Code:
2016-12-06T19:03:45.328Z Engine loaded!
2016-12-06T19:03:45.343Z Verifying license file...
2016-12-06T19:03:45.343Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:03:45.343Z Product supports installmode: 0
2016-12-06T19:03:45.343Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:03:45.343Z Loaded module#0 MpComServer.
2016-12-06T19:03:45.343Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:03:45.359Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{488481F8-8673-4E1C-B2D4-2414AD7CFABE}
Scan Source:7
Start Time:12-06-2016 20:04:05
End Time:12-06-2016 20:04:43
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************
2016-12-06T19:05:04.883Z Process scan (poststartupscan) started.
2016-12-06T19:05:05.649Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:05:05.961Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:05:10.071Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:05:10.071Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:05:50.211Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:05:50.211Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.040Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.055Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.055Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.086Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
2016-12-06T19:07:32.086Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:32.086Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 4996
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
2016-12-06T19:07:52.555Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
2016-12-06T19:07:56.024Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.040Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.055Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
2016-12-06T19:07:56.071Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T19:08:02.461Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTER_BILD_Account-Alarm_Installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\HijackThis.exe"
2016-12-06T19:08:16.336Z [Mini-filter] Restricted access to process 1040 from pid: 4996. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T19:09:34.868Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T19:09:34.868Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Begin Resource Scan
Scan ID:{91714CA9-20CB-47A9-9573-976BF1F3E44E}
Scan Source:7
Start Time:12-06-2016 20:05:17
End Time:12-06-2016 20:09:53
Explicit resource to scan
Resource Schema:process
Resource Path:pid:3040,ProcessStart:131255246451875000
Explicit resource to scan
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3040,ProcessStart:131255246451875000
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Result Count:7
Unknown File
Identifier:10640737287068975102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:13539461842430066686
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.26.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.26.0\V.ico
Extended Info:0
Unknown File
Identifier:16368950979518791678
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
Extended Info:0
Unknown File
Identifier:15696254707490095102
Number of Resources:3
Resource Schema:regkey
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:uninstall
Resource Path:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VulkanRT1.0.3.0
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\VulkanRT\1.0.3.0\V.ico
Extended Info:0
Unknown File
Identifier:14452099181164101630
Number of Resources:1
Resource Schema:queryfileprocessrtsig
Resource Path:pid:3040,ProcessStart:131255246451875000
Extended Info:9223502295520413380
Unknown File
Identifier:14410960021602959358
Number of Resources:2
Resource Schema:process
Resource Path:pid:3040,ProcessStart:131255246451875000
Extended Info:0
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
Extended Info:0
Unknown File
Identifier:1932507793814716414
Number of Resources:1
Resource Schema:file
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)
Extended Info:0
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
2016-12-06T19:10:04.305Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\\?\C:\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\acsound.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:14:16
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:14:16.390625000 UTC
2016-12-06T19:14:16.390Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:14:16.406Z Trace session started - MpWppTracing-12062016-201416-00000003-ffffffff.bin
2016-12-06T19:14:16.406Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:14:16.421Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 494160
Number of lookup misses is 58570
Number of fast lookup misses is 295248
Number of false fast lookups is 58570
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0
2016-12-06T19:14:16.437Z Verifying RTP plugin...
2016-12-06T19:14:16.437Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:14:16.453Z Loading engine...
2016-12-06T19:14:16.468Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:14:16.468Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)
2016-12-06T19:14:17.390Z Initializing MPUT in engine...
2016-12-06T19:14:17.390Z MPUT initialized in the engine successfully
2016-12-06T19:14:17.500Z CSignatureStatus: back to good
2016-12-06T19:14:17.500Z Initializing RTP plugin state...
2016-12-06T19:14:17.500Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:35
Async:8
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,1,0
Proc:0,1,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:926
AsyncQCurrent:0
BMFlags:8
ServiceMaj:0
ServiceMin:0
NumInstance:5
TotalStreamCon:1321
NTFS Cache Statistics:
TotalMisses:4966
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
SyncProcessCreateDuration:-1ms (0/0)
Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0
**************************END RTP Perf Log*************************
2016-12-06T19:14:17.500Z Engine loaded!
2016-12-06T19:14:17.500Z Verifying license file...
2016-12-06T19:14:17.500Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:14:17.500Z Product supports installmode: 0
2016-12-06T19:14:17.562Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:14:17.562Z Loaded module#0 MpComServer.
