Antivirenscanner lassen sich nach Virenbefall nicht mehr installieren
 

Hallo Zusammen,
anbei sende ich die Log-files des betroffenen Rechners. Leider kann ich auch diesen Rechner nicht einfach platt machen.
Ich habe auf dem Rechner aktuell keine Möglichkeit einen Antivirenscanner zu installieren. Bereits drei Varianten sind gescheitert, meißt im Update Bereich oder beim Starten benötigter Dienste.
Getestet habe ich: Trend Micro OfficeScan, FortiClient und Microsoft Security Essentials

Welche Registry Einträge könnten dazwischen hauen oder welche Dienste müssen laufen damit ich einen Antivirenscanner wieder installieren kann? Bzw. welche Dienste müsste man wie reparieren?

Vielen Dan im Voraus für eure Hilfe.

Gruß
seeufirst

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

FRST.txt

FRST Logfile:

FRST Logfile:
--- --- ---

--- --- ---

Addition.txt

hi,

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

• Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
• Drücke Start Scan
  
• Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
  TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
  Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Hi,
der TDSSKiller konnte ein Rootkit entdecken. Hier der gewünschte Report:
Teil 1:

14:43:32.0624 0x0e18 TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
14:43:36.0617 0x0e18 ============================================================
14:43:36.0617 0x0e18 Current date / time: 2014/03/28 14:43:36.0617
14:43:36.0617 0x0e18 SystemInfo:
14:43:36.0617 0x0e18
14:43:36.0617 0x0e18 OS Version: 6.1.7601 ServicePack: 1.0
14:43:36.0617 0x0e18 Product type: Workstation
14:43:36.0617 0x0e18 ComputerName: 53MPRM1
14:43:36.0617 0x0e18 UserName: USERNAME
14:43:36.0617 0x0e18 Windows directory: C:\Windows
14:43:36.0617 0x0e18 System windows directory: C:\Windows
14:43:36.0617 0x0e18 Running under WOW64
14:43:36.0617 0x0e18 Processor architecture: Intel x64
14:43:36.0617 0x0e18 Number of processors: 4
14:43:36.0617 0x0e18 Page size: 0x1000
14:43:36.0617 0x0e18 Boot type: Normal boot
14:43:36.0617 0x0e18 ============================================================
14:43:36.0711 0x0e18 KLMD registered as C:\Windows\system32\drivers\20521599.sys
14:43:45.0682 0x0e18 System UUID: {842690FA-9028-204A-2AB9-2B4C64A8E7F8}
14:43:45.0962 0x0e18 !crdlk
14:43:45.0962 0x0e18 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:43:45.0978 0x0e18 Drive \Device\Harddisk1\DR1 - Size: 0x76D8B0000 (29.71 Gb), SectorSize: 0x200, Cylinders: 0xF26, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
14:43:45.0978 0x0e18 ============================================================
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0:
14:43:45.0978 0x0e18 MBR partitions:
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0xCD1BAB0
14:43:45.0978 0x0e18 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0xEA7C800, BlocksNum 0x3FF000
14:43:45.0978 0x0e18 \Device\Harddisk1\DR1:
14:43:45.0978 0x0e18 MBR partitions:
14:43:45.0978 0x0e18 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3B69F67
14:43:45.0978 0x0e18 ============================================================
14:43:45.0978 0x0e18 C: <-> \Device\Harddisk0\DR0\Partition2
14:43:45.0978 0x0e18 D: <-> \Device\Harddisk0\DR0\Partition3
14:43:45.0994 0x0e18 W: <-> \Device\Harddisk1\DR1\Partition1
14:43:45.0994 0x0e18 ============================================================
14:43:45.0994 0x0e18 Initialize success
14:43:45.0994 0x0e18 ============================================================
14:44:14.0058 0x1410 ============================================================
14:44:14.0058 0x1410 Scan started
14:44:14.0058 0x1410 Mode: Manual; SigCheck; TDLFS;
14:44:14.0058 0x1410 ============================================================
14:44:14.0058 0x1410 KSN ping started
14:44:16.0741 0x1410 KSN ping finished: true
14:44:16.0819 0x1410 ================ Scan system memory ========================
14:44:16.0819 0x1410 System memory - ok
14:44:16.0819 0x1410 ================ Scan services =============================
14:44:16.0990 0x1410 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:44:17.0178 0x1410 1394ohci - ok
14:44:17.0193 0x1410 Suspicious service (NoAccess): 35e788ab90485f7f
14:44:17.0209 0x1410 [ B78C57637978C08E45DD946F908594F5, 90DBE63BB845F4A01314DC1EC284E163B39E112BA6A3929D6F7588276E0EFA68 ] 35e788ab90485f7f C:\Windows\System32\Drivers\35e788ab90485f7f.sys
14:44:17.0209 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\35e788ab90485f7f.sys. md5: B78C57637978C08E45DD946F908594F5, sha256: 90DBE63BB845F4A01314DC1EC284E163B39E112BA6A3929D6F7588276E0EFA68
14:44:17.0240 0x1410 35e788ab90485f7f - detected Rootkit.Win32.Necurs.gen ( 0 )
14:44:19.0689 0x1410 35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - infected
14:44:19.0689 0x1410 Force sending object to P2P due to detect: C:\Windows\System32\Drivers\35e788ab90485f7f.sys
14:44:30.0094 0x1410 Object send P2P result: true
14:44:32.0575 0x1410 A2DDA - ok
14:44:32.0606 0x1410 [ 627371B2D48F64CECC4D019114FB140D, B91698550BD899C208CC57F1ABE00D530D9FDC4559E3E1C0A04A27E7D4C7CE9D ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys
14:44:32.0606 0x1410 Acceler - ok
14:44:32.0637 0x1410 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:44:32.0653 0x1410 ACPI - ok
14:44:32.0668 0x1410 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:44:32.0699 0x1410 AcpiPmi - ok
14:44:32.0731 0x1410 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:44:32.0746 0x1410 AdobeARMservice - ok
14:44:32.0809 0x1410 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:44:32.0824 0x1410 AdobeFlashPlayerUpdateSvc - ok
14:44:32.0855 0x1410 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:44:32.0871 0x1410 adp94xx - ok
14:44:32.0902 0x1410 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:44:32.0902 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\adpahci.sys. md5: 597F78224EE9224EA1A13D6350CED962, sha256: DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC
14:44:32.0918 0x1410 adpahci - detected LockedFile.Multi.Generic ( 1 )
14:44:35.0289 0x1410 Detect skipped due to KSN trusted
14:44:35.0289 0x1410 adpahci - ok
14:44:35.0320 0x1410 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:44:35.0336 0x1410 adpu320 - ok
14:44:35.0383 0x1410 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:44:35.0461 0x1410 AeLookupSvc - ok
14:44:35.0507 0x1410 [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\AESTSr64.exe
14:44:35.0554 0x1410 AESTFilters - ok
14:44:35.0585 0x1410 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
14:44:35.0601 0x1410 AFD - ok
14:44:35.0617 0x1410 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
14:44:35.0617 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\agp440.sys. md5: 608C14DBA7299D8CB6ED035A68A15799, sha256: 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A
14:44:35.0632 0x1410 agp440 - detected LockedFile.Multi.Generic ( 1 )
14:44:38.0066 0x1410 Detect skipped due to KSN trusted
14:44:38.0066 0x1410 agp440 - ok
14:44:38.0097 0x1410 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
14:44:38.0128 0x1410 ALG - ok
14:44:38.0144 0x1410 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
14:44:38.0159 0x1410 aliide - ok
14:44:38.0190 0x1410 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
14:44:38.0190 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdide.sys. md5: 1FF8B4431C353CE385C875F194924C0C, sha256: 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720
14:44:38.0190 0x1410 amdide - detected LockedFile.Multi.Generic ( 1 )
14:44:40.0640 0x1410 Detect skipped due to KSN trusted
14:44:40.0640 0x1410 amdide - ok
14:44:40.0671 0x1410 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:44:40.0671 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdk8.sys. md5: 7024F087CFF1833A806193EF9D22CDA9, sha256: E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529
14:44:40.0671 0x1410 AmdK8 - detected LockedFile.Multi.Generic ( 1 )
14:44:43.0058 0x1410 Detect skipped due to KSN trusted
14:44:43.0058 0x1410 AmdK8 - ok
14:44:43.0089 0x1410 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:44:43.0089 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdppm.sys. md5: 1E56388B3FE0D031C44144EB8C4D6217, sha256: E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487
14:44:43.0089 0x1410 AmdPPM - detected LockedFile.Multi.Generic ( 1 )
14:44:45.0538 0x1410 Detect skipped due to KSN trusted
14:44:45.0538 0x1410 AmdPPM - ok
14:44:45.0569 0x1410 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:44:45.0569 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdsata.sys. md5: 6EC6D772EAE38DC17C14AED9B178D24B, sha256: B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6
14:44:45.0585 0x1410 amdsata - detected LockedFile.Multi.Generic ( 1 )
14:44:47.0972 0x1410 Detect skipped due to KSN trusted
14:44:47.0972 0x1410 amdsata - ok
14:44:48.0003 0x1410 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:44:48.0003 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\amdsbs.sys. md5: F67F933E79241ED32FF46A4F29B5120B, sha256: D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8
14:44:48.0018 0x1410 amdsbs - detected LockedFile.Multi.Generic ( 1 )
14:44:50.0452 0x1410 Detect skipped due to KSN trusted
14:44:50.0452 0x1410 amdsbs - ok
14:44:50.0468 0x1410 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:44:50.0468 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\amdxata.sys. md5: 1142A21DB581A84EA5597B03A26EBAA0, sha256: F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343
14:44:50.0483 0x1410 amdxata - detected LockedFile.Multi.Generic ( 1 )
14:44:52.0870 0x1410 Detect skipped due to KSN trusted
14:44:52.0870 0x1410 amdxata - ok
14:44:52.0917 0x1410 [ 4B92F0063C633BD4FDBD7D76977F65B3, DC18AB4FFA2893D664D464B3862E587A920C3A92A5D02E9E46710FB6F28CE0DE ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
14:44:52.0917 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Apfiltr.sys. md5: 4B92F0063C633BD4FDBD7D76977F65B3, sha256: DC18AB4FFA2893D664D464B3862E587A920C3A92A5D02E9E46710FB6F28CE0DE
14:44:52.0917 0x1410 ApfiltrService - detected LockedFile.Multi.Generic ( 1 )
14:44:55.0366 0x1410 Detect skipped due to KSN trusted
14:44:55.0366 0x1410 ApfiltrService - ok
14:44:55.0397 0x1410 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
14:44:55.0397 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\appid.sys. md5: 89A69C3F2F319B43379399547526D952, sha256: 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A
14:44:55.0413 0x1410 AppID - detected LockedFile.Multi.Generic ( 1 )
14:44:57.0846 0x1410 Detect skipped due to KSN trusted
14:44:57.0846 0x1410 AppID - ok
14:44:57.0877 0x1410 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:44:57.0924 0x1410 AppIDSvc - ok
14:44:57.0940 0x1410 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
14:44:57.0955 0x1410 Appinfo - ok
14:44:57.0987 0x1410 [ 4FE5C6D40664AE07BE5105874357D2ED, 70DD05EE80B77EB2F781E0919885D1BBB1119EA1A8955935AF5AECD05E30F14A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:44:57.0987 0x1410 Apple Mobile Device - ok
14:44:58.0018 0x1410 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
14:44:58.0033 0x1410 AppMgmt - ok
14:44:58.0049 0x1410 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:44:58.0049 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arc.sys. md5: C484F8CEB1717C540242531DB7845C4E, sha256: C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6
14:44:58.0065 0x1410 arc - detected LockedFile.Multi.Generic ( 1 )
14:45:00.0420 0x1410 Detect skipped due to KSN trusted
14:45:00.0420 0x1410 arc - ok
14:45:00.0451 0x1410 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:45:00.0451 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\arcsas.sys. md5: 019AF6924AEFE7839F61C830227FE79C, sha256: 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A
14:45:00.0467 0x1410 arcsas - detected LockedFile.Multi.Generic ( 1 )
14:45:02.0823 0x1410 Detect skipped due to KSN trusted
14:45:02.0823 0x1410 arcsas - ok
14:45:02.0854 0x1410 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:45:02.0854 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\asyncmac.sys. md5: 769765CE2CC62867468CEA93969B2242, sha256: 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26
14:45:02.0854 0x1410 AsyncMac - detected LockedFile.Multi.Generic ( 1 )
14:45:08.0236 0x1410 Detect skipped due to KSN trusted
14:45:08.0236 0x1410 AsyncMac - ok
14:45:08.0267 0x1410 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
14:45:08.0267 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\atapi.sys. md5: 02062C0B390B7729EDC9E69C680A6F3C, sha256: 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273
14:45:08.0267 0x1410 atapi - detected LockedFile.Multi.Generic ( 1 )
14:45:10.0716 0x1410 Detect skipped due to KSN trusted
14:45:10.0716 0x1410 atapi - ok
14:45:10.0778 0x1410 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:45:10.0934 0x1410 AudioEndpointBuilder - ok
14:45:10.0997 0x1410 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:45:11.0044 0x1410 AudioSrv - ok
14:45:11.0075 0x1410 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:45:11.0122 0x1410 AxInstSV - ok
14:45:11.0153 0x1410 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:45:11.0153 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bxvbda.sys. md5: 3E5B191307609F7514148C6832BB0842, sha256: DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580
14:45:11.0168 0x1410 b06bdrv - detected LockedFile.Multi.Generic ( 1 )
14:45:13.0555 0x1410 Detect skipped due to KSN trusted
14:45:13.0555 0x1410 b06bdrv - ok
14:45:13.0586 0x1410 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:45:13.0586 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\b57nd60a.sys. md5: B5ACE6968304A3900EEB1EBFD9622DF2, sha256: 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA
14:45:13.0602 0x1410 b57nd60a - detected LockedFile.Multi.Generic ( 1 )
14:45:16.0051 0x1410 Detect skipped due to KSN trusted
14:45:16.0051 0x1410 b57nd60a - ok
14:45:16.0082 0x1410 [ 50D45E314B13F70BF328D783868E6EA6, E22F30E7602D4EC0BEAA1E0DE7FF518B7B49556536C1F9E6C6308327CDEA4CA6 ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
14:45:16.0082 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BCM42RLY.sys. md5: 50D45E314B13F70BF328D783868E6EA6, sha256: E22F30E7602D4EC0BEAA1E0DE7FF518B7B49556536C1F9E6C6308327CDEA4CA6
14:45:16.0098 0x1410 BCM42RLY - detected LockedFile.Multi.Generic ( 1 )
14:45:18.0500 0x1410 Detect skipped due to KSN trusted
14:45:18.0500 0x1410 BCM42RLY - ok
14:45:18.0594 0x1410 [ D84B17B03376ACBB7717928071429707, D7A0CD7E3F1A1BD5A0B27FA937004DEF8F02CBC7526D380A19630B7424025BF4 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
14:45:18.0594 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bcmwl664.sys. md5: D84B17B03376ACBB7717928071429707, sha256: D7A0CD7E3F1A1BD5A0B27FA937004DEF8F02CBC7526D380A19630B7424025BF4
14:45:18.0610 0x1410 BCM43XX - detected LockedFile.Multi.Generic ( 1 )
14:45:20.0981 0x1410 Detect skipped due to KSN trusted
14:45:20.0981 0x1410 BCM43XX - ok
14:45:21.0043 0x1410 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
14:45:21.0059 0x1410 BDESVC - ok
14:45:21.0090 0x1410 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
14:45:21.0090 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Beep.sys. md5: 16A47CE2DECC9B099349A5F840654746, sha256: 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024
14:45:21.0090 0x1410 Beep - detected LockedFile.Multi.Generic ( 1 )
14:45:23.0539 0x1410 Detect skipped due to KSN trusted
14:45:23.0539 0x1410 Beep - ok
14:45:23.0617 0x1410 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
14:45:23.0648 0x1410 BFE - ok
14:45:23.0711 0x1410 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
14:45:23.0773 0x1410 BITS - ok
14:45:23.0789 0x1410 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:45:23.0789 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\blbdrive.sys. md5: 61583EE3C3A17003C4ACD0475646B4D3, sha256: 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811
14:45:23.0804 0x1410 blbdrive - detected LockedFile.Multi.Generic ( 1 )
14:45:26.0238 0x1410 Detect skipped due to KSN trusted
14:45:26.0238 0x1410 blbdrive - ok
14:45:26.0285 0x1410 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:45:26.0300 0x1410 Bonjour Service - ok
14:45:26.0331 0x1410 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:45:26.0331 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bowser.sys. md5: 6C02A83164F5CC0A262F4199F0871CF5, sha256: AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28
14:45:26.0347 0x1410 bowser - detected LockedFile.Multi.Generic ( 1 )
14:45:28.0734 0x1410 Detect skipped due to KSN trusted
14:45:28.0734 0x1410 bowser - ok
14:45:28.0749 0x1410 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:45:28.0749 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltLo.sys. md5: F09EEE9EDC320B5E1501F749FDE686C8, sha256: 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3
14:45:28.0765 0x1410 BrFiltLo - detected LockedFile.Multi.Generic ( 1 )
14:45:31.0214 0x1410 Detect skipped due to KSN trusted
14:45:31.0214 0x1410 BrFiltLo - ok
