Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I can't run any antivirus. [Solved]


  • This topic is locked This topic is locked

#1
mcrjoker

mcrjoker

    New Member

  • Member
  • Pip
  • 6 posts

Hello,

 

as topic says, I can install but can't run any antivirus.

I tried with Windows Defenter (error 1068), Microsoft Security Essential and Avast. I can install them all, but then they don't want to run.

 

I would be gratefull for any help.

 

Greetings from Poland,

Maciej


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi first I will need to take a look

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned

Could you post the logs please
  • 0

#5
mcrjoker

mcrjoker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I don't know if you can work with this, when I downloaded the program from your link, it automatically opened in Polish version and I can't change the leanguage... So the files are in Polish.

I also attached the files.

Attached File  Addition.txt   22.18KB   162 downloadsAttached File  FRST.txt   41.87KB   161 downloads

ADDITION:

 

Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:31-08-2015
Uruchomiony przez Bladowo (2015-09-01 17:59:42)
Uruchomiony z C:\Users\Bladowo\Desktop
Tryb startu: Normal
==========================================================


==================== Konta użytkowników: =============================

Administrator (S-1-5-21-4061940706-3157505194-3058203634-500 - Administrator - Disabled)
Bladowo (S-1-5-21-4061940706-3157505194-3058203634-1001 - Administrator - Enabled) => C:\Users\Bladowo
Gość (S-1-5-21-4061940706-3157505194-3058203634-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4061940706-3157505194-3058203634-1002 - Limited - Enabled)

==================== Centrum zabezpieczeń ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Zainstalowane programy ======================

(W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{61D4B846-49F8-2639-A4EB-977875265F37}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
ccc-core-static (x32 Version: 2010.0426.2136.36953 - Nazwa firmy) Hidden
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.26.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 7.0.3 - Ministerstwo Finansow)
e-Deklaracje Desktop (x32 Version: 7.0.3 - Ministerstwo Finansow) Hidden
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych (HKLM-x32\...\{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}) (Version: 15.4.5722.2 - Microsoft Corporation)
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.7.1002 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.01.01.1007 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 pl) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 pl)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
PIT Format 2013 (HKLM-x32\...\PIT Format 2013_is1) (Version:  - Biuro Informatyki Stosowanej FORMAT)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.12 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.5 x64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
TRORMCLauncher (HKLM-x32\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version:  - )
TRORMCLauncher (Version: 1.0.0.10 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)

==================== Niestandardowe rejestracje CLSID (filtrowane): ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Punkty Przywracania systemu =========================


==================== Hosts - zawartość: ===============================

(Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.)

2009-07-14 04:34 - 2015-08-25 15:48 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Zaplanowane zadania (filtrowane) =============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

Task: {3D63102D-C4F5-48C3-BF61-5B040A1864CA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-25] (AVAST Software)
Task: {46F894F5-423C-4E41-95A6-98F56F250D65} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C2A52BB6-27C9-4B13-B8C1-D803875BC9C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-15] (Adobe Systems Incorporated)

(Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Załadowane moduły (filtrowane) ==============

2014-02-17 19:35 - 2013-08-02 04:12 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () C:\Windows\system32\pcwum.DLL
2009-07-14 01:19 - 2009-07-14 03:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-02-05 14:54 - 2014-02-05 14:54 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-08-25 17:08 - 2015-08-25 17:08 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-08-25 17:08 - 2015-08-25 17:08 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-25 17:08 - 2015-08-25 17:08 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

==================== Alternate Data Streams (filtrowane) =========

(Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.)


==================== Tryb awaryjny (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.)


==================== EXE - Powiązania (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.)


==================== Internet Explorer - Witryny zaufane i z ograniczeniami ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.)


==================== Inne obszary ============================

(Obecnie brak automatycznej naprawy dla tej sekcji.)

HKU\S-1-5-21-4061940706-3157505194-3058203634-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Bladowo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.241.79.38 - 213.241.79.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Zapora systemu Windows - funkcja włączona.

==================== MSCONFIG/TASK MANAGER - Wyłączone elementy ==

(Obecnie brak automatycznej naprawy dla tej sekcji.)


==================== Reguły Zapory systemu Windows (filtrowane) ===============

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

FirewallRules: [{E64A76F5-90E2-464D-9167-2F06FF806230}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{01E6EBAC-8FC5-42D8-A110-93E4538011F9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1B8C9D85-C7CA-4743-B217-FC3DE7705777}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A6951BC2-6448-4028-9CAA-9EBEE4E41738}] => (Allow) LPort=2869
FirewallRules: [{7E60A2AA-0A60-4F11-8D8A-01B0F6282344}] => (Allow) LPort=1900
FirewallRules: [{54D9F8CD-3391-4C55-A94F-E930DA8ADFFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CAC0348E-15F4-40D1-924A-5EF4CB1A2CC0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{89F16B92-8563-438B-978E-FB332E861E87}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2775C7A8-8084-4EB7-9146-72E675B93783}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{8EDF6CD0-6B24-4B2F-B47F-7ED24A2AC1B0}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{247FBBAE-B8A0-4E1C-89CB-B40E3ABD5FD9}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe

==================== Wadliwe urządzenia w Menedżerze urządzeń =============


==================== Błędy w Dzienniku zdarzeń: =========================

Dziennik Aplikacja:
==================
Error: (09/01/2015 05:59:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmpnscfg.exe, wersja: 12.0.7600.16385, sygnatura czasowa: 0x4a5bd026
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x5315a05a
Kod wyjątku: 0xc06d007f
Przesunięcie błędu: 0x000000000000940d
Identyfikator procesu powodującego błąd: 0xb04
Godzina uruchomienia aplikacji powodującej błąd: 0xwmpnscfg.exe0
Ścieżka aplikacji powodującej błąd: wmpnscfg.exe1
Ścieżka modułu powodującego błąd: wmpnscfg.exe2
Identyfikator raportu: wmpnscfg.exe3

Error: (08/25/2015 08:29:38 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Wolumin WINDOWS (C:) nie został zdefragmentowany, ponieważ wykryto błąd: Odmowa dostępu. (0x80070005)

Error: (08/25/2015 05:17:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: Bladowo_kom)
Description: Produkt: Microsoft Fix it 50562 - Ten skrypt Microsoft Fix it nie dotyczy tego systemu operacyjnego lub tej wersji aplikacji.

Error: (08/25/2015 04:57:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmpnscfg.exe, wersja: 12.0.7600.16385, sygnatura czasowa: 0x4a5bd026
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x5315a05a
Kod wyjątku: 0xc06d007f
Przesunięcie błędu: 0x000000000000940d
Identyfikator procesu powodującego błąd: 0x10d8
Godzina uruchomienia aplikacji powodującej błąd: 0xwmpnscfg.exe0
Ścieżka aplikacji powodującej błąd: wmpnscfg.exe1
Ścieżka modułu powodującego błąd: wmpnscfg.exe2
Identyfikator raportu: wmpnscfg.exe3

Error: (08/25/2015 04:56:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmpnscfg.exe, wersja: 12.0.7600.16385, sygnatura czasowa: 0x4a5bd026
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x5315a05a
Kod wyjątku: 0xc06d007f
Przesunięcie błędu: 0x000000000000940d
Identyfikator procesu powodującego błąd: 0x7b8
Godzina uruchomienia aplikacji powodującej błąd: 0xwmpnscfg.exe0
Ścieżka aplikacji powodującej błąd: wmpnscfg.exe1
Ścieżka modułu powodującego błąd: wmpnscfg.exe2
Identyfikator raportu: wmpnscfg.exe3

Error: (08/25/2015 04:56:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmpnscfg.exe, wersja: 12.0.7600.16385, sygnatura czasowa: 0x4a5bd026
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x5315a05a
Kod wyjątku: 0xc06d007f
Przesunięcie błędu: 0x000000000000940d
Identyfikator procesu powodującego błąd: 0x3d0
Godzina uruchomienia aplikacji powodującej błąd: 0xwmpnscfg.exe0
Ścieżka aplikacji powodującej błąd: wmpnscfg.exe1
Ścieżka modułu powodującego błąd: wmpnscfg.exe2
Identyfikator raportu: wmpnscfg.exe3

Error: (08/25/2015 03:30:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: wmpnscfg.exe, wersja: 12.0.7600.16385, sygnatura czasowa: 0x4a5bd026
Nazwa modułu powodującego błąd: KERNELBASE.dll, wersja: 6.1.7601.18409, sygnatura czasowa: 0x5315a05a
Kod wyjątku: 0xc06d007f
Przesunięcie błędu: 0x000000000000940d
Identyfikator procesu powodującego błąd: 0x80c
Godzina uruchomienia aplikacji powodującej błąd: 0xwmpnscfg.exe0
Ścieżka aplikacji powodującej błąd: wmpnscfg.exe1
Ścieżka modułu powodującego błąd: wmpnscfg.exe2
Identyfikator raportu: wmpnscfg.exe3

Error: (08/23/2015 09:50:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program javaw.exe w wersji 6.0.170.4 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 17c

Godzina rozpoczęcia: 01d0ddd28d7d7d9d

Godzina zakończenia: 31

Ścieżka aplikacji: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Identyfikator raportu: 20be6f5c-49d0-11e5-8a8d-00266ca7d271

Error: (07/07/2015 01:58:57 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: TSS Load: could not communicate with TMachInfo service

Error: (05/14/2015 09:19:45 PM) (Source: MsiInstaller) (EventID: 1024) (User: Bladowo_kom)
Description: Produkt: Adobe Reader XI (11.0.10) - Polish - nie można zainstalować aktualizacji '{AC76BA86-7AD7-0000-2550-7A8C40011011}'. Kod błędu 1625. Instalator Windows może tworzyć dzienniki, aby ułatwić rozwiązywanie problemów z instalowaniem pakietów oprogramowania. Użyj następującego łącza, aby uzyskać instrukcje dotyczące włączania obsługi rejestrowania: http://go.microsoft....k/?LinkId=23127


Dziennik System:
=============
Error: (09/01/2015 05:57:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi avast! HardwareID z powodu następującego błędu:
%%31

Error: (09/01/2015 05:53:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Nie można załadować następujących sterowników startu rozruchowego lub systemowego:
aswRdr
aswRvrt
aswSnx
aswSP
aswVmm

Error: (09/01/2015 05:53:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi TOSHIBA eco Utility Service z powodu następującego błędu:
%%2

Error: (09/01/2015 05:53:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi TOSHIBA Power Saver z powodu następującego błędu:
%%2

Error: (09/01/2015 05:53:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi avast! HardwareID z powodu następującego błędu:
%%31

Error: (09/01/2015 05:53:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Usługa Avast Antivirus zależy od usługi aswMonFlt, której nie można uruchomić z powodu następującego błędu:
%%31

Error: (09/01/2015 05:53:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi aswStm z powodu następującego błędu:
%%31

Error: (09/01/2015 05:53:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi aswMonFlt z powodu następującego błędu:
%%31

Error: (09/01/2015 05:09:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi avast! HardwareID z powodu następującego błędu:
%%31

Error: (09/01/2015 05:07:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi avast! HardwareID z powodu następującego błędu:
%%31


Microsoft Office:
=========================

CodeIntegrity:
===================================
  Date: 2014-05-24 22:06:45.923
  Description: N/A

  Date: 2014-05-24 22:06:45.814
  Description: N/A


==================== Statystyki pamięci ===========================

Procesor: Intel® Core™ i5 CPU M 480 @ 2.67GHz
Procent pamięci w użyciu: 22%
Całkowita pamięć fizyczna: 6005.86 MB
Dostępna pamięć fizyczna: 4675.25 MB
Całkowita pamięć wirtualna: 12009.9 MB
Dostępna pamięć wirtualna: 10426.79 MB

==================== Dyski ================================

Drive c: (WINDOWS) (Fixed) (Total:232.65 GB) (Free:165.91 GB) NTFS
Drive d: (Data) (Fixed) (Total:232.72 GB) (Free:195.4 GB) NTFS

==================== MBR & Tablica partycji ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 156DB826)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

==================== Koniec  Addition.txt ============================

 

 

 

FRST:

 

Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:31-08-2015
Uruchomiony przez Bladowo (administrator)  BLADOWO_KOM (01-09-2015 17:59:04)
Uruchomiony z C:\Users\Bladowo\Desktop
Załadowane profile: Bladowo (Dostępne profile: Bladowo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: FF)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [TPwrMain] => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM\...\Run: [TosWaitSrv] => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
HKLM\...\Run: [Teco] => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmoothView] => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM\...\Run: [SmartFaceVWatcher] => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [HSON] => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [00TCrdMain] => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-25] (AVAST Software)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-02-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-25] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-11-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2010-11-26]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci..)

Tcpip\Parameters: [DhcpNameServer] 109.163.232.183 8.8.8.8
Tcpip\..\Interfaces\{DCD2330A-D7EE-4E23-BF6E-B05F27D123EF}: [NameServer] 213.241.79.38,213.241.79.36
Tcpip\..\Interfaces\{DCD2330A-D7EE-4E23-BF6E-B05F27D123EF}: [DhcpNameServer] 109.163.232.183 8.8.8.8

Internet Explorer:
==================
HKU\S-1-5-21-4061940706-3157505194-3058203634-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com
HKU\S-1-5-21-4061940706-3157505194-3058203634-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com
SearchScopes: HKLM -> DefaultScope {13800EA4-6A2C-475C-B408-F39E25364CE7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {13800EA4-6A2C-475C-B408-F39E25364CE7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {ADCC079F-E27F-4910-B8EA-21F9AE7AAAD9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {ADCC079F-E27F-4910-B8EA-21F9AE7AAAD9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4061940706-3157505194-3058203634-1001 -> DefaultScope {13800EA4-6A2C-475C-B408-F39E25364CE7} URL =
SearchScopes: HKU\S-1-5-21-4061940706-3157505194-3058203634-1001 -> {00676D5A-21FF-4AA3-8FEA-634E16F5094B} URL = hxxp://rover.ebay.com/rover/1/4908-44618-9400-8/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-4061940706-3157505194-3058203634-1001 -> {548E1877-5359-4A24-ACC0-983D6551ED34} URL = hxxp://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2
SearchScopes: HKU\S-1-5-21-4061940706-3157505194-3058203634-1001 -> {ADCC079F-E27F-4910-B8EA-21F9AE7AAAD9} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-25] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-25] (AVAST Software)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll Brak pliku
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-10-27] (<TOSHIBA>)

FireFox:
========
FF ProfilePath: C:\Users\Bladowo\AppData\Roaming\Mozilla\Firefox\Profiles\jhwszcp0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-15] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-08-25]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-08-25]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

"a14f089ffbafdf69" => serwis nie został odblokowany. <===== UWAGA

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-25] (AVAST Software)
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [X]
S2 TOSHIBA eco Utility Service; "C:\Program Files\TOSHIBA\TECO\TecoService.exe" [X]
S3 TPCHSrv; "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe" [X]