2016-12-06T19:14:17.562Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:14:17.562Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:14:33.326Z MAPS Report Send (hr=0x0 httpcode=200)
Begin Resource Scan
Scan ID:{94DADB1D-8718-4338-9C2C-8DD26A182F0D}
Scan Source:7
Start Time:12-06-2016 20:14:20
End Time:12-06-2016 20:14:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************
2016-12-06T19:14:34.623Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\Windows\Flight1 Citation Mustang\uninstall.exe->(UPX)"
2016-12-06T19:15:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:15:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:15:16.466Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:15:18.748Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2072
2016-12-06T19:15:18.748Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 2072
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\\?\E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:15:22.654Z MAPS Report Send (hr=0x0 httpcode=200)
2016-12-06T19:15:22.654Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Begin Resource Scan
Scan ID:{A2962F25-0B15-47DE-97F6-37D0C93C8110}
Scan Source:7
Start Time:12-06-2016 20:15:21
End Time:12-06-2016 20:15:24
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:E:\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe
Extended Info:25770492256673
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
2016-12-06T19:15:38.560Z MAPS Report Send (hr=0x0 httpcode=200)
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 Gatwick Xtreme\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dll"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\ACSound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\\?\D:\AudioEnvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\\?\D:\Program Files\John Paul Chacha's Lab\Chasys Draw IES\Setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555E9A49503, signame=#LowFi:Win32/Generic!WhitelistedName2Grams, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\FSPS\Xtreme FSX PC\Xtreme FSX PC.exe->[EPO-V-0]"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\\?\E:\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.201Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1f1fff.
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.216Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1f1fff.
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.216Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 2072
2016-12-06T19:16:03.263Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.263Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.263Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.263Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.279Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:03.279Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 2072
2016-12-06T19:16:03.326Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:04.029Z [Mini-filter] Restricted access to process 1040 from pid: 2072. Original desired access: 0x1fffff.
2016-12-06T19:16:04.044Z [Mini-filter] Restricted access to process 6844 from pid: 2072. Original desired access: 0x1fffff.
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:28:38
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:28:38.984375000 UTC
2016-12-06T19:28:38.984Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:28:39.046Z Trace session started - MpWppTracing-12062016-202838-00000003-ffffffff.bin
2016-12-06T19:28:39.046Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:28:39.062Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 494160
Number of lookup misses is 58570
Number of fast lookup misses is 295248
Number of false fast lookups is 58570
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0
2016-12-06T19:28:39.062Z Verifying RTP plugin...
2016-12-06T19:28:39.062Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:28:39.078Z Loading engine...
2016-12-06T19:28:39.078Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:28:39.078Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)
2016-12-06T19:28:39.890Z Initializing MPUT in engine...
2016-12-06T19:28:39.890Z MPUT initialized in the engine successfully
2016-12-06T19:28:39.906Z CSignatureStatus: back to good
2016-12-06T19:28:39.906Z Initializing RTP plugin state...
2016-12-06T19:28:39.906Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:35
Async:8
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,1,0
Proc:0,1,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:370
AsyncQCurrent:0
BMFlags:8
ServiceMaj:0
ServiceMin:0
NumInstance:5
TotalStreamCon:1172
NTFS Cache Statistics:
TotalMisses:4593
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
SyncProcessCreateDuration:-1ms (0/0)
Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0
**************************END RTP Perf Log*************************
2016-12-06T19:28:39.906Z Engine loaded!
2016-12-06T19:28:39.921Z Verifying license file...
2016-12-06T19:28:39.921Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:28:39.921Z Product supports installmode: 0
2016-12-06T19:28:39.921Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:28:39.921Z Loaded module#0 MpComServer.
2016-12-06T19:28:39.921Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:28:39.921Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Begin Resource Scan
Scan ID:{B9F15BC2-6635-40FA-A2C5-6D3B8A8E1334}
Scan Source:7
Start Time:12-06-2016 20:28:53
End Time:12-06-2016 20:29:33
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
2016-12-06T19:30:40.461Z Process scan (poststartupscan) started.
2016-12-06T19:30:40.493Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:30:40.711Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:30:46.993Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:30:46.993Z Process scan (poststartupscan) completed.
