Ich danke dir schoneinmal, dass du dir die Zeit nimmst mir zu helfen.
Erfolgreich habe ich den Scan mit deinem sogenannten "TDSSKiller" vorgenommen.
Erstmal gebe ich dir ein Bild von meinen Einstellungen, die ich vorgenommen habe: http://i.imgur.com/jCIULvJ.jpg
Jetzt gebe ich dir das Ergebnis meiner Auswertung inform eines Anhangs, da er zu lang ist.
1 Part Code:
19:01:52.0766 0x19e8 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
19:01:55.0386 0x19e8 ============================================================
19:01:55.0386 0x19e8 Current date / time: 2014/03/13 19:01:55.0386
19:01:55.0386 0x19e8 SystemInfo:
19:01:55.0386 0x19e8
19:01:55.0386 0x19e8 OS Version: 6.1.7600 ServicePack: 0.0
19:01:55.0386 0x19e8 Product type: Workstation
19:01:55.0386 0x19e8 ComputerName: KEVIN_S
19:01:55.0386 0x19e8 UserName: Kevin
19:01:55.0386 0x19e8 Windows directory: C:\Windows
19:01:55.0386 0x19e8 System windows directory: C:\Windows
19:01:55.0386 0x19e8 Running under WOW64
19:01:55.0386 0x19e8 Processor architecture: Intel x64
19:01:55.0386 0x19e8 Number of processors: 6
19:01:55.0386 0x19e8 Page size: 0x1000
19:01:55.0386 0x19e8 Boot type: Normal boot
19:01:55.0386 0x19e8 ============================================================
19:01:59.0366 0x19e8 KLMD registered as C:\Windows\system32\drivers\48244133.sys
19:02:04.0906 0x19e8 System UUID: {BA0B612D-301B-6C6B-CF72-5BBF1BD01CD5}
19:02:05.0156 0x19e8 !crdlk
19:02:05.0156 0x19e8 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:02:05.0806 0x19e8 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
19:02:05.0836 0x19e8 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F65800 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:02:05.0836 0x19e8 ============================================================
19:02:05.0836 0x19e8 \Device\Harddisk0\DR0:
19:02:05.0836 0x19e8 MBR partitions:
19:02:05.0836 0x19e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
19:02:05.0836 0x19e8 \Device\Harddisk1\DR1:
19:02:05.0836 0x19e8 MBR partitions:
19:02:05.0836 0x19e8 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1746C000
19:02:05.0836 0x19e8 \Device\Harddisk2\DR2:
19:02:05.0836 0x19e8 MBR partitions:
19:02:05.0836 0x19e8 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
19:02:05.0836 0x19e8 ============================================================
19:02:05.0846 0x19e8 C: <-> \Device\Harddisk1\DR1\Partition1
19:02:05.0866 0x19e8 D: <-> \Device\Harddisk0\DR0\Partition1
19:02:05.0866 0x19e8 F: <-> \Device\Harddisk2\DR2\Partition1
19:02:05.0866 0x19e8 ============================================================
19:02:05.0866 0x19e8 Initialize success
19:02:05.0866 0x19e8 ============================================================
19:05:05.0656 0x1428 ============================================================
19:05:05.0656 0x1428 Scan started
19:05:05.0656 0x1428 Mode: Manual; SigCheck; TDLFS;
19:05:05.0656 0x1428 ============================================================
19:05:05.0656 0x1428 KSN ping started
19:05:11.0662 0x1428 KSN ping finished: true
19:05:13.0066 0x1428 ================ Scan system memory ========================
19:05:13.0066 0x1428 System memory - ok
19:05:13.0066 0x1428 ================ Scan services =============================
19:05:13.0315 0x1428 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
19:05:13.0393 0x1428 1394ohci - ok
19:05:13.0456 0x1428 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
19:05:13.0487 0x1428 ACPI - ok
19:05:13.0518 0x1428 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
19:05:13.0627 0x1428 AcpiPmi - ok
19:05:13.0783 0x1428 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:05:13.0799 0x1428 AdobeFlashPlayerUpdateSvc - ok
19:05:13.0830 0x1428 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:05:13.0846 0x1428 adp94xx - ok
19:05:13.0877 0x1428 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:05:13.0892 0x1428 adpahci - ok
19:05:13.0924 0x1428 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:05:13.0939 0x1428 adpu320 - ok
19:05:13.0986 0x1428 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:05:14.0158 0x1428 AeLookupSvc - ok
19:05:14.0220 0x1428 [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD C:\Windows\system32\drivers\afd.sys
19:05:14.0329 0x1428 AFD - ok
19:05:14.0360 0x1428 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
19:05:14.0360 0x1428 agp440 - ok
19:05:14.0407 0x1428 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
19:05:14.0470 0x1428 ALG - ok
19:05:14.0501 0x1428 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
19:05:14.0516 0x1428 aliide - ok
19:05:14.0563 0x1428 [ 68B2C801CDB2B3838E9C27C3C6F66C73, D2E7A062973CB4D1C33A299D5AEFCE943EB59934EBA427F3C99D03A56EFF7A96 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:05:14.0657 0x1428 AMD External Events Utility - ok
19:05:14.0704 0x1428 AMD FUEL Service - ok
19:05:14.0735 0x1428 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
19:05:14.0735 0x1428 amdide - ok
19:05:14.0782 0x1428 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:05:14.0813 0x1428 AmdK8 - ok
19:05:15.0343 0x1428 [ 784C941B5A19D69814F9514CFB733906, 496E78FE91B1D6E146EEB79297C4A131D50875A8385438C376CA58A245D4A77E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:05:15.0624 0x1428 amdkmdag - ok
19:05:15.0749 0x1428 [ 954759EAE7FB2591A5E7206AB0093AE7, A47FFCE75767CFE79A1CD2B42DC1FEEC8C65C0E503289DC70B751FECDD9CE9FF ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:05:15.0796 0x1428 amdkmdap - ok
19:05:15.0827 0x1428 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:05:15.0858 0x1428 AmdPPM - ok
19:05:15.0905 0x1428 [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:05:15.0920 0x1428 amdsata - ok
19:05:15.0952 0x1428 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:05:15.0967 0x1428 amdsbs - ok
19:05:15.0983 0x1428 [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:05:15.0998 0x1428 amdxata - ok
19:05:16.0232 0x1428 [ 4D282B9C5BB05DF92C9F3977DFB9F916, E6D49ED0D5FA26F2936FC97A0F1DFA38D1066AAF2EEFCE2931AF21B2CBE54CAD ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:05:16.0264 0x1428 AntiVirSchedulerService - ok
19:05:16.0357 0x1428 [ 65AF41A7A2C5B6693E1B4164E7632C3E, BA1DC45D7BB5307BD418D2BDFDBD1DD593439245A0A3F65FE6287F6F5198B999 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:05:16.0357 0x1428 AntiVirService - ok
19:05:16.0404 0x1428 [ F2154A205F4B784B61A72AEBC72BDC5F, A1D962BCF952FAD8016D9210327E7C1044BF4D3D035C7443F8671DDA16E0A390 ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
19:05:16.0404 0x1428 Suspicious file ( NoAccess ): C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys. md5: F2154A205F4B784B61A72AEBC72BDC5F, sha256: A1D962BCF952FAD8016D9210327E7C1044BF4D3D035C7443F8671DDA16E0A390
19:05:16.0435 0x1428 AODDriver4.2 - detected LockedFile.Multi.Generic ( 1 )
19:05:22.0472 0x1428 Detect skipped due to KSN trusted
19:05:22.0472 0x1428 AODDriver4.2 - ok
19:05:22.0535 0x1428 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
19:05:22.0691 0x1428 AppID - ok
19:05:22.0722 0x1428 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:05:22.0800 0x1428 AppIDSvc - ok
19:05:22.0847 0x1428 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
19:05:22.0909 0x1428 Appinfo - ok
19:05:22.0956 0x1428 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
19:05:23.0034 0x1428 AppMgmt - ok
19:05:23.0081 0x1428 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:05:23.0112 0x1428 arc - ok
19:05:23.0128 0x1428 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:05:23.0143 0x1428 arcsas - ok
19:05:23.0268 0x1428 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:05:23.0284 0x1428 aspnet_state - ok
19:05:23.0330 0x1428 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:05:23.0330 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242, sha256: 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26
19:05:23.0346 0x1428 AsyncMac - detected LockedFile.Multi.Generic ( 1 )
19:05:29.0414 0x1428 Detect skipped due to KSN trusted
19:05:29.0414 0x1428 AsyncMac - ok
19:05:29.0461 0x1428 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
19:05:29.0461 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
19:05:29.0461 0x1428 atapi - detected LockedFile.Multi.Generic ( 1 )
19:05:35.0498 0x1428 Detect skipped due to KSN trusted
19:05:35.0498 0x1428 atapi - ok