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

U5 a14f089ffbafdf69; C:\Windows\System32\Drivers\a14f089ffbafdf69.sys [60344 2014-05-25] () <===== UWAGA Necurs Rootkit?
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-25] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-25] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-25] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-25] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-25] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-25] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-25] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-25] (AVAST Software)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [Brak podpisu cyfrowego]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [Brak podpisu cyfrowego]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-14] () [Brak podpisu cyfrowego]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] ()
R1 blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [45056 2009-07-14] () [Brak podpisu cyfrowego]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] () [Brak podpisu cyfrowego]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [Brak podpisu cyfrowego]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [Brak podpisu cyfrowego]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] () [Brak podpisu cyfrowego]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [Brak podpisu cyfrowego]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [Brak podpisu cyfrowego]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [Brak podpisu cyfrowego]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-14] () [Brak podpisu cyfrowego]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] () [Brak podpisu cyfrowego]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] () [Brak podpisu cyfrowego]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-14] () [Brak podpisu cyfrowego]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-14] () [Brak podpisu cyfrowego]
R3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-14] () [Brak podpisu cyfrowego]
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-14] () [Brak podpisu cyfrowego]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2013-07-04] () [Brak podpisu cyfrowego]
R3 CnxtHdAudService; C:\Windows\System32\drivers\CHDRT64.sys [724536 2010-03-31] () [Brak podpisu cyfrowego]
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [720952 2010-03-05] () [Brak podpisu cyfrowego]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-14] () [Brak podpisu cyfrowego]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] () [Brak podpisu cyfrowego]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-14] () [Brak podpisu cyfrowego]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] () [Brak podpisu cyfrowego]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] () [Brak podpisu cyfrowego]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-14] () [Brak podpisu cyfrowego]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] () [Brak podpisu cyfrowego]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983488 2013-08-01] () [Brak podpisu cyfrowego]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [Brak podpisu cyfrowego]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-14] () [Brak podpisu cyfrowego]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] () [Brak podpisu cyfrowego]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] () [Brak podpisu cyfrowego]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] () [Brak podpisu cyfrowego]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-14] () [Brak podpisu cyfrowego]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-14] () [Brak podpisu cyfrowego]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] () [Brak podpisu cyfrowego]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-14] () [Brak podpisu cyfrowego]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] () [Brak podpisu cyfrowego]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-14] () [Brak podpisu cyfrowego]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223248 2010-11-20] () [Brak podpisu cyfrowego]
R3 FwLnk; C:\Windows\system32\DRIVERS\FwLnk.sys [9216 2009-07-07] () [Brak podpisu cyfrowego]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-14] () [Brak podpisu cyfrowego]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [Brak podpisu cyfrowego]
S3 HdAudAddService; C:\Windows\system32\drivers\HdAudio.sys [350208 2010-11-20] () [Brak podpisu cyfrowego]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] () [Brak podpisu cyfrowego]
R3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] () [Brak podpisu cyfrowego]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-14] () [Brak podpisu cyfrowego]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-14] () [Brak podpisu cyfrowego]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-14] () [Brak podpisu cyfrowego]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] () [Brak podpisu cyfrowego]
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] () [Brak podpisu cyfrowego]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] () [Brak podpisu cyfrowego]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] () [Brak podpisu cyfrowego]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-14] () [Brak podpisu cyfrowego]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [538136 2010-01-15] () [Brak podpisu cyfrowego]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2010-11-20] () [Brak podpisu cyfrowego]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-14] () [Brak podpisu cyfrowego]
R3 Impcd; C:\Windows\System32\DRIVERS\Impcd.sys [158720 2010-02-10] () [Brak podpisu cyfrowego]
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-14] () [Brak podpisu cyfrowego]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] () [Brak podpisu cyfrowego]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] () [Brak podpisu cyfrowego]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] () [Brak podpisu cyfrowego]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] () [Brak podpisu cyfrowego]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] () [Brak podpisu cyfrowego]
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-14] () [Brak podpisu cyfrowego]
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-20] () [Brak podpisu cyfrowego]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-14] () [Brak podpisu cyfrowego]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] () [Brak podpisu cyfrowego]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95680 2014-04-12] () [Brak podpisu cyfrowego]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [155072 2014-04-12] () [Brak podpisu cyfrowego]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] () [Brak podpisu cyfrowego]
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [75304 2010-02-22] () [Brak podpisu cyfrowego]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] () [Brak podpisu cyfrowego]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-14] () [Brak podpisu cyfrowego]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-14] () [Brak podpisu cyfrowego]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-14] () [Brak podpisu cyfrowego]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-14] () [Brak podpisu cyfrowego]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] () [Brak podpisu cyfrowego]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-14] () [Brak podpisu cyfrowego]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-14] () [Brak podpisu cyfrowego]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] () [Brak podpisu cyfrowego]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] () [Brak podpisu cyfrowego]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-14] () [Brak podpisu cyfrowego]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] () [Brak podpisu cyfrowego]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] () [Brak podpisu cyfrowego]
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] () [Brak podpisu cyfrowego]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] () [Brak podpisu cyfrowego]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-20] () [Brak podpisu cyfrowego]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-27] () [Brak podpisu cyfrowego]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-09] () [Brak podpisu cyfrowego]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-27] () [Brak podpisu cyfrowego]
R0 msahci; C:\Windows\System32\drivers\msahci.sys [31104 2010-11-20] () [Brak podpisu cyfrowego]
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] () [Brak podpisu cyfrowego]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] () [Brak podpisu cyfrowego]
R0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-14] () [Brak podpisu cyfrowego]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] () [Brak podpisu cyfrowego]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] () [Brak podpisu cyfrowego]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] () [Brak podpisu cyfrowego]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] ()
R1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-14] () [Brak podpisu cyfrowego]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] () [Brak podpisu cyfrowego]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-14] () [Brak podpisu cyfrowego]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-14] () [Brak podpisu cyfrowego]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] () [Brak podpisu cyfrowego]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [951680 2010-11-20] () [Brak podpisu cyfrowego]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] () [Brak podpisu cyfrowego]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] () [Brak podpisu cyfrowego]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] () [Brak podpisu cyfrowego]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] () [Brak podpisu cyfrowego]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] () [Brak podpisu cyfrowego]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] () [Brak podpisu cyfrowego]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-14] () [Brak podpisu cyfrowego]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] () [Brak podpisu cyfrowego]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] () [Brak podpisu cyfrowego]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2010-11-20] () [Brak podpisu cyfrowego]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2010-11-20] () [Brak podpisu cyfrowego]
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-14] () [Brak podpisu cyfrowego]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] () [Brak podpisu cyfrowego]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-14] () [Brak podpisu cyfrowego]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-17] () [Brak podpisu cyfrowego]
R0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] () [Brak podpisu cyfrowego]
R0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-14] () [Brak podpisu cyfrowego]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-14] () [Brak podpisu cyfrowego]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-14] () [Brak podpisu cyfrowego]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] () [Brak podpisu cyfrowego]
R3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [35008 2009-06-22] () [Brak podpisu cyfrowego]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] () [Brak podpisu cyfrowego]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-14] () [Brak podpisu cyfrowego]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] () [Brak podpisu cyfrowego]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-14] () [Brak podpisu cyfrowego]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-14] () [Brak podpisu cyfrowego]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] () [Brak podpisu cyfrowego]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] () [Brak podpisu cyfrowego]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] () [Brak podpisu cyfrowego]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] () [Brak podpisu cyfrowego]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] () [Brak podpisu cyfrowego]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] () [Brak podpisu cyfrowego]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] () [Brak podpisu cyfrowego]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-14] () [Brak podpisu cyfrowego]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] () [Brak podpisu cyfrowego]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] () [Brak podpisu cyfrowego]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] () [Brak podpisu cyfrowego]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] () [Brak podpisu cyfrowego]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] () [Brak podpisu cyfrowego]
S3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [232992 2010-02-01] () [Brak podpisu cyfrowego]
R3 rtl8192se; C:\Windows\System32\DRIVERS\rtl8192se.sys [1103904 2010-04-27] () [Brak podpisu cyfrowego]
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] () [Brak podpisu cyfrowego]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] () [Brak podpisu cyfrowego]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] ()
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-14] () [Brak podpisu cyfrowego]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] () [Brak podpisu cyfrowego]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-14] () [Brak podpisu cyfrowego]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] () [Brak podpisu cyfrowego]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] () [Brak podpisu cyfrowego]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] () [Brak podpisu cyfrowego]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-14] () [Brak podpisu cyfrowego]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-14] () [Brak podpisu cyfrowego]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-14] () [Brak podpisu cyfrowego]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] () [Brak podpisu cyfrowego]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-14] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-29] () [Brak podpisu cyfrowego]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-29] () [Brak podpisu cyfrowego]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-29] () [Brak podpisu cyfrowego]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-14] () [Brak podpisu cyfrowego]
R3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-14] () [Brak podpisu cyfrowego]
R3 SynTP; C:\Windows\system32\DRIVERS\SynTP.sys [316464 2010-03-10] () [Brak podpisu cyfrowego]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1903552 2014-02-19] () [Brak podpisu cyfrowego]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1903552 2014-02-19] () [Brak podpisu cyfrowego]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45056 2010-11-20] () [Brak podpisu cyfrowego]
R3 tdcmdpst; C:\Windows\System32\DRIVERS\tdcmdpst.sys [27784 2009-07-30] () [Brak podpisu cyfrowego]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] () [Brak podpisu cyfrowego]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] () [Brak podpisu cyfrowego]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] () [Brak podpisu cyfrowego]
R1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] () [Brak podpisu cyfrowego]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] () [Brak podpisu cyfrowego]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] () [Brak podpisu cyfrowego]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] () [Brak podpisu cyfrowego]
R0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] () [Brak podpisu cyfrowego]
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [14472 2009-06-19] () [Brak podpisu cyfrowego]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-14] () [Brak podpisu cyfrowego]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] () [Brak podpisu cyfrowego]
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-14] () [Brak podpisu cyfrowego]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () [Brak podpisu cyfrowego]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-14] () [Brak podpisu cyfrowego]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] () [Brak podpisu cyfrowego]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] () [Brak podpisu cyfrowego]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] () [Brak podpisu cyfrowego]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] () [Brak podpisu cyfrowego]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] () [Brak podpisu cyfrowego]
S3 usbprint; C:\Windows\system32\DRIVERS\usbprint.sys [25088 2009-07-14] () [Brak podpisu cyfrowego]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2010-11-20] () [Brak podpisu cyfrowego]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] () [Brak podpisu cyfrowego]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () [Brak podpisu cyfrowego]
R0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-14] () [Brak podpisu cyfrowego]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] () [Brak podpisu cyfrowego]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] () [Brak podpisu cyfrowego]
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] () [Brak podpisu cyfrowego]
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-14] () [Brak podpisu cyfrowego]
R0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] () [Brak podpisu cyfrowego]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] () [Brak podpisu cyfrowego]
R0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] () [Brak podpisu cyfrowego]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-14] () [Brak podpisu cyfrowego]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] () [Brak podpisu cyfrowego]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] () [Brak podpisu cyfrowego]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-14] () [Brak podpisu cyfrowego]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [Brak podpisu cyfrowego]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] () [Brak podpisu cyfrowego]
R0 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-14] () [Brak podpisu cyfrowego]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785624 2013-06-26] () [Brak podpisu cyfrowego]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] () [Brak podpisu cyfrowego]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-14] () [Brak podpisu cyfrowego]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] () [Brak podpisu cyfrowego]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-14] () [Brak podpisu cyfrowego]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] () [Brak podpisu cyfrowego]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-14] () [Brak podpisu cyfrowego]
S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-14] () [Brak podpisu cyfrowego]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2010-11-20] () [Brak podpisu cyfrowego]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-11-20] () [Brak podpisu cyfrowego]
U5 a14f089ffbafdf69;  <===== UWAGA: Zablokowana usługa
S1 dnahlxbg; \??\C:\Windows\system32\drivers\dnahlxbg.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-09-01 17:59 - 2015-09-01 17:59 - 00033754 _____ C:\Users\Bladowo\Desktop\FRST.txt
2015-09-01 17:58 - 2015-09-01 17:59 - 00000000 ____D C:\FRST
2015-09-01 17:56 - 2015-09-01 17:56 - 02188800 _____ (Farbar) C:\Users\Bladowo\Desktop\FRST64.exe
2015-08-30 19:29 - 2015-08-30 19:33 - 00000000 ____D C:\Users\Bladowo\Desktop\Nowy folder
2015-08-29 07:22 - 2015-08-30 10:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-25 17:48 - 2015-08-25 17:48 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Bladowo\Downloads\revosetup.exe
2015-08-25 17:48 - 2015-08-25 17:48 - 00001235 _____ C:\Users\Bladowo\Desktop\Revo Uninstaller.lnk
2015-08-25 17:48 - 2015-08-25 17:48 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-25 17:45 - 2015-08-25 17:45 - 00000000 ____D C:\AdwCleaner
2015-08-25 17:44 - 2015-08-25 17:44 - 01605632 _____ C:\Users\Bladowo\Desktop\AdwCleaner.exe
2015-08-25 17:43 - 2015-08-25 17:43 - 00008052 _____ C:\Users\Bladowo\Downloads\fixlist.txt
2015-08-25 17:17 - 2015-08-25 17:17 - 00664576 _____ C:\Users\Bladowo\Downloads\MicrosoftFixit50562.msi
2015-08-25 17:14 - 2015-08-25 17:14 - 00000000 ____D C:\Users\Bladowo\AppData\Roaming\AVAST Software
2015-08-25 17:09 - 2015-09-01 17:57 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-08-25 17:09 - 2015-08-25 17:09 - 00001929 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-25 17:09 - 2015-08-25 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-08-25 17:08 - 2015-08-25 17:09 - 01048344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-08-25 17:08 - 2015-08-25 17:08 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1440515356137
2015-08-25 17:08 - 2015-08-25 17:08 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-25 17:08 - 2015-08-25 17:08 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-25 17:08 - 2015-08-25 17:08 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-25 17:08 - 2015-08-25 17:08 - 00150672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-25 17:08 - 2015-08-25 17:08 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-25 17:08 - 2015-08-25 17:08 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-25 17:08 - 2015-08-25 17:08 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-25 17:08 - 2015-08-25 17:08 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-25 17:08 - 2015-08-25 17:08 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-25 17:06 - 2015-08-25 17:06 - 00000000 ____D C:\Program Files\AVAST Software
2015-08-25 17:05 - 2015-08-25 17:05 - 05500000 _____ (Avast Software s.r.o.) C:\Users\Bladowo\Downloads\avast_free_antivirus_setup_online.exe
2015-08-25 17:05 - 2015-08-25 17:05 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-21 14:39 - 2014-07-20 23:29 - 00675988 _____ C:\Users\Bladowo\Desktop\Minecraft.exe
2015-08-21 13:28 - 2015-08-21 13:28 - 00000000 ____D C:\Users\Bladowo\AppData\Roaming\LolClient
2015-08-21 12:00 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Bladowo\AppData\Roaming\.minecraft
2015-08-21 10:49 - 2015-08-21 10:49 - 00000000 ____D C:\ProgramData\Riot Games
2015-08-21 10:47 - 2015-08-21 10:47 - 00001613 _____ C:\Users\Public\Desktop\League of Legends.lnk
2015-08-21 10:47 - 2015-08-21 10:47 - 00000000 ____D C:\Riot Games
2015-08-21 10:47 - 2015-08-21 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-08-21 10:47 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-08-21 10:47 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-08-21 10:47 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-08-21 10:47 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-08-21 10:47 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-08-21 10:43 - 2015-08-21 10:47 - 00000000 ____D C:\Users\Bladowo\AppData\Roaming\Riot Games
2015-08-21 10:42 - 2015-08-21 10:43 - 30993712 _____ (Riot Games) C:\Users\Bladowo\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe
2015-08-18 10:22 - 2015-08-18 10:22 - 00000000 ____D C:\Users\Bladowo\Desktop\JACEKU
2015-08-16 22:16 - 2015-08-18 10:20 - 00000000 ____D C:\Users\Bladowo\Desktop\25rocznica_malgosia&jacek_sierpien2015
2015-08-15 11:56 - 2015-08-15 12:01 - 00000000 ____D C:\Users\Bladowo\Desktop\Nowy folder (2)
2015-08-15 11:53 - 2015-08-15 12:01 - 00000000 ____D C:\Users\Bladowo\Desktop\tata

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2015-09-01 17:57 - 2009-07-14 19:55 - 00687828 _____ C:\Windows\system32\perfh015.dat
2015-09-01 17:57 - 2009-07-14 19:55 - 00131382 _____ C:\Windows\system32\perfc015.dat
2015-09-01 17:57 - 2009-07-14 07:13 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-01 17:53 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-01 17:53 - 2009-07-14 06:51 - 00157928 _____ C:\Windows\setupact.log
2015-09-01 17:10 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-01 17:10 - 2009-07-14 06:45 - 00016304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 20:49 - 2014-03-31 19:05 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 10:15 - 2014-02-05 16:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-30 10:15 - 2014-02-05 16:03 - 00017908 _____ C:\Windows\PFRO.log
2015-08-25 17:53 - 2010-11-26 20:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-25 17:53 - 2010-11-26 20:42 - 00000000 ____D C:\Program Files\TOSHIBA
2015-08-25 17:52 - 2010-11-26 20:47 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2015-08-25 17:52 - 2010-11-26 20:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-08-25 17:50 - 2014-02-05 15:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-25 17:05 - 2014-02-05 16:16 - 00001912 _____ C:\Windows\epplauncher.mif
2015-08-25 16:21 - 2014-02-05 14:48 - 02876236 _____ C:\Windows\WindowsUpdate.log
2015-08-18 10:45 - 2015-06-20 12:48 - 00000000 ____D C:\Users\Bladowo\Desktop\zdjęcia
2015-08-15 11:21 - 2014-03-31 19:05 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-15 11:21 - 2014-03-31 19:05 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-15 11:21 - 2014-03-31 19:05 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-04 09:48 - 2009-07-14 07:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Niektóre pliki w TEMP:
====================
C:\Users\Bladowo\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Bladowo\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Bladowo\AppData\Local\Temp\ICReinstall_GeoGebra 5.exe
C:\Users\Bladowo\AppData\Local\Temp\MSN9397.exe


==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe => Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe => Plik podpisany cyfrowo
C:\Windows\explorer.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe => Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe => Plik podpisany cyfrowo
C:\Windows\system32\services.exe => Plik podpisany cyfrowo
C:\Windows\system32\User32.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll => Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe => Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe => Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll => Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys
[2014-02-16 11:30] - [2010-11-20 15:34] - 0295808 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys => Brak Firma <===== UWAGA



testsigning: ==> Ustawiony "Tryb testu". Sprawdź obecność niepodpisanego sterownika <===== UWAGA


LastRegBack: 2015-08-22 19:18

==================== Koniec  FRST.txt ============================


Edited by mcrjoker, 02 September 2015 - 09:45 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Language is not a problem

I can see the culprit but, I will need to take two different hits at it

Download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG
  • Then click on Change parameters.

    tdss%20Change%20param.JPG
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • If Necurs is detected in this service a14f089ffbafdf69; with this file C:\Windows\System32\Drivers\a14f089ffbafdf69.sys then select delete
  • Get the report by selecting Reports



    tdss%20report.JPG
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
U5 a14f089ffbafdf69; C:\Windows\System32\Drivers\a14f089ffbafdf69.sys [60344 2014-05-25] () <===== UWAGA Necurs Rootkit?
U5 a14f089ffbafdf69; <===== UWAGA: Zablokowana usluga
S1 dnahlxbg; \??\C:\Windows\system32\drivers\dnahlxbg.sys [X]
C:\Windows\system32\drivers\dnahlxbg.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#7
mcrjoker

mcrjoker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

At first thank you very much for help.

My Avast is working now, I can even start the Windows Defender. :)

I did all that you've said.