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 12-06-2016 20:32:15
************************************************************
OS install time: 12/02/2010 18:09:54.0 UTC
Current time: 12/06/2016 19:32:15.578125000 UTC
2016-12-06T19:32:15.578Z ProductId: 8, ProductFeature: 0, LaunchedProtected: 0
2016-12-06T19:32:15.578Z Trace session started - MpWppTracing-12062016-203215-00000003-ffffffff.bin
2016-12-06T19:32:15.578Z OS Build/Branch info: 7601.23418.amd64fre.win7sp1_ldr.160408-2045
2016-12-06T19:32:15.593Z Cache c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\History\CacheManager\399CF8A9-FE3E-11DF-BF31-806E6F6E6963-0.bin loaded.**********Cache stats************
No. Of buckets -> 119203
Each Bucket has max capacity of -> 1 entries
number of Entries is 94106
Number of invalid entries is 0
Number of inserts issued is 539633
Number of replaces issued is 0
Number of insert failures is 10
Number of inserts with duplicate entries is 90658
Number of lookups is 499212
Number of lookup misses is 58794
Number of fast lookup misses is 296706
Number of false fast lookups is 58794
Number of invalidations is 55
Number of maintenance invalidations is 0
Current File Size is 2920448
Journal ID = 1ce6fe8ba388cf9
Trusted image state = 1 USN = 0
Setup boot count = 0
2016-12-06T19:32:15.609Z Verifying RTP plugin...
2016-12-06T19:32:15.609Z Verified [c:\Program Files\Microsoft Security Client\\mprtp.dll] (file in cache)
2016-12-06T19:32:15.625Z Loading engine...
2016-12-06T19:32:15.640Z Verifying engine and signature files (source: 1) ...
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpengine.dll] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasbase.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpasdlta.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavbase.vdm] (file in cache)
2016-12-06T19:32:15.640Z Verified [c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3DFB495E-93C8-4324-936E-48B388AD475A}\mpavdlta.vdm] (file in cache)
Database:Using offline cache (c:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-AB53A1F023F8E89F6AE7EB748CE5AD1F391201E6.bin)
2016-12-06T19:32:16.515Z Initializing MPUT in engine...
2016-12-06T19:32:16.515Z MPUT initialized in the engine successfully
2016-12-06T19:32:16.531Z CSignatureStatus: back to good
2016-12-06T19:32:16.531Z Initializing RTP plugin state...
2016-12-06T19:32:16.531Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:35
Async:8
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,1,0
Proc:0,1,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:370
AsyncQCurrent:0
BMFlags:8
ServiceMaj:0
ServiceMin:0
NumInstance:5
TotalStreamCon:1147
NTFS Cache Statistics:
TotalMisses:4654
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
SyncProcessCreateDuration:-1ms (0/0)
Success: 0, failures: 0 (last code: 0x0), timeouts: 0, baddata: 0
**************************END RTP Perf Log*************************
2016-12-06T19:32:16.531Z Engine loaded!
2016-12-06T19:32:16.546Z Verifying license file...
2016-12-06T19:32:16.546Z Verified [c:\Program Files\Microsoft Security Client\\msmplics.dll] (file in cache)
2016-12-06T19:32:16.546Z Product supports installmode: 0
2016-12-06T19:32:16.546Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
2016-12-06T19:32:16.546Z Loaded module#0 MpComServer.