14:45:31.0230 0x1410 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:45:31.0230 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\BrFiltUp.sys. md5: B114D3098E9BDB8BEA8B053685831BE6, sha256: 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C
14:45:31.0245 0x1410 BrFiltUp - detected LockedFile.Multi.Generic ( 1 )
14:45:33.0632 0x1410 Detect skipped due to KSN trusted
14:45:33.0632 0x1410 BrFiltUp - ok
14:45:33.0663 0x1410 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
14:45:33.0695 0x1410 Browser - ok
14:45:33.0726 0x1410 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:45:33.0726 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\Brserid.sys. md5: 43BEA8D483BF1870F018E2D02E06A5BD, sha256: 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272
14:45:33.0726 0x1410 Brserid - detected LockedFile.Multi.Generic ( 1 )
14:45:36.0097 0x1410 Detect skipped due to KSN trusted
14:45:36.0097 0x1410 Brserid - ok
14:45:36.0128 0x1410 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:45:36.0128 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrSerWdm.sys. md5: A6ECA2151B08A09CACECA35C07F05B42, sha256: E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C
14:45:36.0128 0x1410 BrSerWdm - detected LockedFile.Multi.Generic ( 1 )
14:45:38.0577 0x1410 Detect skipped due to KSN trusted
14:45:38.0577 0x1410 BrSerWdm - ok
14:45:38.0609 0x1410 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:45:38.0609 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbMdm.sys. md5: B79968002C277E869CF38BD22CD61524, sha256: 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983
14:45:38.0609 0x1410 BrUsbMdm - detected LockedFile.Multi.Generic ( 1 )
14:45:41.0042 0x1410 Detect skipped due to KSN trusted
14:45:41.0042 0x1410 BrUsbMdm - ok
14:45:41.0058 0x1410 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:45:41.0058 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BrUsbSer.sys. md5: A87528880231C54E75EA7A44943B38BF, sha256: 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9
14:45:41.0073 0x1410 BrUsbSer - detected LockedFile.Multi.Generic ( 1 )
14:45:43.0444 0x1410 Detect skipped due to KSN trusted
14:45:43.0444 0x1410 BrUsbSer - ok
14:45:43.0476 0x1410 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:45:43.0476 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\BthEnum.sys. md5: CF98190A94F62E405C8CB255018B2315, sha256: E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781
14:45:43.0476 0x1410 BthEnum - detected LockedFile.Multi.Generic ( 1 )
14:45:45.0925 0x1410 Detect skipped due to KSN trusted
14:45:45.0925 0x1410 BthEnum - ok
14:45:45.0956 0x1410 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:45:45.0956 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthmodem.sys. md5: 9DA669F11D1F894AB4EB69BF546A42E8, sha256: B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4
14:45:45.0956 0x1410 BTHMODEM - detected LockedFile.Multi.Generic ( 1 )
14:45:48.0405 0x1410 Detect skipped due to KSN trusted
14:45:48.0405 0x1410 BTHMODEM - ok
14:45:48.0436 0x1410 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:45:48.0436 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\bthpan.sys. md5: 02DD601B708DD0667E1331FA8518E9FF, sha256: 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1
14:45:48.0452 0x1410 BthPan - detected LockedFile.Multi.Generic ( 1 )
14:45:50.0839 0x1410 Detect skipped due to KSN trusted
14:45:50.0839 0x1410 BthPan - ok
14:45:50.0886 0x1410 [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:45:50.0886 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHport.sys. md5: 64C198198501F7560EE41D8D1EFA7952, sha256: 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0
14:45:50.0901 0x1410 BTHPORT - detected LockedFile.Multi.Generic ( 1 )
14:45:53.0288 0x1410 Detect skipped due to KSN trusted
14:45:53.0288 0x1410 BTHPORT - ok
14:45:53.0319 0x1410 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
14:45:53.0382 0x1410 bthserv - ok
14:45:53.0397 0x1410 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:45:53.0397 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\BTHUSB.sys. md5: F188B7394D81010767B6DF3178519A37, sha256: 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B
14:45:53.0413 0x1410 BTHUSB - detected LockedFile.Multi.Generic ( 1 )
14:45:55.0847 0x1410 Detect skipped due to KSN trusted
14:45:55.0847 0x1410 BTHUSB - ok
14:45:55.0878 0x1410 [ 2D19C44A9D0E175BC93D23C562A0AA01, 0298E3D57472F1848E217FFE9B7B67792CD9643B2BE879723067F987ED98C31F ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
14:45:55.0878 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwampfl.sys. md5: 2D19C44A9D0E175BC93D23C562A0AA01, sha256: 0298E3D57472F1848E217FFE9B7B67792CD9643B2BE879723067F987ED98C31F
14:45:55.0894 0x1410 btwampfl - detected LockedFile.Multi.Generic ( 1 )
14:45:58.0250 0x1410 Detect skipped due to KSN trusted
14:45:58.0250 0x1410 btwampfl - ok
14:45:58.0281 0x1410 [ AD4B38BF35896778236B40CF453F58AA, 1CE0007090AD07F852C0FE25DB17054D9942D487A11F9DF38A96C0B51ED817D6 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
14:45:58.0281 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwaudio.sys. md5: AD4B38BF35896778236B40CF453F58AA, sha256: 1CE0007090AD07F852C0FE25DB17054D9942D487A11F9DF38A96C0B51ED817D6
14:45:58.0281 0x1410 btwaudio - detected LockedFile.Multi.Generic ( 1 )
14:46:00.0652 0x1410 Detect skipped due to KSN trusted
14:46:00.0652 0x1410 btwaudio - ok
14:46:00.0683 0x1410 [ C2A11549E72841EF9FC5AF14C7F29233, FBF280AA92F74EAF73BCB3D8DF864C05D3BFF5E67A2B1756180664FC5D8349FA ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
14:46:00.0683 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\btwavdt.sys. md5: C2A11549E72841EF9FC5AF14C7F29233, sha256: FBF280AA92F74EAF73BCB3D8DF864C05D3BFF5E67A2B1756180664FC5D8349FA
14:46:00.0683 0x1410 btwavdt - detected LockedFile.Multi.Generic ( 1 )
14:46:03.0132 0x1410 Detect skipped due to KSN trusted
14:46:03.0132 0x1410 btwavdt - ok
14:46:03.0179 0x1410 [ 3D13849A1F9E7C61096294B955EFCDF2, BEF5CC432611367708EEDC1C3CB9D43AB4B9DA53A1E81D3B8DC54CE12BE1E805 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
14:46:03.0210 0x1410 btwdins - ok
14:46:03.0226 0x1410 [ 06E96CF5C046F7CAB4AA131DF6E2B9BC, D3957A55E5BB614203E187460232F8701CF54599EEC9A0D2146952D75405A44F ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
14:46:03.0226 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwl2cap.sys. md5: 06E96CF5C046F7CAB4AA131DF6E2B9BC, sha256: D3957A55E5BB614203E187460232F8701CF54599EEC9A0D2146952D75405A44F
14:46:03.0242 0x1410 btwl2cap - detected LockedFile.Multi.Generic ( 1 )
14:46:05.0691 0x1410 Detect skipped due to KSN trusted
14:46:05.0691 0x1410 btwl2cap - ok
14:46:05.0722 0x1410 [ D8270F1D59DD10743C8E62D806AF85E2, EF6F74747C56CBFE56E64C375EE51944E21F3DF882F99677CB016BC73CC57F05 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
14:46:05.0722 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\btwrchid.sys. md5: D8270F1D59DD10743C8E62D806AF85E2, sha256: EF6F74747C56CBFE56E64C375EE51944E21F3DF882F99677CB016BC73CC57F05
14:46:05.0722 0x1410 btwrchid - detected LockedFile.Multi.Generic ( 1 )
14:46:08.0109 0x1410 Detect skipped due to KSN trusted
14:46:08.0109 0x1410 btwrchid - ok
14:46:08.0156 0x1410 [ F9A6DEAC2776A85F23B55E044CD4BC10, BF98EE87E50A6682E5FB1A7F43A2F2ED312C3DE7B1EA112808777E519706C32A ] buttonsvc64 c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
14:46:08.0171 0x1410 buttonsvc64 - ok
14:46:08.0187 0x1410 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:46:08.0187 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\cdfs.sys. md5: B8BD2BB284668C84865658C77574381A, sha256: 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65
14:46:08.0202 0x1410 cdfs - detected LockedFile.Multi.Generic ( 1 )
14:46:10.0651 0x1410 Detect skipped due to KSN trusted
14:46:10.0651 0x1410 cdfs - ok
14:46:10.0683 0x1410 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\drivers\cdrom.sys
14:46:10.0683 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cdrom.sys. md5: F036CE71586E93D94DAB220D7BDF4416, sha256: BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B
14:46:10.0698 0x1410 cdrom - detected LockedFile.Multi.Generic ( 1 )
14:46:13.0194 0x1410 Detect skipped due to KSN trusted
14:46:13.0194 0x1410 cdrom - ok
14:46:13.0225 0x1410 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
14:46:13.0272 0x1410 CertPropSvc - ok
14:46:13.0288 0x1410 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:46:13.0288 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\circlass.sys. md5: D7CD5C4E1B71FA62050515314CFB52CF, sha256: 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64
14:46:13.0303 0x1410 circlass - detected LockedFile.Multi.Generic ( 1 )
14:46:15.0690 0x1410 Detect skipped due to KSN trusted
14:46:15.0690 0x1410 circlass - ok
14:46:15.0706 0x1410 cleanhlp - ok
14:46:15.0753 0x1410 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
14:46:15.0753 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\CLFS.sys. md5: FE1EC06F2253F691FE36217C592A0206, sha256: B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE
14:46:15.0753 0x1410 CLFS - detected LockedFile.Multi.Generic ( 1 )
14:46:18.0202 0x1410 Detect skipped due to KSN trusted
14:46:18.0202 0x1410 CLFS - ok
14:46:18.0249 0x1410 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:46:18.0264 0x1410 clr_optimization_v2.0.50727_32 - ok
14:46:18.0295 0x1410 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:46:18.0295 0x1410 clr_optimization_v2.0.50727_64 - ok
14:46:18.0342 0x1410 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:46:18.0358 0x1410 clr_optimization_v4.0.30319_32 - ok
14:46:18.0389 0x1410 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:46:18.0405 0x1410 clr_optimization_v4.0.30319_64 - ok
14:46:18.0420 0x1410 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:46:18.0420 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CmBatt.sys. md5: 0840155D0BDDF1190F84A663C284BD33, sha256: 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A
14:46:18.0420 0x1410 CmBatt - detected LockedFile.Multi.Generic ( 1 )
14:46:20.0807 0x1410 Detect skipped due to KSN trusted
14:46:20.0807 0x1410 CmBatt - ok
14:46:20.0838 0x1410 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:46:20.0838 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\cmdide.sys. md5: E19D3F095812725D88F9001985B94EDD, sha256: 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B
14:46:20.0854 0x1410 cmdide - detected LockedFile.Multi.Generic ( 1 )
14:46:23.0241 0x1410 Detect skipped due to KSN trusted
14:46:23.0241 0x1410 cmdide - ok
14:46:23.0287 0x1410 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
14:46:23.0287 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cng.sys. md5: EBF28856F69CF094A902F884CF989706, sha256: AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F
14:46:23.0287 0x1410 CNG - detected LockedFile.Multi.Generic ( 1 )
14:46:25.0674 0x1410 Detect skipped due to KSN trusted
14:46:25.0674 0x1410 CNG - ok
14:46:25.0690 0x1410 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:46:25.0690 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102DE219C3F61415F964C88E9085AD14, sha256: CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1
14:46:25.0705 0x1410 Compbatt - detected LockedFile.Multi.Generic ( 1 )
14:46:28.0154 0x1410 Detect skipped due to KSN trusted
14:46:28.0154 0x1410 Compbatt - ok
14:46:28.0186 0x1410 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:46:28.0186 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\CompositeBus.sys. md5: 03EDB043586CCEBA243D689BDDA370A8, sha256: 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959
14:46:28.0201 0x1410 CompositeBus - detected LockedFile.Multi.Generic ( 1 )
14:46:30.0572 0x1410 Detect skipped due to KSN trusted
14:46:30.0572 0x1410 CompositeBus - ok
14:46:30.0604 0x1410 COMSysApp - ok
14:46:30.0619 0x1410 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:46:30.0619 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\crcdisk.sys. md5: 1C827878A998C18847245FE1F34EE597, sha256: 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60
14:46:30.0635 0x1410 crcdisk - detected LockedFile.Multi.Generic ( 1 )
14:46:33.0068 0x1410 Detect skipped due to KSN trusted
14:46:33.0068 0x1410 crcdisk - ok
14:46:33.0115 0x1410 [ 55A9081A7A6D0977A0B470AC88F37E6F, F5DB2480D6FE6AFC9226CD554AD9E7E637E7556C3BDBA7FB1B46BDF81A20460C ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
14:46:33.0146 0x1410 Credential Vault Host Control Service - ok
14:46:33.0178 0x1410 [ 53371039D4027E1BB4DDCC83007D3A04, 2C3EC24763FF441F536159B61E412F6D911175F2E117248F017D042231EDB614 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
14:46:33.0178 0x1410 Credential Vault Host Storage - ok
14:46:33.0224 0x1410 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:46:33.0256 0x1410 CryptSvc - ok
14:46:33.0287 0x1410 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
14:46:33.0287 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\csc.sys. md5: 54DA3DFD29ED9F1619B6F53F3CE55E49, sha256: 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E
14:46:33.0302 0x1410 CSC - detected LockedFile.Multi.Generic ( 1 )
14:46:35.0752 0x1410 Detect skipped due to KSN trusted
14:46:35.0752 0x1410 CSC - ok
14:46:35.0814 0x1410 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
14:46:35.0845 0x1410 CscService - ok
14:46:35.0876 0x1410 [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:46:35.0876 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\CtClsFlt.sys. md5: ED5CF92396A62F4C15110DCDB5E854D9, sha256: CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2
14:46:35.0876 0x1410 CtClsFlt - detected LockedFile.Multi.Generic ( 1 )
14:46:38.0263 0x1410 Detect skipped due to KSN trusted
14:46:38.0263 0x1410 CtClsFlt - ok
14:46:38.0279 0x1410 [ A84CAAE89B487931200B969D94018AFA, 6984F3CF4E78B20350E5C09F16DE412D0232E202BD8DF86B9623F25CD154ED95 ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
14:46:38.0279 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\cvusbdrv.sys. md5: A84CAAE89B487931200B969D94018AFA, sha256: 6984F3CF4E78B20350E5C09F16DE412D0232E202BD8DF86B9623F25CD154ED95
14:46:38.0294 0x1410 cvusbdrv - detected LockedFile.Multi.Generic ( 1 )
14:46:40.0728 0x1410 Detect skipped due to KSN trusted
14:46:40.0728 0x1410 cvusbdrv - ok
14:46:40.0790 0x1410 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:46:40.0853 0x1410 DcomLaunch - ok
14:46:40.0884 0x1410 [ C0AADE6FC97F718B1E1B0D4452F2ADA5, 96B88D09F14563D8F87A82824BBE70751BF665813CA1E21EE6C9F9CA7EADE448 ] dcpsysmgrsvc c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
14:46:40.0900 0x1410 dcpsysmgrsvc - ok
14:46:40.0931 0x1410 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
14:46:40.0962 0x1410 defragsvc - ok
14:46:40.0993 0x1410 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:46:40.0993 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\dfsc.sys. md5: 9BB2EF44EAA163B29C4A4587887A0FE4, sha256: 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F
14:46:41.0009 0x1410 DfsC - detected LockedFile.Multi.Generic ( 1 )
14:46:43.0442 0x1410 Detect skipped due to KSN trusted
14:46:43.0442 0x1410 DfsC - ok
14:46:43.0489 0x1410 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:46:43.0520 0x1410 Dhcp - ok
14:46:43.0551 0x1410 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
14:46:43.0551 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\discache.sys. md5: 13096B05847EC78F0977F2C0F79E9AB3, sha256: 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26
14:46:43.0567 0x1410 discache - detected LockedFile.Multi.Generic ( 1 )
14:46:46.0110 0x1410 Detect skipped due to KSN trusted
14:46:46.0110 0x1410 discache - ok
14:46:46.0141 0x1410 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:46:46.0141 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\disk.sys. md5: 9819EEE8B5EA3784EC4AF3B137A5244C, sha256: 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427
14:46:46.0157 0x1410 Disk - detected LockedFile.Multi.Generic ( 1 )
14:46:48.0606 0x1410 Detect skipped due to KSN trusted
14:46:48.0606 0x1410 Disk - ok
14:46:48.0637 0x1410 dkab_device - ok
14:46:48.0668 0x1410 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:46:48.0715 0x1410 Dnscache - ok
14:46:48.0746 0x1410 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
14:46:48.0793 0x1410 dot3svc - ok
14:46:48.0824 0x1410 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
14:46:48.0871 0x1410 DPS - ok
14:46:48.0887 0x1410 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:46:48.0887 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\drmkaud.sys. md5: 9B19F34400D24DF84C858A421C205754, sha256: 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7
14:46:48.0887 0x1410 drmkaud - detected LockedFile.Multi.Generic ( 1 )
14:46:51.0258 0x1410 Detect skipped due to KSN trusted
14:46:51.0258 0x1410 drmkaud - ok
14:46:51.0273 0x1410 [ 37BA0259E9A79D610FD302C8A3770A2C, 5D7FB757E7E33CCC23919B7A2CC5495C1740E39FA53BD30B73F4142A23E9A413 ] DVMIO D:\Program Files (x86)\Dell\Reader 2.0\dvmio_x64.sys
14:46:51.0289 0x1410 DVMIO - ok
14:46:51.0351 0x1410 [ 6F0952F5A3C8D9E90DF1F88B84541145, 55818BCE974D7BCDBD9DE03CE214477C15C085876BBE2AA3B984805F8E61A564 ] DvmMDES D:\Program Files (x86)\Dell\Reader 2.0\DVMExportService.exe
14:46:51.0351 0x1410 DvmMDES - detected UnsignedFile.Multi.Generic ( 1 )
14:46:53.0723 0x1410 Detect skipped due to KSN trusted
