16:16:45.0882 0x2280  igfx - ok
16:16:46.0022 0x2280  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:16:46.0038 0x2280  iirsp - ok
16:16:46.0147 0x2280  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:16:46.0240 0x2280  IKEEXT - ok
16:16:46.0474 0x2280  [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:16:46.0630 0x2280  IntcAzAudAddService - ok
16:16:46.0693 0x2280  [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
16:16:46.0755 0x2280  IntcHdmiAddService - ok
16:16:46.0833 0x2280  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:16:46.0849 0x2280  intelide - ok
16:16:46.0911 0x2280  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:16:46.0942 0x2280  intelppm - ok
16:16:47.0036 0x2280  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:16:47.0114 0x2280  IPBusEnum - ok
16:16:47.0176 0x2280  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:16:47.0223 0x2280  IpFilterDriver - ok
16:16:47.0348 0x2280  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:16:47.0426 0x2280  iphlpsvc - ok
16:16:47.0488 0x2280  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:16:47.0535 0x2280  IPMIDRV - ok
16:16:47.0613 0x2280  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:16:47.0676 0x2280  IPNAT - ok
16:16:47.0722 0x2280  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:16:47.0785 0x2280  IRENUM - ok
16:16:47.0847 0x2280  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:16:47.0878 0x2280  isapnp - ok
16:16:47.0941 0x2280  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:16:47.0988 0x2280  iScsiPrt - ok
16:16:48.0050 0x2280  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:16:48.0081 0x2280  kbdclass - ok
16:16:48.0128 0x2280  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:16:48.0159 0x2280  kbdhid - ok
16:16:48.0222 0x2280  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
16:16:48.0237 0x2280  KeyIso - ok
16:16:48.0315 0x2280  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:16:48.0331 0x2280  KSecDD - ok
16:16:48.0378 0x2280  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:16:48.0409 0x2280  KSecPkg - ok
16:16:48.0502 0x2280  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:16:48.0596 0x2280  KtmRm - ok
16:16:48.0674 0x2280  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
16:16:48.0752 0x2280  LanmanServer - ok
16:16:48.0814 0x2280  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:16:48.0877 0x2280  LanmanWorkstation - ok
16:16:48.0986 0x2280  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:16:49.0048 0x2280  lltdio - ok
16:16:49.0126 0x2280  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:16:49.0189 0x2280  lltdsvc - ok
16:16:49.0267 0x2280  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:16:49.0329 0x2280  lmhosts - ok
16:16:49.0392 0x2280  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:16:49.0423 0x2280  LSI_FC - ok
16:16:49.0470 0x2280  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:16:49.0501 0x2280  LSI_SAS - ok
16:16:49.0548 0x2280  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:16:49.0579 0x2280  LSI_SAS2 - ok
16:16:49.0610 0x2280  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:16:49.0641 0x2280  LSI_SCSI - ok
16:16:49.0719 0x2280  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:16:49.0766 0x2280  luafv - ok
16:16:49.0844 0x2280  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:16:49.0875 0x2280  Mcx2Svc - ok
16:16:49.0922 0x2280  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:16:49.0953 0x2280  megasas - ok
16:16:50.0016 0x2280  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:16:50.0062 0x2280  MegaSR - ok
16:16:50.0140 0x2280  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
16:16:50.0156 0x2280  Micro Star SCM - detected UnsignedFile.Multi.Generic ( 1 )
16:16:53.0151 0x2280  Detect skipped due to KSN trusted
16:16:53.0151 0x2280  Micro Star SCM - ok
16:16:53.0276 0x2280  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
16:16:53.0338 0x2280  MMCSS - ok
16:16:53.0401 0x2280  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
16:16:53.0479 0x2280  Modem - ok
16:16:53.0526 0x2280  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:16:53.0572 0x2280  monitor - ok
16:16:53.0619 0x2280  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\drivers\mouclass.sys
16:16:53.0650 0x2280  mouclass - ok
16:16:53.0697 0x2280  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:16:53.0744 0x2280  mouhid - ok
16:16:53.0806 0x2280  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:16:53.0838 0x2280  mountmgr - ok
16:16:53.0900 0x2280  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:16:53.0931 0x2280  mpio - ok
16:16:53.0994 0x2280  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:16:54.0072 0x2280  mpsdrv - ok
16:16:54.0181 0x2280  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:16:54.0290 0x2280  MpsSvc - ok
16:16:54.0368 0x2280  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:16:54.0415 0x2280  MRxDAV - ok
16:16:54.0493 0x2280  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:16:54.0540 0x2280  mrxsmb - ok
16:16:54.0618 0x2280  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:16:54.0649 0x2280  mrxsmb10 - ok
16:16:54.0696 0x2280  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:16:54.0742 0x2280  mrxsmb20 - ok
16:16:54.0820 0x2280  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:16:54.0836 0x2280  msahci - ok
16:16:54.0883 0x2280  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:16:54.0914 0x2280  msdsm - ok
16:16:54.0976 0x2280  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
16:16:55.0023 0x2280  MSDTC - ok
16:16:55.0117 0x2280  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:16:55.0179 0x2280  Msfs - ok
16:16:55.0226 0x2280  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:16:55.0273 0x2280  mshidkmdf - ok
16:16:55.0335 0x2280  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:16:55.0351 0x2280  msisadrv - ok
16:16:55.0429 0x2280  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:16:55.0491 0x2280  MSiSCSI - ok
16:16:55.0538 0x2280  msiserver - ok
16:16:55.0600 0x2280  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:16:55.0663 0x2280  MSKSSRV - ok
16:16:55.0710 0x2280  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:16:55.0756 0x2280  MSPCLOCK - ok
16:16:55.0803 0x2280  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:16:55.0866 0x2280  MSPQM - ok
16:16:55.0944 0x2280  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:16:55.0990 0x2280  MsRPC - ok
16:16:56.0037 0x2280  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:16:56.0068 0x2280  mssmbios - ok
16:16:56.0115 0x2280  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:16:56.0162 0x2280  MSTEE - ok
16:16:56.0209 0x2280  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:16:56.0240 0x2280  MTConfig - ok
16:16:56.0302 0x2280  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:16:56.0334 0x2280  Mup - ok
16:16:56.0427 0x2280  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
16:16:56.0521 0x2280  napagent - ok
16:16:56.0599 0x2280  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:16:56.0661 0x2280  NativeWifiP - ok
16:16:56.0755 0x2280  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:16:56.0833 0x2280  NDIS - ok
16:16:56.0895 0x2280  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:16:56.0958 0x2280  NdisCap - ok
16:16:57.0004 0x2280  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:16:57.0051 0x2280  NdisTapi - ok
16:16:57.0129 0x2280  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:16:57.0176 0x2280  Ndisuio - ok
16:16:57.0238 0x2280  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:16:57.0301 0x2280  NdisWan - ok
16:16:57.0348 0x2280  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:16:57.0394 0x2280  NDProxy - ok
16:16:57.0441 0x2280  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:16:57.0504 0x2280  NetBIOS - ok
16:16:57.0582 0x2280  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:16:57.0660 0x2280  NetBT - ok
16:16:57.0722 0x2280  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
16:16:57.0738 0x2280  Netlogon - ok
16:16:57.0816 0x2280  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
16:16:57.0909 0x2280  Netman - ok
16:16:57.0972 0x2280  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0003 0x2280  NetMsmqActivator - ok
16:16:58.0034 0x2280  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0081 0x2280  NetPipeActivator - ok
16:16:58.0143 0x2280  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
16:16:58.0237 0x2280  netprofm - ok
16:16:58.0284 0x2280  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0315 0x2280  NetTcpActivator - ok
16:16:58.0346 0x2280  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:16:58.0377 0x2280  NetTcpPortSharing - ok
16:16:58.0424 0x2280  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:16:58.0455 0x2280  nfrd960 - ok
16:16:58.0549 0x2280  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:16:58.0611 0x2280  NlaSvc - ok
16:16:58.0658 0x2280  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:16:58.0720 0x2280  Npfs - ok
16:16:58.0783 0x2280  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
16:16:58.0845 0x2280  nsi - ok
16:16:58.0892 0x2280  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:16:58.0939 0x2280  nsiproxy - ok
16:16:59.0079 0x2280  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:16:59.0173 0x2280  Ntfs - ok
16:16:59.0251 0x2280  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
16:16:59.0313 0x2280  Null - ok
16:16:59.0376 0x2280  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:16:59.0407 0x2280  nvraid - ok
16:16:59.0454 0x2280  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:16:59.0485 0x2280  nvstor - ok
16:16:59.0532 0x2280  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:16:59.0563 0x2280  nv_agp - ok
16:16:59.0594 0x2280  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:16:59.0625 0x2280  ohci1394 - ok
16:16:59.0703 0x2280  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:16:59.0734 0x2280  ose - ok
16:17:00.0093 0x2280  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:17:00.0405 0x2280  osppsvc - ok
16:17:00.0514 0x2280  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:17:00.0577 0x2280  p2pimsvc - ok
16:17:00.0639 0x2280  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:17:00.0702 0x2280  p2psvc - ok
16:17:00.0764 0x2280  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:17:00.0795 0x2280  Parport - ok
16:17:00.0873 0x2280  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:17:00.0904 0x2280  partmgr - ok
16:17:00.0951 0x2280  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
16:17:00.0982 0x2280  Parvdm - ok
16:17:01.0060 0x2280  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:17:01.0107 0x2280  PcaSvc - ok
16:17:01.0170 0x2280  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
16:17:01.0201 0x2280  pci - ok
16:17:01.0248 0x2280  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:17:01.0279 0x2280  pciide - ok
16:17:01.0326 0x2280  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:17:01.0372 0x2280  pcmcia - ok
16:17:01.0435 0x2280  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:17:01.0466 0x2280  pcw - ok
16:17:01.0544 0x2280  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:17:01.0653 0x2280  PEAUTH - ok
16:17:01.0825 0x2280  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
16:17:01.0996 0x2280  pla - ok
16:17:02.0121 0x2280  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:17:02.0184 0x2280  PlugPlay - ok
16:17:02.0277 0x2280  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:17:02.0308 0x2280  PNRPAutoReg - ok
16:17:02.0371 0x2280  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:17:02.0418 0x2280  PNRPsvc - ok
16:17:02.0511 0x2280  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:17:02.0605 0x2280  PolicyAgent - ok
16:17:02.0698 0x2280  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
16:17:02.0776 0x2280  Power - ok
16:17:02.0823 0x2280  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:17:02.0901 0x2280  PptpMiniport - ok
16:17:02.0948 0x2280  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:17:02.0995 0x2280  Processor - ok
16:17:03.0073 0x2280  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:17:03.0120 0x2280  ProfSvc - ok
16:17:03.0182 0x2280  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:17:03.0213 0x2280  ProtectedStorage - ok
16:17:03.0276 0x2280  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:17:03.0338 0x2280  Psched - ok
16:17:03.0447 0x2280  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:17:03.0556 0x2280  ql2300 - ok
16:17:03.0681 0x2280  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:17:03.0712 0x2280  ql40xx - ok
16:17:03.0806 0x2280  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
16:17:03.0868 0x2280  QWAVE - ok
16:17:03.0915 0x2280  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:17:03.0962 0x2280  QWAVEdrv - ok
16:17:04.0024 0x2280  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:17:04.0071 0x2280  RasAcd - ok
16:17:04.0134 0x2280  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:17:04.0180 0x2280  RasAgileVpn - ok
16:17:04.0258 0x2280  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
16:17:04.0352 0x2280  RasAuto - ok
16:17:04.0399 0x2280  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:17:04.0477 0x2280  Rasl2tp - ok
16:17:04.0570 0x2280  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
16:17:04.0664 0x2280  RasMan - ok
16:17:04.0726 0x2280  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:17:04.0773 0x2280  RasPppoe - ok
16:17:04.0820 0x2280  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:17:04.0867 0x2280  RasSstp - ok
16:17:04.0929 0x2280  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:17:05.0007 0x2280  rdbss - ok
16:17:05.0054 0x2280  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:17:05.0101 0x2280  rdpbus - ok
16:17:05.0163 0x2280  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:17:05.0226 0x2280  RDPCDD - ok
16:17:05.0304 0x2280  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:17:05.0350 0x2280  RDPENCDD - ok
16:17:05.0428 0x2280  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:17:05.0491 0x2280  RDPREFMP - ok
16:17:05.0553 0x2280  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:17:05.0600 0x2280  RDPWD - ok
16:17:05.0694 0x2280  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:17:05.0725 0x2280  rdyboost - ok
16:17:05.0818 0x2280  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:17:05.0896 0x2280  RemoteAccess - ok
16:17:05.0974 0x2280  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:17:06.0052 0x2280  RemoteRegistry - ok
16:17:06.0115 0x2280  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:17:06.0162 0x2280  RFCOMM - ok
16:17:06.0286 0x2280  [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:17:06.0318 0x2280  RichVideo - ok
16:17:06.0396 0x2280  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:17:06.0458 0x2280  RpcEptMapper - ok
16:17:06.0520 0x2280  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
16:17:06.0552 0x2280  RpcLocator - ok
16:17:06.0630 0x2280  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
16:17:06.0692 0x2280  RpcSs - ok
16:17:06.0770 0x2280  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:17:06.0832 0x2280  rspndr - ok
16:17:06.0910 0x2280  [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
16:17:06.0942 0x2280  RSUSBSTOR - ok
16:17:07.0004 0x2280  [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
16:17:07.0082 0x2280  RTL8167 - ok
16:17:07.0176 0x2280  [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
16:17:07.0269 0x2280  rtl8192se - ok
16:17:07.0300 0x2280  RtsUIR - ok
16:17:07.0363 0x2280  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
16:17:07.0394 0x2280  SamSs - ok
16:17:07.0472 0x2280  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:17:07.0488 0x2280  sbp2port - ok
16:17:07.0566 0x2280  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:17:07.0644 0x2280  SCardSvr - ok
16:17:07.0690 0x2280  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:17:07.0753 0x2280  scfilter - ok
16:17:07.0862 0x2280  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
16:17:07.0956 0x2280  Schedule - ok
16:17:08.0018 0x2280  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:17:08.0080 0x2280  SCPolicySvc - ok
16:17:08.0143 0x2280  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:17:08.0190 0x2280  SDRSVC - ok
16:17:08.0252 0x2280  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:17:08.0314 0x2280  secdrv - ok
16:17:08.0392 0x2280  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
16:17:08.0455 0x2280  seclogon - ok
16:17:08.0502 0x2280  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
16:17:08.0564 0x2280  SENS - ok
16:17:08.0626 0x2280  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:17:08.0658 0x2280  SensrSvc - ok
16:17:08.0704 0x2280  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:17:08.0736 0x2280  Serenum - ok
16:17:08.0798 0x2280  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:17:08.0845 0x2280  Serial - ok
16:17:08.0907 0x2280  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:17:08.0954 0x2280  sermouse - ok
16:17:09.0079 0x2280  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:17:09.0141 0x2280  SessionEnv - ok
16:17:09.0204 0x2280  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:17:09.0235 0x2280  sffdisk - ok
16:17:09.0266 0x2280  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:17:09.0313 0x2280  sffp_mmc - ok
16:17:09.0344 0x2280  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:17:09.0391 0x2280  sffp_sd - ok
16:17:09.0453 0x2280  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:17:09.0484 0x2280  sfloppy - ok
16:17:09.0640 0x2280  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:17:09.0718 0x2280  SharedAccess - ok
16:17:09.0796 0x2280  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:17:09.0890 0x2280  ShellHWDetection - ok
16:17:09.0952 0x2280  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:17:09.0968 0x2280  sisagp - ok
16:17:10.0030 0x2280  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:17:10.0062 0x2280  SiSRaid2 - ok
16:17:10.0108 0x2280  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:17:10.0140 0x2280  SiSRaid4 - ok
16:17:10.0202 0x2280  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:17:10.0264 0x2280  Smb - ok
16:17:10.0374 0x2280  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:17:10.0405 0x2280  SNMPTRAP - ok
16:17:10.0467 0x2280  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:17:10.0498 0x2280  spldr - ok
16:17:10.0561 0x2280  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
16:17:10.0623 0x2280  Spooler - ok
16:17:10.0842 0x2280  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
16:17:11.0122 0x2280  sppsvc - ok
16:17:11.0232 0x2280  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:17:11.0294 0x2280  sppuinotify - ok
16:17:11.0356 0x2280  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:17:11.0434 0x2280  srv - ok
16:17:11.0466 0x2280  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:17:11.0528 0x2280  srv2 - ok
16:17:11.0575 0x2280  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:17:11.0622 0x2280  srvnet - ok
16:17:11.0700 0x2280  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
16:17:11.0746 0x2280  ssadbus - ok
16:17:11.0793 0x2280  [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
16:17:11.0824 0x2280  ssadmdfl - ok
16:17:11.0887 0x2280  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
16:17:11.0934 0x2280  ssadmdm - ok
16:17:11.0980 0x2280  [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
16:17:12.0012 0x2280  ssadserd - ok
16:17:12.0105 0x2280  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:17:12.0168 0x2280  SSDPSRV - ok
16:17:12.0261 0x2280  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
16:17:12.0277 0x2280  ssmdrv - ok
16:17:12.0355 0x2280  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:17:12.0433 0x2280  SstpSvc - ok
16:17:12.0495 0x2280  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:17:12.0511 0x2280  stexstor - ok
16:17:12.0620 0x2280  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
16:17:12.0714 0x2280  StiSvc - ok
16:17:12.0776 0x2280  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:17:12.0792 0x2280  swenum - ok
16:17:12.0885 0x2280  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
16:17:12.0979 0x2280  swprv - ok
16:17:13.0057 0x2280  [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:17:13.0088 0x2280  SynTP - ok
16:17:13.0182 0x2280  [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32       C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
16:17:13.0182 0x2280  Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
16:17:13.0213 0x2280  syshost32 - detected LockedFile.Multi.Generic ( 1 )
16:17:16.0286 0x2280  Detect turned to UDS exact due to KSN untrusted
16:17:16.0286 0x2280  syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
16:17:16.0286 0x2280  Force sending object to P2P due to detect: syshost32
16:17:20.0670 0x2280  Object send P2P result: true
16:17:23.0649 0x2280  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
16:17:23.0774 0x2280  SysMain - ok
16:17:23.0836 0x2280  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
16:17:23.0899 0x2280  TabletInputService - ok
16:17:24.0008 0x2280  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:17:24.0086 0x2280  TapiSrv - ok
16:17:24.0148 0x2280  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
16:17:24.0211 0x2280  TBS - ok
16:17:24.0351 0x2280  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:17:24.0460 0x2280  Tcpip - ok
16:17:24.0585 0x2280  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:17:24.0663 0x2280  TCPIP6 - ok
16:17:24.0757 0x2280  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:17:24.0804 0x2280  tcpipreg - ok
16:17:24.0866 0x2280  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:17:24.0928 0x2280  TDPIPE - ok
16:17:24.0975 0x2280  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:17:25.0006 0x2280  TDTCP - ok
16:17:25.0069 0x2280  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:17:25.0116 0x2280  tdx - ok
16:17:25.0194 0x2280  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:17:25.0209 0x2280  TermDD - ok
16:17:25.0303 0x2280  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
16:17:25.0396 0x2280  TermService - ok
16:17:25.0474 0x2280  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
16:17:25.0506 0x2280  Themes - ok
16:17:25.0568 0x2280  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
16:17:25.0615 0x2280  THREADORDER - ok
16:17:25.0693 0x2280  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
16:17:25.0755 0x2280  TrkWks - ok
16:17:25.0849 0x2280  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:17:25.0927 0x2280  TrustedInstaller - ok
16:17:26.0036 0x2280  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:17:26.0067 0x2280  tssecsrv - ok
16:17:26.0145 0x2280  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:17:26.0192 0x2280  TsUsbFlt - ok
16:17:26.0270 0x2280  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:17:26.0332 0x2280  tunnel - ok
16:17:26.0395 0x2280  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:17:26.0426 0x2280  uagp35 - ok
16:17:26.0504 0x2280  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:17:26.0566 0x2280  udfs - ok
16:17:26.0676 0x2280  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:17:26.0707 0x2280  UI0Detect - ok
16:17:26.0754 0x2280  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:17:26.0785 0x2280  uliagpkx - ok
16:17:26.0863 0x2280  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
16:17:26.0894 0x2280  umbus - ok
16:17:26.0956 0x2280  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:17:26.0988 0x2280  UmPass - ok
16:17:27.0081 0x2280  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
16:17:27.0159 0x2280  upnphost - ok
16:17:27.0222 0x2280  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:17:27.0253 0x2280  usbccgp - ok
16:17:27.0300 0x2280  USBCCID - ok
16:17:27.0362 0x2280  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:17:27.0409 0x2280  usbcir - ok
16:17:27.0456 0x2280  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:17:27.0487 0x2280  usbehci - ok
16:17:27.0565 0x2280  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:17:27.0627 0x2280  usbhub - ok
16:17:27.0674 0x2280  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:17:27.0721 0x2280  usbohci - ok
16:17:27.0783 0x2280  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:17:27.0830 0x2280  usbprint - ok
16:17:27.0892 0x2280  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
16:17:27.0939 0x2280  usbscan - ok
16:17:28.0017 0x2280  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:17:28.0064 0x2280  USBSTOR - ok
16:17:28.0142 0x2280  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
16:17:28.0173 0x2280  usbuhci - ok
16:17:28.0251 0x2280  [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:17:28.0282 0x2280  usbvideo - ok
16:17:28.0376 0x2280  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
16:17:28.0438 0x2280  UxSms - ok
16:17:28.0485 0x2280  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
16:17:28.0516 0x2280  VaultSvc - ok
16:17:28.0563 0x2280  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:17:28.0594 0x2280  vdrvroot - ok
16:17:28.0672 0x2280  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
16:17:28.0782 0x2280  vds - ok
16:17:28.0844 0x2280  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:17:28.0875 0x2280  vga - ok
16:17:28.0922 0x2280  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:17:28.0984 0x2280  VgaSave - ok
16:17:29.0062 0x2280  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:17:29.0094 0x2280  vhdmp - ok
16:17:29.0140 0x2280  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:17:29.0172 0x2280  viaagp - ok
16:17:29.0234 0x2280  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
16:17:29.0281 0x2280  ViaC7 - ok
16:17:29.0343 0x2280  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:17:29.0359 0x2280  viaide - ok
16:17:29.0421 0x2280  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:17:29.0452 0x2280  volmgr - ok
16:17:29.0515 0x2280  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:17:29.0562 0x2280  volmgrx - ok
16:17:29.0608 0x2280  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:17:29.0655 0x2280  volsnap - ok
16:17:29.0764 0x2280  [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
16:17:29.0811 0x2280  vpnagent - ok
16:17:29.0889 0x2280  [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
16:17:29.0905 0x2280  vpnva - ok
16:17:29.0967 0x2280  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:17:29.0998 0x2280  vsmraid - ok
16:17:30.0123 0x2280  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
16:17:30.0248 0x2280  VSS - ok
16:17:30.0310 0x2280  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:17:30.0357 0x2280  vwifibus - ok
16:17:30.0404 0x2280  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:17:30.0451 0x2280  vwififlt - ok
16:17:30.0498 0x2280  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:17:30.0544 0x2280  vwifimp - ok
16:17:30.0622 0x2280  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
16:17:30.0732 0x2280  W32Time - ok
16:17:30.0810 0x2280  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:17:30.0856 0x2280  WacomPen - ok
16:17:30.0919 0x2280  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:17:30.0981 0x2280  WANARP - ok
16:17:31.0012 0x2280  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:17:31.0059 0x2280  Wanarpv6 - ok
16:17:31.0215 0x2280  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
16:17:31.0309 0x2280  WatAdminSvc - ok
16:17:31.0434 0x2280  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
16:17:31.0558 0x2280  wbengine - ok
16:17:31.0636 0x2280  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:17:31.0683 0x2280  WbioSrvc - ok
16:17:31.0746 0x2280  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:17:31.0808 0x2280  wcncsvc - ok
16:17:31.0870 0x2280  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:17:31.0917 0x2280  WcsPlugInService - ok
16:17:31.0964 0x2280  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:17:31.0995 0x2280  Wd - ok
16:17:32.0089 0x2280  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:17:32.0136 0x2280  Wdf01000 - ok
16:17:32.0182 0x2280  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:17:32.0245 0x2280  WdiServiceHost - ok
16:17:32.0276 0x2280  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:17:32.0323 0x2280  WdiSystemHost - ok
16:17:32.0416 0x2280  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
16:17:32.0479 0x2280  WebClient - ok
16:17:32.0557 0x2280  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:17:32.0635 0x2280  Wecsvc - ok
16:17:32.0682 0x2280  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:17:32.0760 0x2280  wercplsupport - ok
16:17:32.0806 0x2280  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
16:17:32.0869 0x2280  WerSvc - ok
16:17:32.0931 0x2280  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:17:32.0931 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8B9A943F3B53861F2BFAF6C186168F79, sha256: 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713
16:17:32.0947 0x2280  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
16:17:35.0989 0x2280  Detect skipped due to KSN trusted
16:17:35.0989 0x2280  WfpLwf - ok
16:17:36.0067 0x2280  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:17:36.0067 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 5CF95B35E59E2A38023836FFF31BE64C, sha256: CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D
16:17:36.0082 0x2280  WIMMount - detected LockedFile.Multi.Generic ( 1 )
16:17:39.0031 0x2280  Detect skipped due to KSN trusted
16:17:39.0031 0x2280  WIMMount - ok
16:17:39.0202 0x2280  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
16:17:39.0296 0x2280  WinDefend - ok
16:17:39.0390 0x2280  WinHttpAutoProxySvc - ok
16:17:39.0468 0x2280  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:17:39.0530 0x2280  Winmgmt - ok
16:17:39.0655 0x2280  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
16:17:39.0780 0x2280  WinRM - ok
16:17:39.0904 0x2280  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:17:39.0904 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: A67E5F9A400F3BD1BE3D80613B45F708, sha256: E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367
16:17:39.0936 0x2280  WinUsb - detected LockedFile.Multi.Generic ( 1 )
16:17:43.0040 0x2280  Detect skipped due to KSN trusted
16:17:43.0040 0x2280  WinUsb - ok
16:17:43.0212 0x2280  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:17:43.0305 0x2280  Wlansvc - ok
16:17:43.0368 0x2280  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:17:43.0368 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: 0217679B8FCA58714C3BF2726D2CA84E, sha256: 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A
16:17:43.0368 0x2280  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
16:17:46.0316 0x2280  Detect skipped due to KSN trusted
16:17:46.0316 0x2280  WmiAcpi - ok
16:17:46.0441 0x2280  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:17:46.0472 0x2280  wmiApSrv - ok
16:17:46.0613 0x2280  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
16:17:46.0722 0x2280  WMPNetworkSvc - ok
16:17:46.0800 0x2280  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:17:46.0847 0x2280  WPCSvc - ok
16:17:46.0909 0x2280  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:17:46.0956 0x2280  WPDBusEnum - ok
16:17:47.0018 0x2280  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:17:47.0018 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6DB3276587B853BF886B69528FDB048C, sha256: 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C
16:17:47.0049 0x2280  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
16:17:49.0967 0x2280  Detect skipped due to KSN trusted
16:17:49.0967 0x2280  ws2ifsl - ok
16:17:50.0107 0x2280  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
16:17:50.0154 0x2280  wscsvc - ok
16:17:50.0232 0x2280  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
16:17:50.0232 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 553F6CCD7C58EB98D4A8FBDAF283D7A9, sha256: 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560
16:17:50.0263 0x2280  WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
16:17:53.0196 0x2280  Detect skipped due to KSN trusted
16:17:53.0196 0x2280  WSDPrintDevice - ok
16:17:53.0289 0x2280  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
16:17:53.0305 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WSDScan.sys. md5: 7DC0270CFD4A05B4112E3EBBF083B595, sha256: DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137
16:17:53.0321 0x2280  WSDScan - detected LockedFile.Multi.Generic ( 1 )
16:17:56.0238 0x2280  Detect skipped due to KSN trusted
16:17:56.0238 0x2280  WSDScan - ok
16:17:56.0253 0x2280  WSearch - ok
16:17:56.0487 0x2280  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:17:56.0643 0x2280  wuauserv - ok
16:17:56.0737 0x2280  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:17:56.0737 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 06E6F32C8D0A3F66D956F57B43A2E070, sha256: 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943
16:17:56.0753 0x2280  WudfPf - detected LockedFile.Multi.Generic ( 1 )
16:18:00.0434 0x2280  Detect skipped due to KSN trusted
16:18:00.0434 0x2280  WudfPf - ok
16:18:00.0543 0x2280  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:18:00.0543 0x2280  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 867C301E8B790040AE9CF6486E8041DF, sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
16:18:00.0543 0x2280  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
16:18:03.0741 0x2280  Detect skipped due to KSN trusted
16:18:03.0741 0x2280  WUDFRd - ok
16:18:03.0819 0x2280  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:18:03.0851 0x2280  wudfsvc - ok
16:18:03.0929 0x2280  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:18:03.0975 0x2280  WwanSvc - ok
16:18:04.0147 0x2280  ================ Scan global ===============================
16:18:04.0225 0x2280  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
16:18:04.0272 0x2280  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:18:04.0303 0x2280  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:18:04.0350 0x2280  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
16:18:04.0381 0x2280  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
16:18:04.0397 0x2280  [ Global ] - ok
16:18:04.0397 0x2280  ================ Scan MBR ==================================
16:18:04.0412 0x2280  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
16:18:10.0059 0x2280  \Device\Harddisk0\DR0 - ok
16:18:10.0059 0x2280  ================ Scan VBR ==================================
16:18:10.0059 0x2280  [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
16:18:10.0075 0x2280  \Device\Harddisk0\DR0\Partition1 - ok
16:18:10.0106 0x2280  [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
16:18:10.0106 0x2280  \Device\Harddisk0\DR0\Partition2 - ok
16:18:10.0106 0x2280  [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
16:18:10.0122 0x2280  \Device\Harddisk0\DR0\Partition3 - ok
16:18:10.0122 0x2280  ================ Scan generic autorun ======================
16:18:10.0169 0x2280  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
16:18:10.0200 0x2280  IAAnotif - ok
16:18:10.0340 0x2280  [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
16:18:10.0481 0x2280  MGSysCtrl - detected UnsignedFile.Multi.Generic ( 1 )
16:18:13.0413 0x2280  Detect skipped due to KSN trusted
16:18:13.0413 0x2280  MGSysCtrl - ok
16:18:13.0585 0x2280  [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
16:18:13.0694 0x2280  SynTPEnh - ok
16:18:14.0131 0x2280  [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
16:18:14.0661 0x2280  RtHDVCpl - ok
16:18:14.0864 0x2280  [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
16:18:14.0880 0x2280  PDVD9LanguageShortcut - ok
16:18:14.0942 0x2280  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
16:18:14.0973 0x2280  UCam_Menu - ok
16:18:15.0005 0x2280  [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
16:18:15.0036 0x2280  YouCam Mirror Tray icon - detected UnsignedFile.Multi.Generic ( 1 )
16:18:18.0015 0x2280  Detect skipped due to KSN trusted
16:18:18.0015 0x2280  YouCam Mirror Tray icon - ok
16:18:18.0093 0x2280  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
16:18:18.0125 0x2280  IgfxTray - ok
16:18:18.0140 0x2280  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
16:18:18.0171 0x2280  HotKeysCmds - ok
16:18:18.0187 0x2280  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
16:18:18.0218 0x2280  Persistence - ok
16:18:18.0296 0x2280  [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
16:18:18.0359 0x2280  IJNetworkScannerSelectorEX - ok
16:18:18.0468 0x2280  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
16:18:18.0546 0x2280  Adobe ARM - ok
16:18:18.0624 0x2280  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
16:18:18.0655 0x2280  SunJavaUpdateSched - ok
16:18:18.0780 0x2280  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
16:18:18.0873 0x2280  avgnt - ok
16:18:18.0936 0x2280  [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
16:18:18.0983 0x2280  Cisco AnyConnect Secure Mobility Agent for Windows - ok
16:18:19.0123 0x2280  [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
16:18:19.0248 0x2280  MailCheck IE Broker - ok
16:18:19.0263 0x2280  Waiting for KSN requests completion. In queue: 13
16:18:20.0277 0x2280  Waiting for KSN requests completion. In queue: 13
16:18:21.0291 0x2280  Waiting for KSN requests completion. In queue: 13
16:18:22.0337 0x2280  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
16:18:22.0368 0x2280  Win FW state via NFP2: enabled
16:18:25.0207 0x2280  ============================================================
16:18:25.0207 0x2280  Scan finished
16:18:25.0207 0x2280  ============================================================
16:18:25.0223 0x23f0  Detected object count: 2
16:18:25.0223 0x23f0  Actual detected object count: 2
16:20:09.0634 0x23f0  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - skipped by user
16:20:09.0634 0x23f0  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - User select action: Skip 
16:20:09.0634 0x23f0  syshost32 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
16:20:09.0634 0x23f0  syshost32 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip
         
__________________

Alt 08.07.2014, 09:32   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.07.2014, 11:06   #5
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Hallo Schrauber,

habe es durchlaufen lassen. Es wurden zwei Objekte gefunden.

Allerdings kann ich da cure nicht anklicken. Es geht nur delete, skip oder in die Quarantäne stecken. Bin mir nicht sicher was ich tun soll.

Habe Bedenken etwas falsch zu machen. Wie soll ich weiter vorgehen?


Alt 09.07.2014, 08:13   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Wähle Delete.
__________________
--> Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr

Alt 09.07.2014, 13:56   #7
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Hallo Schrauber,

habe meinen Rechner seit gestern, als ich hier rein geschrieben habe, stehen lassen und auf deine Antwort gewartet. Daraufhin hat er sich neu gestartet. Habe heute das Programm durchlaufen lassen, und es wurde nur eine Bedrohung gefunden.
Habe deine Schritte befolgt und stellte dann fest, dass auf dem Computer bereits drei weitere Logfiles zu finden sind. D. h. es wurden vom Programm drei Logfiles gestern ohne mein Handeln erstellt.
Ich poste hier mal alle vier rein.