Here are reports from kaspersky and from FRST:

 

Attached File  kaspersky.txt   157.25KB   114 downloadsAttached File  Fixlog.txt   2.2KB   135 downloads

 

KASPERSKY

 

 

19:58:00.0703 0x0b4c  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
19:58:00.0952 0x0b4c  ============================================================
19:58:00.0952 0x0b4c  Current date / time: 2015/09/02 19:58:00.0952
19:58:00.0952 0x0b4c  SystemInfo:
19:58:00.0952 0x0b4c  
19:58:00.0952 0x0b4c  OS Version: 6.1.7601 ServicePack: 1.0
19:58:00.0952 0x0b4c  Product type: Workstation
19:58:00.0952 0x0b4c  ComputerName: BLADOWO_KOM
19:58:00.0968 0x0b4c  UserName: Bladowo
19:58:00.0968 0x0b4c  Windows directory: C:\Windows
19:58:00.0968 0x0b4c  System windows directory: C:\Windows
19:58:00.0968 0x0b4c  Running under WOW64
19:58:00.0968 0x0b4c  Processor architecture: Intel x64
19:58:00.0968 0x0b4c  Number of processors: 4
19:58:00.0968 0x0b4c  Page size: 0x1000
19:58:00.0968 0x0b4c  Boot type: Normal boot
19:58:00.0968 0x0b4c  ============================================================
19:58:00.0968 0x0b4c  BG loaded
19:58:03.0639 0x0b4c  System UUID: {09C73EF1-FDCD-21B7-F930-7EB6CF310D2F}
19:58:06.0089 0x0b4c  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:58:06.0099 0x0b4c  ============================================================
19:58:06.0099 0x0b4c  \Device\Harddisk0\DR0:
19:58:06.0099 0x0b4c  MBR partitions:
19:58:06.0099 0x0b4c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D14D000
19:58:06.0099 0x0b4c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D215800, BlocksNum 0x1D170030
19:58:06.0099 0x0b4c  ============================================================
19:58:06.0159 0x0b4c  C: <-> \Device\Harddisk0\DR0\Partition1
19:58:06.0889 0x0b4c  D: <-> \Device\Harddisk0\DR0\Partition2
19:58:06.0889 0x0b4c  ============================================================
19:58:06.0889 0x0b4c  Initialize success
19:58:06.0889 0x0b4c  ============================================================
19:59:39.0356 0x0f80  ============================================================
19:59:39.0356 0x0f80  Scan started
19:59:39.0356 0x0f80  Mode: Manual; SigCheck; TDLFS;
19:59:39.0356 0x0f80  ============================================================
19:59:39.0356 0x0f80  KSN ping started
19:59:42.0117 0x0f80  KSN ping finished: true
19:59:50.0864 0x0f80  ================ Scan system memory ========================
19:59:50.0864 0x0f80  System memory - ok
19:59:50.0865 0x0f80  ================ Scan services =============================
19:59:51.0730 0x0f80  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:59:52.0031 0x0f80  1394ohci - ok
19:59:52.0040 0x0f80  Suspicious service (NoAccess): a14f089ffbafdf69
19:59:52.0132 0x0f80  [ FFF37EAFA2C55044BBC2D4CAE5F223FC, 793652E6BBB54D221ADE9DFBE5EDA007F6E7B01465FE91FC5B58D40908271D79 ] a14f089ffbafdf69 C:\Windows\System32\Drivers\a14f089ffbafdf69.sys
19:59:52.0132 0x0f80  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\a14f089ffbafdf69.sys. md5: FFF37EAFA2C55044BBC2D4CAE5F223FC, sha256: 793652E6BBB54D221ADE9DFBE5EDA007F6E7B01465FE91FC5B58D40908271D79
19:59:52.0197 0x0f80  a14f089ffbafdf69 - detected Rootkit.Win32.Necurs.gen ( 0 )
19:59:55.0182 0x0f80  a14f089ffbafdf69 ( Rootkit.Win32.Necurs.gen ) - infected
19:59:55.0182 0x0f80  Force sending object to P2P due to detect: a14f089ffbafdf69
19:59:58.0006 0x0f80  Object send P2P result: true
20:00:00.0800 0x0f80  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:00:00.0827 0x0f80  ACPI - ok
20:00:00.0903 0x0f80  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:00:01.0104 0x0f80  AcpiPmi - ok
20:00:01.0210 0x0f80  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:00:01.0231 0x0f80  AdobeARMservice - ok
20:00:02.0523 0x0f80  [ 368290D0A612D62DA6F3D798B1BB8FE7, D573BF8543F37BC51B88A2473EDFD28AFBCCC446E8CADD54A90FA48D8739D222 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:00:02.0550 0x0f80  AdobeFlashPlayerUpdateSvc - ok
20:00:02.0671 0x0f80  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:00:02.0717 0x0f80  adp94xx - ok
20:00:02.0779 0x0f80  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:00:02.0807 0x0f80  adpahci - ok
20:00:02.0841 0x0f80  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:00:02.0856 0x0f80  adpu320 - ok
20:00:02.0894 0x0f80  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:00:03.0641 0x0f80  AeLookupSvc - ok
20:00:03.0742 0x0f80  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
20:00:03.0870 0x0f80  AFD - ok
20:00:03.0898 0x0f80  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:00:03.0918 0x0f80  agp440 - ok
20:00:03.0963 0x0f80  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:00:04.0091 0x0f80  ALG - ok
20:00:04.0142 0x0f80  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:00:04.0164 0x0f80  aliide - ok
20:00:04.0240 0x0f80  [ 61A18BCAF557CD6614309E4978B81056, 4481B4276E7F6790D7BF4D9DC3C172BCA037BF6A30D5CE4E0190585F669FA4EC ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:00:04.0437 0x0f80  AMD External Events Utility - ok
20:00:04.0502 0x0f80  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:00:04.0525 0x0f80  amdide - ok
20:00:04.0632 0x0f80  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:00:04.0702 0x0f80  AmdK8 - ok
20:00:05.0336 0x0f80  [ F05B22CE901FC26AE55A1A27AA674D96, 1D1F8D6076BC3608C11F343F4597B599BA602B3FB1064CC1EAFB08FD667D0D6E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:00:05.0553 0x0f80  amdkmdag - ok
20:00:05.0629 0x0f80  [ ED25D58581B5A28593C277F482FCCD62, EC20DF155BA3814A052DD4DB1B5C220A75E68B9D88518ED676A12CF70AF619F5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:00:05.0693 0x0f80  amdkmdap - ok
20:00:05.0753 0x0f80  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:00:05.0849 0x0f80  AmdPPM - ok
20:00:05.0887 0x0f80  [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:00:05.0909 0x0f80  amdsata - ok
20:00:05.0964 0x0f80  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:00:05.0993 0x0f80  amdsbs - ok
20:00:06.0019 0x0f80  [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:00:06.0039 0x0f80  amdxata - ok
20:00:06.0128 0x0f80  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
20:00:06.0960 0x0f80  AppID - ok
20:00:06.0997 0x0f80  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:00:07.0098 0x0f80  AppIDSvc - ok
20:00:07.0170 0x0f80  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
20:00:07.0264 0x0f80  Appinfo - ok
20:00:07.0304 0x0f80  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:00:07.0329 0x0f80  arc - ok
20:00:07.0353 0x0f80  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:00:07.0371 0x0f80  arcsas - ok
20:00:07.0449 0x0f80  [ 525F5989C095F5757414E1F4B39175B2, 0CA28553AE4BF07C3952A6E2355FAB2B0CB862CFD88DEFD7232FD48ABA99CFCB ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
20:00:07.0467 0x0f80  aswHwid - ok
20:00:07.0488 0x0f80  [ 76D585093398DB973470BB83FCF0CE52, F7135232E7F50270A253C9F04574F22B827A42B2BE42DE6E391CE3A56B2EA51F ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:00:07.0498 0x0f80  aswMonFlt - ok
20:00:07.0543 0x0f80  [ 719FF5568B5E71832541636E2A7DFE27, C49ADB31B5DE6FCFB252290D5B831A90E555F86058500538BBD288B10CDCC46F ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
20:00:07.0563 0x0f80  aswRdr - ok
20:00:07.0593 0x0f80  [ 21C13E3C9B801C8AE172FABBD235221E, 0AE02CB0F4A87C6065159B68545DD536C4E98C8C23E954ED3392A7CE5F28868C ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:00:07.0616 0x0f80  aswRvrt - ok
20:00:07.0852 0x0f80  [ E0F47617EB31CD205BF68B55CE88862D, EE3ED93E51E310E1D713F8692CF2A61147C0EFCFA465969C04B85DA2E271F3E6 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:00:07.0893 0x0f80  aswSnx - ok
20:00:08.0035 0x0f80  [ C43A0929DE32035499D6BB39A7F44439, 6269380D25D6BFFB7C234758114B700A75BD55D654B6D93ED44D50660A86FCA7 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:00:08.0060 0x0f80  aswSP - ok
20:00:08.0152 0x0f80  [ 763C27EA21875F54615A0174EEC78FC4, 4EE48D475B183DD2066781137F46A4BEE2E510B3A085B9B1385F8C0043A5BE08 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
20:00:08.0173 0x0f80  aswStm - ok
20:00:08.0200 0x0f80  [ C85B35201A253B99199C0A9F5B98FC18, 18FF49D52035C79AD70A96FBD4663C41A58830D432DD4B9EDA6E7FCDFD12C18F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:00:08.0227 0x0f80  aswVmm - ok
20:00:08.0281 0x0f80  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:00:08.0385 0x0f80  AsyncMac - ok
20:00:08.0452 0x0f80  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:00:08.0479 0x0f80  atapi - ok
20:00:08.0650 0x0f80  [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:00:08.0970 0x0f80  athr - ok
20:00:09.0122 0x0f80  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:00:09.0230 0x0f80  AudioEndpointBuilder - ok
20:00:09.0324 0x0f80  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:00:09.0377 0x0f80  AudioSrv - ok
20:00:09.0586 0x0f80  [ 4956380A54B1C9E6BFDF3D80DACB9698, 0B0F9807EEF0F3BFE4F862876633D241DBA8F72A1373445976FF388678C4734C ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:00:09.0609 0x0f80  avast! Antivirus - ok
20:00:09.0671 0x0f80  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:00:10.0015 0x0f80  AxInstSV - ok
20:00:10.0131 0x0f80  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:00:10.0223 0x0f80  b06bdrv - ok
20:00:10.0286 0x0f80  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:00:10.0344 0x0f80  b57nd60a - ok
20:00:10.0443 0x0f80  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:00:10.0553 0x0f80  BDESVC - ok
20:00:10.0605 0x0f80  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:00:10.0670 0x0f80  Beep - ok
20:00:10.0850 0x0f80  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:00:10.0918 0x0f80  BFE - ok
20:00:11.0168 0x0f80  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:00:11.0266 0x0f80  BITS - ok
20:00:11.0360 0x0f80  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:00:11.0394 0x0f80  blbdrive - ok
20:00:11.0476 0x0f80  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:00:11.0509 0x0f80  bowser - ok
20:00:11.0586 0x0f80  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:00:11.0676 0x0f80  BrFiltLo - ok
20:00:11.0686 0x0f80  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:00:11.0709 0x0f80  BrFiltUp - ok
20:00:11.0745 0x0f80  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:00:11.0784 0x0f80  Browser - ok
20:00:11.0826 0x0f80  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:00:11.0951 0x0f80  Brserid - ok
20:00:12.0017 0x0f80  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:00:12.0045 0x0f80  BrSerWdm - ok
20:00:12.0071 0x0f80  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:00:12.0178 0x0f80  BrUsbMdm - ok
20:00:12.0222 0x0f80  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:00:12.0255 0x0f80  BrUsbSer - ok
20:00:12.0275 0x0f80  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:00:12.0321 0x0f80  BTHMODEM - ok
20:00:12.0387 0x0f80  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:00:12.0464 0x0f80  bthserv - ok
20:00:12.0489 0x0f80  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:00:12.0539 0x0f80  cdfs - ok
20:00:12.0591 0x0f80  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:00:12.0627 0x0f80  cdrom - ok
20:00:12.0719 0x0f80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:00:12.0791 0x0f80  CertPropSvc - ok
20:00:12.0830 0x0f80  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:00:12.0856 0x0f80  circlass - ok
20:00:12.0937 0x0f80  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
20:00:13.0012 0x0f80  CLFS - ok
20:00:13.0086 0x0f80  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:00:13.0115 0x0f80  clr_optimization_v2.0.50727_32 - ok
20:00:13.0205 0x0f80  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:00:13.0227 0x0f80  clr_optimization_v2.0.50727_64 - ok
20:00:13.0305 0x0f80  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:00:13.0341 0x0f80  CmBatt - ok
20:00:13.0404 0x0f80  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:00:13.0429 0x0f80  cmdide - ok
20:00:13.0558 0x0f80  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
20:00:13.0614 0x0f80  CNG - ok
20:00:13.0709 0x0f80  [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
20:00:13.0735 0x0f80  CnxtHdAudService - ok
20:00:13.0825 0x0f80  [ 89C99AB4AE9535F727791592D84D4821, 4DE537467CC39BF3532EDDA3FE0F054654B369D8BBA8B3356FA7D2E8CB374493 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys
20:00:13.0852 0x0f80  CnxtHdmiAudService - ok
20:00:13.0934 0x0f80  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:00:13.0958 0x0f80  Compbatt - ok
20:00:14.0042 0x0f80  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:00:14.0110 0x0f80  CompositeBus - ok
20:00:14.0144 0x0f80  COMSysApp - ok
20:00:14.0190 0x0f80  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:00:14.0203 0x0f80  crcdisk - ok
20:00:14.0244 0x0f80  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:00:14.0312 0x0f80  CryptSvc - ok
20:00:14.0539 0x0f80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:00:14.0628 0x0f80  DcomLaunch - ok
20:00:14.0701 0x0f80  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:00:14.0802 0x0f80  defragsvc - ok
20:00:14.0830 0x0f80  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:00:14.0934 0x0f80  DfsC - ok
20:00:15.0028 0x0f80  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:00:15.0103 0x0f80  Dhcp - ok
20:00:15.0144 0x0f80  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:00:15.0195 0x0f80  discache - ok
20:00:15.0242 0x0f80  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:00:15.0271 0x0f80  Disk - ok
20:00:15.0352 0x0f80  dnahlxbg - ok
20:00:15.0397 0x0f80  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:00:15.0487 0x0f80  Dnscache - ok
20:00:15.0529 0x0f80  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:00:15.0616 0x0f80  dot3svc - ok
20:00:15.0637 0x0f80  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:00:15.0679 0x0f80  DPS - ok
20:00:15.0748 0x0f80  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:00:15.0819 0x0f80  drmkaud - ok
20:00:15.0963 0x0f80  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:00:15.0997 0x0f80  DXGKrnl - ok
20:00:16.0057 0x0f80  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:00:16.0121 0x0f80  EapHost - ok
20:00:16.0549 0x0f80  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:00:16.0733 0x0f80  ebdrv - ok
20:00:16.0784 0x0f80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
20:00:16.0849 0x0f80  EFS - ok
20:00:17.0054 0x0f80  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:00:17.0266 0x0f80  ehRecvr - ok
20:00:17.0299 0x0f80  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:00:17.0347 0x0f80  ehSched - ok
20:00:17.0445 0x0f80  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:00:17.0505 0x0f80  elxstor - ok
20:00:17.0520 0x0f80  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:00:17.0569 0x0f80  ErrDev - ok
20:00:17.0661 0x0f80  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:00:17.0719 0x0f80  EventSystem - ok
20:00:17.0773 0x0f80  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:00:17.0840 0x0f80  exfat - ok
20:00:17.0879 0x0f80  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:00:17.0928 0x0f80  fastfat - ok
20:00:18.0082 0x0f80  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:00:18.0250 0x0f80  Fax - ok
20:00:18.0300 0x0f80  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:00:18.0300 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fdc.sys. md5: D765D19CD8EF61F650C384F62FAC00AB, sha256: 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE
20:00:18.0301 0x0f80  fdc - detected LockedFile.Multi.Generic ( 1 )
20:00:21.0092 0x0f80  Detect skipped due to KSN trusted
20:00:21.0092 0x0f80  fdc - ok
20:00:21.0156 0x0f80  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:00:21.0224 0x0f80  fdPHost - ok
20:00:21.0273 0x0f80  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:00:21.0366 0x0f80  FDResPub - ok
20:00:21.0395 0x0f80  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:00:21.0395 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fileinfo.sys. md5: 655661BE46B5F5F3FD454E2C3095B930, sha256: 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A
20:00:21.0395 0x0f80  FileInfo - detected LockedFile.Multi.Generic ( 1 )
20:00:24.0220 0x0f80  Detect skipped due to KSN trusted
20:00:24.0220 0x0f80  FileInfo - ok
20:00:24.0252 0x0f80  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:00:24.0252 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\filetrace.sys. md5: 5F671AB5BC87EEA04EC38A6CD5962A47, sha256: 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6
20:00:24.0252 0x0f80  Filetrace - detected LockedFile.Multi.Generic ( 1 )
20:00:28.0490 0x0f80  Detect skipped due to KSN trusted
20:00:28.0490 0x0f80  Filetrace - ok
20:00:28.0581 0x0f80  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:00:28.0582 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\flpydisk.sys. md5: C172A0F53008EAEB8EA33FE10E177AF5, sha256: 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B
20:00:28.0582 0x0f80  flpydisk - detected LockedFile.Multi.Generic ( 1 )
20:00:31.0402 0x0f80  Detect skipped due to KSN trusted
20:00:31.0402 0x0f80  flpydisk - ok
20:00:31.0453 0x0f80  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:00:31.0453 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\fltmgr.sys. md5: DA6B67270FD9DB3697B20FCE94950741, sha256: F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331
20:00:31.0453 0x0f80  FltMgr - detected LockedFile.Multi.Generic ( 1 )
20:00:34.0423 0x0f80  Detect skipped due to KSN trusted
20:00:34.0423 0x0f80  FltMgr - ok
20:00:34.0595 0x0f80  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
20:00:34.0673 0x0f80  FontCache - ok
20:00:34.0775 0x0f80  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:00:34.0797 0x0f80  FontCache3.0.0.0 - ok
20:00:34.0814 0x0f80  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:00:34.0814 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\FsDepends.sys. md5: D43703496149971890703B4B1B723EAC, sha256: F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E
20:00:34.0814 0x0f80  FsDepends - detected LockedFile.Multi.Generic ( 1 )
20:00:37.0607 0x0f80  Detect skipped due to KSN trusted
20:00:37.0607 0x0f80  FsDepends - ok
20:00:37.0664 0x0f80  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:00:37.0664 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Fs_Rec.sys. md5: 6BD9295CC032DD3077C671FCCF579A7B, sha256: 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33
20:00:37.0664 0x0f80  Fs_Rec - detected LockedFile.Multi.Generic ( 1 )
20:00:40.0486 0x0f80  Detect skipped due to KSN trusted
20:00:40.0486 0x0f80  Fs_Rec - ok
20:00:40.0552 0x0f80  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:00:40.0552 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\fvevol.sys. md5: 1F7B25B858FA27015169FE95E54108ED, sha256: 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5
20:00:40.0553 0x0f80  fvevol - detected LockedFile.Multi.Generic ( 1 )
20:00:43.0543 0x0f80  Detect skipped due to KSN trusted
20:00:43.0543 0x0f80  fvevol - ok
20:00:43.0614 0x0f80  [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk           C:\Windows\system32\DRIVERS\FwLnk.sys
20:00:43.0614 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\FwLnk.sys. md5: 60ACB128E64C35C2B4E4AAB1B0A5C293, sha256: 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9
20:00:43.0614 0x0f80  FwLnk - detected LockedFile.Multi.Generic ( 1 )
20:00:46.0413 0x0f80  Detect skipped due to KSN trusted
20:00:46.0413 0x0f80  FwLnk - ok
20:00:46.0454 0x0f80  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:00:46.0455 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8C778D335C9D272CFD3298AB02ABE3B6, sha256: 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005
20:00:46.0455 0x0f80  gagp30kx - detected LockedFile.Multi.Generic ( 1 )
20:00:49.0249 0x0f80  Detect skipped due to KSN trusted
20:00:49.0249 0x0f80  gagp30kx - ok
20:00:49.0419 0x0f80  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:00:49.0502 0x0f80  gpsvc - ok
20:00:49.0567 0x0f80  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:00:49.0567 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hcw85cir.sys. md5: F2523EF6460FC42405B12248338AB2F0, sha256: B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19
20:00:49.0568 0x0f80  hcw85cir - detected LockedFile.Multi.Generic ( 1 )
20:00:52.0540 0x0f80  Detect skipped due to KSN trusted
20:00:52.0540 0x0f80  hcw85cir - ok
20:00:52.0639 0x0f80  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:00:52.0639 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HdAudio.sys. md5: 975761C778E33CD22498059B91E7373A, sha256: 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9
20:00:52.0639 0x0f80  HdAudAddService - detected LockedFile.Multi.Generic ( 1 )
20:00:55.0434 0x0f80  Detect skipped due to KSN trusted
20:00:55.0434 0x0f80  HdAudAddService - ok
20:00:55.0496 0x0f80  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:00:55.0496 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HDAudBus.sys. md5: 97BFED39B6B79EB12CDDBFEED51F56BB, sha256: 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955
20:00:55.0497 0x0f80  HDAudBus - detected LockedFile.Multi.Generic ( 1 )
20:00:58.0293 0x0f80  Detect skipped due to KSN trusted
20:00:58.0293 0x0f80  HDAudBus - ok
20:00:58.0344 0x0f80  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
20:00:58.0345 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HECIx64.sys. md5: B6AC71AAA2B10848F57FC49D55A651AF, sha256: 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91
20:00:58.0345 0x0f80  HECIx64 - detected LockedFile.Multi.Generic ( 1 )
20:01:01.0139 0x0f80  Detect skipped due to KSN trusted
20:01:01.0139 0x0f80  HECIx64 - ok
20:01:01.0179 0x0f80  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:01:01.0179 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78E86380454A7B10A5EB255DC44A355F, sha256: 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64
20:01:01.0180 0x0f80  HidBatt - detected LockedFile.Multi.Generic ( 1 )
20:01:04.0004 0x0f80  Detect skipped due to KSN trusted
20:01:04.0004 0x0f80  HidBatt - ok
20:01:04.0054 0x0f80  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:01:04.0054 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7FD2A313F7AFE5C4DAB14798C48DD104, sha256: 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4