14:46:53.0723 0x1410 DvmMDES - ok
14:46:53.0769 0x1410 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:46:53.0769 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 88612F1CE3BF42256913BF6E61C70D52, sha256: 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7
14:46:53.0769 0x1410 DXGKrnl - detected LockedFile.Multi.Generic ( 1 )
14:46:56.0125 0x1410 Detect skipped due to KSN trusted
14:46:56.0125 0x1410 DXGKrnl - ok
14:46:56.0156 0x1410 [ F369E83F6CDAB987CA2DD764278659A6, 64F7CF085EA19A37D6A23D91B63BCF36EAC4FEE936DDD7E71F665C4FD0EA6DC2 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
14:46:56.0156 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\e1k62x64.sys. md5: F369E83F6CDAB987CA2DD764278659A6, sha256: 64F7CF085EA19A37D6A23D91B63BCF36EAC4FEE936DDD7E71F665C4FD0EA6DC2
14:46:56.0156 0x1410 e1kexpress - detected LockedFile.Multi.Generic ( 1 )
14:46:58.0574 0x1410 Detect skipped due to KSN trusted
14:46:58.0574 0x1410 e1kexpress - ok
14:46:58.0761 0x1410 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
14:46:58.0792 0x1410 EapHost - ok
14:46:58.0886 0x1410 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:46:58.0886 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\evbda.sys. md5: DC5D737F51BE844D8C82C695EB17372F, sha256: 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017
14:46:58.0902 0x1410 ebdrv - detected LockedFile.Multi.Generic ( 1 )
14:47:01.0273 0x1410 Detect skipped due to KSN trusted
14:47:01.0273 0x1410 ebdrv - ok
14:47:01.0304 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\Windows\System32\lsass.exe
14:47:01.0320 0x1410 EFS - ok
14:47:01.0366 0x1410 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:47:01.0413 0x1410 ehRecvr - ok
14:47:01.0429 0x1410 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
14:47:01.0476 0x1410 ehSched - ok
14:47:01.0507 0x1410 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:47:01.0507 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0E5DA5369A0FCAEA12456DD852545184, sha256: 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8
14:47:01.0522 0x1410 elxstor - detected LockedFile.Multi.Generic ( 1 )
14:47:03.0956 0x1410 Detect skipped due to KSN trusted
14:47:03.0956 0x1410 elxstor - ok
14:47:03.0987 0x1410 [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
14:47:04.0003 0x1410 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
14:47:06.0390 0x1410 Detect skipped due to KSN trusted
14:47:06.0390 0x1410 EpsonBidirectionalService - ok
14:47:06.0405 0x1410 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:47:06.0405 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\errdev.sys. md5: 34A3C54752046E79A126E15C51DB409B, sha256: 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75
14:47:06.0421 0x1410 ErrDev - detected LockedFile.Multi.Generic ( 1 )
14:47:08.0979 0x1410 Detect skipped due to KSN trusted
14:47:08.0979 0x1410 ErrDev - ok
14:47:09.0073 0x1410 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
14:47:09.0120 0x1410 EventSystem - ok
14:47:09.0151 0x1410 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
14:47:09.0151 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\exfat.sys. md5: A510C654EC00C1E9BDD91EEB3A59823B, sha256: 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5
14:47:09.0166 0x1410 exfat - detected LockedFile.Multi.Generic ( 1 )
14:47:11.0616 0x1410 Detect skipped due to KSN trusted
14:47:11.0616 0x1410 exfat - ok
14:47:11.0647 0x1410 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:47:11.0647 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fastfat.sys. md5: 0ADC83218B66A6DB380C330836F3E36D, sha256: 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29
14:47:11.0662 0x1410 fastfat - detected LockedFile.Multi.Generic ( 1 )
14:47:14.0018 0x1410 Detect skipped due to KSN trusted
14:47:14.0018 0x1410 fastfat - ok
14:47:14.0065 0x1410 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
14:47:14.0096 0x1410 Fax - ok
14:47:14.0127 0x1410 FA_Scheduler - ok
14:47:14.0143 0x1410 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:47:14.0143 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
14:47:14.0143 0x1410 fdc - detected LockedFile.Multi.Generic ( 1 )
14:47:16.0529 0x1410 Detect skipped due to KSN trusted
14:47:16.0529 0x1410 fdc - ok
14:47:16.0561 0x1410 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
14:47:16.0592 0x1410 fdPHost - ok
14:47:16.0623 0x1410 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
14:47:16.0654 0x1410 FDResPub - ok
14:47:16.0685 0x1410 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:47:16.0685 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
14:47:16.0701 0x1410 FileInfo - detected LockedFile.Multi.Generic ( 1 )
14:47:19.0135 0x1410 Detect skipped due to KSN trusted
14:47:19.0135 0x1410 FileInfo - ok
14:47:19.0166 0x1410 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:47:19.0166 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
14:47:19.0166 0x1410 Filetrace - detected LockedFile.Multi.Generic ( 1 )
14:47:21.0615 0x1410 Detect skipped due to KSN trusted
14:47:21.0615 0x1410 Filetrace - ok
14:47:21.0662 0x1410 [ F76D04F7413B07DAA029F6520B64B4E8, 3EB13C0EFE737880853FB8952381E7A57723F9472E0E4ED7CDA8A0D7DE8DC90D ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
14:47:21.0709 0x1410 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )
14:47:24.0080 0x1410 Detect skipped due to KSN trusted
14:47:24.0080 0x1410 FLEXnet Licensing Service - ok
14:47:24.0095 0x1410 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:47:24.0095 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
14:47:24.0111 0x1410 flpydisk - detected LockedFile.Multi.Generic ( 1 )
14:47:26.0591 0x1410 Detect skipped due to KSN trusted
14:47:26.0591 0x1410 flpydisk - ok
14:47:26.0638 0x1410 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:47:26.0638 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
14:47:26.0638 0x1410 FltMgr - detected LockedFile.Multi.Generic ( 1 )
14:47:29.0009 0x1410 Detect skipped due to KSN trusted
14:47:29.0009 0x1410 FltMgr - ok
14:47:29.0072 0x1410 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
14:47:29.0228 0x1410 FontCache - ok
14:47:29.0259 0x1410 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:47:29.0259 0x1410 FontCache3.0.0.0 - ok
14:47:29.0290 0x1410 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:47:29.0290 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
14:47:29.0306 0x1410 FsDepends - detected LockedFile.Multi.Generic ( 1 )
14:47:31.0755 0x1410 Detect skipped due to KSN trusted
14:47:31.0755 0x1410 FsDepends - ok
14:47:31.0786 0x1410 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:47:31.0786 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
14:47:31.0786 0x1410 Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
14:47:34.0173 0x1410 Detect skipped due to KSN trusted
14:47:34.0173 0x1410 Fs_Rec - ok
14:47:34.0204 0x1410 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:47:34.0204 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED, sha256: 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5
14:47:34.0220 0x1410 fvevol - detected LockedFile.Multi.Generic ( 1 )
14:47:36.0669 0x1410 Detect skipped due to KSN trusted
14:47:36.0669 0x1410 fvevol - ok
14:47:36.0700 0x1410 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:47:36.0700 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
14:47:36.0700 0x1410 gagp30kx - detected LockedFile.Multi.Generic ( 1 )
14:47:39.0071 0x1410 Detect skipped due to KSN trusted
14:47:39.0071 0x1410 gagp30kx - ok
14:47:39.0087 0x1410 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:47:39.0087 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: 8E98D21EE06192492A5671A6144D092F, sha256: B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4
14:47:39.0102 0x1410 GEARAspiWDM - detected LockedFile.Multi.Generic ( 1 )
14:47:41.0489 0x1410 Detect skipped due to KSN trusted
14:47:41.0489 0x1410 GEARAspiWDM - ok
14:47:41.0552 0x1410 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
14:47:41.0598 0x1410 gpsvc - ok
14:47:41.0630 0x1410 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:41.0645 0x1410 gupdate - ok
14:47:41.0676 0x1410 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:47:41.0676 0x1410 gupdatem - ok
14:47:41.0708 0x1410 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:47:41.0723 0x1410 gusvc - ok
14:47:41.0754 0x1410 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:47:41.0754 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
14:47:41.0770 0x1410 hcw85cir - detected LockedFile.Multi.Generic ( 1 )
14:47:44.0203 0x1410 Detect skipped due to KSN trusted
14:47:44.0203 0x1410 hcw85cir - ok
14:47:44.0250 0x1410 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:47:44.0250 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
14:47:44.0266 0x1410 HDAudBus - detected LockedFile.Multi.Generic ( 1 )
14:47:46.0699 0x1410 Detect skipped due to KSN trusted
14:47:46.0699 0x1410 HDAudBus - ok
14:47:46.0731 0x1410 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
14:47:46.0731 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
14:47:46.0746 0x1410 HECIx64 - detected LockedFile.Multi.Generic ( 1 )
14:47:49.0102 0x1410 Detect skipped due to KSN trusted
14:47:49.0102 0x1410 HECIx64 - ok
14:47:49.0117 0x1410 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:47:49.0117 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
14:47:49.0133 0x1410 HidBatt - detected LockedFile.Multi.Generic ( 1 )
14:47:51.0567 0x1410 Detect skipped due to KSN trusted
14:47:51.0567 0x1410 HidBatt - ok
14:47:51.0582 0x1410 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:47:51.0582 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
14:47:51.0598 0x1410 HidBth - detected LockedFile.Multi.Generic ( 1 )
14:47:54.0016 0x1410 Detect skipped due to KSN trusted
14:47:54.0016 0x1410 HidBth - ok
14:47:54.0031 0x1410 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:47:54.0047 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
14:47:54.0047 0x1410 HidIr - detected LockedFile.Multi.Generic ( 1 )
14:47:56.0434 0x1410 Detect skipped due to KSN trusted
14:47:56.0434 0x1410 HidIr - ok
14:47:56.0465 0x1410 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
14:47:56.0496 0x1410 hidserv - ok
14:47:56.0512 0x1410 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
14:47:56.0512 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
14:47:56.0527 0x1410 HidUsb - detected LockedFile.Multi.Generic ( 1 )
14:47:58.0883 0x1410 Detect skipped due to KSN trusted
14:47:58.0883 0x1410 HidUsb - ok
14:47:58.0914 0x1410 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:47:58.0961 0x1410 hkmsvc - ok
14:47:58.0992 0x1410 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:47:59.0023 0x1410 HomeGroupListener - ok
14:47:59.0055 0x1410 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:47:59.0086 0x1410 HomeGroupProvider - ok
14:47:59.0101 0x1410 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:47:59.0101 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
14:47:59.0117 0x1410 HpSAMD - detected LockedFile.Multi.Generic ( 1 )
14:48:01.0550 0x1410 Detect skipped due to KSN trusted
14:48:01.0550 0x1410 HpSAMD - ok
14:48:01.0613 0x1410 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:48:01.0613 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
14:48:01.0628 0x1410 HTTP - detected LockedFile.Multi.Generic ( 1 )
14:48:04.0000 0x1410 Detect skipped due to KSN trusted
14:48:04.0000 0x1410 HTTP - ok
14:48:04.0031 0x1410 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:48:04.0031 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
14:48:04.0046 0x1410 hwpolicy - detected LockedFile.Multi.Generic ( 1 )
14:48:06.0418 0x1410 Detect skipped due to KSN trusted
14:48:06.0418 0x1410 hwpolicy - ok
14:48:06.0449 0x1410 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:48:06.0449 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
14:48:06.0449 0x1410 i8042prt - detected LockedFile.Multi.Generic ( 1 )
14:48:08.0898 0x1410 Detect skipped due to KSN trusted
14:48:08.0898 0x1410 i8042prt - ok
14:48:08.0945 0x1410 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:48:08.0945 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: ABBF174CB394F5C437410A788B7E404A, sha256: 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8
14:48:08.0960 0x1410 iaStor - detected LockedFile.Multi.Generic ( 1 )
14:48:11.0394 0x1410 Detect skipped due to KSN trusted
14:48:11.0394 0x1410 iaStor - ok
14:48:11.0410 0x1410 [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
14:48:11.0425 0x1410 IAStorDataMgrSvc - ok
14:48:11.0456 0x1410 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:48:11.0456 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 3DF4395A7CF8B7A72A5F4606366B8C2D, sha256: 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80
14:48:11.0472 0x1410 iaStorV - detected LockedFile.Multi.Generic ( 1 )
14:48:13.0843 0x1410 Detect skipped due to KSN trusted
14:48:13.0843 0x1410 iaStorV - ok
14:48:13.0859 0x1410 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:48:13.0874 0x1410 IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
14:48:16.0261 0x1410 Detect skipped due to KSN trusted
14:48:16.0261 0x1410 IDriverT - ok
14:48:16.0323 0x1410 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:48:16.0370 0x1410 idsvc - ok
14:48:16.0401 0x1410 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:48:16.0401 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
14:48:16.0417 0x1410 iirsp - detected LockedFile.Multi.Generic ( 1 )
14:48:18.0773 0x1410 Detect skipped due to KSN trusted
14:48:18.0773 0x1410 iirsp - ok
14:48:18.0835 0x1410 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
14:48:18.0867 0x1410 IKEEXT - ok
14:48:18.0898 0x1410 [ 36FDF367A1DABFF903E2214023D71368, 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
14:48:18.0898 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Impcd.sys. md5: 36FDF367A1DABFF903E2214023D71368, sha256: 60468692C1D048428AF25ED87DE23DAE756C7BA2B6CF6AF5EFD2E53C80F5FC68
14:48:18.0913 0x1410 Impcd - detected LockedFile.Multi.Generic ( 1 )
14:48:21.0348 0x1410 Detect skipped due to KSN trusted
14:48:21.0348 0x1410 Impcd - ok
14:48:21.0379 0x1410 [ A4A87C2F228DD2AC93DAE94E103792D3, 22F75A82DA293B9ED6B9EB564A06FFFFDAA9E1FB0B60AC4A479B17E1BD77F1F8 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
14:48:21.0395 0x1410 InstallFilterService - detected UnsignedFile.Multi.Generic ( 1 )
14:48:23.0782 0x1410 Detect skipped due to KSN trusted
14:48:23.0782 0x1410 InstallFilterService - ok
14:48:23.0814 0x1410 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
14:48:23.0814 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
14:48:23.0814 0x1410 intelide - detected LockedFile.Multi.Generic ( 1 )
14:48:26.0248 0x1410 Detect skipped due to KSN trusted
14:48:26.0248 0x1410 intelide - ok
14:48:26.0279 0x1410 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:48:26.0279 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
14:48:26.0295 0x1410 intelppm - detected LockedFile.Multi.Generic ( 1 )
14:48:28.0652 0x1410 Detect skipped due to KSN trusted
14:48:28.0652 0x1410 intelppm - ok
14:48:28.0683 0x1410 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:48:28.0730 0x1410 IPBusEnum - ok
14:48:28.0761 0x1410 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:48:28.0761 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
14:48:28.0761 0x1410 IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
14:48:31.0149 0x1410 Detect skipped due to KSN trusted
14:48:31.0149 0x1410 IpFilterDriver - ok
14:48:31.0195 0x1410 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:48:31.0273 0x1410 iphlpsvc - ok
14:48:31.0305 0x1410 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:48:31.0305 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
14:48:31.0305 0x1410 IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
14:48:33.0755 0x1410 Detect skipped due to KSN trusted
14:48:33.0755 0x1410 IPMIDRV - ok
14:48:33.0786 0x1410 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:48:33.0786 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
14:48:33.0786 0x1410 IPNAT - detected LockedFile.Multi.Generic ( 1 )
14:48:36.0174 0x1410 Detect skipped due to KSN trusted
14:48:36.0174 0x1410 IPNAT - ok
14:48:36.0236 0x1410 [ 4EFFC8FF6D349E971E94B1C670C0C66A, E92DA19CE9725BB4CC34DF94873C6B441AE61679A8C615780E1A1E9404C8FA26 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:48:36.0252 0x1410 iPod Service - ok
14:48:36.0283 0x1410 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:48:36.0283 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
14:48:36.0283 0x1410 IRENUM - detected LockedFile.Multi.Generic ( 1 )
14:48:38.0655 0x1410 Detect skipped due to KSN trusted
14:48:38.0655 0x1410 IRENUM - ok
14:48:38.0671 0x1410 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:48:38.0671 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
14:48:38.0686 0x1410 isapnp - detected LockedFile.Multi.Generic ( 1 )
14:48:41.0136 0x1410 Detect skipped due to KSN trusted
14:48:41.0136 0x1410 isapnp - ok
14:48:41.0168 0x1410 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:48:41.0168 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
14:48:41.0183 0x1410 iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
14:48:43.0555 0x1410 Detect skipped due to KSN trusted
14:48:43.0555 0x1410 iScsiPrt - ok
14:48:43.0587 0x1410 [ BD5BF20EC242E003A2F570B8754A56D1, B4B3492222E98BF8E6EC453E727187FF4AA50A508D1E88A0CBBD5C46355AE492 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
14:48:43.0587 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ivusb.sys. md5: BD5BF20EC242E003A2F570B8754A56D1, sha256: B4B3492222E98BF8E6EC453E727187FF4AA50A508D1E88A0CBBD5C46355AE492
14:48:43.0587 0x1410 ivusb - detected LockedFile.Multi.Generic ( 1 )
14:48:45.0974 0x1410 Detect skipped due to KSN trusted
14:48:45.0974 0x1410 ivusb - ok
14:48:46.0006 0x1410 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:48:46.0006 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
14:48:46.0006 0x1410 kbdclass - detected LockedFile.Multi.Generic ( 1 )
14:48:48.0440 0x1410 Detect skipped due to KSN trusted
14:48:48.0440 0x1410 kbdclass - ok
14:48:48.0471 0x1410 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:48:48.0471 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
14:48:48.0487 0x1410 kbdhid - detected LockedFile.Multi.Generic ( 1 )
14:48:50.0859 0x1410 Detect skipped due to KSN trusted
14:48:50.0859 0x1410 kbdhid - ok
14:48:50.0875 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\Windows\system32\lsass.exe
14:48:50.0906 0x1410 KeyIso - ok
14:48:50.0922 0x1410 [ 322CD7A01A961D94C6EAB640D6427504, 17979EB65FEE44E329F3E8097194AE20422818EC6859DAA0206EB2CC3EEFA8D7 ] KOBCCEX C:\Windows\system32\drivers\KOBCCEX.sys
14:48:50.0922 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\KOBCCEX.sys. md5: 322CD7A01A961D94C6EAB640D6427504, sha256: 17979EB65FEE44E329F3E8097194AE20422818EC6859DAA0206EB2CC3EEFA8D7
14:48:50.0937 0x1410 KOBCCEX - detected LockedFile.Multi.Generic ( 1 )
14:48:53.0372 0x1410 Detect skipped due to KSN trusted
14:48:53.0372 0x1410 KOBCCEX - ok
14:48:53.0403 0x1410 [ 000200AD75DE8363546EECAFF77980FE, BE05EF748DC9640DC24DE2E2AC0B8FDCE3A79CCECD63B1E993D53979A1504477 ] KOBCCID C:\Windows\system32\drivers\KOBCCID.sys
14:48:53.0403 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\KOBCCID.sys. md5: 000200AD75DE8363546EECAFF77980FE, sha256: BE05EF748DC9640DC24DE2E2AC0B8FDCE3A79CCECD63B1E993D53979A1504477
14:48:53.0418 0x1410 KOBCCID - detected LockedFile.Multi.Generic ( 1 )
14:48:55.0791 0x1410 Detect skipped due to KSN trusted
14:48:55.0791 0x1410 KOBCCID - ok
14:48:55.0822 0x1410 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:48:55.0822 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 8F489706472F7E9A06BAAA198703FA64, sha256: F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A
14:48:55.0837 0x1410 KSecDD - detected LockedFile.Multi.Generic ( 1 )
14:48:58.0319 0x1410 Detect skipped due to KSN trusted
14:48:58.0319 0x1410 KSecDD - ok
14:48:58.0350 0x1410 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:48:58.0366 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 868A2CAAB12EFC7A021682BCA0EEC54C, sha256: 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD
14:48:58.0366 0x1410 KSecPkg - detected LockedFile.Multi.Generic ( 1 )
14:49:00.0816 0x1410 Detect skipped due to KSN trusted
14:49:00.0816 0x1410 KSecPkg - ok
14:49:00.0847 0x1410 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:49:00.0847 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
14:49:00.0847 0x1410 ksthunk - detected LockedFile.Multi.Generic ( 1 )
14:49:03.0219 0x1410 Detect skipped due to KSN trusted
14:49:03.0219 0x1410 ksthunk - ok
14:49:03.0266 0x1410 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
14:49:03.0328 0x1410 KtmRm - ok
14:49:03.0360 0x1410 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:49:03.0422 0x1410 LanmanServer - ok
14:49:03.0453 0x1410 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:49:03.0500 0x1410 LanmanWorkstation - ok
14:49:03.0531 0x1410 [ 1B669AF5811AE2F69024F34203BAD2A2, 2DE460F3F9318E89849E489C844FA848D69665A87B5B21444738CE77E4672209 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
14:49:03.0531 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\LHidFilt.Sys. md5: 1B669AF5811AE2F69024F34203BAD2A2, sha256: 2DE460F3F9318E89849E489C844FA848D69665A87B5B21444738CE77E4672209
14:49:03.0547 0x1410 LHidFilt - detected LockedFile.Multi.Generic ( 1 )
14:49:05.0950 0x1410 Detect skipped due to KSN trusted
14:49:05.0950 0x1410 LHidFilt - ok
14:49:05.0981 0x1410 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:49:05.0981 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
14:49:05.0997 0x1410 lltdio - detected LockedFile.Multi.Generic ( 1 )
14:49:08.0432 0x1410 Detect skipped due to KSN trusted
14:49:08.0432 0x1410 lltdio - ok
14:49:08.0463 0x1410 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:49:08.0510 0x1410 lltdsvc - ok
14:49:08.0541 0x1410 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:49:08.0572 0x1410 lmhosts - ok
14:49:08.0588 0x1410 [ 79F3696E25B289A6B2B7EA931C7BEC00, 3320874B2ADE48F9A2AF9429C5AA4258922D4745D80E58FFF8DF341BC85A2881 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
14:49:08.0588 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\LMouFilt.Sys. md5: 79F3696E25B289A6B2B7EA931C7BEC00, sha256: 3320874B2ADE48F9A2AF9429C5AA4258922D4745D80E58FFF8DF341BC85A2881
14:49:08.0603 0x1410 LMouFilt - detected LockedFile.Multi.Generic ( 1 )
14:49:11.0022 0x1410 Detect skipped due to KSN trusted
14:49:11.0022 0x1410 LMouFilt - ok
14:49:11.0053 0x1410 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:49:11.0053 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
14:49:11.0069 0x1410 LSI_FC - detected LockedFile.Multi.Generic ( 1 )
14:49:13.0457 0x1410 Detect skipped due to KSN trusted
14:49:13.0457 0x1410 LSI_FC - ok
14:49:13.0488 0x1410 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:49:13.0488 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
14:49:13.0504 0x1410 LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
14:49:15.0938 0x1410 Detect skipped due to KSN trusted
14:49:15.0938 0x1410 LSI_SAS - ok
14:49:15.0969 0x1410 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:49:15.0969 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
14:49:15.0985 0x1410 LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
14:49:18.0357 0x1410 Detect skipped due to KSN trusted
14:49:18.0357 0x1410 LSI_SAS2 - ok
14:49:18.0388 0x1410 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:49:18.0388 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
14:49:18.0404 0x1410 LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
14:49:20.0760 0x1410 Detect skipped due to KSN trusted
14:49:20.0760 0x1410 LSI_SCSI - ok
14:49:20.0792 0x1410 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
14:49:20.0792 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
14:49:20.0807 0x1410 luafv - detected LockedFile.Multi.Generic ( 1 )
14:49:23.0257 0x1410 Detect skipped due to KSN trusted
14:49:23.0257 0x1410 luafv - ok
14:49:23.0289 0x1410 [ AF69FEC6F299BD07742127C4CC0FE6A6, F0DDF555FCD85845F241C3AC91A26832E4F5F753665490E01A0E15325E480D2F ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
14:49:23.0289 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\LUsbFilt.Sys. md5: AF69FEC6F299BD07742127C4CC0FE6A6, sha256: F0DDF555FCD85845F241C3AC91A26832E4F5F753665490E01A0E15325E480D2F
14:49:23.0304 0x1410 LUsbFilt - detected LockedFile.Multi.Generic ( 1 )
14:49:25.0708 0x1410 Detect skipped due to KSN trusted
14:49:25.0708 0x1410 LUsbFilt - ok
14:49:25.0739 0x1410 [ 024DA28053D57E9E32BEE52600576BBB, 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
14:49:25.0739 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MarvinBus64.sys. md5: 024DA28053D57E9E32BEE52600576BBB, sha256: 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E
14:49:25.0754 0x1410 MarvinBus - detected LockedFile.Multi.Generic ( 1 )
14:49:28.0204 0x1410 Detect skipped due to KSN trusted
14:49:28.0204 0x1410 MarvinBus - ok
14:49:28.0236 0x1410 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:49:28.0251 0x1410 Mcx2Svc - ok
14:49:28.0407 0x1410 [ 6C7F3086968E530D5EA326C8F5E41C29, 197C61A081224F878B1B3BC9B9141A25F7BF7362A747753CB689F468D407BCF9 ] mdareDriver_43 C:\Users\USERNAME\AppData\Local\Temp\FCPreScan\mdare64_43.sys
14:49:28.0439 0x1410 mdareDriver_43 - ok
14:49:28.0517 0x1410 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:49:28.0517 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
14:49:28.0532 0x1410 megasas - detected LockedFile.Multi.Generic ( 1 )
14:49:30.0920 0x1410 Detect skipped due to KSN trusted
14:49:30.0920 0x1410 megasas - ok
14:49:30.0951 0x1410 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:49:30.0951 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
14:49:30.0967 0x1410 MegaSR - detected LockedFile.Multi.Generic ( 1 )
14:49:33.0401 0x1410 Detect skipped due to KSN trusted
14:49:33.0401 0x1410 MegaSR - ok
14:49:33.0433 0x1410 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
14:49:33.0495 0x1410 MMCSS - ok
14:49:33.0511 0x1410 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
14:49:33.0511 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
14:49:33.0526 0x1410 Modem - detected LockedFile.Multi.Generic ( 1 )
14:49:35.0914 0x1410 Detect skipped due to KSN trusted
14:49:35.0914 0x1410 Modem - ok
14:49:35.0945 0x1410 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:49:35.0945 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
14:49:35.0945 0x1410 monitor - detected LockedFile.Multi.Generic ( 1 )
14:49:38.0333 0x1410 Detect skipped due to KSN trusted
14:49:38.0333 0x1410 monitor - ok
14:49:38.0364 0x1410 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:49:38.0364 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
14:49:38.0364 0x1410 mouclass - detected LockedFile.Multi.Generic ( 1 )
14:49:40.0752 0x1410 Detect skipped due to KSN trusted
14:49:40.0752 0x1410 mouclass - ok
14:49:40.0783 0x1410 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:49:40.0783 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
14:49:40.0799 0x1410 mouhid - detected LockedFile.Multi.Generic ( 1 )
14:49:43.0249 0x1410 Detect skipped due to KSN trusted
14:49:43.0249 0x1410 mouhid - ok
14:49:43.0280 0x1410 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:49:43.0280 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
14:49:43.0296 0x1410 mountmgr - detected LockedFile.Multi.Generic ( 1 )
14:49:45.0668 0x1410 Detect skipped due to KSN trusted
14:49:45.0668 0x1410 mountmgr - ok
14:49:45.0699 0x1410 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
14:49:45.0699 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
14:49:45.0699 0x1410 mpio - detected LockedFile.Multi.Generic ( 1 )
14:49:48.0149 0x1410 Detect skipped due to KSN trusted
14:49:48.0149 0x1410 mpio - ok
14:49:48.0180 0x1410 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:49:48.0180 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
14:49:48.0196 0x1410 mpsdrv - detected LockedFile.Multi.Generic ( 1 )
14:49:50.0630 0x1410 Detect skipped due to KSN trusted
14:49:50.0630 0x1410 mpsdrv - ok
14:49:50.0677 0x1410 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:49:50.0724 0x1410 MpsSvc - ok
14:49:50.0755 0x1410 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:49:50.0755 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
14:49:50.0771 0x1410 MRxDAV - detected LockedFile.Multi.Generic ( 1 )
14:49:53.0143 0x1410 Detect skipped due to KSN trusted
14:49:53.0143 0x1410 MRxDAV - ok
14:49:53.0174 0x1410 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:49:53.0174 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
14:49:53.0190 0x1410 mrxsmb - detected LockedFile.Multi.Generic ( 1 )
14:49:55.0640 0x1410 Detect skipped due to KSN trusted
14:49:55.0640 0x1410 mrxsmb - ok
14:49:55.0687 0x1410 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:49:55.0687 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
14:49:55.0687 0x1410 mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
14:49:58.0075 0x1410 Detect skipped due to KSN trusted
14:49:58.0075 0x1410 mrxsmb10 - ok
14:49:58.0106 0x1410 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:49:58.0106 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
14:49:58.0121 0x1410 mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
14:50:00.0572 0x1410 Detect skipped due to KSN trusted
14:50:00.0572 0x1410 mrxsmb20 - ok
14:50:00.0603 0x1410 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
14:50:00.0603 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
14:50:00.0603 0x1410 msahci - detected LockedFile.Multi.Generic ( 1 )
14:50:02.0990 0x1410 Detect skipped due to KSN trusted
14:50:02.0990 0x1410 msahci - ok
14:50:03.0022 0x1410 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:50:03.0022 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
14:50:03.0037 0x1410 msdsm - detected LockedFile.Multi.Generic ( 1 )
14:50:05.0456 0x1410 Detect skipped due to KSN trusted
14:50:05.0456 0x1410 msdsm - ok
14:50:05.0487 0x1410 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
14:50:05.0519 0x1410 MSDTC - ok
14:50:05.0565 0x1410 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:50:05.0565 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
14:50:05.0581 0x1410 Msfs - detected LockedFile.Multi.Generic ( 1 )
14:50:08.0016 0x1410 Detect skipped due to KSN trusted
14:50:08.0016 0x1410 Msfs - ok
14:50:08.0047 0x1410 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:50:08.0047 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
14:50:08.0062 0x1410 mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
14:50:10.0419 0x1410 Detect skipped due to KSN trusted
14:50:10.0419 0x1410 mshidkmdf - ok
14:50:10.0450 0x1410 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:50:10.0450 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
14:50:10.0450 0x1410 msisadrv - detected LockedFile.Multi.Generic ( 1 )
14:50:12.0900 0x1410 Detect skipped due to KSN trusted
14:50:12.0900 0x1410 msisadrv - ok
14:50:12.0947 0x1410 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:50:12.0978 0x1410 MSiSCSI - ok
14:50:13.0010 0x1410 msiserver - ok
14:50:13.0025 0x1410 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:50:13.0041 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
14:50:13.0041 0x1410 MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
14:50:15.0429 0x1410 Detect skipped due to KSN trusted
14:50:15.0429 0x1410 MSKSSRV - ok
14:50:15.0460 0x1410 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:15.0460 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
14:50:15.0460 0x1410 MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
14:50:17.0910 0x1410 Detect skipped due to KSN trusted
14:50:17.0910 0x1410 MSPCLOCK - ok
14:50:17.0941 0x1410 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:50:17.0941 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
14:50:17.0941 0x1410 MSPQM - detected LockedFile.Multi.Generic ( 1 )
14:50:20.0376 0x1410 Detect skipped due to KSN trusted
14:50:20.0376 0x1410 MSPQM - ok
14:50:20.0407 0x1410 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:50:20.0407 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
14:50:20.0407 0x1410 MsRPC - detected LockedFile.Multi.Generic ( 1 )
14:50:22.0857 0x1410 Detect skipped due to KSN trusted
14:50:22.0857 0x1410 MsRPC - ok
14:50:22.0888 0x1410 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:50:22.0904 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
14:50:22.0904 0x1410 mssmbios - detected LockedFile.Multi.Generic ( 1 )
14:50:25.0276 0x1410 Detect skipped due to KSN trusted
14:50:25.0276 0x1410 mssmbios - ok
14:50:25.0307 0x1410 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:50:25.0307 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
14:50:25.0307 0x1410 MSTEE - detected LockedFile.Multi.Generic ( 1 )
14:50:27.0679 0x1410 Detect skipped due to KSN trusted
14:50:27.0679 0x1410 MSTEE - ok
14:50:27.0695 0x1410 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:50:27.0695 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
14:50:27.0711 0x1410 MTConfig - detected LockedFile.Multi.Generic ( 1 )
14:50:30.0161 0x1410 Detect skipped due to KSN trusted
14:50:30.0161 0x1410 MTConfig - ok
14:50:30.0192 0x1410 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
14:50:30.0192 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
14:50:30.0192 0x1410 Mup - detected LockedFile.Multi.Generic ( 1 )
14:50:32.0580 0x1410 Detect skipped due to KSN trusted
14:50:32.0580 0x1410 Mup - ok
14:50:32.0642 0x1410 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
14:50:32.0689 0x1410 napagent - ok
14:50:32.0720 0x1410 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:50:32.0720 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
14:50:32.0736 0x1410 NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
14:50:35.0170 0x1410 Detect skipped due to KSN trusted
14:50:35.0170 0x1410 NativeWifiP - ok
14:50:35.0233 0x1410 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
14:50:35.0233 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C, sha256: 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D
14:50:35.0248 0x1410 NDIS - detected LockedFile.Multi.Generic ( 1 )
14:50:37.0698 0x1410 Detect skipped due to KSN trusted