Code:
ATTFilter
11:36:30.0528 0x1644  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:36:37.0829 0x1644  ============================================================
11:36:37.0829 0x1644  Current date / time: 2014/07/08 11:36:37.0829
11:36:37.0829 0x1644  SystemInfo:
11:36:37.0829 0x1644  
11:36:37.0829 0x1644  OS Version: 6.1.7601 ServicePack: 1.0
11:36:37.0829 0x1644  Product type: Workstation
11:36:37.0829 0x1644  ComputerName: *****-PC
11:36:37.0829 0x1644  UserName: *****
11:36:37.0829 0x1644  Windows directory: C:\Windows
11:36:37.0829 0x1644  System windows directory: C:\Windows
11:36:37.0829 0x1644  Processor architecture: Intel x86
11:36:37.0829 0x1644  Number of processors: 2
11:36:37.0829 0x1644  Page size: 0x1000
11:36:37.0829 0x1644  Boot type: Normal boot
11:36:37.0829 0x1644  ============================================================
11:36:40.0434 0x1644  KLMD registered as C:\Windows\system32\drivers\58580041.sys
11:36:57.0578 0x1644  System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
11:36:58.0155 0x1644  !crdlk
11:36:58.0311 0x1644  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
11:36:58.0327 0x1644  ============================================================
11:36:58.0327 0x1644  \Device\Harddisk0\DR0:
11:36:58.0343 0x1644  MBR partitions:
11:36:58.0343 0x1644  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:36:58.0343 0x1644  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
11:36:58.0343 0x1644  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
11:36:58.0343 0x1644  ============================================================
11:36:58.0389 0x1644  C: <-> \Device\Harddisk0\DR0\Partition2
11:36:58.0452 0x1644  D: <-> \Device\Harddisk0\DR0\Partition3
11:36:58.0452 0x1644  ============================================================
11:36:58.0452 0x1644  Initialize success
11:36:58.0452 0x1644  ============================================================
11:37:06.0330 0x1694  ============================================================
11:37:06.0330 0x1694  Scan started
11:37:06.0330 0x1694  Mode: Manual; 
11:37:06.0330 0x1694  ============================================================
11:37:06.0330 0x1694  KSN ping started
11:37:09.0341 0x1694  KSN ping finished: true
11:37:10.0464 0x1694  ================ Scan system memory ========================
11:37:10.0464 0x1694  System memory - ok
11:37:10.0464 0x1694  ================ Scan services =============================
11:37:10.0745 0x1694  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:37:10.0760 0x1694  1394ohci - ok
11:37:10.0823 0x1694  Suspicious service (NoAccess): 8a6a6eefe4cb1615
11:37:10.0869 0x1694  [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
11:37:10.0869 0x1694  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
11:37:10.0963 0x1694  8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
11:37:14.0083 0x1694  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
11:37:14.0083 0x1694  Force sending object to P2P due to detect: 8a6a6eefe4cb1615
11:37:18.0139 0x1694  Object send P2P result: true
11:37:21.0119 0x1694  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:37:21.0150 0x1694  ACPI - ok
11:37:21.0197 0x1694  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:37:21.0197 0x1694  AcpiPmi - ok
11:37:21.0259 0x1694  [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
11:37:21.0259 0x1694  acsock - ok
11:37:21.0384 0x1694  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:37:21.0384 0x1694  AdobeARMservice - ok
11:37:21.0509 0x1694  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:37:21.0524 0x1694  AdobeFlashPlayerUpdateSvc - ok
11:37:21.0618 0x1694  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:37:21.0649 0x1694  adp94xx - ok
11:37:21.0696 0x1694  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:37:21.0727 0x1694  adpahci - ok
11:37:21.0821 0x1694  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:37:21.0836 0x1694  adpu320 - ok
11:37:21.0899 0x1694  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:37:21.0899 0x1694  AeLookupSvc - ok
11:37:21.0992 0x1694  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
11:37:22.0008 0x1694  AFD - ok
11:37:22.0070 0x1694  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:37:22.0070 0x1694  agp440 - ok
11:37:22.0164 0x1694  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:37:22.0179 0x1694  aic78xx - ok
11:37:22.0257 0x1694  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
11:37:22.0257 0x1694  ALG - ok
11:37:22.0304 0x1694  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:37:22.0320 0x1694  aliide - ok
11:37:22.0367 0x1694  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:37:22.0367 0x1694  amdagp - ok
11:37:22.0413 0x1694  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:37:22.0413 0x1694  amdide - ok
11:37:22.0460 0x1694  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:37:22.0476 0x1694  AmdK8 - ok
11:37:22.0491 0x1694  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:37:22.0507 0x1694  AmdPPM - ok
11:37:22.0538 0x1694  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:37:22.0538 0x1694  amdsata - ok
11:37:22.0601 0x1694  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:37:22.0601 0x1694  amdsbs - ok
11:37:22.0647 0x1694  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:37:22.0647 0x1694  amdxata - ok
11:37:22.0741 0x1694  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
11:37:22.0757 0x1694  androidusb - ok
11:37:22.0881 0x1694  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:37:22.0897 0x1694  AntiVirSchedulerService - ok
11:37:23.0006 0x1694  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:37:23.0022 0x1694  AntiVirService - ok
11:37:23.0100 0x1694  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
11:37:23.0100 0x1694  AppID - ok
11:37:23.0162 0x1694  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:37:23.0162 0x1694  AppIDSvc - ok
11:37:23.0256 0x1694  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
11:37:23.0256 0x1694  Appinfo - ok
11:37:23.0349 0x1694  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:37:23.0365 0x1694  arc - ok
11:37:23.0396 0x1694  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:37:23.0396 0x1694  arcsas - ok
11:37:23.0537 0x1694  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:37:23.0537 0x1694  aspnet_state - ok
11:37:23.0583 0x1694  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:37:23.0583 0x1694  AsyncMac - ok
11:37:23.0661 0x1694  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:37:23.0661 0x1694  atapi - ok
11:37:23.0786 0x1694  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:37:23.0817 0x1694  AudioEndpointBuilder - ok
11:37:23.0880 0x1694  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:37:23.0895 0x1694  Audiosrv - ok
11:37:24.0005 0x1694  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:37:24.0020 0x1694  avgntflt - ok
11:37:24.0083 0x1694  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:37:24.0098 0x1694  avipbb - ok
11:37:24.0161 0x1694  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:37:24.0161 0x1694  avkmgr - ok
11:37:24.0239 0x1694  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:37:24.0254 0x1694  AxInstSV - ok
11:37:24.0317 0x1694  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:37:24.0363 0x1694  b06bdrv - ok
11:37:24.0426 0x1694  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:37:24.0426 0x1694  b57nd60x - ok
11:37:24.0535 0x1694  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
11:37:24.0551 0x1694  BDESVC - ok
11:37:24.0597 0x1694  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:37:24.0597 0x1694  Beep - ok
11:37:24.0707 0x1694  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
11:37:24.0738 0x1694  BFE - ok
11:37:24.0878 0x1694  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
11:37:24.0925 0x1694  BITS - ok
11:37:24.0987 0x1694  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:37:24.0987 0x1694  blbdrive - ok
11:37:25.0065 0x1694  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:37:25.0065 0x1694  bowser - ok
11:37:25.0128 0x1694  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:37:25.0128 0x1694  BrFiltLo - ok
11:37:25.0175 0x1694  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:37:25.0175 0x1694  BrFiltUp - ok
11:37:25.0221 0x1694  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:37:25.0237 0x1694  BridgeMP - ok
11:37:25.0315 0x1694  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
11:37:25.0315 0x1694  Browser - ok
11:37:25.0362 0x1694  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:37:25.0377 0x1694  Brserid - ok
11:37:25.0440 0x1694  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:37:25.0440 0x1694  BrSerWdm - ok
11:37:25.0471 0x1694  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:37:25.0487 0x1694  BrUsbMdm - ok
11:37:25.0518 0x1694  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:37:25.0518 0x1694  BrUsbSer - ok
11:37:25.0580 0x1694  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:37:25.0596 0x1694  BthEnum - ok
11:37:25.0643 0x1694  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:37:25.0643 0x1694  BTHMODEM - ok
11:37:25.0674 0x1694  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:37:25.0689 0x1694  BthPan - ok
11:37:25.0752 0x1694  [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:37:25.0767 0x1694  BTHPORT - ok
11:37:25.0877 0x1694  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
11:37:25.0892 0x1694  bthserv - ok
11:37:25.0939 0x1694  [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:37:25.0939 0x1694  BTHUSB - ok
11:37:26.0001 0x1694  [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:37:26.0001 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: D57D29132EFE13A83133D9BD449E0CF1, sha256: 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB
11:37:26.0017 0x1694  btwaudio - detected LockedFile.Multi.Generic ( 1 )
11:37:29.0293 0x1694  Detect skipped due to KSN trusted
11:37:29.0293 0x1694  btwaudio - ok
11:37:29.0387 0x1694  [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
11:37:29.0402 0x1694  btwavdt - ok
11:37:29.0496 0x1694  [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:37:29.0527 0x1694  btwdins - ok
11:37:29.0574 0x1694  [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:37:29.0574 0x1694  btwl2cap - ok
11:37:29.0605 0x1694  [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:37:29.0605 0x1694  btwrchid - ok
11:37:29.0792 0x1694  catchme - ok
11:37:29.0855 0x1694  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:37:29.0855 0x1694  cdfs - ok
11:37:29.0917 0x1694  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
11:37:29.0933 0x1694  cdrom - ok
11:37:29.0995 0x1694  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:37:30.0011 0x1694  CertPropSvc - ok
11:37:30.0057 0x1694  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:37:30.0057 0x1694  circlass - ok
11:37:30.0135 0x1694  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
11:37:30.0135 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: 635181E0E9BBF16871BF5380D71DB02D, sha256: 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A
11:37:30.0182 0x1694  CLFS - detected LockedFile.Multi.Generic ( 1 )
11:37:33.0053 0x1694  Detect skipped due to KSN trusted
11:37:33.0053 0x1694  CLFS - ok
11:37:33.0240 0x1694  [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
11:37:33.0302 0x1694  ClickToRunSvc - ok
11:37:33.0396 0x1694  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:37:33.0411 0x1694  clr_optimization_v2.0.50727_32 - ok
11:37:33.0505 0x1694  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:37:33.0505 0x1694  clr_optimization_v4.0.30319_32 - ok
11:37:33.0552 0x1694  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:37:33.0552 0x1694  CmBatt - ok
11:37:33.0630 0x1694  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:37:33.0630 0x1694  cmdide - ok
11:37:33.0723 0x1694  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
11:37:33.0739 0x1694  CNG - ok
11:37:33.0801 0x1694  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:37:33.0801 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: A6023D3823C37043986713F118A89BEE, sha256: FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B
11:37:33.0817 0x1694  Compbatt - detected LockedFile.Multi.Generic ( 1 )
11:37:36.0687 0x1694  Detect skipped due to KSN trusted
11:37:36.0687 0x1694  Compbatt - ok
11:37:36.0797 0x1694  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:37:36.0797 0x1694  CompositeBus - ok
11:37:36.0843 0x1694  COMSysApp - ok
11:37:36.0890 0x1694  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:37:36.0890 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 2C4EBCFC84A9B44F209DFF6C6E6C61D1, sha256: 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6
11:37:36.0890 0x1694  crcdisk - detected LockedFile.Multi.Generic ( 1 )
11:37:39.0776 0x1694  Detect skipped due to KSN trusted
11:37:39.0776 0x1694  crcdisk - ok
11:37:39.0870 0x1694  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:37:39.0870 0x1694  CryptSvc - ok
11:37:39.0964 0x1694  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:37:40.0010 0x1694  DcomLaunch - ok
11:37:40.0088 0x1694  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
11:37:40.0104 0x1694  defragsvc - ok
11:37:40.0151 0x1694  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:37:40.0166 0x1694  DfsC - ok
11:37:40.0244 0x1694  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:37:40.0276 0x1694  Dhcp - ok
11:37:40.0322 0x1694  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
11:37:40.0322 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 1A050B0274BFB3890703D490F330C0DA, sha256: 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB
11:37:40.0354 0x1694  discache - detected LockedFile.Multi.Generic ( 1 )
11:37:43.0240 0x1694  Detect skipped due to KSN trusted
11:37:43.0240 0x1694  discache - ok
11:37:43.0380 0x1694  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:37:43.0380 0x1694  Disk - ok
11:37:43.0458 0x1694  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:37:43.0458 0x1694  Dnscache - ok
11:37:43.0536 0x1694  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:37:43.0536 0x1694  dot3svc - ok
11:37:43.0614 0x1694  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
11:37:43.0614 0x1694  DPS - ok
11:37:43.0692 0x1694  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:37:43.0692 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: B918E7C5F9BF77202F89E1A9539F2EB4, sha256: C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B
11:37:43.0723 0x1694  drmkaud - detected LockedFile.Multi.Generic ( 1 )
11:37:46.0609 0x1694  Detect skipped due to KSN trusted
11:37:46.0609 0x1694  drmkaud - ok
11:37:46.0765 0x1694  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:37:46.0765 0x1694  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 71BC35067CABC02C9453AEAA42B2E43E, sha256: 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619
11:37:46.0781 0x1694  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
11:37:49.0651 0x1694  Detect skipped due to KSN trusted
11:37:49.0651 0x1694  DXGKrnl - ok
11:37:49.0760 0x1694  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
11:37:49.0760 0x1694  EapHost - ok
11:37:49.0979 0x1694  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:37:49.0979 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbdx.sys. md5: 024E1B5CAC09731E4D868E64DBFB4AB0, sha256: AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994
11:37:50.0010 0x1694  ebdrv - detected LockedFile.Multi.Generic ( 1 )
11:37:52.0880 0x1694  Detect skipped due to KSN trusted
11:37:52.0880 0x1694  ebdrv - ok
11:37:52.0990 0x1694  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
11:37:53.0005 0x1694  EFS - ok
11:37:53.0114 0x1694  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:37:53.0130 0x1694  ehRecvr - ok
11:37:53.0177 0x1694  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
11:37:53.0177 0x1694  ehSched - ok
11:37:53.0270 0x1694  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:37:53.0270 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0ED67910C8C326796FAA00B2BF6D9D3C, sha256: 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8
11:37:53.0302 0x1694  elxstor - detected LockedFile.Multi.Generic ( 1 )
11:37:56.0188 0x1694  Detect skipped due to KSN trusted
11:37:56.0188 0x1694  elxstor - ok
11:37:56.0297 0x1694  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:37:56.0297 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 8FC3208352DD3912C94367A206AB3F11, sha256: 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02
11:37:56.0297 0x1694  ErrDev - detected LockedFile.Multi.Generic ( 1 )
11:37:59.0183 0x1694  Detect skipped due to KSN trusted
11:37:59.0183 0x1694  ErrDev - ok
11:37:59.0370 0x1694  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
11:37:59.0386 0x1694  EventSystem - ok
11:37:59.0432 0x1694  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:37:59.0432 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: 2DC9108D74081149CC8B651D3A26207F, sha256: 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176
11:37:59.0464 0x1694  exfat - detected LockedFile.Multi.Generic ( 1 )
11:38:02.0381 0x1694  Detect skipped due to KSN trusted
11:38:02.0381 0x1694  exfat - ok
11:38:02.0428 0x1694  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:38:02.0428 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 7E0AB74553476622FB6AE36F73D97D35, sha256: 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947
11:38:02.0428 0x1694  fastfat - detected LockedFile.Multi.Generic ( 1 )
11:38:05.0314 0x1694  Detect skipped due to KSN trusted
11:38:05.0314 0x1694  fastfat - ok
11:38:05.0423 0x1694  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
11:38:05.0454 0x1694  Fax - ok
11:38:05.0501 0x1694  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:38:05.0516 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: E817A017F82DF2A1F8CFDBDA29388B29, sha256: 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837
11:38:05.0532 0x1694  fdc - detected LockedFile.Multi.Generic ( 1 )
11:38:08.0402 0x1694  Detect skipped due to KSN trusted
11:38:08.0402 0x1694  fdc - ok
11:38:08.0465 0x1694  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
11:38:08.0480 0x1694  fdPHost - ok
11:38:08.0527 0x1694  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:38:08.0527 0x1694  FDResPub - ok
11:38:08.0590 0x1694  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:38:08.0590 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 6CF00369C97F3CF563BE99BE983D13D8, sha256: F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33
11:38:08.0605 0x1694  FileInfo - detected LockedFile.Multi.Generic ( 1 )
11:38:11.0476 0x1694  Detect skipped due to KSN trusted
11:38:11.0476 0x1694  FileInfo - ok
11:38:11.0569 0x1694  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:38:11.0569 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 42C51DC94C91DA21CB9196EB64C45DB9, sha256: 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635
11:38:11.0585 0x1694  Filetrace - detected LockedFile.Multi.Generic ( 1 )
11:38:14.0596 0x1694  Detect skipped due to KSN trusted
11:38:14.0596 0x1694  Filetrace - ok
11:38:14.0674 0x1694  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:38:14.0674 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: 87907AA70CB3C56600F1C2FB8841579B, sha256: CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979
11:38:14.0689 0x1694  flpydisk - detected LockedFile.Multi.Generic ( 1 )
11:38:17.0560 0x1694  Detect skipped due to KSN trusted
11:38:17.0560 0x1694  flpydisk - ok
11:38:17.0638 0x1694  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:38:17.0638 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: 7520EC808E0C35E0EE6F841294316653, sha256: 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67
11:38:17.0653 0x1694  FltMgr - detected LockedFile.Multi.Generic ( 1 )
11:38:20.0695 0x1694  Detect skipped due to KSN trusted
11:38:20.0695 0x1694  FltMgr - ok
11:38:20.0914 0x1694  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
11:38:20.0976 0x1694  FontCache - ok
11:38:21.0070 0x1694  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:38:21.0070 0x1694  FontCache3.0.0.0 - ok
11:38:21.0132 0x1694  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:38:21.0132 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: 1A16B57943853E598CFF37FE2B8CBF1D, sha256: 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E
11:38:21.0163 0x1694  FsDepends - detected LockedFile.Multi.Generic ( 1 )
11:38:24.0034 0x1694  Detect skipped due to KSN trusted
11:38:24.0034 0x1694  FsDepends - ok
11:38:24.0096 0x1694  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:38:24.0096 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 7DAE5EBCC80E45D3253F4923DC424D05, sha256: 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A
11:38:24.0112 0x1694  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
11:38:26.0982 0x1694  Detect skipped due to KSN trusted
11:38:26.0982 0x1694  Fs_Rec - ok
11:38:27.0076 0x1694  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:38:27.0076 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: E306A24D9694C724FA2491278BF50FDB, sha256: 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091
11:38:27.0076 0x1694  fvevol - detected LockedFile.Multi.Generic ( 1 )
11:38:29.0946 0x1694  Detect skipped due to KSN trusted
11:38:29.0946 0x1694  fvevol - ok
11:38:30.0040 0x1694  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:38:30.0040 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 65EE0C7A58B65E74AE05637418153938, sha256: 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF
11:38:30.0055 0x1694  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
11:38:32.0941 0x1694  Detect skipped due to KSN trusted
11:38:32.0941 0x1694  gagp30kx - ok
11:38:33.0082 0x1694  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:38:33.0113 0x1694  gpsvc - ok
11:38:33.0238 0x1694  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:38:33.0238 0x1694  gupdate - ok
11:38:33.0284 0x1694  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:38:33.0284 0x1694  gupdatem - ok
11:38:33.0331 0x1694  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:38:33.0331 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: C44E3C2BAB6837DB337DDEE7544736DB, sha256: 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D
11:38:33.0347 0x1694  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
11:38:36.0233 0x1694  Detect skipped due to KSN trusted
11:38:36.0233 0x1694  hcw85cir - ok
11:38:36.0358 0x1694  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:38:36.0358 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: A5EF29D5315111C80A5C1ABAD14C8972, sha256: A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A
11:38:36.0358 0x1694  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
11:38:39.0244 0x1694  Detect skipped due to KSN trusted
11:38:39.0244 0x1694  HdAudAddService - ok
11:38:39.0337 0x1694  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:38:39.0337 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 9036377B8A6C15DC2EEC53E489D159B5, sha256: 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B
11:38:39.0353 0x1694  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
11:38:42.0239 0x1694  Detect skipped due to KSN trusted
11:38:42.0239 0x1694  HDAudBus - ok
11:38:42.0348 0x1694  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:38:42.0348 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 1D58A7F3E11A9731D0EAAAA8405ACC36, sha256: 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215
11:38:42.0348 0x1694  HidBatt - detected LockedFile.Multi.Generic ( 1 )
11:38:45.0234 0x1694  Detect skipped due to KSN trusted
11:38:45.0234 0x1694  HidBatt - ok
11:38:45.0328 0x1694  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:38:45.0328 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 89448F40E6DF260C206A193A4683BA78, sha256: 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C
11:38:45.0343 0x1694  HidBth - detected LockedFile.Multi.Generic ( 1 )
11:38:49.0259 0x1694  Detect skipped due to KSN trusted
11:38:49.0259 0x1694  HidBth - ok
11:38:49.0430 0x1694  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:38:49.0430 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: CF50B4CF4A4F229B9F3C08351F99CA5E, sha256: B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F
11:38:49.0446 0x1694  HidIr - detected LockedFile.Multi.Generic ( 1 )
11:38:52.0332 0x1694  Detect skipped due to KSN trusted
11:38:52.0332 0x1694  HidIr - ok
11:38:52.0426 0x1694  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
11:38:52.0426 0x1694  hidserv - ok
11:38:52.0504 0x1694  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:38:52.0504 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 10C19F8290891AF023EAEC0832E1EB4D, sha256: E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853
11:38:52.0504 0x1694  HidUsb - detected LockedFile.Multi.Generic ( 1 )
11:38:55.0390 0x1694  Detect skipped due to KSN trusted
11:38:55.0390 0x1694  HidUsb - ok
11:38:55.0530 0x1694  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:38:55.0530 0x1694  hkmsvc - ok
11:38:55.0608 0x1694  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:38:55.0624 0x1694  HomeGroupListener - ok
11:38:55.0670 0x1694  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:38:55.0686 0x1694  HomeGroupProvider - ok
11:38:55.0733 0x1694  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:38:55.0733 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 295FDC419039090EB8B49FFDBB374549, sha256: 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7
11:38:55.0780 0x1694  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
11:38:58.0634 0x1694  Detect skipped due to KSN trusted
11:38:58.0634 0x1694  HpSAMD - ok
11:38:58.0775 0x1694  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:38:58.0775 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 871917B07A141BFF43D76D8844D48106, sha256: 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987
11:38:58.0806 0x1694  HTTP - detected LockedFile.Multi.Generic ( 1 )
11:39:01.0676 0x1694  Detect skipped due to KSN trusted
11:39:01.0676 0x1694  HTTP - ok
11:39:01.0770 0x1694  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:39:01.0770 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: 0C4E035C7F105F1299258C90886C64C5, sha256: CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4
11:39:01.0770 0x1694  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
11:39:04.0625 0x1694  Detect skipped due to KSN trusted
11:39:04.0625 0x1694  hwpolicy - ok
11:39:04.0750 0x1694  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:39:04.0750 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: F151F0BDC47F4A28B1B20A0818EA36D6, sha256: 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79
11:39:04.0750 0x1694  i8042prt - detected LockedFile.Multi.Generic ( 1 )
11:39:07.0636 0x1694  Detect skipped due to KSN trusted
11:39:07.0636 0x1694  i8042prt - ok
11:39:07.0745 0x1694  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:39:07.0745 0x1694  IAANTMON - ok
11:39:07.0870 0x1694  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:39:07.0870 0x1694  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: D483687EACE0C065EE772481A96E05F5, sha256: A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29
11:39:07.0916 0x1694  iaStor - detected LockedFile.Multi.Generic ( 1 )
11:39:11.0239 0x1694  Detect skipped due to KSN trusted
11:39:11.0239 0x1694  iaStor - ok
11:39:11.0317 0x1694  Scan was interrupted by user!
11:39:11.0317 0x1694  Waiting for KSN requests completion. In queue: 1
11:39:12.0331 0x1694  Waiting for KSN requests completion. In queue: 1
11:39:13.0345 0x1694  Waiting for KSN requests completion. In queue: 1
11:39:14.0437 0x1694  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
11:39:14.0453 0x1694  Win FW state via NFP2: enabled
11:39:17.0495 0x1694  ============================================================
11:39:17.0495 0x1694  Scan finished
11:39:17.0495 0x1694  ============================================================
11:39:17.0495 0x168c  Detected object count: 1
11:39:17.0495 0x168c  Actual detected object count: 1
11:39:23.0314 0x168c  C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - copied to quarantine
11:39:23.0329 0x168c  HKLM\SYSTEM\ControlSet001\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:39:23.0407 0x168c  HKLM\SYSTEM\ControlSet002\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:39:23.0969 0x168c  C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - will be deleted on reboot
11:39:23.0969 0x168c  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
11:39:24.0203 0x168c  KLMD registered as C:\Windows\system32\drivers\19170952.sys
11:39:30.0178 0x161c  Deinitialize success
         