20:01:04.0054 0x0f80  HidBth - detected LockedFile.Multi.Generic ( 1 )
20:01:06.0851 0x0f80  Detect skipped due to KSN trusted
20:01:06.0851 0x0f80  HidBth - ok
20:01:06.0885 0x0f80  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:01:06.0885 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0A77D29F311B88CFAE3B13F9C1A73825, sha256: 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D
20:01:06.0885 0x0f80  HidIr - detected LockedFile.Multi.Generic ( 1 )
20:01:09.0711 0x0f80  Detect skipped due to KSN trusted
20:01:09.0711 0x0f80  HidIr - ok
20:01:09.0761 0x0f80  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
20:01:09.0830 0x0f80  hidserv - ok
20:01:09.0875 0x0f80  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:01:09.0876 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\hidusb.sys. md5: 9592090A7E2B61CD582B612B6DF70536, sha256: FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F
20:01:09.0876 0x0f80  HidUsb - detected LockedFile.Multi.Generic ( 1 )
20:01:12.0863 0x0f80  Detect skipped due to KSN trusted
20:01:12.0863 0x0f80  HidUsb - ok
20:01:12.0915 0x0f80  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:01:12.0978 0x0f80  hkmsvc - ok
20:01:13.0009 0x0f80  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:01:13.0056 0x0f80  HomeGroupListener - ok
20:01:13.0085 0x0f80  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:01:13.0132 0x0f80  HomeGroupProvider - ok
20:01:13.0157 0x0f80  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:01:13.0157 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HpSAMD.sys. md5: 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, sha256: E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205
20:01:13.0158 0x0f80  HpSAMD - detected LockedFile.Multi.Generic ( 1 )
20:01:16.0129 0x0f80  Detect skipped due to KSN trusted
20:01:16.0129 0x0f80  HpSAMD - ok
20:01:16.0246 0x0f80  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:01:16.0246 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\HTTP.sys. md5: 0EA7DE1ACB728DD5A369FD742D6EEE28, sha256: 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779
20:01:16.0247 0x0f80  HTTP - detected LockedFile.Multi.Generic ( 1 )
20:01:19.0243 0x0f80  Detect skipped due to KSN trusted
20:01:19.0243 0x0f80  HTTP - ok
20:01:19.0264 0x0f80  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:01:19.0264 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\hwpolicy.sys. md5: A5462BD6884960C9DC85ED49D34FF392, sha256: 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53
20:01:19.0265 0x0f80  hwpolicy - detected LockedFile.Multi.Generic ( 1 )
20:01:22.0091 0x0f80  Detect skipped due to KSN trusted
20:01:22.0091 0x0f80  hwpolicy - ok
20:01:22.0129 0x0f80  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:01:22.0129 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\i8042prt.sys. md5: FA55C73D4AFFA7EE23AC4BE53B4592D3, sha256: 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD
20:01:22.0130 0x0f80  i8042prt - detected LockedFile.Multi.Generic ( 1 )
20:01:25.0100 0x0f80  Detect skipped due to KSN trusted
20:01:25.0100 0x0f80  i8042prt - ok
20:01:25.0173 0x0f80  [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:01:25.0173 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 85977CD13FC16069CE0AF7943A811775, sha256: 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990
20:01:25.0182 0x0f80  iaStor - detected LockedFile.Multi.Generic ( 1 )
20:01:28.0153 0x0f80  Detect skipped due to KSN trusted
20:01:28.0153 0x0f80  iaStor - ok
20:01:28.0243 0x0f80  [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:01:28.0243 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\iaStorV.sys. md5: 3DF4395A7CF8B7A72A5F4606366B8C2D, sha256: 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80
20:01:28.0244 0x0f80  iaStorV - detected LockedFile.Multi.Generic ( 1 )
20:01:31.0070 0x0f80  Detect skipped due to KSN trusted
20:01:31.0071 0x0f80  iaStorV - ok
20:01:31.0198 0x0f80  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:01:31.0249 0x0f80  idsvc - ok
20:01:31.0269 0x0f80  IEEtwCollectorService - ok
20:01:31.0300 0x0f80  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:01:31.0300 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5C18831C61933628F5BB0EA2675B9D21, sha256: 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4
20:01:31.0300 0x0f80  iirsp - detected LockedFile.Multi.Generic ( 1 )
20:01:34.0279 0x0f80  Detect skipped due to KSN trusted
20:01:34.0279 0x0f80  iirsp - ok
20:01:34.0366 0x0f80  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:01:34.0418 0x0f80  IKEEXT - ok
20:01:34.0472 0x0f80  [ 4B6363CD4610BB848531BB260B15DFCC, 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
20:01:34.0472 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\Impcd.sys. md5: 4B6363CD4610BB848531BB260B15DFCC, sha256: 13A8AA9571497086341AC00797EFF212FF76EE62F9CFF758D3C08B377EC7BF04
20:01:34.0473 0x0f80  Impcd - detected LockedFile.Multi.Generic ( 1 )
20:01:37.0446 0x0f80  Detect skipped due to KSN trusted
20:01:37.0446 0x0f80  Impcd - ok
20:01:37.0533 0x0f80  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:01:37.0533 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\intelide.sys. md5: F00F20E70C6EC3AA366910083A0518AA, sha256: E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22
20:01:37.0534 0x0f80  intelide - detected LockedFile.Multi.Generic ( 1 )
20:01:40.0362 0x0f80  Detect skipped due to KSN trusted
20:01:40.0362 0x0f80  intelide - ok
20:01:40.0443 0x0f80  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:01:40.0444 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ADA036632C664CAA754079041CF1F8C1, sha256: F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610
20:01:40.0454 0x0f80  intelppm - detected LockedFile.Multi.Generic ( 1 )
20:01:43.0282 0x0f80  Detect skipped due to KSN trusted
20:01:43.0282 0x0f80  intelppm - ok
20:01:43.0375 0x0f80  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:01:43.0453 0x0f80  IPBusEnum - ok
20:01:43.0483 0x0f80  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:01:43.0483 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: C9F0E1BD74365A8771590E9008D22AB6, sha256: 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51
20:01:43.0484 0x0f80  IpFilterDriver - detected LockedFile.Multi.Generic ( 1 )
20:01:46.0474 0x0f80  Detect skipped due to KSN trusted
20:01:46.0474 0x0f80  IpFilterDriver - ok
20:01:46.0587 0x0f80  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:01:46.0668 0x0f80  iphlpsvc - ok
20:01:46.0722 0x0f80  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:01:46.0722 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\IPMIDrv.sys. md5: 0FC1AEA580957AA8817B8F305D18CA3A, sha256: 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9
20:01:46.0723 0x0f80  IPMIDRV - detected LockedFile.Multi.Generic ( 1 )
20:01:49.0510 0x0f80  Detect skipped due to KSN trusted
20:01:49.0510 0x0f80  IPMIDRV - ok
20:01:49.0595 0x0f80  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:01:49.0595 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ipnat.sys. md5: AF9B39A7E7B6CAA203B3862582E9F2D0, sha256: 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E
20:01:49.0596 0x0f80  IPNAT - detected LockedFile.Multi.Generic ( 1 )
20:01:52.0573 0x0f80  Detect skipped due to KSN trusted
20:01:52.0573 0x0f80  IPNAT - ok
20:01:52.0635 0x0f80  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:01:52.0636 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\irenum.sys. md5: 3ABF5E7213EB28966D55D58B515D5CE9, sha256: A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE
20:01:52.0636 0x0f80  IRENUM - detected LockedFile.Multi.Generic ( 1 )
20:01:55.0628 0x0f80  Detect skipped due to KSN trusted
20:01:55.0628 0x0f80  IRENUM - ok
20:01:55.0714 0x0f80  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:01:55.0715 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\isapnp.sys. md5: 2F7B28DC3E1183E5EB418DF55C204F38, sha256: D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548
20:01:55.0715 0x0f80  isapnp - detected LockedFile.Multi.Generic ( 1 )
20:01:58.0513 0x0f80  Detect skipped due to KSN trusted
20:01:58.0513 0x0f80  isapnp - ok
20:01:58.0561 0x0f80  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:01:58.0561 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msiscsi.sys. md5: D931D7309DEB2317035B07C9F9E6B0BD, sha256: 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3
20:01:58.0562 0x0f80  iScsiPrt - detected LockedFile.Multi.Generic ( 1 )
20:02:01.0363 0x0f80  Detect skipped due to KSN trusted
20:02:01.0363 0x0f80  iScsiPrt - ok
20:02:01.0432 0x0f80  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:02:01.0433 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: BC02336F1CBA7DCC7D1213BB588A68A5, sha256: 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93
20:02:01.0433 0x0f80  kbdclass - detected LockedFile.Multi.Generic ( 1 )
20:02:04.0415 0x0f80  Detect skipped due to KSN trusted
20:02:04.0415 0x0f80  kbdclass - ok
20:02:04.0484 0x0f80  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:02:04.0484 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 0705EFF5B42A9DB58548EEC3B26BB484, sha256: 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99
20:02:04.0484 0x0f80  kbdhid - detected LockedFile.Multi.Generic ( 1 )
20:02:07.0279 0x0f80  Detect skipped due to KSN trusted
20:02:07.0279 0x0f80  kbdhid - ok
20:02:07.0348 0x0f80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
20:02:07.0369 0x0f80  KeyIso - ok
20:02:07.0398 0x0f80  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:02:07.0398 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecdd.sys. md5: 353009DEDF918B2A51414F330CF72DEC, sha256: BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2
20:02:07.0399 0x0f80  KSecDD - detected LockedFile.Multi.Generic ( 1 )
20:02:10.0225 0x0f80  Detect skipped due to KSN trusted
20:02:10.0225 0x0f80  KSecDD - ok
20:02:10.0307 0x0f80  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:02:10.0307 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 1C2D8E18AA8FD50CD04C15CC27F7F5AB, sha256: 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989
20:02:10.0307 0x0f80  KSecPkg - detected LockedFile.Multi.Generic ( 1 )
20:02:13.0104 0x0f80  Detect skipped due to KSN trusted
20:02:13.0104 0x0f80  KSecPkg - ok
20:02:13.0181 0x0f80  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:02:13.0182 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281E78CB31A43E969F06B57347C4, sha256: 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B
20:02:13.0182 0x0f80  ksthunk - detected LockedFile.Multi.Generic ( 1 )
20:02:16.0245 0x0f80  Detect skipped due to KSN trusted
20:02:16.0245 0x0f80  ksthunk - ok
20:02:16.0343 0x0f80  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:02:16.0443 0x0f80  KtmRm - ok
20:02:16.0482 0x0f80  [ 55480B9C63F3F91A8EBBADCBF28FE581, 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:02:16.0482 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\L1C62x64.sys. md5: 55480B9C63F3F91A8EBBADCBF28FE581, sha256: 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293
20:02:16.0483 0x0f80  L1C - detected LockedFile.Multi.Generic ( 1 )
20:02:19.0465 0x0f80  Detect skipped due to KSN trusted
20:02:19.0466 0x0f80  L1C - ok
20:02:19.0573 0x0f80  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:02:19.0661 0x0f80  LanmanServer - ok
20:02:19.0685 0x0f80  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:02:19.0725 0x0f80  LanmanWorkstation - ok
20:02:19.0773 0x0f80  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:02:19.0773 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831CF8AD2979A04C423779465827, sha256: E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C
20:02:19.0773 0x0f80  lltdio - detected LockedFile.Multi.Generic ( 1 )
20:02:22.0598 0x0f80  Detect skipped due to KSN trusted
20:02:22.0598 0x0f80  lltdio - ok
20:02:22.0688 0x0f80  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:02:22.0802 0x0f80  lltdsvc - ok
20:02:22.0827 0x0f80  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:02:22.0860 0x0f80  lmhosts - ok
20:02:22.0944 0x0f80  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:02:22.0975 0x0f80  LMS - ok
20:02:23.0002 0x0f80  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:02:23.0003 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1A93E54EB0ECE102495A51266DCDB6A6, sha256: DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B
20:02:23.0003 0x0f80  LSI_FC - detected LockedFile.Multi.Generic ( 1 )
20:02:27.0212 0x0f80  Detect skipped due to KSN trusted
20:02:27.0212 0x0f80  LSI_FC - ok
20:02:27.0298 0x0f80  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:02:27.0298 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184A9FDC8BDBFF857175875EE810, sha256: F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B
20:02:27.0299 0x0f80  LSI_SAS - detected LockedFile.Multi.Generic ( 1 )
20:02:30.0122 0x0f80  Detect skipped due to KSN trusted
20:02:30.0122 0x0f80  LSI_SAS - ok
20:02:30.0192 0x0f80  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:02:30.0192 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30F5C0DE1EE8B5BC9306C1F0E4A75F93, sha256: 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06
20:02:30.0193 0x0f80  LSI_SAS2 - detected LockedFile.Multi.Generic ( 1 )
20:02:33.0020 0x0f80  Detect skipped due to KSN trusted
20:02:33.0020 0x0f80  LSI_SAS2 - ok
20:02:33.0094 0x0f80  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:02:33.0095 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504EACAFF0D3C8AED161C4B0D369D4A, sha256: 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D
20:02:33.0095 0x0f80  LSI_SCSI - detected LockedFile.Multi.Generic ( 1 )
20:02:35.0895 0x0f80  Detect skipped due to KSN trusted
20:02:35.0895 0x0f80  LSI_SCSI - ok
20:02:35.0961 0x0f80  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:02:35.0961 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\luafv.sys. md5: 43D0F98E1D56CCDDB0D5254CFF7B356E, sha256: 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22
20:02:35.0961 0x0f80  luafv - detected LockedFile.Multi.Generic ( 1 )
20:02:38.0757 0x0f80  Detect skipped due to KSN trusted
20:02:38.0757 0x0f80  luafv - ok
20:02:38.0781 0x0f80  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:02:38.0817 0x0f80  Mcx2Svc - ok
20:02:38.0833 0x0f80  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:02:38.0834 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\megasas.sys. md5: A55805F747C6EDB6A9080D7C633BD0F4, sha256: 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728
20:02:38.0834 0x0f80  megasas - detected LockedFile.Multi.Generic ( 1 )
20:02:41.0808 0x0f80  Detect skipped due to KSN trusted
20:02:41.0808 0x0f80  megasas - ok
20:02:41.0998 0x0f80  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:02:41.0999 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: BAF74CE0072480C3B6B7C13B2A94D6B3, sha256: 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834
20:02:41.0999 0x0f80  MegaSR - detected LockedFile.Multi.Generic ( 1 )
20:02:46.0239 0x0f80  Detect skipped due to KSN trusted
20:02:46.0239 0x0f80  MegaSR - ok
20:02:46.0335 0x0f80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:02:46.0400 0x0f80  MMCSS - ok
20:02:46.0414 0x0f80  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:02:46.0414 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\modem.sys. md5: 800BA92F7010378B09F9ED9270F07137, sha256: 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342
20:02:46.0414 0x0f80  Modem - detected LockedFile.Multi.Generic ( 1 )
20:02:49.0411 0x0f80  Detect skipped due to KSN trusted
20:02:49.0412 0x0f80  Modem - ok
20:02:49.0492 0x0f80  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:02:49.0493 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\monitor.sys. md5: B03D591DC7DA45ECE20B3B467E6AADAA, sha256: 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732
20:02:49.0494 0x0f80  monitor - detected LockedFile.Multi.Generic ( 1 )
20:02:52.0288 0x0f80  Detect skipped due to KSN trusted
20:02:52.0288 0x0f80  monitor - ok
20:02:52.0363 0x0f80  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:02:52.0363 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7D27EA49F3C1F687D357E77A470AEA99, sha256: 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7
20:02:52.0364 0x0f80  mouclass - detected LockedFile.Multi.Generic ( 1 )
20:02:55.0336 0x0f80  Detect skipped due to KSN trusted
20:02:55.0336 0x0f80  mouclass - ok
20:02:55.0344 0x0f80  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:02:55.0344 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mouhid.sys. md5: D3BF052C40B0C4166D9FD86A4288C1E6, sha256: 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183
20:02:55.0344 0x0f80  mouhid - detected LockedFile.Multi.Generic ( 1 )
20:02:58.0195 0x0f80  Detect skipped due to KSN trusted
20:02:58.0195 0x0f80  mouhid - ok
20:02:58.0286 0x0f80  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:02:58.0286 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mountmgr.sys. md5: 32E7A3D591D671A6DF2DB515A5CBE0FA, sha256: 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63
20:02:58.0286 0x0f80  mountmgr - detected LockedFile.Multi.Generic ( 1 )
20:03:01.0113 0x0f80  Detect skipped due to KSN trusted
20:03:01.0113 0x0f80  mountmgr - ok
20:03:01.0239 0x0f80  [ CC11EEB7AF4617D65DF0E9A21FC1ABD0, A683A5FB26E1B9FB4EEB40A9C7186F8433E3FB0A45848DF6102EF07B4DC75AC8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:03:01.0266 0x0f80  MozillaMaintenance - ok
20:03:01.0302 0x0f80  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:03:01.0302 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpio.sys. md5: A44B420D30BD56E145D6A2BC8768EC58, sha256: B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8
20:03:01.0302 0x0f80  mpio - detected LockedFile.Multi.Generic ( 1 )
20:03:04.0277 0x0f80  Detect skipped due to KSN trusted
20:03:04.0277 0x0f80  mpio - ok
20:03:04.0362 0x0f80  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:03:04.0363 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6C38C9E45AE0EA2FA5E551F2ED5E978F, sha256: 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20
20:03:04.0363 0x0f80  mpsdrv - detected LockedFile.Multi.Generic ( 1 )
20:03:07.0159 0x0f80  Detect skipped due to KSN trusted
20:03:07.0159 0x0f80  mpsdrv - ok
20:03:07.0277 0x0f80  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:03:07.0349 0x0f80  MpsSvc - ok
20:03:07.0390 0x0f80  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:03:07.0390 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mrxdav.sys. md5: DC722758B8261E1ABAFD31A3C0A66380, sha256: 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A
20:03:07.0390 0x0f80  MRxDAV - detected LockedFile.Multi.Generic ( 1 )
20:03:10.0368 0x0f80  Detect skipped due to KSN trusted
20:03:10.0368 0x0f80  MRxDAV - ok
20:03:10.0453 0x0f80  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:03:10.0453 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: A5D9106A73DC88564C825D317CAC68AC, sha256: 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4
20:03:10.0453 0x0f80  mrxsmb - detected LockedFile.Multi.Generic ( 1 )
20:03:13.0249 0x0f80  Detect skipped due to KSN trusted
20:03:13.0249 0x0f80  mrxsmb - ok
20:03:13.0335 0x0f80  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:03:13.0335 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: D711B3C1D5F42C0C2415687BE09FC163, sha256: 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF
20:03:13.0335 0x0f80  mrxsmb10 - detected LockedFile.Multi.Generic ( 1 )
20:03:16.0132 0x0f80  Detect skipped due to KSN trusted
20:03:16.0132 0x0f80  mrxsmb10 - ok
20:03:16.0201 0x0f80  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:03:16.0201 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 9423E9D355C8D303E76B8CFBD8A5C30C, sha256: 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC
20:03:16.0201 0x0f80  mrxsmb20 - detected LockedFile.Multi.Generic ( 1 )
20:03:19.0021 0x0f80  Detect skipped due to KSN trusted
20:03:19.0021 0x0f80  mrxsmb20 - ok
20:03:19.0099 0x0f80  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:03:19.0099 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msahci.sys. md5: C25F0BAFA182CBCA2DD3C851C2E75796, sha256: 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8
20:03:19.0100 0x0f80  msahci - detected LockedFile.Multi.Generic ( 1 )
20:03:21.0897 0x0f80  Detect skipped due to KSN trusted
20:03:21.0897 0x0f80  msahci - ok
20:03:21.0973 0x0f80  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:03:21.0973 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msdsm.sys. md5: DB801A638D011B9633829EB6F663C900, sha256: B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74
20:03:21.0974 0x0f80  msdsm - detected LockedFile.Multi.Generic ( 1 )
20:03:24.0951 0x0f80  Detect skipped due to KSN trusted
20:03:24.0951 0x0f80  msdsm - ok
20:03:25.0030 0x0f80  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:03:25.0073 0x0f80  MSDTC - ok
20:03:25.0107 0x0f80  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:03:25.0107 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Msfs.sys. md5: AA3FB40E17CE1388FA1BEDAB50EA8F96, sha256: 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99
20:03:25.0107 0x0f80  Msfs - detected LockedFile.Multi.Generic ( 1 )
20:03:27.0904 0x0f80  Detect skipped due to KSN trusted
20:03:27.0904 0x0f80  Msfs - ok
20:03:27.0943 0x0f80  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:03:27.0943 0x0f80  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\mshidkmdf.sys. md5: F9D215A46A8B9753F61767FA72A20326, sha256: 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141
20:03:27.0943 0x0f80  mshidkmdf - detected LockedFile.Multi.Generic ( 1 )
20:03:30.0746 0x0f80  Detect skipped due to KSN trusted
20:03:30.0746 0x0f80  mshidkmdf - ok
20:03:30.0813 0x0f80  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:03:30.0814 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\msisadrv.sys. md5: D916874BBD4F8B07BFB7FA9B3CCAE29D, sha256: B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1
20:03:30.0814 0x0f80  msisadrv - detected LockedFile.Multi.Generic ( 1 )
20:03:33.0611 0x0f80  Detect skipped due to KSN trusted
20:03:33.0611 0x0f80  msisadrv - ok