2016-12-06T19:32:16.546Z [PlatUpd] Service launched successfully from: c:\Program Files\Microsoft Security Client
2016-12-06T19:32:16.546Z [PlatUpd] Wrote initial install location c:\Program Files\Microsoft Security Client\
Product Version: 4.10.209.0
Service Version: 4.10.209.0
Engine Version: 1.1.13303.0
AS Signature Version: 1.233.1429.0
AV Signature Version: 1.233.1429.0
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\hijackthis.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Wolfenstein Enemy Territory - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:32:31.220Z MAPS Report Send (hr=0xffffffff httpcode=0)
Begin Resource Scan
Scan ID:{F742FE55-8B50-4B4D-9C2C-3F9E95FA067D}
Scan Source:7
Start Time:12-06-2016 20:32:19
End Time:12-06-2016 20:32:31
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Result Count:1
Unknown File
Identifier:4443369305966379006
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\Uninstaller.exe->(Asprotect 1.32)
Extended Info:9223502295520413380
End Scan
************************************************************
2016-12-06T19:32:32.158Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\Microsoft Security Essentials - CHIP-Installer.exe->[RSRCEmb]#1"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\Users\Lutz\Desktop\COMPUTERBILDAbzockschutzWebinstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe"
Internal signature match:subtype=Persist, sigseq=0x0000055517955795, signame=#PERSIST_PUA:Blocked:Certificates, cached=false, resource="\Device\HarddiskVolume2\users\lutz\desktop\computer_bild_account-alarm_installation.exe->[MSILRES:Installation.InstallLib.dll]"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
2016-12-06T19:33:00.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:33:00.939Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:33:09.705Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 5488
2016-12-06T19:33:09.705Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE, pid: 5488
2016-12-06T19:33:17.095Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5488
2016-12-06T19:33:17.095Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\NISSRV.EXE, pid: 5488
2016-12-06T19:33:59.205Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.220Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.236Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:33:59.330Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.955Z [Mini-filter] Denied access to file: \PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSMPENG.EXE, pid: 5488
2016-12-06T19:34:00.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:00.970Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:00.970Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.001Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:01.001Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\MsMpEng.exe, pid: 5488
2016-12-06T19:34:01.048Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.423Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.423Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.439Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.439Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.455Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.455Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:11.470Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\msseces.exe, pid: 5488
2016-12-06T19:34:11.501Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.111Z [Mini-filter] Denied access to file: \PROGRAM FILES\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.126Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.142Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.142Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.142Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.158Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.158Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.173Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.173Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.173Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:17.189Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.189Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:34:17.189Z [Mini-filter] Denied access to file: \Program Files\Microsoft Security Client\NisSrv.exe, pid: 5488
2016-12-06T19:34:35.861Z On demand scan closed without completion. Current scan state: 1. ScanSource: 2, Scan flags:0x10001. NumberOfResources:0. bRemoveFromList:1
2016-12-06T19:35:24.705Z Process scan (poststartupscan) started.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
2016-12-06T19:35:30.626Z MAPS Report Send (hr=0xffffffff httpcode=0)
2016-12-06T19:35:30.626Z Process scan (poststartupscan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="process://C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Persist, sigseq=0x00007678357E86C4, signame=ALFPER:HSTR:NetMoneyYYDownloader, cached=false, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x80007678357E86C4, signame=!#ALFPER:HSTR:NetMoneyYYDownloader, cached=true, resource="\\?\C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe->(Asprotect 1.32)"
Internal signature match:subtype=Lowfi, sigseq=0x0000254003D75485, signame=ALF:SIGA:MSIL/Suspicious.CheckAnti.A, cached=false, resource="\\?\C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
2016-12-06T19:36:44.673Z [Mini-filter] Restricted access to process 832 from pid: 5488. Original desired access: 0x1fffff.
2016-12-06T19:36:44.689Z [Mini-filter] Restricted access to process 2076 from pid: 5488. Original desired access: 0x1fffff.
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume2\windows\flight1 citation mustang\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00000555DCE8AEDD, signame=#Lowfi:RPF:FileHasTaggant, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\Tom Clancy's The Division\TheDivision.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E6003731E, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\wmenc.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\audioenvironment.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=false, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000055533AE449C, signame=#Lowfi:HSTR:Win32/LoadDotNETFromNative.A, cached=true, resource="\Device\HarddiskVolume3\acsound.exe"
Internal signature match:subtype=Persist, sigseq=0x00000555F44FDC44, signame=#PERSIST_HSTR:SmartInstall, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\uninstall.exe->(UPX)"
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=false, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
2016-12-06T19:37:27.392Z MAPS Report Send (hr=0xffffffff httpcode=0)
Internal signature match:subtype=Lowfi, sigseq=0x00023EBD4DBA4EFC, signame=SLF:HighRiskHasMotW, cached=true, resource="\Device\HarddiskVolume3\program files\john paul chacha's lab\chasys draw ies\setup.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=false, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
2016-12-06T19:39:46.783Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
2016-12-06T19:39:46.783Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snooze state (0), and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=false, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Internal signature match:subtype=Lowfi, sigseq=0x8000927801AD9E28, signame=!#HSTR:Trojan:Win32/AntiVmDisk!lowfi, cached=true, resource="\Device\HarddiskVolume4\Program Files (x86)\MAGIX\Fotos_auf_CD_DVD_9\Fotos.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157EB1885777, signame=ALF:Lowfi:Win32/Bagsu!rfn, cached=true, resource="\Device\HarddiskVolume2\Program Files (x86)\Windows Media Components\Encoder\WMProEdt.exe"
Begin Resource Scan |