19:05:35.0576 0x1428 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:05:35.0576 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\AtihdW76.sys. md5: 37CB595C0AB20ECBFA5170D3185690DB, sha256: 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2
19:05:35.0592 0x1428 AtiHDAudioService - detected LockedFile.Multi.Generic ( 1 )
19:05:41.0629 0x1428 Detect skipped due to KSN trusted
19:05:41.0629 0x1428 AtiHDAudioService - ok
19:05:41.0738 0x1428 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:05:41.0801 0x1428 AudioEndpointBuilder - ok
19:05:41.0832 0x1428 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:05:41.0863 0x1428 AudioSrv - ok
19:05:41.0910 0x1428 [ 7806BFCD1D7FA5EC23F7324D4EAFD25B, 4EDFD9DE520728AF6578BED0054ED6A4976A7F020F3329EA6681D6E361D9DB2D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:05:41.0957 0x1428 avgntflt - ok
19:05:42.0019 0x1428 [ C3A58DBD18786C338126D30BF8C33D72, 4DF4D37AB5139548C2DA4B4C8D6B933A7F4ED001BCA089EFBC8C57EEDE8785A6 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:05:42.0035 0x1428 avipbb - ok
19:05:42.0144 0x1428 [ 32C1455646CFDD79B01603C21620BA56, 36D2B55D2A5620F666408C4064449E4FE060A2E8BC9292F21E9DFD4FCD6C9DF0 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
19:05:42.0144 0x1428 Avira.OE.ServiceHost - ok
19:05:42.0175 0x1428 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:05:42.0191 0x1428 avkmgr - ok
19:05:42.0222 0x1428 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:05:42.0347 0x1428 AxInstSV - ok
19:05:42.0409 0x1428 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:05:42.0409 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842, sha256: DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580
19:05:42.0440 0x1428 b06bdrv - detected LockedFile.Multi.Generic ( 1 )
19:05:52.0534 0x1428 b06bdrv ( LockedFile.Multi.Generic ) - warning
19:05:52.0534 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\bxvbda.sys
19:06:12.0127 0x1428 Object send P2P result: true
19:06:18.0196 0x1428 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:06:18.0196 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2, sha256: 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA
19:06:18.0227 0x1428 b57nd60a - detected LockedFile.Multi.Generic ( 1 )
19:06:24.0264 0x1428 Detect skipped due to KSN trusted
19:06:24.0264 0x1428 b57nd60a - ok
19:06:24.0326 0x1428 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
19:06:24.0373 0x1428 BDESVC - ok
19:06:24.0389 0x1428 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
19:06:24.0389 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746, sha256: 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024
19:06:24.0404 0x1428 Beep - detected LockedFile.Multi.Generic ( 1 )
19:06:30.0376 0x1428 Detect skipped due to KSN trusted
19:06:30.0376 0x1428 Beep - ok
19:06:30.0693 0x1428 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
19:06:30.0758 0x1428 BFE - ok
19:06:30.0835 0x1428 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
19:06:30.0915 0x1428 BITS - ok
19:06:30.0968 0x1428 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:06:30.0968 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3, sha256: 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811
19:06:30.0995 0x1428 blbdrive - detected LockedFile.Multi.Generic ( 1 )
19:06:36.0844 0x1428 Detect skipped due to KSN trusted
19:06:36.0844 0x1428 blbdrive - ok
19:06:37.0074 0x1428 [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:06:37.0074 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 91CE0D3DC57DD377E690A2D324022B08, sha256: 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E
19:06:37.0099 0x1428 bowser - detected LockedFile.Multi.Generic ( 1 )
19:06:42.0965 0x1428 Detect skipped due to KSN trusted
19:06:42.0965 0x1428 bowser - ok
19:06:43.0255 0x1428 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:06:43.0255 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8, sha256: 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3
19:06:43.0265 0x1428 BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
19:06:49.0115 0x1428 Detect skipped due to KSN trusted
19:06:49.0115 0x1428 BrFiltLo - ok
19:06:49.0135 0x1428 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:06:49.0135 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6, sha256: 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C
19:06:49.0135 0x1428 BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
19:06:54.0975 0x1428 Detect skipped due to KSN trusted
19:06:54.0975 0x1428 BrFiltUp - ok
19:06:55.0015 0x1428 [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser C:\Windows\System32\browser.dll
19:06:55.0055 0x1428 Browser - ok
19:06:55.0095 0x1428 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:06:55.0095 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD, sha256: 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272
19:06:55.0105 0x1428 Brserid - detected LockedFile.Multi.Generic ( 1 )
19:07:05.0105 0x1428 Object is SCO, delete is not allowed
19:07:05.0105 0x1428 Brserid ( LockedFile.Multi.Generic ) - warning
19:07:25.0125 0x1428 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:07:25.0125 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
19:07:25.0125 0x1428 BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
19:07:30.0965 0x1428 Detect skipped due to KSN trusted
19:07:30.0965 0x1428 BrSerWdm - ok
19:07:30.0995 0x1428 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:07:30.0995 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
19:07:31.0005 0x1428 BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
19:07:36.0865 0x1428 Detect skipped due to KSN trusted
19:07:36.0865 0x1428 BrUsbMdm - ok
19:07:36.0895 0x1428 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:07:36.0895 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
19:07:36.0905 0x1428 BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
19:07:42.0775 0x1428 Detect skipped due to KSN trusted
19:07:42.0775 0x1428 BrUsbSer - ok
19:07:42.0795 0x1428 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:07:42.0795 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
19:07:42.0805 0x1428 BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
19:07:48.0665 0x1428 Detect skipped due to KSN trusted
19:07:48.0665 0x1428 BTHMODEM - ok
19:07:48.0715 0x1428 [ A51FA9D0E85D5ADABEF72E67F386309C, 4F6F44D5E3A43239B50BCA75CBAA48FE40097E2AFF9360E1956F41ED52BD8183 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
19:07:48.0745 0x1428 BTHPORT - ok
19:07:48.0805 0x1428 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
19:07:48.0835 0x1428 bthserv - ok
19:07:48.0895 0x1428 [ F740B9A16B2C06700F2130E19986BF3B, 92158FD1B3706DE068F077ACA9A25F5479EF282E8B81F5A2FF8A66CBB5F80FCF ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
19:07:48.0915 0x1428 BTHUSB - ok
19:07:48.0965 0x1428 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:07:48.0965 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
19:07:48.0965 0x1428 cdfs - detected LockedFile.Multi.Generic ( 1 )
19:07:54.0865 0x1428 Detect skipped due to KSN trusted
19:07:54.0865 0x1428 cdfs - ok
19:07:54.0885 0x1428 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:07:54.0885 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdrom.sys. md5: 83D2D75E1EFB81B3450C18131443F7DB, sha256: F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22
19:07:54.0895 0x1428 cdrom - detected LockedFile.Multi.Generic ( 1 )
19:08:00.0755 0x1428 Detect skipped due to KSN trusted
19:08:00.0755 0x1428 cdrom - ok
19:08:00.0785 0x1428 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
19:08:00.0835 0x1428 CertPropSvc - ok
19:08:00.0855 0x1428 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:08:00.0855 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
19:08:00.0865 0x1428 circlass - detected LockedFile.Multi.Generic ( 1 )
19:08:06.0715 0x1428 Detect skipped due to KSN trusted
19:08:06.0715 0x1428 circlass - ok
19:08:06.0775 0x1428 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
19:08:06.0775 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
19:08:06.0775 0x1428 CLFS - detected LockedFile.Multi.Generic ( 1 )
19:08:12.0635 0x1428 Detect skipped due to KSN trusted
19:08:12.0635 0x1428 CLFS - ok
19:08:12.0695 0x1428 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:08:12.0705 0x1428 clr_optimization_v2.0.50727_32 - ok