20:03:33.0701 0x0f80  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:03:33.0767 0x0f80  MSiSCSI - ok
20:03:33.0771 0x0f80  msiserver - ok
20:03:33.0808 0x0f80  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:03:33.0808 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49CCF2C4FEA34FFAD8B1B59D49439366, sha256: E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7
20:03:33.0808 0x0f80  MSKSSRV - detected LockedFile.Multi.Generic ( 1 )
20:03:36.0605 0x0f80  Detect skipped due to KSN trusted
20:03:36.0605 0x0f80  MSKSSRV - ok
20:03:36.0664 0x0f80  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:03:36.0665 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: BDD71ACE35A232104DDD349EE70E1AB3, sha256: 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB
20:03:36.0665 0x0f80  MSPCLOCK - detected LockedFile.Multi.Generic ( 1 )
20:03:39.0494 0x0f80  Detect skipped due to KSN trusted
20:03:39.0494 0x0f80  MSPCLOCK - ok
20:03:39.0554 0x0f80  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:03:39.0555 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ED981241DB27C3383D72092B618A1D0, sha256: E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC
20:03:39.0555 0x0f80  MSPQM - detected LockedFile.Multi.Generic ( 1 )
20:03:42.0528 0x0f80  Detect skipped due to KSN trusted
20:03:42.0528 0x0f80  MSPQM - ok
20:03:42.0627 0x0f80  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:03:42.0627 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MsRPC.sys. md5: 759A9EEB0FA9ED79DA1FB7D4EF78866D, sha256: 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133
20:03:42.0628 0x0f80  MsRPC - detected LockedFile.Multi.Generic ( 1 )
20:03:45.0468 0x0f80  Detect skipped due to KSN trusted
20:03:45.0469 0x0f80  MsRPC - ok
20:03:45.0550 0x0f80  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:03:45.0550 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\mssmbios.sys. md5: 0EED230E37515A0EAEE3C2E1BC97B288, sha256: B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42
20:03:45.0550 0x0f80  mssmbios - detected LockedFile.Multi.Generic ( 1 )
20:03:48.0531 0x0f80  Detect skipped due to KSN trusted
20:03:48.0531 0x0f80  mssmbios - ok
20:03:48.0574 0x0f80  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:03:48.0574 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\MSTEE.sys. md5: 2E66F9ECB30B4221A318C92AC2250779, sha256: DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD
20:03:48.0575 0x0f80  MSTEE - detected LockedFile.Multi.Generic ( 1 )
20:03:51.0718 0x0f80  Detect skipped due to KSN trusted
20:03:51.0718 0x0f80  MSTEE - ok
20:03:51.0724 0x0f80  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:03:51.0725 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7EA404308934E675BFFDE8EDF0757BCD, sha256: 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232
20:03:51.0725 0x0f80  MTConfig - detected LockedFile.Multi.Generic ( 1 )
20:03:54.0528 0x0f80  Detect skipped due to KSN trusted
20:03:54.0528 0x0f80  MTConfig - ok
20:03:54.0603 0x0f80  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:03:54.0603 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\mup.sys. md5: F9A18612FD3526FE473C1BDA678D61C8, sha256: 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A
20:03:54.0604 0x0f80  Mup - detected LockedFile.Multi.Generic ( 1 )
20:03:57.0670 0x0f80  Detect skipped due to KSN trusted
20:03:57.0670 0x0f80  Mup - ok
20:03:57.0777 0x0f80  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:03:57.0843 0x0f80  napagent - ok
20:03:57.0887 0x0f80  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:03:57.0887 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1EA3749C4114DB3E3161156FFFFA6B33, sha256: 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7
20:03:57.0894 0x0f80  NativeWifiP - detected LockedFile.Multi.Generic ( 1 )
20:04:00.0872 0x0f80  Detect skipped due to KSN trusted
20:04:00.0872 0x0f80  NativeWifiP - ok
20:04:01.0000 0x0f80  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:04:01.0000 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ndis.sys. md5: 79B47FD40D9A817E932F9D26FAC0A81C, sha256: 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D
20:04:01.0001 0x0f80  NDIS - detected LockedFile.Multi.Generic ( 1 )
20:04:05.0626 0x0f80  Detect skipped due to KSN trusted
20:04:05.0626 0x0f80  NDIS - ok
20:04:05.0714 0x0f80  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:04:05.0715 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, sha256: D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC
20:04:05.0715 0x0f80  NdisCap - detected LockedFile.Multi.Generic ( 1 )
20:04:08.0701 0x0f80  Detect skipped due to KSN trusted
20:04:08.0702 0x0f80  NdisCap - ok
20:04:08.0775 0x0f80  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:04:08.0776 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639C932D9FEF22B31268FE25A1B6E5, sha256: 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6
20:04:08.0776 0x0f80  NdisTapi - detected LockedFile.Multi.Generic ( 1 )
20:04:11.0575 0x0f80  Detect skipped due to KSN trusted
20:04:11.0575 0x0f80  NdisTapi - ok
20:04:11.0659 0x0f80  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:04:11.0659 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: 136185F9FB2CC61E573E676AA5402356, sha256: BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683
20:04:11.0660 0x0f80  Ndisuio - detected LockedFile.Multi.Generic ( 1 )
20:04:14.0635 0x0f80  Detect skipped due to KSN trusted
20:04:14.0635 0x0f80  Ndisuio - ok
20:04:14.0727 0x0f80  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:04:14.0727 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 53F7305169863F0A2BDDC49E116C2E11, sha256: 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77
20:04:14.0729 0x0f80  NdisWan - detected LockedFile.Multi.Generic ( 1 )
20:04:17.0532 0x0f80  Detect skipped due to KSN trusted
20:04:17.0532 0x0f80  NdisWan - ok
20:04:17.0626 0x0f80  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:04:17.0626 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\NDProxy.sys. md5: 015C0D8E0E0421B4CFD48CFFE2825879, sha256: 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023
20:04:17.0627 0x0f80  NDProxy - detected LockedFile.Multi.Generic ( 1 )
20:04:20.0424 0x0f80  Detect skipped due to KSN trusted
20:04:20.0424 0x0f80  NDProxy - ok
20:04:20.0523 0x0f80  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:04:20.0523 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743D9F5D2B1048062B14B1D84501C4, sha256: DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062
20:04:20.0523 0x0f80  NetBIOS - detected LockedFile.Multi.Generic ( 1 )
20:04:23.0315 0x0f80  Detect skipped due to KSN trusted
20:04:23.0316 0x0f80  NetBIOS - ok
20:04:23.0404 0x0f80  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:04:23.0404 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\netbt.sys. md5: 09594D1089C523423B32A4229263F068, sha256: 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37
20:04:23.0419 0x0f80  NetBT - detected LockedFile.Multi.Generic ( 1 )
20:04:26.0229 0x0f80  Detect skipped due to KSN trusted
20:04:26.0229 0x0f80  NetBT - ok
20:04:26.0298 0x0f80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
20:04:26.0320 0x0f80  Netlogon - ok
20:04:26.0363 0x0f80  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:04:26.0437 0x0f80  Netman - ok
20:04:26.0452 0x0f80  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:04:26.0501 0x0f80  netprofm - ok
20:04:26.0525 0x0f80  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:04:26.0536 0x0f80  NetTcpPortSharing - ok
20:04:26.0572 0x0f80  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:04:26.0572 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813BE4D166CDAB78DDBA990DA92, sha256: 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3
20:04:26.0573 0x0f80  nfrd960 - detected LockedFile.Multi.Generic ( 1 )
20:04:29.0563 0x0f80  Detect skipped due to KSN trusted
20:04:29.0563 0x0f80  nfrd960 - ok
20:04:29.0669 0x0f80  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:04:29.0746 0x0f80  NlaSvc - ok
20:04:29.0758 0x0f80  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:04:29.0759 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Npfs.sys. md5: 1E4C4AB5C9B8DD13179BBDC75A2A01F7, sha256: D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F
20:04:29.0759 0x0f80  Npfs - detected LockedFile.Multi.Generic ( 1 )
20:04:32.0602 0x0f80  Detect skipped due to KSN trusted
20:04:32.0602 0x0f80  Npfs - ok
20:04:32.0677 0x0f80  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:04:32.0751 0x0f80  nsi - ok
20:04:32.0777 0x0f80  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:04:32.0777 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nsiproxy.sys. md5: E7F5AE18AF4168178A642A9247C63001, sha256: 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76
20:04:32.0777 0x0f80  nsiproxy - detected LockedFile.Multi.Generic ( 1 )
20:04:35.0752 0x0f80  Detect skipped due to KSN trusted
20:04:35.0752 0x0f80  nsiproxy - ok
20:04:35.0899 0x0f80  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:04:35.0899 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Ntfs.sys. md5: B98F8C6E31CD07B2E6F71F7F648E38C0, sha256: 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E
20:04:35.0901 0x0f80  Ntfs - detected LockedFile.Multi.Generic ( 1 )
20:04:38.0697 0x0f80  Detect skipped due to KSN trusted
20:04:38.0697 0x0f80  Ntfs - ok
20:04:38.0766 0x0f80  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:04:38.0767 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Null.sys. md5: 9899284589F75FA8724FF3D16AED75C1, sha256: 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6
20:04:38.0767 0x0f80  Null - detected LockedFile.Multi.Generic ( 1 )
20:04:41.0565 0x0f80  Detect skipped due to KSN trusted
20:04:41.0565 0x0f80  Null - ok
20:04:41.0654 0x0f80  [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:04:41.0655 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvraid.sys. md5: 5D9FD91F3D38DC9DA01E3CB5FA89CD48, sha256: 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737
20:04:41.0655 0x0f80  nvraid - detected LockedFile.Multi.Generic ( 1 )
20:04:44.0481 0x0f80  Detect skipped due to KSN trusted
20:04:44.0481 0x0f80  nvraid - ok
20:04:44.0559 0x0f80  [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:04:44.0559 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nvstor.sys. md5: F7CD50FE7139F07E77DA8AC8033D1832, sha256: DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC
20:04:44.0560 0x0f80  nvstor - detected LockedFile.Multi.Generic ( 1 )
20:04:47.0536 0x0f80  Detect skipped due to KSN trusted
20:04:47.0536 0x0f80  nvstor - ok
20:04:47.0598 0x0f80  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:04:47.0598 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\nv_agp.sys. md5: 270D7CD42D6E3979F6DD0146650F0E05, sha256: 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F
20:04:47.0599 0x0f80  nv_agp - detected LockedFile.Multi.Generic ( 1 )
20:04:50.0583 0x0f80  Detect skipped due to KSN trusted
20:04:50.0583 0x0f80  nv_agp - ok
20:04:50.0739 0x0f80  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:04:50.0789 0x0f80  odserv - ok
20:04:50.0823 0x0f80  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:04:50.0823 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ohci1394.sys. md5: 3589478E4B22CE21B41FA1BFC0B8B8A0, sha256: AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203
20:04:50.0823 0x0f80  ohci1394 - detected LockedFile.Multi.Generic ( 1 )
20:04:53.0637 0x0f80  Detect skipped due to KSN trusted
20:04:53.0637 0x0f80  ohci1394 - ok
20:04:53.0725 0x0f80  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:04:53.0749 0x0f80  ose - ok
20:04:53.0796 0x0f80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:04:53.0843 0x0f80  p2pimsvc - ok
20:04:53.0902 0x0f80  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:04:53.0932 0x0f80  p2psvc - ok
20:04:53.0955 0x0f80  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:04:53.0955 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431C29C35BE1DBC43F52CC273887, sha256: 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80
20:04:53.0956 0x0f80  Parport - detected LockedFile.Multi.Generic ( 1 )
20:04:56.0931 0x0f80  Detect skipped due to KSN trusted
20:04:56.0931 0x0f80  Parport - ok
20:04:57.0020 0x0f80  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:04:57.0020 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\partmgr.sys. md5: E9766131EEADE40A27DC27D2D68FBA9C, sha256: 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6
20:04:57.0021 0x0f80  partmgr - detected LockedFile.Multi.Generic ( 1 )
20:04:59.0816 0x0f80  Detect skipped due to KSN trusted
20:04:59.0816 0x0f80  partmgr - ok
20:04:59.0917 0x0f80  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:05:00.0006 0x0f80  PcaSvc - ok
20:05:00.0037 0x0f80  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:05:00.0037 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pci.sys. md5: 94575C0571D1462A0F70BDE6BD6EE6B3, sha256: 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9
20:05:00.0038 0x0f80  pci - detected LockedFile.Multi.Generic ( 1 )
20:05:02.0864 0x0f80  Detect skipped due to KSN trusted
20:05:02.0865 0x0f80  pci - ok
20:05:02.0941 0x0f80  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:05:02.0941 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pciide.sys. md5: B5B8B5EF2E5CB34DF8DCF8831E3534FA, sha256: F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480
20:05:02.0941 0x0f80  pciide - detected LockedFile.Multi.Generic ( 1 )
20:05:05.0763 0x0f80  Detect skipped due to KSN trusted
20:05:05.0763 0x0f80  pciide - ok
20:05:05.0808 0x0f80  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:05:05.0808 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: B2E81D4E87CE48589F98CB8C05B01F2F, sha256: 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14
20:05:05.0809 0x0f80  pcmcia - detected LockedFile.Multi.Generic ( 1 )
20:05:08.0603 0x0f80  Detect skipped due to KSN trusted
20:05:08.0603 0x0f80  pcmcia - ok
20:05:08.0662 0x0f80  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:05:08.0663 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\pcw.sys. md5: D6B9C2E1A11A3A4B26A182FFEF18F603, sha256: BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36
20:05:08.0663 0x0f80  pcw - detected LockedFile.Multi.Generic ( 1 )
20:05:11.0460 0x0f80  Detect skipped due to KSN trusted
20:05:11.0460 0x0f80  pcw - ok
20:05:11.0565 0x0f80  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:05:11.0565 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\peauth.sys. md5: 68769C3356B3BE5D1C732C97B9A80D6E, sha256: FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C
20:05:11.0575 0x0f80  PEAUTH - detected LockedFile.Multi.Generic ( 1 )
20:05:14.0403 0x0f80  Detect skipped due to KSN trusted
20:05:14.0403 0x0f80  PEAUTH - ok
20:05:14.0533 0x0f80  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:05:14.0569 0x0f80  PerfHost - ok
20:05:14.0627 0x0f80  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
20:05:14.0627 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pgeffect.sys. md5: 663962900E7FEA522126BA287715BB4A, sha256: 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1
20:05:14.0627 0x0f80  PGEffect - detected LockedFile.Multi.Generic ( 1 )
20:05:17.0428 0x0f80  Detect skipped due to KSN trusted
20:05:17.0429 0x0f80  PGEffect - ok
20:05:17.0568 0x0f80  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:05:17.0678 0x0f80  pla - ok
20:05:17.0717 0x0f80  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:05:17.0762 0x0f80  PlugPlay - ok
20:05:17.0790 0x0f80  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:05:17.0827 0x0f80  PNRPAutoReg - ok
20:05:17.0861 0x0f80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:05:17.0893 0x0f80  PNRPsvc - ok
20:05:17.0948 0x0f80  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:05:18.0017 0x0f80  PolicyAgent - ok
20:05:18.0047 0x0f80  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:05:18.0090 0x0f80  Power - ok
20:05:18.0129 0x0f80  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:05:18.0129 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspptp.sys. md5: F92A2C41117A11A00BE01CA01A7FCDE9, sha256: 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763
20:05:18.0130 0x0f80  PptpMiniport - detected LockedFile.Multi.Generic ( 1 )
20:05:20.0944 0x0f80  Detect skipped due to KSN trusted
20:05:20.0944 0x0f80  PptpMiniport - ok
20:05:21.0019 0x0f80  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:05:21.0020 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\processr.sys. md5: 0D922E23C041EFB1C3FAC2A6F943C9BF, sha256: 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5
20:05:21.0020 0x0f80  Processor - detected LockedFile.Multi.Generic ( 1 )
20:05:24.0001 0x0f80  Detect skipped due to KSN trusted
20:05:24.0001 0x0f80  Processor - ok
20:05:24.0106 0x0f80  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
20:05:24.0169 0x0f80  ProfSvc - ok
20:05:24.0187 0x0f80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:05:24.0198 0x0f80  ProtectedStorage - ok
20:05:24.0231 0x0f80  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:05:24.0232 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\pacer.sys. md5: 0557CF5A2556BD58E26384169D72438D, sha256: F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4
20:05:24.0233 0x0f80  Psched - detected LockedFile.Multi.Generic ( 1 )
20:05:27.0207 0x0f80  Detect skipped due to KSN trusted
20:05:27.0207 0x0f80  Psched - ok
20:05:27.0341 0x0f80  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:05:27.0341 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql2300.sys. md5: A53A15A11EBFD21077463EE2C7AFEEF0, sha256: 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489
20:05:27.0342 0x0f80  ql2300 - detected LockedFile.Multi.Generic ( 1 )
20:05:30.0137 0x0f80  Detect skipped due to KSN trusted
20:05:30.0138 0x0f80  ql2300 - ok
20:05:30.0225 0x0f80  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:05:30.0226 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4F6D12B51DE1AAEFF7DC58C4D75423C8, sha256: FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE
20:05:30.0226 0x0f80  ql40xx - detected LockedFile.Multi.Generic ( 1 )
20:05:33.0206 0x0f80  Detect skipped due to KSN trusted
20:05:33.0206 0x0f80  ql40xx - ok
20:05:33.0298 0x0f80  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:05:33.0350 0x0f80  QWAVE - ok
20:05:33.0382 0x0f80  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:05:33.0382 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707BB36430888D9CE9D705398ADB6C, sha256: 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535
20:05:33.0382 0x0f80  QWAVEdrv - detected LockedFile.Multi.Generic ( 1 )
20:05:36.0355 0x0f80  Detect skipped due to KSN trusted
20:05:36.0355 0x0f80  QWAVEdrv - ok
20:05:36.0421 0x0f80  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:05:36.0421 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5A0DA8AD5762FA2D91678A8A01311704, sha256: 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF
20:05:36.0421 0x0f80  RasAcd - detected LockedFile.Multi.Generic ( 1 )
20:05:39.0229 0x0f80  Detect skipped due to KSN trusted
20:05:39.0229 0x0f80  RasAcd - ok
20:05:39.0301 0x0f80  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:05:39.0302 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ECFF9B22276B73F43A99A15A6094E90, sha256: 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1
20:05:39.0302 0x0f80  RasAgileVpn - detected LockedFile.Multi.Generic ( 1 )
20:05:42.0100 0x0f80  Detect skipped due to KSN trusted
20:05:42.0100 0x0f80  RasAgileVpn - ok
20:05:42.0177 0x0f80  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:05:42.0254 0x0f80  RasAuto - ok
20:05:42.0285 0x0f80  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:05:42.0285 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 471815800AE33E6F1C32FB1B97C490CA, sha256: 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698
20:05:42.0285 0x0f80  Rasl2tp - detected LockedFile.Multi.Generic ( 1 )
20:05:45.0082 0x0f80  Detect skipped due to KSN trusted
20:05:45.0082 0x0f80  Rasl2tp - ok
20:05:45.0179 0x0f80  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:05:45.0282 0x0f80  RasMan - ok
20:05:45.0309 0x0f80  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:05:45.0309 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855C9B1CD4756C5E9A2AA58A15F58C25, sha256: A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72
20:05:45.0309 0x0f80  RasPppoe - detected LockedFile.Multi.Generic ( 1 )
20:05:48.0101 0x0f80  Detect skipped due to KSN trusted
20:05:48.0102 0x0f80  RasPppoe - ok
20:05:48.0181 0x0f80  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:05:48.0181 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rassstp.sys. md5: E8B1E447B008D07FF47D016C2B0EEECB, sha256: FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C
20:05:48.0182 0x0f80  RasSstp - detected LockedFile.Multi.Generic ( 1 )
20:05:51.0006 0x0f80  Detect skipped due to KSN trusted
20:05:51.0006 0x0f80  RasSstp - ok
20:05:51.0089 0x0f80  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:05:51.0089 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 77F665941019A1594D887A74F301FA2F, sha256: 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA
20:05:51.0090 0x0f80  rdbss - detected LockedFile.Multi.Generic ( 1 )
20:05:53.0906 0x0f80  Detect skipped due to KSN trusted
20:05:53.0906 0x0f80  rdbss - ok
20:05:53.0975 0x0f80  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:05:53.0975 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302DA2A0539F2CF54D7C6CC30C1F2D8D, sha256: 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17
20:05:53.0975 0x0f80  rdpbus - detected LockedFile.Multi.Generic ( 1 )
20:05:56.0948 0x0f80  Detect skipped due to KSN trusted
20:05:56.0948 0x0f80  rdpbus - ok
20:05:57.0033 0x0f80  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:05:57.0033 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: CEA6CC257FC9B7715F1C2B4849286D24, sha256: A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804
20:05:57.0034 0x0f80  RDPCDD - detected LockedFile.Multi.Generic ( 1 )
20:05:59.0842 0x0f80  Detect skipped due to KSN trusted
20:05:59.0842 0x0f80  RDPCDD - ok
20:05:59.0851 0x0f80  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:05:59.0851 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdpencdd.sys. md5: BB5971A4F00659529A5C44831AF22365, sha256: 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F