Alt 09.07.2014, 13:58   #8
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Code:
ATTFilter
11:39:37.0001 0x1398  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:39:40.0635 0x1398  ============================================================
11:39:40.0635 0x1398  Current date / time: 2014/07/08 11:39:40.0635
11:39:40.0635 0x1398  SystemInfo:
11:39:40.0635 0x1398  
11:39:40.0635 0x1398  OS Version: 6.1.7601 ServicePack: 1.0
11:39:40.0635 0x1398  Product type: Workstation
11:39:40.0635 0x1398  ComputerName: *****-PC
11:39:40.0635 0x1398  UserName: *****
11:39:40.0635 0x1398  Windows directory: C:\Windows
11:39:40.0635 0x1398  System windows directory: C:\Windows
11:39:40.0635 0x1398  Processor architecture: Intel x86
11:39:40.0635 0x1398  Number of processors: 2
11:39:40.0635 0x1398  Page size: 0x1000
11:39:40.0635 0x1398  Boot type: Normal boot
11:39:40.0635 0x1398  ============================================================
11:39:41.0181 0x1398  KLMD registered as C:\Windows\system32\drivers\38680519.sys
11:39:46.0283 0x1398  System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
11:39:46.0829 0x1398  !crdlk
11:39:46.0969 0x1398  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
11:39:46.0985 0x1398  ============================================================
11:39:46.0985 0x1398  \Device\Harddisk0\DR0:
11:39:46.0985 0x1398  MBR partitions:
11:39:46.0985 0x1398  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:39:46.0985 0x1398  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
11:39:46.0985 0x1398  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
11:39:46.0985 0x1398  ============================================================
11:39:47.0016 0x1398  C: <-> \Device\Harddisk0\DR0\Partition2
11:39:47.0078 0x1398  D: <-> \Device\Harddisk0\DR0\Partition3
11:39:47.0078 0x1398  ============================================================
11:39:47.0078 0x1398  Initialize success
11:39:47.0078 0x1398  ============================================================
11:39:49.0949 0x1758  ============================================================
11:39:49.0949 0x1758  Scan started
11:39:49.0949 0x1758  Mode: Manual; 
11:39:49.0949 0x1758  ============================================================
11:39:49.0949 0x1758  KSN ping started
11:39:52.0772 0x1758  KSN ping finished: true
11:39:53.0630 0x1758  ================ Scan system memory ========================
11:39:53.0630 0x1758  System memory - ok
11:39:53.0630 0x1758  ================ Scan services =============================
11:39:53.0911 0x1758  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:39:53.0911 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\1394ohci.sys. md5: 1B133875B8AA8AC48969BD3458AFE9F5, sha256: 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744
11:39:53.0958 0x1758  1394ohci - detected LockedFile.Multi.Generic ( 1 )
11:39:56.0875 0x1758  Detect skipped due to KSN trusted
11:39:56.0875 0x1758  1394ohci - ok
11:39:56.0937 0x1758  [ 4B2C07980CBD463DEE9F5CB0ADCDE862, A0D20F91EE6A13CA255033752B79CD90C89F3E95DB82D96EC6117E6B734775EF ] 75070223        C:\Windows\system32\drivers\19170952.sys
11:39:56.0953 0x1758  75070223 - ok
11:39:56.0969 0x1758  Suspicious service (NoAccess): 8a6a6eefe4cb1615
11:39:57.0015 0x1758  [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
11:39:57.0015 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
11:39:57.0062 0x1758  8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
11:40:00.0073 0x1758  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
11:40:00.0073 0x1758  Force sending object to P2P due to detect: 8a6a6eefe4cb1615
11:40:04.0082 0x1758  Object send P2P result: true
11:40:06.0999 0x1758  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:40:06.0999 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ACPI.sys. md5: CEA80C80BED809AA0DA6FEBC04733349, sha256: AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B
11:40:07.0015 0x1758  ACPI - detected LockedFile.Multi.Generic ( 1 )
11:40:09.0885 0x1758  Detect skipped due to KSN trusted
11:40:09.0885 0x1758  ACPI - ok
11:40:09.0963 0x1758  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:40:09.0963 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\acpipmi.sys. md5: 1EFBC664ABFF416D1D07DB115DCB264F, sha256: BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58
11:40:09.0979 0x1758  AcpiPmi - detected LockedFile.Multi.Generic ( 1 )
11:40:12.0849 0x1758  Detect skipped due to KSN trusted
11:40:12.0849 0x1758  AcpiPmi - ok
11:40:12.0974 0x1758  [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
11:40:12.0974 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\acsock.sys. md5: 9BC0D1B4D9CCEC2DC9F010E466738A38, sha256: FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB
11:40:12.0974 0x1758  acsock - detected LockedFile.Multi.Generic ( 1 )
11:40:15.0907 0x1758  Detect skipped due to KSN trusted
11:40:15.0907 0x1758  acsock - ok
11:40:16.0063 0x1758  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:40:16.0063 0x1758  AdobeARMservice - ok
11:40:16.0188 0x1758  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:40:16.0203 0x1758  AdobeFlashPlayerUpdateSvc - ok
11:40:16.0297 0x1758  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:40:16.0297 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adp94xx.sys. md5: 21E785EBD7DC90A06391141AAC7892FB, sha256: A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25
11:40:16.0328 0x1758  adp94xx - detected LockedFile.Multi.Generic ( 1 )
11:40:19.0199 0x1758  Detect skipped due to KSN trusted
11:40:19.0199 0x1758  adp94xx - ok
11:40:19.0292 0x1758  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:40:19.0292 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adpahci.sys. md5: 0C676BC278D5B59FF5ABD57BBE9123F2, sha256: 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB
11:40:19.0308 0x1758  adpahci - detected LockedFile.Multi.Generic ( 1 )
11:40:22.0194 0x1758  Detect skipped due to KSN trusted
11:40:22.0194 0x1758  adpahci - ok
11:40:22.0272 0x1758  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:40:22.0272 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adpu320.sys. md5: 7C7B5EE4B7B822EC85321FE23A27DB33, sha256: A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C
11:40:22.0287 0x1758  adpu320 - detected LockedFile.Multi.Generic ( 1 )
11:40:25.0158 0x1758  Detect skipped due to KSN trusted
11:40:25.0158 0x1758  adpu320 - ok
11:40:25.0267 0x1758  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:40:25.0283 0x1758  AeLookupSvc - ok
11:40:25.0376 0x1758  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
11:40:25.0376 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\afd.sys. md5: F81BB7E487EDCEAB630A7EE66CF23913, sha256: 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68
11:40:25.0407 0x1758  AFD - detected LockedFile.Multi.Generic ( 1 )
11:40:28.0278 0x1758  Detect skipped due to KSN trusted
11:40:28.0278 0x1758  AFD - ok
11:40:28.0387 0x1758  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:40:28.0387 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\agp440.sys. md5: 507812C3054C21CEF746B6EE3D04DD6E, sha256: D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E
11:40:28.0403 0x1758  agp440 - detected LockedFile.Multi.Generic ( 1 )
11:40:31.0289 0x1758  Detect skipped due to KSN trusted
11:40:31.0289 0x1758  agp440 - ok
11:40:31.0398 0x1758  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:40:31.0398 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\djsvs.sys. md5: 8B30250D573A8F6B4BD23195160D8707, sha256: 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D
11:40:31.0413 0x1758  aic78xx - detected LockedFile.Multi.Generic ( 1 )
11:40:34.0299 0x1758  Detect skipped due to KSN trusted
11:40:34.0299 0x1758  aic78xx - ok
11:40:34.0409 0x1758  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
11:40:34.0424 0x1758  ALG - ok
11:40:34.0471 0x1758  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:40:34.0471 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\aliide.sys. md5: 0D40BCF52EA90FC7DF2AEAB6503DEA44, sha256: 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6
11:40:34.0471 0x1758  aliide - detected LockedFile.Multi.Generic ( 1 )
11:40:37.0357 0x1758  Detect skipped due to KSN trusted
11:40:37.0357 0x1758  aliide - ok
11:40:37.0466 0x1758  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:40:37.0466 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdagp.sys. md5: 3C6600A0696E90A463771C7422E23AB5, sha256: 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7
11:40:37.0497 0x1758  amdagp - detected LockedFile.Multi.Generic ( 1 )
11:40:40.0368 0x1758  Detect skipped due to KSN trusted
11:40:40.0368 0x1758  amdagp - ok
11:40:40.0477 0x1758  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:40:40.0477 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdide.sys. md5: CD5914170297126B6266860198D1D4F0, sha256: 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60
11:40:40.0508 0x1758  amdide - detected LockedFile.Multi.Generic ( 1 )
11:40:43.0394 0x1758  Detect skipped due to KSN trusted
11:40:43.0394 0x1758  amdide - ok
11:40:43.0441 0x1758  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:40:43.0441 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdk8.sys. md5: 00DDA200D71BAC534BF56A9DB5DFD666, sha256: CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B
11:40:43.0457 0x1758  AmdK8 - detected LockedFile.Multi.Generic ( 1 )
11:40:46.0327 0x1758  Detect skipped due to KSN trusted
11:40:46.0327 0x1758  AmdK8 - ok
11:40:46.0421 0x1758  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:40:46.0421 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdppm.sys. md5: 3CBF30F5370FDA40DD3E87DF38EA53B6, sha256: 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC
11:40:46.0452 0x1758  AmdPPM - detected LockedFile.Multi.Generic ( 1 )
11:40:49.0322 0x1758  Detect skipped due to KSN trusted
11:40:49.0322 0x1758  AmdPPM - ok
11:40:49.0447 0x1758  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:40:49.0447 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdsata.sys. md5: D320BF87125326F996D4904FE24300FC, sha256: F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416
11:40:49.0478 0x1758  amdsata - detected LockedFile.Multi.Generic ( 1 )
11:40:52.0333 0x1758  Detect skipped due to KSN trusted
11:40:52.0333 0x1758  amdsata - ok
11:40:52.0427 0x1758  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:40:52.0427 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdsbs.sys. md5: EA43AF0C423FF267355F74E7A53BDABA, sha256: 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4
11:40:52.0442 0x1758  amdsbs - detected LockedFile.Multi.Generic ( 1 )
11:40:55.0328 0x1758  Detect skipped due to KSN trusted
11:40:55.0328 0x1758  amdsbs - ok
11:40:55.0453 0x1758  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:40:55.0453 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdxata.sys. md5: 46387FB17B086D16DEA267D5BE23A2F2, sha256: 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0
11:40:55.0484 0x1758  amdxata - detected LockedFile.Multi.Generic ( 1 )
11:40:58.0355 0x1758  Detect skipped due to KSN trusted
11:40:58.0355 0x1758  amdxata - ok
11:40:58.0417 0x1758  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
11:40:58.0417 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ssadadb.sys. md5: DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, sha256: 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4
11:40:58.0433 0x1758  androidusb - detected LockedFile.Multi.Generic ( 1 )
11:41:01.0303 0x1758  Detect skipped due to KSN trusted
11:41:01.0303 0x1758  androidusb - ok
11:41:01.0475 0x1758  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:41:01.0490 0x1758  AntiVirSchedulerService - ok
11:41:01.0599 0x1758  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:41:01.0615 0x1758  AntiVirService - ok
11:41:01.0677 0x1758  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
11:41:01.0677 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\appid.sys. md5: AEA177F783E20150ACE5383EE368DA19, sha256: 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F
11:41:01.0709 0x1758  AppID - detected LockedFile.Multi.Generic ( 1 )
11:41:04.0579 0x1758  Detect skipped due to KSN trusted
11:41:04.0579 0x1758  AppID - ok
11:41:04.0657 0x1758  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:41:04.0657 0x1758  AppIDSvc - ok
11:41:04.0735 0x1758  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
11:41:04.0751 0x1758  Appinfo - ok
11:41:04.0844 0x1758  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:41:04.0844 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arc.sys. md5: 2932004F49677BD84DBC72EDB754FFB3, sha256: 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8
11:41:04.0875 0x1758  arc - detected LockedFile.Multi.Generic ( 1 )
11:41:07.0746 0x1758  Detect skipped due to KSN trusted
11:41:07.0746 0x1758  arc - ok
11:41:07.0824 0x1758  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:41:07.0824 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 5D6F36C46FD283AE1B57BD2E9FEB0BC7, sha256: F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA
11:41:07.0839 0x1758  arcsas - detected LockedFile.Multi.Generic ( 1 )
11:41:10.0757 0x1758  Detect skipped due to KSN trusted
11:41:10.0757 0x1758  arcsas - ok
11:41:10.0991 0x1758  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:41:10.0991 0x1758  aspnet_state - ok
11:41:11.0037 0x1758  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:11.0037 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: ADD2ADE1C2B285AB8378D2DAAF991481, sha256: 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519
11:41:11.0069 0x1758  AsyncMac - detected LockedFile.Multi.Generic ( 1 )
11:41:13.0955 0x1758  Detect skipped due to KSN trusted
11:41:13.0955 0x1758  AsyncMac - ok
11:41:14.0157 0x1758  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:41:14.0157 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 338C86357871C167A96AB976519BF59E, sha256: F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6
11:41:14.0157 0x1758  atapi - detected LockedFile.Multi.Generic ( 1 )
11:41:17.0137 0x1758  Detect skipped due to KSN trusted
11:41:17.0137 0x1758  atapi - ok
11:41:17.0293 0x1758  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:41:17.0309 0x1758  AudioEndpointBuilder - ok
11:41:17.0371 0x1758  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:41:17.0387 0x1758  Audiosrv - ok
11:41:17.0480 0x1758  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:41:17.0496 0x1758  avgntflt - ok
11:41:17.0574 0x1758  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:41:17.0574 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\avipbb.sys. md5: 05AF7CBF0BDA1571BBADC36703EB9CA4, sha256: 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442
11:41:17.0589 0x1758  avipbb - detected LockedFile.Multi.Generic ( 1 )
11:41:20.0475 0x1758  Detect skipped due to KSN trusted
11:41:20.0475 0x1758  avipbb - ok
11:41:20.0585 0x1758  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:41:20.0585 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\avkmgr.sys. md5: D8C712305F73CD34D1B344810E522728, sha256: 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA
11:41:20.0585 0x1758  avkmgr - detected LockedFile.Multi.Generic ( 1 )
11:41:23.0471 0x1758  Detect skipped due to KSN trusted
11:41:23.0471 0x1758  avkmgr - ok
11:41:23.0580 0x1758  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:41:23.0595 0x1758  AxInstSV - ok
11:41:23.0673 0x1758  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:41:23.0673 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbdx.sys. md5: 1A231ABEC60FD316EC54C66715543CEC, sha256: 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E
11:41:23.0689 0x1758  b06bdrv - detected LockedFile.Multi.Generic ( 1 )
11:41:26.0560 0x1758  Detect skipped due to KSN trusted
11:41:26.0560 0x1758  b06bdrv - ok
11:41:26.0653 0x1758  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:41:26.0653 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60x.sys. md5: BD8869EB9CDE6BBE4508D869929869EE, sha256: F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543
11:41:26.0669 0x1758  b57nd60x - detected LockedFile.Multi.Generic ( 1 )
11:41:29.0602 0x1758  Detect skipped due to KSN trusted
11:41:29.0602 0x1758  b57nd60x - ok
11:41:29.0742 0x1758  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
11:41:29.0758 0x1758  BDESVC - ok
11:41:29.0804 0x1758  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:41:29.0804 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 505506526A9D467307B3C393DEDAF858, sha256: 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4
11:41:29.0820 0x1758  Beep - detected LockedFile.Multi.Generic ( 1 )
11:41:32.0800 0x1758  Detect skipped due to KSN trusted
11:41:32.0800 0x1758  Beep - ok
11:41:32.0940 0x1758  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
11:41:32.0971 0x1758  BFE - ok
11:41:33.0080 0x1758  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
11:41:33.0096 0x1758  BITS - ok
11:41:33.0174 0x1758  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:41:33.0174 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 2287078ED48FCFC477B05B20CF38F36F, sha256: 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521
11:41:33.0205 0x1758  blbdrive - detected LockedFile.Multi.Generic ( 1 )
11:41:36.0091 0x1758  Detect skipped due to KSN trusted
11:41:36.0091 0x1758  blbdrive - ok
11:41:36.0200 0x1758  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:41:36.0200 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 8F2DA3028D5FCBD1A060A3DE64CD6506, sha256: E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76
11:41:36.0200 0x1758  bowser - detected LockedFile.Multi.Generic ( 1 )
11:41:39.0086 0x1758  Detect skipped due to KSN trusted
11:41:39.0086 0x1758  bowser - ok
11:41:39.0180 0x1758  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:41:39.0180 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: 9F9ACC7F7CCDE8A15C282D3F88B43309, sha256: A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F
11:41:39.0196 0x1758  BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
11:41:42.0082 0x1758  Detect skipped due to KSN trusted
11:41:42.0082 0x1758  BrFiltLo - ok
11:41:42.0160 0x1758  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:41:42.0160 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: 56801AD62213A41F6497F96DEE83755A, sha256: 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361
11:41:42.0175 0x1758  BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
11:41:45.0014 0x1758  Detect skipped due to KSN trusted
11:41:45.0014 0x1758  BrFiltUp - ok
11:41:45.0124 0x1758  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:41:45.0124 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bridge.sys. md5: 77361D72A04F18809D0EFB6CCEB74D4B, sha256: 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64
11:41:45.0139 0x1758  BridgeMP - detected LockedFile.Multi.Generic ( 1 )
11:41:48.0368 0x1758  Detect skipped due to KSN trusted
11:41:48.0368 0x1758  BridgeMP - ok
11:41:48.0493 0x1758  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
11:41:48.0493 0x1758  Browser - ok
11:41:48.0540 0x1758  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:41:48.0540 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 845B8CE732E67F3B4133164868C666EA, sha256: 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F
11:41:48.0571 0x1758  Brserid - detected LockedFile.Multi.Generic ( 1 )
11:41:51.0442 0x1758  Detect skipped due to KSN trusted
11:41:51.0442 0x1758  Brserid - ok
11:41:51.0535 0x1758  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:51.0535 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: 203F0B1E73ADADBBB7B7B1FABD901F6B, sha256: 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D
11:41:51.0535 0x1758  BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
11:41:54.0406 0x1758  Detect skipped due to KSN trusted
11:41:54.0406 0x1758  BrSerWdm - ok
11:41:54.0484 0x1758  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:54.0484 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: BD456606156BA17E60A04E18016AE54B, sha256: DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D
11:41:54.0499 0x1758  BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
11:41:57.0370 0x1758  Detect skipped due to KSN trusted
11:41:57.0370 0x1758  BrUsbMdm - ok
11:41:57.0448 0x1758  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:57.0448 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: AF72ED54503F717A43268B3CC5FAEC2E, sha256: 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468
11:41:57.0448 0x1758  BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
11:42:00.0427 0x1758  Detect skipped due to KSN trusted
11:42:00.0427 0x1758  BrUsbSer - ok
11:42:00.0490 0x1758  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:42:00.0490 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BthEnum.sys. md5: 2865A5C8E98C70C605F417908CEBB3A4, sha256: B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935
11:42:00.0490 0x1758  BthEnum - detected LockedFile.Multi.Generic ( 1 )
11:42:03.0376 0x1758  Detect skipped due to KSN trusted
11:42:03.0376 0x1758  BthEnum - ok
11:42:03.0469 0x1758  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:42:03.0469 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: ED3DF7C56CE0084EB2034432FC56565A, sha256: B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B
11:42:03.0485 0x1758  BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
11:42:06.0355 0x1758  Detect skipped due to KSN trusted
11:42:06.0355 0x1758  BTHMODEM - ok
11:42:06.0464 0x1758  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:42:06.0464 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthpan.sys. md5: AD1872E5829E8A2C3B5B4B641C3EAB0E, sha256: 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39
11:42:06.0480 0x1758  BthPan - detected LockedFile.Multi.Generic ( 1 )
11:42:09.0350 0x1758  Detect skipped due to KSN trusted
11:42:09.0350 0x1758  BthPan - ok
11:42:09.0522 0x1758  [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:42:09.0522 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHport.sys. md5: 4A34888E13224678DD062466AFEC4240, sha256: B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940
11:42:09.0538 0x1758  BTHPORT - detected LockedFile.Multi.Generic ( 1 )
11:42:12.0470 0x1758  Detect skipped due to KSN trusted
11:42:12.0470 0x1758  BTHPORT - ok
11:42:12.0564 0x1758  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
11:42:12.0564 0x1758  bthserv - ok
11:42:12.0611 0x1758  [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:42:12.0611 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHUSB.sys. md5: FA04C63916FA221DBB91FCE153D07A55, sha256: 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7
11:42:12.0626 0x1758  BTHUSB - detected LockedFile.Multi.Generic ( 1 )
11:42:15.0512 0x1758  Detect skipped due to KSN trusted
11:42:15.0512 0x1758  BTHUSB - ok
11:42:15.0606 0x1758  [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:42:15.0606 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: D57D29132EFE13A83133D9BD449E0CF1, sha256: 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB
11:42:15.0622 0x1758  btwaudio - detected LockedFile.Multi.Generic ( 1 )
11:42:18.0586 0x1758  Detect skipped due to KSN trusted
11:42:18.0586 0x1758  btwaudio - ok
11:42:18.0710 0x1758  [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
11:42:18.0710 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwavdt.sys. md5: D282C14A69357D0E1BAFAECC2CA98C3A, sha256: 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9
11:42:18.0726 0x1758  btwavdt - detected LockedFile.Multi.Generic ( 1 )
11:42:21.0612 0x1758  Detect skipped due to KSN trusted
11:42:21.0612 0x1758  btwavdt - ok
11:42:21.0768 0x1758  [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:42:21.0784 0x1758  btwdins - ok
11:42:21.0830 0x1758  [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:42:21.0830 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwl2cap.sys. md5: AAFD7CB76BA61FBB08E302DA208C974A, sha256: 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C
11:42:21.0862 0x1758  btwl2cap - detected LockedFile.Multi.Generic ( 1 )
11:42:24.0748 0x1758  Detect skipped due to KSN trusted
11:42:24.0748 0x1758  btwl2cap - ok
11:42:24.0826 0x1758  [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:42:24.0826 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwrchid.sys. md5: 02EB4D2B05967DF2D32F29C84AB1FB17, sha256: 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288
11:42:24.0826 0x1758  btwrchid - detected LockedFile.Multi.Generic ( 1 )
11:42:27.0696 0x1758  Detect skipped due to KSN trusted
11:42:27.0696 0x1758  btwrchid - ok
11:42:27.0821 0x1758  catchme - ok
11:42:27.0883 0x1758  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:42:27.0883 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: 77EA11B065E0A8AB902D78145CA51E10, sha256: 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A
11:42:27.0914 0x1758  cdfs - detected LockedFile.Multi.Generic ( 1 )
11:42:30.0785 0x1758  Detect skipped due to KSN trusted
11:42:30.0785 0x1758  cdfs - ok
11:42:30.0925 0x1758  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
11:42:30.0925 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cdrom.sys. md5: BE167ED0FDB9C1FA1133953C18D5A6C9, sha256: E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C
11:42:30.0956 0x1758  cdrom - detected LockedFile.Multi.Generic ( 1 )
11:42:33.0842 0x1758  Detect skipped due to KSN trusted
11:42:33.0842 0x1758  cdrom - ok
11:42:33.0967 0x1758  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:42:33.0967 0x1758  CertPropSvc - ok
11:42:34.0014 0x1758  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:42:34.0014 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: 3FE3FE94A34DF6FB06E6418D0F6A0060, sha256: 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735
11:42:34.0045 0x1758  circlass - detected LockedFile.Multi.Generic ( 1 )
11:42:36.0916 0x1758  Detect skipped due to KSN trusted
11:42:36.0916 0x1758  circlass - ok
11:42:37.0040 0x1758  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
11:42:37.0040 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: 635181E0E9BBF16871BF5380D71DB02D, sha256: 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A
11:42:37.0056 0x1758  CLFS - detected LockedFile.Multi.Generic ( 1 )
11:42:39.0942 0x1758  Detect skipped due to KSN trusted
11:42:39.0942 0x1758  CLFS - ok
11:42:40.0176 0x1758  [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
11:42:40.0238 0x1758  ClickToRunSvc - ok
11:42:40.0332 0x1758  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:42:40.0332 0x1758  clr_optimization_v2.0.50727_32 - ok
11:42:40.0426 0x1758  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:42:40.0426 0x1758  clr_optimization_v4.0.30319_32 - ok
11:42:40.0472 0x1758  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:42:40.0472 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: DEA805815E587DAD1DD2C502220B5616, sha256: 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C
11:42:40.0504 0x1758  CmBatt - detected LockedFile.Multi.Generic ( 1 )
11:42:43.0390 0x1758  Detect skipped due to KSN trusted
11:42:43.0390 0x1758  CmBatt - ok
11:42:43.0483 0x1758  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:42:43.0483 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cmdide.sys. md5: C537B1DB64D495B9B4717B4D6D9EDBF2, sha256: 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B
11:42:43.0499 0x1758  cmdide - detected LockedFile.Multi.Generic ( 1 )
11:42:46.0369 0x1758  Detect skipped due to KSN trusted
11:42:46.0369 0x1758  cmdide - ok
11:42:46.0494 0x1758  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
11:42:46.0494 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: 85449EEBE8F8EBD6481EFBF0F352B4EB, sha256: E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC
11:42:46.0494 0x1758  CNG - detected LockedFile.Multi.Generic ( 1 )
11:42:49.0364 0x1758  Detect skipped due to KSN trusted
11:42:49.0364 0x1758  CNG - ok
11:42:49.0474 0x1758  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:42:49.0474 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: A6023D3823C37043986713F118A89BEE, sha256: FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B
11:42:49.0474 0x1758  Compbatt - detected LockedFile.Multi.Generic ( 1 )
11:42:52.0344 0x1758  Detect skipped due to KSN trusted
11:42:52.0344 0x1758  Compbatt - ok
11:42:52.0453 0x1758  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:42:52.0453 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CompositeBus.sys. md5: CBE8C58A8579CFE5FCCF809E6F114E89, sha256: AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF
11:42:52.0484 0x1758  CompositeBus - detected LockedFile.Multi.Generic ( 1 )
11:42:55.0355 0x1758  Detect skipped due to KSN trusted
11:42:55.0355 0x1758  CompositeBus - ok
11:42:55.0433 0x1758  COMSysApp - ok
11:42:55.0464 0x1758  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:42:55.0464 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 2C4EBCFC84A9B44F209DFF6C6E6C61D1, sha256: 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6
11:42:55.0480 0x1758  crcdisk - detected LockedFile.Multi.Generic ( 1 )
11:42:58.0350 0x1758  Detect skipped due to KSN trusted
11:42:58.0350 0x1758  crcdisk - ok
11:42:58.0475 0x1758  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:42:58.0490 0x1758  CryptSvc - ok
11:42:58.0584 0x1758  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:42:58.0615 0x1758  DcomLaunch - ok
11:42:58.0678 0x1758  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
11:42:58.0693 0x1758  defragsvc - ok
11:42:58.0740 0x1758  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:42:58.0740 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: F024449C97EC1E464AAFFDA18593DB88, sha256: 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2
11:42:58.0771 0x1758  DfsC - detected LockedFile.Multi.Generic ( 1 )
11:43:01.0657 0x1758  Detect skipped due to KSN trusted
11:43:01.0657 0x1758  DfsC - ok
11:43:01.0798 0x1758  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:43:01.0813 0x1758  Dhcp - ok
11:43:01.0860 0x1758  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
11:43:01.0860 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 1A050B0274BFB3890703D490F330C0DA, sha256: 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB
11:43:01.0860 0x1758  discache - detected LockedFile.Multi.Generic ( 1 )
11:43:04.0715 0x1758  Detect skipped due to KSN trusted
11:43:04.0715 0x1758  discache - ok
11:43:04.0840 0x1758  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:43:04.0840 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 565003F326F99802E68CA78F2A68E9FF, sha256: ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2
11:43:04.0840 0x1758  Disk - detected LockedFile.Multi.Generic ( 1 )
11:43:07.0710 0x1758  Detect skipped due to KSN trusted
11:43:07.0710 0x1758  Disk - ok
11:43:07.0928 0x1758  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:43:07.0944 0x1758  Dnscache - ok
11:43:08.0006 0x1758  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:43:08.0022 0x1758  dot3svc - ok
11:43:08.0100 0x1758  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
11:43:08.0100 0x1758  DPS - ok
11:43:08.0178 0x1758  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:43:08.0178 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: B918E7C5F9BF77202F89E1A9539F2EB4, sha256: C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B
11:43:08.0209 0x1758  drmkaud - detected LockedFile.Multi.Generic ( 1 )
11:43:11.0080 0x1758  Detect skipped due to KSN trusted
11:43:11.0080 0x1758  drmkaud - ok
11:43:11.0282 0x1758  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:43:11.0282 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 71BC35067CABC02C9453AEAA42B2E43E, sha256: 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619
11:43:11.0298 0x1758  DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
11:43:14.0168 0x1758  Detect skipped due to KSN trusted
11:43:14.0168 0x1758  DXGKrnl - ok
11:43:14.0278 0x1758  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
11:43:14.0278 0x1758  EapHost - ok
11:43:14.0480 0x1758  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:43:14.0480 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbdx.sys. md5: 024E1B5CAC09731E4D868E64DBFB4AB0, sha256: AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994
11:43:14.0512 0x1758  ebdrv - detected LockedFile.Multi.Generic ( 1 )
11:43:17.0382 0x1758  Detect skipped due to KSN trusted
11:43:17.0382 0x1758  ebdrv - ok
11:43:17.0491 0x1758  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
11:43:17.0491 0x1758  EFS - ok
11:43:17.0632 0x1758  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:43:17.0647 0x1758  ehRecvr - ok
11:43:17.0710 0x1758  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
11:43:17.0710 0x1758  ehSched - ok
11:43:17.0803 0x1758  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:43:17.0803 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0ED67910C8C326796FAA00B2BF6D9D3C, sha256: 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8
11:43:17.0834 0x1758  elxstor - detected LockedFile.Multi.Generic ( 1 )
11:43:20.0721 0x1758  Detect skipped due to KSN trusted
11:43:20.0721 0x1758  elxstor - ok
11:43:20.0830 0x1758  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:43:20.0830 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 8FC3208352DD3912C94367A206AB3F11, sha256: 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02
11:43:20.0830 0x1758  ErrDev - detected LockedFile.Multi.Generic ( 1 )
11:43:23.0716 0x1758  Detect skipped due to KSN trusted
11:43:23.0716 0x1758  ErrDev - ok
11:43:23.0919 0x1758  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
11:43:23.0919 0x1758  EventSystem - ok
11:43:23.0981 0x1758  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:43:23.0981 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: 2DC9108D74081149CC8B651D3A26207F, sha256: 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176
11:43:23.0997 0x1758  exfat - detected LockedFile.Multi.Generic ( 1 )
11:43:26.0883 0x1758  Detect skipped due to KSN trusted
11:43:26.0883 0x1758  exfat - ok
11:43:26.0961 0x1758  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:43:26.0961 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 7E0AB74553476622FB6AE36F73D97D35, sha256: 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947
11:43:26.0976 0x1758  fastfat - detected LockedFile.Multi.Generic ( 1 )
11:43:29.0847 0x1758  Detect skipped due to KSN trusted
11:43:29.0847 0x1758  fastfat - ok
11:43:29.0971 0x1758  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
11:43:29.0987 0x1758  Fax - ok
11:43:30.0049 0x1758  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:43:30.0049 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: E817A017F82DF2A1F8CFDBDA29388B29, sha256: 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837
11:43:30.0049 0x1758  fdc - detected LockedFile.Multi.Generic ( 1 )
11:43:32.0951 0x1758  Detect skipped due to KSN trusted
11:43:32.0951 0x1758  fdc - ok
11:43:33.0060 0x1758  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
11:43:33.0060 0x1758  fdPHost - ok
11:43:33.0107 0x1758  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:43:33.0123 0x1758  FDResPub - ok
11:43:33.0169 0x1758  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:43:33.0169 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 6CF00369C97F3CF563BE99BE983D13D8, sha256: F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33
11:43:33.0201 0x1758  FileInfo - detected LockedFile.Multi.Generic ( 1 )
11:43:36.0087 0x1758  Detect skipped due to KSN trusted
11:43:36.0087 0x1758  FileInfo - ok
11:43:36.0180 0x1758  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:43:36.0180 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 42C51DC94C91DA21CB9196EB64C45DB9, sha256: 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635
11:43:36.0196 0x1758  Filetrace - detected LockedFile.Multi.Generic ( 1 )
11:43:39.0082 0x1758  Detect skipped due to KSN trusted
11:43:39.0082 0x1758  Filetrace - ok
11:43:39.0175 0x1758  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:43:39.0175 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: 87907AA70CB3C56600F1C2FB8841579B, sha256: CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979
11:43:39.0191 0x1758  flpydisk - detected LockedFile.Multi.Generic ( 1 )
11:43:42.0046 0x1758  Detect skipped due to KSN trusted
11:43:42.0046 0x1758  flpydisk - ok
11:43:42.0139 0x1758  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:43:42.0139 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: 7520EC808E0C35E0EE6F841294316653, sha256: 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67
11:43:42.0155 0x1758  FltMgr - detected LockedFile.Multi.Generic ( 1 )
11:43:45.0135 0x1758  Detect skipped due to KSN trusted
11:43:45.0135 0x1758  FltMgr - ok
11:43:45.0322 0x1758  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
11:43:45.0353 0x1758  FontCache - ok
11:43:45.0431 0x1758  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:43:45.0431 0x1758  FontCache3.0.0.0 - ok
11:43:45.0493 0x1758  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:43:45.0493 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: 1A16B57943853E598CFF37FE2B8CBF1D, sha256: 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E
11:43:45.0525 0x1758  FsDepends - detected LockedFile.Multi.Generic ( 1 )
11:43:48.0395 0x1758  Detect skipped due to KSN trusted
11:43:48.0395 0x1758  FsDepends - ok
11:43:48.0504 0x1758  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:43:48.0504 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 7DAE5EBCC80E45D3253F4923DC424D05, sha256: 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A
11:43:48.0504 0x1758  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
11:43:51.0390 0x1758  Detect skipped due to KSN trusted
11:43:51.0390 0x1758  Fs_Rec - ok
11:43:51.0515 0x1758  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:43:51.0515 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: E306A24D9694C724FA2491278BF50FDB, sha256: 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091