19:08:12.0765 0x1428 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:08:12.0775 0x1428 clr_optimization_v2.0.50727_64 - ok
19:08:12.0845 0x1428 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:08:12.0885 0x1428 clr_optimization_v4.0.30319_32 - ok
19:08:12.0925 0x1428 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:08:12.0935 0x1428 clr_optimization_v4.0.30319_64 - ok
19:08:12.0955 0x1428 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:12.0955 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
19:08:12.0965 0x1428 CmBatt - detected LockedFile.Multi.Generic ( 1 )
19:08:22.0965 0x1428 Object is SCO, delete is not allowed
19:08:22.0965 0x1428 CmBatt ( LockedFile.Multi.Generic ) - warning
19:08:22.0965 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\CmBatt.sys
19:08:41.0906 0x1428 Object send P2P result: true
19:08:47.0706 0x1428 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
19:08:47.0706 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
19:08:47.0716 0x1428 cmdide - detected LockedFile.Multi.Generic ( 1 )
19:08:53.0546 0x1428 Detect skipped due to KSN trusted
19:08:53.0546 0x1428 cmdide - ok
19:08:53.0586 0x1428 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG C:\Windows\system32\Drivers\cng.sys
19:08:53.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: F95FD4CB7DA00BA2A63CE9F6B5C053E1, sha256: D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49
19:08:53.0596 0x1428 CNG - detected LockedFile.Multi.Generic ( 1 )
19:08:59.0436 0x1428 Detect skipped due to KSN trusted
19:08:59.0436 0x1428 CNG - ok
19:08:59.0466 0x1428 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:08:59.0466 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
19:08:59.0466 0x1428 Compbatt - detected LockedFile.Multi.Generic ( 1 )
19:09:05.0336 0x1428 Detect skipped due to KSN trusted
19:09:05.0336 0x1428 Compbatt - ok
19:09:05.0386 0x1428 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:09:05.0386 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CompositeBus.sys. md5: F26B3A86F6FA87CA360B879581AB4123, sha256: 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF
19:09:05.0386 0x1428 CompositeBus - detected LockedFile.Multi.Generic ( 1 )
19:09:11.0316 0x1428 Detect skipped due to KSN trusted
19:09:11.0316 0x1428 CompositeBus - ok
19:09:11.0336 0x1428 COMSysApp - ok
19:09:11.0376 0x1428 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:09:11.0376 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
19:09:11.0386 0x1428 crcdisk - detected LockedFile.Multi.Generic ( 1 )
19:09:17.0296 0x1428 Detect skipped due to KSN trusted
19:09:17.0296 0x1428 crcdisk - ok
19:09:17.0356 0x1428 [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:09:17.0426 0x1428 CryptSvc - ok
19:09:17.0496 0x1428 [ 4A6173C2279B498CD8F57CAE504564CB, FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216 ] CSC C:\Windows\system32\drivers\csc.sys
19:09:17.0496 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\csc.sys. md5: 4A6173C2279B498CD8F57CAE504564CB, sha256: FF3CD404FD91EDE38C21780362CE892BFBBC2526B146BEBD139C7413EB29A216
19:09:17.0506 0x1428 CSC - detected LockedFile.Multi.Generic ( 1 )
19:09:23.0406 0x1428 Detect skipped due to KSN trusted
19:09:23.0406 0x1428 CSC - ok
19:09:23.0476 0x1428 [ 873FBF927C06E5CEE04DEC617502F8FD, 8B452ED5D003337E66634EEC3D5C9FBA4D05FF5AE776239F3B769FAA505E729C ] CscService C:\Windows\System32\cscsvc.dll
19:09:23.0536 0x1428 CscService - ok
19:09:23.0546 0x1428 Suspicious service (NoAccess): d9c0704a342146bd
19:09:23.0586 0x1428 [ 66D8440BEEA84FB7DB3F6474827F6B9D, 0EB179E00FBD7440D455F6EF4D6F4D3101B8A55F913BA90079F0315E4DE42B9A ] d9c0704a342146bd C:\Windows\System32\Drivers\d9c0704a342146bd.sys
19:09:23.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\d9c0704a342146bd.sys. md5: 66D8440BEEA84FB7DB3F6474827F6B9D, sha256: 0EB179E00FBD7440D455F6EF4D6F4D3101B8A55F913BA90079F0315E4DE42B9A
19:09:23.0646 0x1428 d9c0704a342146bd - detected Rootkit.Win32.Necurs.gen ( 0 )
19:09:29.0566 0x1428 d9c0704a342146bd ( Rootkit.Win32.Necurs.gen ) - infected
19:09:29.0566 0x1428 Force sending object to P2P due to detect: C:\Windows\System32\Drivers\d9c0704a342146bd.sys
19:09:49.0566 0x1428 Object send P2P result: false
19:09:57.0916 0x1428 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:09:57.0976 0x1428 DcomLaunch - ok
19:09:58.0046 0x1428 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
19:09:58.0116 0x1428 defragsvc - ok
19:09:58.0166 0x1428 [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:09:58.0166 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 3F1DC527070ACB87E40AFE46EF6DA749, sha256: 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84
19:09:58.0196 0x1428 DfsC - detected LockedFile.Multi.Generic ( 1 )
19:10:04.0086 0x1428 Detect skipped due to KSN trusted
19:10:04.0096 0x1428 DfsC - ok
19:10:04.0156 0x1428 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:10:04.0276 0x1428 Dhcp - ok
19:10:04.0296 0x1428 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
19:10:04.0296 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
19:10:04.0316 0x1428 discache - detected LockedFile.Multi.Generic ( 1 )
19:10:10.0216 0x1428 Detect skipped due to KSN trusted
19:10:10.0216 0x1428 discache - ok
19:10:10.0256 0x1428 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:10:10.0256 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
19:10:10.0266 0x1428 Disk - detected LockedFile.Multi.Generic ( 1 )
19:10:16.0186 0x1428 Detect skipped due to KSN trusted
19:10:16.0186 0x1428 Disk - ok
19:10:16.0256 0x1428 [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:10:16.0326 0x1428 Dnscache - ok
19:10:16.0366 0x1428 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
19:10:16.0406 0x1428 dot3svc - ok
19:10:16.0466 0x1428 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
19:10:16.0506 0x1428 DPS - ok
19:10:16.0536 0x1428 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:10:16.0536 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
19:10:16.0546 0x1428 drmkaud - detected LockedFile.Multi.Generic ( 1 )
19:10:22.0486 0x1428 Detect skipped due to KSN trusted
19:10:22.0486 0x1428 drmkaud - ok
19:10:22.0596 0x1428 [ EBCE0B0924835F635F620D19F0529DCE, 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:10:22.0596 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: EBCE0B0924835F635F620D19F0529DCE, sha256: 15BF803765373264390879FCA86C6D89C92DAFD0B1A36DEFA78EF01EBA2F9C26
19:10:22.0606 0x1428 DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
19:10:28.0506 0x1428 Detect skipped due to KSN trusted
19:10:28.0516 0x1428 DXGKrnl - ok
19:10:28.0596 0x1428 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
19:10:28.0656 0x1428 EapHost - ok
19:10:28.0846 0x1428 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:10:28.0846 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
19:10:28.0856 0x1428 ebdrv - detected LockedFile.Multi.Generic ( 1 )
19:10:34.0756 0x1428 Detect skipped due to KSN trusted
19:10:34.0756 0x1428 ebdrv - ok
19:10:34.0796 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
19:10:34.0826 0x1428 EFS - ok
19:10:34.0926 0x1428 [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:10:35.0006 0x1428 ehRecvr - ok
19:10:35.0046 0x1428 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
19:10:35.0066 0x1428 ehSched - ok
19:10:35.0136 0x1428 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:10:35.0136 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
19:10:35.0166 0x1428 elxstor - detected LockedFile.Multi.Generic ( 1 )
19:10:41.0086 0x1428 Detect skipped due to KSN trusted
19:10:41.0086 0x1428 elxstor - ok
19:10:41.0106 0x1428 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
19:10:41.0106 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
19:10:41.0116 0x1428 ErrDev - detected LockedFile.Multi.Generic ( 1 )
19:10:51.0116 0x1428 Object is SCO, delete is not allowed
19:10:51.0116 0x1428 ErrDev ( LockedFile.Multi.Generic ) - warning
19:11:09.0156 0x1428 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
19:11:09.0216 0x1428 EventSystem - ok
19:11:09.0266 0x1428 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
19:11:09.0266 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
19:11:09.0286 0x1428 exfat - detected LockedFile.Multi.Generic ( 1 )
19:11:15.0186 0x1428 Detect skipped due to KSN trusted
19:11:15.0186 0x1428 exfat - ok
19:11:15.0236 0x1428 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:11:15.0236 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
19:11:15.0246 0x1428 fastfat - detected LockedFile.Multi.Generic ( 1 )
19:11:21.0166 0x1428 Detect skipped due to KSN trusted
19:11:21.0166 0x1428 fastfat - ok
19:11:21.0246 0x1428 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
19:11:21.0286 0x1428 Fax - ok
19:11:21.0306 0x1428 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:11:21.0306 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
19:11:21.0316 0x1428 fdc - detected LockedFile.Multi.Generic ( 1 )
19:11:27.0216 0x1428 Detect skipped due to KSN trusted
19:11:27.0216 0x1428 fdc - ok
19:11:27.0266 0x1428 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
19:11:27.0346 0x1428 fdPHost - ok
19:11:27.0376 0x1428 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
19:11:27.0426 0x1428 FDResPub - ok
19:11:27.0486 0x1428 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:11:27.0486 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
19:11:27.0496 0x1428 FileInfo - detected LockedFile.Multi.Generic ( 1 )
19:11:33.0406 0x1428 Detect skipped due to KSN trusted
19:11:33.0406 0x1428 FileInfo - ok
19:11:34.0016 0x1428 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:11:34.0016 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
19:11:34.0276 0x1428 Filetrace - detected LockedFile.Multi.Generic ( 1 )
19:11:40.0216 0x1428 Detect skipped due to KSN trusted
19:11:40.0216 0x1428 Filetrace - ok
19:11:40.0246 0x1428 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:11:40.0246 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
19:11:40.0256 0x1428 flpydisk - detected LockedFile.Multi.Generic ( 1 )
19:11:46.0176 0x1428 Detect skipped due to KSN trusted
19:11:46.0176 0x1428 flpydisk - ok
19:11:46.0246 0x1428 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:11:46.0246 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: F7866AF72ABBAF84B1FA5AA195378C59, sha256: 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8
19:11:46.0256 0x1428 FltMgr - detected LockedFile.Multi.Generic ( 1 )
19:11:52.0156 0x1428 Detect skipped due to KSN trusted
19:11:52.0156 0x1428 FltMgr - ok
19:11:52.0276 0x1428 [ 8AC4CB4EA61E41009FAE9AE7B2B5DA3A, 6587B22ED91F98D3E3614967F62D7A58F42C12F45F8E1D47835D195CD350BC54 ] FontCache C:\Windows\system32\FntCache.dll
19:11:52.0356 0x1428 FontCache - ok
19:11:52.0416 0x1428 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:11:52.0426 0x1428 FontCache3.0.0.0 - ok
19:11:52.0456 0x1428 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:11:52.0456 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
19:11:52.0466 0x1428 FsDepends - detected LockedFile.Multi.Generic ( 1 )
19:11:58.0366 0x1428 Detect skipped due to KSN trusted
19:11:58.0366 0x1428 FsDepends - ok
19:11:58.0426 0x1428 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:11:58.0426 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: E95EF8547DE20CF0603557C0CF7A9462, sha256: 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6
19:11:58.0426 0x1428 Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
19:12:08.0436 0x1428 Object is SCO, delete is not allowed
19:12:08.0436 0x1428 Fs_Rec ( LockedFile.Multi.Generic ) - warning
19:12:08.0436 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\Fs_Rec.sys
19:12:28.0436 0x1428 Object send P2P result: false
19:12:34.0316 0x1428 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:12:34.0316 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: B8B2A6E1558F8F5DE5CE431C5B2C7B09, sha256: 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3
19:12:34.0326 0x1428 fvevol - detected LockedFile.Multi.Generic ( 1 )
19:12:40.0236 0x1428 Detect skipped due to KSN trusted
19:12:40.0236 0x1428 fvevol - ok
19:12:40.0276 0x1428 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:12:40.0276 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
19:12:40.0286 0x1428 gagp30kx - detected LockedFile.Multi.Generic ( 1 )
19:12:46.0196 0x1428 Detect skipped due to KSN trusted
19:12:46.0196 0x1428 gagp30kx - ok
19:12:46.0306 0x1428 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
19:12:46.0366 0x1428 gpsvc - ok
19:12:46.0406 0x1428 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:12:46.0406 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hamachi.sys. md5: 1E6438D4EA6E1174A3B3B1EDC4DE660B, sha256: F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011
19:12:46.0406 0x1428 hamachi - detected LockedFile.Multi.Generic ( 1 )
19:12:52.0336 0x1428 Detect skipped due to KSN trusted
19:12:52.0336 0x1428 hamachi - ok
19:12:52.0566 0x1428 [ 2A94B104F6B64AE207D687F2AFFE8056, A42F8198A070C417554C34C2166137868506B5F7780DB7C13C0658013940F5D6 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
19:12:52.0626 0x1428 Hamachi2Svc - ok
19:12:52.0666 0x1428 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:12:52.0666 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
19:12:52.0686 0x1428 hcw85cir - detected LockedFile.Multi.Generic ( 1 )
19:12:58.0566 0x1428 Detect skipped due to KSN trusted
19:12:58.0566 0x1428 hcw85cir - ok
19:12:58.0646 0x1428 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:12:58.0646 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410F6F415B2A5A9037224C41DA8BF12, sha256: 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5
19:12:58.0656 0x1428 HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:13:04.0566 0x1428 Detect skipped due to KSN trusted
19:13:04.0566 0x1428 HdAudAddService - ok
19:13:04.0626 0x1428 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:04.0626 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0A49913402747A0B67DE940FB42CBDBB, sha256: 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83
19:13:04.0636 0x1428 HDAudBus - detected LockedFile.Multi.Generic ( 1 )
19:13:10.0556 0x1428 Detect skipped due to KSN trusted
19:13:10.0556 0x1428 HDAudBus - ok
19:13:10.0586 0x1428 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:10.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
19:13:10.0596 0x1428 HidBatt - detected LockedFile.Multi.Generic ( 1 )
19:13:20.0596 0x1428 HidBatt ( LockedFile.Multi.Generic ) - warning
19:13:20.0596 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:40.0596 0x1428 Object send P2P result: false
19:13:46.0486 0x1428 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:13:46.0486 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
19:13:46.0486 0x1428 HidBth - detected LockedFile.Multi.Generic ( 1 )
19:13:52.0406 0x1428 Detect skipped due to KSN trusted
19:13:52.0406 0x1428 HidBth - ok
19:13:52.0456 0x1428 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:13:52.0456 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
19:13:52.0466 0x1428 HidIr - detected LockedFile.Multi.Generic ( 1 )
19:13:58.0346 0x1428 Detect skipped due to KSN trusted
19:13:58.0346 0x1428 HidIr - ok
19:13:58.0406 0x1428 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
19:13:58.0456 0x1428 hidserv - ok
19:13:58.0486 0x1428 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:13:58.0486 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: B3BF6B5B50006DEF50B66306D99FCF6F, sha256: D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417
19:13:58.0496 0x1428 HidUsb - detected LockedFile.Multi.Generic ( 1 )
19:14:04.0386 0x1428 Detect skipped due to KSN trusted
19:14:04.0386 0x1428 HidUsb - ok
19:14:04.0496 0x1428 [ DFD1D30D8B68D883B5858748F7E35AD2, 051C9940054558DCB96746C0425A52F5294194163946B4A2A9CAEA64CFA855A1 ] HiPatchService D:\Smite\HiPatchService.exe
19:14:04.0516 0x1428 HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
19:14:10.0416 0x1428 Detect skipped due to KSN trusted
19:14:10.0416 0x1428 HiPatchService - ok
19:14:10.0486 0x1428 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
19:14:10.0536 0x1428 hkmsvc - ok
19:14:10.0576 0x1428 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:14:10.0636 0x1428 HomeGroupListener - ok
19:14:10.0696 0x1428 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:14:10.0726 0x1428 HomeGroupProvider - ok
19:14:10.0756 0x1428 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
19:14:10.0756 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886D440058F203EBA0E1825E4355914, sha256: BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070
19:14:10.0796 0x1428 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
19:14:17.0136 0x1428 Detect skipped due to KSN trusted
19:14:17.0136 0x1428 HpSAMD - ok
19:14:17.0226 0x1428 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:14:17.0226 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: CEE049CAC4EFA7F4E1E4AD014414A5D4, sha256: 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D
19:14:17.0236 0x1428 HTTP - detected LockedFile.Multi.Generic ( 1 )
19:14:23.0146 0x1428 Detect skipped due to KSN trusted
19:14:23.0146 0x1428 HTTP - ok
19:14:23.0206 0x1428 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:14:23.0206 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: F17766A19145F111856378DF337A5D79, sha256: FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62
19:14:23.0216 0x1428 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
19:14:33.0216 0x1428 hwpolicy ( LockedFile.Multi.Generic ) - warning
19:14:52.0166 0x1428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:14:52.0166 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
19:14:52.0166 0x1428 i8042prt - detected LockedFile.Multi.Generic ( 1 )
19:14:58.0056 0x1428 Detect skipped due to KSN trusted
19:14:58.0056 0x1428 i8042prt - ok
19:14:58.0126 0x1428 [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
19:14:58.0126 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStorV.sys. md5: D83EFB6FD45DF9D55E9A1AFC63640D50, sha256: 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B
19:14:58.0136 0x1428 iaStorV - detected LockedFile.Multi.Generic ( 1 )
19:15:04.0016 0x1428 Detect skipped due to KSN trusted
19:15:04.0016 0x1428 iaStorV - ok
19:15:04.0126 0x1428 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:15:04.0156 0x1428 idsvc - ok
19:15:04.0186 0x1428 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:15:04.0186 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
19:15:04.0206 0x1428 iirsp - detected LockedFile.Multi.Generic ( 1 )
19:15:10.0116 0x1428 Detect skipped due to KSN trusted
19:15:10.0116 0x1428 iirsp - ok
19:15:10.0236 0x1428 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
19:15:10.0286 0x1428 IKEEXT - ok
19:15:10.0456 0x1428 [ D6B90D1208CFC57E9F213357BCC41A3C, E199A28618A5904E619563DB99D708FCD6BDF0FD46EB00FC7B7EE0466F736778 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:15:10.0456 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RTKVHD64.sys. md5: D6B90D1208CFC57E9F213357BCC41A3C, sha256: E199A28618A5904E619563DB99D708FCD6BDF0FD46EB00FC7B7EE0466F736778
19:15:10.0466 0x1428 IntcAzAudAddService - detected LockedFile.Multi.Generic ( 1 )
19:15:16.0356 0x1428 Detect skipped due to KSN trusted
19:15:16.0366 0x1428 IntcAzAudAddService - ok
19:15:16.0396 0x1428 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
19:15:16.0396 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
19:15:16.0406 0x1428 intelide - detected LockedFile.Multi.Generic ( 1 )
19:15:22.0336 0x1428 Detect skipped due to KSN trusted
19:15:22.0336 0x1428 intelide - ok
19:15:22.0366 0x1428 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:15:22.0366 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
19:15:22.0386 0x1428 intelppm - detected LockedFile.Multi.Generic ( 1 )
19:15:28.0306 0x1428 Detect skipped due to KSN trusted
19:15:28.0306 0x1428 intelppm - ok
19:15:28.0366 0x1428 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:15:28.0436 0x1428 IPBusEnum - ok
19:15:28.0476 0x1428 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:15:28.0476 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722DD294DF62483CECAAE6E094B4D695, sha256: 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0
19:15:28.0486 0x1428 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
19:15:34.0396 0x1428 Detect skipped due to KSN trusted
19:15:34.0396 0x1428 IpFilterDriver - ok
19:15:34.0486 0x1428 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:15:34.0586 0x1428 iphlpsvc - ok
19:15:34.0616 0x1428 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:15:34.0616 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: E2B4A4494DB7CB9B89B55CA268C337C5, sha256: C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB
19:15:34.0616 0x1428 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
19:15:40.0536 0x1428 Detect skipped due to KSN trusted
19:15:40.0536 0x1428 IPMIDRV - ok
19:15:40.0596 0x1428 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:15:40.0596 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
19:15:40.0596 0x1428 IPNAT - detected LockedFile.Multi.Generic ( 1 )
19:15:50.0596 0x1428 Object is SCO, delete is not allowed
19:15:50.0596 0x1428 IPNAT ( LockedFile.Multi.Generic ) - warning
19:16:07.0416 0x1428 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:16:07.0416 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
19:16:07.0426 0x1428 IRENUM - detected LockedFile.Multi.Generic ( 1 )
19:16:13.0336 0x1428 Detect skipped due to KSN trusted
19:16:13.0336 0x1428 IRENUM - ok
19:16:13.0366 0x1428 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
19:16:13.0366 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
19:16:13.0376 0x1428 isapnp - detected LockedFile.Multi.Generic ( 1 )
19:16:19.0306 0x1428 Detect skipped due to KSN trusted
19:16:19.0306 0x1428 isapnp - ok
19:16:19.0356 0x1428 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:16:19.0356 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: FA4D2557DE56D45B0A346F93564BE6E1, sha256: 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C
19:16:19.0366 0x1428 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
19:16:25.0286 0x1428 Detect skipped due to KSN trusted
19:16:25.0286 0x1428 iScsiPrt - ok
19:16:25.0326 0x1428 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:25.0326 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
19:16:25.0336 0x1428 kbdclass - detected LockedFile.Multi.Generic ( 1 )
19:16:31.0236 0x1428 Detect skipped due to KSN trusted
19:16:31.0236 0x1428 kbdclass - ok
19:16:31.0266 0x1428 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:31.0266 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6DEF98F8541E1B5DCEB2C822A11F7323, sha256: F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D
19:16:31.0276 0x1428 kbdhid - detected LockedFile.Multi.Generic ( 1 )
19:16:37.0206 0x1428 Detect skipped due to KSN trusted
19:16:37.0206 0x1428 kbdhid - ok
19:16:37.0246 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
19:16:37.0276 0x1428 KeyIso - ok
19:16:37.0306 0x1428 [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:16:37.0306 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: E8B6FCC9C83535C67F835D407620BD27, sha256: 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870
19:16:37.0316 0x1428 KSecDD - detected LockedFile.Multi.Generic ( 1 )
19:16:43.0236 0x1428 Detect skipped due to KSN trusted
19:16:43.0236 0x1428 KSecDD - ok
19:16:43.0276 0x1428 [ BBE1BF6D9B661C354D4857D5FADB943B, D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:16:43.0276 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: BBE1BF6D9B661C354D4857D5FADB943B, sha256: D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF
19:16:43.0276 0x1428 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
19:16:49.0276 0x1428 Detect skipped due to KSN trusted
19:16:49.0276 0x1428 KSecPkg - ok
19:16:49.0326 0x1428 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:16:49.0326 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
19:16:49.0336 0x1428 ksthunk - detected LockedFile.Multi.Generic ( 1 )
19:16:55.0236 0x1428 Detect skipped due to KSN trusted
19:16:55.0236 0x1428 ksthunk - ok
19:16:55.0316 0x1428 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
19:16:55.0386 0x1428 KtmRm - ok
19:16:55.0456 0x1428 [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer C:\Windows\system32\srvsvc.dll
19:16:55.0506 0x1428 LanmanServer - ok
19:16:55.0556 0x1428 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:16:55.0586 0x1428 LanmanWorkstation - ok
19:16:55.0626 0x1428 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
19:16:55.0626 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\LGBusEnum.sys. md5: FA529FB35694C24BF98A9EF67C1CD9D0, sha256: 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075
19:16:55.0636 0x1428 LGBusEnum - detected LockedFile.Multi.Generic ( 1 )
19:17:05.0636 0x1428 LGBusEnum ( LockedFile.Multi.Generic ) - warning
19:17:25.0596 0x1428 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
19:17:25.0596 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\LGVirHid.sys. md5: 94B29CE153765E768F004FB3440BE2B0, sha256: E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024
19:17:25.0606 0x1428 LGVirHid - detected LockedFile.Multi.Generic ( 1 )
19:17:31.0546 0x1428 Detect skipped due to KSN trusted
19:17:31.0546 0x1428 LGVirHid - ok
19:17:31.0586 0x1428 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:17:31.0586 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
19:17:31.0606 0x1428 lltdio - detected LockedFile.Multi.Generic ( 1 )
19:17:37.0536 0x1428 Detect skipped due to KSN trusted
19:17:37.0536 0x1428 lltdio - ok
19:17:37.0606 0x1428 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:17:37.0656 0x1428 lltdsvc - ok
19:17:37.0706 0x1428 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:17:37.0786 0x1428 lmhosts - ok
19:17:37.0866 0x1428 [ E299C7D4AE6AF391F38EAE78D788E678, 830D9466FED497B793BD7AFC31053A903E41E4EE02765365E4D72BADA5C45338 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
19:17:37.0896 0x1428 LMIGuardianSvc - ok
19:17:37.0936 0x1428 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:17:37.0936 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
19:17:37.0946 0x1428 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
19:17:43.0876 0x1428 Detect skipped due to KSN trusted
19:17:43.0876 0x1428 LSI_FC - ok
19:17:43.0906 0x1428 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:17:43.0906 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
19:17:43.0916 0x1428 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
19:17:49.0846 0x1428 Detect skipped due to KSN trusted
19:17:49.0846 0x1428 LSI_SAS - ok
19:17:49.0886 0x1428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:17:49.0886 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
19:17:49.0896 0x1428 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
19:17:55.0806 0x1428 Detect skipped due to KSN trusted
19:17:55.0806 0x1428 LSI_SAS2 - ok
19:17:55.0856 0x1428 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:17:55.0856 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
19:17:55.0866 0x1428 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
19:18:01.0786 0x1428 Detect skipped due to KSN trusted
19:18:01.0786 0x1428 LSI_SCSI - ok
19:18:01.0836 0x1428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
19:18:01.0836 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
19:18:01.0846 0x1428 luafv - detected LockedFile.Multi.Generic ( 1 )
19:18:07.0776 0x1428 Detect skipped due to KSN trusted
19:18:07.0776 0x1428 luafv - ok
19:18:07.0836 0x1428 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:18:07.0886 0x1428 Mcx2Svc - ok
19:18:07.0926 0x1428 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:18:07.0926 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
19:18:07.0936 0x1428 megasas - detected LockedFile.Multi.Generic ( 1 )
19:18:17.0936 0x1428 Object is SCO, delete is not allowed
19:18:17.0936 0x1428 megasas ( LockedFile.Multi.Generic ) - warning
19:18:17.0936 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\megasas.sys
19:18:23.0916 0x1428 Object send P2P result: true
19:18:41.0846 0x1428 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:18:41.0846 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
19:18:41.0856 0x1428 MegaSR - detected LockedFile.Multi.Generic ( 1 )
19:18:47.0766 0x1428 Detect skipped due to KSN trusted
19:18:47.0766 0x1428 MegaSR - ok
19:18:47.0836 0x1428 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
19:18:47.0906 0x1428 MMCSS - ok
19:18:47.0946 0x1428 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
19:18:47.0946 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
19:18:47.0956 0x1428 Modem - detected LockedFile.Multi.Generic ( 1 )
19:18:53.0866 0x1428 Detect skipped due to KSN trusted
19:18:53.0866 0x1428 Modem - ok
19:18:53.0916 0x1428 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:18:53.0916 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
19:18:53.0926 0x1428 monitor - detected LockedFile.Multi.Generic ( 1 )
19:18:59.0841 0x1428 Detect skipped due to KSN trusted
19:18:59.0841 0x1428 monitor - ok
19:18:59.0909 0x1428 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:18:59.0910 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
19:18:59.0916 0x1428 mouclass - detected LockedFile.Multi.Generic ( 1 )
19:19:05.0778 0x1428 Detect skipped due to KSN trusted
19:19:05.0778 0x1428 mouclass - ok
19:19:05.0808 0x1428 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:19:05.0808 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
19:19:05.0808 0x1428 mouhid - detected LockedFile.Multi.Generic ( 1 )
19:19:11.0718 0x1428 Detect skipped due to KSN trusted
19:19:11.0718 0x1428 mouhid - ok
19:19:11.0758 0x1428 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:19:11.0758 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 791AF66C4D0E7C90A3646066386FB571, sha256: BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42
19:19:11.0768 0x1428 mountmgr - detected LockedFile.Multi.Generic ( 1 )
19:19:17.0678 0x1428 Detect skipped due to KSN trusted
19:19:17.0678 0x1428 mountmgr - ok
19:19:17.0718 0x1428 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
19:19:17.0718 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609D1D87649ECC19796F4D76D4C15CEA, sha256: 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00
19:19:17.0728 0x1428 mpio - detected LockedFile.Multi.Generic ( 1 )
19:19:23.0658 0x1428 Detect skipped due to KSN trusted
19:19:23.0658 0x1428 mpio - ok
19:19:23.0678 0x1428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:19:23.0678 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
19:19:23.0678 0x1428 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
19:19:33.0678 0x1428 Object is SCO, delete is not allowed
19:19:33.0678 0x1428 mpsdrv ( LockedFile.Multi.Generic ) - warning
19:19:33.0678 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\mpsdrv.sys
19:19:41.0708 0x1428 Object send P2P result: true
19:20:01.0688 0x1428 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
19:20:01.0768 0x1428 MpsSvc - ok
19:20:01.0798 0x1428 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:20:01.0798 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261BB51D96D6FCBAC20C810183C, sha256: 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D
19:20:01.0808 0x1428 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
19:20:07.0698 0x1428 Detect skipped due to KSN trusted
19:20:07.0698 0x1428 MRxDAV - ok
19:20:07.0748 0x1428 [ CFDCD8CA87C2A657DEBC150AC35B5E08, 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:20:07.0748 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: CFDCD8CA87C2A657DEBC150AC35B5E08, sha256: 8870DCC8CF4E452E25BFE38113ADBDBC4014036B25E567FC262178DAA808049A
19:20:07.0758 0x1428 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
19:20:13.0658 0x1428 Detect skipped due to KSN trusted
19:20:13.0658 0x1428 mrxsmb - ok
19:20:13.0708 0x1428 [ 1BEE517B220B7F024F411AEC1571DD5A, 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:20:13.0708 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: 1BEE517B220B7F024F411AEC1571DD5A, sha256: 6DC7638D056DFDE36803BCD691BF73A4AAFD59DE63C0ACD7EA860997FFA3C6E7
19:20:13.0718 0x1428 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
19:20:19.0628 0x1428 Detect skipped due to KSN trusted
19:20:19.0628 0x1428 mrxsmb10 - ok
19:20:19.0678 0x1428 [ 6B2D5FEF385828B6E485C1C90AFB8195, A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:20:19.0678 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 6B2D5FEF385828B6E485C1C90AFB8195, sha256: A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6
19:20:19.0688 0x1428 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
19:20:25.0598 0x1428 Detect skipped due to KSN trusted
19:20:25.0598 0x1428 mrxsmb20 - ok
19:20:25.0638 0x1428 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
19:20:25.0638 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5C37497276E3B3A5488B23A326A754B7, sha256: 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967
19:20:25.0648 0x1428 msahci - detected LockedFile.Multi.Generic ( 1 )
19:20:31.0568 0x1428 Detect skipped due to KSN trusted
19:20:31.0568 0x1428 msahci - ok
19:20:31.0618 0x1428 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
19:20:31.0618 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8D27B597229AED79430FB9DB3BCBFBD0, sha256: 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248
19:20:31.0628 0x1428 msdsm - detected LockedFile.Multi.Generic ( 1 )
19:20:37.0538 0x1428 Detect skipped due to KSN trusted
19:20:37.0538 0x1428 msdsm - ok
19:20:37.0598 0x1428 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
19:20:37.0628 0x1428 MSDTC - ok
19:20:37.0658 0x1428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:20:37.0658 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
19:20:37.0668 0x1428 Msfs - detected LockedFile.Multi.Generic ( 1 )
19:20:47.0668 0x1428 Object is SCO, delete is not allowed
19:20:47.0668 0x1428 Msfs ( LockedFile.Multi.Generic ) - warning
19:20:54.0558 0x1428 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:20:54.0558 0x1428 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
19:20:54.0558 0x1428 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
19:21:00.0468 0x1428 Detect skipped due to KSN trusted
19:21:00.0468 0x1428 mshidkmdf - ok
19:21:00.0498 0x1428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
19:21:00.0498 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
19:21:00.0508 0x1428 msisadrv - detected LockedFile.Multi.Generic ( 1 )
19:21:10.0508 0x1428 Object is SCO, delete is not allowed
19:21:10.0508 0x1428 msisadrv ( LockedFile.Multi.Generic ) - warning
19:21:17.0478 0x1428 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:21:17.0558 0x1428 MSiSCSI - ok
19:21:17.0568 0x1428 msiserver - ok
19:21:17.0598 0x1428 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:21:17.0598 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
19:21:17.0608 0x1428 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
19:21:23.0468 0x1428 Detect skipped due to KSN trusted
19:21:23.0468 0x1428 MSKSSRV - ok
19:21:23.0508 0x1428 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:23.0518 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
19:21:23.0518 0x1428 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
19:21:29.0448 0x1428 Detect skipped due to KSN trusted
19:21:29.0448 0x1428 MSPCLOCK - ok
19:21:29.0478 0x1428 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:21:29.0478 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
19:21:29.0488 0x1428 MSPQM - detected LockedFile.Multi.Generic ( 1 )
19:21:35.0408 0x1428 Detect skipped due to KSN trusted
19:21:35.0408 0x1428 MSPQM - ok
19:21:35.0458 0x1428 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:21:35.0458 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 89CB141AA8616D8C6A4610FA26C60964, sha256: 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC
19:21:35.0458 0x1428 MsRPC - detected LockedFile.Multi.Generic ( 1 )
19:21:41.0328 0x1428 Detect skipped due to KSN trusted
19:21:41.0328 0x1428 MsRPC - ok
19:21:41.0378 0x1428 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:21:41.0378 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
19:21:41.0388 0x1428 mssmbios - detected LockedFile.Multi.Generic ( 1 )
19:21:47.0318 0x1428 Detect skipped due to KSN trusted
19:21:47.0318 0x1428 mssmbios - ok
19:21:47.0348 0x1428 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:21:47.0358 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
19:21:47.0358 0x1428 MSTEE - detected LockedFile.Multi.Generic ( 1 )
19:21:53.0678 0x1428 Detect skipped due to KSN trusted
19:21:53.0678 0x1428 MSTEE - ok
19:21:53.0708 0x1428 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:53.0708 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
19:21:53.0718 0x1428 MTConfig - detected LockedFile.Multi.Generic ( 1 )
19:22:03.0718 0x1428 MTConfig ( LockedFile.Multi.Generic ) - warning
19:22:12.0648 0x1428 [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:22:12.0648 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ASACPI.sys. md5: 19B006B181E3875FD254F7B67ACF1E7C, sha256: 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61
19:22:12.0658 0x1428 MTsensor - detected LockedFile.Multi.Generic ( 1 )
19:22:22.0658 0x1428 MTsensor ( LockedFile.Multi.Generic ) - warning
19:22:22.0658 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ASACPI.sys
19:22:29.0818 0x1428 Object send P2P result: true
19:22:35.0718 0x1428 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
19:22:35.0718 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
19:22:35.0728 0x1428 Mup - detected LockedFile.Multi.Generic ( 1 )
19:22:41.0658 0x1428 Detect skipped due to KSN trusted
19:22:41.0658 0x1428 Mup - ok
19:22:41.0758 0x1428 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
19:22:41.0818 0x1428 napagent - ok
19:22:41.0868 0x1428 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:22:41.0878 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
19:22:41.0888 0x1428 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
19:22:47.0768 0x1428 Detect skipped due to KSN trusted
19:22:47.0768 0x1428 NativeWifiP - ok
19:22:47.0868 0x1428 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
19:22:47.0868 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: CAD515DBD07D082BB317D9928CE8962C, sha256: 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E
19:22:47.0878 0x1428 NDIS - detected LockedFile.Multi.Generic ( 1 )
19:22:53.0768 0x1428 Detect skipped due to KSN trusted
19:22:53.0768 0x1428 NDIS - ok
19:22:53.0808 0x1428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:53.0808 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
19:22:53.0828 0x1428 NdisCap - detected LockedFile.Multi.Generic ( 1 )
19:22:59.0748 0x1428 Detect skipped due to KSN trusted
19:22:59.0748 0x1428 NdisCap - ok
19:22:59.0768 0x1428 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:59.0768 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
19:22:59.0778 0x1428 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
19:23:05.0718 0x1428 Detect skipped due to KSN trusted
19:23:05.0718 0x1428 NdisTapi - ok
19:23:05.0758 0x1428 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:05.0758 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: F105BA1E22BF1F2EE8F005D4305E4BEC, sha256: 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F
19:23:05.0768 0x1428 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
19:23:11.0688 0x1428 Detect skipped due to KSN trusted
19:23:11.0688 0x1428 Ndisuio - ok
19:23:11.0728 0x1428 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:11.0728 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557DFAB9CA1FCB036AC77564C010DAD3, sha256: 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29
19:23:11.0738 0x1428 NdisWan - detected LockedFile.Multi.Generic ( 1 )
19:23:21.0738 0x1428 Object is SCO, delete is not allowed
19:23:21.0738 0x1428 NdisWan ( LockedFile.Multi.Generic ) - warning
19:23:21.0738 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:29.0698 0x1428 Object send P2P result: true
19:23:47.0618 0x1428 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:23:47.0628 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 659B74FB74B86228D6338D643CD3E3CF, sha256: 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80
19:23:47.0628 0x1428 NDProxy - detected LockedFile.Multi.Generic ( 1 )
19:23:53.0528 0x1428 Detect skipped due to KSN trusted
19:23:53.0528 0x1428 NDProxy - ok
19:23:53.0548 0x1428 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:23:53.0548 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
19:23:53.0568 0x1428 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
19:23:59.0498 0x1428 Detect skipped due to KSN trusted
19:23:59.0498 0x1428 NetBIOS - ok
19:23:59.0668 0x1428 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:23:59.0668 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162B273A44AB9DCE5B44362731D062A, sha256: 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39
19:23:59.0678 0x1428 NetBT - detected LockedFile.Multi.Generic ( 1 )
19:24:05.0588 0x1428 Detect skipped due to KSN trusted
19:24:05.0588 0x1428 NetBT - ok
19:24:05.0638 0x1428 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
19:24:05.0668 0x1428 Netlogon - ok
19:24:05.0738 0x1428 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
19:24:05.0798 0x1428 Netman - ok
19:24:05.0848 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:05.0888 0x1428 NetMsmqActivator - ok
19:24:05.0918 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:05.0948 0x1428 NetPipeActivator - ok
19:24:05.0988 0x1428 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
19:24:06.0038 0x1428 netprofm - ok
19:24:06.0058 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:06.0058 0x1428 NetTcpActivator - ok
19:24:06.0078 0x1428 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:24:06.0088 0x1428 NetTcpPortSharing - ok
19:24:06.0118 0x1428 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:24:06.0118 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
19:24:06.0128 0x1428 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
19:24:12.0038 0x1428 Detect skipped due to KSN trusted
19:24:12.0038 0x1428 nfrd960 - ok
19:24:12.0108 0x1428 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
19:24:12.0168 0x1428 NlaSvc - ok
19:24:12.0198 0x1428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:24:12.0198 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
19:24:12.0208 0x1428 Npfs - detected LockedFile.Multi.Generic ( 1 )
19:24:18.0138 0x1428 Detect skipped due to KSN trusted
19:24:18.0138 0x1428 Npfs - ok
19:24:18.0168 0x1428 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
19:24:18.0258 0x1428 nsi - ok
19:24:18.0268 0x1428 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:24:18.0268 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
19:24:18.0278 0x1428 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
19:24:24.0178 0x1428 Detect skipped due to KSN trusted
19:24:24.0178 0x1428 nsiproxy - ok
19:24:24.0308 0x1428 [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:24:24.0308 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: 356698A13C4630D5B31C37378D469196, sha256: BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B
19:24:24.0308 0x1428 Ntfs - detected LockedFile.Multi.Generic ( 1 )
19:24:34.0308 0x1428 Object is SCO, delete is not allowed
19:24:34.0308 0x1428 Ntfs ( LockedFile.Multi.Generic ) - warning
19:24:34.0308 0x1428 Force sending object to P2P due to detect: C:\Windows\system32\drivers\Ntfs.sys
19:24:41.0278 0x1428 Object send P2P result: true
19:24:47.0148 0x1428 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
19:24:47.0148 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
19:24:47.0158 0x1428 Null - detected LockedFile.Multi.Generic ( 1 )
19:24:57.0158 0x1428 Object is SCO, delete is not allowed
19:24:57.0158 0x1428 Null ( LockedFile.Multi.Generic ) - warning
19:25:05.0078 0x1428 [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
19:25:05.0078 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvraid.sys. md5: 3E38712941E9BB4DDBEE00AFFE3FED3D, sha256: 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7
19:25:05.0088 0x1428 nvraid - detected LockedFile.Multi.Generic ( 1 )
19:25:10.0988 0x1428 Detect skipped due to KSN trusted
19:25:10.0988 0x1428 nvraid - ok
19:25:11.0038 0x1428 [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
19:25:11.0038 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvstor.sys. md5: 477DC4D6DEB99BE37084C9AC6D013DA1, sha256: E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E
19:25:11.0048 0x1428 nvstor - detected LockedFile.Multi.Generic ( 1 )
19:25:16.0906 0x1428 Detect skipped due to KSN trusted
19:25:16.0906 0x1428 nvstor - ok
19:25:16.0956 0x1428 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
19:25:16.0957 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
19:25:16.0985 0x1428 nv_agp - detected LockedFile.Multi.Generic ( 1 )
19:25:22.0871 0x1428 Detect skipped due to KSN trusted
19:25:22.0871 0x1428 nv_agp - ok
19:25:22.0951 0x1428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:25:22.0951 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
19:25:22.0951 0x1428 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
19:25:28.0861 0x1428 Detect skipped due to KSN trusted
19:25:28.0861 0x1428 ohci1394 - ok
19:25:28.0911 0x1428 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:25:28.0961 0x1428 p2pimsvc - ok
19:25:29.0051 0x1428 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
19:25:29.0121 0x1428 p2psvc - ok
19:25:29.0171 0x1428 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:25:29.0171 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
19:25:29.0171 0x1428 Parport - detected LockedFile.Multi.Generic ( 1 )
19:25:35.0081 0x1428 Detect skipped due to KSN trusted
19:25:35.0081 0x1428 Parport - ok
19:25:35.0111 0x1428 [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:25:35.0111 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: 7DAA117143316C4A1537E074A5A9EAF0, sha256: D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B
19:25:35.0121 0x1428 partmgr - detected LockedFile.Multi.Generic ( 1 )
19:25:41.0051 0x1428 Detect skipped due to KSN trusted
19:25:41.0051 0x1428 partmgr - ok
19:25:41.0101 0x1428 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
19:25:41.0181 0x1428 PcaSvc - ok
19:25:41.0231 0x1428 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
19:25:41.0231 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pci.sys. md5: F36F6504009F2FB0DFD1B17A116AD74B, sha256: 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918
19:25:41.0241 0x1428 pci - detected LockedFile.Multi.Generic ( 1 )
19:25:51.0241 0x1428 Object is SCO, delete is not allowed
19:25:51.0241 0x1428 pci ( LockedFile.Multi.Generic ) - warning
19:25:58.0141 0x1428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
19:25:58.0141 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
19:25:58.0151 0x1428 pciide - detected LockedFile.Multi.Generic ( 1 )
19:26:04.0071 0x1428 Detect skipped due to KSN trusted
19:26:04.0071 0x1428 pciide - ok
19:26:04.0121 0x1428 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:26:04.0121 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
19:26:04.0131 0x1428 pcmcia - detected LockedFile.Multi.Generic ( 1 )
19:26:14.0131 0x1428 Object is SCO, delete is not allowed
19:26:14.0131 0x1428 pcmcia ( LockedFile.Multi.Generic ) - warning
19:26:21.0051 0x1428 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
19:26:21.0051 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
19:26:21.0061 0x1428 pcw - detected LockedFile.Multi.Generic ( 1 )
19:26:26.0981 0x1428 Detect skipped due to KSN trusted
19:26:26.0981 0x1428 pcw - ok
19:26:27.0081 0x1428 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:26:27.0081 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
19:26:27.0091 0x1428 PEAUTH - detected LockedFile.Multi.Generic ( 1 )
19:26:33.0011 0x1428 Detect skipped due to KSN trusted
19:26:33.0011 0x1428 PEAUTH - ok
19:26:33.0161 0x1428 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:26:33.0231 0x1428 PeerDistSvc - ok
19:26:33.0321 0x1428 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:26:33.0351 0x1428 PerfHost - ok
19:26:33.0481 0x1428 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
19:26:33.0551 0x1428 pla - ok
19:26:33.0631 0x1428 [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:26:33.0681 0x1428 PlugPlay - ok
19:26:33.0691 0x1428 PnkBstrA - ok
19:26:33.0731 0x1428 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:26:33.0731 0x1428 PNRPAutoReg - ok
19:26:33.0771 0x1428 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:26:33.0791 0x1428 PNRPsvc - ok
19:26:33.0861 0x1428 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:26:33.0921 0x1428 PolicyAgent - ok
19:26:33.0951 0x1428 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
19:26:33.0981 0x1428 Power - ok
19:26:34.0051 0x1428 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:26:34.0051 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27CC19E81BA5E3403C48302127BDA717, sha256: C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40
19:26:34.0081 0x1428 PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
19:26:40.0001 0x1428 Detect skipped due to KSN trusted
19:26:40.0001 0x1428 PptpMiniport - ok
19:26:40.0041 0x1428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:26:40.0041 0x1428 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
19:26:40.0041 0x1428 Processor - detected LockedFile.Multi.Generic ( 1 )
19:26:45.0961 0x1428 Detect skipped due to KSN trusted
19:26:45.0961 0x1428 Processor - ok
19:26:46.0031 0x1428 [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc C:\Windows\system32\profsvc.dll
19:26:46.0101 0x1428 ProfSvc - ok |