20:05:59.0852 0x0f80  RDPENCDD - detected LockedFile.Multi.Generic ( 1 )
20:06:02.0678 0x0f80  Detect skipped due to KSN trusted
20:06:02.0678 0x0f80  RDPENCDD - ok
20:06:02.0748 0x0f80  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:06:02.0748 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216F3FA57533D98E1F74DED70113177A, sha256: 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4
20:06:02.0749 0x0f80  RDPREFMP - detected LockedFile.Multi.Generic ( 1 )
20:06:06.0445 0x0f80  Detect skipped due to KSN trusted
20:06:06.0445 0x0f80  RDPREFMP - ok
20:06:06.0532 0x0f80  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:06:06.0532 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\RDPWD.sys. md5: E61608AA35E98999AF9AAEEEA6114B0A, sha256: F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6
20:06:06.0532 0x0f80  RDPWD - detected LockedFile.Multi.Generic ( 1 )
20:06:10.0433 0x0f80  Detect skipped due to KSN trusted
20:06:10.0433 0x0f80  RDPWD - ok
20:06:10.0549 0x0f80  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:06:10.0550 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\rdyboost.sys. md5: 34ED295FA0121C241BFEF24764FC4520, sha256: AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F
20:06:10.0563 0x0f80  rdyboost - detected LockedFile.Multi.Generic ( 1 )
20:06:13.0360 0x0f80  Detect skipped due to KSN trusted
20:06:13.0361 0x0f80  rdyboost - ok
20:06:13.0455 0x0f80  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:06:13.0520 0x0f80  RemoteAccess - ok
20:06:13.0556 0x0f80  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:06:13.0606 0x0f80  RemoteRegistry - ok
20:06:13.0626 0x0f80  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:06:13.0670 0x0f80  RpcEptMapper - ok
20:06:13.0689 0x0f80  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:06:13.0717 0x0f80  RpcLocator - ok
20:06:13.0745 0x0f80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
20:06:13.0790 0x0f80  RpcSs - ok
20:06:13.0818 0x0f80  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:06:13.0819 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rspndr.sys. md5: DDC86E4F8E7456261E637E3552E804FF, sha256: D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD
20:06:13.0819 0x0f80  rspndr - detected LockedFile.Multi.Generic ( 1 )
20:06:16.0797 0x0f80  Detect skipped due to KSN trusted
20:06:16.0797 0x0f80  rspndr - ok
20:06:16.0858 0x0f80  [ 907C4464381B5EBDFDC60F6C7D0DEDFC, A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
20:06:16.0858 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 907C4464381B5EBDFDC60F6C7D0DEDFC, sha256: A39EB4C0858A3CA2D8AFE6D52809EC41795FD7A2F3F157D9CBCCB84BE7958A89
20:06:16.0859 0x0f80  RSUSBSTOR - detected LockedFile.Multi.Generic ( 1 )
20:06:19.0688 0x0f80  Detect skipped due to KSN trusted
20:06:19.0688 0x0f80  RSUSBSTOR - ok
20:06:19.0838 0x0f80  [ 7475548B0BA58EBA4D12414FC9E9DFE6, 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
20:06:19.0838 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\rtl8192se.sys. md5: 7475548B0BA58EBA4D12414FC9E9DFE6, sha256: 93F5CF9C7F5CE556810A6113014CB17774EA7779BD91D84670FA6653C810361F
20:06:19.0840 0x0f80  rtl8192se - detected LockedFile.Multi.Generic ( 1 )
20:06:22.0664 0x0f80  Detect skipped due to KSN trusted
20:06:22.0664 0x0f80  rtl8192se - ok
20:06:22.0683 0x0f80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
20:06:22.0704 0x0f80  SamSs - ok
20:06:22.0739 0x0f80  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:06:22.0739 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sbp2port.sys. md5: AC03AF3329579FFFB455AA2DAABBE22B, sha256: 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656
20:06:22.0740 0x0f80  sbp2port - detected LockedFile.Multi.Generic ( 1 )
20:06:25.0712 0x0f80  Detect skipped due to KSN trusted
20:06:25.0712 0x0f80  sbp2port - ok
20:06:25.0802 0x0f80  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:06:25.0852 0x0f80  SCardSvr - ok
20:06:25.0886 0x0f80  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:06:25.0886 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\scfilter.sys. md5: 253F38D0D7074C02FF8DEB9836C97D2B, sha256: CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116
20:06:25.0886 0x0f80  scfilter - detected LockedFile.Multi.Generic ( 1 )
20:06:28.0712 0x0f80  Detect skipped due to KSN trusted
20:06:28.0712 0x0f80  scfilter - ok
20:06:28.0840 0x0f80  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
20:06:28.0922 0x0f80  Schedule - ok
20:06:28.0952 0x0f80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:06:28.0985 0x0f80  SCPolicySvc - ok
20:06:29.0017 0x0f80  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:06:29.0062 0x0f80  SDRSVC - ok
20:06:29.0103 0x0f80  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:06:29.0103 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\secdrv.sys. md5: 3EA8A16169C26AFBEB544E0E48421186, sha256: 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D
20:06:29.0103 0x0f80  secdrv - detected LockedFile.Multi.Generic ( 1 )
20:06:32.0075 0x0f80  Detect skipped due to KSN trusted
20:06:32.0076 0x0f80  secdrv - ok
20:06:32.0142 0x0f80  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
20:06:32.0228 0x0f80  seclogon - ok
20:06:32.0261 0x0f80  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:06:32.0330 0x0f80  SENS - ok
20:06:32.0348 0x0f80  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:06:32.0393 0x0f80  SensrSvc - ok
20:06:32.0421 0x0f80  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:06:32.0421 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serenum.sys. md5: CB624C0035412AF0DEBEC78C41F5CA1B, sha256: A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4
20:06:32.0421 0x0f80  Serenum - detected LockedFile.Multi.Generic ( 1 )
20:06:35.0214 0x0f80  Detect skipped due to KSN trusted
20:06:35.0214 0x0f80  Serenum - ok
20:06:35.0288 0x0f80  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:06:35.0289 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\serial.sys. md5: C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, sha256: 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D
20:06:35.0289 0x0f80  Serial - detected LockedFile.Multi.Generic ( 1 )
20:06:38.0089 0x0f80  Detect skipped due to KSN trusted
20:06:38.0089 0x0f80  Serial - ok
20:06:38.0183 0x0f80  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:06:38.0183 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1C545A7D0691CC4A027396535691C3E3, sha256: 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D
20:06:38.0184 0x0f80  sermouse - detected LockedFile.Multi.Generic ( 1 )
20:06:40.0978 0x0f80  Detect skipped due to KSN trusted
20:06:40.0978 0x0f80  sermouse - ok
20:06:41.0067 0x0f80  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:06:41.0140 0x0f80  SessionEnv - ok
20:06:41.0149 0x0f80  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:06:41.0149 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffdisk.sys. md5: A554811BCD09279536440C964AE35BBF, sha256: DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55
20:06:41.0149 0x0f80  sffdisk - detected LockedFile.Multi.Generic ( 1 )
20:06:43.0972 0x0f80  Detect skipped due to KSN trusted
20:06:43.0972 0x0f80  sffdisk - ok
20:06:44.0042 0x0f80  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:06:44.0043 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_mmc.sys. md5: FF414F0BAEFEBA59BC6C04B3DB0B87BF, sha256: B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042
20:06:44.0043 0x0f80  sffp_mmc - detected LockedFile.Multi.Generic ( 1 )
20:06:46.0838 0x0f80  Detect skipped due to KSN trusted
20:06:46.0839 0x0f80  sffp_mmc - ok
20:06:46.0982 0x0f80  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:06:46.0982 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\sffp_sd.sys. md5: DD85B78243A19B59F0637DCF284DA63C, sha256: 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197
20:06:46.0982 0x0f80  sffp_sd - detected LockedFile.Multi.Generic ( 1 )
20:06:49.0806 0x0f80  Detect skipped due to KSN trusted
20:06:49.0806 0x0f80  sffp_sd - ok
20:06:49.0884 0x0f80  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:06:49.0885 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sfloppy.sys. md5: A9D601643A1647211A1EE2EC4E433FF4, sha256: 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9
20:06:49.0885 0x0f80  sfloppy - detected LockedFile.Multi.Generic ( 1 )
20:06:52.0680 0x0f80  Detect skipped due to KSN trusted
20:06:52.0680 0x0f80  sfloppy - ok
20:06:52.0720 0x0f80  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:06:52.0807 0x0f80  SharedAccess - ok
20:06:52.0850 0x0f80  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:06:52.0910 0x0f80  ShellHWDetection - ok
20:06:52.0927 0x0f80  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:06:52.0927 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SiSRaid2.sys. md5: 843CAF1E5FDE1FFD5FF768F23A51E2E1, sha256: 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820
20:06:52.0927 0x0f80  SiSRaid2 - detected LockedFile.Multi.Generic ( 1 )
20:06:55.0732 0x0f80  Detect skipped due to KSN trusted
20:06:55.0732 0x0f80  SiSRaid2 - ok
20:06:55.0796 0x0f80  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:06:55.0797 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\sisraid4.sys. md5: 6A6C106D42E9FFFF8B9FCB4F754F6DA4, sha256: 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E
20:06:55.0797 0x0f80  SiSRaid4 - detected LockedFile.Multi.Generic ( 1 )
20:06:58.0589 0x0f80  Detect skipped due to KSN trusted
20:06:58.0590 0x0f80  SiSRaid4 - ok
20:06:58.0668 0x0f80  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:06:58.0669 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\smb.sys. md5: 548260A7B8654E024DC30BF8A7C5BAA4, sha256: 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740
20:06:58.0670 0x0f80  Smb - detected LockedFile.Multi.Generic ( 1 )
20:07:01.0467 0x0f80  Detect skipped due to KSN trusted
20:07:01.0467 0x0f80  Smb - ok
20:07:01.0553 0x0f80  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:07:01.0587 0x0f80  SNMPTRAP - ok
20:07:01.0600 0x0f80  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:07:01.0601 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\spldr.sys. md5: B9E31E5CACDFE584F34F730A677803F9, sha256: 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063
20:07:01.0601 0x0f80  spldr - detected LockedFile.Multi.Generic ( 1 )
20:07:04.0572 0x0f80  Detect skipped due to KSN trusted
20:07:04.0572 0x0f80  spldr - ok
20:07:04.0753 0x0f80  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
20:07:04.0812 0x0f80  Spooler - ok
20:07:04.0947 0x0f80  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:07:05.0067 0x0f80  sppsvc - ok
20:07:05.0097 0x0f80  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:07:05.0142 0x0f80  sppuinotify - ok
20:07:05.0180 0x0f80  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:07:05.0180 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv.sys. md5: 441FBA48BFF01FDB9D5969EBC1838F0B, sha256: 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0
20:07:05.0180 0x0f80  srv - detected LockedFile.Multi.Generic ( 1 )
20:07:07.0996 0x0f80  Detect skipped due to KSN trusted
20:07:07.0996 0x0f80  srv - ok
20:07:08.0089 0x0f80  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:07:08.0089 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srv2.sys. md5: B4ADEBBF5E3677CCE9651E0F01F7CC28, sha256: 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7
20:07:08.0090 0x0f80  srv2 - detected LockedFile.Multi.Generic ( 1 )
20:07:10.0927 0x0f80  Detect skipped due to KSN trusted
20:07:10.0927 0x0f80  srv2 - ok
20:07:11.0003 0x0f80  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:07:11.0004 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\srvnet.sys. md5: 27E461F0BE5BFF5FC737328F749538C3, sha256: AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6
20:07:11.0004 0x0f80  srvnet - detected LockedFile.Multi.Generic ( 1 )
20:07:15.0212 0x0f80  Detect skipped due to KSN trusted
20:07:15.0212 0x0f80  srvnet - ok
20:07:15.0290 0x0f80  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:07:15.0365 0x0f80  SSDPSRV - ok
20:07:15.0388 0x0f80  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:07:15.0432 0x0f80  SstpSvc - ok
20:07:15.0454 0x0f80  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:07:15.0454 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\stexstor.sys. md5: F3817967ED533D08327DC73BC4D5542A, sha256: 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5
20:07:15.0454 0x0f80  stexstor - detected LockedFile.Multi.Generic ( 1 )
20:07:18.0249 0x0f80  Detect skipped due to KSN trusted
20:07:18.0249 0x0f80  stexstor - ok
20:07:18.0363 0x0f80  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:07:18.0399 0x0f80  stisvc - ok
20:07:18.0422 0x0f80  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:07:18.0422 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\swenum.sys. md5: D01EC09B6711A5F8E7E6564A4D0FBC90, sha256: 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969
20:07:18.0427 0x0f80  swenum - detected LockedFile.Multi.Generic ( 1 )
20:07:21.0262 0x0f80  Detect skipped due to KSN trusted
20:07:21.0262 0x0f80  swenum - ok
20:07:21.0371 0x0f80  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:07:21.0489 0x0f80  swprv - ok
20:07:21.0544 0x0f80  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:07:21.0545 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\SynTP.sys. md5: 470C47DABA9CA3966F0AB3F835D7D135, sha256: BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5
20:07:21.0545 0x0f80  SynTP - detected LockedFile.Multi.Generic ( 1 )
20:07:24.0517 0x0f80  Detect skipped due to KSN trusted
20:07:24.0518 0x0f80  SynTP - ok
20:07:24.0674 0x0f80  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
20:07:24.0740 0x0f80  SysMain - ok
20:07:24.0764 0x0f80  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:07:24.0795 0x0f80  TabletInputService - ok
20:07:24.0817 0x0f80  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:07:24.0871 0x0f80  TapiSrv - ok
20:07:24.0891 0x0f80  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
20:07:24.0925 0x0f80  TBS - ok
20:07:25.0032 0x0f80  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:07:25.0033 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpip.sys. md5: 40AF23633D197905F03AB5628C558C51, sha256: 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C
20:07:25.0047 0x0f80  Tcpip - detected LockedFile.Multi.Generic ( 1 )
20:07:27.0837 0x0f80  Detect skipped due to KSN trusted
20:07:27.0837 0x0f80  Tcpip - ok
20:07:27.0979 0x0f80  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:07:27.0979 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tcpip.sys. md5: 40AF23633D197905F03AB5628C558C51, sha256: 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C
20:07:27.0996 0x0f80  TCPIP6 - detected LockedFile.Multi.Generic ( 1 )
20:07:27.0996 0x0f80  Detect skipped due to KSN trusted
20:07:27.0996 0x0f80  TCPIP6 - ok
20:07:28.0026 0x0f80  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:07:28.0027 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tcpipreg.sys. md5: DF687E3D8836BFB04FCC0615BF15A519, sha256: 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784
20:07:28.0027 0x0f80  tcpipreg - detected LockedFile.Multi.Generic ( 1 )
20:07:30.0827 0x0f80  Detect skipped due to KSN trusted
20:07:30.0827 0x0f80  tcpipreg - ok
20:07:30.0947 0x0f80  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:07:30.0947 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdcmdpst.sys. md5: FD542B661BD22FA69CA789AD0AC58C29, sha256: 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C
20:07:30.0948 0x0f80  tdcmdpst - detected LockedFile.Multi.Generic ( 1 )
20:07:33.0921 0x0f80  Detect skipped due to KSN trusted
20:07:33.0921 0x0f80  tdcmdpst - ok
20:07:34.0005 0x0f80  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:07:34.0006 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdpipe.sys. md5: 3371D21011695B16333A3934340C4E7C, sha256: 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D
20:07:34.0006 0x0f80  TDPIPE - detected LockedFile.Multi.Generic ( 1 )
20:07:36.0984 0x0f80  Detect skipped due to KSN trusted
20:07:36.0984 0x0f80  TDPIPE - ok
20:07:37.0060 0x0f80  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:07:37.0060 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tdtcp.sys. md5: 51C5ECEB1CDEE2468A1748BE550CFBC8, sha256: 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9
20:07:37.0060 0x0f80  TDTCP - detected LockedFile.Multi.Generic ( 1 )
20:07:39.0856 0x0f80  Detect skipped due to KSN trusted
20:07:39.0856 0x0f80  TDTCP - ok
20:07:39.0948 0x0f80  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:07:39.0949 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tdx.sys. md5: DDAD5A7AB24D8B65F8D724F5C20FD806, sha256: B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661
20:07:39.0949 0x0f80  tdx - detected LockedFile.Multi.Generic ( 1 )
20:07:42.0745 0x0f80  Detect skipped due to KSN trusted
20:07:42.0745 0x0f80  tdx - ok
20:07:42.0775 0x0f80  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:07:42.0776 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\termdd.sys. md5: 561E7E1F06895D78DE991E01DD0FB6E5, sha256: 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D
20:07:42.0776 0x0f80  TermDD - detected LockedFile.Multi.Generic ( 1 )
20:07:45.0572 0x0f80  Detect skipped due to KSN trusted
20:07:45.0572 0x0f80  TermDD - ok
20:07:45.0671 0x0f80  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
20:07:45.0779 0x0f80  TermService - ok
20:07:45.0812 0x0f80  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:07:45.0856 0x0f80  Themes - ok
20:07:45.0876 0x0f80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:07:45.0926 0x0f80  THREADORDER - ok
20:07:45.0987 0x0f80  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:07:46.0002 0x0f80  TMachInfo - ok
20:07:46.0036 0x0f80  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
20:07:46.0053 0x0f80  TODDSrv - ok
20:07:46.0110 0x0f80  TosCoSrv - ok
20:07:46.0135 0x0f80  TOSHIBA eco Utility Service - ok
20:07:46.0139 0x0f80  TPCHSrv - ok
20:07:46.0184 0x0f80  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:07:46.0267 0x0f80  TrkWks - ok
20:07:46.0332 0x0f80  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:07:46.0393 0x0f80  TrustedInstaller - ok
20:07:46.0423 0x0f80  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:07:46.0424 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tssecsrv.sys. md5: 4CE278FC9671BA81A138D70823FCAA09, sha256: CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300
20:07:46.0424 0x0f80  tssecsrv - detected LockedFile.Multi.Generic ( 1 )
20:07:49.0225 0x0f80  Detect skipped due to KSN trusted
20:07:49.0225 0x0f80  tssecsrv - ok
20:07:49.0316 0x0f80  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:07:49.0317 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\tsusbflt.sys. md5: D11C783E3EF9A3C52C0EBE83CC5000E9, sha256: A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB
20:07:49.0317 0x0f80  TsUsbFlt - detected LockedFile.Multi.Generic ( 1 )
20:07:52.0305 0x0f80  Detect skipped due to KSN trusted
20:07:52.0305 0x0f80  TsUsbFlt - ok
20:07:52.0394 0x0f80  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:07:52.0394 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\tunnel.sys. md5: 3566A8DAAFA27AF944F5D705EAA64894, sha256: AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8
20:07:52.0395 0x0f80  tunnel - detected LockedFile.Multi.Generic ( 1 )
20:07:55.0369 0x0f80  Detect skipped due to KSN trusted
20:07:55.0369 0x0f80  tunnel - ok
20:07:55.0450 0x0f80  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:07:55.0450 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\TVALZ_O.SYS. md5: 550B567F9364D8F7684C3FB3EA665A72, sha256: A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933
20:07:55.0451 0x0f80  TVALZ - detected LockedFile.Multi.Generic ( 1 )
20:07:58.0297 0x0f80  Detect skipped due to KSN trusted
20:07:58.0297 0x0f80  TVALZ - ok
20:07:58.0369 0x0f80  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\Windows\system32\DRIVERS\TVALZFL.sys
20:07:58.0369 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\TVALZFL.sys. md5: 9C7191F4B2E49BFF47A6C1144B5923FA, sha256: DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E
20:07:58.0370 0x0f80  TVALZFL - detected LockedFile.Multi.Generic ( 1 )
20:08:01.0174 0x0f80  Detect skipped due to KSN trusted
20:08:01.0174 0x0f80  TVALZFL - ok
20:08:01.0271 0x0f80  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:08:01.0272 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\uagp35.sys. md5: B4DD609BD7E282BFC683CEC7EAAAAD67, sha256: EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123
20:08:01.0285 0x0f80  uagp35 - detected LockedFile.Multi.Generic ( 1 )
20:08:04.0078 0x0f80  Detect skipped due to KSN trusted
20:08:04.0078 0x0f80  uagp35 - ok
20:08:04.0168 0x0f80  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:08:04.0169 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\udfs.sys. md5: FF4232A1A64012BAA1FD97C7B67DF593, sha256: D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3
20:08:04.0169 0x0f80  udfs - detected LockedFile.Multi.Generic ( 1 )
20:08:07.0145 0x0f80  Detect skipped due to KSN trusted
20:08:07.0145 0x0f80  udfs - ok
20:08:07.0222 0x0f80  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:08:07.0253 0x0f80  UI0Detect - ok
20:08:07.0283 0x0f80  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:08:07.0283 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\uliagpkx.sys. md5: 4BFE1BC28391222894CBF1E7D0E42320, sha256: 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A
20:08:07.0283 0x0f80  uliagpkx - detected LockedFile.Multi.Generic ( 1 )
20:08:10.0255 0x0f80  Detect skipped due to KSN trusted
20:08:10.0255 0x0f80  uliagpkx - ok
20:08:10.0339 0x0f80  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:08:10.0339 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umbus.sys. md5: DC54A574663A895C8763AF0FA1FF7561, sha256: 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE
20:08:10.0340 0x0f80  umbus - detected LockedFile.Multi.Generic ( 1 )
20:08:13.0195 0x0f80  Detect skipped due to KSN trusted
20:08:13.0195 0x0f80  umbus - ok