11:43:51.0546 0x1758  fvevol - detected LockedFile.Multi.Generic ( 1 )
11:43:54.0432 0x1758  Detect skipped due to KSN trusted
11:43:54.0432 0x1758  fvevol - ok
11:43:54.0541 0x1758  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:43:54.0541 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 65EE0C7A58B65E74AE05637418153938, sha256: 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF
11:43:54.0588 0x1758  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
11:43:57.0474 0x1758  Detect skipped due to KSN trusted
11:43:57.0474 0x1758  gagp30kx - ok
11:43:57.0599 0x1758  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:43:57.0615 0x1758  gpsvc - ok
11:43:57.0802 0x1758  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:57.0802 0x1758  gupdate - ok
11:43:57.0927 0x1758  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:43:57.0927 0x1758  gupdatem - ok
11:43:58.0005 0x1758  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:43:58.0005 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: C44E3C2BAB6837DB337DDEE7544736DB, sha256: 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D
11:43:58.0098 0x1758  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
11:44:01.0078 0x1758  Detect skipped due to KSN trusted
11:44:01.0078 0x1758  hcw85cir - ok
11:44:01.0156 0x1758  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:44:01.0156 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: A5EF29D5315111C80A5C1ABAD14C8972, sha256: A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A
11:44:01.0187 0x1758  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
11:44:04.0073 0x1758  Detect skipped due to KSN trusted
11:44:04.0073 0x1758  HdAudAddService - ok
11:44:04.0151 0x1758  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:44:04.0151 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 9036377B8A6C15DC2EEC53E489D159B5, sha256: 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B
11:44:04.0182 0x1758  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
11:44:07.0068 0x1758  Detect skipped due to KSN trusted
11:44:07.0068 0x1758  HDAudBus - ok
11:44:07.0177 0x1758  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:44:07.0177 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 1D58A7F3E11A9731D0EAAAA8405ACC36, sha256: 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215
11:44:07.0209 0x1758  HidBatt - detected LockedFile.Multi.Generic ( 1 )
11:44:10.0079 0x1758  Detect skipped due to KSN trusted
11:44:10.0079 0x1758  HidBatt - ok
11:44:10.0204 0x1758  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:44:10.0204 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 89448F40E6DF260C206A193A4683BA78, sha256: 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C
11:44:10.0282 0x1758  HidBth - detected LockedFile.Multi.Generic ( 1 )
11:44:13.0152 0x1758  Detect skipped due to KSN trusted
11:44:13.0152 0x1758  HidBth - ok
11:44:13.0277 0x1758  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:44:13.0277 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: CF50B4CF4A4F229B9F3C08351F99CA5E, sha256: B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F
11:44:13.0308 0x1758  HidIr - detected LockedFile.Multi.Generic ( 1 )
11:44:16.0194 0x1758  Detect skipped due to KSN trusted
11:44:16.0194 0x1758  HidIr - ok
11:44:16.0335 0x1758  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
11:44:16.0335 0x1758  hidserv - ok
11:44:16.0459 0x1758  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:44:16.0459 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 10C19F8290891AF023EAEC0832E1EB4D, sha256: E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853
11:44:16.0491 0x1758  HidUsb - detected LockedFile.Multi.Generic ( 1 )
11:44:19.0377 0x1758  Detect skipped due to KSN trusted
11:44:19.0377 0x1758  HidUsb - ok
11:44:19.0517 0x1758  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:44:19.0517 0x1758  hkmsvc - ok
11:44:19.0595 0x1758  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:44:19.0611 0x1758  HomeGroupListener - ok
11:44:19.0657 0x1758  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:44:19.0673 0x1758  HomeGroupProvider - ok
11:44:19.0735 0x1758  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:44:19.0735 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 295FDC419039090EB8B49FFDBB374549, sha256: 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7
11:44:19.0751 0x1758  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
11:44:22.0621 0x1758  Detect skipped due to KSN trusted
11:44:22.0621 0x1758  HpSAMD - ok
11:44:22.0715 0x1758  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:44:22.0715 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 871917B07A141BFF43D76D8844D48106, sha256: 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987
11:44:22.0746 0x1758  HTTP - detected LockedFile.Multi.Generic ( 1 )
11:44:25.0617 0x1758  Detect skipped due to KSN trusted
11:44:25.0617 0x1758  HTTP - ok
11:44:25.0726 0x1758  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:44:25.0726 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: 0C4E035C7F105F1299258C90886C64C5, sha256: CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4
11:44:25.0726 0x1758  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
11:44:28.0612 0x1758  Detect skipped due to KSN trusted
11:44:28.0612 0x1758  hwpolicy - ok
11:44:28.0674 0x1758  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:44:28.0674 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: F151F0BDC47F4A28B1B20A0818EA36D6, sha256: 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79
11:44:28.0674 0x1758  i8042prt - detected LockedFile.Multi.Generic ( 1 )
11:44:31.0560 0x1758  Detect skipped due to KSN trusted
11:44:31.0560 0x1758  i8042prt - ok
11:44:31.0701 0x1758  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:44:31.0716 0x1758  IAANTMON - ok
11:44:31.0825 0x1758  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:44:31.0825 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: D483687EACE0C065EE772481A96E05F5, sha256: A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29
11:44:31.0872 0x1758  iaStor - detected LockedFile.Multi.Generic ( 1 )
11:44:34.0743 0x1758  Detect skipped due to KSN trusted
11:44:34.0743 0x1758  iaStor - ok
11:44:34.0899 0x1758  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:44:34.0899 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 5CD5F9A5444E6CDCB0AC89BD62D8B76E, sha256: 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0
11:44:34.0914 0x1758  iaStorV - detected LockedFile.Multi.Generic ( 1 )
11:44:37.0800 0x1758  Detect skipped due to KSN trusted
11:44:37.0800 0x1758  iaStorV - ok
11:44:37.0925 0x1758  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:44:37.0972 0x1758  idsvc - ok
11:44:38.0065 0x1758  IEEtwCollectorService - ok
11:44:38.0565 0x1758  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
11:44:38.0565 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\igdkmd32.sys. md5: 8266AE06DF974E5BA047B3E9E9E70B3F, sha256: 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2
11:44:38.0643 0x1758  igfx - detected LockedFile.Multi.Generic ( 1 )
11:44:41.0529 0x1758  Detect skipped due to KSN trusted
11:44:41.0529 0x1758  igfx - ok
11:44:41.0638 0x1758  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:44:41.0638 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 4173FF5708F3236CF25195FECD742915, sha256: 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D
11:44:41.0653 0x1758  iirsp - detected LockedFile.Multi.Generic ( 1 )
11:44:44.0539 0x1758  Detect skipped due to KSN trusted
11:44:44.0539 0x1758  iirsp - ok
11:44:44.0695 0x1758  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:44:44.0742 0x1758  IKEEXT - ok
11:44:44.0961 0x1758  [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:44:44.0961 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHDA.sys. md5: B29E79C67F3779E70BA187E31B639EBC, sha256: 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232
11:44:44.0992 0x1758  IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
11:44:47.0878 0x1758  Detect skipped due to KSN trusted
11:44:47.0878 0x1758  IntcAzAudAddService - ok
11:44:47.0987 0x1758  [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:44:47.0987 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IntcHdmi.sys. md5: E63CD0D9AA8D406CABDE5AA718936F40, sha256: FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733
11:44:48.0003 0x1758  IntcHdmiAddService - detected LockedFile.Multi.Generic ( 1 )
11:44:50.0873 0x1758  Detect skipped due to KSN trusted
11:44:50.0873 0x1758  IntcHdmiAddService - ok
11:44:50.0982 0x1758  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:44:50.0982 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: A0F12F2C9BA6C72F3987CE780E77C130, sha256: 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034
11:44:50.0982 0x1758  intelide - detected LockedFile.Multi.Generic ( 1 )
11:44:53.0868 0x1758  Detect skipped due to KSN trusted
11:44:53.0868 0x1758  intelide - ok
11:44:53.0962 0x1758  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:44:53.0962 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: 3B514D27BFC4ACCB4037BC6685F766E0, sha256: F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A
11:44:53.0993 0x1758  intelppm - detected LockedFile.Multi.Generic ( 1 )
11:44:56.0879 0x1758  Detect skipped due to KSN trusted
11:44:56.0879 0x1758  intelppm - ok
11:44:56.0988 0x1758  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:44:57.0004 0x1758  IPBusEnum - ok
11:44:57.0051 0x1758  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:44:57.0051 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 709D1761D3B19A932FF0238EA6D50200, sha256: 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823
11:44:57.0082 0x1758  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
11:44:59.0968 0x1758  Detect skipped due to KSN trusted
11:44:59.0968 0x1758  IpFilterDriver - ok
11:45:00.0108 0x1758  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:45:00.0155 0x1758  iphlpsvc - ok
11:45:00.0217 0x1758  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:45:00.0217 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 4BD7134618C1D2A27466A099062547BF, sha256: 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964
11:45:00.0233 0x1758  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
11:45:03.0103 0x1758  Detect skipped due to KSN trusted
11:45:03.0103 0x1758  IPMIDRV - ok
11:45:03.0213 0x1758  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:45:03.0213 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: A5FA468D67ABCDAA36264E463A7BB0CD, sha256: EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63
11:45:03.0213 0x1758  IPNAT - detected LockedFile.Multi.Generic ( 1 )
11:45:06.0083 0x1758  Detect skipped due to KSN trusted
11:45:06.0083 0x1758  IPNAT - ok
11:45:06.0130 0x1758  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:45:06.0130 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 42996CFF20A3084A56017B7902307E9F, sha256: 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D
11:45:06.0145 0x1758  IRENUM - detected LockedFile.Multi.Generic ( 1 )
11:45:09.0016 0x1758  Detect skipped due to KSN trusted
11:45:09.0016 0x1758  IRENUM - ok
11:45:09.0125 0x1758  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:45:09.0125 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 1F32BB6B38F62F7DF1A7AB7292638A35, sha256: 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F
11:45:09.0141 0x1758  isapnp - detected LockedFile.Multi.Generic ( 1 )
11:45:12.0011 0x1758  Detect skipped due to KSN trusted
11:45:12.0011 0x1758  isapnp - ok
11:45:12.0120 0x1758  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:45:12.0120 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: EB34CE31FABD4DC4343FD2AD16D2CAF9, sha256: D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C
11:45:12.0136 0x1758  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
11:45:15.0006 0x1758  Detect skipped due to KSN trusted
11:45:15.0006 0x1758  iScsiPrt - ok
11:45:15.0069 0x1758  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
11:45:15.0069 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdclass.sys. md5: ADEF52CA1AEAE82B50DF86B56413107E, sha256: A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2
11:45:15.0084 0x1758  kbdclass - detected LockedFile.Multi.Generic ( 1 )
11:45:18.0048 0x1758  Detect skipped due to KSN trusted
11:45:18.0048 0x1758  kbdclass - ok
11:45:18.0158 0x1758  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:45:18.0158 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\kbdhid.sys. md5: 9E3CED91863E6EE98C24794D05E27A71, sha256: 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F
11:45:18.0173 0x1758  kbdhid - detected LockedFile.Multi.Generic ( 1 )
11:45:21.0044 0x1758  Detect skipped due to KSN trusted
11:45:21.0044 0x1758  kbdhid - ok
11:45:21.0090 0x1758  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
11:45:21.0090 0x1758  KeyIso - ok
11:45:21.0153 0x1758  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:45:21.0153 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 4120DA10AA42A9996F4575DB9E3E6E6E, sha256: 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8
11:45:21.0184 0x1758  KSecDD - detected LockedFile.Multi.Generic ( 1 )
11:45:24.0132 0x1758  Detect skipped due to KSN trusted
11:45:24.0132 0x1758  KSecDD - ok
11:45:24.0273 0x1758  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:45:24.0273 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: D3964885F0A11ACF51DA3AAA776973B2, sha256: 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA
11:45:24.0288 0x1758  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
11:45:27.0159 0x1758  Detect skipped due to KSN trusted
11:45:27.0159 0x1758  KSecPkg - ok
11:45:27.0284 0x1758  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:45:27.0315 0x1758  KtmRm - ok
11:45:27.0393 0x1758  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:45:27.0393 0x1758  LanmanServer - ok
11:45:27.0471 0x1758  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:45:27.0471 0x1758  LanmanWorkstation - ok
11:45:27.0580 0x1758  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:45:27.0580 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: F7611EC07349979DA9B0AE1F18CCC7A6, sha256: 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E
11:45:27.0596 0x1758  lltdio - detected LockedFile.Multi.Generic ( 1 )
11:45:30.0575 0x1758  Detect skipped due to KSN trusted
11:45:30.0575 0x1758  lltdio - ok
11:45:30.0731 0x1758  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:45:30.0747 0x1758  lltdsvc - ok
11:45:30.0809 0x1758  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:45:30.0809 0x1758  lmhosts - ok
11:45:30.0872 0x1758  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:45:30.0872 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: EB119A53CCF2ACC000AC71B065B78FEF, sha256: 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9
11:45:30.0887 0x1758  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
11:45:33.0773 0x1758  Detect skipped due to KSN trusted
11:45:33.0773 0x1758  LSI_FC - ok
11:45:33.0851 0x1758  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:45:33.0851 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 8ADE1C877256A22E49B75D1CC9161F9C, sha256: 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7
11:45:33.0867 0x1758  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
11:45:36.0737 0x1758  Detect skipped due to KSN trusted
11:45:36.0737 0x1758  LSI_SAS - ok
11:45:36.0784 0x1758  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:45:36.0784 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: DC9DC3D3DAA0E276FD2EC262E38B11E9, sha256: A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC
11:45:36.0800 0x1758  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
11:45:39.0966 0x1758  Detect skipped due to KSN trusted
11:45:39.0966 0x1758  LSI_SAS2 - ok
11:45:40.0029 0x1758  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:45:40.0044 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0A036C7D7CAB643A7F07135AC47E0524, sha256: 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8
11:45:40.0044 0x1758  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
11:45:42.0930 0x1758  Detect skipped due to KSN trusted
11:45:42.0930 0x1758  LSI_SCSI - ok
11:45:43.0055 0x1758  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:45:43.0055 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 6703E366CC18D3B6E534F5CF7DF39CEE, sha256: 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4
11:45:43.0071 0x1758  luafv - detected LockedFile.Multi.Generic ( 1 )
11:45:45.0926 0x1758  Detect skipped due to KSN trusted
11:45:45.0926 0x1758  luafv - ok
11:45:46.0004 0x1758  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:45:46.0019 0x1758  Mcx2Svc - ok
11:45:46.0066 0x1758  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:45:46.0066 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: 0FFF5B045293002AB38EB1FD1FC2FB74, sha256: 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374
11:45:46.0097 0x1758  megasas - detected LockedFile.Multi.Generic ( 1 )
11:45:48.0968 0x1758  Detect skipped due to KSN trusted
11:45:48.0968 0x1758  megasas - ok
11:45:49.0046 0x1758  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:45:49.0046 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: DCBAB2920C75F390CAF1D29F675D03D6, sha256: 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB
11:45:49.0077 0x1758  MegaSR - detected LockedFile.Multi.Generic ( 1 )
11:45:51.0963 0x1758  Detect skipped due to KSN trusted
11:45:51.0963 0x1758  MegaSR - ok
11:45:52.0025 0x1758  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
11:45:52.0041 0x1758  Micro Star SCM - ok
11:45:52.0119 0x1758  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
11:45:52.0119 0x1758  MMCSS - ok
11:45:52.0166 0x1758  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
11:45:52.0166 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: F001861E5700EE84E2D4E52C712F4964, sha256: F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE
11:45:52.0197 0x1758  Modem - detected LockedFile.Multi.Generic ( 1 )
11:45:55.0083 0x1758  Detect skipped due to KSN trusted
11:45:55.0083 0x1758  Modem - ok
11:45:55.0130 0x1758  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:45:55.0130 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: 79D10964DE86B292320E9DFE02282A23, sha256: 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72
11:45:55.0145 0x1758  monitor - detected LockedFile.Multi.Generic ( 1 )
11:45:58.0016 0x1758  Detect skipped due to KSN trusted
11:45:58.0016 0x1758  monitor - ok
11:45:58.0109 0x1758  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\drivers\mouclass.sys
11:45:58.0109 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mouclass.sys. md5: FB18CC1D4C2E716B6B903B0AC0CC0609, sha256: F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E
11:45:58.0125 0x1758  mouclass - detected LockedFile.Multi.Generic ( 1 )
11:46:00.0995 0x1758  Detect skipped due to KSN trusted
11:46:00.0995 0x1758  mouclass - ok
11:46:01.0026 0x1758  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:46:01.0026 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: 2C388D2CD01C9042596CF3C8F3C7B24D, sha256: B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703
11:46:01.0042 0x1758  mouhid - detected LockedFile.Multi.Generic ( 1 )
11:46:03.0912 0x1758  Detect skipped due to KSN trusted
11:46:03.0912 0x1758  mouhid - ok
11:46:04.0022 0x1758  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:46:04.0022 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: FC8771F45ECCCFD89684E38842539B9B, sha256: 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A
11:46:04.0037 0x1758  mountmgr - detected LockedFile.Multi.Generic ( 1 )
11:46:06.0908 0x1758  Detect skipped due to KSN trusted
11:46:06.0908 0x1758  mountmgr - ok
11:46:07.0017 0x1758  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:46:07.0017 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: 2D699FB6E89CE0D8DA14ECC03B3EDFE0, sha256: D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420
11:46:07.0032 0x1758  mpio - detected LockedFile.Multi.Generic ( 1 )
11:46:09.0887 0x1758  Detect skipped due to KSN trusted
11:46:09.0887 0x1758  mpio - ok
11:46:09.0981 0x1758  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:46:09.0981 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: AD2723A7B53DD1AACAE6AD8C0BFBF4D0, sha256: 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2
11:46:09.0996 0x1758  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
11:46:12.0882 0x1758  Detect skipped due to KSN trusted
11:46:12.0882 0x1758  mpsdrv - ok
11:46:13.0116 0x1758  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:46:13.0163 0x1758  MpsSvc - ok
11:46:13.0226 0x1758  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:46:13.0226 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 21F4B24ACFC79A483515BD986DD9043F, sha256: 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA
11:46:13.0272 0x1758  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
11:46:16.0221 0x1758  Detect skipped due to KSN trusted
11:46:16.0221 0x1758  MRxDAV - ok
11:46:16.0283 0x1758  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:46:16.0283 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 5D16C921E3671636C0EBA3BBAAC5FD25, sha256: 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C
11:46:16.0299 0x1758  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
11:46:19.0185 0x1758  Detect skipped due to KSN trusted
11:46:19.0185 0x1758  mrxsmb - ok
11:46:19.0247 0x1758  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:19.0247 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 6D17A4791ACA19328C685D256349FEFC, sha256: 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668
11:46:19.0247 0x1758  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
11:46:22.0133 0x1758  Detect skipped due to KSN trusted
11:46:22.0133 0x1758  mrxsmb10 - ok
11:46:22.0227 0x1758  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:22.0227 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: B81F204D146000BE76651A50670A5E9E, sha256: 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17
11:46:22.0258 0x1758  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
11:46:32.0273 0x1758  Object is SCO, delete is not allowed
11:46:32.0273 0x1758  mrxsmb20 ( LockedFile.Multi.Generic ) - warning
11:46:32.0273 0x1758  Force sending object to P2P due to detect: mrxsmb20
11:46:36.0251 0x1758  Object send P2P result: true
11:46:39.0200 0x1758  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:46:39.0200 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: 012C5F4E9349E711E11E0F19A8589F0A, sha256: 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584
11:46:39.0215 0x1758  msahci - detected LockedFile.Multi.Generic ( 1 )
11:46:42.0257 0x1758  Detect skipped due to KSN trusted
11:46:42.0257 0x1758  msahci - ok
11:46:42.0351 0x1758  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:46:42.0351 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: 55055F8AD8BE27A64C831322A780A228, sha256: C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304
11:46:42.0366 0x1758  msdsm - detected LockedFile.Multi.Generic ( 1 )
11:46:45.0237 0x1758  Detect skipped due to KSN trusted
11:46:45.0237 0x1758  msdsm - ok
11:46:45.0346 0x1758  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
11:46:45.0362 0x1758  MSDTC - ok
11:46:45.0440 0x1758  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:46:45.0440 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: DAEFB28E3AF5A76ABCC2C3078C07327F, sha256: 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF
11:46:45.0455 0x1758  Msfs - detected LockedFile.Multi.Generic ( 1 )
11:46:48.0341 0x1758  Detect skipped due to KSN trusted
11:46:48.0341 0x1758  Msfs - ok
11:46:48.0388 0x1758  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:46:48.0388 0x1758  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: 3E1E5767043C5AF9367F0056295E9F84, sha256: B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70
11:46:48.0388 0x1758  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
11:46:51.0274 0x1758  Detect skipped due to KSN trusted
11:46:51.0274 0x1758  mshidkmdf - ok
11:46:51.0414 0x1758  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:46:51.0414 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: 0A4E5757AE09FA9622E3158CC1AEF114, sha256: ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54
11:46:51.0446 0x1758  msisadrv - detected LockedFile.Multi.Generic ( 1 )
11:46:54.0519 0x1758  Detect skipped due to KSN trusted
11:46:54.0519 0x1758  msisadrv - ok
11:46:54.0628 0x1758  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:46:54.0628 0x1758  MSiSCSI - ok
11:46:54.0675 0x1758  msiserver - ok
11:46:54.0737 0x1758  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:46:54.0737 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 8C0860D6366AAFFB6C5BB9DF9448E631, sha256: 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77
11:46:54.0768 0x1758  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
11:46:57.0639 0x1758  Detect skipped due to KSN trusted
11:46:57.0639 0x1758  MSKSSRV - ok
11:46:57.0717 0x1758  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:57.0717 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: 3EA8B949F963562CEDBB549EAC0C11CE, sha256: 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D
11:46:57.0717 0x1758  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
11:47:00.0603 0x1758  Detect skipped due to KSN trusted
11:47:00.0603 0x1758  MSPCLOCK - ok
11:47:00.0665 0x1758  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:47:00.0665 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: F456E973590D663B1073E9C463B40932, sha256: 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11
11:47:00.0681 0x1758  MSPQM - detected LockedFile.Multi.Generic ( 1 )
11:47:03.0551 0x1758  Detect skipped due to KSN trusted
11:47:03.0551 0x1758  MSPQM - ok
11:47:03.0660 0x1758  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:47:03.0660 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 0E008FC4819D238C51D7C93E7B41E560, sha256: 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2
11:47:03.0676 0x1758  MsRPC - detected LockedFile.Multi.Generic ( 1 )
11:47:06.0531 0x1758  Detect skipped due to KSN trusted
11:47:06.0531 0x1758  MsRPC - ok
11:47:06.0640 0x1758  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:47:06.0640 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: FC6B9FF600CC585EA38B12589BD4E246, sha256: F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A
11:47:06.0640 0x1758  mssmbios - detected LockedFile.Multi.Generic ( 1 )
11:47:09.0526 0x1758  Detect skipped due to KSN trusted
11:47:09.0526 0x1758  mssmbios - ok
11:47:09.0620 0x1758  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:47:09.0620 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: B42C6B921F61A6E55159B8BE6CD54A36, sha256: 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C
11:47:09.0635 0x1758  MSTEE - detected LockedFile.Multi.Generic ( 1 )
11:47:12.0506 0x1758  Detect skipped due to KSN trusted
11:47:12.0506 0x1758  MSTEE - ok
11:47:12.0599 0x1758  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:47:12.0599 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 33599130F44E1F34631CEA241DE8AC84, sha256: E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B
11:47:12.0615 0x1758  MTConfig - detected LockedFile.Multi.Generic ( 1 )
11:47:15.0485 0x1758  Detect skipped due to KSN trusted
11:47:15.0485 0x1758  MTConfig - ok
11:47:15.0595 0x1758  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:47:15.0595 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: 159FAD02F64E6381758C990F753BCC80, sha256: E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598
11:47:15.0610 0x1758  Mup - detected LockedFile.Multi.Generic ( 1 )
11:47:18.0683 0x1758  Detect skipped due to KSN trusted
11:47:18.0683 0x1758  Mup - ok
11:47:18.0824 0x1758  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
11:47:18.0855 0x1758  napagent - ok
11:47:18.0933 0x1758  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:47:18.0933 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 26384429FCD85D83746F63E798AB1480, sha256: 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB
11:47:18.0980 0x1758  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
11:47:21.0835 0x1758  Detect skipped due to KSN trusted
11:47:21.0835 0x1758  NativeWifiP - ok
11:47:21.0975 0x1758  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:47:21.0975 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 8C9C922D71F1CD4DEF73F186416B7896, sha256: 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7
11:47:21.0991 0x1758  NDIS - detected LockedFile.Multi.Generic ( 1 )
11:47:24.0877 0x1758  Detect skipped due to KSN trusted
11:47:24.0877 0x1758  NDIS - ok
11:47:24.0970 0x1758  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:47:24.0970 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 0E1787AA6C9191D3D319E8BAFE86F80C, sha256: F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278
11:47:25.0001 0x1758  NdisCap - detected LockedFile.Multi.Generic ( 1 )
11:47:27.0934 0x1758  Detect skipped due to KSN trusted
11:47:27.0934 0x1758  NdisCap - ok
11:47:28.0028 0x1758  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:47:28.0028 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: E4A8AEC125A2E43A9E32AFEEA7C9C888, sha256: 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55
11:47:28.0043 0x1758  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
11:47:30.0914 0x1758  Detect skipped due to KSN trusted
11:47:30.0914 0x1758  NdisTapi - ok
11:47:31.0023 0x1758  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:47:31.0023 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: D8A65DAFB3EB41CBB622745676FCD072, sha256: 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7
11:47:31.0039 0x1758  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
11:47:33.0925 0x1758  Detect skipped due to KSN trusted
11:47:33.0925 0x1758  Ndisuio - ok
11:47:34.0018 0x1758  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:47:34.0018 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 38FBE267E7E6983311179230FACB1017, sha256: CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14
11:47:34.0049 0x1758  NdisWan - detected LockedFile.Multi.Generic ( 1 )
11:47:36.0920 0x1758  Detect skipped due to KSN trusted
11:47:36.0920 0x1758  NdisWan - ok
11:47:37.0045 0x1758  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:47:37.0045 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: A4BDC541E69674FBFF1A8FF00BE913F2, sha256: 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA
11:47:37.0060 0x1758  NDProxy - detected LockedFile.Multi.Generic ( 1 )
11:47:39.0915 0x1758  Detect skipped due to KSN trusted
11:47:39.0915 0x1758  NDProxy - ok
11:47:39.0962 0x1758  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:47:39.0962 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 80B275B1CE3B0E79909DB7B39AF74D51, sha256: 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796
11:47:39.0977 0x1758  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
11:47:42.0957 0x1758  Detect skipped due to KSN trusted
11:47:42.0957 0x1758  NetBIOS - ok
11:47:43.0066 0x1758  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:47:43.0066 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 280122DDCF04B378EDD1AD54D71C1E54, sha256: F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0
11:47:43.0097 0x1758  NetBT - detected LockedFile.Multi.Generic ( 1 )
11:47:45.0968 0x1758  Detect skipped due to KSN trusted
11:47:45.0968 0x1758  NetBT - ok
11:47:46.0046 0x1758  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
11:47:46.0046 0x1758  Netlogon - ok
11:47:46.0139 0x1758  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
11:47:46.0155 0x1758  Netman - ok
11:47:46.0217 0x1758  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0233 0x1758  NetMsmqActivator - ok
11:47:46.0264 0x1758  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0280 0x1758  NetPipeActivator - ok
11:47:46.0358 0x1758  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
11:47:46.0405 0x1758  netprofm - ok
11:47:46.0436 0x1758  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0451 0x1758  NetTcpActivator - ok
11:47:46.0483 0x1758  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:47:46.0498 0x1758  NetTcpPortSharing - ok
11:47:46.0545 0x1758  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:47:46.0545 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 1D85C4B390B0EE09C7A46B91EFB2C097, sha256: 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348
11:47:46.0576 0x1758  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
11:47:49.0447 0x1758  Detect skipped due to KSN trusted
11:47:49.0447 0x1758  nfrd960 - ok
11:47:49.0618 0x1758  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:47:49.0634 0x1758  NlaSvc - ok
11:47:49.0681 0x1758  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:47:49.0696 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1DB262A9F8C087E8153D89BEF3D2235F, sha256: A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101
11:47:49.0696 0x1758  Npfs - detected LockedFile.Multi.Generic ( 1 )
11:47:52.0582 0x1758  Detect skipped due to KSN trusted
11:47:52.0582 0x1758  Npfs - ok
11:47:52.0660 0x1758  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
11:47:52.0676 0x1758  nsi - ok
11:47:52.0707 0x1758  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:47:52.0707 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E9A0A4D07E53D8FEA2BB8387A3293C58, sha256: 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A
11:47:52.0723 0x1758  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
11:47:55.0577 0x1758  Detect skipped due to KSN trusted
11:47:55.0593 0x1758  nsiproxy - ok
11:47:55.0733 0x1758  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:47:55.0733 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: C8DFF8D07755A66C7A4A738930F0FEAC, sha256: A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA
11:47:55.0749 0x1758  Ntfs - detected LockedFile.Multi.Generic ( 1 )
11:47:58.0682 0x1758  Detect skipped due to KSN trusted
11:47:58.0682 0x1758  Ntfs - ok
11:47:58.0775 0x1758  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
11:47:58.0775 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: F9756A98D69098DCA8945D62858A812C, sha256: 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045
11:47:58.0775 0x1758  Null - detected LockedFile.Multi.Generic ( 1 )
11:48:01.0646 0x1758  Detect skipped due to KSN trusted
11:48:01.0646 0x1758  Null - ok
11:48:01.0755 0x1758  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:48:01.0755 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: B3E25EE28883877076E0E1FF877D02E0, sha256: 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C
11:48:01.0771 0x1758  nvraid - detected LockedFile.Multi.Generic ( 1 )
11:48:04.0657 0x1758  Detect skipped due to KSN trusted
11:48:04.0657 0x1758  nvraid - ok
11:48:04.0735 0x1758  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:48:04.0735 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: 4380E59A170D88C4F1022EFF6719A8A4, sha256: 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2
11:48:04.0750 0x1758  nvstor - detected LockedFile.Multi.Generic ( 1 )
11:48:07.0605 0x1758  Detect skipped due to KSN trusted
11:48:07.0605 0x1758  nvstor - ok
11:48:07.0683 0x1758  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:48:07.0683 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 5A0983915F02BAE73267CC2A041F717D, sha256: D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8
11:48:07.0683 0x1758  nv_agp - detected LockedFile.Multi.Generic ( 1 )
11:48:10.0553 0x1758  Detect skipped due to KSN trusted
11:48:10.0553 0x1758  nv_agp - ok
11:48:10.0631 0x1758  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:48:10.0631 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 08A70A1F2CDDE9BB49B885CB817A66EB, sha256: 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63
11:48:10.0631 0x1758  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
11:48:13.0502 0x1758  Detect skipped due to KSN trusted
11:48:13.0502 0x1758  ohci1394 - ok
11:48:13.0689 0x1758  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:48:13.0705 0x1758  ose - ok
11:48:14.0032 0x1758  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:48:14.0282 0x1758  osppsvc - ok
11:48:14.0375 0x1758  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:48:14.0407 0x1758  p2pimsvc - ok
11:48:14.0469 0x1758  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:48:14.0500 0x1758  p2psvc - ok
11:48:14.0547 0x1758  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:48:14.0547 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 2EA877ED5DD9713C5AC74E8EA7348D14, sha256: 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE
11:48:14.0578 0x1758  Parport - detected LockedFile.Multi.Generic ( 1 )
11:48:17.0558 0x1758  Detect skipped due to KSN trusted
11:48:17.0558 0x1758  Parport - ok
11:48:17.0667 0x1758  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:48:17.0667 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 3F34A1B4C5F6475F320C275E63AFCE9B, sha256: 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B
11:48:17.0667 0x1758  partmgr - detected LockedFile.Multi.Generic ( 1 )
11:48:20.0553 0x1758  Detect skipped due to KSN trusted
11:48:20.0553 0x1758  partmgr - ok
11:48:20.0631 0x1758  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:48:20.0631 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parvdm.sys. md5: EB0A59F29C19B86479D36B35983DAADC, sha256: AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8
11:48:20.0631 0x1758  Parvdm - detected LockedFile.Multi.Generic ( 1 )
11:48:23.0501 0x1758  Detect skipped due to KSN trusted
11:48:23.0501 0x1758  Parvdm - ok
11:48:23.0595 0x1758  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
         