Teil 2:

14:50:37.0698 0x1410 NDIS - ok
14:50:37.0730 0x1410 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:50:37.0730 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
14:50:37.0745 0x1410 NdisCap - detected LockedFile.Multi.Generic ( 1 )
14:50:40.0195 0x1410 Detect skipped due to KSN trusted
14:50:40.0195 0x1410 NdisCap - ok
14:50:40.0227 0x1410 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:40.0227 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
14:50:40.0227 0x1410 NdisTapi - detected LockedFile.Multi.Generic ( 1 )
14:50:42.0614 0x1410 Detect skipped due to KSN trusted
14:50:42.0614 0x1410 NdisTapi - ok
14:50:42.0646 0x1410 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:42.0646 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
14:50:42.0661 0x1410 Ndisuio - detected LockedFile.Multi.Generic ( 1 )
14:50:45.0033 0x1410 Detect skipped due to KSN trusted
14:50:45.0033 0x1410 Ndisuio - ok
14:50:45.0065 0x1410 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:45.0065 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
14:50:45.0080 0x1410 NdisWan - detected LockedFile.Multi.Generic ( 1 )
14:50:47.0515 0x1410 Detect skipped due to KSN trusted
14:50:47.0515 0x1410 NdisWan - ok
14:50:47.0546 0x1410 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:50:47.0546 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
14:50:47.0546 0x1410 NDProxy - detected LockedFile.Multi.Generic ( 1 )
14:50:49.0934 0x1410 Detect skipped due to KSN trusted
14:50:49.0934 0x1410 NDProxy - ok
14:50:49.0965 0x1410 [ 6F4607E2333FE21E9E3FF8133A88B35B, F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
14:50:49.0965 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netaapl64.sys. md5: 6F4607E2333FE21E9E3FF8133A88B35B, sha256: F7B7B262D85D03552A8D0F3F91E795B31E3D09020DDA1E3D62A4A3209D916BB6
14:50:49.0980 0x1410 Netaapl - detected LockedFile.Multi.Generic ( 1 )
14:50:52.0415 0x1410 Detect skipped due to KSN trusted
14:50:52.0415 0x1410 Netaapl - ok
14:50:52.0446 0x1410 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:50:52.0446 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
14:50:52.0462 0x1410 NetBIOS - detected LockedFile.Multi.Generic ( 1 )
14:50:54.0850 0x1410 Detect skipped due to KSN trusted
14:50:54.0850 0x1410 NetBIOS - ok
14:50:54.0896 0x1410 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:50:54.0896 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
14:50:54.0912 0x1410 NetBT - detected LockedFile.Multi.Generic ( 1 )
14:50:57.0362 0x1410 Detect skipped due to KSN trusted
14:50:57.0362 0x1410 NetBT - ok
14:50:57.0393 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\Windows\system32\lsass.exe
14:50:57.0425 0x1410 Netlogon - ok
14:50:57.0471 0x1410 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
14:50:57.0518 0x1410 Netman - ok
14:50:57.0581 0x1410 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
14:50:57.0627 0x1410 netprofm - ok
14:50:57.0643 0x1410 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:50:57.0659 0x1410 NetTcpPortSharing - ok
14:50:57.0690 0x1410 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:50:57.0690 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
14:50:57.0705 0x1410 nfrd960 - detected LockedFile.Multi.Generic ( 1 )
14:51:00.0124 0x1410 Detect skipped due to KSN trusted
14:51:00.0124 0x1410 nfrd960 - ok
14:51:00.0171 0x1410 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:51:00.0249 0x1410 NlaSvc - ok
14:51:00.0265 0x1410 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2, 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
14:51:00.0265 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ccdcmbx64.sys. md5: 907B5E1E4A592E5EDC5E4CCBDE4863C2, sha256: 7A3FA5B779CBBED46CA81328951B71352E4FC60153A91965877834EC7C6F0074
14:51:00.0280 0x1410 nmwcd - detected LockedFile.Multi.Generic ( 1 )
14:51:02.0668 0x1410 Detect skipped due to KSN trusted
14:51:02.0668 0x1410 nmwcd - ok
14:51:02.0699 0x1410 [ 41C1AC1F3613435EB32D67BCB80A5FA5, 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
14:51:02.0699 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ccdcmbox64.sys. md5: 41C1AC1F3613435EB32D67BCB80A5FA5, sha256: 93A313BC4A7FA2FC3372CFBF2D76F417007B4A82455092724D3B0B6FA5A88F23
14:51:02.0715 0x1410 nmwcdc - detected LockedFile.Multi.Generic ( 1 )
14:51:05.0103 0x1410 Detect skipped due to KSN trusted
14:51:05.0103 0x1410 nmwcdc - ok
14:51:05.0134 0x1410 [ 9573223E205907247AE6D948E3453770, 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
14:51:05.0134 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nmwcdnsux64.sys. md5: 9573223E205907247AE6D948E3453770, sha256: 35D32A415F74863D7408229508F134D53CA0FA7EDD8B0E5FEEFC9DE588D0607B
14:51:05.0150 0x1410 nmwcdnsux64 - detected LockedFile.Multi.Generic ( 1 )
14:51:07.0537 0x1410 Detect skipped due to KSN trusted
14:51:07.0537 0x1410 nmwcdnsux64 - ok
14:51:07.0569 0x1410 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:51:07.0569 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
14:51:07.0584 0x1410 Npfs - detected LockedFile.Multi.Generic ( 1 )
14:51:10.0034 0x1410 Detect skipped due to KSN trusted
14:51:10.0034 0x1410 Npfs - ok
14:51:10.0065 0x1410 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
14:51:10.0112 0x1410 nsi - ok
14:51:10.0144 0x1410 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:51:10.0144 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
14:51:10.0159 0x1410 nsiproxy - detected LockedFile.Multi.Generic ( 1 )
14:51:12.0531 0x1410 Detect skipped due to KSN trusted
14:51:12.0531 0x1410 nsiproxy - ok
14:51:12.0609 0x1410 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:51:12.0609 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E
14:51:12.0625 0x1410 Ntfs - detected LockedFile.Multi.Generic ( 1 )
14:51:15.0075 0x1410 Detect skipped due to KSN trusted
14:51:15.0075 0x1410 Ntfs - ok
14:51:15.0106 0x1410 ntrtscan - ok
14:51:15.0122 0x1410 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
14:51:15.0122 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
14:51:15.0137 0x1410 Null - detected LockedFile.Multi.Generic ( 1 )
14:51:17.0525 0x1410 Detect skipped due to KSN trusted
14:51:17.0525 0x1410 Null - ok
14:51:17.0556 0x1410 [ CDDD4478757288DF4BB1494BFD084259, 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
14:51:17.0556 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvhda64v.sys. md5: CDDD4478757288DF4BB1494BFD084259, sha256: 2063A1B4F24BD466A501198B12574D830BC4696ED53CDFF96C1EE91EE8CD1BB0
14:51:17.0556 0x1410 NVHDA - detected LockedFile.Multi.Generic ( 1 )
14:51:19.0944 0x1410 Detect skipped due to KSN trusted
14:51:19.0944 0x1410 NVHDA - ok
14:51:20.0100 0x1410 [ 53A7E1DEA2E7FA22FD4F0C28C078F5A0, B35549BBB36F38AC152B7C932E7FA40899A40A99D8DAFC343749905CEBD08051 ] NVIDIA Performance Driver Service C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
14:51:20.0287 0x1410 NVIDIA Performance Driver Service - ok
14:51:20.0568 0x1410 [ 53D3DD6A066DE2EC13B954B500970D14, C94E2D0840F64D7EA7EAA2429F72F4132757B0D57B1BB6CA6D34231501B79CB3 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:51:20.0568 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nvlddmkm.sys. md5: 53D3DD6A066DE2EC13B954B500970D14, sha256: C94E2D0840F64D7EA7EAA2429F72F4132757B0D57B1BB6CA6D34231501B79CB3
14:51:20.0600 0x1410 nvlddmkm - detected LockedFile.Multi.Generic ( 1 )
14:51:23.0034 0x1410 Detect skipped due to KSN trusted
14:51:23.0034 0x1410 nvlddmkm - ok
14:51:23.0081 0x1410 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:51:23.0081 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 5D9FD91F3D38DC9DA01E3CB5FA89CD48, sha256: 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737
14:51:23.0081 0x1410 nvraid - detected LockedFile.Multi.Generic ( 1 )
14:51:25.0469 0x1410 Detect skipped due to KSN trusted
14:51:25.0469 0x1410 nvraid - ok
14:51:25.0500 0x1410 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:51:25.0500 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: F7CD50FE7139F07E77DA8AC8033D1832, sha256: DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC
14:51:25.0516 0x1410 nvstor - detected LockedFile.Multi.Generic ( 1 )
14:51:27.0903 0x1410 Detect skipped due to KSN trusted
14:51:27.0903 0x1410 nvstor - ok
14:51:27.0966 0x1410 [ 253842C6F1CB130AA6578BB0840427C1, 5ED4DA8665EC4BED3B86C1806F6AD308BAC14891E19C25C05C114471BB4A5D42 ] nvsvc C:\Windows\system32\nvvsvc.exe
14:51:27.0997 0x1410 nvsvc - ok
14:51:28.0013 0x1410 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:51:28.0013 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
14:51:28.0028 0x1410 nv_agp - detected LockedFile.Multi.Generic ( 1 )
14:51:30.0478 0x1410 Detect skipped due to KSN trusted
14:51:30.0478 0x1410 nv_agp - ok
14:51:30.0541 0x1410 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:51:30.0556 0x1410 odserv - ok
14:51:30.0588 0x1410 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:51:30.0588 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
14:51:30.0588 0x1410 ohci1394 - detected LockedFile.Multi.Generic ( 1 )
14:51:33.0022 0x1410 Detect skipped due to KSN trusted
14:51:33.0022 0x1410 ohci1394 - ok
14:51:33.0053 0x1410 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:51:33.0084 0x1410 ose - ok
14:51:33.0131 0x1410 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:51:33.0163 0x1410 p2pimsvc - ok
14:51:33.0209 0x1410 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
14:51:33.0241 0x1410 p2psvc - ok
14:51:33.0256 0x1410 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:51:33.0256 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
14:51:33.0272 0x1410 Parport - detected LockedFile.Multi.Generic ( 1 )
14:51:35.0644 0x1410 Detect skipped due to KSN trusted
14:51:35.0644 0x1410 Parport - ok
14:51:35.0675 0x1410 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:51:35.0675 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
14:51:35.0691 0x1410 partmgr - detected LockedFile.Multi.Generic ( 1 )
14:51:38.0141 0x1410 Detect skipped due to KSN trusted
14:51:38.0141 0x1410 partmgr - ok
14:51:38.0172 0x1410 [ 363B3F857ABEE85767E01E3044C539CD, F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
14:51:38.0172 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\PBADRV.sys. md5: 363B3F857ABEE85767E01E3044C539CD, sha256: F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C
14:51:38.0188 0x1410 PBADRV - detected LockedFile.Multi.Generic ( 1 )
14:51:40.0575 0x1410 Detect skipped due to KSN trusted
14:51:40.0575 0x1410 PBADRV - ok
14:51:40.0622 0x1410 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
14:51:40.0653 0x1410 PcaSvc - ok
14:51:40.0669 0x1410 [ BC0018C2D29F655188A0ED3FA94FDB24, BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
14:51:40.0685 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pccsmcfdx64.sys. md5: BC0018C2D29F655188A0ED3FA94FDB24, sha256: BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A
14:51:40.0685 0x1410 pccsmcfd - detected LockedFile.Multi.Generic ( 1 )
14:51:43.0135 0x1410 Detect skipped due to KSN trusted
14:51:43.0135 0x1410 pccsmcfd - ok
14:51:43.0166 0x1410 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
14:51:43.0166 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
14:51:43.0166 0x1410 pci - detected LockedFile.Multi.Generic ( 1 )
14:51:45.0554 0x1410 Detect skipped due to KSN trusted
14:51:45.0554 0x1410 pci - ok
14:51:45.0585 0x1410 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
14:51:45.0585 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
14:51:45.0585 0x1410 pciide - detected LockedFile.Multi.Generic ( 1 )
14:51:48.0020 0x1410 Detect skipped due to KSN trusted
14:51:48.0020 0x1410 pciide - ok
14:51:48.0051 0x1410 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:51:48.0051 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
14:51:48.0066 0x1410 pcmcia - detected LockedFile.Multi.Generic ( 1 )
14:51:50.0454 0x1410 Detect skipped due to KSN trusted
14:51:50.0454 0x1410 pcmcia - ok
14:51:50.0485 0x1410 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
14:51:50.0485 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
14:51:50.0501 0x1410 pcw - detected LockedFile.Multi.Generic ( 1 )
14:51:52.0889 0x1410 Detect skipped due to KSN trusted
14:51:52.0889 0x1410 pcw - ok
14:51:52.0951 0x1410 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:51:52.0951 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
14:51:52.0967 0x1410 PEAUTH - detected LockedFile.Multi.Generic ( 1 )
14:51:55.0417 0x1410 Detect skipped due to KSN trusted
14:51:55.0417 0x1410 PEAUTH - ok
14:51:55.0510 0x1410 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
14:51:55.0573 0x1410 PeerDistSvc - ok
14:51:55.0651 0x1410 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:51:55.0682 0x1410 PerfHost - ok
14:51:55.0791 0x1410 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
14:51:55.0869 0x1410 pla - ok
14:51:55.0901 0x1410 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:51:55.0916 0x1410 PlugPlay - ok
14:51:55.0947 0x1410 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:51:55.0979 0x1410 PNRPAutoReg - ok
14:51:56.0010 0x1410 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:51:56.0025 0x1410 PNRPsvc - ok
14:51:56.0072 0x1410 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:51:56.0135 0x1410 PolicyAgent - ok
14:51:56.0197 0x1410 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
14:51:56.0228 0x1410 Power - ok
14:51:56.0260 0x1410 [ B0E7D5D2CFAA6ED5F20EB8B84A35E593, 257A2DFB538E9849F50F3AD7B75FB093E6CCF49DB8BD840A769BE77DD7953AD0 ] pppop C:\Windows\system32\DRIVERS\pppop64.sys
14:51:56.0260 0x1410 pppop - ok
14:51:56.0291 0x1410 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:51:56.0291 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
14:51:56.0306 0x1410 PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
14:51:58.0678 0x1410 Detect skipped due to KSN trusted
14:51:58.0678 0x1410 PptpMiniport - ok
14:51:58.0710 0x1410 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:51:58.0710 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
14:51:58.0710 0x1410 Processor - detected LockedFile.Multi.Generic ( 1 )
14:52:01.0160 0x1410 Detect skipped due to KSN trusted
14:52:01.0160 0x1410 Processor - ok
14:52:01.0191 0x1410 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
14:52:01.0238 0x1410 ProfSvc - ok
14:52:01.0269 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:52:01.0269 0x1410 ProtectedStorage - ok
14:52:01.0300 0x1410 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:52:01.0300 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
14:52:01.0316 0x1410 Psched - detected LockedFile.Multi.Generic ( 1 )
14:52:03.0766 0x1410 Detect skipped due to KSN trusted
14:52:03.0766 0x1410 Psched - ok
14:52:03.0797 0x1410 [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:52:03.0797 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\PxHlpa64.sys. md5: 4712CC14E720ECCCC0AA16949D18AAF1, sha256: AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262
14:52:03.0797 0x1410 PxHlpa64 - detected LockedFile.Multi.Generic ( 1 )
14:52:06.0169 0x1410 Detect skipped due to KSN trusted
14:52:06.0169 0x1410 PxHlpa64 - ok
14:52:06.0232 0x1410 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:52:06.0232 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
14:52:06.0247 0x1410 ql2300 - detected LockedFile.Multi.Generic ( 1 )
14:52:08.0620 0x1410 Detect skipped due to KSN trusted
14:52:08.0620 0x1410 ql2300 - ok
14:52:08.0651 0x1410 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:52:08.0651 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
14:52:08.0666 0x1410 ql40xx - detected LockedFile.Multi.Generic ( 1 )
14:52:11.0101 0x1410 Detect skipped due to KSN trusted
14:52:11.0101 0x1410 ql40xx - ok
14:52:11.0148 0x1410 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
14:52:11.0163 0x1410 QWAVE - ok
14:52:11.0195 0x1410 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:52:11.0195 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
14:52:11.0210 0x1410 QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
14:52:13.0598 0x1410 Detect skipped due to KSN trusted
14:52:13.0598 0x1410 QWAVEdrv - ok
14:52:13.0629 0x1410 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:52:13.0629 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
14:52:13.0645 0x1410 RasAcd - detected LockedFile.Multi.Generic ( 1 )
14:52:16.0079 0x1410 Detect skipped due to KSN trusted
14:52:16.0079 0x1410 RasAcd - ok
14:52:16.0111 0x1410 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:52:16.0111 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
14:52:16.0111 0x1410 RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
14:52:18.0561 0x1410 Detect skipped due to KSN trusted
14:52:18.0561 0x1410 RasAgileVpn - ok
14:52:18.0592 0x1410 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
14:52:18.0639 0x1410 RasAuto - ok
14:52:18.0654 0x1410 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:18.0654 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
14:52:18.0670 0x1410 Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
14:52:21.0089 0x1410 Detect skipped due to KSN trusted
14:52:21.0089 0x1410 Rasl2tp - ok
14:52:21.0120 0x1410 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
14:52:21.0167 0x1410 RasMan - ok
14:52:21.0182 0x1410 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:21.0182 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
14:52:21.0182 0x1410 RasPppoe - detected LockedFile.Multi.Generic ( 1 )
14:52:23.0539 0x1410 Detect skipped due to KSN trusted
14:52:23.0539 0x1410 RasPppoe - ok
14:52:23.0555 0x1410 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:52:23.0555 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
14:52:23.0570 0x1410 RasSstp - detected LockedFile.Multi.Generic ( 1 )
14:52:25.0927 0x1410 Detect skipped due to KSN trusted
14:52:25.0927 0x1410 RasSstp - ok
14:52:25.0974 0x1410 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:52:25.0974 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
14:52:25.0974 0x1410 rdbss - detected LockedFile.Multi.Generic ( 1 )
14:52:28.0346 0x1410 Detect skipped due to KSN trusted
14:52:28.0346 0x1410 rdbss - ok
14:52:28.0377 0x1410 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:52:28.0377 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
14:52:28.0377 0x1410 rdpbus - detected LockedFile.Multi.Generic ( 1 )
14:52:30.0827 0x1410 Detect skipped due to KSN trusted
14:52:30.0827 0x1410 rdpbus - ok
14:52:30.0858 0x1410 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:30.0858 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
14:52:30.0874 0x1410 RDPCDD - detected LockedFile.Multi.Generic ( 1 )
14:52:33.0262 0x1410 Detect skipped due to KSN trusted
14:52:33.0262 0x1410 RDPCDD - ok
14:52:33.0308 0x1410 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
14:52:33.0308 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpdr.sys. md5: 1B6163C503398B23FF8B939C67747683, sha256: 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE
14:52:33.0324 0x1410 RDPDR - detected LockedFile.Multi.Generic ( 1 )
14:52:39.0145 0x1410 Detect skipped due to KSN trusted
14:52:39.0145 0x1410 RDPDR - ok
14:52:39.0161 0x1410 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:52:39.0161 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
14:52:39.0176 0x1410 RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
14:52:41.0705 0x1410 Detect skipped due to KSN trusted
14:52:41.0705 0x1410 RDPENCDD - ok
14:52:41.0736 0x1410 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:52:41.0736 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
14:52:41.0751 0x1410 RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
14:52:44.0123 0x1410 Detect skipped due to KSN trusted
14:52:44.0123 0x1410 RDPREFMP - ok
14:52:44.0155 0x1410 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:52:44.0155 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
14:52:44.0170 0x1410 RDPWD - detected LockedFile.Multi.Generic ( 1 )
14:52:46.0620 0x1410 Detect skipped due to KSN trusted
14:52:46.0620 0x1410 RDPWD - ok
14:52:46.0652 0x1410 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:52:46.0652 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
14:52:46.0683 0x1410 rdyboost - detected LockedFile.Multi.Generic ( 1 )
14:52:49.0055 0x1410 Detect skipped due to KSN trusted
14:52:49.0055 0x1410 rdyboost - ok
14:52:49.0086 0x1410 [ 96EFEC24346A8EB1157E80523079ADDC, 7F8FC284029856C754E400B6C954369FFE27763C81D8F4AF4E58BFDD44CBC24A ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
14:52:49.0117 0x1410 RealNetworks Downloader Resolver Service - ok
14:52:49.0273 0x1410 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:52:49.0320 0x1410 RemoteAccess - ok
14:52:49.0352 0x1410 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:52:49.0398 0x1410 RemoteRegistry - ok
14:52:49.0430 0x1410 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:52:49.0430 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rfcomm.sys. md5: 3DD798846E2C28102B922C56E71B7932, sha256: 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D
14:52:49.0445 0x1410 RFCOMM - detected LockedFile.Multi.Generic ( 1 )
14:52:51.0880 0x1410 Detect skipped due to KSN trusted
14:52:51.0880 0x1410 RFCOMM - ok
14:52:51.0911 0x1410 [ 3DCA561AAF776AA2E356FB5B142AA5F8, E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677 ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
14:52:51.0911 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rimspe64.sys. md5: 3DCA561AAF776AA2E356FB5B142AA5F8, sha256: E11F6776F02A09D64FDBB23D7169AB5467E0D8684AACB3D7CA8FAC42F3A02677
14:52:51.0927 0x1410 rimspci - detected LockedFile.Multi.Generic ( 1 )
14:52:54.0299 0x1410 Detect skipped due to KSN trusted
14:52:54.0299 0x1410 rimspci - ok
14:52:54.0330 0x1410 [ 380E98DB92B37A5792C962EC15BFB44C, 276F0BB59068F654BF915FB62A15E3369D40F3E0C740664BBD8DB52C6BAF9D3B ] risdpcie C:\Windows\system32\DRIVERS\risdpe64.sys
14:52:54.0330 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\risdpe64.sys. md5: 380E98DB92B37A5792C962EC15BFB44C, sha256: 276F0BB59068F654BF915FB62A15E3369D40F3E0C740664BBD8DB52C6BAF9D3B
14:52:54.0345 0x1410 risdpcie - detected LockedFile.Multi.Generic ( 1 )
14:52:56.0780 0x1410 Detect skipped due to KSN trusted
14:52:56.0780 0x1410 risdpcie - ok
14:52:56.0811 0x1410 [ A4579105A3C5B6290701EAD0C153E07A, C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
14:52:56.0811 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rixdpe64.sys. md5: A4579105A3C5B6290701EAD0C153E07A, sha256: C1070C93309FBD3D67E8BAFDF2B8FFE83D4F877396B21816F8AAC0FDE68335CC
14:52:56.0827 0x1410 rixdpcie - detected LockedFile.Multi.Generic ( 1 )
14:52:59.0183 0x1410 Detect skipped due to KSN trusted
14:52:59.0183 0x1410 rixdpcie - ok
14:52:59.0215 0x1410 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:52:59.0261 0x1410 RpcEptMapper - ok
14:52:59.0293 0x1410 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
14:52:59.0308 0x1410 RpcLocator - ok
14:52:59.0355 0x1410 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
14:52:59.0402 0x1410 RpcSs - ok
14:52:59.0433 0x1410 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:52:59.0433 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
14:52:59.0433 0x1410 rspndr - detected LockedFile.Multi.Generic ( 1 )
14:53:01.0805 0x1410 Detect skipped due to KSN trusted
14:53:01.0805 0x1410 rspndr - ok
14:53:01.0821 0x1410 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
14:53:01.0821 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vms3cap.sys. md5: E60C0A09F997826C7627B244195AB581, sha256: E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D
14:53:01.0836 0x1410 s3cap - detected LockedFile.Multi.Generic ( 1 )
14:53:04.0271 0x1410 Detect skipped due to KSN trusted
14:53:04.0271 0x1410 s3cap - ok
14:53:04.0302 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\Windows\system32\lsass.exe
14:53:04.0318 0x1410 SamSs - ok
14:53:04.0349 0x1410 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:53:04.0349 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
14:53:04.0349 0x1410 sbp2port - detected LockedFile.Multi.Generic ( 1 )
14:53:06.0799 0x1410 Detect skipped due to KSN trusted
14:53:06.0799 0x1410 sbp2port - ok
14:53:06.0846 0x1410 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:53:06.0908 0x1410 SCardSvr - ok
14:53:06.0940 0x1410 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:53:06.0940 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
14:53:06.0955 0x1410 scfilter - detected LockedFile.Multi.Generic ( 1 )
14:53:09.0343 0x1410 Detect skipped due to KSN trusted
14:53:09.0343 0x1410 scfilter - ok
14:53:09.0437 0x1410 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
14:53:09.0499 0x1410 Schedule - ok
14:53:09.0530 0x1410 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:53:09.0577 0x1410 SCPolicySvc - ok
14:53:09.0608 0x1410 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:53:09.0624 0x1410 SDRSVC - ok
14:53:09.0655 0x1410 [ D358E077A0A05D9B12DA22D137EE8464, 7B6493B199DEF411596B1A6F479F57838202B102C3324333B620E212E0AE9053 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:53:09.0671 0x1410 SeaPort - ok
14:53:09.0702 0x1410 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:53:09.0702 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
14:53:09.0717 0x1410 secdrv - detected LockedFile.Multi.Generic ( 1 )
14:53:12.0152 0x1410 Detect skipped due to KSN trusted
14:53:12.0152 0x1410 secdrv - ok
14:53:12.0183 0x1410 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
14:53:12.0230 0x1410 seclogon - ok
14:53:12.0292 0x1410 [ 9C8580D9A5F3C08556D6ECA31848DC89, BF056CB404BC6C13D0640503C7C7214696C7BA0ABCDD3590010811A5429D0AF9 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
14:53:12.0370 0x1410 SecureStorageService - detected UnsignedFile.Multi.Generic ( 1 )
14:53:14.0758 0x1410 Detect skipped due to KSN trusted
14:53:14.0758 0x1410 SecureStorageService - ok
14:53:14.0805 0x1410 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
14:53:14.0852 0x1410 SENS - ok
14:53:14.0883 0x1410 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:53:14.0899 0x1410 SensrSvc - ok
14:53:14.0930 0x1410 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:53:14.0930 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
14:53:14.0946 0x1410 Serenum - detected LockedFile.Multi.Generic ( 1 )
14:53:17.0302 0x1410 Detect skipped due to KSN trusted
14:53:17.0302 0x1410 Serenum - ok
14:53:17.0333 0x1410 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:53:17.0333 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
14:53:17.0333 0x1410 Serial - detected LockedFile.Multi.Generic ( 1 )
14:53:19.0784 0x1410 Detect skipped due to KSN trusted
14:53:19.0784 0x1410 Serial - ok
14:53:19.0815 0x1410 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:53:19.0815 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
14:53:19.0830 0x1410 sermouse - detected LockedFile.Multi.Generic ( 1 )
14:53:22.0281 0x1410 Detect skipped due to KSN trusted
14:53:22.0281 0x1410 sermouse - ok
14:53:22.0343 0x1410 [ 7D3903AF48E6C1DC2704EAFCB608D031, 95B0F3F4958357C919ADF31D76744D16810325C7313767395521838F65DB3FE0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
14:53:22.0359 0x1410 ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
14:53:24.0747 0x1410 Detect skipped due to KSN trusted
14:53:24.0747 0x1410 ServiceLayer - ok
14:53:24.0825 0x1410 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
14:53:24.0888 0x1410 SessionEnv - ok
14:53:24.0903 0x1410 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:53:24.0903 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
14:53:24.0919 0x1410 sffdisk - detected LockedFile.Multi.Generic ( 1 )
14:53:27.0369 0x1410 Detect skipped due to KSN trusted
14:53:27.0369 0x1410 sffdisk - ok
14:53:27.0400 0x1410 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:53:27.0400 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
14:53:27.0416 0x1410 sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
14:53:29.0851 0x1410 Detect skipped due to KSN trusted
14:53:29.0851 0x1410 sffp_mmc - ok
14:53:29.0882 0x1410 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:53:29.0882 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
14:53:29.0898 0x1410 sffp_sd - detected LockedFile.Multi.Generic ( 1 )
14:53:32.0270 0x1410 Detect skipped due to KSN trusted
14:53:32.0270 0x1410 sffp_sd - ok
14:53:32.0301 0x1410 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:53:32.0301 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
14:53:32.0301 0x1410 sfloppy - detected LockedFile.Multi.Generic ( 1 )
14:53:34.0768 0x1410 Detect skipped due to KSN trusted
14:53:34.0768 0x1410 sfloppy - ok
14:53:34.0814 0x1410 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:53:34.0861 0x1410 SharedAccess - ok
14:53:34.0908 0x1410 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:53:34.0939 0x1410 ShellHWDetection - ok
14:53:34.0970 0x1410 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:53:34.0970 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
14:53:34.0986 0x1410 SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
14:53:37.0437 0x1410 Detect skipped due to KSN trusted
14:53:37.0437 0x1410 SiSRaid2 - ok
14:53:37.0452 0x1410 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:53:37.0452 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
14:53:37.0468 0x1410 SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
14:53:39.0903 0x1410 Detect skipped due to KSN trusted
14:53:39.0903 0x1410 SiSRaid4 - ok
14:53:39.0934 0x1410 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:53:39.0934 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
14:53:39.0934 0x1410 Smb - detected LockedFile.Multi.Generic ( 1 )
14:53:42.0416 0x1410 Detect skipped due to KSN trusted
14:53:42.0416 0x1410 Smb - ok
14:53:42.0462 0x1410 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:53:42.0478 0x1410 SNMPTRAP - ok
14:53:42.0509 0x1410 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
14:53:42.0509 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
14:53:42.0509 0x1410 spldr - detected LockedFile.Multi.Generic ( 1 )
14:53:44.0960 0x1410 Detect skipped due to KSN trusted
14:53:44.0960 0x1410 spldr - ok
14:53:45.0022 0x1410 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
14:53:45.0069 0x1410 Spooler - ok
14:53:45.0163 0x1410 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
14:53:45.0303 0x1410 sppsvc - ok
14:53:45.0350 0x1410 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:53:45.0381 0x1410 sppuinotify - ok
14:53:45.0428 0x1410 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:53:45.0428 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
14:53:45.0428 0x1410 srv - detected LockedFile.Multi.Generic ( 1 )
14:53:47.0816 0x1410 Detect skipped due to KSN trusted
14:53:47.0816 0x1410 srv - ok
14:53:47.0863 0x1410 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:53:47.0863 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
14:53:47.0879 0x1410 srv2 - detected LockedFile.Multi.Generic ( 1 )
14:53:50.0267 0x1410 Detect skipped due to KSN trusted
14:53:50.0267 0x1410 srv2 - ok
14:53:50.0298 0x1410 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:53:50.0298 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
14:53:50.0313 0x1410 srvnet - detected LockedFile.Multi.Generic ( 1 )
14:53:52.0686 0x1410 Detect skipped due to KSN trusted
14:53:52.0686 0x1410 srvnet - ok
14:53:52.0717 0x1410 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:53:52.0764 0x1410 SSDPSRV - ok
14:53:52.0811 0x1410 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:53:52.0873 0x1410 SstpSvc - ok
14:53:52.0936 0x1410 [ DAE7A8A33DF0635E6299640395037765, F401E7EDECEDDC8B9A11DF91E4DAC29D32BE5B0AE6AF34E3207F0FF2A3AB782A ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ac8529709a50c498\STacSV64.exe
14:53:53.0092 0x1410 STacSV - ok
14:53:53.0123 0x1410 [ C568FDB21CE77A44FD166F28F104AC46, 5D8675CE501EF9CE637FFBBC945E09184D54CF206BC3480B15170E50BCA43D6F ] stdflt C:\Windows\system32\DRIVERS\stdfltn.sys
14:53:53.0123 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stdfltn.sys. md5: C568FDB21CE77A44FD166F28F104AC46, sha256: 5D8675CE501EF9CE637FFBBC945E09184D54CF206BC3480B15170E50BCA43D6F
14:53:53.0123 0x1410 stdflt - detected LockedFile.Multi.Generic ( 1 )
14:53:55.0573 0x1410 Detect skipped due to KSN trusted
14:53:55.0573 0x1410 stdflt - ok
14:53:55.0917 0x1410 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:53:55.0917 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
14:53:55.0932 0x1410 stexstor - detected LockedFile.Multi.Generic ( 1 )
14:53:58.0289 0x1410 Detect skipped due to KSN trusted
14:53:58.0289 0x1410 stexstor - ok
14:53:58.0336 0x1410 [ 04906A6B1DD17D38795E28AF4F4392F9, 7B2AA7176EC2DB1B416EA1B3E84871F14D718387547F482AC5ABA2BF9B647A3D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
14:53:58.0336 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stwrt64.sys. md5: 04906A6B1DD17D38795E28AF4F4392F9, sha256: 7B2AA7176EC2DB1B416EA1B3E84871F14D718387547F482AC5ABA2BF9B647A3D
14:53:58.0336 0x1410 STHDA - detected LockedFile.Multi.Generic ( 1 )
14:54:00.0787 0x1410 Detect skipped due to KSN trusted
14:54:00.0787 0x1410 STHDA - ok
14:54:00.0865 0x1410 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
14:54:00.0896 0x1410 stisvc - ok
14:54:00.0927 0x1410 [ E476C66713C842F58E61A95826ED1D57, 33632E8AE6D868EAC7D676E4236E78A0B1E613C9A5FA2470A0419B2E9A6CAE4B ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:54:00.0943 0x1410 stllssvr - ok
14:54:00.0974 0x1410 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
14:54:00.0974 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmstorfl.sys. md5: 7785DC213270D2FC066538DAF94087E7, sha256: F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B
14:54:00.0990 0x1410 storflt - detected LockedFile.Multi.Generic ( 1 )
14:54:03.0362 0x1410 Detect skipped due to KSN trusted
14:54:03.0362 0x1410 storflt - ok
14:54:03.0409 0x1410 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
14:54:03.0424 0x1410 StorSvc - ok
14:54:03.0456 0x1410 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
14:54:03.0456 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\storvsc.sys. md5: D34E4943D5AC096C8EDEEBFD80D76E23, sha256: 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE
14:54:03.0471 0x1410 storvsc - detected LockedFile.Multi.Generic ( 1 )
14:54:05.0859 0x1410 Detect skipped due to KSN trusted
14:54:05.0859 0x1410 storvsc - ok
14:54:05.0875 0x1410 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
14:54:05.0875 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
14:54:05.0891 0x1410 swenum - detected LockedFile.Multi.Generic ( 1 )
14:54:08.0341 0x1410 Detect skipped due to KSN trusted
14:54:08.0341 0x1410 swenum - ok
14:54:08.0388 0x1410 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
14:54:08.0450 0x1410 swprv - ok
14:54:08.0513 0x1410 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
14:54:08.0591 0x1410 SysMain - ok
14:54:08.0622 0x1410 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:54:08.0653 0x1410 TabletInputService - ok
14:54:08.0700 0x1410 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
14:54:08.0747 0x1410 TapiSrv - ok
14:54:08.0778 0x1410 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
14:54:08.0825 0x1410 TBS - ok
14:54:08.0934 0x1410 [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:54:08.0934 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: DB74544B75566C974815E79A62433F29, sha256: 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4
14:54:08.0965 0x1410 Tcpip - detected LockedFile.Multi.Generic ( 1 )
14:54:11.0400 0x1410 Detect skipped due to KSN trusted
14:54:11.0400 0x1410 Tcpip - ok
14:54:11.0478 0x1410 [ DB74544B75566C974815E79A62433F29, 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:54:11.0478 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: DB74544B75566C974815E79A62433F29, sha256: 035EBF70FDA28CF2B6C1FD7EE0ED703DB4B647064B5DBA6E258878A19B1BCCA4
14:54:11.0494 0x1410 TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
14:54:11.0494 0x1410 Detect skipped due to KSN trusted
14:54:11.0494 0x1410 TCPIP6 - ok
14:54:11.0541 0x1410 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:54:11.0541 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519, sha256: 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784
14:54:11.0541 0x1410 tcpipreg - detected LockedFile.Multi.Generic ( 1 )
14:54:13.0929 0x1410 Detect skipped due to KSN trusted
14:54:13.0929 0x1410 tcpipreg - ok
14:54:14.0007 0x1410 [ 69F1A38A6DBFE682491CB61A596662E3, A1FD47C8D4331132806205756F5793F2602442B233CAA0628FD27D8766321CE0 ] tcsd_win32.exe C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
14:54:14.0054 0x1410 tcsd_win32.exe - detected UnsignedFile.Multi.Generic ( 1 )
14:54:16.0489 0x1410 Detect skipped due to KSN trusted
14:54:16.0489 0x1410 tcsd_win32.exe - ok
14:54:16.0598 0x1410 [ BF0F20805431965C47641847F33EE1A8, 2B314CBF2453BCB24A0B29D114CE8DCBE4ED8B78702B7579FDE4BAD3D6E2C3BD ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
14:54:16.0660 0x1410 TdmService - ok
14:54:16.0691 0x1410 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:54:16.0691 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
14:54:16.0691 0x1410 TDPIPE - detected LockedFile.Multi.Generic ( 1 )
14:54:19.0080 0x1410 Detect skipped due to KSN trusted
14:54:19.0080 0x1410 TDPIPE - ok
14:54:19.0095 0x1410 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:54:19.0095 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
14:54:19.0111 0x1410 TDTCP - detected LockedFile.Multi.Generic ( 1 )
14:54:21.0530 0x1410 Detect skipped due to KSN trusted
14:54:21.0530 0x1410 TDTCP - ok
14:54:21.0561 0x1410 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:54:21.0561 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
14:54:21.0577 0x1410 tdx - detected LockedFile.Multi.Generic ( 1 )
14:54:23.0965 0x1410 Detect skipped due to KSN trusted
14:54:23.0965 0x1410 tdx - ok
14:54:23.0996 0x1410 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
14:54:23.0996 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
14:54:24.0012 0x1410 TermDD - detected LockedFile.Multi.Generic ( 1 )
14:54:26.0447 0x1410 Detect skipped due to KSN trusted
14:54:26.0447 0x1410 TermDD - ok
14:54:26.0509 0x1410 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
14:54:26.0572 0x1410 TermService - ok
14:54:26.0603 0x1410 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
14:54:26.0618 0x1410 Themes - ok
14:54:26.0650 0x1410 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
14:54:26.0681 0x1410 THREADORDER - ok
14:54:26.0728 0x1410 tmlisten - ok
14:54:26.0743 0x1410 [ 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
14:54:26.0743 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tmtdi.sys. md5: 8D87AEEC05A5E3DABA0F05CB0FD2F2F4, sha256: B411C3C20125266C1AFDC6032FEB101DEFC4ED9FEC98025F17F59AEE8E956DEB
14:54:26.0759 0x1410 tmtdi - detected LockedFile.Multi.Generic ( 1 )
14:54:29.0147 0x1410 Detect skipped due to KSN trusted
14:54:29.0147 0x1410 tmtdi - ok
14:54:29.0194 0x1410 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
14:54:29.0256 0x1410 TrkWks - ok
14:54:29.0303 0x1410 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:54:29.0365 0x1410 TrustedInstaller - ok
14:54:29.0412 0x1410 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:54:29.0412 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300
14:54:29.0412 0x1410 tssecsrv - detected LockedFile.Multi.Generic ( 1 )
14:54:31.0847 0x1410 Detect skipped due to KSN trusted
14:54:31.0847 0x1410 tssecsrv - ok
14:54:31.0878 0x1410 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:54:31.0878 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
14:54:31.0894 0x1410 TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
14:54:34.0251 0x1410 Detect skipped due to KSN trusted
14:54:34.0251 0x1410 TsUsbFlt - ok
14:54:34.0282 0x1410 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:54:34.0282 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
14:54:34.0298 0x1410 tunnel - detected LockedFile.Multi.Generic ( 1 )
14:54:36.0748 0x1410 Detect skipped due to KSN trusted
14:54:36.0748 0x1410 tunnel - ok
14:54:36.0779 0x1410 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:54:36.0779 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
14:54:36.0795 0x1410 uagp35 - detected LockedFile.Multi.Generic ( 1 )
14:54:39.0152 0x1410 Detect skipped due to KSN trusted
14:54:39.0152 0x1410 uagp35 - ok
14:54:39.0183 0x1410 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:54:39.0183 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
14:54:39.0199 0x1410 udfs - detected LockedFile.Multi.Generic ( 1 )
14:54:41.0634 0x1410 Detect skipped due to KSN trusted
14:54:41.0634 0x1410 udfs - ok
14:54:41.0680 0x1410 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:54:41.0712 0x1410 UI0Detect - ok
14:54:41.0727 0x1410 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:54:41.0727 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
14:54:41.0743 0x1410 uliagpkx - detected LockedFile.Multi.Generic ( 1 )
14:54:44.0131 0x1410 Detect skipped due to KSN trusted
14:54:44.0131 0x1410 uliagpkx - ok
14:54:44.0162 0x1410 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
14:54:44.0162 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
14:54:44.0162 0x1410 umbus - detected LockedFile.Multi.Generic ( 1 )
14:54:46.0613 0x1410 Detect skipped due to KSN trusted
14:54:46.0613 0x1410 umbus - ok
14:54:46.0644 0x1410 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:54:46.0644 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
14:54:46.0644 0x1410 UmPass - detected LockedFile.Multi.Generic ( 1 )
14:54:49.0032 0x1410 Detect skipped due to KSN trusted
14:54:49.0032 0x1410 UmPass - ok
14:54:49.0079 0x1410 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
14:54:49.0110 0x1410 UmRdpService - ok
14:54:49.0141 0x1410 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
14:54:49.0188 0x1410 upnphost - ok
14:54:49.0204 0x1410 [ 4E93C8496359E97830C75AC36393654D, D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
14:54:49.0204 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys. md5: 4E93C8496359E97830C75AC36393654D, sha256: D0482257B019512D77484D92E4DEFEFE4FED53CB440ACB7AA879D6FD0574FA9A
14:54:49.0219 0x1410 upperdev - detected LockedFile.Multi.Generic ( 1 )
14:54:51.0592 0x1410 Detect skipped due to KSN trusted
14:54:51.0592 0x1410 upperdev - ok
14:54:51.0623 0x1410 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:54:51.0623 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\usbaapl64.sys. md5: C9E9D59C0099A9FF51697E9306A44240, sha256: 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1
14:54:51.0623 0x1410 USBAAPL64 - detected LockedFile.Multi.Generic ( 1 )
14:54:54.0073 0x1410 Detect skipped due to KSN trusted
14:54:54.0073 0x1410 USBAAPL64 - ok
14:54:54.0089 0x1410 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:54:54.0089 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
14:54:54.0105 0x1410 usbccgp - detected LockedFile.Multi.Generic ( 1 )
14:54:56.0539 0x1410 Detect skipped due to KSN trusted
14:54:56.0539 0x1410 usbccgp - ok
14:54:56.0571 0x1410 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:54:56.0571 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
14:54:56.0571 0x1410 usbcir - detected LockedFile.Multi.Generic ( 1 )
14:54:58.0959 0x1410 Detect skipped due to KSN trusted
14:54:58.0959 0x1410 usbcir - ok
14:54:58.0990 0x1410 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:54:58.0990 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
14:54:59.0006 0x1410 usbehci - detected LockedFile.Multi.Generic ( 1 )
14:55:01.0440 0x1410 Detect skipped due to KSN trusted
14:55:01.0440 0x1410 usbehci - ok
14:55:01.0487 0x1410 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:55:01.0487 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
14:55:01.0503 0x1410 usbhub - detected LockedFile.Multi.Generic ( 1 )
14:55:03.0953 0x1410 Detect skipped due to KSN trusted
14:55:03.0953 0x1410 usbhub - ok
14:55:03.0985 0x1410 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:55:03.0985 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
14:55:03.0985 0x1410 usbohci - detected LockedFile.Multi.Generic ( 1 )
14:55:06.0388 0x1410 Detect skipped due to KSN trusted
14:55:06.0388 0x1410 usbohci - ok
14:55:06.0420 0x1410 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:55:06.0420 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
14:55:06.0435 0x1410 usbprint - detected LockedFile.Multi.Generic ( 1 )
14:55:08.0808 0x1410 Detect skipped due to KSN trusted
14:55:08.0808 0x1410 usbprint - ok
14:55:08.0839 0x1410 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:55:08.0839 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbscan.sys. md5: 9661DA76B4531B2DA272ECCE25A8AF24, sha256: FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637
14:55:08.0839 0x1410 usbscan - detected LockedFile.Multi.Generic ( 1 )
14:55:11.0289 0x1410 Detect skipped due to KSN trusted
14:55:11.0289 0x1410 usbscan - ok
14:55:11.0321 0x1410 [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser C:\Windows\system32\drivers\usbser.sys
14:55:11.0321 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbser.sys. md5: B57B4F0BEC4270A281B9F8537EB2FA04, sha256: 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382
14:55:11.0321 0x1410 usbser - detected LockedFile.Multi.Generic ( 1 )
14:55:13.0693 0x1410 Detect skipped due to KSN trusted
14:55:13.0693 0x1410 usbser - ok
14:55:13.0724 0x1410 [ 8844CB19A37B65E27049D4A7786726A9, 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
14:55:13.0724 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys. md5: 8844CB19A37B65E27049D4A7786726A9, sha256: 4D772174A320F02E2F87BDF8C6EBBFDE04C9763D3C21FE9557DE938521508A59
14:55:13.0740 0x1410 UsbserFilt - detected LockedFile.Multi.Generic ( 1 )
14:55:16.0190 0x1410 Detect skipped due to KSN trusted
14:55:16.0190 0x1410 UsbserFilt - ok
14:55:16.0222 0x1410 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:55:16.0222 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: D76510CFA0FC09023077F22C2F979D86, sha256: 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439
14:55:16.0222 0x1410 USBSTOR - detected LockedFile.Multi.Generic ( 1 )
14:55:18.0610 0x1410 Detect skipped due to KSN trusted
14:55:18.0610 0x1410 USBSTOR - ok
14:55:18.0641 0x1410 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:55:18.0641 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
14:55:18.0641 0x1410 usbuhci - detected LockedFile.Multi.Generic ( 1 )
14:55:21.0076 0x1410 Detect skipped due to KSN trusted
14:55:21.0076 0x1410 usbuhci - ok
14:55:21.0107 0x1410 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:55:21.0107 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
14:55:21.0123 0x1410 usbvideo - detected LockedFile.Multi.Generic ( 1 )
14:55:23.0573 0x1410 Detect skipped due to KSN trusted
14:55:23.0573 0x1410 usbvideo - ok
14:55:23.0604 0x1410 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
14:55:23.0667 0x1410 UxSms - ok
14:55:23.0698 0x1410 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\Windows\system32\lsass.exe
14:55:23.0714 0x1410 VaultSvc - ok
14:55:23.0729 0x1410 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:55:23.0729 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
14:55:23.0870 0x1410 vdrvroot - detected LockedFile.Multi.Generic ( 1 )
14:55:26.0273 0x1410 Detect skipped due to KSN trusted
14:55:26.0273 0x1410 vdrvroot - ok
14:55:26.0320 0x1410 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
14:55:26.0367 0x1410 vds - ok
14:55:26.0398 0x1410 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:55:26.0398 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
14:55:26.0414 0x1410 vga - detected LockedFile.Multi.Generic ( 1 )
14:55:28.0786 0x1410 Detect skipped due to KSN trusted
14:55:28.0786 0x1410 vga - ok
14:55:28.0802 0x1410 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:55:28.0802 0x1410 Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
14:55:28.0817 0x1410 VgaSave - detected LockedFile.Multi.Generic ( 1 )
14:55:31.0268 0x1410 Detect skipped due to KSN trusted
14:55:31.0268 0x1410 VgaSave - ok
14:55:31.0299 0x1410 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:55:31.0299 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
14:55:31.0315 0x1410 vhdmp - detected LockedFile.Multi.Generic ( 1 )
14:55:33.0750 0x1410 Detect skipped due to KSN trusted
14:55:33.0750 0x1410 vhdmp - ok
14:55:33.0765 0x1410 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
14:55:33.0765 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
14:55:33.0781 0x1410 viaide - detected LockedFile.Multi.Generic ( 1 )
14:55:36.0153 0x1410 Detect skipped due to KSN trusted
14:55:36.0153 0x1410 viaide - ok
14:55:36.0185 0x1410 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
14:55:36.0185 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vmbus.sys. md5: 86EA3E79AE350FEA5331A1303054005F, sha256: 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691
14:55:36.0200 0x1410 vmbus - detected LockedFile.Multi.Generic ( 1 )
14:55:38.0681 0x1410 Detect skipped due to KSN trusted
14:55:38.0681 0x1410 vmbus - ok
14:55:38.0712 0x1410 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
14:55:38.0712 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\VMBusHID.sys. md5: 7DE90B48F210D29649380545DB45A187, sha256: 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4
14:55:38.0712 0x1410 VMBusHID - detected LockedFile.Multi.Generic ( 1 )
14:55:41.0284 0x1410 Detect skipped due to KSN trusted
14:55:41.0284 0x1410 VMBusHID - ok
14:55:41.0300 0x1410 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:55:41.0300 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
14:55:41.0315 0x1410 volmgr - detected LockedFile.Multi.Generic ( 1 )
14:55:43.0700 0x1410 Detect skipped due to KSN trusted
14:55:43.0700 0x1410 volmgr - ok
14:55:43.0747 0x1410 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:55:43.0747 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
14:55:43.0762 0x1410 volmgrx - detected LockedFile.Multi.Generic ( 1 )
14:55:46.0131 0x1410 Detect skipped due to KSN trusted
14:55:46.0131 0x1410 volmgrx - ok
14:55:46.0163 0x1410 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:55:46.0163 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
14:55:46.0178 0x1410 volsnap - detected LockedFile.Multi.Generic ( 1 )
14:55:48.0610 0x1410 Detect skipped due to KSN trusted
14:55:48.0610 0x1410 volsnap - ok
14:55:48.0641 0x1410 [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
14:55:48.0656 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpchbus.sys. md5: B4A73CA4EF9A02B9738CEA9AD5FE5917, sha256: B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166
14:55:48.0656 0x1410 vpcbus - detected LockedFile.Multi.Generic ( 1 )
14:55:51.0041 0x1410 Detect skipped due to KSN trusted
14:55:51.0041 0x1410 vpcbus - ok
14:55:51.0072 0x1410 [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
14:55:51.0072 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcnfltr.sys. md5: E675FB2B48C54F09895482E2253B289C, sha256: 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2
14:55:51.0088 0x1410 vpcnfltr - detected LockedFile.Multi.Generic ( 1 )
14:55:53.0535 0x1410 Detect skipped due to KSN trusted
14:55:53.0535 0x1410 vpcnfltr - ok
14:55:53.0566 0x1410 [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
14:55:53.0566 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vpcusb.sys. md5: 5FB42082B0D19A0268705F1DD343DF20, sha256: 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9
14:55:53.0582 0x1410 vpcusb - detected LockedFile.Multi.Generic ( 1 )
14:55:55.0951 0x1410 Detect skipped due to KSN trusted
14:55:55.0951 0x1410 vpcusb - ok
14:55:55.0997 0x1410 [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
14:55:55.0997 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vpcvmm.sys. md5: 207B6539799CC1C112661A9B620DD233, sha256: 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6
14:55:55.0997 0x1410 vpcvmm - detected LockedFile.Multi.Generic ( 1 )
14:55:58.0444 0x1410 Detect skipped due to KSN trusted
14:55:58.0444 0x1410 vpcvmm - ok
14:55:58.0476 0x1410 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:55:58.0476 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
14:55:58.0491 0x1410 vsmraid - detected LockedFile.Multi.Generic ( 1 )
14:56:00.0938 0x1410 Detect skipped due to KSN trusted
14:56:00.0938 0x1410 vsmraid - ok
14:56:01.0016 0x1410 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
14:56:01.0203 0x1410 VSS - ok
14:56:01.0219 0x1410 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:56:01.0219 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
14:56:01.0234 0x1410 vwifibus - detected LockedFile.Multi.Generic ( 1 )
14:56:03.0619 0x1410 Detect skipped due to KSN trusted
14:56:03.0619 0x1410 vwifibus - ok
14:56:03.0650 0x1410 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:56:03.0650 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
14:56:03.0666 0x1410 vwififlt - detected LockedFile.Multi.Generic ( 1 )
14:56:06.0113 0x1410 Detect skipped due to KSN trusted
14:56:06.0113 0x1410 vwififlt - ok
14:56:06.0144 0x1410 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:56:06.0144 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6A638FC4BFDDC4D9B186C28C91BD1A01, sha256: 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168
14:56:06.0144 0x1410 vwifimp - detected LockedFile.Multi.Generic ( 1 )
14:56:08.0529 0x1410 Detect skipped due to KSN trusted
14:56:08.0529 0x1410 vwifimp - ok
14:56:08.0560 0x1410 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
14:56:08.0607 0x1410 W32Time - ok
14:56:08.0638 0x1410 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:56:08.0638 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
14:56:08.0653 0x1410 WacomPen - detected LockedFile.Multi.Generic ( 1 )
14:56:11.0069 0x1410 Detect skipped due to KSN trusted
14:56:11.0069 0x1410 WacomPen - ok
14:56:11.0100 0x1410 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:56:11.0100 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
14:56:11.0116 0x1410 WANARP - detected LockedFile.Multi.Generic ( 1 )
14:56:13.0485 0x1410 Detect skipped due to KSN trusted
14:56:13.0485 0x1410 WANARP - ok
14:56:13.0516 0x1410 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:56:13.0516 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
14:56:13.0532 0x1410 Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
14:56:13.0532 0x1410 Detect skipped due to KSN trusted
14:56:13.0532 0x1410 Wanarpv6 - ok
14:56:13.0610 0x1410 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
14:56:13.0656 0x1410 wbengine - ok
14:56:13.0688 0x1410 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:56:13.0703 0x1410 WbioSrvc - ok
14:56:13.0734 0x1410 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:56:13.0766 0x1410 wcncsvc - ok
14:56:13.0797 0x1410 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:56:13.0828 0x1410 WcsPlugInService - ok
14:56:13.0843 0x1410 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:56:13.0843 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
14:56:13.0843 0x1410 Wd - detected LockedFile.Multi.Generic ( 1 )
14:56:16.0290 0x1410 Detect skipped due to KSN trusted
14:56:16.0290 0x1410 Wd - ok
14:56:16.0337 0x1410 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:56:16.0337 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
14:56:16.0337 0x1410 Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
14:56:18.0722 0x1410 Detect skipped due to KSN trusted
14:56:18.0722 0x1410 Wdf01000 - ok
14:56:18.0769 0x1410 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:56:18.0831 0x1410 WdiServiceHost - ok
14:56:18.0862 0x1410 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:56:18.0893 0x1410 WdiSystemHost - ok
14:56:18.0940 0x1410 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
14:56:18.0971 0x1410 WebClient - ok
14:56:19.0002 0x1410 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:56:19.0049 0x1410 Wecsvc - ok
14:56:19.0080 0x1410 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:56:19.0112 0x1410 wercplsupport - ok
14:56:19.0143 0x1410 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
14:56:19.0174 0x1410 WerSvc - ok
14:56:19.0190 0x1410 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:56:19.0190 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
14:56:19.0205 0x1410 WfpLwf - detected LockedFile.Multi.Generic ( 1 )
14:56:21.0652 0x1410 Detect skipped due to KSN trusted
14:56:21.0652 0x1410 WfpLwf - ok
14:56:21.0683 0x1410 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:56:21.0683 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
14:56:21.0699 0x1410 WIMMount - detected LockedFile.Multi.Generic ( 1 )
14:56:24.0146 0x1410 Detect skipped due to KSN trusted
14:56:24.0146 0x1410 WIMMount - ok
14:56:24.0177 0x1410 WinDefend - ok
14:56:24.0224 0x1410 WinHttpAutoProxySvc - ok
14:56:24.0271 0x1410 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:56:24.0317 0x1410 Winmgmt - ok
14:56:24.0395 0x1410 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
14:56:24.0489 0x1410 WinRM - ok
14:56:24.0551 0x1410 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:56:24.0551 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
14:56:24.0567 0x1410 WinUsb - detected LockedFile.Multi.Generic ( 1 )
14:56:26.0951 0x1410 Detect skipped due to KSN trusted
14:56:26.0951 0x1410 WinUsb - ok
14:56:27.0029 0x1410 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:56:27.0060 0x1410 Wlansvc - ok
14:56:27.0076 0x1410 [ 8097878196EFAA50A70B42AEF8225A61, A3EE52793A612425B0EA0769F3EFDE6668F37D743D89DEBC13E1B410C80ADB66 ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
14:56:27.0092 0x1410 wltrysvc - detected UnsignedFile.Multi.Generic ( 1 )
14:56:29.0523 0x1410 Detect skipped due to KSN trusted
14:56:29.0523 0x1410 wltrysvc - ok
14:56:29.0554 0x1410 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:56:29.0554 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
14:56:29.0570 0x1410 WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
14:56:31.0923 0x1410 Detect skipped due to KSN trusted
14:56:31.0923 0x1410 WmiAcpi - ok
14:56:31.0970 0x1410 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:56:31.0986 0x1410 wmiApSrv - ok
14:56:32.0001 0x1410 WMPNetworkSvc - ok
14:56:32.0032 0x1410 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:56:32.0064 0x1410 WPCSvc - ok
14:56:32.0079 0x1410 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:56:32.0110 0x1410 WPDBusEnum - ok
14:56:32.0126 0x1410 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:56:32.0126 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
14:56:32.0126 0x1410 ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
14:56:34.0511 0x1410 Detect skipped due to KSN trusted
14:56:34.0511 0x1410 ws2ifsl - ok
14:56:34.0557 0x1410 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
14:56:34.0573 0x1410 wscsvc - ok
14:56:34.0604 0x1410 WSearch - ok
14:56:34.0682 0x1410 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
14:56:34.0760 0x1410 wuauserv - ok
14:56:34.0791 0x1410 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:56:34.0791 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C, sha256: 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9
14:56:34.0807 0x1410 WudfPf - detected LockedFile.Multi.Generic ( 1 )
14:56:37.0238 0x1410 Detect skipped due to KSN trusted
14:56:37.0238 0x1410 WudfPf - ok
14:56:37.0269 0x1410 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:56:37.0269 0x1410 Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682, sha256: FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF
14:56:37.0285 0x1410 WUDFRd - detected LockedFile.Multi.Generic ( 1 )
14:56:39.0670 0x1410 Detect skipped due to KSN trusted
14:56:39.0670 0x1410 WUDFRd - ok
14:56:39.0701 0x1410 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:56:39.0748 0x1410 wudfsvc - ok
14:56:39.0779 0x1410 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
14:56:39.0794 0x1410 WwanSvc - ok
14:56:39.0872 0x1410 ================ Scan global ===============================
14:56:39.0903 0x1410 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
14:56:39.0903 0x1410 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:56:39.0919 0x1410 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
14:56:39.0919 0x1410 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:56:39.0935 0x1410 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
14:56:39.0950 0x1410 [ Global ] - ok
14:56:39.0950 0x1410 ================ Scan MBR ==================================
14:56:39.0950 0x1410 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:56:40.0168 0x1410 \Device\Harddisk0\DR0 - ok
14:56:40.0184 0x1410 [ 09CE7397AF23D4C0B331B89D0297CC7E ] \Device\Harddisk1\DR1
14:56:40.0231 0x1410 \Device\Harddisk1\DR1 - ok
14:56:40.0231 0x1410 ================ Scan VBR ==================================
14:56:40.0246 0x1410 [ 1C1C7641746ED2092B7EFE2B54E2C41A ] \Device\Harddisk0\DR0\Partition1
14:56:40.0246 0x1410 \Device\Harddisk0\DR0\Partition1 - ok
14:56:40.0246 0x1410 [ 0A53DDE415C9AC3B70B1A1F5E9E90CCB ] \Device\Harddisk0\DR0\Partition2
14:56:40.0246 0x1410 \Device\Harddisk0\DR0\Partition2 - ok
14:56:40.0246 0x1410 [ 64CBCA4A18DEEF39A7C1D22C8CA24A21 ] \Device\Harddisk0\DR0\Partition3
14:56:40.0246 0x1410 \Device\Harddisk0\DR0\Partition3 - ok
14:56:40.0262 0x1410 [ 25DE6E919F88779E23ACC9E62FC2E446 ] \Device\Harddisk1\DR1\Partition1
14:56:40.0262 0x1410 \Device\Harddisk1\DR1\Partition1 - ok
14:56:40.0262 0x1410 Waiting for KSN requests completion. In queue: 2
14:56:41.0275 0x1410 Waiting for KSN requests completion. In queue: 2
14:56:42.0288 0x1410 Waiting for KSN requests completion. In queue: 2
14:56:43.0317 0x1410 AV detected via SS2: Trend Micro OfficeScan Virenschutz, C:\Program Files (x86)\Trend Micro\OfficeScan Client\Pccntmon.exe ( ), 0x41000 ( enabled : updated )
14:56:43.0317 0x1410 Win FW state via NFP2: enabled
14:56:45.0717 0x1410 ============================================================
14:56:45.0717 0x1410 Scan finished
14:56:45.0717 0x1410 ============================================================
14:56:45.0733 0x0fa0 Detected object count: 1
14:56:45.0733 0x0fa0 Actual detected object count: 1
15:02:50.0564 0x0fa0 35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - skipped by user
15:02:50.0564 0x0fa0 35e788ab90485f7f ( Rootkit.Win32.Necurs.gen ) - User select action: Skip

Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"

• Drücke auf Start Scan.
  Mache während dem Scan nichts am Rechner
• Gehe sicher das Cure ( default ) angehackt ist !
• Drücke Continue --> Reboot.

TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Hier das Log Teil 1:

Hier Log Teil 2:

Supi, jetzt bitte nochmal einen Scan mit TDSSKiller machen und das Log posten.

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hier das Combofix Log-file:
Combofix Logfile:
--- --- ---

Downloade Dir bitte Malwarebytes Anti-Malware

• Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
• Starte Malwarebytes' Anti-Malware (MBAM).
• Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
• Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
• Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
• Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
• Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
• Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hallo Schrauber,
vielen Dank. Wird gemacht so bald ich an den Rechner komm. Kann aber Anfang nächster Woche werden.
Gruß
seeufirst

ok :)