20:08:13.0269 0x0f80  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:08:13.0269 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\umpass.sys. md5: B2E8E8CB557B156DA5493BBDDCC1474D, sha256: F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43
20:08:13.0270 0x0f80  UmPass - detected LockedFile.Multi.Generic ( 1 )
20:08:17.0463 0x0f80  Detect skipped due to KSN trusted
20:08:17.0463 0x0f80  UmPass - ok
20:08:17.0629 0x0f80  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:08:17.0686 0x0f80  UNS - ok
20:08:17.0713 0x0f80  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
20:08:17.0770 0x0f80  upnphost - ok
20:08:17.0823 0x0f80  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:17.0823 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbccgp.sys. md5: DCA68B0943D6FA415F0C56C92158A83A, sha256: BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57
20:08:17.0823 0x0f80  usbccgp - detected LockedFile.Multi.Generic ( 1 )
20:08:20.0654 0x0f80  Detect skipped due to KSN trusted
20:08:20.0654 0x0f80  usbccgp - ok
20:08:20.0739 0x0f80  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:08:20.0740 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbcir.sys. md5: 80B0F7D5CCF86CEB5D402EAAF61FEC31, sha256: 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD
20:08:20.0740 0x0f80  usbcir - detected LockedFile.Multi.Generic ( 1 )
20:08:23.0712 0x0f80  Detect skipped due to KSN trusted
20:08:23.0712 0x0f80  usbcir - ok
20:08:23.0782 0x0f80  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:08:23.0783 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbehci.sys. md5: 18A85013A3E0F7E1755365D287443965, sha256: 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33
20:08:23.0783 0x0f80  usbehci - detected LockedFile.Multi.Generic ( 1 )
20:08:26.0761 0x0f80  Detect skipped due to KSN trusted
20:08:26.0761 0x0f80  usbehci - ok
20:08:26.0963 0x0f80  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:08:26.0964 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbhub.sys. md5: 8D1196CFBB223621F2C67D45710F25BA, sha256: B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003
20:08:26.0965 0x0f80  usbhub - detected LockedFile.Multi.Generic ( 1 )
20:08:29.0768 0x0f80  Detect skipped due to KSN trusted
20:08:29.0768 0x0f80  usbhub - ok
20:08:29.0836 0x0f80  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:08:29.0836 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbohci.sys. md5: 765A92D428A8DB88B960DA5A8D6089DC, sha256: 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C
20:08:29.0837 0x0f80  usbohci - detected LockedFile.Multi.Generic ( 1 )
20:08:32.0632 0x0f80  Detect skipped due to KSN trusted
20:08:32.0632 0x0f80  usbohci - ok
20:08:32.0707 0x0f80  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:08:32.0708 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\usbprint.sys. md5: 73188F58FB384E75C4063D29413CEE3D, sha256: B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C
20:08:32.0708 0x0f80  usbprint - detected LockedFile.Multi.Generic ( 1 )
20:08:35.0537 0x0f80  Detect skipped due to KSN trusted
20:08:35.0537 0x0f80  usbprint - ok
20:08:35.0608 0x0f80  [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:35.0609 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\USBSTOR.SYS. md5: D76510CFA0FC09023077F22C2F979D86, sha256: 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439
20:08:35.0609 0x0f80  USBSTOR - detected LockedFile.Multi.Generic ( 1 )
20:08:38.0587 0x0f80  Detect skipped due to KSN trusted
20:08:38.0587 0x0f80  USBSTOR - ok
20:08:38.0678 0x0f80  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:08:38.0678 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\usbuhci.sys. md5: DD253AFC3BC6CBA412342DE60C3647F3, sha256: 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7
20:08:38.0679 0x0f80  usbuhci - detected LockedFile.Multi.Generic ( 1 )
20:08:41.0477 0x0f80  Detect skipped due to KSN trusted
20:08:41.0477 0x0f80  usbuhci - ok
20:08:41.0574 0x0f80  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:08:41.0574 0x0f80  Suspicious file ( NoAccess ): C:\Windows\System32\Drivers\usbvideo.sys. md5: 1F775DA4CF1A3A1834207E975A72E9D7, sha256: 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90
20:08:41.0575 0x0f80  usbvideo - detected LockedFile.Multi.Generic ( 1 )
20:08:44.0369 0x0f80  Detect skipped due to KSN trusted
20:08:44.0369 0x0f80  usbvideo - ok
20:08:44.0451 0x0f80  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
20:08:44.0516 0x0f80  usb_rndisx - ok
20:08:44.0541 0x0f80  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:08:44.0602 0x0f80  UxSms - ok
20:08:44.0636 0x0f80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
20:08:44.0647 0x0f80  VaultSvc - ok
20:08:44.0662 0x0f80  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:08:44.0663 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vdrvroot.sys. md5: C5C876CCFC083FF3B128F933823E87BD, sha256: 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D
20:08:44.0666 0x0f80  vdrvroot - detected LockedFile.Multi.Generic ( 1 )
20:08:47.0462 0x0f80  Detect skipped due to KSN trusted
20:08:47.0462 0x0f80  vdrvroot - ok
20:08:47.0563 0x0f80  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:08:47.0651 0x0f80  vds - ok
20:08:47.0694 0x0f80  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:47.0695 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: DA4DA3F5E02943C2DC8C6ED875DE68DD, sha256: EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838
20:08:47.0696 0x0f80  vga - detected LockedFile.Multi.Generic ( 1 )
20:08:50.0520 0x0f80  Detect skipped due to KSN trusted
20:08:50.0520 0x0f80  vga - ok
20:08:50.0661 0x0f80  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:08:50.0661 0x0f80  Suspicious file ( NoAccess ): C:\Windows\System32\drivers\vga.sys. md5: 53E92A310193CB3C03BEA963DE7D9CFC, sha256: 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125
20:08:50.0661 0x0f80  VgaSave - detected LockedFile.Multi.Generic ( 1 )
20:08:53.0639 0x0f80  Detect skipped due to KSN trusted
20:08:53.0639 0x0f80  VgaSave - ok
20:08:53.0722 0x0f80  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:08:53.0722 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\vhdmp.sys. md5: 2CE2DF28C83AEAF30084E1B1EB253CBB, sha256: D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF
20:08:53.0723 0x0f80  vhdmp - detected LockedFile.Multi.Generic ( 1 )
20:08:56.0613 0x0f80  Detect skipped due to KSN trusted
20:08:56.0613 0x0f80  vhdmp - ok
20:08:56.0722 0x0f80  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:08:56.0723 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\viaide.sys. md5: E5689D93FFE4E5D66C0178761240DD54, sha256: 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27
20:08:56.0723 0x0f80  viaide - detected LockedFile.Multi.Generic ( 1 )
20:08:59.0572 0x0f80  Detect skipped due to KSN trusted
20:08:59.0572 0x0f80  viaide - ok
20:08:59.0650 0x0f80  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:08:59.0651 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgr.sys. md5: D2AAFD421940F640B407AEFAAEBD91B0, sha256: 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161
20:08:59.0651 0x0f80  volmgr - detected LockedFile.Multi.Generic ( 1 )
20:09:02.0445 0x0f80  Detect skipped due to KSN trusted
20:09:02.0445 0x0f80  volmgr - ok
20:09:02.0551 0x0f80  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:09:02.0551 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volmgrx.sys. md5: A255814907C89BE58B79EF2F189B843B, sha256: 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F
20:09:02.0552 0x0f80  volmgrx - detected LockedFile.Multi.Generic ( 1 )
20:09:05.0352 0x0f80  Detect skipped due to KSN trusted
20:09:05.0353 0x0f80  volmgrx - ok
20:09:05.0437 0x0f80  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:09:05.0438 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\volsnap.sys. md5: 0D08D2F3B3FF84E433346669B5E0F639, sha256: 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC
20:09:05.0438 0x0f80  volsnap - detected LockedFile.Multi.Generic ( 1 )
20:09:08.0411 0x0f80  Detect skipped due to KSN trusted
20:09:08.0411 0x0f80  volsnap - ok
20:09:08.0494 0x0f80  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:09:08.0495 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5E2016EA6EBACA03C04FEAC5F330D997, sha256: 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC
20:09:08.0495 0x0f80  vsmraid - detected LockedFile.Multi.Generic ( 1 )
20:09:11.0468 0x0f80  Detect skipped due to KSN trusted
20:09:11.0468 0x0f80  vsmraid - ok
20:09:11.0616 0x0f80  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:09:11.0743 0x0f80  VSS - ok
20:09:11.0758 0x0f80  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:09:11.0758 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36D4720B72B5C5D9CB2B9C29E9DF67A1, sha256: 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7
20:09:11.0771 0x0f80  vwifibus - detected LockedFile.Multi.Generic ( 1 )
20:09:14.0569 0x0f80  Detect skipped due to KSN trusted
20:09:14.0569 0x0f80  vwifibus - ok
20:09:14.0598 0x0f80  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:09:14.0599 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6A3D66263414FF0D6FA754C646612F3F, sha256: 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB
20:09:14.0599 0x0f80  vwififlt - detected LockedFile.Multi.Generic ( 1 )
20:09:17.0426 0x0f80  Detect skipped due to KSN trusted
20:09:17.0426 0x0f80  vwififlt - ok
20:09:17.0523 0x0f80  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:09:17.0625 0x0f80  W32Time - ok
20:09:17.0659 0x0f80  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:09:17.0659 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4E9440F4F152A7B944CB1663D3935A3E, sha256: 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53
20:09:17.0659 0x0f80  WacomPen - detected LockedFile.Multi.Generic ( 1 )
20:09:20.0630 0x0f80  Detect skipped due to KSN trusted
20:09:20.0630 0x0f80  WacomPen - ok
20:09:20.0727 0x0f80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:09:20.0727 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
20:09:20.0728 0x0f80  WANARP - detected LockedFile.Multi.Generic ( 1 )
20:09:23.0535 0x0f80  Detect skipped due to KSN trusted
20:09:23.0535 0x0f80  WANARP - ok
20:09:23.0567 0x0f80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:09:23.0568 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 356AFD78A6ED4457169241AC3965230C, sha256: CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399
20:09:23.0568 0x0f80  Wanarpv6 - detected LockedFile.Multi.Generic ( 1 )
20:09:23.0568 0x0f80  Detect skipped due to KSN trusted
20:09:23.0568 0x0f80  Wanarpv6 - ok
20:09:23.0744 0x0f80  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:09:23.0820 0x0f80  WatAdminSvc - ok
20:09:23.0928 0x0f80  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:09:24.0024 0x0f80  wbengine - ok
20:09:24.0062 0x0f80  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:09:24.0086 0x0f80  WbioSrvc - ok
20:09:24.0149 0x0f80  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:09:24.0209 0x0f80  wcncsvc - ok
20:09:24.0223 0x0f80  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:09:24.0261 0x0f80  WcsPlugInService - ok
20:09:24.0289 0x0f80  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:09:24.0289 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889E16FF12BA0F235467D6091B17DC, sha256: F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8
20:09:24.0289 0x0f80  Wd - detected LockedFile.Multi.Generic ( 1 )
20:09:27.0183 0x0f80  Detect skipped due to KSN trusted
20:09:27.0183 0x0f80  Wd - ok
20:09:27.0303 0x0f80  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:09:27.0303 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\Wdf01000.sys. md5: E2C933EDBC389386EBE6D2BA953F43D8, sha256: AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07
20:09:27.0305 0x0f80  Wdf01000 - detected LockedFile.Multi.Generic ( 1 )
20:09:30.0100 0x0f80  Detect skipped due to KSN trusted
20:09:30.0100 0x0f80  Wdf01000 - ok
20:09:30.0199 0x0f80  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:09:30.0317 0x0f80  WdiServiceHost - ok
20:09:30.0342 0x0f80  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:09:30.0371 0x0f80  WdiSystemHost - ok
20:09:30.0406 0x0f80  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
20:09:30.0447 0x0f80  WebClient - ok
20:09:30.0471 0x0f80  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:09:30.0532 0x0f80  Wecsvc - ok
20:09:30.0555 0x0f80  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:09:30.0600 0x0f80  wercplsupport - ok
20:09:30.0625 0x0f80  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:09:30.0675 0x0f80  WerSvc - ok
20:09:30.0705 0x0f80  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:09:30.0705 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611B23304BF067451A9FDEE01FBDD725, sha256: 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8
20:09:30.0715 0x0f80  WfpLwf - detected LockedFile.Multi.Generic ( 1 )
20:09:33.0708 0x0f80  Detect skipped due to KSN trusted
20:09:33.0708 0x0f80  WfpLwf - ok
20:09:33.0733 0x0f80  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:09:33.0733 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wimmount.sys. md5: 05ECAEC3E4529A7153B3136CEB49F0EC, sha256: 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50
20:09:33.0733 0x0f80  WIMMount - detected LockedFile.Multi.Generic ( 1 )
20:09:36.0551 0x0f80  Detect skipped due to KSN trusted
20:09:36.0551 0x0f80  WIMMount - ok
20:09:36.0592 0x0f80  WinDefend - ok
20:09:36.0603 0x0f80  WinHttpAutoProxySvc - ok
20:09:36.0671 0x0f80  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:09:36.0732 0x0f80  Winmgmt - ok
20:09:36.0833 0x0f80  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:09:36.0982 0x0f80  WinRM - ok
20:09:37.0040 0x0f80  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:09:37.0040 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: FE88B288356E7B47B74B13372ADD906D, sha256: A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03
20:09:37.0040 0x0f80  WinUsb - detected LockedFile.Multi.Generic ( 1 )
20:09:39.0832 0x0f80  Detect skipped due to KSN trusted
20:09:39.0832 0x0f80  WinUsb - ok
20:09:39.0941 0x0f80  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:09:39.0992 0x0f80  Wlansvc - ok
20:09:40.0156 0x0f80  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:09:40.0210 0x0f80  wlidsvc - ok
20:09:40.0230 0x0f80  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:09:40.0231 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\wmiacpi.sys. md5: F6FF8944478594D0E414D3F048F0D778, sha256: 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9
20:09:40.0231 0x0f80  WmiAcpi - detected LockedFile.Multi.Generic ( 1 )
20:09:43.0025 0x0f80  Detect skipped due to KSN trusted
20:09:43.0025 0x0f80  WmiAcpi - ok
20:09:43.0114 0x0f80  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:09:43.0154 0x0f80  wmiApSrv - ok
20:09:43.0179 0x0f80  WMPNetworkSvc - ok
20:09:43.0208 0x0f80  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:09:43.0231 0x0f80  WPCSvc - ok
20:09:43.0263 0x0f80  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:09:43.0286 0x0f80  WPDBusEnum - ok
20:09:43.0309 0x0f80  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:09:43.0310 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6BCC1D7D2FD2453957C5479A32364E52, sha256: E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090
20:09:43.0310 0x0f80  ws2ifsl - detected LockedFile.Multi.Generic ( 1 )
20:09:46.0281 0x0f80  Detect skipped due to KSN trusted
20:09:46.0281 0x0f80  ws2ifsl - ok
20:09:46.0348 0x0f80  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
20:09:46.0389 0x0f80  wscsvc - ok
20:09:46.0435 0x0f80  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:09:46.0436 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDPrint.sys. md5: 8D918B1DB190A4D9B1753A66FA8C96E8, sha256: DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE
20:09:46.0436 0x0f80  WSDPrintDevice - detected LockedFile.Multi.Generic ( 1 )
20:09:49.0231 0x0f80  Detect skipped due to KSN trusted
20:09:49.0231 0x0f80  WSDPrintDevice - ok
20:09:49.0312 0x0f80  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
20:09:49.0313 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WSDScan.sys. md5: 4A2A5C50DD1A63577D3ACA94269FBC7F, sha256: F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047
20:09:49.0313 0x0f80  WSDScan - detected LockedFile.Multi.Generic ( 1 )
20:09:52.0110 0x0f80  Detect skipped due to KSN trusted
20:09:52.0110 0x0f80  WSDScan - ok
20:09:52.0114 0x0f80  WSearch - ok
20:09:52.0285 0x0f80  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:09:52.0384 0x0f80  wuauserv - ok
20:09:52.0410 0x0f80  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:09:52.0410 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\drivers\WudfPf.sys. md5: D3381DC54C34D79B22CEE0D65BA91B7C, sha256: 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9
20:09:52.0410 0x0f80  WudfPf - detected LockedFile.Multi.Generic ( 1 )
20:09:55.0394 0x0f80  Detect skipped due to KSN trusted
20:09:55.0394 0x0f80  WudfPf - ok
20:09:55.0501 0x0f80  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:55.0502 0x0f80  Suspicious file ( NoAccess ): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: CF8D590BE3373029D57AF80914190682, sha256: FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF
20:09:55.0502 0x0f80  WUDFRd - detected LockedFile.Multi.Generic ( 1 )
20:09:58.0314 0x0f80  Detect skipped due to KSN trusted
20:09:58.0314 0x0f80  WUDFRd - ok
20:09:58.0397 0x0f80  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:09:58.0450 0x0f80  wudfsvc - ok
20:09:58.0481 0x0f80  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:09:58.0515 0x0f80  WwanSvc - ok
20:09:58.0531 0x0f80  ================ Scan global ===============================
20:09:58.0557 0x0f80  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:09:58.0591 0x0f80  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:09:58.0623 0x0f80  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:09:58.0658 0x0f80  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:09:58.0687 0x0f80  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:09:58.0698 0x0f80  [ Global ] - ok
20:09:58.0699 0x0f80  ================ Scan MBR ==================================
20:09:58.0711 0x0f80  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:09:59.0263 0x0f80  \Device\Harddisk0\DR0 - ok
20:09:59.0263 0x0f80  ================ Scan VBR ==================================
20:09:59.0267 0x0f80  [ 24BF7F780D3EE634DAB53EFDC1202BD1 ] \Device\Harddisk0\DR0\Partition1
20:09:59.0301 0x0f80  \Device\Harddisk0\DR0\Partition1 - ok
20:09:59.0328 0x0f80  [ EC6726C4FA42D14EDA4AB29ED4F49905 ] \Device\Harddisk0\DR0\Partition2
20:09:59.0346 0x0f80  \Device\Harddisk0\DR0\Partition2 - ok
20:09:59.0347 0x0f80  ================ Scan generic autorun ======================
20:09:59.0347 0x0f80  TPwrMain - ok
20:09:59.0350 0x0f80  TosWaitSrv - ok
20:09:59.0353 0x0f80  TosVolRegulator - ok
20:09:59.0356 0x0f80  Toshiba Registration - ok
20:09:59.0382 0x0f80  Teco - ok
20:09:59.0383 0x0f80  SynTPEnh - ok
20:09:59.0386 0x0f80  SmoothView - ok
20:09:59.0388 0x0f80  SmartFaceVWatcher - ok
20:09:59.0445 0x0f80  [ 5B3719BDBF1F035558F2D73BA166A99C, AA0A6B2C7B504637A77C31A1680245CEAE993417050B9A0D8595E3424BC2D57A ] C:\Program Files\CONEXANT\SAII\SAIICpl.exe
20:09:59.0470 0x0f80  SmartAudio - ok
20:09:59.0472 0x0f80  HSON - ok
20:09:59.0504 0x0f80  [ 24066DF5E85F6AF4A2013E70BF73423C, 9B4EFBF3FF194244F0D5C9128CF99EC7BCB1D62BE0975DA0F52816FF00EB0DB9 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
20:09:59.0524 0x0f80  cAudioFilterAgent - ok
20:09:59.0525 0x0f80  00TCrdMain - ok
20:09:59.0657 0x0f80  [ F7E0783DA9043BC131BB37C77EDB04DF, CD24E9B89789BE57230C52B24E63F29C6E650876E5FB0CB1304390B7E698FF93 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
20:09:59.0712 0x0f80  TWebCamera - ok
20:09:59.0765 0x0f80  [ 541B822882607023E75FFEC0C8F90FAF, 1D734219F99EE4FEDFD8D146DCA4733C8633540CF2613A6002363B0F69859687 ] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
20:09:59.0795 0x0f80  ToshibaServiceStation - ok
20:09:59.0850 0x0f80  [ 21EE540CC1AC0F16E34BE3D84BF93269, 1A4F67879043DCD622F9280E359D9BB189EF1C2FF23FB101606808740EA25B42 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:09:59.0871 0x0f80  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:10:02.0682 0x0f80  Detect skipped due to KSN trusted
20:10:02.0683 0x0f80  StartCCC - ok
20:10:02.0979 0x0f80  [ D6FE9E0F705794A86F87A01B222290EF, 92EE74775E39B6CC83C5B8D80239D7C475825057E31CC3A8D85D152FD77F7F8A ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
20:10:03.0115 0x0f80  AvastUI.exe - ok
20:10:03.0218 0x0f80  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:10:03.0334 0x0f80  Sidebar - ok
20:10:03.0361 0x0f80  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:10:03.0396 0x0f80  mctadmin - ok
20:10:03.0443 0x0f80  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
20:10:03.0485 0x0f80  Sidebar - ok
20:10:03.0493 0x0f80  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
20:10:03.0509 0x0f80  mctadmin - ok
20:10:03.0510 0x0f80  Waiting for KSN requests completion. In queue: 11
20:10:04.0510 0x0f80  Waiting for KSN requests completion. In queue: 11
20:10:05.0510 0x0f80  Waiting for KSN requests completion. In queue: 11
20:10:06.0510 0x0f80  Waiting for KSN requests completion. In queue: 5
20:10:07.0633 0x0f80  Win FW state via NFP2: enabled ( trusted )
20:10:10.0379 0x0f80  ============================================================
20:10:10.0379 0x0f80  Scan finished
20:10:10.0379 0x0f80  ============================================================
20:10:10.0392 0x07ec  Detected object count: 1
20:10:10.0393 0x07ec  Actual detected object count: 1
20:10:57.0764 0x07ec  C:\Windows\System32\Drivers\a14f089ffbafdf69.sys - copied to quarantine
20:10:57.0772 0x07ec  HKLM\SYSTEM\ControlSet001\services\a14f089ffbafdf69 - will be deleted on reboot
20:10:57.0788 0x07ec  HKLM\SYSTEM\ControlSet002\services\a14f089ffbafdf69 - will be deleted on reboot
20:10:57.0949 0x07ec  C:\Windows\System32\Drivers\a14f089ffbafdf69.sys - will be deleted on reboot
20:10:57.0949 0x07ec  a14f089ffbafdf69 ( Rootkit.Win32.Necurs.gen ) - User select action: Delete
20:10:58.0145 0x07ec  KLMD registered as C:\Windows\system32\drivers\60661574.sys