Alt 09.07.2014, 13:59   #9
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



das ist die Fortsetzung vom zweiten Text
Der war zu lang

Code:
ATTFilter
11:48:23.0611 0x1758  PcaSvc - ok
11:48:23.0689 0x1758  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
11:48:23.0689 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 673E55C3498EB970088E812EA820AA8F, sha256: 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5
11:48:23.0689 0x1758  pci - detected LockedFile.Multi.Generic ( 1 )
11:48:26.0559 0x1758  Detect skipped due to KSN trusted
11:48:26.0559 0x1758  pci - ok
11:48:26.0684 0x1758  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:48:26.0684 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: AFE86F419014DB4E5593F69FFE26CE0A, sha256: CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00
11:48:26.0684 0x1758  pciide - detected LockedFile.Multi.Generic ( 1 )
11:48:29.0554 0x1758  Detect skipped due to KSN trusted
11:48:29.0554 0x1758  pciide - ok
11:48:29.0648 0x1758  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:48:29.0648 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: F396431B31693E71E8A80687EF523506, sha256: BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B
11:48:29.0648 0x1758  pcmcia - detected LockedFile.Multi.Generic ( 1 )
11:48:32.0518 0x1758  Detect skipped due to KSN trusted
11:48:32.0518 0x1758  pcmcia - ok
11:48:32.0627 0x1758  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:48:32.0627 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: 250F6B43D2B613172035C6747AEEB19F, sha256: A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9
11:48:32.0627 0x1758  pcw - detected LockedFile.Multi.Generic ( 1 )
11:48:35.0685 0x1758  Detect skipped due to KSN trusted
11:48:35.0685 0x1758  pcw - ok
11:48:35.0810 0x1758  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:48:35.0810 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 9E0104BA49F4E6973749A02BF41344ED, sha256: B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116
11:48:35.0841 0x1758  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
11:48:38.0711 0x1758  Detect skipped due to KSN trusted
11:48:38.0711 0x1758  PEAUTH - ok
11:48:38.0945 0x1758  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
11:48:39.0039 0x1758  pla - ok
11:48:39.0117 0x1758  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:48:39.0148 0x1758  PlugPlay - ok
11:48:39.0226 0x1758  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:48:39.0226 0x1758  PNRPAutoReg - ok
11:48:39.0289 0x1758  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:48:39.0304 0x1758  PNRPsvc - ok
11:48:39.0398 0x1758  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:48:39.0429 0x1758  PolicyAgent - ok
11:48:39.0507 0x1758  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
11:48:39.0507 0x1758  Power - ok
11:48:39.0569 0x1758  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:48:39.0569 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 631E3E205AD6D86F2AED6A4A8E69F2DB, sha256: 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065
11:48:39.0585 0x1758  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
11:48:42.0471 0x1758  Detect skipped due to KSN trusted
11:48:42.0471 0x1758  PptpMiniport - ok
11:48:42.0658 0x1758  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:48:42.0658 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 85B1E3A0C7585BC4AAE6899EC6FCF011, sha256: 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3
11:48:42.0658 0x1758  Processor - detected LockedFile.Multi.Generic ( 1 )
11:48:45.0529 0x1758  Detect skipped due to KSN trusted
11:48:45.0529 0x1758  Processor - ok
11:48:45.0653 0x1758  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:48:45.0669 0x1758  ProfSvc - ok
11:48:45.0716 0x1758  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:48:45.0716 0x1758  ProtectedStorage - ok
11:48:45.0778 0x1758  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:48:45.0778 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 6270CCAE2A86DE6D146529FE55B3246A, sha256: 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883
11:48:45.0809 0x1758  Psched - detected LockedFile.Multi.Generic ( 1 )
11:48:48.0695 0x1758  Detect skipped due to KSN trusted
11:48:48.0695 0x1758  Psched - ok
11:48:48.0820 0x1758  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:48:48.0820 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: AB95ECF1F6659A60DDC166D8315B0751, sha256: 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D
11:48:48.0851 0x1758  ql2300 - detected LockedFile.Multi.Generic ( 1 )
11:48:51.0737 0x1758  Detect skipped due to KSN trusted
11:48:51.0737 0x1758  ql2300 - ok
11:48:51.0847 0x1758  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:48:51.0847 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: B4DD51DD25182244B86737DC51AF2270, sha256: 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B
11:48:51.0862 0x1758  ql40xx - detected LockedFile.Multi.Generic ( 1 )
11:48:54.0717 0x1758  Detect skipped due to KSN trusted
11:48:54.0717 0x1758  ql40xx - ok
11:48:54.0811 0x1758  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
11:48:54.0842 0x1758  QWAVE - ok
11:48:54.0904 0x1758  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:48:54.0904 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 584078CA1B95CA72DF2A27C336F9719D, sha256: 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121
11:48:54.0920 0x1758  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
11:48:57.0806 0x1758  Detect skipped due to KSN trusted
11:48:57.0806 0x1758  QWAVEdrv - ok
11:48:57.0993 0x1758  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:48:57.0993 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 30A81B53C766D0133BB86D234E5556AB, sha256: 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090
11:48:58.0009 0x1758  RasAcd - detected LockedFile.Multi.Generic ( 1 )
11:49:00.0879 0x1758  Detect skipped due to KSN trusted
11:49:00.0879 0x1758  RasAcd - ok
11:49:00.0973 0x1758  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:49:00.0973 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 57EC4AEF73660166074D8F7F31C0D4FD, sha256: C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF
11:49:00.0988 0x1758  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
11:49:03.0859 0x1758  Detect skipped due to KSN trusted
11:49:03.0859 0x1758  RasAgileVpn - ok
11:49:03.0968 0x1758  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
11:49:03.0968 0x1758  RasAuto - ok
11:49:04.0015 0x1758  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:49:04.0015 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: D9F91EAFEC2815365CBE6D167E4E332A, sha256: 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C
11:49:04.0015 0x1758  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
11:49:06.0901 0x1758  Detect skipped due to KSN trusted
11:49:06.0901 0x1758  Rasl2tp - ok
11:49:07.0041 0x1758  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
11:49:07.0057 0x1758  RasMan - ok
11:49:07.0104 0x1758  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:49:07.0104 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 0FE8B15916307A6AC12BFB6A63E45507, sha256: 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E
11:49:07.0135 0x1758  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
11:49:10.0021 0x1758  Detect skipped due to KSN trusted
11:49:10.0021 0x1758  RasPppoe - ok
11:49:10.0099 0x1758  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:49:10.0099 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: 44101F495A83EA6401D886E7FD70096B, sha256: 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A
11:49:10.0099 0x1758  RasSstp - detected LockedFile.Multi.Generic ( 1 )
11:49:12.0985 0x1758  Detect skipped due to KSN trusted
11:49:12.0985 0x1758  RasSstp - ok
11:49:13.0125 0x1758  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:49:13.0125 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: D528BC58A489409BA40334EBF96A311B, sha256: C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61
11:49:13.0141 0x1758  rdbss - detected LockedFile.Multi.Generic ( 1 )
11:49:16.0027 0x1758  Detect skipped due to KSN trusted
11:49:16.0027 0x1758  rdbss - ok
11:49:16.0105 0x1758  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:49:16.0105 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 0D8F05481CB76E70E1DA06EE9F0DA9DF, sha256: 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB
11:49:16.0120 0x1758  rdpbus - detected LockedFile.Multi.Generic ( 1 )
11:49:19.0006 0x1758  Detect skipped due to KSN trusted
11:49:19.0006 0x1758  rdpbus - ok
11:49:19.0053 0x1758  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:49:19.0069 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 23DAE03F29D253AE74C44F99E515F9A1, sha256: 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430
11:49:19.0084 0x1758  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
11:49:21.0955 0x1758  Detect skipped due to KSN trusted
11:49:21.0955 0x1758  RDPCDD - ok
11:49:22.0048 0x1758  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:49:22.0048 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: 5A53CA1598DD4156D44196D200C94B8A, sha256: 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4
11:49:22.0064 0x1758  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
11:49:24.0950 0x1758  Detect skipped due to KSN trusted
11:49:24.0950 0x1758  RDPENCDD - ok
11:49:25.0028 0x1758  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:49:25.0028 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 44B0A53CD4F27D50ED461DAE0C0B4E1F, sha256: CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91
11:49:25.0044 0x1758  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
11:49:28.0117 0x1758  Detect skipped due to KSN trusted
11:49:28.0117 0x1758  RDPREFMP - ok
11:49:28.0226 0x1758  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:49:28.0226 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: F031683E6D1FEA157ABB2FF260B51E61, sha256: 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3
11:49:28.0226 0x1758  RDPWD - detected LockedFile.Multi.Generic ( 1 )
11:49:31.0299 0x1758  Detect skipped due to KSN trusted
11:49:31.0299 0x1758  RDPWD - ok
11:49:31.0424 0x1758  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:49:31.0424 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 518395321DC96FE2C9F0E96AC743B656, sha256: 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776
11:49:31.0455 0x1758  rdyboost - detected LockedFile.Multi.Generic ( 1 )
11:49:34.0326 0x1758  Detect skipped due to KSN trusted
11:49:34.0326 0x1758  rdyboost - ok
11:49:34.0482 0x1758  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:49:34.0482 0x1758  RemoteAccess - ok
11:49:34.0544 0x1758  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:49:34.0560 0x1758  RemoteRegistry - ok
11:49:34.0638 0x1758  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:49:34.0638 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: CB928D9E6DAF51879DD6BA8D02F01321, sha256: DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12
11:49:34.0653 0x1758  RFCOMM - detected LockedFile.Multi.Generic ( 1 )
11:49:37.0602 0x1758  Detect skipped due to KSN trusted
11:49:37.0602 0x1758  RFCOMM - ok
11:49:37.0758 0x1758  [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
11:49:37.0758 0x1758  RichVideo - ok
11:49:37.0836 0x1758  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:49:37.0851 0x1758  RpcEptMapper - ok
11:49:37.0914 0x1758  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
11:49:37.0914 0x1758  RpcLocator - ok
11:49:37.0992 0x1758  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
11:49:38.0007 0x1758  RpcSs - ok
11:49:38.0070 0x1758  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:49:38.0070 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 032B0D36AD92B582D869879F5AF5B928, sha256: 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184
11:49:38.0101 0x1758  rspndr - detected LockedFile.Multi.Generic ( 1 )
11:49:40.0971 0x1758  Detect skipped due to KSN trusted
11:49:40.0971 0x1758  rspndr - ok
11:49:41.0096 0x1758  [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
11:49:41.0096 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 96F8DD546677AA5102150ACC140377B3, sha256: 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5
11:49:41.0112 0x1758  RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
11:49:43.0998 0x1758  Detect skipped due to KSN trusted
11:49:43.0998 0x1758  RSUSBSTOR - ok
11:49:44.0216 0x1758  [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
11:49:44.0216 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt86win7.sys. md5: 26A9D6227D12B9D9DA5A81BB9B55D810, sha256: 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9
11:49:44.0232 0x1758  RTL8167 - detected LockedFile.Multi.Generic ( 1 )
11:49:47.0102 0x1758  Detect skipped due to KSN trusted
11:49:47.0102 0x1758  RTL8167 - ok
11:49:47.0242 0x1758  [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
11:49:47.0242 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rtl8192se.sys. md5: B5E9979FBB26FC059BD87A81F763D5DA, sha256: 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D
11:49:47.0258 0x1758  rtl8192se - detected LockedFile.Multi.Generic ( 1 )
11:49:50.0238 0x1758  Detect skipped due to KSN trusted
11:49:50.0238 0x1758  rtl8192se - ok
11:49:50.0316 0x1758  RtsUIR - ok
11:49:50.0378 0x1758  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
11:49:50.0378 0x1758  SamSs - ok
11:49:50.0440 0x1758  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:49:50.0440 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: 05D860DA1040F111503AC416CCEF2BCA, sha256: DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E
11:49:50.0472 0x1758  sbp2port - detected LockedFile.Multi.Generic ( 1 )
11:49:53.0342 0x1758  Detect skipped due to KSN trusted
11:49:53.0342 0x1758  sbp2port - ok
11:49:53.0467 0x1758  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:49:53.0482 0x1758  SCardSvr - ok
11:49:53.0529 0x1758  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:49:53.0529 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 0693B5EC673E34DC147E195779A4DCF6, sha256: AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670
11:49:53.0545 0x1758  scfilter - detected LockedFile.Multi.Generic ( 1 )
11:49:56.0431 0x1758  Detect skipped due to KSN trusted
11:49:56.0431 0x1758  scfilter - ok
11:49:56.0556 0x1758  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
11:49:56.0602 0x1758  Schedule - ok
11:49:56.0665 0x1758  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:49:56.0680 0x1758  SCPolicySvc - ok
11:49:56.0727 0x1758  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:49:56.0743 0x1758  SDRSVC - ok
11:49:56.0790 0x1758  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:49:56.0805 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 90A3935D05B494A5A39D37E71F09A677, sha256: F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952
11:49:56.0836 0x1758  secdrv - detected LockedFile.Multi.Generic ( 1 )
11:49:59.0816 0x1758  Detect skipped due to KSN trusted
11:49:59.0816 0x1758  secdrv - ok
11:49:59.0941 0x1758  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
11:49:59.0941 0x1758  seclogon - ok
11:49:59.0988 0x1758  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
11:49:59.0988 0x1758  SENS - ok
11:50:00.0050 0x1758  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:50:00.0050 0x1758  SensrSvc - ok
11:50:00.0097 0x1758  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:50:00.0097 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: 9AD8B8B515E3DF6ACD4212EF465DE2D1, sha256: E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86
11:50:00.0112 0x1758  Serenum - detected LockedFile.Multi.Generic ( 1 )
11:50:03.0778 0x1758  Detect skipped due to KSN trusted
11:50:03.0778 0x1758  Serenum - ok
11:50:03.0903 0x1758  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:50:03.0903 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: 5FB7FCEA0490D821F26F39CC5EA3D1E2, sha256: A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F
11:50:03.0919 0x1758  Serial - detected LockedFile.Multi.Generic ( 1 )
11:50:06.0789 0x1758  Detect skipped due to KSN trusted
11:50:06.0789 0x1758  Serial - ok
11:50:06.0930 0x1758  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:50:06.0930 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 79BFFB520327FF916A582DFEA17AA813, sha256: 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C
11:50:06.0930 0x1758  sermouse - detected LockedFile.Multi.Generic ( 1 )
11:50:10.0003 0x1758  Detect skipped due to KSN trusted
11:50:10.0003 0x1758  sermouse - ok
11:50:10.0221 0x1758  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:50:10.0237 0x1758  SessionEnv - ok
11:50:10.0284 0x1758  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:50:10.0284 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: 9F976E1EB233DF46FCE808D9DEA3EB9C, sha256: 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75
11:50:10.0315 0x1758  sffdisk - detected LockedFile.Multi.Generic ( 1 )
11:50:13.0216 0x1758  Detect skipped due to KSN trusted
11:50:13.0216 0x1758  sffdisk - ok
11:50:13.0450 0x1758  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:50:13.0450 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 932A68EE27833CFD57C1639D375F2731, sha256: 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3
11:50:13.0482 0x1758  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
11:50:16.0368 0x1758  Detect skipped due to KSN trusted
11:50:16.0368 0x1758  sffp_mmc - ok
11:50:16.0477 0x1758  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:50:16.0477 0x1758  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: 6D4CCAEDC018F1CF52866BBBAA235982, sha256: AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131
11:50:16.0602 0x1758  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
11:50:19.0488 0x1758  Detect skipped due to KSN trusted
11:50:19.0488 0x1758  sffp_sd - ok
11:50:19.0690 0x1758  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:50:19.0706 0x1758  sfloppy - ok
11:50:19.0893 0x1758  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:50:19.0909 0x1758  SharedAccess - ok
11:50:20.0190 0x1758  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:50:20.0205 0x1758  ShellHWDetection - ok
11:50:20.0330 0x1758  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:50:20.0330 0x1758  sisagp - ok
11:50:20.0439 0x1758  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:50:20.0439 0x1758  SiSRaid2 - ok
11:50:20.0517 0x1758  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:50:20.0533 0x1758  SiSRaid4 - ok
11:50:20.0595 0x1758  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:50:20.0595 0x1758  Smb - ok
11:50:20.0704 0x1758  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:50:20.0704 0x1758  SNMPTRAP - ok
11:50:20.0798 0x1758  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:50:20.0798 0x1758  spldr - ok
11:50:20.0876 0x1758  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
11:50:20.0907 0x1758  Spooler - ok
11:50:21.0172 0x1758  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
11:50:21.0282 0x1758  sppsvc - ok
11:50:21.0406 0x1758  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:50:21.0422 0x1758  sppuinotify - ok
11:50:21.0500 0x1758  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:50:21.0500 0x1758  srv - ok
11:50:21.0562 0x1758  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:50:21.0562 0x1758  srv2 - ok
11:50:21.0609 0x1758  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:50:21.0625 0x1758  srvnet - ok
11:50:21.0687 0x1758  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
11:50:21.0687 0x1758  ssadbus - ok
11:50:21.0765 0x1758  [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:50:21.0765 0x1758  ssadmdfl - ok
11:50:21.0812 0x1758  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
11:50:21.0828 0x1758  ssadmdm - ok
11:50:21.0874 0x1758  [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
11:50:21.0874 0x1758  ssadserd - ok
11:50:21.0952 0x1758  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:50:21.0968 0x1758  SSDPSRV - ok
11:50:22.0062 0x1758  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
11:50:22.0062 0x1758  ssmdrv - ok
11:50:22.0140 0x1758  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:50:22.0140 0x1758  SstpSvc - ok
11:50:22.0202 0x1758  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:50:22.0202 0x1758  stexstor - ok
11:50:22.0311 0x1758  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:50:22.0342 0x1758  StiSvc - ok
11:50:22.0405 0x1758  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:50:22.0405 0x1758  swenum - ok
11:50:22.0483 0x1758  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
11:50:22.0514 0x1758  swprv - ok
11:50:22.0592 0x1758  [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:50:22.0608 0x1758  SynTP - ok
11:50:22.0701 0x1758  [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32       C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
11:50:22.0701 0x1758  Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
11:50:22.0732 0x1758  syshost32 - detected LockedFile.Multi.Generic ( 1 )
11:50:25.0618 0x1758  Detect turned to UDS exact due to KSN untrusted
11:50:25.0618 0x1758  syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
11:50:25.0618 0x1758  Force sending object to P2P due to detect: syshost32
11:50:29.0643 0x1758  Object send P2P result: true
11:50:32.0888 0x1758  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
11:50:32.0966 0x1758  SysMain - ok
11:50:33.0044 0x1758  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
11:50:33.0044 0x1758  TabletInputService - ok
11:50:33.0169 0x1758  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:50:33.0200 0x1758  TapiSrv - ok
11:50:33.0294 0x1758  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
11:50:33.0294 0x1758  TBS - ok
11:50:33.0434 0x1758  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:50:33.0528 0x1758  Tcpip - ok
11:50:33.0652 0x1758  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:50:33.0699 0x1758  TCPIP6 - ok
11:50:33.0808 0x1758  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:50:33.0808 0x1758  tcpipreg - ok
11:50:33.0902 0x1758  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:50:33.0902 0x1758  TDPIPE - ok
11:50:33.0949 0x1758  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:50:33.0949 0x1758  TDTCP - ok
11:50:34.0011 0x1758  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:50:34.0027 0x1758  tdx - ok
11:50:34.0105 0x1758  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:50:34.0105 0x1758  TermDD - ok
11:50:34.0198 0x1758  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
11:50:34.0230 0x1758  TermService - ok
11:50:34.0308 0x1758  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
11:50:34.0308 0x1758  Themes - ok
11:50:34.0354 0x1758  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
11:50:34.0354 0x1758  THREADORDER - ok
11:50:34.0448 0x1758  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
11:50:34.0464 0x1758  TrkWks - ok
11:50:34.0573 0x1758  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:50:34.0588 0x1758  TrustedInstaller - ok
11:50:34.0651 0x1758  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:50:34.0651 0x1758  tssecsrv - ok
11:50:34.0729 0x1758  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:50:34.0744 0x1758  TsUsbFlt - ok
11:50:34.0807 0x1758  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:50:34.0822 0x1758  tunnel - ok
11:50:34.0869 0x1758  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:50:34.0869 0x1758  uagp35 - ok
11:50:34.0978 0x1758  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:50:34.0994 0x1758  udfs - ok
11:50:35.0103 0x1758  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:50:35.0103 0x1758  UI0Detect - ok
11:50:35.0150 0x1758  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:50:35.0166 0x1758  uliagpkx - ok
11:50:35.0228 0x1758  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
11:50:35.0228 0x1758  umbus - ok
11:50:35.0275 0x1758  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:50:35.0275 0x1758  UmPass - ok
11:50:35.0400 0x1758  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
11:50:35.0415 0x1758  upnphost - ok
11:50:35.0493 0x1758  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:50:35.0493 0x1758  usbccgp - ok
11:50:35.0571 0x1758  USBCCID - ok
11:50:35.0649 0x1758  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:50:35.0665 0x1758  usbcir - ok
11:50:35.0712 0x1758  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:50:35.0727 0x1758  usbehci - ok
11:50:35.0805 0x1758  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:50:35.0821 0x1758  usbhub - ok
11:50:35.0899 0x1758  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:50:35.0899 0x1758  usbohci - ok
11:50:36.0008 0x1758  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:50:36.0008 0x1758  usbprint - ok
11:50:36.0070 0x1758  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
11:50:36.0070 0x1758  usbscan - ok
11:50:36.0148 0x1758  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:50:36.0148 0x1758  USBSTOR - ok
11:50:36.0242 0x1758  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:50:36.0242 0x1758  usbuhci - ok
11:50:36.0320 0x1758  [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:50:36.0320 0x1758  usbvideo - ok
11:50:36.0398 0x1758  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
11:50:36.0414 0x1758  UxSms - ok
11:50:36.0476 0x1758  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
11:50:36.0476 0x1758  VaultSvc - ok
11:50:36.0554 0x1758  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:50:36.0554 0x1758  vdrvroot - ok
11:50:36.0663 0x1758  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
11:50:36.0694 0x1758  vds - ok
11:50:36.0757 0x1758  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:50:36.0757 0x1758  vga - ok
11:50:36.0819 0x1758  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:50:36.0819 0x1758  VgaSave - ok
11:50:36.0913 0x1758  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:50:37.0334 0x1758  vhdmp - ok
11:50:39.0393 0x1758  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:50:39.0393 0x1758  viaagp - ok
11:50:40.0470 0x1758  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
11:50:40.0470 0x1758  ViaC7 - ok
11:50:42.0264 0x1758  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:50:42.0264 0x1758  viaide - ok
11:50:43.0090 0x1758  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:50:43.0090 0x1758  volmgr - ok
11:50:43.0418 0x1758  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:50:43.0434 0x1758  volmgrx - ok
11:50:44.0245 0x1758  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:50:44.0276 0x1758  volsnap - ok
11:50:44.0416 0x1758  [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
11:50:44.0448 0x1758  vpnagent - ok
11:50:44.0510 0x1758  [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
11:50:44.0510 0x1758  vpnva - ok
11:50:44.0588 0x1758  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
11:50:44.0588 0x1758  vsmraid - ok
11:50:44.0713 0x1758  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
11:50:44.0775 0x1758  VSS - ok
11:50:44.0838 0x1758  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
11:50:44.0853 0x1758  vwifibus - ok
11:50:44.0900 0x1758  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
11:50:44.0900 0x1758  vwififlt - ok
11:50:44.0947 0x1758  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
11:50:44.0947 0x1758  vwifimp - ok
11:50:45.0056 0x1758  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
11:50:45.0072 0x1758  W32Time - ok
11:50:45.0150 0x1758  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
11:50:45.0165 0x1758  WacomPen - ok
11:50:45.0228 0x1758  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
11:50:45.0243 0x1758  WANARP - ok
11:50:45.0274 0x1758  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:50:45.0274 0x1758  Wanarpv6 - ok
11:50:45.0415 0x1758  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
11:50:45.0477 0x1758  WatAdminSvc - ok
11:50:45.0602 0x1758  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
11:50:45.0680 0x1758  wbengine - ok
11:50:45.0758 0x1758  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
11:50:45.0774 0x1758  WbioSrvc - ok
11:50:45.0867 0x1758  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:50:45.0914 0x1758  wcncsvc - ok
11:50:46.0273 0x1758  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:50:46.0273 0x1758  WcsPlugInService - ok
11:50:46.0351 0x1758  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
11:50:46.0351 0x1758  Wd - ok
11:50:46.0429 0x1758  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:50:46.0460 0x1758  Wdf01000 - ok
11:50:46.0522 0x1758  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:50:46.0522 0x1758  WdiServiceHost - ok
11:50:46.0569 0x1758  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:50:46.0569 0x1758  WdiSystemHost - ok
11:50:46.0663 0x1758  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
11:50:46.0678 0x1758  WebClient - ok
11:50:46.0756 0x1758  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:50:46.0772 0x1758  Wecsvc - ok
11:50:46.0834 0x1758  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:50:46.0834 0x1758  wercplsupport - ok
11:50:46.0897 0x1758  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
11:50:46.0912 0x1758  WerSvc - ok
11:50:46.0959 0x1758  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
11:50:46.0959 0x1758  WfpLwf - ok
11:50:47.0037 0x1758  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
11:50:47.0037 0x1758  WIMMount - ok
11:50:47.0178 0x1758  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:50:47.0209 0x1758  WinDefend - ok
11:50:47.0318 0x1758  WinHttpAutoProxySvc - ok
11:50:47.0412 0x1758  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:50:47.0427 0x1758  Winmgmt - ok
11:50:47.0552 0x1758  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
11:50:47.0630 0x1758  WinRM - ok
11:50:47.0817 0x1758  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
11:50:47.0817 0x1758  WinUsb - ok
11:50:47.0942 0x1758  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:50:48.0098 0x1758  Wlansvc - ok
11:50:48.0363 0x1758  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
11:50:48.0379 0x1758  WmiAcpi - ok
11:50:48.0472 0x1758  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:50:48.0472 0x1758  wmiApSrv - ok
11:50:48.0644 0x1758  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:50:48.0706 0x1758  WMPNetworkSvc - ok
11:50:48.0816 0x1758  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:50:48.0816 0x1758  WPCSvc - ok
11:50:48.0878 0x1758  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:50:48.0894 0x1758  WPDBusEnum - ok
11:50:48.0987 0x1758  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:50:48.0987 0x1758  ws2ifsl - ok
11:50:49.0065 0x1758  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
11:50:49.0081 0x1758  wscsvc - ok
11:50:49.0159 0x1758  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:50:49.0159 0x1758  WSDPrintDevice - ok
11:50:49.0237 0x1758  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
11:50:49.0252 0x1758  WSDScan - ok
11:50:49.0284 0x1758  WSearch - ok
11:50:49.0502 0x1758  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:50:49.0627 0x1758  wuauserv - ok
11:50:49.0720 0x1758  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:50:49.0720 0x1758  WudfPf - ok
11:50:49.0783 0x1758  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:50:49.0783 0x1758  WUDFRd - ok
11:50:49.0923 0x1758  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:50:49.0939 0x1758  wudfsvc - ok
11:50:50.0235 0x1758  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
11:50:50.0251 0x1758  WwanSvc - ok
11:50:50.0391 0x1758  ================ Scan global ===============================
11:50:50.0454 0x1758  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
11:50:50.0500 0x1758  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:50:50.0532 0x1758  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
11:50:50.0578 0x1758  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
11:50:50.0610 0x1758  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
11:50:50.0641 0x1758  [ Global ] - ok
11:50:50.0641 0x1758  ================ Scan MBR ==================================
11:50:50.0656 0x1758  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
11:50:56.0226 0x1758  \Device\Harddisk0\DR0 - ok
11:50:56.0226 0x1758  ================ Scan VBR ==================================
11:50:56.0226 0x1758  [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
11:50:56.0226 0x1758  \Device\Harddisk0\DR0\Partition1 - ok
11:50:56.0257 0x1758  [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
11:50:56.0257 0x1758  \Device\Harddisk0\DR0\Partition2 - ok
11:50:56.0273 0x1758  [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
11:50:56.0273 0x1758  \Device\Harddisk0\DR0\Partition3 - ok
11:50:56.0273 0x1758  ================ Scan generic autorun ======================
11:50:56.0335 0x1758  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
11:50:56.0335 0x1758  IAAnotif - ok
11:50:56.0475 0x1758  [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
11:50:56.0585 0x1758  MGSysCtrl - ok
11:50:56.0709 0x1758  [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
11:50:56.0787 0x1758  SynTPEnh - ok
11:50:57.0224 0x1758  [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
11:50:57.0599 0x1758  RtHDVCpl - ok
11:50:57.0692 0x1758  [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
11:50:57.0692 0x1758  PDVD9LanguageShortcut - ok
11:50:57.0833 0x1758  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
11:50:57.0833 0x1758  UCam_Menu - ok
11:50:57.0879 0x1758  [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
11:50:57.0911 0x1758  YouCam Mirror Tray icon - ok
11:50:58.0067 0x1758  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
11:50:58.0067 0x1758  IgfxTray - ok
11:50:58.0098 0x1758  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
11:50:58.0098 0x1758  HotKeysCmds - ok
11:50:58.0129 0x1758  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
11:50:58.0160 0x1758  Persistence - ok
11:50:58.0238 0x1758  [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
11:50:58.0269 0x1758  IJNetworkScannerSelectorEX - ok
11:50:58.0379 0x1758  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:50:58.0441 0x1758  Adobe ARM - ok
11:50:58.0488 0x1758  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
11:50:58.0503 0x1758  SunJavaUpdateSched - ok
11:50:58.0597 0x1758  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
11:50:58.0628 0x1758  avgnt - ok
11:50:58.0706 0x1758  [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
11:50:58.0722 0x1758  Cisco AnyConnect Secure Mobility Agent for Windows - ok
11:50:58.0847 0x1758  [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
11:50:58.0956 0x1758  MailCheck IE Broker - ok
11:50:58.0956 0x1758  {956AD994-B7CC-444F-8054-3F0EAE8F6791} - ok
11:50:58.0956 0x1758  Waiting for KSN requests completion. In queue: 16
11:50:59.0970 0x1758  Waiting for KSN requests completion. In queue: 16
11:51:00.0984 0x1758  Waiting for KSN requests completion. In queue: 16
11:51:02.0013 0x1758  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x40000 ( disabled : updated )
11:51:02.0013 0x1758  Win FW state via NFP2: enabled
11:51:04.0868 0x1758  ============================================================
11:51:04.0868 0x1758  Scan finished
11:51:04.0868 0x1758  ============================================================
11:51:04.0884 0x178c  Detected object count: 3
11:51:04.0884 0x178c  Actual detected object count: 3
11:54:29.0353 0x178c  C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - copied to quarantine
11:54:29.0416 0x178c  HKLM\SYSTEM\ControlSet001\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:54:29.0494 0x178c  HKLM\SYSTEM\ControlSet002\services\8a6a6eefe4cb1615 - will be deleted on reboot
11:54:30.0102 0x178c  C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys - will be deleted on reboot
11:54:30.0102 0x178c  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete 
11:54:30.0102 0x178c  mrxsmb20 ( LockedFile.Multi.Generic ) - skipped by user
11:54:30.0102 0x178c  mrxsmb20 ( LockedFile.Multi.Generic ) - User select action: Skip 
11:54:30.0102 0x178c  syshost32 ( UDS:DangerousObject.Multi.Generic ) - skipped by user
11:54:30.0118 0x178c  syshost32 ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
11:54:30.0320 0x178c  KLMD registered as C:\Windows\system32\drivers\85219404.sys
11:54:40.0398 0x11a4  Deinitialize success
         

Alt 09.07.2014, 14:02   #10
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Das hier ist der dritte

Code:
ATTFilter
11:54:51.0014 0x1724  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:54:54.0555 0x1724  ============================================================
11:54:54.0555 0x1724  Current date / time: 2014/07/08 11:54:54.0555
11:54:54.0555 0x1724  SystemInfo:
11:54:54.0555 0x1724  
11:54:54.0555 0x1724  OS Version: 6.1.7601 ServicePack: 1.0
11:54:54.0555 0x1724  Product type: Workstation
11:54:54.0555 0x1724  ComputerName: *****-PC
11:54:54.0555 0x1724  UserName: *****
11:54:54.0555 0x1724  Windows directory: C:\Windows
11:54:54.0555 0x1724  System windows directory: C:\Windows
11:54:54.0555 0x1724  Processor architecture: Intel x86
11:54:54.0555 0x1724  Number of processors: 2
11:54:54.0555 0x1724  Page size: 0x1000
11:54:54.0555 0x1724  Boot type: Normal boot
11:54:54.0555 0x1724  ============================================================
11:54:55.0132 0x1724  KLMD registered as C:\Windows\system32\drivers\91343349.sys
11:55:02.0917 0x1724  System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
11:55:03.0478 0x1724  !crdlk
11:55:03.0587 0x1724  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
11:55:03.0587 0x1724  ============================================================
11:55:03.0587 0x1724  \Device\Harddisk0\DR0:
11:55:03.0587 0x1724  MBR partitions:
11:55:03.0587 0x1724  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:55:03.0587 0x1724  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
11:55:03.0587 0x1724  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
11:55:03.0587 0x1724  ============================================================
11:55:03.0619 0x1724  C: <-> \Device\Harddisk0\DR0\Partition2
11:55:03.0681 0x1724  D: <-> \Device\Harddisk0\DR0\Partition3
11:55:03.0681 0x1724  ============================================================
11:55:03.0681 0x1724  Initialize success
11:55:03.0681 0x1724  ============================================================
11:55:38.0859 0x110c  ============================================================
11:55:38.0859 0x110c  Scan started
11:55:38.0859 0x110c  Mode: Manual; 
11:55:38.0859 0x110c  ============================================================
11:55:38.0859 0x110c  KSN ping started
11:55:41.0761 0x110c  KSN ping finished: true
11:55:42.0899 0x110c  ================ Scan system memory ========================
11:55:42.0899 0x110c  System memory - ok
11:55:42.0899 0x110c  ================ Scan services =============================
11:55:43.0165 0x110c  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
11:55:43.0165 0x110c  1394ohci - ok
11:55:43.0274 0x110c  [ 4B2C07980CBD463DEE9F5CB0ADCDE862, A0D20F91EE6A13CA255033752B79CD90C89F3E95DB82D96EC6117E6B734775EF ] 75070223        C:\Windows\system32\drivers\19170952.sys
11:55:43.0274 0x110c  75070223 - ok
11:55:43.0305 0x110c  Suspicious service (NoAccess): 8a6a6eefe4cb1615
11:55:43.0336 0x110c  [ E5CBFB3C5E0F61C66D4F17BC08D25A25, F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9 ] 8a6a6eefe4cb1615 C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys
11:55:43.0336 0x110c  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\8a6a6eefe4cb1615.sys. md5: E5CBFB3C5E0F61C66D4F17BC08D25A25, sha256: F966F1E45121C36DA9C2BC53E9F733DFB20FE490785E14A0CD0D7B1478F80EC9
11:55:43.0383 0x110c  8a6a6eefe4cb1615 - detected Rootkit.Win32.Necurs.gen ( 0 )
11:55:46.0363 0x110c  8a6a6eefe4cb1615 ( Rootkit.Win32.Necurs.gen ) - infected
11:55:46.0363 0x110c  Force sending object to P2P due to detect: 8a6a6eefe4cb1615
11:55:50.0731 0x110c  Object send P2P result: true
11:55:53.0663 0x110c  [ 4B2C07980CBD463DEE9F5CB0ADCDE862, A0D20F91EE6A13CA255033752B79CD90C89F3E95DB82D96EC6117E6B734775EF ] 93925963        C:\Windows\system32\drivers\85219404.sys
11:55:53.0663 0x110c  93925963 - ok
11:55:53.0741 0x110c  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
11:55:53.0741 0x110c  ACPI - ok
11:55:53.0804 0x110c  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
11:55:53.0804 0x110c  AcpiPmi - ok
11:55:53.0851 0x110c  [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
11:55:53.0866 0x110c  acsock - ok
11:55:54.0007 0x110c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:55:54.0007 0x110c  AdobeARMservice - ok
11:55:54.0147 0x110c  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:55:54.0163 0x110c  AdobeFlashPlayerUpdateSvc - ok
11:55:54.0256 0x110c  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
11:55:54.0272 0x110c  adp94xx - ok
11:55:54.0334 0x110c  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
11:55:54.0350 0x110c  adpahci - ok
11:55:54.0397 0x110c  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
11:55:54.0397 0x110c  adpu320 - ok
11:55:54.0475 0x110c  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:55:54.0475 0x110c  AeLookupSvc - ok
11:55:54.0553 0x110c  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
11:55:54.0568 0x110c  AFD - ok
11:55:54.0631 0x110c  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
11:55:54.0631 0x110c  agp440 - ok
11:55:54.0724 0x110c  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
11:55:54.0724 0x110c  aic78xx - ok
11:55:54.0787 0x110c  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
11:55:54.0787 0x110c  ALG - ok
11:55:54.0833 0x110c  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:55:54.0833 0x110c  aliide - ok
11:55:54.0896 0x110c  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:55:54.0896 0x110c  amdagp - ok
11:55:54.0943 0x110c  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:55:54.0943 0x110c  amdide - ok
11:55:55.0005 0x110c  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
11:55:55.0005 0x110c  AmdK8 - ok
11:55:55.0036 0x110c  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
11:55:55.0036 0x110c  AmdPPM - ok
11:55:55.0114 0x110c  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
11:55:55.0114 0x110c  amdsata - ok
11:55:55.0177 0x110c  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
11:55:55.0177 0x110c  amdsbs - ok
11:55:55.0208 0x110c  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
11:55:55.0208 0x110c  amdxata - ok
11:55:55.0255 0x110c  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
11:55:55.0255 0x110c  androidusb - ok
11:55:55.0395 0x110c  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:55:55.0411 0x110c  AntiVirSchedulerService - ok
11:55:55.0520 0x110c  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:55:55.0535 0x110c  AntiVirService - ok
11:55:55.0598 0x110c  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
11:55:55.0598 0x110c  AppID - ok
11:55:55.0676 0x110c  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
11:55:55.0676 0x110c  AppIDSvc - ok
11:55:55.0754 0x110c  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
11:55:55.0754 0x110c  Appinfo - ok
11:55:55.0847 0x110c  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
11:55:55.0847 0x110c  arc - ok
11:55:55.0894 0x110c  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
11:55:55.0894 0x110c  arcsas - ok
11:55:56.0035 0x110c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:55:56.0035 0x110c  aspnet_state - ok
11:55:56.0081 0x110c  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:55:56.0081 0x110c  AsyncMac - ok
11:55:56.0144 0x110c  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
11:55:56.0159 0x110c  atapi - ok
11:55:56.0253 0x110c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:55:56.0269 0x110c  AudioEndpointBuilder - ok
11:55:56.0347 0x110c  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:55:56.0362 0x110c  Audiosrv - ok
11:55:56.0456 0x110c  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
11:55:56.0456 0x110c  avgntflt - ok
11:55:56.0534 0x110c  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
11:55:56.0549 0x110c  avipbb - ok
11:55:56.0596 0x110c  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
11:55:56.0612 0x110c  avkmgr - ok
11:55:56.0690 0x110c  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
11:55:56.0690 0x110c  AxInstSV - ok
11:55:56.0768 0x110c  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
11:55:56.0783 0x110c  b06bdrv - ok
11:55:56.0830 0x110c  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:55:56.0846 0x110c  b57nd60x - ok
11:55:56.0971 0x110c  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
11:55:56.0971 0x110c  BDESVC - ok
11:55:57.0017 0x110c  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:55:57.0033 0x110c  Beep - ok
11:55:57.0127 0x110c  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
11:55:57.0142 0x110c  BFE - ok
11:55:57.0236 0x110c  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
11:55:57.0251 0x110c  BITS - ok
11:55:57.0314 0x110c  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
11:55:57.0314 0x110c  blbdrive - ok
11:55:57.0392 0x110c  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:55:57.0392 0x110c  bowser - ok
11:55:57.0454 0x110c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:55:57.0454 0x110c  BrFiltLo - ok
11:55:57.0501 0x110c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:55:57.0501 0x110c  BrFiltUp - ok
11:55:57.0563 0x110c  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
11:55:57.0563 0x110c  BridgeMP - ok
11:55:57.0641 0x110c  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
11:55:57.0641 0x110c  Browser - ok
11:55:57.0688 0x110c  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
11:55:57.0704 0x110c  Brserid - ok
11:55:57.0751 0x110c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
11:55:57.0751 0x110c  BrSerWdm - ok
11:55:57.0813 0x110c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
11:55:57.0813 0x110c  BrUsbMdm - ok
11:55:57.0844 0x110c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
11:55:57.0844 0x110c  BrUsbSer - ok
11:55:57.0922 0x110c  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
11:55:57.0922 0x110c  BthEnum - ok
11:55:57.0985 0x110c  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:55:57.0985 0x110c  BTHMODEM - ok
11:55:58.0031 0x110c  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:55:58.0031 0x110c  BthPan - ok
11:55:58.0109 0x110c  [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
11:55:58.0125 0x110c  BTHPORT - ok
11:55:58.0203 0x110c  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
11:55:58.0203 0x110c  bthserv - ok
11:55:58.0234 0x110c  [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
11:55:58.0250 0x110c  BTHUSB - ok
11:55:58.0297 0x110c  [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:55:58.0312 0x110c  btwaudio - ok
11:55:58.0375 0x110c  [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
11:55:58.0375 0x110c  btwavdt - ok
11:55:58.0499 0x110c  [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:55:58.0515 0x110c  btwdins - ok
11:55:58.0562 0x110c  [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
11:55:58.0562 0x110c  btwl2cap - ok
11:55:58.0609 0x110c  [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:55:58.0609 0x110c  btwrchid - ok
11:55:58.0718 0x110c  catchme - ok
11:55:58.0780 0x110c  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:55:58.0780 0x110c  cdfs - ok
11:55:58.0858 0x110c  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
11:55:58.0858 0x110c  cdrom - ok
11:55:58.0921 0x110c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
11:55:58.0936 0x110c  CertPropSvc - ok
11:55:58.0983 0x110c  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
11:55:58.0983 0x110c  circlass - ok
11:55:59.0061 0x110c  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
11:55:59.0077 0x110c  CLFS - ok
11:55:59.0279 0x110c  [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
11:55:59.0342 0x110c  ClickToRunSvc - ok
11:55:59.0435 0x110c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:55:59.0435 0x110c  clr_optimization_v2.0.50727_32 - ok
11:55:59.0529 0x110c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:55:59.0529 0x110c  clr_optimization_v4.0.30319_32 - ok
11:55:59.0576 0x110c  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:55:59.0576 0x110c  CmBatt - ok
11:55:59.0638 0x110c  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:55:59.0654 0x110c  cmdide - ok
11:55:59.0716 0x110c  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
11:55:59.0732 0x110c  CNG - ok
11:55:59.0794 0x110c  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:55:59.0794 0x110c  Compbatt - ok
11:55:59.0872 0x110c  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
11:55:59.0872 0x110c  CompositeBus - ok
11:55:59.0903 0x110c  COMSysApp - ok
11:55:59.0950 0x110c  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
11:55:59.0950 0x110c  crcdisk - ok
11:56:00.0028 0x110c  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:56:00.0044 0x110c  CryptSvc - ok
11:56:00.0153 0x110c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:56:00.0169 0x110c  DcomLaunch - ok
11:56:00.0231 0x110c  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
11:56:00.0247 0x110c  defragsvc - ok
11:56:00.0293 0x110c  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:56:00.0309 0x110c  DfsC - ok
11:56:00.0403 0x110c  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
11:56:00.0418 0x110c  Dhcp - ok
11:56:00.0465 0x110c  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
11:56:00.0481 0x110c  discache - ok
11:56:00.0543 0x110c  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
11:56:00.0543 0x110c  Disk - ok
11:56:00.0621 0x110c  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:56:00.0621 0x110c  Dnscache - ok
11:56:00.0683 0x110c  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
11:56:00.0699 0x110c  dot3svc - ok
11:56:00.0777 0x110c  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
11:56:00.0777 0x110c  DPS - ok
11:56:00.0855 0x110c  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:56:00.0855 0x110c  drmkaud - ok
11:56:00.0980 0x110c  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:56:01.0027 0x110c  DXGKrnl - ok
11:56:01.0105 0x110c  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
11:56:01.0105 0x110c  EapHost - ok
11:56:01.0307 0x110c  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
11:56:01.0479 0x110c  ebdrv - ok
11:56:01.0573 0x110c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
11:56:01.0573 0x110c  EFS - ok
11:56:01.0697 0x110c  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:56:01.0713 0x110c  ehRecvr - ok
11:56:01.0760 0x110c  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
11:56:01.0760 0x110c  ehSched - ok
11:56:01.0853 0x110c  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
11:56:01.0885 0x110c  elxstor - ok
11:56:01.0947 0x110c  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:56:01.0947 0x110c  ErrDev - ok
11:56:02.0087 0x110c  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
11:56:02.0103 0x110c  EventSystem - ok
11:56:02.0150 0x110c  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:56:02.0150 0x110c  exfat - ok
11:56:02.0197 0x110c  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:56:02.0212 0x110c  fastfat - ok
11:56:02.0290 0x110c  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
11:56:02.0321 0x110c  Fax - ok
11:56:02.0353 0x110c  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:56:02.0368 0x110c  fdc - ok
11:56:02.0446 0x110c  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
11:56:02.0446 0x110c  fdPHost - ok
11:56:02.0493 0x110c  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:56:02.0493 0x110c  FDResPub - ok
11:56:02.0540 0x110c  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:56:02.0540 0x110c  FileInfo - ok
11:56:02.0602 0x110c  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:56:02.0602 0x110c  Filetrace - ok
11:56:02.0649 0x110c  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:56:02.0665 0x110c  flpydisk - ok
11:56:02.0711 0x110c  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:56:02.0727 0x110c  FltMgr - ok
11:56:02.0852 0x110c  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
11:56:02.0883 0x110c  FontCache - ok
11:56:02.0977 0x110c  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:56:02.0977 0x110c  FontCache3.0.0.0 - ok
11:56:03.0023 0x110c  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
11:56:03.0023 0x110c  FsDepends - ok
11:56:03.0086 0x110c  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:56:03.0086 0x110c  Fs_Rec - ok
11:56:03.0148 0x110c  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
11:56:03.0164 0x110c  fvevol - ok
11:56:03.0211 0x110c  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
11:56:03.0226 0x110c  gagp30kx - ok
11:56:03.0320 0x110c  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
11:56:03.0351 0x110c  gpsvc - ok
11:56:03.0476 0x110c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:03.0476 0x110c  gupdate - ok
11:56:03.0523 0x110c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:03.0523 0x110c  gupdatem - ok
11:56:03.0569 0x110c  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
11:56:03.0569 0x110c  hcw85cir - ok
11:56:03.0647 0x110c  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:56:03.0663 0x110c  HdAudAddService - ok
11:56:03.0725 0x110c  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
11:56:03.0725 0x110c  HDAudBus - ok
11:56:03.0772 0x110c  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
11:56:03.0772 0x110c  HidBatt - ok
11:56:03.0835 0x110c  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
11:56:03.0835 0x110c  HidBth - ok
11:56:03.0881 0x110c  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
11:56:03.0897 0x110c  HidIr - ok
11:56:03.0944 0x110c  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
11:56:03.0944 0x110c  hidserv - ok
11:56:04.0022 0x110c  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:56:04.0022 0x110c  HidUsb - ok
11:56:04.0084 0x110c  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:56:04.0084 0x110c  hkmsvc - ok
11:56:04.0162 0x110c  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:56:04.0178 0x110c  HomeGroupListener - ok
11:56:04.0240 0x110c  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:56:04.0256 0x110c  HomeGroupProvider - ok
11:56:04.0318 0x110c  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
11:56:04.0318 0x110c  HpSAMD - ok
11:56:04.0412 0x110c  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:56:04.0443 0x110c  HTTP - ok
11:56:04.0505 0x110c  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
11:56:04.0505 0x110c  hwpolicy - ok
11:56:04.0568 0x110c  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
11:56:04.0583 0x110c  i8042prt - ok
11:56:04.0693 0x110c  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:56:04.0708 0x110c  IAANTMON - ok
11:56:04.0786 0x110c  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:56:04.0817 0x110c  iaStor - ok
11:56:04.0895 0x110c  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
11:56:04.0911 0x110c  iaStorV - ok
11:56:05.0036 0x110c  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:56:05.0067 0x110c  idsvc - ok
11:56:05.0145 0x110c  IEEtwCollectorService - ok
11:56:05.0660 0x110c  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
11:56:06.0237 0x110c  igfx - ok
11:56:06.0471 0x110c  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
11:56:06.0471 0x110c  iirsp - ok
11:56:06.0580 0x110c  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
11:56:06.0611 0x110c  IKEEXT - ok
11:56:06.0845 0x110c  [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:56:06.0986 0x110c  IntcAzAudAddService - ok
11:56:07.0048 0x110c  [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:56:07.0064 0x110c  IntcHdmiAddService - ok
11:56:07.0126 0x110c  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:56:07.0126 0x110c  intelide - ok
11:56:07.0189 0x110c  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:56:07.0189 0x110c  intelppm - ok
11:56:07.0282 0x110c  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:56:07.0282 0x110c  IPBusEnum - ok
11:56:07.0345 0x110c  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:56:07.0345 0x110c  IpFilterDriver - ok
11:56:07.0454 0x110c  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:56:07.0469 0x110c  iphlpsvc - ok
11:56:07.0516 0x110c  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
11:56:07.0516 0x110c  IPMIDRV - ok
11:56:07.0579 0x110c  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
11:56:07.0579 0x110c  IPNAT - ok
11:56:07.0625 0x110c  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:56:07.0625 0x110c  IRENUM - ok
11:56:07.0703 0x110c  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:56:07.0703 0x110c  isapnp - ok
11:56:07.0766 0x110c  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
11:56:07.0781 0x110c  iScsiPrt - ok
11:56:07.0844 0x110c  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
11:56:07.0844 0x110c  kbdclass - ok
11:56:07.0891 0x110c  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
11:56:07.0891 0x110c  kbdhid - ok
11:56:07.0937 0x110c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
11:56:07.0937 0x110c  KeyIso - ok
11:56:08.0015 0x110c  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:56:08.0015 0x110c  KSecDD - ok
11:56:08.0062 0x110c  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
11:56:08.0078 0x110c  KSecPkg - ok
11:56:08.0156 0x110c  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:56:08.0156 0x110c  KtmRm - ok
11:56:08.0234 0x110c  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:56:08.0249 0x110c  LanmanServer - ok
11:56:08.0327 0x110c  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:56:08.0343 0x110c  LanmanWorkstation - ok
11:56:08.0437 0x110c  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:56:08.0437 0x110c  lltdio - ok
11:56:08.0499 0x110c  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:56:08.0515 0x110c  lltdsvc - ok
11:56:08.0593 0x110c  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:56:08.0593 0x110c  lmhosts - ok
11:56:08.0671 0x110c  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
11:56:08.0686 0x110c  LSI_FC - ok
11:56:08.0733 0x110c  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
11:56:08.0733 0x110c  LSI_SAS - ok
11:56:08.0780 0x110c  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:56:08.0795 0x110c  LSI_SAS2 - ok
11:56:08.0827 0x110c  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:56:08.0842 0x110c  LSI_SCSI - ok
11:56:08.0920 0x110c  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
11:56:08.0936 0x110c  luafv - ok
11:56:09.0014 0x110c  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:56:09.0014 0x110c  Mcx2Svc - ok
11:56:09.0061 0x110c  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
11:56:09.0061 0x110c  megasas - ok
11:56:09.0123 0x110c  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
11:56:09.0154 0x110c  MegaSR - ok
11:56:09.0217 0x110c  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
11:56:09.0232 0x110c  Micro Star SCM - ok
11:56:09.0310 0x110c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
11:56:09.0310 0x110c  MMCSS - ok
11:56:09.0357 0x110c  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
11:56:09.0357 0x110c  Modem - ok
11:56:09.0404 0x110c  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:56:09.0404 0x110c  monitor - ok
11:56:09.0466 0x110c  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\drivers\mouclass.sys
11:56:09.0466 0x110c  mouclass - ok
11:56:09.0497 0x110c  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:56:09.0513 0x110c  mouhid - ok
11:56:09.0575 0x110c  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
11:56:09.0575 0x110c  mountmgr - ok
11:56:09.0638 0x110c  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:56:09.0638 0x110c  mpio - ok
11:56:09.0700 0x110c  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:56:09.0700 0x110c  mpsdrv - ok
11:56:09.0825 0x110c  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:56:09.0841 0x110c  MpsSvc - ok
11:56:09.0919 0x110c  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:56:09.0934 0x110c  MRxDAV - ok
11:56:09.0997 0x110c  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:56:10.0012 0x110c  mrxsmb - ok
11:56:10.0075 0x110c  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:56:10.0090 0x110c  mrxsmb10 - ok
11:56:10.0137 0x110c  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:56:10.0137 0x110c  mrxsmb20 - ok
11:56:10.0199 0x110c  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:56:10.0199 0x110c  msahci - ok
11:56:10.0262 0x110c  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:56:10.0262 0x110c  msdsm - ok
11:56:10.0309 0x110c  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
11:56:10.0309 0x110c  MSDTC - ok
11:56:10.0418 0x110c  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:56:10.0418 0x110c  Msfs - ok
11:56:10.0465 0x110c  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
11:56:10.0465 0x110c  mshidkmdf - ok
11:56:10.0527 0x110c  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:56:10.0527 0x110c  msisadrv - ok
11:56:10.0605 0x110c  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:56:10.0621 0x110c  MSiSCSI - ok
11:56:10.0652 0x110c  msiserver - ok
11:56:10.0714 0x110c  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:56:10.0714 0x110c  MSKSSRV - ok
11:56:10.0761 0x110c  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:56:10.0761 0x110c  MSPCLOCK - ok
11:56:10.0792 0x110c  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:56:10.0792 0x110c  MSPQM - ok
11:56:10.0839 0x110c  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:56:10.0855 0x110c  MsRPC - ok
11:56:10.0933 0x110c  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
11:56:10.0933 0x110c  mssmbios - ok
11:56:10.0979 0x110c  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:56:10.0979 0x110c  MSTEE - ok
11:56:11.0026 0x110c  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
11:56:11.0026 0x110c  MTConfig - ok
11:56:11.0104 0x110c  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:56:11.0104 0x110c  Mup - ok
11:56:11.0182 0x110c  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
11:56:11.0198 0x110c  napagent - ok
11:56:11.0276 0x110c  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:56:11.0291 0x110c  NativeWifiP - ok
11:56:11.0385 0x110c  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:56:11.0432 0x110c  NDIS - ok
11:56:11.0479 0x110c  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
11:56:11.0494 0x110c  NdisCap - ok
11:56:11.0541 0x110c  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:56:11.0541 0x110c  NdisTapi - ok
11:56:11.0603 0x110c  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:56:11.0619 0x110c  Ndisuio - ok
11:56:11.0666 0x110c  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:56:11.0681 0x110c  NdisWan - ok
11:56:11.0728 0x110c  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:56:11.0744 0x110c  NDProxy - ok
11:56:11.0806 0x110c  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:56:11.0806 0x110c  NetBIOS - ok
11:56:11.0869 0x110c  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
11:56:11.0884 0x110c  NetBT - ok
11:56:11.0947 0x110c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
11:56:11.0947 0x110c  Netlogon - ok
11:56:12.0040 0x110c  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
11:56:12.0056 0x110c  Netman - ok
11:56:12.0134 0x110c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0134 0x110c  NetMsmqActivator - ok
11:56:12.0196 0x110c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0196 0x110c  NetPipeActivator - ok
11:56:12.0274 0x110c  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
11:56:12.0290 0x110c  netprofm - ok
11:56:12.0352 0x110c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0352 0x110c  NetTcpActivator - ok
11:56:12.0415 0x110c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:56:12.0415 0x110c  NetTcpPortSharing - ok
11:56:12.0477 0x110c  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
11:56:12.0477 0x110c  nfrd960 - ok
11:56:12.0571 0x110c  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:56:12.0586 0x110c  NlaSvc - ok
11:56:12.0649 0x110c  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:56:12.0649 0x110c  Npfs - ok
11:56:12.0711 0x110c  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
11:56:12.0711 0x110c  nsi - ok
11:56:12.0758 0x110c  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:56:12.0758 0x110c  nsiproxy - ok
11:56:12.0883 0x110c  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:56:12.0961 0x110c  Ntfs - ok
11:56:13.0023 0x110c  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
11:56:13.0023 0x110c  Null - ok
11:56:13.0085 0x110c  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:56:13.0085 0x110c  nvraid - ok
11:56:13.0132 0x110c  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:56:13.0148 0x110c  nvstor - ok
11:56:13.0179 0x110c  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:56:13.0195 0x110c  nv_agp - ok
11:56:13.0226 0x110c  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
11:56:13.0226 0x110c  ohci1394 - ok
11:56:13.0304 0x110c  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:56:13.0319 0x110c  ose - ok
11:56:13.0647 0x110c  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:56:13.0834 0x110c  osppsvc - ok
11:56:14.0115 0x110c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
11:56:14.0115 0x110c  p2pimsvc - ok
11:56:14.0193 0x110c  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:56:14.0209 0x110c  p2psvc - ok
11:56:14.0255 0x110c  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
11:56:14.0255 0x110c  Parport - ok
11:56:14.0333 0x110c  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:56:14.0333 0x110c  partmgr - ok
11:56:14.0380 0x110c  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
11:56:14.0380 0x110c  Parvdm - ok
11:56:14.0458 0x110c  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:56:14.0458 0x110c  PcaSvc - ok
11:56:14.0536 0x110c  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
11:56:14.0552 0x110c  pci - ok
11:56:14.0599 0x110c  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:56:14.0599 0x110c  pciide - ok
11:56:14.0645 0x110c  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:56:14.0661 0x110c  pcmcia - ok
11:56:14.0708 0x110c  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
11:56:14.0723 0x110c  pcw - ok
11:56:14.0801 0x110c  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:56:14.0833 0x110c  PEAUTH - ok
11:56:15.0035 0x110c  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
11:56:15.0098 0x110c  pla - ok
11:56:15.0176 0x110c  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:56:15.0191 0x110c  PlugPlay - ok
11:56:15.0269 0x110c  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
11:56:15.0269 0x110c  PNRPAutoReg - ok
11:56:15.0332 0x110c  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
11:56:15.0347 0x110c  PNRPsvc - ok
11:56:15.0441 0x110c  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:56:15.0457 0x110c  PolicyAgent - ok
11:56:15.0535 0x110c  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
11:56:15.0550 0x110c  Power - ok
11:56:15.0597 0x110c  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:56:15.0597 0x110c  PptpMiniport - ok
11:56:15.0659 0x110c  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
11:56:15.0659 0x110c  Processor - ok
11:56:15.0722 0x110c  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
11:56:15.0737 0x110c  ProfSvc - ok
11:56:15.0784 0x110c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:56:15.0784 0x110c  ProtectedStorage - ok
11:56:15.0847 0x110c  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
11:56:15.0862 0x110c  Psched - ok
11:56:15.0987 0x110c  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
11:56:16.0081 0x110c  ql2300 - ok
11:56:16.0143 0x110c  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
11:56:16.0143 0x110c  ql40xx - ok
11:56:16.0252 0x110c  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
11:56:16.0252 0x110c  QWAVE - ok
11:56:16.0315 0x110c  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:56:16.0315 0x110c  QWAVEdrv - ok
11:56:16.0377 0x110c  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:56:16.0377 0x110c  RasAcd - ok
11:56:16.0424 0x110c  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
11:56:16.0424 0x110c  RasAgileVpn - ok
11:56:16.0502 0x110c  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
11:56:16.0517 0x110c  RasAuto - ok
11:56:16.0549 0x110c  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:56:16.0549 0x110c  Rasl2tp - ok
11:56:16.0627 0x110c  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
11:56:16.0642 0x110c  RasMan - ok
11:56:16.0689 0x110c  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:56:16.0689 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 0FE8B15916307A6AC12BFB6A63E45507, sha256: 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E
11:56:16.0705 0x110c  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
11:56:19.0871 0x110c  Detect skipped due to KSN trusted
11:56:19.0871 0x110c  RasPppoe - ok
11:56:19.0981 0x110c  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:56:19.0981 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: 44101F495A83EA6401D886E7FD70096B, sha256: 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A
11:56:19.0981 0x110c  RasSstp - detected LockedFile.Multi.Generic ( 1 )
11:56:22.0960 0x110c  Detect skipped due to KSN trusted
11:56:22.0960 0x110c  RasSstp - ok
11:56:23.0101 0x110c  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:56:23.0101 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: D528BC58A489409BA40334EBF96A311B, sha256: C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61
11:56:23.0116 0x110c  rdbss - detected LockedFile.Multi.Generic ( 1 )
11:56:26.0236 0x110c  Detect skipped due to KSN trusted
11:56:26.0236 0x110c  rdbss - ok
11:56:26.0330 0x110c  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
11:56:26.0330 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 0D8F05481CB76E70E1DA06EE9F0DA9DF, sha256: 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB
11:56:26.0345 0x110c  rdpbus - detected LockedFile.Multi.Generic ( 1 )
11:56:29.0231 0x110c  Detect skipped due to KSN trusted
11:56:29.0231 0x110c  rdpbus - ok
11:56:29.0341 0x110c  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:56:29.0341 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: 23DAE03F29D253AE74C44F99E515F9A1, sha256: 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430
11:56:29.0356 0x110c  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
11:56:32.0929 0x110c  Detect skipped due to KSN trusted
11:56:32.0929 0x110c  RDPCDD - ok
11:56:33.0053 0x110c  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:56:33.0053 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: 5A53CA1598DD4156D44196D200C94B8A, sha256: 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4
11:56:33.0069 0x110c  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
11:56:35.0924 0x110c  Detect skipped due to KSN trusted
11:56:35.0924 0x110c  RDPENCDD - ok
11:56:36.0033 0x110c  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
11:56:36.0033 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 44B0A53CD4F27D50ED461DAE0C0B4E1F, sha256: CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91
11:56:36.0049 0x110c  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
11:56:38.0935 0x110c  Detect skipped due to KSN trusted
11:56:38.0935 0x110c  RDPREFMP - ok
11:56:39.0028 0x110c  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:56:39.0028 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: F031683E6D1FEA157ABB2FF260B51E61, sha256: 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3
11:56:39.0044 0x110c  RDPWD - detected LockedFile.Multi.Generic ( 1 )
11:56:42.0117 0x110c  Detect skipped due to KSN trusted
11:56:42.0117 0x110c  RDPWD - ok
11:56:42.0180 0x110c  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
11:56:42.0180 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 518395321DC96FE2C9F0E96AC743B656, sha256: 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776
11:56:42.0226 0x110c  rdyboost - detected LockedFile.Multi.Generic ( 1 )
11:56:45.0112 0x110c  Detect skipped due to KSN trusted
11:56:45.0112 0x110c  rdyboost - ok
11:56:45.0268 0x110c  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:56:45.0268 0x110c  RemoteAccess - ok
11:56:45.0331 0x110c  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:56:45.0346 0x110c  RemoteRegistry - ok
11:56:45.0424 0x110c  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:56:45.0424 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: CB928D9E6DAF51879DD6BA8D02F01321, sha256: DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12
11:56:45.0456 0x110c  RFCOMM - detected LockedFile.Multi.Generic ( 1 )
11:56:48.0326 0x110c  Detect skipped due to KSN trusted
11:56:48.0326 0x110c  RFCOMM - ok
11:56:48.0482 0x110c  [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
11:56:48.0498 0x110c  RichVideo - ok
11:56:48.0576 0x110c  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
11:56:48.0591 0x110c  RpcEptMapper - ok
11:56:48.0654 0x110c  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
11:56:48.0654 0x110c  RpcLocator - ok
11:56:48.0732 0x110c  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
11:56:48.0747 0x110c  RpcSs - ok
11:56:48.0810 0x110c  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:56:48.0810 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: 032B0D36AD92B582D869879F5AF5B928, sha256: 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184
11:56:48.0841 0x110c  rspndr - detected LockedFile.Multi.Generic ( 1 )
11:56:51.0789 0x110c  Detect skipped due to KSN trusted
11:56:51.0789 0x110c  rspndr - ok
11:56:51.0930 0x110c  [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
11:56:51.0930 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 96F8DD546677AA5102150ACC140377B3, sha256: 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5
11:56:51.0961 0x110c  RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
11:56:54.0816 0x110c  Detect skipped due to KSN trusted
11:56:54.0816 0x110c  RSUSBSTOR - ok
11:56:54.0940 0x110c  [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
11:56:54.0940 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Rt86win7.sys. md5: 26A9D6227D12B9D9DA5A81BB9B55D810, sha256: 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9
11:56:54.0956 0x110c  RTL8167 - detected LockedFile.Multi.Generic ( 1 )
11:56:57.0826 0x110c  Detect skipped due to KSN trusted
11:56:57.0826 0x110c  RTL8167 - ok
11:56:57.0920 0x110c  [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
11:56:57.0920 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rtl8192se.sys. md5: B5E9979FBB26FC059BD87A81F763D5DA, sha256: 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D
11:56:57.0967 0x110c  rtl8192se - detected LockedFile.Multi.Generic ( 1 )
11:57:00.0931 0x110c  Detect skipped due to KSN trusted
11:57:00.0931 0x110c  rtl8192se - ok
11:57:01.0009 0x110c  RtsUIR - ok
11:57:01.0071 0x110c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
11:57:01.0071 0x110c  SamSs - ok
11:57:01.0134 0x110c  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:57:01.0134 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: 05D860DA1040F111503AC416CCEF2BCA, sha256: DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E
11:57:01.0149 0x110c  sbp2port - detected LockedFile.Multi.Generic ( 1 )
11:57:04.0035 0x110c  Detect skipped due to KSN trusted
11:57:04.0035 0x110c  sbp2port - ok
11:57:04.0113 0x110c  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:57:04.0129 0x110c  SCardSvr - ok
11:57:04.0176 0x110c  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
11:57:04.0191 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 0693B5EC673E34DC147E195779A4DCF6, sha256: AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670
11:57:04.0222 0x110c  scfilter - detected LockedFile.Multi.Generic ( 1 )
11:57:07.0108 0x110c  Detect skipped due to KSN trusted
11:57:07.0108 0x110c  scfilter - ok
11:57:07.0249 0x110c  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
11:57:07.0280 0x110c  Schedule - ok
11:57:07.0342 0x110c  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:57:07.0342 0x110c  SCPolicySvc - ok
11:57:07.0405 0x110c  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:57:07.0405 0x110c  SDRSVC - ok
11:57:07.0467 0x110c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:57:07.0467 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 90A3935D05B494A5A39D37E71F09A677, sha256: F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952
11:57:07.0514 0x110c  secdrv - detected LockedFile.Multi.Generic ( 1 )
11:57:10.0384 0x110c  Detect skipped due to KSN trusted
11:57:10.0384 0x110c  secdrv - ok
11:57:10.0462 0x110c  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
11:57:10.0462 0x110c  seclogon - ok
11:57:10.0525 0x110c  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
11:57:10.0525 0x110c  SENS - ok
11:57:10.0587 0x110c  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
11:57:10.0587 0x110c  SensrSvc - ok
11:57:10.0634 0x110c  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
11:57:10.0634 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: 9AD8B8B515E3DF6ACD4212EF465DE2D1, sha256: E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86
11:57:10.0650 0x110c  Serenum - detected LockedFile.Multi.Generic ( 1 )
11:57:13.0520 0x110c  Detect skipped due to KSN trusted
11:57:13.0520 0x110c  Serenum - ok
11:57:13.0676 0x110c  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
11:57:13.0676 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: 5FB7FCEA0490D821F26F39CC5EA3D1E2, sha256: A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F
11:57:13.0676 0x110c  Serial - detected LockedFile.Multi.Generic ( 1 )
11:57:16.0562 0x110c  Detect skipped due to KSN trusted
11:57:16.0562 0x110c  Serial - ok
11:57:16.0656 0x110c  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
11:57:16.0656 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 79BFFB520327FF916A582DFEA17AA813, sha256: 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C
11:57:16.0671 0x110c  sermouse - detected LockedFile.Multi.Generic ( 1 )
11:57:19.0557 0x110c  Detect skipped due to KSN trusted
11:57:19.0557 0x110c  sermouse - ok
11:57:19.0713 0x110c  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:57:19.0713 0x110c  SessionEnv - ok
11:57:19.0776 0x110c  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:57:19.0776 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: 9F976E1EB233DF46FCE808D9DEA3EB9C, sha256: 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75
11:57:19.0791 0x110c  sffdisk - detected LockedFile.Multi.Generic ( 1 )
11:57:22.0771 0x110c  Detect skipped due to KSN trusted
11:57:22.0786 0x110c  sffdisk - ok
11:57:22.0864 0x110c  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:57:22.0864 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: 932A68EE27833CFD57C1639D375F2731, sha256: 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3
11:57:22.0864 0x110c  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
11:57:25.0735 0x110c  Detect skipped due to KSN trusted
11:57:25.0735 0x110c  sffp_mmc - ok
11:57:25.0813 0x110c  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:57:25.0813 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: 6D4CCAEDC018F1CF52866BBBAA235982, sha256: AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131
11:57:25.0813 0x110c  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
11:57:28.0886 0x110c  Detect skipped due to KSN trusted
11:57:28.0886 0x110c  sffp_sd - ok
11:57:28.0964 0x110c  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
11:57:28.0964 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: DB96666CC8312EBC45032F30B007A547, sha256: C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7
11:57:28.0980 0x110c  sfloppy - detected LockedFile.Multi.Generic ( 1 )
11:57:31.0850 0x110c  Detect skipped due to KSN trusted
11:57:31.0850 0x110c  sfloppy - ok
11:57:32.0053 0x110c  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:57:32.0068 0x110c  SharedAccess - ok
11:57:32.0146 0x110c  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:57:32.0162 0x110c  ShellHWDetection - ok
11:57:32.0224 0x110c  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:57:32.0224 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sisagp.sys. md5: 2565CAC0DC9FE0371BDCE60832582B2E, sha256: 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D
11:57:32.0240 0x110c  sisagp - detected LockedFile.Multi.Generic ( 1 )
11:57:35.0126 0x110c  Detect skipped due to KSN trusted
11:57:35.0126 0x110c  sisagp - ok
11:57:35.0235 0x110c  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:57:35.0235 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: A9F0486851BECB6DDA1D89D381E71055, sha256: 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35
11:57:35.0251 0x110c  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
11:57:38.0121 0x110c  Detect skipped due to KSN trusted
11:57:38.0121 0x110c  SiSRaid2 - ok
11:57:38.0215 0x110c  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
11:57:38.0215 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 3727097B55738E2F554972C3BE5BC1AA, sha256: 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566
11:57:38.0215 0x110c  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
11:57:41.0101 0x110c  Detect skipped due to KSN trusted
11:57:41.0101 0x110c  SiSRaid4 - ok
11:57:41.0210 0x110c  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:57:41.0210 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 3E21C083B8A01CB70BA1F09303010FCE, sha256: 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197
11:57:41.0210 0x110c  Smb - detected LockedFile.Multi.Generic ( 1 )
11:57:44.0190 0x110c  Detect skipped due to KSN trusted
11:57:44.0190 0x110c  Smb - ok
11:57:44.0439 0x110c  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:57:44.0439 0x110c  SNMPTRAP - ok
11:57:44.0486 0x110c  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:57:44.0486 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: 95CF1AE7527FB70F7816563CBC09D942, sha256: CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65
11:57:44.0502 0x110c  spldr - detected LockedFile.Multi.Generic ( 1 )
11:57:47.0528 0x110c  Detect skipped due to KSN trusted
11:57:47.0528 0x110c  spldr - ok
11:57:47.0637 0x110c  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
11:57:47.0653 0x110c  Spooler - ok
11:57:47.0871 0x110c  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
11:57:47.0996 0x110c  sppsvc - ok
11:57:48.0090 0x110c  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
11:57:48.0090 0x110c  sppuinotify - ok
11:57:48.0168 0x110c  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:57:48.0168 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: E4C2764065D66EA1D2D3EBC28FE99C46, sha256: 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5
11:57:48.0214 0x110c  srv - detected LockedFile.Multi.Generic ( 1 )
11:57:51.0069 0x110c  Detect skipped due to KSN trusted
11:57:51.0069 0x110c  srv - ok
11:57:51.0178 0x110c  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:57:51.0178 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: 03F0545BD8D4C77FA0AE1CEEDFCC71AB, sha256: 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0
11:57:51.0194 0x110c  srv2 - detected LockedFile.Multi.Generic ( 1 )
11:57:54.0080 0x110c  Detect skipped due to KSN trusted
11:57:54.0080 0x110c  srv2 - ok
11:57:54.0174 0x110c  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:57:54.0174 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: BE6BD660CAA6F291AE06A718A4FA8ABC, sha256: CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59
11:57:54.0189 0x110c  srvnet - detected LockedFile.Multi.Generic ( 1 )
11:57:57.0153 0x110c  Detect skipped due to KSN trusted
11:57:57.0153 0x110c  srvnet - ok
11:57:57.0247 0x110c  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
11:57:57.0247 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadbus.sys. md5: 64E44ACD8C238FCBBB78F0BA4BDC4B05, sha256: 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4
11:57:57.0278 0x110c  ssadbus - detected LockedFile.Multi.Generic ( 1 )
         

Alt 09.07.2014, 14:03   #11
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Das ist die Fortsetzung, war wieder zu lang


Code:
ATTFilter
11:58:00.0164 0x110c  Detect skipped due to KSN trusted
11:58:00.0164 0x110c  ssadbus - ok
11:58:00.0273 0x110c  [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:58:00.0273 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadmdfl.sys. md5: BB2C84A15C765DA89FD832B0E73F26CE, sha256: BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A
11:58:00.0273 0x110c  ssadmdfl - detected LockedFile.Multi.Generic ( 1 )
11:58:03.0268 0x110c  Detect skipped due to KSN trusted
11:58:03.0268 0x110c  ssadmdfl - ok
11:58:03.0331 0x110c  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
11:58:03.0331 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadmdm.sys. md5: 6D0D132DDC6F43EDA00DCED6D8B1CA31, sha256: 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646
11:58:03.0331 0x110c  ssadmdm - detected LockedFile.Multi.Generic ( 1 )
11:58:06.0217 0x110c  Detect skipped due to KSN trusted
11:58:06.0217 0x110c  ssadmdm - ok
11:58:06.0295 0x110c  [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
11:58:06.0295 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ssadserd.sys. md5: 1A5A397BC459F346AB56492B61EF79F6, sha256: 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4
11:58:06.0310 0x110c  ssadserd - detected LockedFile.Multi.Generic ( 1 )
11:58:09.0181 0x110c  Detect skipped due to KSN trusted
11:58:09.0181 0x110c  ssadserd - ok
11:58:09.0306 0x110c  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:58:09.0321 0x110c  SSDPSRV - ok
11:58:09.0415 0x110c  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
11:58:09.0415 0x110c  ssmdrv - ok
11:58:09.0508 0x110c  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:58:09.0508 0x110c  SstpSvc - ok
11:58:09.0571 0x110c  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
11:58:09.0571 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: DB32D325C192B801DF274BFD12A7E72B, sha256: F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA
11:58:09.0602 0x110c  stexstor - detected LockedFile.Multi.Generic ( 1 )
11:58:12.0472 0x110c  Detect skipped due to KSN trusted
11:58:12.0472 0x110c  stexstor - ok
11:58:12.0550 0x110c  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
11:58:12.0566 0x110c  StiSvc - ok
11:58:12.0628 0x110c  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
11:58:12.0628 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: E58C78A848ADD9610A4DB6D214AF5224, sha256: 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426
11:58:12.0660 0x110c  swenum - detected LockedFile.Multi.Generic ( 1 )
11:58:15.0530 0x110c  Detect skipped due to KSN trusted
11:58:15.0530 0x110c  swenum - ok
11:58:15.0655 0x110c  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
11:58:15.0670 0x110c  swprv - ok
11:58:15.0733 0x110c  [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:58:15.0733 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 7A9025D8F7852B06D6D08ED536135E7E, sha256: 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD
11:58:15.0748 0x110c  SynTP - detected LockedFile.Multi.Generic ( 1 )
11:58:19.0633 0x110c  Detect skipped due to KSN trusted
11:58:19.0633 0x110c  SynTP - ok
11:58:19.0773 0x110c  [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32       C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
11:58:19.0773 0x110c  Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
11:58:19.0773 0x110c  syshost32 - detected LockedFile.Multi.Generic ( 1 )
11:58:22.0659 0x110c  Detect turned to UDS exact due to KSN untrusted
11:58:22.0659 0x110c  syshost32 ( UDS:DangerousObject.Multi.Generic ) - infected
11:58:22.0659 0x110c  Force sending object to P2P due to detect: syshost32
11:58:26.0653 0x110c  Object send P2P result: true
11:58:29.0820 0x110c  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
11:58:29.0851 0x110c  SysMain - ok
11:58:29.0913 0x110c  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
11:58:29.0929 0x110c  TabletInputService - ok
11:58:30.0022 0x110c  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:58:30.0038 0x110c  TapiSrv - ok
11:58:30.0116 0x110c  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
11:58:30.0116 0x110c  TBS - ok
11:58:30.0241 0x110c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:58:30.0241 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
11:58:30.0303 0x110c  Tcpip - detected LockedFile.Multi.Generic ( 1 )
11:58:33.0361 0x110c  Detect skipped due to KSN trusted
11:58:33.0361 0x110c  Tcpip - ok
11:58:33.0533 0x110c  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
11:58:33.0533 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 5579DD18546999F5D0EC39D018726C6B, sha256: 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3
11:58:33.0564 0x110c  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
11:58:33.0564 0x110c  Detect skipped due to KSN trusted
11:58:33.0564 0x110c  TCPIP6 - ok
11:58:33.0642 0x110c  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:58:33.0642 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: 3EEBD3BD93DA46A26E89893C7AB2FF3B, sha256: 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E
11:58:33.0657 0x110c  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
11:58:36.0512 0x110c  Detect skipped due to KSN trusted
11:58:36.0512 0x110c  tcpipreg - ok
11:58:36.0653 0x110c  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:58:36.0653 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 1CB91B2BD8F6DD367DFC2EF26FD751B2, sha256: 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954
11:58:36.0653 0x110c  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
11:58:39.0523 0x110c  Detect skipped due to KSN trusted
11:58:39.0523 0x110c  TDPIPE - ok
11:58:39.0570 0x110c  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:58:39.0570 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 2C2C5AFE7EE4F620D69C23C0617651A8, sha256: E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103
11:58:39.0585 0x110c  TDTCP - detected LockedFile.Multi.Generic ( 1 )
11:58:42.0471 0x110c  Detect skipped due to KSN trusted
11:58:42.0471 0x110c  TDTCP - ok
11:58:42.0565 0x110c  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:58:42.0565 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: B459575348C20E8121D6039DA063C704, sha256: 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347
11:58:42.0581 0x110c  tdx - detected LockedFile.Multi.Generic ( 1 )
11:58:45.0685 0x110c  Detect skipped due to KSN trusted
11:58:45.0685 0x110c  tdx - ok
11:58:45.0747 0x110c  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
11:58:45.0747 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 04DBF4B01EA4BF25A9A3E84AFFAC9B20, sha256: 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663
11:58:45.0747 0x110c  TermDD - detected LockedFile.Multi.Generic ( 1 )
11:58:48.0633 0x110c  Detect skipped due to KSN trusted
11:58:48.0633 0x110c  TermDD - ok
11:58:48.0727 0x110c  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
11:58:48.0758 0x110c  TermService - ok
11:58:48.0836 0x110c  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
11:58:48.0836 0x110c  Themes - ok
11:58:48.0883 0x110c  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
11:58:48.0883 0x110c  THREADORDER - ok
11:58:48.0930 0x110c  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
11:58:48.0945 0x110c  TrkWks - ok
11:58:49.0039 0x110c  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:58:49.0055 0x110c  TrustedInstaller - ok
11:58:49.0117 0x110c  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:58:49.0117 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: B37B08F2E5EEB1A37E448E09BACE1101, sha256: 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C
11:58:49.0148 0x110c  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
11:58:52.0034 0x110c  Detect skipped due to KSN trusted
11:58:52.0034 0x110c  tssecsrv - ok
11:58:52.0143 0x110c  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
11:58:52.0143 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: FD1D6C73E6333BE727CBCC6054247654, sha256: 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E
11:58:52.0159 0x110c  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
11:58:55.0029 0x110c  Detect skipped due to KSN trusted
11:58:55.0029 0x110c  TsUsbFlt - ok
11:58:55.0107 0x110c  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:58:55.0107 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: B2FA25D9B17A68BB93D58B0556E8C90D, sha256: 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE
11:58:55.0123 0x110c  tunnel - detected LockedFile.Multi.Generic ( 1 )
11:58:57.0993 0x110c  Detect skipped due to KSN trusted
11:58:57.0993 0x110c  tunnel - ok
11:58:58.0087 0x110c  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
11:58:58.0087 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: 750FBCB269F4D7DD2E420C56B795DB6D, sha256: E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7
11:58:58.0103 0x110c  uagp35 - detected LockedFile.Multi.Generic ( 1 )
11:59:00.0973 0x110c  Detect skipped due to KSN trusted
11:59:00.0973 0x110c  uagp35 - ok
11:59:01.0082 0x110c  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:59:01.0082 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: EE43346C7E4B5E63E54F927BABBB32FF, sha256: BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9
11:59:01.0098 0x110c  udfs - detected LockedFile.Multi.Generic ( 1 )
11:59:03.0968 0x110c  Detect skipped due to KSN trusted
11:59:03.0968 0x110c  udfs - ok
11:59:04.0077 0x110c  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:59:04.0077 0x110c  UI0Detect - ok
11:59:04.0140 0x110c  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:59:04.0140 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 44E8048ACE47BEFBFDC2E9BE4CBC8880, sha256: 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C
11:59:04.0140 0x110c  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
11:59:07.0026 0x110c  Detect skipped due to KSN trusted
11:59:07.0026 0x110c  uliagpkx - ok
11:59:07.0119 0x110c  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
11:59:07.0135 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: D295BED4B898F0FD999FCFA9B32B071B, sha256: D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2
11:59:07.0166 0x110c  umbus - detected LockedFile.Multi.Generic ( 1 )
11:59:10.0037 0x110c  Detect skipped due to KSN trusted
11:59:10.0037 0x110c  umbus - ok
11:59:10.0146 0x110c  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
11:59:10.0146 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: 7550AD0C6998BA1CB4843E920EE0FEAC, sha256: 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D
11:59:10.0146 0x110c  UmPass - detected LockedFile.Multi.Generic ( 1 )
11:59:13.0016 0x110c  Detect skipped due to KSN trusted
11:59:13.0016 0x110c  UmPass - ok
11:59:13.0141 0x110c  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
11:59:13.0157 0x110c  upnphost - ok
11:59:13.0219 0x110c  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:59:13.0219 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: 8455C4ED038EFD09E99327F9D2D48FFA, sha256: D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30
11:59:13.0235 0x110c  usbccgp - detected LockedFile.Multi.Generic ( 1 )
11:59:16.0121 0x110c  Detect skipped due to KSN trusted
11:59:16.0121 0x110c  usbccgp - ok
11:59:16.0214 0x110c  USBCCID - ok
11:59:16.0292 0x110c  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:59:16.0292 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 2352AB5F9F8F097BF9D41D5A4718A041, sha256: 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C
11:59:16.0308 0x110c  usbcir - detected LockedFile.Multi.Generic ( 1 )
11:59:19.0194 0x110c  Detect skipped due to KSN trusted
11:59:19.0194 0x110c  usbcir - ok
11:59:19.0287 0x110c  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:59:19.0287 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbehci.sys. md5: D40855F89B69305140BBD7E9A3BA2DA6, sha256: 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C
11:59:19.0303 0x110c  usbehci - detected LockedFile.Multi.Generic ( 1 )
11:59:22.0173 0x110c  Detect skipped due to KSN trusted
11:59:22.0173 0x110c  usbehci - ok
11:59:22.0314 0x110c  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:59:22.0314 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: EDF2DF71C4F1E13A6AC75F5224DE655A, sha256: 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C
11:59:22.0329 0x110c  usbhub - detected LockedFile.Multi.Generic ( 1 )
11:59:25.0200 0x110c  Detect skipped due to KSN trusted
11:59:25.0200 0x110c  usbhub - ok
11:59:25.0309 0x110c  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:59:25.0309 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 9828C8D14CC2676421778F0DE638CF97, sha256: 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453
11:59:25.0309 0x110c  usbohci - detected LockedFile.Multi.Generic ( 1 )
11:59:28.0195 0x110c  Detect skipped due to KSN trusted
11:59:28.0195 0x110c  usbohci - ok
11:59:28.0289 0x110c  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:59:28.0289 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 797D862FE0875E75C7CC4C1AD7B30252, sha256: 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069
11:59:28.0304 0x110c  usbprint - detected LockedFile.Multi.Generic ( 1 )
11:59:31.0175 0x110c  Detect skipped due to KSN trusted
11:59:31.0175 0x110c  usbprint - ok
11:59:31.0237 0x110c  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
11:59:31.0237 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbscan.sys. md5: FC6B21DB4B5B398AB93DBE59CBF11036, sha256: A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374
11:59:31.0237 0x110c  usbscan - detected LockedFile.Multi.Generic ( 1 )
11:59:34.0107 0x110c  Detect skipped due to KSN trusted
11:59:34.0107 0x110c  usbscan - ok
11:59:34.0201 0x110c  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:59:34.0201 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: F991AB9CC6B908DB552166768176896A, sha256: AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026
11:59:34.0201 0x110c  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
11:59:37.0071 0x110c  Detect skipped due to KSN trusted
11:59:37.0071 0x110c  USBSTOR - ok
11:59:37.0196 0x110c  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:59:37.0196 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbuhci.sys. md5: 800AABFD625EEFF899F7E5496BDE37AB, sha256: 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2
11:59:37.0196 0x110c  usbuhci - detected LockedFile.Multi.Generic ( 1 )
11:59:40.0269 0x110c  Detect skipped due to KSN trusted
11:59:40.0269 0x110c  usbuhci - ok
11:59:40.0472 0x110c  [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
11:59:40.0472 0x110c  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: F642A7E4BF78CFA359CCA0A3557C28D7, sha256: 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061
11:59:40.0488 0x110c  usbvideo - detected LockedFile.Multi.Generic ( 1 )
11:59:43.0467 0x110c  Detect skipped due to KSN trusted
11:59:43.0467 0x110c  usbvideo - ok
11:59:43.0592 0x110c  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
11:59:43.0592 0x110c  UxSms - ok
11:59:43.0655 0x110c  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
11:59:43.0655 0x110c  VaultSvc - ok
11:59:43.0701 0x110c  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
11:59:43.0701 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: A059C4C3EDB09E07D21A8E5C0AABD3CB, sha256: BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07
11:59:43.0748 0x110c  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
11:59:46.0759 0x110c  Detect skipped due to KSN trusted
11:59:46.0759 0x110c  vdrvroot - ok
11:59:46.0884 0x110c  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
11:59:46.0915 0x110c  vds - ok
11:59:46.0962 0x110c  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:59:46.0962 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: 17C408214EA61696CEC9C66E388B14F3, sha256: 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97
11:59:46.0993 0x110c  vga - detected LockedFile.Multi.Generic ( 1 )
11:59:49.0863 0x110c  Detect skipped due to KSN trusted
11:59:49.0863 0x110c  vga - ok
11:59:50.0004 0x110c  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:59:50.0004 0x110c  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 8E38096AD5C8570A6F1570A61E251561, sha256: 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39
11:59:50.0019 0x110c  VgaSave - detected LockedFile.Multi.Generic ( 1 )
11:59:52.0890 0x110c  Detect skipped due to KSN trusted
11:59:52.0890 0x110c  VgaSave - ok
11:59:52.0968 0x110c  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
11:59:52.0968 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 5461686CCA2FDA57B024547733AB42E3, sha256: 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84
11:59:52.0983 0x110c  vhdmp - detected LockedFile.Multi.Generic ( 1 )
11:59:55.0854 0x110c  Detect skipped due to KSN trusted
11:59:55.0854 0x110c  vhdmp - ok
11:59:55.0947 0x110c  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:59:55.0947 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaagp.sys. md5: C829317A37B4BEA8F39735D4B076E923, sha256: 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497
11:59:55.0963 0x110c  viaagp - detected LockedFile.Multi.Generic ( 1 )
11:59:58.0802 0x110c  Detect skipped due to KSN trusted
11:59:58.0802 0x110c  viaagp - ok
11:59:58.0911 0x110c  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
11:59:58.0911 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\viac7.sys. md5: E02F079A6AA107F06B16549C6E5C7B74, sha256: B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788
11:59:58.0927 0x110c  ViaC7 - detected LockedFile.Multi.Generic ( 1 )
12:00:01.0813 0x110c  Detect skipped due to KSN trusted
12:00:01.0813 0x110c  ViaC7 - ok
12:00:01.0938 0x110c  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:00:01.0938 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E43574F6A56A0EE11809B48C09E4FD3C, sha256: 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9
12:00:01.0969 0x110c  viaide - detected LockedFile.Multi.Generic ( 1 )
12:00:04.0824 0x110c  Detect skipped due to KSN trusted
12:00:04.0824 0x110c  viaide - ok
12:00:04.0917 0x110c  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:00:04.0917 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: 4C63E00F2F4B5F86AB48A58CD990F212, sha256: 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035
12:00:04.0933 0x110c  volmgr - detected LockedFile.Multi.Generic ( 1 )
12:00:07.0959 0x110c  Detect skipped due to KSN trusted
12:00:07.0959 0x110c  volmgr - ok
12:00:08.0084 0x110c  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:00:08.0084 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: B5BB72067DDDDBBFB04B2F89FF8C3C87, sha256: 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC
12:00:08.0084 0x110c  volmgrx - detected LockedFile.Multi.Generic ( 1 )
12:00:10.0970 0x110c  Detect skipped due to KSN trusted
12:00:10.0970 0x110c  volmgrx - ok
12:00:11.0079 0x110c  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:00:11.0079 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: F497F67932C6FA693D7DE2780631CFE7, sha256: DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6
12:00:11.0095 0x110c  volsnap - detected LockedFile.Multi.Generic ( 1 )
12:00:14.0059 0x110c  Detect skipped due to KSN trusted
12:00:14.0059 0x110c  volsnap - ok
12:00:14.0199 0x110c  [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
12:00:14.0231 0x110c  vpnagent - ok
12:00:14.0277 0x110c  [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
12:00:14.0277 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpnva.sys. md5: FDDAFA1C89B0B07494AF5879F7ECE857, sha256: C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301
12:00:14.0309 0x110c  vpnva - detected LockedFile.Multi.Generic ( 1 )
12:00:17.0179 0x110c  Detect skipped due to KSN trusted
12:00:17.0179 0x110c  vpnva - ok
12:00:17.0288 0x110c  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:00:17.0288 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 9DFA0CC2F8855A04816729651175B631, sha256: 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3
12:00:17.0304 0x110c  vsmraid - detected LockedFile.Multi.Generic ( 1 )
12:00:20.0190 0x110c  Detect skipped due to KSN trusted
12:00:20.0190 0x110c  vsmraid - ok
12:00:20.0361 0x110c  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
12:00:20.0393 0x110c  VSS - ok
12:00:20.0455 0x110c  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:00:20.0455 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 90567B1E658001E79D7C8BBD3DDE5AA6, sha256: EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557
12:00:20.0502 0x110c  vwifibus - detected LockedFile.Multi.Generic ( 1 )
12:00:23.0372 0x110c  Detect skipped due to KSN trusted
12:00:23.0372 0x110c  vwifibus - ok
12:00:23.0466 0x110c  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:00:23.0466 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 7090D3436EEB4E7DA3373090A23448F7, sha256: 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2
12:00:23.0497 0x110c  vwififlt - detected LockedFile.Multi.Generic ( 1 )
12:00:26.0368 0x110c  Detect skipped due to KSN trusted
12:00:26.0368 0x110c  vwififlt - ok
12:00:26.0446 0x110c  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:00:26.0446 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: A3F04CBEA6C2A10E6CB01F8B47611882, sha256: 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3
12:00:26.0461 0x110c  vwifimp - detected LockedFile.Multi.Generic ( 1 )
12:00:29.0332 0x110c  Detect skipped due to KSN trusted
12:00:29.0332 0x110c  vwifimp - ok
12:00:29.0441 0x110c  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
12:00:29.0456 0x110c  W32Time - ok
12:00:29.0534 0x110c  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:00:29.0534 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: DE3721E89C653AA281428C8A69745D90, sha256: 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516
12:00:29.0566 0x110c  WacomPen - detected LockedFile.Multi.Generic ( 1 )
12:00:32.0452 0x110c  Detect skipped due to KSN trusted
12:00:32.0452 0x110c  WacomPen - ok
12:00:32.0639 0x110c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:00:32.0639 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
12:00:32.0857 0x110c  WANARP - detected LockedFile.Multi.Generic ( 1 )
12:00:35.0728 0x110c  Detect skipped due to KSN trusted
12:00:35.0728 0x110c  WANARP - ok
12:00:35.0806 0x110c  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:00:35.0806 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 3C3C78515F5AB448B022BDF5B8FFDD2E, sha256: 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7
12:00:35.0806 0x110c  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
12:00:35.0806 0x110c  Detect skipped due to KSN trusted
12:00:35.0806 0x110c  Wanarpv6 - ok
12:00:35.0946 0x110c  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:00:35.0993 0x110c  WatAdminSvc - ok
12:00:36.0102 0x110c  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
12:00:36.0149 0x110c  wbengine - ok
12:00:36.0227 0x110c  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:00:36.0242 0x110c  WbioSrvc - ok
12:00:36.0320 0x110c  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:00:36.0336 0x110c  wcncsvc - ok
12:00:36.0383 0x110c  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:00:36.0383 0x110c  WcsPlugInService - ok
12:00:36.0445 0x110c  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:00:36.0445 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 1112A9BADACB47B7C0BB0392E3158DFF, sha256: 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4
12:00:36.0476 0x110c  Wd - detected LockedFile.Multi.Generic ( 1 )
12:00:39.0347 0x110c  Detect skipped due to KSN trusted
12:00:39.0347 0x110c  Wd - ok
12:00:39.0440 0x110c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:00:39.0440 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: 25944D2CC49E0A6C581D02A74B7D6645, sha256: AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE
12:00:39.0440 0x110c  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
12:00:42.0326 0x110c  Detect skipped due to KSN trusted
12:00:42.0326 0x110c  Wdf01000 - ok
12:00:42.0404 0x110c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:00:42.0404 0x110c  WdiServiceHost - ok
12:00:42.0467 0x110c  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:00:42.0467 0x110c  WdiSystemHost - ok
12:00:42.0545 0x110c  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
12:00:42.0560 0x110c  WebClient - ok
12:00:42.0638 0x110c  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:00:42.0654 0x110c  Wecsvc - ok
12:00:42.0701 0x110c  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:00:42.0701 0x110c  wercplsupport - ok
12:00:42.0748 0x110c  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
12:00:42.0763 0x110c  WerSvc - ok
12:00:42.0810 0x110c  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:00:42.0810 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 8B9A943F3B53861F2BFAF6C186168F79, sha256: 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713
12:00:42.0841 0x110c  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
12:00:45.0727 0x110c  Detect skipped due to KSN trusted
12:00:45.0727 0x110c  WfpLwf - ok
12:00:45.0821 0x110c  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:00:45.0821 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 5CF95B35E59E2A38023836FFF31BE64C, sha256: CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D
12:00:45.0836 0x110c  WIMMount - detected LockedFile.Multi.Generic ( 1 )
12:00:48.0707 0x110c  Detect skipped due to KSN trusted
12:00:48.0707 0x110c  WIMMount - ok
12:00:48.0832 0x110c  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:00:48.0863 0x110c  WinDefend - ok
12:00:48.0988 0x110c  WinHttpAutoProxySvc - ok
12:00:49.0066 0x110c  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:00:49.0081 0x110c  Winmgmt - ok
12:00:49.0206 0x110c  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
12:00:49.0253 0x110c  WinRM - ok
12:00:49.0409 0x110c  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:00:49.0409 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: A67E5F9A400F3BD1BE3D80613B45F708, sha256: E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367
12:00:49.0424 0x110c  WinUsb - detected LockedFile.Multi.Generic ( 1 )
12:00:52.0295 0x110c  Detect skipped due to KSN trusted
12:00:52.0295 0x110c  WinUsb - ok
12:00:52.0466 0x110c  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:00:52.0513 0x110c  Wlansvc - ok
12:00:52.0560 0x110c  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:00:52.0560 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: 0217679B8FCA58714C3BF2726D2CA84E, sha256: 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A
12:00:52.0591 0x110c  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
12:00:55.0477 0x110c  Detect skipped due to KSN trusted
12:00:55.0477 0x110c  WmiAcpi - ok
12:00:55.0618 0x110c  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:00:55.0618 0x110c  wmiApSrv - ok
12:00:55.0742 0x110c  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:00:55.0789 0x110c  WMPNetworkSvc - ok
12:00:55.0836 0x110c  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:00:55.0852 0x110c  WPCSvc - ok
12:00:55.0914 0x110c  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:00:55.0914 0x110c  WPDBusEnum - ok
12:00:55.0976 0x110c  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:00:55.0976 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6DB3276587B853BF886B69528FDB048C, sha256: 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C
12:00:56.0008 0x110c  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
12:00:58.0862 0x110c  Detect skipped due to KSN trusted
12:00:58.0862 0x110c  ws2ifsl - ok
12:00:58.0987 0x110c  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
12:00:58.0987 0x110c  wscsvc - ok
12:00:59.0065 0x110c  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:00:59.0065 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 553F6CCD7C58EB98D4A8FBDAF283D7A9, sha256: 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560
12:00:59.0081 0x110c  WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
12:01:01.0967 0x110c  Detect skipped due to KSN trusted
12:01:01.0967 0x110c  WSDPrintDevice - ok
12:01:02.0060 0x110c  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
12:01:02.0076 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WSDScan.sys. md5: 7DC0270CFD4A05B4112E3EBBF083B595, sha256: DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137
12:01:02.0076 0x110c  WSDScan - detected LockedFile.Multi.Generic ( 1 )
12:01:04.0946 0x110c  Detect skipped due to KSN trusted
12:01:04.0946 0x110c  WSDScan - ok
12:01:04.0978 0x110c  WSearch - ok
12:01:05.0165 0x110c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:01:05.0227 0x110c  wuauserv - ok
12:01:05.0321 0x110c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:01:05.0321 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: 06E6F32C8D0A3F66D956F57B43A2E070, sha256: 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943
12:01:05.0336 0x110c  WudfPf - detected LockedFile.Multi.Generic ( 1 )
12:01:08.0222 0x110c  Detect skipped due to KSN trusted
12:01:08.0222 0x110c  WudfPf - ok
12:01:08.0394 0x110c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:01:08.0394 0x110c  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 867C301E8B790040AE9CF6486E8041DF, sha256: D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855
12:01:08.0410 0x110c  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
12:01:11.0327 0x110c  Detect skipped due to KSN trusted
12:01:11.0327 0x110c  WUDFRd - ok
12:01:11.0436 0x110c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:01:11.0436 0x110c  wudfsvc - ok
12:01:11.0514 0x110c  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:01:11.0514 0x110c  WwanSvc - ok
12:01:11.0623 0x110c  ================ Scan global ===============================
12:01:11.0701 0x110c  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
12:01:11.0732 0x110c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:01:11.0779 0x110c  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
12:01:11.0810 0x110c  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
12:01:11.0842 0x110c  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
12:01:11.0857 0x110c  [ Global ] - ok
12:01:11.0857 0x110c  ================ Scan MBR ==================================
12:01:11.0857 0x110c  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
12:01:17.0333 0x110c  \Device\Harddisk0\DR0 - ok
12:01:17.0333 0x110c  ================ Scan VBR ==================================
12:01:17.0333 0x110c  [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
12:01:17.0348 0x110c  \Device\Harddisk0\DR0\Partition1 - ok
12:01:17.0411 0x110c  [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
12:01:17.0411 0x110c  \Device\Harddisk0\DR0\Partition2 - ok
12:01:17.0411 0x110c  [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
12:01:17.0411 0x110c  \Device\Harddisk0\DR0\Partition3 - ok
12:01:17.0426 0x110c  ================ Scan generic autorun ======================
12:01:17.0489 0x110c  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
12:01:17.0489 0x110c  IAAnotif - ok
12:01:17.0629 0x110c  [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
12:01:17.0707 0x110c  MGSysCtrl - ok
12:01:17.0832 0x110c  [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
12:01:17.0879 0x110c  SynTPEnh - ok
12:01:18.0331 0x110c  [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
12:01:18.0596 0x110c  RtHDVCpl - ok
12:01:18.0721 0x110c  [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
12:01:18.0721 0x110c  PDVD9LanguageShortcut - ok
12:01:18.0784 0x110c  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
12:01:18.0799 0x110c  UCam_Menu - ok
12:01:18.0830 0x110c  [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
12:01:18.0846 0x110c  YouCam Mirror Tray icon - ok
12:01:18.0862 0x110c  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
12:01:18.0877 0x110c  IgfxTray - ok
12:01:18.0893 0x110c  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
12:01:18.0908 0x110c  HotKeysCmds - ok
12:01:18.0924 0x110c  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
12:01:18.0940 0x110c  Persistence - ok
12:01:19.0018 0x110c  [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
12:01:19.0033 0x110c  IJNetworkScannerSelectorEX - ok
12:01:19.0142 0x110c  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
12:01:19.0174 0x110c  Adobe ARM - ok
12:01:19.0236 0x110c  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
12:01:19.0236 0x110c  SunJavaUpdateSched - ok
12:01:19.0345 0x110c  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
12:01:19.0376 0x110c  avgnt - ok
12:01:19.0439 0x110c  [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
12:01:19.0454 0x110c  Cisco AnyConnect Secure Mobility Agent for Windows - ok
12:01:19.0579 0x110c  [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
12:01:19.0642 0x110c  MailCheck IE Broker - ok
12:01:19.0657 0x110c  {956AD994-B7CC-444F-8054-3F0EAE8F6791} - ok
12:01:19.0657 0x110c  {18E8313B-5A67-490D-9B0D-BCBA5F82ED24} - ok
12:01:19.0657 0x110c  Waiting for KSN requests completion. In queue: 16
12:01:20.0671 0x110c  Waiting for KSN requests completion. In queue: 16
12:01:21.0685 0x110c  Waiting for KSN requests completion. In queue: 16
12:01:22.0715 0x110c  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x42000 ( disabled : updated )
12:01:22.0715 0x110c  Win FW state via NFP2: enabled
12:01:25.0554 0x110c  ============================================================
12:01:25.0554 0x110c  Scan finished
12:01:25.0554 0x110c  ============================================================
12:01:25.0570 0x0fbc  Detected object count: 2
12:01:25.0570 0x0fbc  Actual detected object count: 2
         

Alt 09.07.2014, 14:05   #12
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Und das ist der von heute, der heute nach dem Durchsuchen erzeugt worden ist


Code:
ATTFilter
14:12:26.0947 0x0c70  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
14:12:31.0003 0x0c70  ============================================================
14:12:31.0003 0x0c70  Current date / time: 2014/07/09 14:12:31.0003
14:12:31.0003 0x0c70  SystemInfo:
14:12:31.0003 0x0c70  
14:12:31.0003 0x0c70  OS Version: 6.1.7601 ServicePack: 1.0
14:12:31.0003 0x0c70  Product type: Workstation
14:12:31.0003 0x0c70  ComputerName: *****-PC
14:12:31.0003 0x0c70  UserName: *****
14:12:31.0003 0x0c70  Windows directory: C:\Windows
14:12:31.0003 0x0c70  System windows directory: C:\Windows
14:12:31.0003 0x0c70  Processor architecture: Intel x86
14:12:31.0003 0x0c70  Number of processors: 2
14:12:31.0003 0x0c70  Page size: 0x1000
14:12:31.0003 0x0c70  Boot type: Normal boot
14:12:31.0003 0x0c70  ============================================================
14:12:31.0003 0x0c70  BG loaded
14:12:31.0424 0x0c70  System UUID: {6A8BC0A5-1C78-976F-B765-04D7E81B4982}
14:12:32.0594 0x0c70  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:12:32.0609 0x0c70  ============================================================
14:12:32.0609 0x0c70  \Device\Harddisk0\DR0:
14:12:32.0609 0x0c70  MBR partitions:
14:12:32.0609 0x0c70  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:12:32.0609 0x0c70  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36552000
14:12:32.0609 0x0c70  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x36584800, BlocksNum 0x3C00000
14:12:32.0609 0x0c70  ============================================================
14:12:32.0641 0x0c70  C: <-> \Device\Harddisk0\DR0\Partition2
14:12:32.0703 0x0c70  D: <-> \Device\Harddisk0\DR0\Partition3
14:12:32.0703 0x0c70  ============================================================
14:12:32.0703 0x0c70  Initialize success
14:12:32.0703 0x0c70  ============================================================
14:12:38.0693 0x0970  ============================================================
14:12:38.0693 0x0970  Scan started
14:12:38.0693 0x0970  Mode: Manual; 
14:12:38.0693 0x0970  ============================================================
14:12:38.0693 0x0970  KSN ping started
14:12:38.0771 0x0970  KSN ping finished: false
14:12:40.0300 0x0970  ================ Scan system memory ========================
14:12:40.0300 0x0970  System memory - ok
14:12:40.0300 0x0970  ================ Scan services =============================
14:12:40.0487 0x0970  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:12:40.0503 0x0970  1394ohci - ok
14:12:40.0597 0x0970  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:12:40.0612 0x0970  ACPI - ok
14:12:40.0643 0x0970  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:12:40.0643 0x0970  AcpiPmi - ok
14:12:40.0690 0x0970  [ 9BC0D1B4D9CCEC2DC9F010E466738A38, FA213D43DC18F92606B9A69E08B9D7B699038F087FE90AA3A1BB348AEBDEEACB ] acsock          C:\Windows\system32\DRIVERS\acsock.sys
14:12:40.0706 0x0970  acsock - ok
14:12:40.0831 0x0970  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:12:40.0846 0x0970  AdobeARMservice - ok
14:12:40.0955 0x0970  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:12:40.0971 0x0970  AdobeFlashPlayerUpdateSvc - ok
14:12:41.0033 0x0970  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
14:12:41.0096 0x0970  adp94xx - ok
14:12:41.0127 0x0970  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
14:12:41.0189 0x0970  adpahci - ok
14:12:41.0221 0x0970  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
14:12:41.0236 0x0970  adpu320 - ok
14:12:41.0283 0x0970  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:12:41.0283 0x0970  AeLookupSvc - ok
14:12:41.0345 0x0970  [ F81BB7E487EDCEAB630A7EE66CF23913, 7D1638FD7E388EF670FA0A421762E0413351058A20DDF0F9988A383F05395A68 ] AFD             C:\Windows\system32\drivers\afd.sys
14:12:41.0423 0x0970  AFD - ok
14:12:41.0455 0x0970  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
14:12:41.0470 0x0970  agp440 - ok
14:12:41.0517 0x0970  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
14:12:41.0533 0x0970  aic78xx - ok
14:12:41.0564 0x0970  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
14:12:41.0595 0x0970  ALG - ok
14:12:41.0657 0x0970  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:12:41.0704 0x0970  aliide - ok
14:12:41.0751 0x0970  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
14:12:41.0751 0x0970  amdagp - ok
14:12:41.0782 0x0970  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:12:41.0798 0x0970  amdide - ok
14:12:41.0845 0x0970  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
14:12:41.0876 0x0970  AmdK8 - ok
14:12:41.0907 0x0970  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
14:12:41.0923 0x0970  AmdPPM - ok
14:12:41.0954 0x0970  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:12:42.0001 0x0970  amdsata - ok
14:12:42.0047 0x0970  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
14:12:42.0094 0x0970  amdsbs - ok
14:12:42.0125 0x0970  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:12:42.0157 0x0970  amdxata - ok
14:12:42.0219 0x0970  [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA, 834B397F365D930DA01D5189DDF06195CFE4C0F9249223C5A9004643F41BA6E4 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
14:12:42.0219 0x0970  androidusb - ok
14:12:42.0313 0x0970  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:12:42.0328 0x0970  AntiVirSchedulerService - ok
14:12:42.0391 0x0970  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:12:42.0406 0x0970  AntiVirService - ok
14:12:42.0453 0x0970  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
14:12:42.0469 0x0970  AppID - ok
14:12:42.0500 0x0970  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:12:42.0531 0x0970  AppIDSvc - ok
14:12:42.0578 0x0970  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
14:12:42.0593 0x0970  Appinfo - ok
14:12:42.0640 0x0970  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
14:12:42.0656 0x0970  arc - ok
14:12:42.0671 0x0970  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
14:12:42.0718 0x0970  arcsas - ok
14:12:42.0843 0x0970  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:12:42.0859 0x0970  aspnet_state - ok
14:12:42.0890 0x0970  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:12:42.0890 0x0970  AsyncMac - ok
14:12:42.0952 0x0970  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:12:42.0983 0x0970  atapi - ok
14:12:43.0046 0x0970  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:12:43.0077 0x0970  AudioEndpointBuilder - ok
14:12:43.0124 0x0970  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
14:12:43.0139 0x0970  Audiosrv - ok
14:12:43.0233 0x0970  [ B0A63DD71CB0CB597D8BD5C364E73F7C, 572B31F3FC962F50110D42A08CDD0614323E18C213575710CEEFA35EE7CAE8C5 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
14:12:43.0264 0x0970  avgntflt - ok
14:12:43.0342 0x0970  [ 05AF7CBF0BDA1571BBADC36703EB9CA4, 3925AD58053769D317D3CF0DDDF7371B010F2F4C839CF7B44F327AE9D0AB5442 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
14:12:43.0389 0x0970  avipbb - ok
14:12:43.0420 0x0970  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
14:12:43.0436 0x0970  avkmgr - ok
14:12:43.0483 0x0970  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:12:43.0498 0x0970  AxInstSV - ok
14:12:43.0545 0x0970  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
14:12:43.0607 0x0970  b06bdrv - ok
14:12:43.0654 0x0970  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
14:12:43.0685 0x0970  b57nd60x - ok
14:12:43.0732 0x0970  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
14:12:43.0748 0x0970  BDESVC - ok
14:12:43.0779 0x0970  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:12:43.0779 0x0970  Beep - ok
14:12:43.0857 0x0970  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
14:12:43.0888 0x0970  BFE - ok
14:12:43.0951 0x0970  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
14:12:43.0997 0x0970  BITS - ok
14:12:44.0029 0x0970  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
14:12:44.0060 0x0970  blbdrive - ok
14:12:44.0107 0x0970  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:12:44.0153 0x0970  bowser - ok
14:12:44.0185 0x0970  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:12:44.0216 0x0970  BrFiltLo - ok
14:12:44.0247 0x0970  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:12:44.0278 0x0970  BrFiltUp - ok
14:12:44.0325 0x0970  [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:12:44.0341 0x0970  BridgeMP - ok
14:12:44.0372 0x0970  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
14:12:44.0387 0x0970  Browser - ok
14:12:44.0419 0x0970  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:12:44.0481 0x0970  Brserid - ok
14:12:44.0528 0x0970  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:12:44.0559 0x0970  BrSerWdm - ok
14:12:44.0590 0x0970  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:12:44.0606 0x0970  BrUsbMdm - ok
14:12:44.0621 0x0970  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:12:44.0637 0x0970  BrUsbSer - ok
14:12:44.0684 0x0970  [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
14:12:44.0684 0x0970  BthEnum - ok
14:12:44.0715 0x0970  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
14:12:44.0731 0x0970  BTHMODEM - ok
14:12:44.0762 0x0970  [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
14:12:44.0762 0x0970  BthPan - ok
14:12:44.0809 0x0970  [ 4A34888E13224678DD062466AFEC4240, B432D135716123BB9EC2FBE5D2C45E819EC7E55205FC295B982B0C6F87543940 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
14:12:44.0871 0x0970  BTHPORT - ok
14:12:44.0933 0x0970  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
14:12:44.0933 0x0970  bthserv - ok
14:12:44.0949 0x0970  [ FA04C63916FA221DBB91FCE153D07A55, 3B013CABF2BFADE5ADD2B9AB65FB9FE53FBA72B13A8B41A599EF6D227764A8C7 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
14:12:44.0980 0x0970  BTHUSB - ok
14:12:45.0027 0x0970  [ D57D29132EFE13A83133D9BD449E0CF1, 8C12FC2404A53EFA028B3423A96F2B5ADDE1640A964AFAF2C460E73338551FFB ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
14:12:45.0043 0x0970  btwaudio - ok
14:12:45.0089 0x0970  [ D282C14A69357D0E1BAFAECC2CA98C3A, 1F576218591B87920641F7E2FA349E477032C4C38DF5A6584738DC0280E203A9 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
14:12:45.0105 0x0970  btwavdt - ok
14:12:45.0214 0x0970  [ F7434401AE320BB97903A3C1865242FB, B401B13133A7D7B2861D81F800F6DEFF361320C994C704B6688A1E6A61439E8D ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:12:45.0245 0x0970  btwdins - ok
14:12:45.0261 0x0970  [ AAFD7CB76BA61FBB08E302DA208C974A, 1B342095E373ECCA1775B30E92CD337BECEB4BA9F821132C33507A646E6A341C ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
14:12:45.0277 0x0970  btwl2cap - ok
14:12:45.0308 0x0970  [ 02EB4D2B05967DF2D32F29C84AB1FB17, 95B7901F7BCE41DF53309158AC12888BA1F82FF2E576BF3ED0E67EA3CFAB1288 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
14:12:45.0308 0x0970  btwrchid - ok
14:12:45.0386 0x0970  catchme - ok
14:12:45.0417 0x0970  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:12:45.0433 0x0970  cdfs - ok
14:12:45.0495 0x0970  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\drivers\cdrom.sys
14:12:45.0511 0x0970  cdrom - ok
14:12:45.0557 0x0970  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:12:45.0557 0x0970  CertPropSvc - ok
14:12:45.0589 0x0970  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
14:12:45.0635 0x0970  circlass - ok
14:12:45.0682 0x0970  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
14:12:45.0698 0x0970  CLFS - ok
14:12:45.0854 0x0970  [ 5BEBB11A5BF2948FEFA59DC213B03DDD, 34BB17CC4014E14BC6135E64725DDC4D24BC0EA71A7626E268733EEDD1542E25 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe
14:12:45.0932 0x0970  ClickToRunSvc - ok
14:12:45.0994 0x0970  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:46.0041 0x0970  clr_optimization_v2.0.50727_32 - ok
14:12:46.0103 0x0970  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:12:46.0119 0x0970  clr_optimization_v4.0.30319_32 - ok
14:12:46.0150 0x0970  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
14:12:46.0150 0x0970  CmBatt - ok
14:12:46.0181 0x0970  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:12:46.0197 0x0970  cmdide - ok
14:12:46.0244 0x0970  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
14:12:46.0291 0x0970  CNG - ok
14:12:46.0322 0x0970  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
14:12:46.0353 0x0970  Compbatt - ok
14:12:46.0415 0x0970  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:12:46.0462 0x0970  CompositeBus - ok
14:12:46.0493 0x0970  COMSysApp - ok
14:12:46.0525 0x0970  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
14:12:46.0525 0x0970  crcdisk - ok
14:12:46.0571 0x0970  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:12:46.0587 0x0970  CryptSvc - ok
14:12:46.0634 0x0970  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:12:46.0665 0x0970  DcomLaunch - ok
14:12:46.0712 0x0970  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
14:12:46.0743 0x0970  defragsvc - ok
14:12:46.0774 0x0970  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:12:46.0790 0x0970  DfsC - ok
14:12:46.0852 0x0970  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:12:46.0868 0x0970  Dhcp - ok
14:12:46.0899 0x0970  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
14:12:46.0899 0x0970  discache - ok
14:12:46.0946 0x0970  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
14:12:46.0977 0x0970  Disk - ok
14:12:47.0024 0x0970  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:12:47.0039 0x0970  Dnscache - ok
14:12:47.0071 0x0970  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:12:47.0117 0x0970  dot3svc - ok
14:12:47.0180 0x0970  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
14:12:47.0195 0x0970  DPS - ok
14:12:47.0242 0x0970  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:12:47.0273 0x0970  drmkaud - ok
14:12:47.0351 0x0970  [ 71BC35067CABC02C9453AEAA42B2E43E, 713B19F2C08EA5E4C087F7A74A8856932CF33E19D63384823DD4E02ED8798619 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:12:47.0492 0x0970  DXGKrnl - ok
14:12:47.0539 0x0970  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
14:12:47.0554 0x0970  EapHost - ok
14:12:47.0726 0x0970  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
14:12:47.0929 0x0970  ebdrv - ok
14:12:47.0975 0x0970  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
14:12:47.0975 0x0970  EFS - ok
14:12:48.0053 0x0970  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:12:48.0131 0x0970  ehRecvr - ok
14:12:48.0178 0x0970  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
14:12:48.0178 0x0970  ehSched - ok
14:12:48.0241 0x0970  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
14:12:48.0287 0x0970  elxstor - ok
14:12:48.0319 0x0970  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:12:48.0319 0x0970  ErrDev - ok
14:12:48.0381 0x0970  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
14:12:48.0397 0x0970  EventSystem - ok
14:12:48.0428 0x0970  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:12:48.0443 0x0970  exfat - ok
14:12:48.0475 0x0970  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:12:48.0490 0x0970  fastfat - ok
14:12:48.0568 0x0970  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
14:12:48.0584 0x0970  Fax - ok
14:12:48.0615 0x0970  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
14:12:48.0646 0x0970  fdc - ok
14:12:48.0693 0x0970  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
14:12:48.0693 0x0970  fdPHost - ok
14:12:48.0709 0x0970  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:12:48.0709 0x0970  FDResPub - ok
14:12:48.0740 0x0970  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:12:48.0771 0x0970  FileInfo - ok
14:12:48.0802 0x0970  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:12:48.0833 0x0970  Filetrace - ok
14:12:48.0865 0x0970  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
14:12:48.0896 0x0970  flpydisk - ok
14:12:48.0927 0x0970  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:12:48.0989 0x0970  FltMgr - ok
14:12:49.0083 0x0970  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
14:12:49.0145 0x0970  FontCache - ok
14:12:49.0208 0x0970  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:49.0223 0x0970  FontCache3.0.0.0 - ok
14:12:49.0239 0x0970  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:12:49.0270 0x0970  FsDepends - ok
14:12:49.0301 0x0970  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:12:49.0333 0x0970  Fs_Rec - ok
14:12:49.0395 0x0970  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:12:49.0426 0x0970  fvevol - ok
14:12:49.0457 0x0970  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
14:12:49.0504 0x0970  gagp30kx - ok
14:12:49.0551 0x0970  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:12:49.0598 0x0970  gpsvc - ok
14:12:49.0691 0x0970  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:49.0707 0x0970  gupdate - ok
14:12:49.0723 0x0970  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:49.0738 0x0970  gupdatem - ok
14:12:49.0754 0x0970  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:12:49.0769 0x0970  hcw85cir - ok
14:12:49.0832 0x0970  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:12:49.0863 0x0970  HdAudAddService - ok
14:12:49.0910 0x0970  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:12:49.0910 0x0970  HDAudBus - ok
14:12:49.0941 0x0970  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
14:12:49.0941 0x0970  HidBatt - ok
14:12:49.0972 0x0970  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
14:12:50.0003 0x0970  HidBth - ok
14:12:50.0050 0x0970  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
14:12:50.0066 0x0970  HidIr - ok
14:12:50.0097 0x0970  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\System32\hidserv.dll
14:12:50.0097 0x0970  hidserv - ok
14:12:50.0144 0x0970  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
14:12:50.0175 0x0970  HidUsb - ok
14:12:50.0222 0x0970  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:12:50.0222 0x0970  hkmsvc - ok
14:12:50.0253 0x0970  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:12:50.0284 0x0970  HomeGroupListener - ok
14:12:50.0315 0x0970  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:12:50.0331 0x0970  HomeGroupProvider - ok
14:12:50.0378 0x0970  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:12:50.0409 0x0970  HpSAMD - ok
14:12:50.0471 0x0970  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:12:50.0549 0x0970  HTTP - ok
14:12:50.0596 0x0970  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:12:50.0627 0x0970  hwpolicy - ok
14:12:50.0674 0x0970  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:12:50.0690 0x0970  i8042prt - ok
14:12:50.0768 0x0970  [ 7548066DF68A8A1A56B043359F915F37, 6225DDE554E45858374CBD284A85A00F773089A667C08492187A637232B8BD9A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
14:12:50.0815 0x0970  IAANTMON - ok
14:12:50.0861 0x0970  [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
14:12:50.0877 0x0970  iaStor - ok
14:12:50.0924 0x0970  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:12:51.0002 0x0970  iaStorV - ok
14:12:51.0080 0x0970  [ C521D7EB6497BB1AF6AFA89E322FB43C, BDDCFCBB5B76A9295669B5AC9F732D6127199ED5C300770B554C4E4794F66BB7 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:51.0189 0x0970  idsvc - ok
14:12:51.0220 0x0970  IEEtwCollectorService - ok
14:12:51.0719 0x0970  [ 8266AE06DF974E5BA047B3E9E9E70B3F, 44E5A8EED802A1DDF3CCDB478A88A3AB3CF009F449FB11E0F94A28498342B4E2 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
14:12:52.0234 0x0970  igfx - ok
14:12:52.0359 0x0970  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
14:12:52.0375 0x0970  iirsp - ok
14:12:52.0437 0x0970  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
14:12:52.0468 0x0970  IKEEXT - ok
14:12:52.0687 0x0970  [ B29E79C67F3779E70BA187E31B639EBC, 7B8E2DCD12AD8DDD3E5F492BC715AFB55DC48EC05A5A0644840078DB0AD70232 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:12:52.0921 0x0970  IntcAzAudAddService - ok
14:12:52.0967 0x0970  [ E63CD0D9AA8D406CABDE5AA718936F40, FFAE499226426D6061F1B8BB6CBE3EDDF8F8E27AF9A8B82CDB5485F008F9D733 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
14:12:52.0983 0x0970  IntcHdmiAddService - ok
14:12:53.0014 0x0970  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:12:53.0061 0x0970  intelide - ok
14:12:53.0108 0x0970  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
14:12:53.0108 0x0970  intelppm - ok
14:12:53.0155 0x0970  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:12:53.0186 0x0970  IPBusEnum - ok
14:12:53.0248 0x0970  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:12:53.0279 0x0970  IpFilterDriver - ok
14:12:53.0373 0x0970  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:12:53.0404 0x0970  iphlpsvc - ok
14:12:53.0435 0x0970  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:12:53.0451 0x0970  IPMIDRV - ok
14:12:53.0747 0x0970  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:12:53.0779 0x0970  IPNAT - ok
14:12:53.0810 0x0970  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:12:53.0841 0x0970  IRENUM - ok
14:12:53.0888 0x0970  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:12:53.0935 0x0970  isapnp - ok
14:12:54.0013 0x0970  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:12:54.0059 0x0970  iScsiPrt - ok
14:12:54.0122 0x0970  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
14:12:54.0169 0x0970  kbdclass - ok
14:12:54.0231 0x0970  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
14:12:54.0262 0x0970  kbdhid - ok
14:12:54.0278 0x0970  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
14:12:54.0278 0x0970  KeyIso - ok
14:12:54.0325 0x0970  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:12:54.0340 0x0970  KSecDD - ok
14:12:54.0403 0x0970  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:12:54.0449 0x0970  KSecPkg - ok
14:12:54.0527 0x0970  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:12:54.0574 0x0970  KtmRm - ok
14:12:54.0637 0x0970  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:12:54.0652 0x0970  LanmanServer - ok
14:12:54.0699 0x0970  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:12:54.0715 0x0970  LanmanWorkstation - ok
14:12:54.0761 0x0970  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:12:54.0777 0x0970  lltdio - ok
14:12:54.0824 0x0970  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:12:54.0855 0x0970  lltdsvc - ok
14:12:54.0886 0x0970  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:12:54.0917 0x0970  lmhosts - ok
14:12:54.0980 0x0970  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
14:12:55.0027 0x0970  LSI_FC - ok
14:12:55.0089 0x0970  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
14:12:55.0120 0x0970  LSI_SAS - ok
14:12:55.0183 0x0970  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:12:55.0183 0x0970  LSI_SAS2 - ok
14:12:55.0229 0x0970  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:12:55.0261 0x0970  LSI_SCSI - ok
14:12:55.0323 0x0970  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:12:55.0370 0x0970  luafv - ok
14:12:55.0432 0x0970  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:12:55.0479 0x0970  Mcx2Svc - ok
14:12:55.0526 0x0970  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
14:12:55.0557 0x0970  megasas - ok
14:12:55.0619 0x0970  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
14:12:55.0682 0x0970  MegaSR - ok
14:12:55.0744 0x0970  [ 71C6748EE8DE938532057EF10B4B7E44, 455175332156939B3CDA4511A2A6C213ABBFDB85EEECA98B6AB014C994F532C4 ] Micro Star SCM  C:\Program Files\System Control Manager\MSIService.exe
14:12:55.0775 0x0970  Micro Star SCM - ok
14:12:55.0822 0x0970  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
14:12:55.0822 0x0970  MMCSS - ok
14:12:55.0869 0x0970  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
14:12:55.0900 0x0970  Modem - ok
14:12:55.0947 0x0970  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:12:55.0947 0x0970  monitor - ok
14:12:55.0978 0x0970  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\drivers\mouclass.sys
14:12:56.0009 0x0970  mouclass - ok
14:12:56.0041 0x0970  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:12:56.0041 0x0970  mouhid - ok
14:12:56.0087 0x0970  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:12:56.0119 0x0970  mountmgr - ok
14:12:56.0181 0x0970  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:12:56.0212 0x0970  mpio - ok
14:12:56.0306 0x0970  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:12:56.0337 0x0970  mpsdrv - ok
14:12:56.0415 0x0970  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:12:56.0446 0x0970  MpsSvc - ok
14:12:56.0493 0x0970  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:12:56.0509 0x0970  MRxDAV - ok
14:12:56.0571 0x0970  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:12:56.0602 0x0970  mrxsmb - ok
14:12:56.0665 0x0970  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:12:56.0711 0x0970  mrxsmb10 - ok
14:12:56.0758 0x0970  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:12:56.0789 0x0970  mrxsmb20 - ok
14:12:56.0836 0x0970  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:12:56.0867 0x0970  msahci - ok
14:12:56.0899 0x0970  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:12:56.0961 0x0970  msdsm - ok
14:12:56.0992 0x0970  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
14:12:57.0039 0x0970  MSDTC - ok
14:12:57.0101 0x0970  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:12:57.0133 0x0970  Msfs - ok
14:12:57.0164 0x0970  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:12:57.0195 0x0970  mshidkmdf - ok
14:12:57.0257 0x0970  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:12:57.0320 0x0970  msisadrv - ok
14:12:57.0351 0x0970  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:12:57.0398 0x0970  MSiSCSI - ok
14:12:57.0413 0x0970  msiserver - ok
14:12:57.0460 0x0970  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:12:57.0476 0x0970  MSKSSRV - ok
14:12:57.0491 0x0970  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:12:57.0523 0x0970  MSPCLOCK - ok
14:12:57.0554 0x0970  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:12:57.0569 0x0970  MSPQM - ok
14:12:57.0601 0x0970  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:12:57.0632 0x0970  MsRPC - ok
14:12:57.0694 0x0970  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:12:57.0694 0x0970  mssmbios - ok
14:12:57.0741 0x0970  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:12:57.0741 0x0970  MSTEE - ok
14:12:57.0772 0x0970  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
14:12:57.0772 0x0970  MTConfig - ok
14:12:57.0850 0x0970  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
14:12:57.0881 0x0970  Mup - ok
14:12:57.0975 0x0970  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
14:12:58.0006 0x0970  napagent - ok
14:12:58.0100 0x0970  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:12:58.0209 0x0970  NativeWifiP - ok
14:12:58.0318 0x0970  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:12:58.0381 0x0970  NDIS - ok
14:12:58.0443 0x0970  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:12:58.0474 0x0970  NdisCap - ok
14:12:58.0537 0x0970  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:12:58.0568 0x0970  NdisTapi - ok
14:12:58.0630 0x0970  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:12:58.0677 0x0970  Ndisuio - ok
14:12:58.0708 0x0970  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:12:58.0755 0x0970  NdisWan - ok
14:12:58.0786 0x0970  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:12:58.0802 0x0970  NDProxy - ok
14:12:58.0849 0x0970  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:12:58.0880 0x0970  NetBIOS - ok
14:12:58.0958 0x0970  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:12:59.0005 0x0970  NetBT - ok
14:12:59.0036 0x0970  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
14:12:59.0036 0x0970  Netlogon - ok
14:12:59.0083 0x0970  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
14:12:59.0098 0x0970  Netman - ok
14:12:59.0192 0x0970  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0239 0x0970  NetMsmqActivator - ok
14:12:59.0301 0x0970  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0301 0x0970  NetPipeActivator - ok
14:12:59.0348 0x0970  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
14:12:59.0379 0x0970  netprofm - ok
14:12:59.0395 0x0970  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0395 0x0970  NetTcpActivator - ok
14:12:59.0410 0x0970  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:59.0426 0x0970  NetTcpPortSharing - ok
14:12:59.0457 0x0970  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
14:12:59.0488 0x0970  nfrd960 - ok
14:12:59.0535 0x0970  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:12:59.0566 0x0970  NlaSvc - ok
14:12:59.0597 0x0970  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:12:59.0613 0x0970  Npfs - ok
14:12:59.0644 0x0970  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
14:12:59.0660 0x0970  nsi - ok
14:12:59.0675 0x0970  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:12:59.0691 0x0970  nsiproxy - ok
14:12:59.0800 0x0970  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:12:59.0925 0x0970  Ntfs - ok
14:12:59.0972 0x0970  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
14:13:00.0003 0x0970  Null - ok
14:13:00.0034 0x0970  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:13:00.0065 0x0970  nvraid - ok
14:13:00.0112 0x0970  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:13:00.0159 0x0970  nvstor - ok
14:13:00.0190 0x0970  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:13:00.0206 0x0970  nv_agp - ok
14:13:00.0237 0x0970  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:13:00.0253 0x0970  ohci1394 - ok
14:13:00.0315 0x0970  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:13:00.0362 0x0970  ose - ok
14:13:00.0689 0x0970  [ EE5756BDA5BE5891270E0CC6CEC44096, EA18073EEE0F461B14C539D49A7DD91D33AB0C503236F67F70A000835FAAC890 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:13:01.0064 0x0970  osppsvc - ok
14:13:01.0126 0x0970  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:13:01.0142 0x0970  p2pimsvc - ok
14:13:01.0173 0x0970  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
14:13:01.0235 0x0970  p2psvc - ok
14:13:01.0282 0x0970  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
14:13:01.0313 0x0970  Parport - ok
14:13:01.0360 0x0970  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:13:01.0391 0x0970  partmgr - ok
14:13:01.0423 0x0970  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
14:13:01.0438 0x0970  Parvdm - ok
14:13:01.0469 0x0970  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:13:01.0485 0x0970  PcaSvc - ok
14:13:01.0516 0x0970  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
14:13:01.0547 0x0970  pci - ok
14:13:01.0579 0x0970  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:13:01.0610 0x0970  pciide - ok
14:13:01.0641 0x0970  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
14:13:01.0688 0x0970  pcmcia - ok
14:13:01.0719 0x0970  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:13:01.0766 0x0970  pcw - ok
14:13:01.0813 0x0970  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:13:01.0906 0x0970  PEAUTH - ok
14:13:02.0031 0x0970  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
14:13:02.0203 0x0970  pla - ok
14:13:02.0265 0x0970  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:13:02.0296 0x0970  PlugPlay - ok
14:13:02.0327 0x0970  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:13:02.0343 0x0970  PNRPAutoReg - ok
14:13:02.0390 0x0970  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
14:13:02.0405 0x0970  PNRPsvc - ok
14:13:02.0468 0x0970  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:13:02.0483 0x0970  PolicyAgent - ok
14:13:02.0530 0x0970  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
14:13:02.0530 0x0970  Power - ok
14:13:02.0577 0x0970  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:13:02.0608 0x0970  PptpMiniport - ok
14:13:02.0655 0x0970  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
14:13:02.0686 0x0970  Processor - ok
14:13:02.0749 0x0970  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:13:02.0749 0x0970  ProfSvc - ok
14:13:02.0780 0x0970  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:13:02.0780 0x0970  ProtectedStorage - ok
14:13:02.0827 0x0970  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:13:02.0827 0x0970  Psched - ok
14:13:02.0920 0x0970  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
14:13:03.0076 0x0970  ql2300 - ok
14:13:03.0107 0x0970  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
14:13:03.0139 0x0970  ql40xx - ok
14:13:03.0185 0x0970  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
14:13:03.0217 0x0970  QWAVE - ok
14:13:03.0248 0x0970  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:13:03.0279 0x0970  QWAVEdrv - ok
14:13:03.0310 0x0970  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:13:03.0341 0x0970  RasAcd - ok
14:13:03.0373 0x0970  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:13:03.0388 0x0970  RasAgileVpn - ok
14:13:03.0419 0x0970  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
14:13:03.0435 0x0970  RasAuto - ok
14:13:03.0466 0x0970  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:13:03.0497 0x0970  Rasl2tp - ok
14:13:03.0560 0x0970  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
14:13:03.0591 0x0970  RasMan - ok
14:13:03.0622 0x0970  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:13:03.0653 0x0970  RasPppoe - ok
14:13:03.0685 0x0970  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:13:03.0700 0x0970  RasSstp - ok
14:13:03.0747 0x0970  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:13:03.0778 0x0970  rdbss - ok
14:13:03.0809 0x0970  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
14:13:03.0825 0x0970  rdpbus - ok
14:13:03.0872 0x0970  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:13:03.0903 0x0970  RDPCDD - ok
14:13:03.0965 0x0970  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:13:03.0981 0x0970  RDPENCDD - ok
14:13:04.0012 0x0970  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:13:04.0043 0x0970  RDPREFMP - ok
14:13:04.0106 0x0970  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:13:04.0153 0x0970  RDPWD - ok
14:13:04.0215 0x0970  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:13:04.0262 0x0970  rdyboost - ok
14:13:04.0309 0x0970  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:13:04.0340 0x0970  RemoteAccess - ok
14:13:04.0387 0x0970  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:13:04.0418 0x0970  RemoteRegistry - ok
14:13:04.0465 0x0970  [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
14:13:04.0480 0x0970  RFCOMM - ok
14:13:04.0574 0x0970  [ 79E740644D8D5E6057A4429F0D19A2CB, 6CD5EE20EA52CF466C0E692A5E548CABD3452C6C8246AE668080401D76A72ADA ] RichVideo       C:\Program Files\CyberLink\Shared files\RichVideo.exe
14:13:04.0636 0x0970  RichVideo - ok
14:13:04.0683 0x0970  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:13:04.0683 0x0970  RpcEptMapper - ok
14:13:04.0714 0x0970  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
14:13:04.0730 0x0970  RpcLocator - ok
14:13:04.0761 0x0970  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
14:13:04.0777 0x0970  RpcSs - ok
14:13:04.0823 0x0970  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:13:04.0855 0x0970  rspndr - ok
14:13:04.0933 0x0970  [ 96F8DD546677AA5102150ACC140377B3, 59DD9EE716072F24BD474D7EB7BE446310F6A3AFFB9DAE854A35AEDEB8E477E5 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
14:13:04.0964 0x0970  RSUSBSTOR - ok
14:13:05.0011 0x0970  [ 26A9D6227D12B9D9DA5A81BB9B55D810, 65AB233248B09619BE47A44008544FDFAA6C60C671F8659DB85B97693677B3F9 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
14:13:05.0057 0x0970  RTL8167 - ok
14:13:05.0151 0x0970  [ B5E9979FBB26FC059BD87A81F763D5DA, 1EE2FB1CB2F86FBE1589ACE3542E0003CC88499406A3EF37073CCA45651F493D ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
14:13:05.0276 0x0970  rtl8192se - ok
14:13:05.0291 0x0970  RtsUIR - ok
14:13:05.0307 0x0970  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
14:13:05.0307 0x0970  SamSs - ok
14:13:05.0338 0x0970  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:13:05.0385 0x0970  sbp2port - ok
14:13:05.0447 0x0970  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:13:05.0479 0x0970  SCardSvr - ok
14:13:05.0525 0x0970  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:13:05.0557 0x0970  scfilter - ok
14:13:05.0650 0x0970  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
14:13:05.0697 0x0970  Schedule - ok
14:13:05.0728 0x0970  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:13:05.0728 0x0970  SCPolicySvc - ok
14:13:05.0759 0x0970  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:13:05.0759 0x0970  SDRSVC - ok
14:13:05.0791 0x0970  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:13:05.0806 0x0970  secdrv - ok
14:13:05.0822 0x0970  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
14:13:05.0853 0x0970  seclogon - ok
14:13:05.0884 0x0970  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\system32\sens.dll
14:13:05.0900 0x0970  SENS - ok
14:13:05.0931 0x0970  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:13:05.0947 0x0970  SensrSvc - ok
14:13:05.0962 0x0970  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
14:13:05.0993 0x0970  Serenum - ok
14:13:06.0040 0x0970  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
14:13:06.0056 0x0970  Serial - ok
14:13:06.0087 0x0970  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
14:13:06.0103 0x0970  sermouse - ok
14:13:06.0134 0x0970  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
14:13:06.0149 0x0970  SessionEnv - ok
14:13:06.0181 0x0970  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:13:06.0181 0x0970  sffdisk - ok
14:13:06.0212 0x0970  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:13:06.0212 0x0970  sffp_mmc - ok
14:13:06.0227 0x0970  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:13:06.0259 0x0970  sffp_sd - ok
14:13:06.0290 0x0970  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
14:13:06.0321 0x0970  sfloppy - ok
14:13:06.0383 0x0970  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:13:06.0430 0x0970  SharedAccess - ok
14:13:06.0477 0x0970  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:13:06.0493 0x0970  ShellHWDetection - ok
14:13:06.0524 0x0970  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
14:13:06.0555 0x0970  sisagp - ok
14:13:06.0602 0x0970  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:13:06.0617 0x0970  SiSRaid2 - ok
14:13:06.0649 0x0970  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
14:13:06.0680 0x0970  SiSRaid4 - ok
14:13:06.0727 0x0970  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:13:06.0773 0x0970  Smb - ok
14:13:06.0836 0x0970  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:13:06.0867 0x0970  SNMPTRAP - ok
14:13:06.0898 0x0970  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:13:06.0914 0x0970  spldr - ok
14:13:06.0976 0x0970  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
14:13:07.0007 0x0970  Spooler - ok
14:13:07.0195 0x0970  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
14:13:07.0366 0x0970  sppsvc - ok
14:13:07.0429 0x0970  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:13:07.0475 0x0970  sppuinotify - ok
14:13:07.0538 0x0970  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:13:07.0600 0x0970  srv - ok
14:13:07.0631 0x0970  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:13:07.0663 0x0970  srv2 - ok
14:13:07.0709 0x0970  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:13:07.0725 0x0970  srvnet - ok
14:13:07.0772 0x0970  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
14:13:07.0803 0x0970  ssadbus - ok
14:13:07.0850 0x0970  [ BB2C84A15C765DA89FD832B0E73F26CE, BAE3E7726F075340B8CC7BCA18869DFEA304A03B0A0429B4C3D186B1149E9A9A ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:13:07.0881 0x0970  ssadmdfl - ok
14:13:07.0912 0x0970  [ 6D0D132DDC6F43EDA00DCED6D8B1CA31, 0A37081D95A56861C3E48592048DFCFAE6FB38510D21AB41C9C73744743E7646 ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
14:13:07.0928 0x0970  ssadmdm - ok
14:13:07.0959 0x0970  [ 1A5A397BC459F346AB56492B61EF79F6, 9CB7BE4E4A7B145D97BA0C72EE7ECB844DA6EB0282FBC3BE92A1CC5AD80FA6C4 ] ssadserd        C:\Windows\system32\DRIVERS\ssadserd.sys
14:13:08.0006 0x0970  ssadserd - ok
14:13:08.0053 0x0970  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:13:08.0053 0x0970  SSDPSRV - ok
14:13:08.0099 0x0970  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
14:13:08.0131 0x0970  ssmdrv - ok
14:13:08.0177 0x0970  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:13:08.0177 0x0970  SstpSvc - ok
14:13:08.0209 0x0970  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
14:13:08.0209 0x0970  stexstor - ok
14:13:08.0271 0x0970  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
14:13:08.0349 0x0970  StiSvc - ok
14:13:08.0380 0x0970  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:13:08.0411 0x0970  swenum - ok
14:13:08.0458 0x0970  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
14:13:08.0489 0x0970  swprv - ok
14:13:08.0552 0x0970  [ 7A9025D8F7852B06D6D08ED536135E7E, 814153517841D316AA44D59F31B3C6DAD09DE688AF6B946D9B0970EAE815CAAD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
14:13:08.0567 0x0970  SynTP - ok
14:13:08.0661 0x0970  [ BCEB0C2FC290E456F2E63282BC7D2271, 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588 ] syshost32       C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe
14:13:23.0278 0x0970  Suspicious file ( NoAccess ): C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe. md5: BCEB0C2FC290E456F2E63282BC7D2271, sha256: 4091D335B5AD0340357173A28EE7006A430A406E6BE8AAFD65D739CF6D52A588
14:13:23.0278 0x0970  syshost32 - detected LockedFile.Multi.Generic ( 1 )
14:13:23.0419 0x0970  syshost32 ( LockedFile.Multi.Generic ) - warning
14:13:23.0419 0x0970  Force sending object to P2P due to detect: syshost32
14:13:23.0419 0x0970  Object send P2P result: false
14:13:23.0497 0x0970  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
14:13:23.0559 0x0970  SysMain - ok
14:13:23.0606 0x0970  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:13:23.0621 0x0970  TabletInputService - ok
14:13:23.0637 0x0970  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:13:23.0684 0x0970  TapiSrv - ok
14:13:23.0715 0x0970  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
14:13:23.0731 0x0970  TBS - ok
14:13:23.0809 0x0970  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:13:34.0151 0x0970  Tcpip - ok
14:13:34.0245 0x0970  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:13:34.0307 0x0970  TCPIP6 - ok
14:13:34.0354 0x0970  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:13:34.0401 0x0970  tcpipreg - ok
14:13:34.0448 0x0970  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:13:34.0479 0x0970  TDPIPE - ok
14:13:34.0510 0x0970  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:13:34.0526 0x0970  TDTCP - ok
14:13:34.0573 0x0970  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:13:34.0635 0x0970  tdx - ok
14:13:34.0682 0x0970  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:13:34.0727 0x0970  TermDD - ok
14:13:34.0807 0x0970  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
14:13:34.0843 0x0970  TermService - ok
14:13:34.0890 0x0970  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
14:13:34.0890 0x0970  Themes - ok
14:13:34.0905 0x0970  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
14:13:34.0921 0x0970  THREADORDER - ok
14:13:34.0952 0x0970  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
14:13:34.0952 0x0970  TrkWks - ok
14:13:35.0021 0x0970  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:13:35.0031 0x0970  TrustedInstaller - ok
14:13:35.0088 0x0970  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:13:35.0119 0x0970  tssecsrv - ok
14:13:35.0203 0x0970  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:13:35.0255 0x0970  TsUsbFlt - ok
14:13:35.0333 0x0970  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:13:35.0412 0x0970  tunnel - ok
14:13:35.0443 0x0970  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
14:13:35.0459 0x0970  uagp35 - ok
14:13:35.0508 0x0970  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:13:35.0568 0x0970  udfs - ok
14:13:35.0603 0x0970  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:13:35.0650 0x0970  UI0Detect - ok
14:13:35.0698 0x0970  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:13:35.0729 0x0970  uliagpkx - ok
14:13:35.0760 0x0970  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
14:13:35.0807 0x0970  umbus - ok
14:13:35.0838 0x0970  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:13:35.0885 0x0970  UmPass - ok
14:13:35.0932 0x0970  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
14:13:35.0947 0x0970  upnphost - ok
14:13:35.0963 0x0970  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:13:36.0010 0x0970  usbccgp - ok
14:13:36.0025 0x0970  USBCCID - ok
14:13:36.0072 0x0970  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:13:36.0119 0x0970  usbcir - ok
14:13:36.0150 0x0970  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
14:13:36.0197 0x0970  usbehci - ok
14:13:36.0259 0x0970  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:13:36.0322 0x0970  usbhub - ok
14:13:36.0369 0x0970  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:13:36.0400 0x0970  usbohci - ok
14:13:36.0447 0x0970  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:13:36.0478 0x0970  usbprint - ok
14:13:36.0525 0x0970  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
14:13:36.0556 0x0970  usbscan - ok
14:13:36.0603 0x0970  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:13:36.0649 0x0970  USBSTOR - ok
14:13:36.0696 0x0970  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
14:13:36.0712 0x0970  usbuhci - ok
14:13:36.0759 0x0970  [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
14:13:36.0774 0x0970  usbvideo - ok
14:13:36.0805 0x0970  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
14:13:36.0821 0x0970  UxSms - ok
14:13:36.0821 0x0970  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
14:13:36.0837 0x0970  VaultSvc - ok
14:13:36.0852 0x0970  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:13:36.0899 0x0970  vdrvroot - ok
14:13:36.0977 0x0970  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
14:13:37.0055 0x0970  vds - ok
14:13:37.0086 0x0970  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:13:37.0102 0x0970  vga - ok
14:13:37.0117 0x0970  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:13:37.0149 0x0970  VgaSave - ok
14:13:37.0195 0x0970  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:13:37.0211 0x0970  vhdmp - ok
14:13:37.0242 0x0970  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
14:13:37.0289 0x0970  viaagp - ok
14:13:37.0320 0x0970  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
14:13:37.0336 0x0970  ViaC7 - ok
14:13:37.0351 0x0970  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:13:37.0383 0x0970  viaide - ok
14:13:37.0429 0x0970  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:13:37.0461 0x0970  volmgr - ok
14:13:37.0507 0x0970  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:13:37.0570 0x0970  volmgrx - ok
14:13:37.0632 0x0970  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:13:37.0663 0x0970  volsnap - ok
14:13:37.0741 0x0970  [ 710E2A70FBE41DB2379EB7AA6E6FF7CC, 0E3DB40357E16F80A477719AEB37C43B2B3F389F29616F22E8C01E52D5582A0C ] vpnagent        C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
14:13:37.0788 0x0970  vpnagent - ok
14:13:37.0835 0x0970  [ FDDAFA1C89B0B07494AF5879F7ECE857, C23415200419F5C50A0F75848F22256E1D6AFD837CE9FB7487A8E7CC14534301 ] vpnva           C:\Windows\system32\DRIVERS\vpnva.sys
14:13:37.0866 0x0970  vpnva - ok
14:13:37.0913 0x0970  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
14:13:37.0960 0x0970  vsmraid - ok
14:13:38.0038 0x0970  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
14:13:38.0100 0x0970  VSS - ok
14:13:38.0147 0x0970  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:13:38.0178 0x0970  vwifibus - ok
14:13:38.0225 0x0970  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:13:38.0256 0x0970  vwififlt - ok
14:13:38.0272 0x0970  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:13:38.0319 0x0970  vwifimp - ok
14:13:38.0365 0x0970  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
14:13:38.0397 0x0970  W32Time - ok
14:13:38.0412 0x0970  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
14:13:38.0443 0x0970  WacomPen - ok
14:13:38.0490 0x0970  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:13:38.0537 0x0970  WANARP - ok
14:13:38.0537 0x0970  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:13:38.0553 0x0970  Wanarpv6 - ok
14:13:38.0693 0x0970  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:13:38.0740 0x0970  WatAdminSvc - ok
14:13:38.0833 0x0970  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
14:13:38.0974 0x0970  wbengine - ok
14:13:39.0005 0x0970  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:13:39.0052 0x0970  WbioSrvc - ok
14:13:39.0083 0x0970  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:13:39.0145 0x0970  wcncsvc - ok
14:13:39.0161 0x0970  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:13:39.0192 0x0970  WcsPlugInService - ok
14:13:39.0223 0x0970  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
14:13:39.0270 0x0970  Wd - ok
14:13:39.0333 0x0970  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:13:39.0395 0x0970  Wdf01000 - ok
14:13:39.0411 0x0970  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:13:39.0411 0x0970  WdiServiceHost - ok
14:13:39.0442 0x0970  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:13:39.0442 0x0970  WdiSystemHost - ok
14:13:39.0489 0x0970  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
14:13:39.0504 0x0970  WebClient - ok
14:13:39.0551 0x0970  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:13:39.0582 0x0970  Wecsvc - ok
14:13:39.0598 0x0970  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:13:39.0598 0x0970  wercplsupport - ok
14:13:39.0629 0x0970  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
14:13:39.0629 0x0970  WerSvc - ok
14:13:39.0660 0x0970  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:13:39.0691 0x0970  WfpLwf - ok
14:13:39.0707 0x0970  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:13:39.0723 0x0970  WIMMount - ok
14:13:39.0801 0x0970  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
14:13:39.0894 0x0970  WinDefend - ok
14:13:39.0925 0x0970  WinHttpAutoProxySvc - ok
14:13:39.0972 0x0970  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:13:39.0988 0x0970  Winmgmt - ok
14:13:40.0081 0x0970  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
14:13:40.0159 0x0970  WinRM - ok
14:13:40.0206 0x0970  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
14:13:40.0237 0x0970  WinUsb - ok
14:13:40.0300 0x0970  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:13:40.0362 0x0970  Wlansvc - ok
14:13:40.0409 0x0970  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:13:40.0409 0x0970  WmiAcpi - ok
14:13:40.0456 0x0970  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:13:40.0503 0x0970  wmiApSrv - ok
14:13:40.0612 0x0970  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
14:13:40.0674 0x0970  WMPNetworkSvc - ok
14:13:40.0705 0x0970  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:13:40.0737 0x0970  WPCSvc - ok
14:13:40.0768 0x0970  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:13:40.0783 0x0970  WPDBusEnum - ok
14:13:40.0799 0x0970  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:13:40.0830 0x0970  ws2ifsl - ok
14:13:40.0893 0x0970  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\system32\wscsvc.dll
14:13:40.0893 0x0970  wscsvc - ok
14:13:40.0939 0x0970  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:13:40.0971 0x0970  WSDPrintDevice - ok
14:13:41.0033 0x0970  [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
14:13:41.0033 0x0970  WSDScan - ok
14:13:41.0049 0x0970  WSearch - ok
14:13:41.0189 0x0970  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:13:41.0251 0x0970  wuauserv - ok
14:13:41.0298 0x0970  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:13:41.0345 0x0970  WudfPf - ok
14:13:41.0376 0x0970  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
14:13:41.0423 0x0970  WUDFRd - ok
14:13:41.0454 0x0970  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:13:41.0470 0x0970  wudfsvc - ok
14:13:41.0501 0x0970  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:13:41.0548 0x0970  WwanSvc - ok
14:13:41.0610 0x0970  ================ Scan global ===============================
14:13:41.0657 0x0970  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:13:41.0704 0x0970  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:13:41.0735 0x0970  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:13:41.0782 0x0970  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:13:41.0798 0x0970  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
14:13:41.0829 0x0970  [ Global ] - ok
14:13:41.0829 0x0970  ================ Scan MBR ==================================
14:13:41.0844 0x0970  [ 8A1C59E4DFEF87510470928550466632 ] \Device\Harddisk0\DR0
14:13:47.0180 0x0970  \Device\Harddisk0\DR0 - ok
14:13:47.0180 0x0970  ================ Scan VBR ==================================
14:13:47.0195 0x0970  [ 04E427EC4A33EB1573351FE47BD3A649 ] \Device\Harddisk0\DR0\Partition1
14:13:47.0195 0x0970  \Device\Harddisk0\DR0\Partition1 - ok
14:13:47.0367 0x0970  [ CE7CDCB189E205D9EB07A06645077565 ] \Device\Harddisk0\DR0\Partition2
14:13:47.0382 0x0970  \Device\Harddisk0\DR0\Partition2 - ok
14:13:47.0398 0x0970  [ B788E7AE4D68256EB9DF514BD0BCD2C9 ] \Device\Harddisk0\DR0\Partition3
14:13:47.0398 0x0970  \Device\Harddisk0\DR0\Partition3 - ok
14:13:47.0398 0x0970  ================ Scan generic autorun ======================
14:13:47.0460 0x0970  [ 5AF1E9600E3FF841E522703A4993ED0C, 5189530793747C40B0E3548DA40058989C88A69C593C3E54E6548CFB89B9CE10 ] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
14:13:47.0460 0x0970  IAAnotif - ok
14:13:47.0601 0x0970  [ 59EBF7D3865895572FD11890280FB1A1, ED677A8813498F1F15B5E28D03C32345C3A920B50B30D3DFBEA85CF544546E4C ] C:\Program Files\System Control Manager\MGSysCtrl.exe
14:13:47.0679 0x0970  MGSysCtrl - ok
14:13:47.0804 0x0970  [ 934DE0EDBED59940A2725050DA13A066, CB231A76001E380EDEDE8DE3A1713CC87D95D96EF7E757D18C6B6B209C215C6F ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
14:13:47.0850 0x0970  SynTPEnh - ok
14:13:48.0287 0x0970  [ 9E63CE05416587923091B61AF2F012D6, 700DF0EECF1305C0DEC4CF478F4D9473185684A629A020BFF4577007B5AFE7BE ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
14:13:48.0552 0x0970  RtHDVCpl - ok
14:13:48.0677 0x0970  [ 86810E2D993F7327EB5B25B5D17D21C1, 63636CEC408ACBBC4D04C01F9EFDBE4B9B08FA0C4390EC8729B9FF0C8BE9D246 ] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe
14:13:48.0677 0x0970  PDVD9LanguageShortcut - ok
14:13:48.0755 0x0970  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
14:13:48.0771 0x0970  UCam_Menu - ok
14:13:48.0802 0x0970  [ 9C0D56CE4769AE60D5C56EB078532C5A, 079410721CC2A38D91FC108B260031F8754B59C6AE523146760CB5A8F2D1C6FD ] C:\Program Files\CyberLink\YouCam\YouCamTray.exe
14:13:48.0802 0x0970  YouCam Mirror Tray icon - ok
14:13:48.0849 0x0970  [ 1029B84ECBE4B95ACB8491A3FE63D70F, DF765BEE2B20800646F70B9E473B95F52457316CB331A3E0BF6974D827AB989D ] C:\Windows\system32\igfxtray.exe
14:13:48.0849 0x0970  IgfxTray - ok
14:13:48.0880 0x0970  [ 3CD5BBDA19A1AB4EBA359E0A14FDF0F0, 992E7322C86DA533F6DB9192427EBDC5A8F4D1A878F4B30A17ABD54656CFF6C1 ] C:\Windows\system32\hkcmd.exe
14:13:48.0896 0x0970  HotKeysCmds - ok
14:13:48.0911 0x0970  [ 3142195521FEE436088EE8A5748DE1B1, EE8E65977AA0EAC0BF48F7C4620946E48679F047EFC515D5F2E52EA4B88C5731 ] C:\Windows\system32\igfxpers.exe
14:13:48.0927 0x0970  Persistence - ok
14:13:49.0005 0x0970  [ 5F7EE76129F9A591F22F99F95D97AC95, D3446BD4CAB8017B44BAD94EBB88468D080AC65E14444C12B09B6BF3E70B2AED ] C:\Program Files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
14:13:49.0020 0x0970  IJNetworkScannerSelectorEX - ok
14:13:49.0114 0x0970  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
14:13:49.0145 0x0970  Adobe ARM - ok
14:13:49.0208 0x0970  [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
14:13:49.0223 0x0970  SunJavaUpdateSched - ok
14:13:49.0317 0x0970  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
14:13:49.0348 0x0970  avgnt - ok
14:13:49.0395 0x0970  [ 6695FEB635BE9987B41E966F4C4B8C62, 6895BF5CDF28D2BB6C8851E99BEB3095883A278812686918BE2E9712DE83BB85 ] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
14:13:49.0426 0x0970  Cisco AnyConnect Secure Mobility Agent for Windows - ok
14:13:49.0566 0x0970  [ C6C626A4A83B409E6AF09B874E771FB6, BD6A43361E06E1FBDC53547F5DABAC9E52F639B15C958DE30FC62D542B7B67EF ] C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
14:13:49.0629 0x0970  MailCheck IE Broker - ok
14:13:49.0754 0x0970  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x41000 ( enabled : updated )
14:13:49.0785 0x0970  Win FW state via NFP2: enabled
14:13:49.0785 0x0970  ============================================================
14:13:49.0785 0x0970  Scan finished
14:13:49.0785 0x0970  ============================================================
14:13:49.0816 0x0f50  Detected object count: 1
14:13:49.0816 0x0f50  Actual detected object count: 1
14:14:23.0652 0x0f50  C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe - copied to quarantine
14:14:23.0668 0x0f50  HKLM\SYSTEM\ControlSet001\services\syshost32 - will be deleted on reboot
14:14:23.0699 0x0f50  HKLM\SYSTEM\ControlSet002\services\syshost32 - will be deleted on reboot
14:14:23.0824 0x0f50  C:\Windows\Installer\{5B103D0C-08EE-0E5D-443C-FB25241BCA6D}\syshost.exe - will be deleted on reboot
14:14:23.0824 0x0f50  syshost32 ( LockedFile.Multi.Generic ) - User select action: Delete 
14:14:24.0027 0x0f50  KLMD registered as C:\Windows\system32\drivers\94758064.sys
14:16:43.0536 0x05cc  Deinitialize success
         

Alt 10.07.2014, 11:47   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Ehm, jetzt blick ich nimmer durch. Stelle sicher dass Du überall Delete wählst. Dann rebooten.

Mach bitte einen frischen Scan mit TDSSKiller und poste das log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.07.2014, 18:57   #14
aschroeder
 
Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Hallo Schrauber,

habe noch mal einen scan durchgeführt. Dabei wurde nichts entdeckt. Somit konnte ich auch nichts entfernen oder rebooten.

Es wurde auch kein neues log erzeugt. D. h. der letzte Bericht den ich habe, ist der vor deiner Nachricht, von gestern halt. Kann es gern noch mal posten, aber steht ja eigentlich direkt vor deiner Nachricht. Die anderen drei wurden vom Programm einen Tag vorher erstellt.

Gruß

Alt 11.07.2014, 13:42   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Win7  TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Standard

Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr



Wenn nix mehr gefunden wurde passt das.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr
0x80004005, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, antivirus, avira, browser, canon, computer, device driver, dxgkrnl, entfernen, fehler, flash player, funktioniert nicht mehr, google, home, internet, monitor, mozilla, office 365, problem, realtek, registry, rootkit, rundll, scan, security, services.exe, software, svchost.exe, tv wizard, viren, windows, wscript.exe, ändern



Ähnliche Themen: Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr


  1. Win 7: Ordner wird nicht gefunden / kann nicht gelöscht werden
    Alles rund um Windows - 18.12.2015 (39)
  2. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Avira funktioniert nicht mehr
    Log-Analyse und Auswertung - 24.06.2015 (13)
  3. Win7: Rechner zickt und Malwarebytes kann nicht mehr gestartet werden.
    Log-Analyse und Auswertung - 26.01.2015 (25)
  4. Win7 Trojanerbefall ( TR/Agent.337922), Programm Search kann nicht entfernt werden
    Log-Analyse und Auswertung - 09.11.2014 (13)
  5. Windows 7: Sicherheitscenter kann nicht aktiviert werden, Update funktioniert nicht mehr!
    Log-Analyse und Auswertung - 22.11.2013 (19)
  6. Wechseldatenträger können nicht mehr verwendet werden, Recycler kann nicht gefunden werden
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (40)
  7. PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (12)
  8. Weißer Bildschirm: Diese Seite kann nicht angezeigt werden, Taskmanager funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (9)
  9. Trojahner kann nicht gelöscht werden. Googleseiten lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (1)
  10. Trojaner TR/Agent.AN.41 und Internetverbindung kann nicht mehr hergestellt werden
    Plagegeister aller Art und deren Bekämpfung - 16.02.2010 (15)
  11. WORM/Agent XD infiziert und kann nicht gelöscht werden!
    Plagegeister aller Art und deren Bekämpfung - 30.01.2010 (3)
  12. Malewarebytes findet Rootkit.agent Datei gcbpcc.sys kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 28.12.2009 (13)
  13. Antivir hilft nicht mehr. 7 Virenfunde, die nicht gelöscht werden können
    Log-Analyse und Auswertung - 07.12.2008 (1)
  14. a.bat kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 20.08.2007 (15)
  15. Trojaner gelöscht, Internet funktioniert nicht mehr!!!
    Plagegeister aller Art und deren Bekämpfung - 07.01.2007 (3)
  16. Internet funktioniert nicht mehr - alles gelöscht?
    Log-Analyse und Auswertung - 14.08.2006 (8)
  17. Wer kann helfen: Download.Trojan / ied.exe kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 05.02.2005 (4)

Zum Thema Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr - Liebes Trojaner-Board-Team, bräuchte unbedingt eure Hilfe. Habe gestern von meinem Internet - Anbieter einen Brief bekommen, mit der Mitteilung dass von meinen Anschluss Spam-Mails versendet wurden. Es folgten die Hinweise, - Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr...
Archiv
Du betrachtest: Win7 TR/Agent.37888.248 kann nicht gelöscht werden, Echtzeitscanner funktioniert nicht mehr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.