 

 

 

FRST FIXLOG

 

 

Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja:31-08-2015
Uruchomiony przez Bladowo (2015-09-02 20:18:16) Run:1
Uruchomiony z C:\Users\Bladowo\Desktop
Załadowane profile: Bladowo (Dostępne profile: Bladowo)
Tryb startu: Normal
==============================================

fixlist - zawartość:
*****************
CreateRestorePoint:
U5 a14f089ffbafdf69; C:\Windows\System32\Drivers\a14f089ffbafdf69.sys [60344 2014-05-25] () <===== UWAGA Necurs Rootkit?
U5 a14f089ffbafdf69; <===== UWAGA: Zablokowana usluga
S1 dnahlxbg; \??\C:\Windows\system32\drivers\dnahlxbg.sys [X]
C:\Windows\system32\drivers\dnahlxbg.sys
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Punkt przywracania został pomyślnie utworzony.
a14f089ffbafdf69 => serwis nie znaleziono.
a14f089ffbafdf69 => serwis nie znaleziono.
dnahlxbg => serwis pomyślnie usunięto
"C:\Windows\system32\drivers\dnahlxbg.sys" => plik/folder nie znaleziono.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wartość pomyślnie usunięto
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wartość pomyślnie usunięto
HKU\S-1-5-21-4061940706-3157505194-3058203634-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => Wartość pomyślnie usunięto
HKU\S-1-5-21-4061940706-3157505194-3058203634-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => Wartość pomyślnie usunięto


========= Koniec  RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= Koniec  CMD: =========

EmptyTemp: => 6.6 GB danych tymczasowych Usunięto.


System wymagał restartu..

==== Koniec  Fixlog 20:20:06 ====


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK let me know what problems you are having after this run... But, it is looking good :)

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#9
mcrjoker

mcrjoker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I did the scan, but I can't see options to choose (Quarantine).

What should I do here?

 

 

Bez tytułu.png


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It will automatically put them in quarantine.. I think that part is badly worded press remove selected
  • 0

#11
mcrjoker

mcrjoker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Here's the log from scan:

 

Attached File  malwarebytes09022015log.txt   1.48KB   110 downloads

 

I don't know if you want me to past it everytime into post, or just attach, if not please say so.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015-09-02
Scan Time: 22:39
Logfile: malwarebytes09022015log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.02.08
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bladowo

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345821
Time Elapsed: 17 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
Spyware.Zbot.ED, C:\Users\Bladowo\Downloads\setup(1).exe, Quarantined, [829ecf5c177463d3ee36b96059a8ee12],
Spyware.Zbot.ED, C:\Users\Bladowo\Downloads\setup.exe, Quarantined, [c65aa487a9e22e08b17346d3837e57a9],
PUP.Optional.InstallCore, C:\Users\Bladowo\Downloads\GeoGebra 5.exe, Quarantined, [32eeae7d1f6c1b1b7c464e46b253718f],
Trojan.Agent, C:\Windows\Installer\{9DE2642E-D9F9-3B23-1D20-84A4FCF1D314}\syshost.exe, Quarantined, [c25e95969af1c175bf099e947888d42c],

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope, no need now.. :)

Any further problems before I tidy up ?
  • 0

#13
mcrjoker

mcrjoker

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

No more problems :)

Thank you very much ;) I am really gratefull.


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP