TDSSKiller.2.8.16.0 09.06.2013 16.38.30 Log

16:38:30.0993 7792 TDSS rootkit removing tool 2.8.16.
0 Feb 11 2013 18:50:42

16:38:32.0233 7792 ============================================================
16:38:32.0233 7792 Current date / time: 2013/06/09 16:38:32.0233
16:38:32.0233 7792 SystemInfo:
16:38:32.0233 7792
16:38:32.0233 7792 OS Version: 6.1.7601 ServicePack: 1.0
16:38:32.0233 7792 Product type: Workstation
16:38:32.0233 7792 ComputerName: SLQPA0500
16:38:32.0233 7792 UserName: EdgeTouchscreen
16:38:32.0233 7792 Windows directory: C:\Windows
16:38:32.0233 7792 System windows directory: C:\Windows
16:38:32.0233 7792 Running under WOW64
16:38:32.0233 7792 Processor architecture: Intel x64
16:38:32.0233 7792 Number of processors: 2
16:38:32.0233 7792 Page size: 0x1000
16:38:32.0233 7792 Boot type: Normal boot
16:38:32.0233 7792 ============================================================
16:38:36.0263 7792 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb)
, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder
: 0xFF, Type 'K0', Flags 0x00000040
16:38:36.0338 7792 ============================================================
16:38:36.0345 7792 \Device\Harddisk0\DR0:
16:38:36.0359 7792 MBR partitions:
16:38:36.0359 7792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x
2EE800, BlocksNum 0x32000
16:38:36.0359 7792 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x
320800, BlocksNum 0x3A065000
16:38:36.0359 7792 ============================================================
16:38:36.0443 7792 C: <-> \Device\Harddisk0\DR0\Partition2
16:38:36.0655 7792 ============================================================
16:38:36.0655 7792 Initialize success
16:38:36.0655 7792 ============================================================
16:38:43.0180 10456 ===========================================================
=
16:38:43.0191 10456 Scan started
16:38:43.0191 10456 Mode: Manual; SigCheck;
16:38:43.0191 10456 ===========================================================
=
16:38:45.0884 10456 ================ Scan system memory =======================
=
16:38:45.0910 10456 System memory - ok
16:38:45.0913 10456 ================ Scan services ============================
=
16:38:46.0646 10456 [ FBDA3F2E23ED8E8ACFD3AC47CB32B5DA ] 1394ohci
C:\Win
dows\system32\drivers\1394ohci.sys
16:38:46.0673 10456 Suspicious file (Forged): C:\Windows\system32\drivers\1394o
hci.sys. Real md5: FBDA3F2E23ED8E8ACFD3AC47CB32B5DA, Fake md5: A87D604AEA3601763
11474C87A63BB88
16:38:46.0674 10456 1394ohci ( ForgedFile.Multi.Generic ) - warning
16:38:46.0674 10456 1394ohci - detected ForgedFile.Multi.Generic (1)
16:38:46.0741 10456 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon
C:\Pro
gram Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:38:47.0286 10456 ACDaemon - ok
16:38:47.0333 10456 [ 6691410244FFECEC41BE4C47C10FAAFA ] ACPI
C:\Win
dows\system32\drivers\ACPI.sys
16:38:47.0346 10456 Suspicious file (Forged): C:\Windows\system32\drivers\ACPI.
sys. Real md5: 6691410244FFECEC41BE4C47C10FAAFA, Fake md5: D81D9E70B8A6DD14D42D7
B4EFA65D5F2
16:38:47.0347 10456 ACPI ( ForgedFile.Multi.Generic ) - warning
16:38:47.0347 10456 ACPI - detected ForgedFile.Multi.Generic (1)
16:38:47.0374 10456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi

C:\Win
dows\system32\drivers\acpipmi.sys
16:38:47.0745 10456 AcpiPmi - ok
16:38:47.0806 10456 [ 5647CFBC7535F94BAE796B567D0169E8 ] AdobeActiveFileMonitor
7.0 c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAge
nt.exe
16:38:47.0863 10456 Suspicious file (Forged): c:\Program Files (x86)\Adobe\Phot
oshop Elements 7.0\PhotoshopElementsFileAgent.exe. Real md5: 5647CFBC7535F94BAE7
96B567D0169E8, Fake md5: 6D9FC1E7EA3C548F4D3455F0C3FEEF8C
16:38:47.0864 10456 AdobeActiveFileMonitor7.0 ( ForgedFile.Multi.Generic ) - wa
rning
16:38:47.0864 10456 AdobeActiveFileMonitor7.0 - detected ForgedFile.Multi.Gener
ic (1)
16:38:47.0977 10456 [ D8890C56B6D5568064BCF78A99998340 ] AdobeFlashPlayerUpdate
Svc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:38:47.0994 10456 Suspicious file (Forged): C:\Windows\SysWOW64\Macromed\Flas
h\FlashPlayerUpdateService.exe. Real md5: D8890C56B6D5568064BCF78A99998340, Fake
md5: F040037B149FD0F5A5044AE563390FA7
16:38:47.0995 10456 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - wa
rning
16:38:47.0995 10456 AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Gener
ic (1)
16:38:48.0020 10456 [ 4447CB4BB00391A6442BD48BC399B2DD ] adp94xx
C:\Win
dows\system32\DRIVERS\adp94xx.sys
16:38:48.0066 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adp94
xx.sys. Real md5: 4447CB4BB00391A6442BD48BC399B2DD, Fake md5: 2F6B34B83843F0C511
8B63AC634F5BF4
16:38:48.0067 10456 adp94xx ( ForgedFile.Multi.Generic ) - warning
16:38:48.0067 10456 adp94xx - detected ForgedFile.Multi.Generic (1)
16:38:48.0092 10456 [ B0FF150AB317F7BB56EFD37F5AF5F6A0 ] adpahci
C:\Win
dows\system32\DRIVERS\adpahci.sys
16:38:48.0150 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adpah
ci.sys. Real md5: B0FF150AB317F7BB56EFD37F5AF5F6A0, Fake md5: 597F78224EE9224EA1
A13D6350CED962
16:38:48.0151 10456 adpahci ( ForgedFile.Multi.Generic ) - warning
16:38:48.0152 10456 adpahci - detected ForgedFile.Multi.Generic (1)
16:38:48.0158 10456 [ 1C42EEAE0241B6945805E719739A7A69 ] adpu320
C:\Win
dows\system32\DRIVERS\adpu320.sys
16:38:48.0217 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adpu3
20.sys. Real md5: 1C42EEAE0241B6945805E719739A7A69, Fake md5: E109549C90F62FB570
B9540C4B148E54
16:38:48.0218 10456 adpu320 ( ForgedFile.Multi.Generic ) - warning
16:38:48.0218 10456 adpu320 - detected ForgedFile.Multi.Generic (1)
16:38:48.0258 10456 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc
C:\Win
dows\System32\aelupsvc.dll
16:38:48.0488 10456 AeLookupSvc - ok
16:38:48.0527 10456 [ 2EF70BAABAB756361309C358D012FA74 ] AFD
C:\Win
dows\system32\drivers\afd.sys
16:38:48.0544 10456 Suspicious file (Forged): C:\Windows\system32\drivers\afd.s
ys. Real md5: 2EF70BAABAB756361309C358D012FA74, Fake md5: 1C7857B62DE5994A75B054
A9FD4C3825
16:38:48.0545 10456 AFD ( ForgedFile.Multi.Generic ) - warning
16:38:48.0545 10456 AFD - detected ForgedFile.Multi.Generic (1)
16:38:48.0566 10456 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440
C:\Win
dows\system32\drivers\agp440.sys
16:38:48.0616 10456 agp440 - ok
16:38:48.0652 10456 [ 3290D6946B5E30E70414990574883DDB ] ALG
C:\Win
dows\System32\alg.exe
16:38:48.0796 10456 ALG - ok
16:38:48.0825 10456 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide
C:\Win
dows\system32\drivers\aliide.sys
16:38:48.0874 10456 aliide - ok
16:38:48.0899 10456 [ 1FF8B4431C353CE385C875F194924C0C ] amdide
C:\Win
dows\system32\drivers\amdide.sys
16:38:48.0915 10456 amdide - ok
16:38:48.0960 10456 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8
C:\Win
dows\system32\DRIVERS\amdk8.sys
16:38:49.0148 10456 AmdK8 - ok
16:38:49.0160 10456 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM
C:\Win
dows\system32\DRIVERS\amdppm.sys
16:38:49.0255 10456 AmdPPM - ok
16:38:49.0319 10456 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata
C:\Win
dows\system32\drivers\amdsata.sys
16:38:49.0372 10456 amdsata - ok
16:38:49.0410 10456 [ EB7A232A20D3EE8115F5CE881C6316C4 ] amdsbs
C:\Win
dows\system32\DRIVERS\amdsbs.sys
16:38:49.0478 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\amdsb
s.sys. Real md5: EB7A232A20D3EE8115F5CE881C6316C4, Fake md5: F67F933E79241ED32FF
46A4F29B5120B
16:38:49.0478 10456 amdsbs ( ForgedFile.Multi.Generic ) - warning
16:38:49.0478 10456 amdsbs - detected ForgedFile.Multi.Generic (1)
16:38:49.0514 10456 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata
C:\Win
dows\system32\drivers\amdxata.sys
16:38:49.0574 10456 amdxata - ok
16:38:49.0617 10456 [ 89A69C3F2F319B43379399547526D952 ] AppID
C:\Win
dows\system32\drivers\appid.sys
16:38:49.0846 10456 AppID - ok
16:38:49.0882 10456 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc
C:\Win
dows\System32\appidsvc.dll
16:38:50.0080 10456 AppIDSvc - ok
16:38:50.0151 10456 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo
C:\Win
dows\System32\appinfo.dll
16:38:50.0325 10456 Appinfo - ok
16:38:50.0403 10456 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:
\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
ervice.exe
16:38:50.0465 10456 Apple Mobile Device - ok
16:38:50.0523 10456 [ C484F8CEB1717C540242531DB7845C4E ] arc
C:\Win
dows\system32\DRIVERS\arc.sys
16:38:50.0556 10456 arc - ok
16:38:50.0562 10456 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas
C:\Win
dows\system32\DRIVERS\arcsas.sys
16:38:50.0607 10456 arcsas - ok
16:38:50.0654 10456 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Wi
ndows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:38:50.0699 10456 ArcSoftKsUFilter - ok
16:38:50.0746 10456 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac
C:\Win
dows\system32\DRIVERS\asyncmac.sys
16:38:50.0946 10456 AsyncMac - ok
16:38:51.0003 10456 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi
C:\Win
dows\system32\drivers\atapi.sys
16:38:51.0029 10456 atapi - ok
16:38:51.0082 10456 [ 73877CCD74A0D9B065B8C5A02114EA10 ] athr
C:\Win
dows\system32\DRIVERS\athrx.sys
16:38:51.0361 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\athrx
.sys. Real md5: 73877CCD74A0D9B065B8C5A02114EA10, Fake md5: 5D4529AC4156E16BEDB0
1441AE0CF984
16:38:51.0376 10456 athr ( ForgedFile.Multi.Generic ) - warning
16:38:51.0376 10456 athr - detected ForgedFile.Multi.Generic (1)
16:38:51.0405 10456 [ D6F8ED39444B5BEC033ACD76D41413FF ] AudioEndpointBuilder C
:\Windows\System32\Audiosrv.dll
16:38:51.0474 10456 Suspicious file (Forged): C:\Windows\System32\Audiosrv.dll.
Real md5: D6F8ED39444B5BEC033ACD76D41413FF, Fake md5: F23FEF6D569FCE88671949894
A8BECF1
16:38:51.0476 10456 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - warning
16:38:51.0476 10456 AudioEndpointBuilder - detected ForgedFile.Multi.Generic (1
)
16:38:51.0482 10456 [ D6F8ED39444B5BEC033ACD76D41413FF ] AudioSrv
C:\Win
dows\System32\Audiosrv.dll
A8BECF1
16:38:51.0487 10456 AudioSrv ( ForgedFile.Multi.Generic ) - warning
16:38:51.0487 10456 AudioSrv - detected ForgedFile.Multi.Generic (1)
16:38:51.0523 10456 [ FC89DFDD6B9E5E7D86B06432E990401E ] AVerAVF2
C:\Win
dows\system32\DRIVERS\AVerAVF2.sys
16:38:51.0600 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\AVerA
VF2.sys. Real md5: FC89DFDD6B9E5E7D86B06432E990401E, Fake md5: 59E75082DC7DA2525
92EC3489A2CF4EA
16:38:51.0603 10456 AVerAVF2 ( ForgedFile.Multi.Generic ) - warning
16:38:51.0603 10456 AVerAVF2 - detected ForgedFile.Multi.Generic (1)
16:38:51.0647 10456 [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp
C:\Win
dows\system32\drivers\avgtpx64.sys
16:38:51.0689 10456 avgtp - ok
16:38:51.0753 10456 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV
C:\Win
dows\System32\AxInstSV.dll
16:38:51.0946 10456 AxInstSV - ok
16:38:52.0011 10456 [ 3E7FA18FEA3BE0AF9614DE5C65092795 ] b06bdrv
C:\Win
dows\system32\DRIVERS\bxvbda.sys
16:38:52.0061 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\bxvbd
a.sys. Real md5: 3E7FA18FEA3BE0AF9614DE5C65092795, Fake md5: 3E5B191307609F75141
48C6832BB0842
16:38:52.0062 10456 b06bdrv ( ForgedFile.Multi.Generic ) - warning
16:38:52.0062 10456 b06bdrv - detected ForgedFile.Multi.Generic (1)
16:38:52.0086 10456 [ A51E3C2C28CC549C77C41CE609F3C89F ] b57nd60a
C:\Win
dows\system32\DRIVERS\b57nd60a.sys
16:38:52.0136 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\b57nd
60a.sys. Real md5: A51E3C2C28CC549C77C41CE609F3C89F, Fake md5: B5ACE6968304A3900
EEB1EBFD9622DF2
16:38:52.0137 10456 b57nd60a ( ForgedFile.Multi.Generic ) - warning
16:38:52.0137 10456 b57nd60a - detected ForgedFile.Multi.Generic (1)
16:38:52.0211 10456 [ CE5A6AB907758186A5B5536B7ED78323 ] BackupStack
C:\Pro
gram Files (x86)\MyPC Backup\BackupStack.exe
16:38:52.0282 10456 BackupStack - ok
16:38:52.0332 10456 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC
C:\Win
dows\System32\bdesvc.dll
16:38:52.0501 10456 BDESVC - ok
16:38:52.0528 10456 [ 16A47CE2DECC9B099349A5F840654746 ] Beep
C:\Win
dows\system32\drivers\Beep.sys
16:38:52.0697 10456 Beep - ok
16:38:52.0752 10456 [ 99337200D3F66033B87F19A70B2B2DEC ] BFE
C:\Win
dows\System32\bfe.dll
16:38:52.0820 10456 Suspicious file (Forged): C:\Windows\System32\bfe.dll. Real
md5: 99337200D3F66033B87F19A70B2B2DEC, Fake md5: 82974D6A2FD19445CC5171FC378668
A4
16:38:52.0822 10456 BFE ( ForgedFile.Multi.Generic ) - warning
16:38:52.0822 10456 BFE - detected ForgedFile.Multi.Generic (1)
16:38:52.0831 10456 [ 5E70BFA2F6D20D0CE0C4BC8CB9978695 ] BITS
C:\Win
dows\System32\qmgr.dll
16:38:52.0861 10456 Suspicious file (Forged): C:\Windows\System32\qmgr.dll. Rea
l md5: 5E70BFA2F6D20D0CE0C4BC8CB9978695, Fake md5: 1EA7969E3271CBC59E1730697DC74

682
16:38:52.0863 10456 BITS ( ForgedFile.Multi.Generic ) - warning
16:38:52.0864 10456 BITS - detected ForgedFile.Multi.Generic (1)
16:38:52.0895 10456 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive
C:\Win
dows\system32\DRIVERS\blbdrive.sys
16:38:52.0988 10456 blbdrive - ok
16:38:53.0066 10456 [ 63CB337BD7477B44CC7156D3E67E3EC3 ] Bonjour Service C:\Pro
gram Files\Bonjour\mDNSResponder.exe
16:38:53.0132 10456 Suspicious file (Forged): C:\Program Files\Bonjour\mDNSResp
onder.exe. Real md5: 63CB337BD7477B44CC7156D3E67E3EC3, Fake md5: EBBCD5DFBB1DE70
E8F4AF8FA59E401FD
16:38:53.0133 10456 Bonjour Service ( ForgedFile.Multi.Generic ) - warning
16:38:53.0133 10456 Bonjour Service - detected ForgedFile.Multi.Generic (1)
16:38:53.0183 10456 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser
C:\Win
dows\system32\DRIVERS\bowser.sys
16:38:53.0298 10456 bowser - ok
16:38:53.0329 10456 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo
C:\Win
dows\system32\DRIVERS\BrFiltLo.sys
16:38:53.0451 10456 BrFiltLo - ok
16:38:53.0463 10456 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp
C:\Win
dows\system32\DRIVERS\BrFiltUp.sys
16:38:53.0519 10456 BrFiltUp - ok
16:38:53.0553 10456 [ DD5448BF498735A4AF29D9B7A08BAA98 ] Browser
C:\Win
dows\System32\browser.dll
16:38:53.0566 10456 Suspicious file (Forged): C:\Windows\System32\browser.dll.
Real md5: DD5448BF498735A4AF29D9B7A08BAA98, Fake md5: 05F5A0D14A2EE1D8255C2AA0E9
E8E694
16:38:53.0567 10456 Browser ( ForgedFile.Multi.Generic ) - warning
16:38:53.0567 10456 Browser - detected ForgedFile.Multi.Generic (1)
16:38:53.0577 10456 [ 4579108CDA3CEBC6432027A86E7B7A9B ] Brserid
C:\Win
dows\System32\Drivers\Brserid.sys
16:38:53.0671 10456 Suspicious file (Forged): C:\Windows\System32\Drivers\Brser
id.sys. Real md5: 4579108CDA3CEBC6432027A86E7B7A9B, Fake md5: 43BEA8D483BF1870F0
18E2D02E06A5BD
16:38:53.0673 10456 Brserid ( ForgedFile.Multi.Generic ) - warning
16:38:53.0673 10456 Brserid - detected ForgedFile.Multi.Generic (1)
16:38:53.0705 10456 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm
C:\Win
dows\System32\Drivers\BrSerWdm.sys
16:38:53.0792 10456 BrSerWdm - ok
16:38:53.0822 10456 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm
C:\Win
dows\System32\Drivers\BrUsbMdm.sys
16:38:53.0943 10456 BrUsbMdm - ok
16:38:53.0992 10456 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer
C:\Win
dows\System32\Drivers\BrUsbSer.sys
16:38:54.0108 10456 BrUsbSer - ok
16:38:54.0146 10456 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum
C:\Win
dows\system32\drivers\BthEnum.sys
16:38:54.0438 10456 BthEnum - ok
16:38:54.0487 10456 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM
C:\Win
dows\system32\DRIVERS\bthmodem.sys
16:38:54.0601 10456 BTHMODEM - ok
16:38:54.0640 10456 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan
C:\Win
dows\system32\DRIVERS\bthpan.sys
16:38:54.0709 10456 BthPan - ok
16:38:54.0782 10456 [ B07500770CF6E855A4BE94DD0177051E ] BTHPORT
C:\Win
dows\System32\Drivers\BTHport.sys
16:38:54.0836 10456 Suspicious file (Forged): C:\Windows\System32\Drivers\BTHpo
rt.sys. Real md5: B07500770CF6E855A4BE94DD0177051E, Fake md5: 738D0E9272F59EB7A1
449C3EC118E6C4
16:38:54.0838 10456 BTHPORT ( ForgedFile.Multi.Generic ) - warning

16:38:54.0838 10456 BTHPORT - detected ForgedFile.Multi.Generic (1)
16:38:54.0888 10456 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv
C:\Win
dows\system32\bthserv.dll
16:38:55.0040 10456 bthserv - ok
16:38:55.0125 10456 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB
C:\Win
dows\System32\Drivers\BTHUSB.sys
16:38:55.0248 10456 BTHUSB - ok
16:38:55.0336 10456 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio
C:\Win
dows\system32\drivers\btwaudio.sys
16:38:55.0389 10456 btwaudio - ok
16:38:55.0443 10456 [ 1B983FC6B8C60383B0960DD75942C527 ] btwavdt
C:\Win
dows\system32\drivers\btwavdt.sys
16:38:55.0493 10456 Suspicious file (Forged): C:\Windows\system32\drivers\btwav
dt.sys. Real md5: 1B983FC6B8C60383B0960DD75942C527, Fake md5: 82DC8B7C626E526681
C1BEBED2BC3FF9
16:38:55.0493 10456 btwavdt ( ForgedFile.Multi.Generic ) - warning
16:38:55.0493 10456 btwavdt - detected ForgedFile.Multi.Generic (1)
16:38:55.0563 10456 [ 44A3523497B2D41D1C88715332D796A8 ] btwdins
C:\Pro
gram Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:38:55.0691 10456 Suspicious file (Forged): C:\Program Files\WIDCOMM\Bluetoot
h Software\btwdins.exe. Real md5: 44A3523497B2D41D1C88715332D796A8, Fake md5: D6
5AA164ACD0F6706DBCFBBCC9731584
16:38:55.0693 10456 btwdins ( ForgedFile.Multi.Generic ) - warning
16:38:55.0693 10456 btwdins - detected ForgedFile.Multi.Generic (1)
16:38:55.0741 10456 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap
C:\Win
dows\system32\DRIVERS\btwl2cap.sys
16:38:55.0781 10456 btwl2cap - ok
16:38:55.0804 10456 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid
C:\Win
dows\system32\DRIVERS\btwrchid.sys
16:38:55.0818 10456 btwrchid - ok
16:38:55.0852 10456 [ B8BD2BB284668C84865658C77574381A ] cdfs
C:\Win
dows\system32\DRIVERS\cdfs.sys
16:38:56.0022 10456 cdfs - ok
16:38:56.0063 10456 [ 4368EEFD9E44D770C90A5E241139A7D3 ] cdrom
C:\Win
dows\system32\DRIVERS\cdrom.sys
16:38:56.0125 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom
.sys. Real md5: 4368EEFD9E44D770C90A5E241139A7D3, Fake md5: F036CE71586E93D94DAB
220D7BDF4416
16:38:56.0126 10456 cdrom ( ForgedFile.Multi.Generic ) - warning
16:38:56.0126 10456 cdrom - detected ForgedFile.Multi.Generic (1)
16:38:56.0157 10456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc
C:\Win
dows\System32\certprop.dll
16:38:56.0473 10456 CertPropSvc - ok
16:38:56.0556 10456 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass
C:\Win
dows\system32\DRIVERS\circlass.sys
16:38:56.0693 10456 circlass - ok
16:38:56.0744 10456 [ B912731923C57874FDDD3B8FFADA991D ] CLFS
C:\Win
dows\system32\CLFS.sys
16:38:56.0762 10456 Suspicious file (Forged): C:\Windows\system32\CLFS.sys. Rea
l md5: B912731923C57874FDDD3B8FFADA991D, Fake md5: FE1EC06F2253F691FE36217C592A0
206
16:38:56.0763 10456 CLFS ( ForgedFile.Multi.Generic ) - warning
16:38:56.0763 10456 CLFS - detected ForgedFile.Multi.Generic (1)
16:38:56.0817 10456 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.
50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:38:56.0873 10456 clr_optimization_v2.0.50727_32 - ok
16:38:56.0934 10456 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.
50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:38:57.0055 10456 [ B89B6C8262ACA6654AF4C5C96B00EAD4 ] clr_optimization_v4.0.

16:38:57.0158 10456 Suspicious file (Forged): C:\Windows\Microsoft.NET\Framewor
k\v4.0.30319\mscorsvw.exe. Real md5: B89B6C8262ACA6654AF4C5C96B00EAD4, Fake md5:
C5A75EB48E2344ABDC162BDA79E16841
16:38:57.0159 10456 clr_optimization_v4.0.30319_32 ( ForgedFile.Multi.Generic )
- warning
16:38:57.0159 10456 clr_optimization_v4.0.30319_32 - detected ForgedFile.Multi.
Generic (1)
16:38:57.0208 10456 [ C2037CCEB132485E72DE44AB2EF6755C ] clr_optimization_v4.0.
k64\v4.0.30319\mscorsvw.exe. Real md5: C2037CCEB132485E72DE44AB2EF6755C, Fake md
5: C6F9AF94DCD58122A4D7E89DB6BED29D
- warning
Generic (1)
16:38:57.0275 10456 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt
C:\Win
dows\system32\DRIVERS\CmBatt.sys
16:38:57.0380 10456 CmBatt - ok
16:38:57.0408 10456 [ E19D3F095812725D88F9001985B94EDD ] cmdide
C:\Win
dows\system32\drivers\cmdide.sys
16:38:57.0424 10456 cmdide - ok
16:38:57.0469 10456 [ 236B2DCD25AB87A4A963B5D894656334 ] CNG
C:\Win
dows\system32\Drivers\cng.sys
16:38:57.0513 10456 Suspicious file (Forged): C:\Windows\system32\Drivers\cng.s
ys. Real md5: 236B2DCD25AB87A4A963B5D894656334, Fake md5: 9AC4F97C2D3E93367E2148
EA940CD2CD
16:38:57.0514 10456 CNG ( ForgedFile.Multi.Generic ) - warning
16:38:57.0514 10456 CNG - detected ForgedFile.Multi.Generic (1)
16:38:57.0543 10456 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt
C:\Win
dows\system32\DRIVERS\compbatt.sys
16:38:57.0593 10456 Compbatt - ok
16:38:57.0640 10456 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus
C:\Win
dows\system32\drivers\CompositeBus.sys
16:38:57.0761 10456 CompositeBus - ok
16:38:57.0766 10456 COMSysApp - ok
16:38:57.0815 10456 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk
C:\Win
dows\system32\DRIVERS\crcdisk.sys
16:38:57.0832 10456 crcdisk - ok
16:38:57.0877 10456 [ 638817CAAAB58D879A2711EF122AEE89 ] CryptSvc
C:\Win
dows\system32\cryptsvc.dll
16:38:57.0903 10456 Suspicious file (Forged): C:\Windows\system32\cryptsvc.dll.
Real md5: 638817CAAAB58D879A2711EF122AEE89, Fake md5: 9C01375BE382E834CC26D1B7E
AF2C4FE
16:38:57.0903 10456 CryptSvc ( ForgedFile.Multi.Generic ) - warning
16:38:57.0903 10456 CryptSvc - detected ForgedFile.Multi.Generic (1)
16:38:57.0945 10456 [ 816DF6F64DEBA63B029CA19D880EE10A ] DcomLaunch
C:\Win
dows\system32\rpcss.dll
16:38:57.0966 10456 Suspicious file (Forged): C:\Windows\system32\rpcss.dll. Re
al md5: 816DF6F64DEBA63B029CA19D880EE10A, Fake md5: 5C627D1B1138676C0A7AB2C2C190
D123
16:38:57.0967 10456 DcomLaunch ( ForgedFile.Multi.Generic ) - warning
16:38:57.0967 10456 DcomLaunch - detected ForgedFile.Multi.Generic (1)
16:38:57.0983 10456 [ 1E30DDE23D301F1191564ACC17FAE198 ] defragsvc
C:\Win
dows\System32\defragsvc.dll
16:38:58.0037 10456 Suspicious file (Forged): C:\Windows\System32\defragsvc.dll
. Real md5: 1E30DDE23D301F1191564ACC17FAE198, Fake md5: 3CEC7631A84943677AA8FA8E
E5B6B43D
16:38:58.0038 10456 defragsvc ( ForgedFile.Multi.Generic ) - warning

16:38:58.0038 10456 defragsvc - detected ForgedFile.Multi.Generic (1)
16:38:58.0086 10456 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC
C:\Win
dows\system32\Drivers\dfsc.sys
16:38:58.0257 10456 DfsC - ok
16:38:58.0311 10456 [ 15B3FF0D22AB9E82E799064B5545CF3D ] Dhcp
C:\Win
dows\system32\dhcpcore.dll
16:38:58.0356 10456 Suspicious file (Forged): C:\Windows\system32\dhcpcore.dll.
Real md5: 15B3FF0D22AB9E82E799064B5545CF3D, Fake md5: 43D808F5D9E1A18E5EEB5EBC8
3969E4E
16:38:58.0357 10456 Dhcp ( ForgedFile.Multi.Generic ) - warning
16:38:58.0357 10456 Dhcp - detected ForgedFile.Multi.Generic (1)
16:38:58.0402 10456 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache
C:\Win
dows\system32\drivers\discache.sys
16:38:58.0539 10456 discache - ok
16:38:58.0583 10456 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk
C:\Win
dows\system32\DRIVERS\disk.sys
16:38:58.0641 10456 Disk - ok
16:38:58.0679 10456 [ 9DE938B56930C5B59AF440E41120853F ] Dnscache
C:\Win
dows\System32\dnsrslvr.dll
16:38:58.0725 10456 Suspicious file (Forged): C:\Windows\System32\dnsrslvr.dll.
Real md5: 9DE938B56930C5B59AF440E41120853F, Fake md5: 16835866AAA693C7D7FCEBA8F
FF706E4
16:38:58.0726 10456 Dnscache ( ForgedFile.Multi.Generic ) - warning
16:38:58.0726 10456 Dnscache - detected ForgedFile.Multi.Generic (1)
16:38:58.0768 10456 [ 6070A8634574510CCE8E9678901AB34A ] dot3svc
C:\Win
dows\System32\dot3svc.dll
16:38:58.0792 10456 Suspicious file (Forged): C:\Windows\System32\dot3svc.dll.
Real md5: 6070A8634574510CCE8E9678901AB34A, Fake md5: B1FB3DDCA0FDF408750D584359
1AFBC6
16:38:58.0793 10456 dot3svc ( ForgedFile.Multi.Generic ) - warning
16:38:58.0793 10456 dot3svc - detected ForgedFile.Multi.Generic (1)
16:38:58.0813 10456 [ E60F81BC7C76D6EB28F5816311B971B6 ] DPS
C:\Win
dows\system32\dps.dll
16:38:58.0831 10456 Suspicious file (Forged): C:\Windows\system32\dps.dll. Real
md5: E60F81BC7C76D6EB28F5816311B971B6, Fake md5: B26F4F737E8F9DF4F31AF6CF31D058
20
16:38:58.0832 10456 DPS ( ForgedFile.Multi.Generic ) - warning
16:38:58.0832 10456 DPS - detected ForgedFile.Multi.Generic (1)
16:38:58.0857 10456 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud
C:\Win
dows\system32\drivers\drmkaud.sys
16:38:58.0968 10456 drmkaud - ok
16:38:59.0015 10456 [ 1920CD1E5C68A76E66BBD16D85861EAA ] DXGKrnl
C:\Win
dows\System32\drivers\dxgkrnl.sys
16:38:59.0099 10456 Suspicious file (Forged): C:\Windows\System32\drivers\dxgkr
nl.sys. Real md5: 1920CD1E5C68A76E66BBD16D85861EAA, Fake md5: AF2E16242AA723F68F
461B6EAE2EAD3D
16:38:59.0102 10456 DXGKrnl ( ForgedFile.Multi.Generic ) - warning
16:38:59.0102 10456 DXGKrnl - detected ForgedFile.Multi.Generic (1)
16:38:59.0126 10456 [ 383DDFAC0F66F023E66EFC8346AE5703 ] e1yexpress
C:\Win
dows\system32\DRIVERS\e1y62x64.sys
16:38:59.0189 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\e1y62
x64.sys. Real md5: 383DDFAC0F66F023E66EFC8346AE5703, Fake md5: 761B9EDD97A021AA1
922501B7A056635
16:38:59.0190 10456 e1yexpress ( ForgedFile.Multi.Generic ) - warning
16:38:59.0190 10456 e1yexpress - detected ForgedFile.Multi.Generic (1)
16:38:59.0224 10456 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost
C:\Win
dows\System32\eapsvc.dll
16:38:59.0407 10456 EapHost - ok
16:38:59.0474 10456 [ 089813CB08A9A6948B7C5CD30B0B55C1 ] ebdrv
C:\Win
dows\system32\DRIVERS\evbda.sys
16:38:59.0763 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\evbda
.sys. Real md5: 089813CB08A9A6948B7C5CD30B0B55C1, Fake md5: DC5D737F51BE844D8C82
C695EB17372F
16:38:59.0789 10456 ebdrv ( ForgedFile.Multi.Generic ) - warning
16:38:59.0789 10456 ebdrv - detected ForgedFile.Multi.Generic (1)
16:38:59.0843 10456 [ C118A82CD78818C29AB228366EBF81C3 ] EFS
C:\Win
dows\System32\lsass.exe
16:39:00.0030 10456 EFS - ok
16:39:00.0128 10456 [ 43AD2E10E31F1AEB60D8296C1B966287 ] ehRecvr
C:\Win
dows\ehome\ehRecvr.exe
16:39:00.0322 10456 Suspicious file (Forged): C:\Windows\ehome\ehRecvr.exe. Rea
l md5: 43AD2E10E31F1AEB60D8296C1B966287, Fake md5: C4002B6B41975F057D98C439030CE
A07
16:39:00.0331 10456 ehRecvr ( ForgedFile.Multi.Generic ) - warning
16:39:00.0331 10456 ehRecvr - detected ForgedFile.Multi.Generic (1)
16:39:00.0361 10456 [ A6761BA0C8FA8DE5851AF7A679112599 ] ehSched
C:\Win
dows\ehome\ehsched.exe
16:39:00.0376 10456 Suspicious file (Forged): C:\Windows\ehome\ehsched.exe. Rea
l md5: A6761BA0C8FA8DE5851AF7A679112599, Fake md5: 4705E8EF9934482C5BB488CE28AFC
681
16:39:00.0376 10456 ehSched ( ForgedFile.Multi.Generic ) - warning
16:39:00.0376 10456 ehSched - detected ForgedFile.Multi.Generic (1)
16:39:00.0396 10456 [ FB016CA5AA7BB5E071CAFB6A0D7BA54B ] elxstor
C:\Win
dows\system32\DRIVERS\elxstor.sys
16:39:00.0448 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\elxst
or.sys. Real md5: FB016CA5AA7BB5E071CAFB6A0D7BA54B, Fake md5: 0E5DA5369A0FCAEA12
456DD852545184
16:39:00.0450 10456 elxstor ( ForgedFile.Multi.Generic ) - warning
16:39:00.0450 10456 elxstor - detected ForgedFile.Multi.Generic (1)
16:39:00.0469 10456 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev
C:\Win
dows\system32\drivers\errdev.sys
16:39:00.0574 10456 ErrDev - ok
16:39:00.0625 10456 [ F94C41F8FA965F031D3E961CD80E5E8F ] EventSystem
C:\Win
dows\system32\es.dll
16:39:00.0642 10456 Suspicious file (Forged): C:\Windows\system32\es.dll. Real
md5: F94C41F8FA965F031D3E961CD80E5E8F, Fake md5: 4166F82BE4D24938977DD1746BE9B8A
0
16:39:00.0644 10456 EventSystem ( ForgedFile.Multi.Generic ) - warning
16:39:00.0644 10456 EventSystem - detected ForgedFile.Multi.Generic (1)
16:39:00.0662 10456 [ FECB77B39816ADA633949F4E27BC6026 ] exfat
C:\Win
dows\system32\drivers\exfat.sys
16:39:00.0711 10456 Suspicious file (Forged): C:\Windows\system32\drivers\exfat
.sys. Real md5: FECB77B39816ADA633949F4E27BC6026, Fake md5: A510C654EC00C1E9BDD9
1EEB3A59823B
16:39:00.0711 10456 exfat ( ForgedFile.Multi.Generic ) - warning
16:39:00.0711 10456 exfat - detected ForgedFile.Multi.Generic (1)
16:39:00.0716 10456 [ C522C1DB31CC1F90B5D21992FD30E2AB ] fastfat
C:\Win
dows\system32\drivers\fastfat.sys
16:39:00.0744 10456 Suspicious file (Forged): C:\Windows\system32\drivers\fastf
at.sys. Real md5: C522C1DB31CC1F90B5D21992FD30E2AB, Fake md5: 0ADC83218B66A6DB38
0C330836F3E36D
16:39:00.0746 10456 fastfat ( ForgedFile.Multi.Generic ) - warning
16:39:00.0746 10456 fastfat - detected ForgedFile.Multi.Generic (1)
16:39:00.0799 10456 [ 9159A2D73D2B652D6EF06B82F4ACCFFE ] Fax
C:\Win
dows\system32\fxssvc.exe
16:39:00.0866 10456 Suspicious file (Forged): C:\Windows\system32\fxssvc.exe. R
eal md5: 9159A2D73D2B652D6EF06B82F4ACCFFE, Fake md5: DBEFD454F8318A0EF691FDD2EAA
B44EB
16:39:00.0868 10456 Fax ( ForgedFile.Multi.Generic ) - warning
16:39:00.0869 10456 Fax - detected ForgedFile.Multi.Generic (1)

16:39:00.0913 10456 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc
C:\Win
dows\system32\DRIVERS\fdc.sys
16:39:01.0030 10456 fdc - ok
16:39:01.0103 10456 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost
C:\Win
dows\system32\fdPHost.dll
16:39:01.0272 10456 fdPHost - ok
16:39:01.0340 10456 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub
C:\Win
dows\system32\fdrespub.dll
16:39:01.0489 10456 FDResPub - ok
16:39:01.0592 10456 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo
C:\Win
dows\system32\drivers\fileinfo.sys
16:39:01.0665 10456 FileInfo - ok
16:39:01.0700 10456 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace
C:\Win
dows\system32\drivers\filetrace.sys
16:39:01.0883 10456 Filetrace - ok
16:39:01.0914 10456 [ B42C4F2962EA4EBEEC994F14B1EA54F4 ] FLEXnet Licensing Serv
ice C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNP
LicensingService.exe
16:39:01.0973 10456 Suspicious file (Forged): C:\Program Files (x86)\Common Fil
es\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe. Real md5: B42C4
F2962EA4EBEEC994F14B1EA54F4, Fake md5: F76D04F7413B07DAA029F6520B64B4E8
16:39:01.0975 10456 FLEXnet Licensing Service ( ForgedFile.Multi.Generic ) - wa
rning
16:39:01.0975 10456 FLEXnet Licensing Service - detected ForgedFile.Multi.Gener
ic (1)
16:39:01.0999 10456 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk
C:\Win
dows\system32\DRIVERS\flpydisk.sys
16:39:02.0122 10456 flpydisk - ok
16:39:02.0155 10456 [ B85308A9694F3BF948499DEE870D47F7 ] FltMgr
C:\Win
dows\system32\drivers\fltmgr.sys
16:39:02.0207 10456 Suspicious file (Forged): C:\Windows\system32\drivers\fltmg
r.sys. Real md5: B85308A9694F3BF948499DEE870D47F7, Fake md5: DA6B67270FD9DB3697B
20FCE94950741
16:39:02.0208 10456 FltMgr ( ForgedFile.Multi.Generic ) - warning
16:39:02.0208 10456 FltMgr - detected ForgedFile.Multi.Generic (1)
16:39:02.0242 10456 [ CF83178C3B5A40F892BAF8C4E1CA8C7F ] FontCache
C:\Win
dows\system32\FntCache.dll
16:39:02.0356 10456 Suspicious file (Forged): C:\Windows\system32\FntCache.dll.
Real md5: CF83178C3B5A40F892BAF8C4E1CA8C7F, Fake md5: C4C183E6551084039EC862DA1
C945E3D
16:39:02.0360 10456 FontCache ( ForgedFile.Multi.Generic ) - warning
16:39:02.0360 10456 FontCache - detected ForgedFile.Multi.Generic (1)
16:39:02.0424 10456 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Wi
ndows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:02.0506 10456 FontCache3.0.0.0 - ok
16:39:02.0536 10456 [ D43703496149971890703B4B1B723EAC ] FsDepends
C:\Win
dows\system32\drivers\FsDepends.sys
16:39:02.0571 10456 FsDepends - ok
16:39:02.0623 10456 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec
C:\Win
dows\system32\drivers\Fs_Rec.sys
16:39:02.0644 10456 Fs_Rec - ok
16:39:02.0671 10456 [ 8A3254F809D1551A0C900A176B02E1CF ] fvevol
C:\Win
dows\system32\DRIVERS\fvevol.sys
16:39:02.0688 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\fvevo
l.sys. Real md5: 8A3254F809D1551A0C900A176B02E1CF, Fake md5: 8F6322049018354F45F
05A2FD2D4E5E0
16:39:02.0688 10456 fvevol ( ForgedFile.Multi.Generic ) - warning
16:39:02.0688 10456 fvevol - detected ForgedFile.Multi.Generic (1)
16:39:02.0720 10456 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx
C:\Win
dows\system32\DRIVERS\gagp30kx.sys
16:39:02.0757 10456 gagp30kx - ok
16:39:02.0820 10456 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM
C:\Win
dows\system32\DRIVERS\GEARAspiWDM.sys
16:39:02.0906 10456 GEARAspiWDM - ok
16:39:02.0939 10456 [ 7E31A55776827C483B057B22D5697EFC ] gpsvc
C:\Win
dows\System32\gpsvc.dll
16:39:02.0994 10456 Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Re
al md5: 7E31A55776827C483B057B22D5697EFC, Fake md5: 277BBC7E1AA1EE957F573A10ECA7
EF3A
16:39:02.0996 10456 gpsvc ( ForgedFile.Multi.Generic ) - warning
16:39:02.0996 10456 gpsvc - detected ForgedFile.Multi.Generic (1)
16:39:03.0046 10456 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdate
C:\Pro
gram Files (x86)\Google\Update\GoogleUpdate.exe
16:39:03.0063 10456 Suspicious file (Forged): C:\Program Files (x86)\Google\Upd
ate\GoogleUpdate.exe. Real md5: E6FE1D6D33D67FD0288E02B40FC97C86, Fake md5: F02A
533F517EB38333CB12A9E8963773
16:39:03.0063 10456 gupdate ( ForgedFile.Multi.Generic ) - warning
16:39:03.0063 10456 gupdate - detected ForgedFile.Multi.Generic (1)
16:39:03.0076 10456 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdatem
C:\Pro
533F517EB38333CB12A9E8963773
16:39:03.0088 10456 gupdatem ( ForgedFile.Multi.Generic ) - warning
16:39:03.0088 10456 gupdatem - detected ForgedFile.Multi.Generic (1)
16:39:03.0134 10456 [ 5F9A0013AB787BCFA38523CE57749A61 ] gusvc
C:\Pro
gram Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:39:03.0222 10456 Suspicious file (Forged): C:\Program Files (x86)\Google\Com
mon\Google Updater\GoogleUpdaterService.exe. Real md5: 5F9A0013AB787BCFA38523CE5
7749A61, Fake md5: 5D4BC124FAAE6730AC002CDB67BF1A1C
16:39:03.0222 10456 gusvc ( ForgedFile.Multi.Generic ) - warning
16:39:03.0222 10456 gusvc - detected ForgedFile.Multi.Generic (1)
16:39:03.0279 10456 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir
C:\Win
dows\system32\drivers\hcw85cir.sys
16:39:03.0452 10456 hcw85cir - ok
16:39:03.0486 10456 [ F8BF7AC80F6F693FB61227358B524761 ] HdAudAddService C:\Win
dows\system32\drivers\HdAudio.sys
16:39:03.0523 10456 Suspicious file (Forged): C:\Windows\system32\drivers\HdAud
io.sys. Real md5: F8BF7AC80F6F693FB61227358B524761, Fake md5: 975761C778E33CD224
98059B91E7373A
16:39:03.0524 10456 HdAudAddService ( ForgedFile.Multi.Generic ) - warning
16:39:03.0524 10456 HdAudAddService - detected ForgedFile.Multi.Generic (1)
16:39:03.0565 10456 [ B76CD2B5E058BD7EBDF2C164DAD1351A ] HDAudBus
C:\Win
dows\system32\drivers\HDAudBus.sys
16:39:03.0577 10456 Suspicious file (Forged): C:\Windows\system32\drivers\HDAud
Bus.sys. Real md5: B76CD2B5E058BD7EBDF2C164DAD1351A, Fake md5: 97BFED39B6B79EB12
CDDBFEED51F56BB
16:39:03.0577 10456 HDAudBus ( ForgedFile.Multi.Generic ) - warning
16:39:03.0577 10456 HDAudBus - detected ForgedFile.Multi.Generic (1)
16:39:03.0608 10456 [ E91AFF2610114CCAEBB90D4D991BB6B2 ] HECIx64
C:\Win
dows\system32\DRIVERS\HECIx64.sys
16:39:03.0680 10456 HECIx64 - ok
16:39:03.0708 10456 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt
C:\Win
dows\system32\DRIVERS\HidBatt.sys
16:39:03.0838 10456 HidBatt - ok
16:39:03.0874 10456 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth
C:\Win
dows\system32\DRIVERS\hidbth.sys
16:39:03.0967 10456 HidBth - ok
16:39:04.0029 10456 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr
C:\Win
dows\system32\DRIVERS\hidir.sys
16:39:04.0086 10456 HidIr - ok
16:39:04.0144 10456 [ AC3F07FD9A21419ADB46321291DE3DE3 ] hidkmdf
C:\Win
dows\system32\DRIVERS\hidkmdf.sys
16:39:04.0184 10456 hidkmdf - ok
16:39:04.0228 10456 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv
C:\Win
dows\system32\hidserv.dll
16:39:04.0415 10456 hidserv - ok
16:39:04.0474 10456 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb
C:\Win
dows\system32\DRIVERS\hidusb.sys
16:39:04.0546 10456 HidUsb - ok
16:39:04.0610 10456 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc
C:\Win
dows\system32\kmsvc.dll
16:39:04.0812 10456 hkmsvc - ok
16:39:04.0873 10456 [ 8B559828B6A296145C2C31C58D19C600 ] HomeGroupListener C:\W
indows\system32\ListSvc.dll
16:39:04.0932 10456 Suspicious file (Forged): C:\Windows\system32\ListSvc.dll.
Real md5: 8B559828B6A296145C2C31C58D19C600, Fake md5: EFDFB3DD38A4376F93E7985173
813ABD
16:39:04.0933 10456 HomeGroupListener ( ForgedFile.Multi.Generic ) - warning
16:39:04.0933 10456 HomeGroupListener - detected ForgedFile.Multi.Generic (1)
16:39:04.0961 10456 [ 918736048677CDEC5B9BE220905FB89D ] HomeGroupProvider C:\W
indows\system32\provsvc.dll
16:39:04.0981 10456 Suspicious file (Forged): C:\Windows\system32\provsvc.dll.
Real md5: 918736048677CDEC5B9BE220905FB89D, Fake md5: 908ACB1F594274965A53926B10
C81E89
16:39:04.0982 10456 HomeGroupProvider ( ForgedFile.Multi.Generic ) - warning
16:39:04.0982 10456 HomeGroupProvider - detected ForgedFile.Multi.Generic (1)
16:39:05.0015 10456 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD
C:\Win
dows\system32\drivers\HpSAMD.sys
16:39:05.0057 10456 HpSAMD - ok
16:39:05.0106 10456 [ C5FA6E35D7309D231A2CCF00E2785DF2 ] HTTP
C:\Win
dows\system32\drivers\HTTP.sys
16:39:05.0127 10456 Suspicious file (Forged): C:\Windows\system32\drivers\HTTP.
sys. Real md5: C5FA6E35D7309D231A2CCF00E2785DF2, Fake md5: 0EA7DE1ACB728DD5A369F
D742D6EEE28
16:39:05.0129 10456 HTTP ( ForgedFile.Multi.Generic ) - warning
16:39:05.0129 10456 HTTP - detected ForgedFile.Multi.Generic (1)
16:39:05.0174 10456 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy
C:\Win
dows\system32\drivers\hwpolicy.sys
16:39:05.0201 10456 hwpolicy - ok
16:39:05.0244 10456 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt
C:\Win
dows\system32\drivers\i8042prt.sys
16:39:05.0338 10456 i8042prt - ok
16:39:05.0358 10456 [ CF2A71080A02FDB14CC54E7ECF380877 ] iaStorV
C:\Win
dows\system32\drivers\iaStorV.sys
16:39:05.0420 10456 Suspicious file (Forged): C:\Windows\system32\drivers\iaSto
rV.sys. Real md5: CF2A71080A02FDB14CC54E7ECF380877, Fake md5: AAAF44DB3BD0B9D1FB
6969B23ECC8366
16:39:05.0421 10456 iaStorV ( ForgedFile.Multi.Generic ) - warning
16:39:05.0421 10456 iaStorV - detected ForgedFile.Multi.Generic (1)
16:39:05.0473 10456 [ 7C9915F74F4938AFDA8AEECB55D2CEF8 ] idsvc
C:\Win
dows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.ex
e
k64\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 7C9915F74F4938
AFDA8AEECB55D2CEF8, Fake md5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
16:39:05.0541 10456 idsvc ( ForgedFile.Multi.Generic ) - warning
16:39:05.0541 10456 idsvc - detected ForgedFile.Multi.Generic (1)
16:39:05.0580 10456 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp
C:\Win
dows\system32\DRIVERS\iirsp.sys
16:39:05.0607 10456 iirsp - ok
16:39:05.0657 10456 [ C537780F4E20DC2035D308F3487174D9 ] IKEEXT
C:\Win
dows\System32\ikeext.dll
16:39:05.0706 10456 Suspicious file (Forged): C:\Windows\System32\ikeext.dll. R
eal md5: C537780F4E20DC2035D308F3487174D9, Fake md5: FCD84C381E0140AF901E58D4888
2D26B
16:39:05.0708 10456 IKEEXT ( ForgedFile.Multi.Generic ) - warning
16:39:05.0709 10456 IKEEXT - detected ForgedFile.Multi.Generic (1)
16:39:05.0778 10456 [ 2C5C11C2364955FA7F07B6920E1A66B3 ] IntcAzAudAddService C:
\Windows\system32\drivers\RTKVHD64.sys
16:39:05.0962 10456 Suspicious file (Forged): C:\Windows\system32\drivers\RTKVH
D64.sys. Real md5: 2C5C11C2364955FA7F07B6920E1A66B3, Fake md5: B16FC828CE7A76A8F
1CE682E6EAD2627
16:39:05.0968 10456 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
16:39:05.0968 10456 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
16:39:06.0010 10456 [ F00F20E70C6EC3AA366910083A0518AA ] intelide
C:\Win
dows\system32\drivers\intelide.sys
16:39:06.0040 10456 intelide - ok
16:39:06.0073 10456 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm
C:\Win
dows\system32\DRIVERS\intelppm.sys
16:39:06.0130 10456 intelppm - ok
16:39:06.0158 10456 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum
C:\Win
dows\system32\ipbusenum.dll
16:39:06.0303 10456 IPBusEnum - ok
16:39:06.0381 10456 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Win
dows\system32\DRIVERS\ipfltdrv.sys
16:39:06.0759 10456 IpFilterDriver - ok
16:39:06.0835 10456 [ 9D11046130DC3A861A5143631BC5BBDD ] iphlpsvc
C:\Win
dows\System32\iphlpsvc.dll
16:39:06.0867 10456 Suspicious file (Forged): C:\Windows\System32\iphlpsvc.dll.
Real md5: 9D11046130DC3A861A5143631BC5BBDD, Fake md5: 08C2957BB30058E663720C560
6885653
16:39:06.0869 10456 iphlpsvc ( ForgedFile.Multi.Generic ) - warning
16:39:06.0869 10456 iphlpsvc - detected ForgedFile.Multi.Generic (1)
16:39:06.0902 10456 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV
C:\Win
dows\system32\drivers\IPMIDrv.sys
16:39:07.0011 10456 IPMIDRV - ok
16:39:07.0036 10456 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT
C:\Win
dows\system32\drivers\ipnat.sys
16:39:07.0204 10456 IPNAT - ok
16:39:07.0262 10456 [ CFDD4A8C76A0848EB3A97793ACC3BF09 ] iPod Service
C:\Pro
gram Files\iPod\bin\iPodService.exe
16:39:07.0305 10456 Suspicious file (Forged): C:\Program Files\iPod\bin\iPodSer
vice.exe. Real md5: CFDD4A8C76A0848EB3A97793ACC3BF09, Fake md5: 4EFFC8FF6D349E97
1E94B1C670C0C66A
16:39:07.0308 10456 iPod Service ( ForgedFile.Multi.Generic ) - warning
16:39:07.0308 10456 iPod Service - detected ForgedFile.Multi.Generic (1)
16:39:07.0351 10456 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM
C:\Win
dows\system32\drivers\irenum.sys
16:39:07.0504 10456 IRENUM - ok
16:39:07.0550 10456 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp
C:\Win
dows\system32\drivers\isapnp.sys
16:39:07.0587 10456 isapnp - ok
16:39:07.0621 10456 [ 143ED63F0DA9D94E78099906D37FBA62 ] iScsiPrt
C:\Win
dows\system32\drivers\msiscsi.sys
16:39:07.0670 10456 Suspicious file (Forged): C:\Windows\system32\drivers\msisc
si.sys. Real md5: 143ED63F0DA9D94E78099906D37FBA62, Fake md5: D931D7309DEB231703
5B07C9F9E6B0BD
16:39:07.0670 10456 iScsiPrt ( ForgedFile.Multi.Generic ) - warning
16:39:07.0670 10456 iScsiPrt - detected ForgedFile.Multi.Generic (1)

16:39:07.0697 10456 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr
c:\Pro
gram Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:39:07.0740 10456 IviRegMgr - ok
16:39:07.0768 10456 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass
C:\Win
dows\system32\DRIVERS\kbdclass.sys
16:39:07.0823 10456 kbdclass - ok
16:39:07.0854 10456 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid
C:\Win
dows\system32\DRIVERS\kbdhid.sys
16:39:07.0961 10456 kbdhid - ok
16:39:07.0992 10456 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso
C:\Win
dows\system32\lsass.exe
16:39:08.0013 10456 KeyIso - ok
16:39:08.0059 10456 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD
C:\Win
dows\system32\Drivers\ksecdd.sys
16:39:08.0102 10456 KSecDD - ok
16:39:08.0132 10456 [ 54FB419B56B3BD239C23F356264404AC ] KSecPkg
C:\Win
dows\system32\Drivers\ksecpkg.sys
16:39:08.0166 10456 Suspicious file (Forged): C:\Windows\system32\Drivers\ksecp
kg.sys. Real md5: 54FB419B56B3BD239C23F356264404AC, Fake md5: 26C43A7C2862447EC5
9DEDA188D1DA07
16:39:08.0167 10456 KSecPkg ( ForgedFile.Multi.Generic ) - warning
16:39:08.0167 10456 KSecPkg - detected ForgedFile.Multi.Generic (1)
16:39:08.0192 10456 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk
C:\Win
dows\system32\drivers\ksthunk.sys
16:39:08.0383 10456 ksthunk - ok
16:39:08.0432 10456 [ 32975E1A2D10A360331DE84682371277 ] KtmRm
C:\Win
dows\system32\msdtckrm.dll
16:39:08.0471 10456 Suspicious file (Forged): C:\Windows\system32\msdtckrm.dll.
Real md5: 32975E1A2D10A360331DE84682371277, Fake md5: 6AB66E16AA859232F64DEB668
87A8C9C
16:39:08.0473 10456 KtmRm ( ForgedFile.Multi.Generic ) - warning
16:39:08.0473 10456 KtmRm - detected ForgedFile.Multi.Generic (1)
16:39:08.0513 10456 [ 4BD20FA0B73B61D8415C27807475929B ] LanmanServer
C:\Win
dows\system32\srvsvc.dll
16:39:08.0546 10456 Suspicious file (Forged): C:\Windows\system32\srvsvc.dll. R
eal md5: 4BD20FA0B73B61D8415C27807475929B, Fake md5: D9F42719019740BAA6D1C6D536C
BDAA6
16:39:08.0547 10456 LanmanServer ( ForgedFile.Multi.Generic ) - warning
16:39:08.0547 10456 LanmanServer - detected ForgedFile.Multi.Generic (1)
16:39:08.0598 10456 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\W
indows\System32\wkssvc.dll
16:39:08.0814 10456 LanmanWorkstation - ok
16:39:08.0894 10456 [ 1538831CF8AD2979A04C423779465827 ] lltdio
C:\Win
dows\system32\DRIVERS\lltdio.sys
16:39:09.0062 10456 lltdio - ok
16:39:09.0105 10456 [ 6D532F61A64CCFCDA3EE9616674E7C3B ] lltdsvc
C:\Win
dows\System32\lltdsvc.dll
16:39:09.0136 10456 Suspicious file (Forged): C:\Windows\System32\lltdsvc.dll.
Real md5: 6D532F61A64CCFCDA3EE9616674E7C3B, Fake md5: C1185803384AB3FEED115F79F1
09427F
16:39:09.0137 10456 lltdsvc ( ForgedFile.Multi.Generic ) - warning
16:39:09.0137 10456 lltdsvc - detected ForgedFile.Multi.Generic (1)
16:39:09.0170 10456 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts
C:\Win
dows\System32\lmhsvc.dll
16:39:09.0354 10456 lmhosts - ok
16:39:09.0422 10456 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC
C:\Win
dows\system32\DRIVERS\lsi_fc.sys
16:39:09.0482 10456 LSI_FC - ok
16:39:09.0507 10456 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS
C:\Win
dows\system32\DRIVERS\lsi_sas.sys
16:39:09.0546 10456 LSI_SAS - ok
16:39:09.0568 10456 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2
C:\Win
dows\system32\DRIVERS\lsi_sas2.sys
16:39:09.0586 10456 LSI_SAS2 - ok
16:39:09.0611 10456 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI
C:\Win
dows\system32\DRIVERS\lsi_scsi.sys
16:39:09.0654 10456 LSI_SCSI - ok
16:39:09.0701 10456 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv
C:\Win
dows\system32\drivers\luafv.sys
16:39:09.0867 10456 luafv - ok
16:39:09.0940 10456 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc
C:\Win
dows\system32\Mcx2Svc.dll
16:39:10.0069 10456 Mcx2Svc - ok
16:39:10.0106 10456 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas
C:\Win
dows\system32\DRIVERS\megasas.sys
16:39:10.0140 10456 megasas - ok
16:39:10.0146 10456 [ A2BD129C8B7E87EA4DA821D729F177BB ] MegaSR
C:\Win
dows\system32\DRIVERS\MegaSR.sys
16:39:10.0197 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\MegaS
R.sys. Real md5: A2BD129C8B7E87EA4DA821D729F177BB, Fake md5: BAF74CE0072480C3B6B
7C13B2A94D6B3
16:39:10.0197 10456 MegaSR ( ForgedFile.Multi.Generic ) - warning
16:39:10.0198 10456 MegaSR - detected ForgedFile.Multi.Generic (1)
16:39:10.0255 10456 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS
C:\Win
dows\system32\mmcss.dll
16:39:10.0387 10456 MMCSS - ok
16:39:10.0449 10456 [ 800BA92F7010378B09F9ED9270F07137 ] Modem
C:\Win
dows\system32\drivers\modem.sys
16:39:10.0619 10456 Modem - ok
16:39:10.0668 10456 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor
C:\Win
dows\system32\DRIVERS\monitor.sys
16:39:10.0811 10456 monitor - ok
16:39:10.0856 10456 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass
C:\Win
dows\system32\DRIVERS\mouclass.sys
16:39:10.0906 10456 mouclass - ok
16:39:10.0951 10456 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid
C:\Win
dows\system32\DRIVERS\mouhid.sys
16:39:11.0079 10456 mouhid - ok
16:39:11.0124 10456 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr
C:\Win
dows\system32\drivers\mountmgr.sys
16:39:11.0136 10456 mountmgr - ok
16:39:11.0231 10456 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\
Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:39:11.0281 10456 MozillaMaintenance - ok
16:39:11.0327 10456 [ EEA6C7E32D7FA992B5E9C5C84643A57E ] mpio
C:\Win
dows\system32\drivers\mpio.sys
16:39:11.0375 10456 Suspicious file (Forged): C:\Windows\system32\drivers\mpio.
sys. Real md5: EEA6C7E32D7FA992B5E9C5C84643A57E, Fake md5: A44B420D30BD56E145D6A
2BC8768EC58
16:39:11.0375 10456 mpio ( ForgedFile.Multi.Generic ) - warning
16:39:11.0375 10456 mpio - detected ForgedFile.Multi.Generic (1)
16:39:11.0418 10456 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv
C:\Win
dows\system32\drivers\mpsdrv.sys
16:39:11.0596 10456 mpsdrv - ok
16:39:11.0614 10456 [ 6EC25B77CCC50CFA1F762C0EF9285635 ] MpsSvc
C:\Win
dows\system32\mpssvc.dll
16:39:11.0738 10456 Suspicious file (Forged): C:\Windows\system32\mpssvc.dll. R
eal md5: 6EC25B77CCC50CFA1F762C0EF9285635, Fake md5: 54FFC9C8898113ACE189D4AA719
9D2C1
16:39:11.0741 10456 MpsSvc ( ForgedFile.Multi.Generic ) - warning

16:39:11.0741 10456 MpsSvc - detected ForgedFile.Multi.Generic (1)
16:39:11.0785 10456 [ 370197CD43319BA40CCE4FC6DDF047B7 ] MRxDAV
C:\Win
dows\system32\drivers\mrxdav.sys
16:39:11.0933 10456 Suspicious file (Forged): C:\Windows\system32\drivers\mrxda
v.sys. Real md5: 370197CD43319BA40CCE4FC6DDF047B7, Fake md5: DC722758B8261E1ABAF
D31A3C0A66380
16:39:11.0958 10456 MRxDAV ( ForgedFile.Multi.Generic ) - warning
16:39:11.0958 10456 MRxDAV - detected ForgedFile.Multi.Generic (1)
16:39:11.0994 10456 [ 16AEFF7419654FA2B10C1D42AA290AFD ] mrxsmb
C:\Win
dows\system32\DRIVERS\mrxsmb.sys
16:39:12.0020 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\mrxsm
b.sys. Real md5: 16AEFF7419654FA2B10C1D42AA290AFD, Fake md5: A5D9106A73DC88564C8
25D317CAC68AC
16:39:12.0021 10456 mrxsmb ( ForgedFile.Multi.Generic ) - warning
16:39:12.0021 10456 mrxsmb - detected ForgedFile.Multi.Generic (1)
16:39:12.0049 10456 [ E44601A4B7F19AB2F9AAB27B7FC435EA ] mrxsmb10
C:\Win
dows\system32\DRIVERS\mrxsmb10.sys
b10.sys. Real md5: E44601A4B7F19AB2F9AAB27B7FC435EA, Fake md5: D711B3C1D5F42C0C2
415687BE09FC163
16:39:12.0078 10456 mrxsmb10 ( ForgedFile.Multi.Generic ) - warning
16:39:12.0078 10456 mrxsmb10 - detected ForgedFile.Multi.Generic (1)
16:39:12.0083 10456 [ 05DBBD20D38DEC7598E4AE3E255200AD ] mrxsmb20
C:\Win
b20.sys. Real md5: 05DBBD20D38DEC7598E4AE3E255200AD, Fake md5: 9423E9D355C8D303E
76B8CFBD8A5C30C
16:39:12.0165 10456 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci
C:\Win
dows\system32\drivers\msahci.sys
16:39:12.0206 10456 msahci - ok
16:39:12.0244 10456 [ 3D41AEB931541ACC9BEB8F4DF8BF79ED ] msdsm
C:\Win
dows\system32\drivers\msdsm.sys
16:39:12.0281 10456 Suspicious file (Forged): C:\Windows\system32\drivers\msdsm
.sys. Real md5: 3D41AEB931541ACC9BEB8F4DF8BF79ED, Fake md5: DB801A638D011B963382
9EB6F663C900
16:39:12.0281 10456 msdsm ( ForgedFile.Multi.Generic ) - warning
16:39:12.0281 10456 msdsm - detected ForgedFile.Multi.Generic (1)
16:39:12.0303 10456 [ 540CAC69CD8A592E498822E3C4B0A6A8 ] MSDTC
C:\Win
dows\System32\msdtc.exe
16:39:12.0323 10456 Suspicious file (Forged): C:\Windows\System32\msdtc.exe. Re
al md5: 540CAC69CD8A592E498822E3C4B0A6A8, Fake md5: DE0ECE52236CFA3ED2DBFC03F282
53A8
16:39:12.0324 10456 MSDTC ( ForgedFile.Multi.Generic ) - warning
16:39:12.0324 10456 MSDTC - detected ForgedFile.Multi.Generic (1)
16:39:12.0392 10456 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs
C:\Win
dows\system32\drivers\Msfs.sys
16:39:12.0545 10456 Msfs - ok
16:39:12.0599 10456 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf
C:\Win
dows\System32\drivers\mshidkmdf.sys
16:39:12.0765 10456 mshidkmdf - ok
16:39:12.0814 10456 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv
C:\Win
dows\system32\drivers\msisadrv.sys
16:39:12.0872 10456 msisadrv - ok
16:39:12.0902 10456 [ 44740F88A09C8BE6A556EA97998BE1C2 ] MSiSCSI
C:\Win
dows\system32\iscsiexe.dll
16:39:12.0919 10456 Suspicious file (Forged): C:\Windows\system32\iscsiexe.dll.
Real md5: 44740F88A09C8BE6A556EA97998BE1C2, Fake md5: 808E98FF49B155C522E640095
3177B08
16:39:12.0919 10456 MSiSCSI ( ForgedFile.Multi.Generic ) - warning
16:39:12.0919 10456 MSiSCSI - detected ForgedFile.Multi.Generic (1)
16:39:12.0923 10456 msiserver - ok
16:39:12.0970 10456 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV
C:\Win
dows\system32\drivers\MSKSSRV.sys
16:39:13.0149 10456 MSKSSRV - ok
16:39:13.0214 10456 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK
C:\Win
dows\system32\drivers\MSPCLOCK.sys
16:39:13.0371 10456 MSPCLOCK - ok
16:39:13.0424 10456 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM
C:\Win
dows\system32\drivers\MSPQM.sys
16:39:13.0597 10456 MSPQM - ok
16:39:13.0649 10456 [ 8137DA33C5BC9A8969959FF84CB8CC45 ] MsRPC
C:\Win
dows\system32\drivers\MsRPC.sys
16:39:13.0677 10456 Suspicious file (Forged): C:\Windows\system32\drivers\MsRPC
.sys. Real md5: 8137DA33C5BC9A8969959FF84CB8CC45, Fake md5: 759A9EEB0FA9ED79DA1F
B7D4EF78866D
16:39:13.0678 10456 MsRPC ( ForgedFile.Multi.Generic ) - warning
16:39:13.0678 10456 MsRPC - detected ForgedFile.Multi.Generic (1)
16:39:13.0724 10456 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios
C:\Win
dows\system32\drivers\mssmbios.sys
16:39:13.0740 10456 mssmbios - ok
16:39:13.0808 10456 MSSQL$MSSMLBIZ - ok
16:39:13.0839 10456 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:
\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:39:13.0885 10456 MSSQLServerADHelper - ok
16:39:13.0934 10456 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE
C:\Win
dows\system32\drivers\MSTEE.sys
16:39:14.0112 10456 MSTEE - ok
16:39:14.0178 10456 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig
C:\Win
dows\system32\DRIVERS\MTConfig.sys
16:39:14.0296 10456 MTConfig - ok
16:39:14.0341 10456 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup
C:\Win
dows\system32\Drivers\mup.sys
16:39:14.0384 10456 Mup - ok
16:39:14.0420 10456 [ B07B990A533EBEC7C943EAFD5B9D237D ] napagent
C:\Win
dows\system32\qagentRT.dll
16:39:14.0447 10456 Suspicious file (Forged): C:\Windows\system32\qagentRT.dll.
Real md5: B07B990A533EBEC7C943EAFD5B9D237D, Fake md5: 582AC6D9873E31DFA28A45472
70862DD
16:39:14.0448 10456 napagent ( ForgedFile.Multi.Generic ) - warning
16:39:14.0448 10456 napagent - detected ForgedFile.Multi.Generic (1)
16:39:14.0466 10456 [ E0D96589868533C98B2DBBD4E15B2A2A ] NativeWifiP
C:\Win
dows\system32\DRIVERS\nwifi.sys
16:39:14.0508 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nwifi
.sys. Real md5: E0D96589868533C98B2DBBD4E15B2A2A, Fake md5: 1EA3749C4114DB3E3161
156FFFFA6B33
16:39:14.0509 10456 NativeWifiP ( ForgedFile.Multi.Generic ) - warning
16:39:14.0509 10456 NativeWifiP - detected ForgedFile.Multi.Generic (1)
16:39:14.0535 10456 [ AA6CF591DBBAD99F0FBD222BC233516D ] NDIS
C:\Win
dows\system32\drivers\ndis.sys
16:39:14.0558 10456 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.
sys. Real md5: AA6CF591DBBAD99F0FBD222BC233516D, Fake md5: 760E38053BF56E501D562
B70AD796B88
16:39:14.0561 10456 NDIS ( ForgedFile.Multi.Generic ) - warning
16:39:14.0562 10456 NDIS - detected ForgedFile.Multi.Generic (1)
16:39:14.0580 10456 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap
C:\Win
dows\system32\DRIVERS\ndiscap.sys
16:39:14.0770 10456 NdisCap - ok
16:39:14.0822 10456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi

C:\Win
dows\system32\DRIVERS\ndistapi.sys
16:39:14.0987 10456 NdisTapi - ok
16:39:15.0067 10456 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio
C:\Win
dows\system32\DRIVERS\ndisuio.sys
16:39:15.0237 10456 Ndisuio - ok
16:39:15.0275 10456 [ 9C9F0B32E25EA08A1DB7E4175A9F2DEB ] NdisWan
C:\Win
dows\system32\DRIVERS\ndiswan.sys
16:39:15.0299 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ndisw
an.sys. Real md5: 9C9F0B32E25EA08A1DB7E4175A9F2DEB, Fake md5: 53F7305169863F0A2B
DDC49E116C2E11
16:39:15.0299 10456 NdisWan ( ForgedFile.Multi.Generic ) - warning
16:39:15.0299 10456 NdisWan - detected ForgedFile.Multi.Generic (1)
16:39:15.0354 10456 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy
C:\Win
dows\system32\drivers\NDProxy.sys
16:39:15.0548 10456 NDProxy - ok
16:39:15.0585 10456 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS
C:\Win
dows\system32\DRIVERS\netbios.sys
16:39:15.0763 10456 NetBIOS - ok
16:39:15.0827 10456 [ C716F948F1CC2F3E4EA170B4BC1BDD62 ] NetBT
C:\Win
dows\system32\DRIVERS\netbt.sys
16:39:15.0844 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt
.sys. Real md5: C716F948F1CC2F3E4EA170B4BC1BDD62, Fake md5: 09594D1089C523423B32
A4229263F068
16:39:15.0845 10456 NetBT ( ForgedFile.Multi.Generic ) - warning
16:39:15.0845 10456 NetBT - detected ForgedFile.Multi.Generic (1)
16:39:15.0867 10456 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon
C:\Win
16:39:15.0896 10456 Netlogon - ok
16:39:15.0908 10456 [ C732877313B5D1F756829298C582E151 ] Netman
C:\Win
dows\System32\netman.dll
16:39:15.0953 10456 Suspicious file (Forged): C:\Windows\System32\netman.dll. R
eal md5: C732877313B5D1F756829298C582E151, Fake md5: 847D3AE376C0817161A14A82C89
22A9E
16:39:15.0954 10456 Netman ( ForgedFile.Multi.Generic ) - warning
16:39:15.0954 10456 Netman - detected ForgedFile.Multi.Generic (1)
16:39:15.0962 10456 [ 1E0ACBAFECBB719402A4E419F83860D6 ] netprofm
C:\Win
dows\System32\netprofm.dll
16:39:15.0986 10456 Suspicious file (Forged): C:\Windows\System32\netprofm.dll.
Real md5: 1E0ACBAFECBB719402A4E419F83860D6, Fake md5: 5F28111C648F1E24F7DBC87CD
EB091B8
16:39:15.0987 10456 netprofm ( ForgedFile.Multi.Generic ) - warning
16:39:15.0987 10456 netprofm - detected ForgedFile.Multi.Generic (1)
16:39:16.0020 10456 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\W
indows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost
.exe
16:39:16.0072 10456 NetTcpPortSharing - ok
16:39:16.0106 10456 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960
C:\Win
dows\system32\DRIVERS\nfrd960.sys
16:39:16.0145 10456 nfrd960 - ok
16:39:16.0193 10456 [ 80C9F3C4C44CD6012CAACC6E829AB935 ] NlaSvc
C:\Win
dows\System32\nlasvc.dll
16:39:16.0261 10456 Suspicious file (Forged): C:\Windows\System32\nlasvc.dll. R
eal md5: 80C9F3C4C44CD6012CAACC6E829AB935, Fake md5: 8AD77806D336673F270DB316452
67293
16:39:16.0263 10456 NlaSvc ( ForgedFile.Multi.Generic ) - warning
16:39:16.0263 10456 NlaSvc - detected ForgedFile.Multi.Generic (1)
16:39:16.0292 10456 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs
C:\Win
dows\system32\drivers\Npfs.sys
16:39:16.0444 10456 Npfs - ok
16:39:16.0500 10456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi

C:\Win
dows\system32\nsisvc.dll
16:39:16.0687 10456 nsi - ok
16:39:16.0723 10456 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy
C:\Win
dows\system32\drivers\nsiproxy.sys
16:39:16.0839 10456 nsiproxy - ok
16:39:16.0879 10456 [ 500C699225885BA8B8C672339020626D ] Ntfs
C:\Win
dows\system32\drivers\Ntfs.sys
16:39:16.0985 10456 Suspicious file (Forged): C:\Windows\system32\drivers\Ntfs.
sys. Real md5: 500C699225885BA8B8C672339020626D, Fake md5: B98F8C6E31CD07B2E6F71
F7F648E38C0
16:39:17.0042 10456 Ntfs ( ForgedFile.Multi.Generic ) - warning
16:39:17.0042 10456 Ntfs - detected ForgedFile.Multi.Generic (1)
16:39:17.0126 10456 [ A15CDAB7892593C3216CFF8B11C8BF2D ] ntrtscan
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
16:39:17.0252 10456 Suspicious file (Forged): C:\Program Files (x86)\Trend Micr
o\OfficeScan Client\ntrtscan.exe. Real md5: A15CDAB7892593C3216CFF8B11C8BF2D, Fa
ke md5: 1B3BE4DFCC24640547DFBEC8BDD3C7C4
16:39:17.0259 10456 ntrtscan ( ForgedFile.Multi.Generic ) - warning
16:39:17.0259 10456 ntrtscan - detected ForgedFile.Multi.Generic (1)
16:39:17.0284 10456 [ 9899284589F75FA8724FF3D16AED75C1 ] Null
C:\Win
dows\system32\drivers\Null.sys
16:39:17.0455 10456 Null - ok
16:39:17.0557 10456 [ DD3739E40B7AADE288B72643E8C1E50C ] nvlddmkm
C:\Win
dows\system32\DRIVERS\nvlddmkm.sys
16:39:17.0903 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nvldd
mkm.sys. Real md5: DD3739E40B7AADE288B72643E8C1E50C, Fake md5: FF02BAE39D23BB749
59F6F49BBD589D3
16:39:17.0945 10456 nvlddmkm ( ForgedFile.Multi.Generic ) - warning
16:39:17.0945 10456 nvlddmkm - detected ForgedFile.Multi.Generic (1)
16:39:17.0988 10456 [ 9C7B92EC80B77099D5C0FC8535B1B2CD ] nvraid
C:\Win
dows\system32\drivers\nvraid.sys
16:39:18.0087 10456 Suspicious file (Forged): C:\Windows\system32\drivers\nvrai
d.sys. Real md5: 9C7B92EC80B77099D5C0FC8535B1B2CD, Fake md5: 0A92CB65770442ED0DC
44834632F66AD
16:39:18.0139 10456 nvraid ( ForgedFile.Multi.Generic ) - warning
16:39:18.0139 10456 nvraid - detected ForgedFile.Multi.Generic (1)
16:39:18.0281 10456 [ D5746AD5407B29F81E008424B010526F ] nvstor
C:\Win
dows\system32\drivers\nvstor.sys
16:39:18.0637 10456 Suspicious file (Forged): C:\Windows\system32\drivers\nvsto
r.sys. Real md5: D5746AD5407B29F81E008424B010526F, Fake md5: DAB0E87525C10052BF6
5F06152F37E4A
16:39:18.0655 10456 nvstor ( ForgedFile.Multi.Generic ) - warning
16:39:18.0655 10456 nvstor - detected ForgedFile.Multi.Generic (1)
16:39:18.0694 10456 [ BEBBAF418E7EB23FE5C5F6465B7A7781 ] nvsvc
C:\Win
dows\system32\nvvsvc.exe
16:39:18.0731 10456 Suspicious file (Forged): C:\Windows\system32\nvvsvc.exe. R
eal md5: BEBBAF418E7EB23FE5C5F6465B7A7781, Fake md5: 7C1AD7110624B1B546CDC752486
AE9FA
16:39:18.0732 10456 nvsvc ( ForgedFile.Multi.Generic ) - warning
16:39:18.0732 10456 nvsvc - detected ForgedFile.Multi.Generic (1)
16:39:18.0773 10456 [ 38E1500522B8FB97248147FCDCE63B1F ] nv_agp
C:\Win
dows\system32\drivers\nv_agp.sys
16:39:18.0810 10456 Suspicious file (Forged): C:\Windows\system32\drivers\nv_ag
p.sys. Real md5: 38E1500522B8FB97248147FCDCE63B1F, Fake md5: 270D7CD42D6E3979F6D
D0146650F0E05
16:39:18.0812 10456 nv_agp ( ForgedFile.Multi.Generic ) - warning
16:39:18.0812 10456 nv_agp - detected ForgedFile.Multi.Generic (1)
16:39:18.0857 10456 [ 58D038F101EA35B08EA81F1BA9C0CE69 ] NW1950
C:\Win
dows\system32\DRIVERS\NW1950.sys
16:39:18.0904 10456 NW1950 - ok

16:39:18.0950 10456 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394
C:\Win
dows\system32\drivers\ohci1394.sys
16:39:19.0046 10456 ohci1394 - ok
16:39:19.0096 10456 [ 23345305EDC5827EDE315B8491292308 ] ose
C:\Pro
gram Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
es\Microsoft Shared\Source Engine\OSE.EXE. Real md5: 23345305EDC5827EDE315B84912
92308, Fake md5: 5A432A042DAE460ABE7199B758E8606C
16:39:19.0168 10456 ose ( ForgedFile.Multi.Generic ) - warning
16:39:19.0168 10456 ose - detected ForgedFile.Multi.Generic (1)
16:39:19.0204 10456 [ 5F6F4CE6E34C63088F2D049DB21AE060 ] p2pimsvc
C:\Win
dows\system32\pnrpsvc.dll
16:39:19.0215 10456 Suspicious file (Forged): C:\Windows\system32\pnrpsvc.dll.
Real md5: 5F6F4CE6E34C63088F2D049DB21AE060, Fake md5: 3EAC4455472CC2C97107B5291E
0DCAFE
16:39:19.0215 10456 p2pimsvc ( ForgedFile.Multi.Generic ) - warning
16:39:19.0216 10456 p2pimsvc - detected ForgedFile.Multi.Generic (1)
16:39:19.0244 10456 [ 756645FB1BF7F3A406DD9A4C13CC73C0 ] p2psvc
C:\Win
dows\system32\p2psvc.dll
16:39:19.0310 10456 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. R
eal md5: 756645FB1BF7F3A406DD9A4C13CC73C0, Fake md5: 927463ECB02179F88E4B9A17568
C63C3
16:39:19.0311 10456 p2psvc ( ForgedFile.Multi.Generic ) - warning
16:39:19.0311 10456 p2psvc - detected ForgedFile.Multi.Generic (1)
16:39:19.0337 10456 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport
C:\Win
dows\system32\DRIVERS\parport.sys
16:39:19.0447 10456 Parport - ok
16:39:19.0478 10456 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr
C:\Win
dows\system32\drivers\partmgr.sys
16:39:19.0520 10456 partmgr - ok
16:39:19.0552 10456 [ F996ED9045A526FF8416402F74D649F0 ] PcaSvc
C:\Win
dows\System32\pcasvc.dll
16:39:19.0572 10456 Suspicious file (Forged): C:\Windows\System32\pcasvc.dll. R
eal md5: F996ED9045A526FF8416402F74D649F0, Fake md5: 3AEAA8B561E63452C655DC05849
22257
16:39:19.0573 10456 PcaSvc ( ForgedFile.Multi.Generic ) - warning
16:39:19.0573 10456 PcaSvc - detected ForgedFile.Multi.Generic (1)
16:39:19.0589 10456 [ C50B5F389659FB359CCB18459F719F6C ] pci
C:\Win
dows\system32\drivers\pci.sys
16:39:19.0640 10456 Suspicious file (Forged): C:\Windows\system32\drivers\pci.s
ys. Real md5: C50B5F389659FB359CCB18459F719F6C, Fake md5: 94575C0571D1462A0F70BD
E6BD6EE6B3
16:39:19.0641 10456 pci ( ForgedFile.Multi.Generic ) - warning
16:39:19.0641 10456 pci - detected ForgedFile.Multi.Generic (1)
16:39:19.0687 10456 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide
C:\Win
dows\system32\drivers\pciide.sys
16:39:19.0706 10456 pciide - ok
16:39:19.0745 10456 [ 363452647D3E2DA5E3E385C6475D4460 ] pcmcia
C:\Win
dows\system32\DRIVERS\pcmcia.sys
16:39:19.0796 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\pcmci
a.sys. Real md5: 363452647D3E2DA5E3E385C6475D4460, Fake md5: B2E81D4E87CE48589F9
8CB8C05B01F2F
16:39:19.0796 10456 pcmcia ( ForgedFile.Multi.Generic ) - warning
16:39:19.0796 10456 pcmcia - detected ForgedFile.Multi.Generic (1)
16:39:19.0813 10456 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw
C:\Win
dows\system32\drivers\pcw.sys
16:39:19.0845 10456 pcw - ok
16:39:19.0872 10456 [ 707702D6769F95D8FD2F41801D18DF5C ] PEAUTH
C:\Win
dows\system32\drivers\peauth.sys
16:39:19.0923 10456 Suspicious file (Forged): C:\Windows\system32\drivers\peaut

h.sys. Real md5: 707702D6769F95D8FD2F41801D18DF5C, Fake md5: 68769C3356B3BE5D1C7
32C97B9A80D6E
16:39:19.0925 10456 PEAUTH ( ForgedFile.Multi.Generic ) - warning
16:39:19.0925 10456 PEAUTH - detected ForgedFile.Multi.Generic (1)
16:39:19.0992 10456 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost
C:\Win
dows\SysWow64\perfhost.exe
16:39:20.0179 10456 PerfHost - ok
16:39:20.0266 10456 [ 27AE46A9E30F50A6BFA6198E51000357 ] pla
C:\Win
dows\system32\pla.dll
16:39:20.0398 10456 Suspicious file (Forged): C:\Windows\system32\pla.dll. Real
md5: 27AE46A9E30F50A6BFA6198E51000357, Fake md5: C7CF6A6E137463219E1259E3F0F0DD
6C
16:39:20.0401 10456 pla ( ForgedFile.Multi.Generic ) - warning
16:39:20.0402 10456 pla - detected ForgedFile.Multi.Generic (1)
16:39:20.0431 10456 [ 04F8E53EE6768DD99229CD2E938E4A7C ] PlugPlay
C:\Win
dows\system32\umpnpmgr.dll
16:39:20.0484 10456 Suspicious file (Forged): C:\Windows\system32\umpnpmgr.dll.
Real md5: 04F8E53EE6768DD99229CD2E938E4A7C, Fake md5: 25FBDEF06C4D92815B353F6E7
92C8129
16:39:20.0485 10456 PlugPlay ( ForgedFile.Multi.Generic ) - warning
16:39:20.0485 10456 PlugPlay - detected ForgedFile.Multi.Generic (1)
16:39:20.0529 10456 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg
C:\Win
dows\system32\pnrpauto.dll
16:39:20.0638 10456 PNRPAutoReg - ok
16:39:20.0655 10456 [ 5F6F4CE6E34C63088F2D049DB21AE060 ] PNRPsvc
C:\Win
0DCAFE
16:39:20.0691 10456 PNRPsvc ( ForgedFile.Multi.Generic ) - warning
16:39:20.0691 10456 PNRPsvc - detected ForgedFile.Multi.Generic (1)
16:39:20.0723 10456 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64
C:\Win
dows\system32\DRIVERS\point64.sys
16:39:20.0781 10456 Point64 - ok
16:39:20.0823 10456 [ 338C992A965C483EAD8B16F80036C913 ] PolicyAgent
C:\Win
dows\System32\ipsecsvc.dll
16:39:20.0846 10456 Suspicious file (Forged): C:\Windows\System32\ipsecsvc.dll.
Real md5: 338C992A965C483EAD8B16F80036C913, Fake md5: 4F15D75ADF6156BF56ECED6D4
A55C389
16:39:20.0847 10456 PolicyAgent ( ForgedFile.Multi.Generic ) - warning
16:39:20.0847 10456 PolicyAgent - detected ForgedFile.Multi.Generic (1)
16:39:20.0875 10456 [ 6CC3D8ECD5A9967C9227BE8D17B988A6 ] Power
C:\Win
dows\system32\umpo.dll
16:39:20.0935 10456 Suspicious file (Forged): C:\Windows\system32\umpo.dll. Rea
l md5: 6CC3D8ECD5A9967C9227BE8D17B988A6, Fake md5: 6BA9D927DDED70BD1A9CADED45F8B
184
16:39:20.0936 10456 Power ( ForgedFile.Multi.Generic ) - warning
16:39:20.0936 10456 Power - detected ForgedFile.Multi.Generic (1)
16:39:20.0981 10456 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport
C:\Win
dows\system32\DRIVERS\raspptp.sys
16:39:21.0182 10456 PptpMiniport - ok
16:39:21.0230 10456 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor
C:\Win
dows\system32\DRIVERS\processr.sys
16:39:21.0338 10456 Processor - ok
16:39:21.0364 10456 [ 6DC10BD52B9EBE73FB2FB9F06F91D576 ] ProfSvc
C:\Win
dows\system32\profsvc.dll
16:39:21.0432 10456 Suspicious file (Forged): C:\Windows\system32\profsvc.dll.
Real md5: 6DC10BD52B9EBE73FB2FB9F06F91D576, Fake md5: 53E83F1F6CF9D62F32801CF66D
8352A8
16:39:21.0433 10456 ProfSvc ( ForgedFile.Multi.Generic ) - warning

16:39:21.0433 10456 ProfSvc - detected ForgedFile.Multi.Generic (1)
16:39:21.0467 10456 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Wi
ndows\system32\lsass.exe
16:39:21.0520 10456 ProtectedStorage - ok
16:39:21.0553 10456 [ 310D59BD6E8CDC0F2000AF2010679936 ] Psched
C:\Win
dows\system32\DRIVERS\pacer.sys
16:39:21.0571 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\pacer
.sys. Real md5: 310D59BD6E8CDC0F2000AF2010679936, Fake md5: 0557CF5A2556BD58E263
84169D72438D
16:39:21.0571 10456 Psched ( ForgedFile.Multi.Generic ) - warning
16:39:21.0571 10456 Psched - detected ForgedFile.Multi.Generic (1)
16:39:21.0598 10456 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64
C:\Win
dows\system32\Drivers\PxHlpa64.sys
16:39:21.0654 10456 PxHlpa64 - ok
16:39:21.0673 10456 [ F7A7E5C35654A40DAC4F32DF6ACFB443 ] ql2300
C:\Win
dows\system32\DRIVERS\ql2300.sys
16:39:21.0785 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ql230
0.sys. Real md5: F7A7E5C35654A40DAC4F32DF6ACFB443, Fake md5: A53A15A11EBFD210774
63EE2C7AFEEF0
16:39:21.0790 10456 ql2300 ( ForgedFile.Multi.Generic ) - warning
16:39:21.0790 10456 ql2300 - detected ForgedFile.Multi.Generic (1)
16:39:21.0836 10456 [ 78C473D7CBD27DCD30D27035F4A25310 ] ql40xx
C:\Win
dows\system32\DRIVERS\ql40xx.sys
16:39:21.0869 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ql40x
x.sys. Real md5: 78C473D7CBD27DCD30D27035F4A25310, Fake md5: 4F6D12B51DE1AAEFF7D
C58C4D75423C8
16:39:21.0870 10456 ql40xx ( ForgedFile.Multi.Generic ) - warning
16:39:21.0870 10456 ql40xx - detected ForgedFile.Multi.Generic (1)
16:39:21.0904 10456 [ 689CB8A9930F9D6F3838F751619FA22F ] QWAVE
C:\Win
dows\system32\qwave.dll
16:39:21.0960 10456 Suspicious file (Forged): C:\Windows\system32\qwave.dll. Re
al md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: 906191634E99AEA92C4816150BDA
3732
16:39:21.0961 10456 QWAVE ( ForgedFile.Multi.Generic ) - warning
16:39:21.0961 10456 QWAVE - detected ForgedFile.Multi.Generic (1)
16:39:21.0998 10456 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv
C:\Win
dows\system32\drivers\qwavedrv.sys
16:39:22.0334 10456 QWAVEdrv - ok
16:39:22.0369 10456 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd
C:\Win
dows\system32\DRIVERS\rasacd.sys
16:39:22.0513 10456 RasAcd - ok
16:39:22.0552 10456 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn
C:\Win
dows\system32\DRIVERS\AgileVpn.sys
16:39:22.0729 10456 RasAgileVpn - ok
16:39:22.0786 10456 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto
C:\Win
dows\System32\rasauto.dll
16:39:22.0978 10456 RasAuto - ok
16:39:23.0035 10456 [ BF5D2350D0CD373BE05911DA4A7F21E3 ] Rasl2tp
C:\Win
dows\system32\DRIVERS\rasl2tp.sys
16:39:23.0058 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rasl2
tp.sys. Real md5: BF5D2350D0CD373BE05911DA4A7F21E3, Fake md5: 471815800AE33E6F1C
32FB1B97C490CA
16:39:23.0058 10456 Rasl2tp ( ForgedFile.Multi.Generic ) - warning
16:39:23.0058 10456 Rasl2tp - detected ForgedFile.Multi.Generic (1)
16:39:23.0109 10456 [ E265B60A4AF7915C7064C2B7AEC8E1D2 ] RasMan
C:\Win
dows\System32\rasmans.dll
16:39:23.0161 10456 Suspicious file (Forged): C:\Windows\System32\rasmans.dll.
Real md5: E265B60A4AF7915C7064C2B7AEC8E1D2, Fake md5: EE867A0870FC9E4972BA9EAAD3
5651E2
16:39:23.0162 10456 RasMan ( ForgedFile.Multi.Generic ) - warning

16:39:23.0162 10456 RasMan - detected ForgedFile.Multi.Generic (1)
16:39:23.0194 10456 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe
C:\Win
dows\system32\DRIVERS\raspppoe.sys
16:39:23.0388 10456 RasPppoe - ok
16:39:23.0459 10456 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp
C:\Win
dows\system32\DRIVERS\rassstp.sys
16:39:23.0619 10456 RasSstp - ok
16:39:23.0664 10456 [ 13F155753E1D4E9B6D6B1B362C9A7233 ] rdbss
C:\Win
dows\system32\DRIVERS\rdbss.sys
16:39:23.0699 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rdbss
.sys. Real md5: 13F155753E1D4E9B6D6B1B362C9A7233, Fake md5: 77F665941019A1594D88
7A74F301FA2F
16:39:23.0700 10456 rdbss ( ForgedFile.Multi.Generic ) - warning
16:39:23.0700 10456 rdbss - detected ForgedFile.Multi.Generic (1)
16:39:23.0754 10456 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus
C:\Win
dows\system32\DRIVERS\rdpbus.sys
16:39:23.0850 10456 rdpbus - ok
16:39:23.0869 10456 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD
C:\Win
dows\system32\DRIVERS\RDPCDD.sys
16:39:24.0185 10456 RDPCDD - ok
16:39:24.0237 10456 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD
C:\Win
dows\system32\drivers\rdpencdd.sys
16:39:24.0372 10456 RDPENCDD - ok
16:39:24.0414 10456 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP
C:\Win
dows\system32\drivers\rdprefmp.sys
16:39:24.0496 10456 RDPREFMP - ok
16:39:24.0513 10456 [ F1FBD4759044EA9A244E583F71FD94E1 ] RDPWD
C:\Win
dows\system32\drivers\RDPWD.sys
16:39:24.0545 10456 Suspicious file (Forged): C:\Windows\system32\drivers\RDPWD
.sys. Real md5: F1FBD4759044EA9A244E583F71FD94E1, Fake md5: E61608AA35E98999AF9A
AEEEA6114B0A
16:39:24.0545 10456 RDPWD ( ForgedFile.Multi.Generic ) - warning
16:39:24.0546 10456 RDPWD - detected ForgedFile.Multi.Generic (1)
16:39:24.0593 10456 [ 51687F8E2C144A2F04F9525887C58DA2 ] rdyboost
C:\Win
dows\system32\drivers\rdyboost.sys
16:39:24.0654 10456 Suspicious file (Forged): C:\Windows\system32\drivers\rdybo
ost.sys. Real md5: 51687F8E2C144A2F04F9525887C58DA2, Fake md5: 34ED295FA0121C241
BFEF24764FC4520
16:39:24.0656 10456 rdyboost ( ForgedFile.Multi.Generic ) - warning
16:39:24.0656 10456 rdyboost - detected ForgedFile.Multi.Generic (1)
16:39:24.0705 10456 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi
C:\Win
dows\system32\drivers\regi.sys
16:39:24.0745 10456 regi - ok
16:39:24.0776 10456 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess
C:\Win
dows\System32\mprdim.dll
16:39:24.0920 10456 RemoteAccess - ok
16:39:24.0954 10456 [ D68CCAD047B94686B0A004D9EBB3E94F ] RemoteRegistry C:\Win
dows\system32\regsvc.dll
16:39:24.0986 10456 Suspicious file (Forged): C:\Windows\system32\regsvc.dll. R
eal md5: D68CCAD047B94686B0A004D9EBB3E94F, Fake md5: E4D94F24081440B5FC5AA556C7C
62702
16:39:24.0986 10456 RemoteRegistry ( ForgedFile.Multi.Generic ) - warning
16:39:24.0986 10456 RemoteRegistry - detected ForgedFile.Multi.Generic (1)
16:39:25.0011 10456 [ 34CFD342C96F44062A4884C29535F37D ] RFCOMM
C:\Win
dows\system32\DRIVERS\rfcomm.sys
16:39:25.0031 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rfcom
m.sys. Real md5: 34CFD342C96F44062A4884C29535F37D, Fake md5: 3DD798846E2C28102B9
22C56E71B7932
16:39:25.0032 10456 RFCOMM ( ForgedFile.Multi.Generic ) - warning
16:39:25.0032 10456 RFCOMM - detected ForgedFile.Multi.Generic (1)

16:39:25.0057 10456 [ 5767961268AA43D9F3FA6D59EC8B7B12 ] rimspci
C:\Win
dows\system32\DRIVERS\rimssne64.sys
16:39:25.0273 10456 rimspci - ok
16:39:25.0318 10456 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb
C:\Win
dows\system32\Drivers\RimUsb_AMD64.sys
16:39:25.0417 10456 RimUsb - ok
16:39:25.0451 10456 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe
C:\Win
dows\system32\DRIVERS\risdsne64.sys
16:39:25.0520 10456 risdsnpe - ok
16:39:25.0615 10456 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper
C:\Win
dows\System32\RpcEpMap.dll
16:39:26.0037 10456 RpcEptMapper - ok
16:39:26.0102 10456 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator
C:\Win
dows\system32\locator.exe
16:39:26.0193 10456 RpcLocator - ok
16:39:26.0219 10456 [ 816DF6F64DEBA63B029CA19D880EE10A ] RpcSs
C:\Win
D123
16:39:26.0239 10456 RpcSs ( ForgedFile.Multi.Generic ) - warning
16:39:26.0240 10456 RpcSs - detected ForgedFile.Multi.Generic (1)
16:39:26.0281 10456 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr
C:\Win
dows\system32\DRIVERS\rspndr.sys
16:39:26.0445 10456 rspndr - ok
16:39:26.0500 10456 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs
C:\Win
16:39:26.0529 10456 SamSs - ok
16:39:26.0560 10456 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port
C:\Win
dows\system32\drivers\sbp2port.sys
16:39:26.0591 10456 sbp2port - ok
16:39:26.0630 10456 [ 8581913F73B26304A3DAFF46D9FC2B6D ] SCardSvr
C:\Win
dows\System32\SCardSvr.dll
16:39:26.0648 10456 Suspicious file (Forged): C:\Windows\System32\SCardSvr.dll.
Real md5: 8581913F73B26304A3DAFF46D9FC2B6D, Fake md5: 9B7395789E3791A3B6D000FE6
F8B131E
16:39:26.0649 10456 SCardSvr ( ForgedFile.Multi.Generic ) - warning
16:39:26.0649 10456 SCardSvr - detected ForgedFile.Multi.Generic (1)
16:39:26.0681 10456 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter
C:\Win
dows\system32\DRIVERS\scfilter.sys
16:39:26.0857 10456 scfilter - ok
16:39:26.0915 10456 [ B001E8346CD336D37D45A3D614A6B54B ] Schedule
C:\Win
dows\system32\schedsvc.dll
16:39:26.0999 10456 Suspicious file (Forged): C:\Windows\system32\schedsvc.dll.
Real md5: B001E8346CD336D37D45A3D614A6B54B, Fake md5: 262F6592C3299C005FD6BEC90
FC4463A
16:39:27.0002 10456 Schedule ( ForgedFile.Multi.Generic ) - warning
16:39:27.0003 10456 Schedule - detected ForgedFile.Multi.Generic (1)
16:39:27.0038 10456 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc
C:\Win
16:39:27.0181 10456 SCPolicySvc - ok
16:39:27.0249 10456 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus
C:\Win
dows\system32\drivers\sdbus.sys
16:39:27.0519 10456 sdbus - ok
16:39:27.0563 10456 [ 718760248EFD4756E809C731ADAF347B ] SDRSVC
C:\Win
dows\System32\SDRSVC.dll
16:39:27.0609 10456 Suspicious file (Forged): C:\Windows\System32\SDRSVC.dll. R
eal md5: 718760248EFD4756E809C731ADAF347B, Fake md5: 6EA4234DC55346E0709560FE7C2
C1972
16:39:27.0610 10456 SDRSVC ( ForgedFile.Multi.Generic ) - warning

16:39:27.0610 10456 SDRSVC - detected ForgedFile.Multi.Generic (1)
16:39:27.0646 10456 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv
C:\Win
dows\system32\drivers\secdrv.sys
16:39:27.0788 10456 secdrv - ok
16:39:27.0813 10456 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon
C:\Win
dows\system32\seclogon.dll
16:39:28.0013 10456 seclogon - ok
16:39:28.0074 10456 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS
C:\Win
dows\System32\sens.dll
16:39:28.0237 10456 SENS - ok
16:39:28.0296 10456 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc
C:\Win
dows\system32\sensrsvc.dll
16:39:28.0398 10456 SensrSvc - ok
16:39:28.0433 10456 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum
C:\Win
dows\system32\DRIVERS\serenum.sys
16:39:28.0503 10456 Serenum - ok
16:39:28.0543 10456 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial
C:\Win
dows\system32\DRIVERS\serial.sys
16:39:28.0628 10456 Serial - ok
16:39:28.0720 10456 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse
C:\Win
dows\system32\DRIVERS\sermouse.sys
16:39:28.0788 10456 sermouse - ok
16:39:28.0880 10456 [ A9DAE23C8CA1BA670997267B7B382AD4 ] SessionEnv
C:\Win
dows\system32\sessenv.dll
16:39:28.0918 10456 Suspicious file (Forged): C:\Windows\system32\sessenv.dll.
Real md5: A9DAE23C8CA1BA670997267B7B382AD4, Fake md5: 0B6231BF38174A1628C4AC812C
C75804
16:39:28.0919 10456 SessionEnv ( ForgedFile.Multi.Generic ) - warning
16:39:28.0919 10456 SessionEnv - detected ForgedFile.Multi.Generic (1)
16:39:28.0950 10456 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP
C:\Win
dows\system32\DRIVERS\SFEP.sys
16:39:29.0049 10456 SFEP - ok
16:39:29.0096 10456 [ A554811BCD09279536440C964AE35BBF ] sffdisk
C:\Win
dows\system32\drivers\sffdisk.sys
16:39:29.0169 10456 sffdisk - ok
16:39:29.0183 10456 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc
C:\Win
dows\system32\drivers\sffp_mmc.sys
16:39:29.0247 10456 sffp_mmc - ok
16:39:29.0288 10456 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd
C:\Win
dows\system32\drivers\sffp_sd.sys
16:39:29.0400 10456 sffp_sd - ok
16:39:29.0448 10456 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy
C:\Win
dows\system32\DRIVERS\sfloppy.sys
16:39:29.0537 10456 sfloppy - ok
16:39:29.0559 10456 [ D006E20FA1B75DF0D4FED0C5200B5F4D ] SharedAccess
C:\Win
dows\System32\ipnathlp.dll
16:39:29.0633 10456 Suspicious file (Forged): C:\Windows\System32\ipnathlp.dll.
Real md5: D006E20FA1B75DF0D4FED0C5200B5F4D, Fake md5: B95F6501A2F8B2E78C697FEC4
01970CE
16:39:29.0634 10456 SharedAccess ( ForgedFile.Multi.Generic ) - warning
16:39:29.0634 10456 SharedAccess - detected ForgedFile.Multi.Generic (1)
16:39:29.0671 10456 [ D9A5896AD69E9B1A2A0C6F718095C50A ] ShellHWDetection C:\Wi
ndows\System32\shsvcs.dll
16:39:29.0719 10456 Suspicious file (Forged): C:\Windows\System32\shsvcs.dll. R
eal md5: D9A5896AD69E9B1A2A0C6F718095C50A, Fake md5: AAF932B4011D14052955D4B212A
4DA8D
16:39:29.0720 10456 ShellHWDetection ( ForgedFile.Multi.Generic ) - warning
16:39:29.0720 10456 ShellHWDetection - detected ForgedFile.Multi.Generic (1)
16:39:29.0753 10456 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2
C:\Win
dows\system32\DRIVERS\SiSRaid2.sys
16:39:29.0815 10456 SiSRaid2 - ok
16:39:29.0848 10456 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4
C:\Win
dows\system32\DRIVERS\sisraid4.sys
16:39:29.0890 10456 SiSRaid4 - ok
16:39:29.0931 10456 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb
C:\Win
dows\system32\DRIVERS\smb.sys
16:39:30.0313 10456 Smb - ok
16:39:30.0396 10456 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP
C:\Win
dows\System32\snmptrap.exe
16:39:30.0519 10456 SNMPTRAP - ok
16:39:30.0594 10456 [ 1C0076D76B8967F178E66BA1E8C57A54 ] SOHCImp
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
es\Sony Shared\SOHLib\SOHCImp.exe. Real md5: 1C0076D76B8967F178E66BA1E8C57A54, F
ake md5: 98886C88A1CB13D61672AE2C638B7E1C
16:39:30.0666 10456 SOHCImp ( ForgedFile.Multi.Generic ) - warning
16:39:30.0666 10456 SOHCImp - detected ForgedFile.Multi.Generic (1)
16:39:30.0689 10456 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
16:39:30.0704 10456 SOHDBSvr - ok
16:39:30.0720 10456 [ 4C46F4DFAFCE21820FF98978BF135530 ] SOHDms
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
es\Sony Shared\SOHLib\SOHDms.exe. Real md5: 4C46F4DFAFCE21820FF98978BF135530, Fa
ke md5: 556681BE668D71DC162391A45422B52C
16:39:30.0777 10456 SOHDms ( ForgedFile.Multi.Generic ) - warning
16:39:30.0777 10456 SOHDms - detected ForgedFile.Multi.Generic (1)
16:39:30.0798 10456 [ 72B46103E4111439109ACF5882627C24 ] SOHDs
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:39:30.0822 10456 SOHDs - ok
16:39:30.0839 10456 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
16:39:30.0889 10456 SOHPlMgr - ok
16:39:30.0932 10456 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr
C:\Win
dows\system32\drivers\spldr.sys
16:39:30.0977 10456 spldr - ok
16:39:30.0995 10456 [ F9F18AB6CD212C1FD2B7CF9049D476A1 ] Spooler
C:\Win
dows\System32\spoolsv.exe
16:39:31.0054 10456 Suspicious file (Forged): C:\Windows\System32\spoolsv.exe.
Real md5: F9F18AB6CD212C1FD2B7CF9049D476A1, Fake md5: 85DAA09A98C9286D4EA2BA8D0E
644377
16:39:31.0056 10456 Spooler ( ForgedFile.Multi.Generic ) - warning
16:39:31.0056 10456 Spooler - detected ForgedFile.Multi.Generic (1)
16:39:31.0092 10456 [ 1030D0C9B2A5C7E26FAD2B5DA09A3F2C ] sppsvc
C:\Win
dows\system32\sppsvc.exe
16:39:31.0259 10456 Suspicious file (Forged): C:\Windows\system32\sppsvc.exe. R
eal md5: 1030D0C9B2A5C7E26FAD2B5DA09A3F2C, Fake md5: E17E0188BB90FAE42D83E98707E
FA59C
16:39:31.0269 10456 sppsvc ( ForgedFile.Multi.Generic ) - warning
16:39:31.0269 10456 sppsvc - detected ForgedFile.Multi.Generic (1)
16:39:31.0318 10456 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify
C:\Win
dows\system32\sppuinotify.dll
16:39:31.0424 10456 sppuinotify - ok
16:39:31.0459 10456 [ 0E4F0E65B32CB4132B39A439951342A3 ] SQLBrowser
c:\Pro
gram Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:39:31.0499 10456 Suspicious file (Forged): c:\Program Files (x86)\Microsoft
SQL Server\90\Shared\sqlbrowser.exe. Real md5: 0E4F0E65B32CB4132B39A439951342A3,
Fake md5: 86EBD8B1F23E743AAD21F4D5B4D40985
16:39:31.0500 10456 SQLBrowser ( ForgedFile.Multi.Generic ) - warning
16:39:31.0500 10456 SQLBrowser - detected ForgedFile.Multi.Generic (1)

16:39:31.0569 10456 [ EF0B70C00C2FD690FE0C99FFA07EB4EF ] SQLWriter
c:\Pro
gram Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:39:31.0594 10456 Suspicious file (Forged): c:\Program Files\Microsoft SQL Se
rver\90\Shared\sqlwriter.exe. Real md5: EF0B70C00C2FD690FE0C99FFA07EB4EF, Fake m
d5: 3C432A96363097870995E2A3C8B66ABD
16:39:31.0594 10456 SQLWriter ( ForgedFile.Multi.Generic ) - warning
16:39:31.0594 10456 SQLWriter - detected ForgedFile.Multi.Generic (1)
16:39:31.0620 10456 [ DBE66330EAE4C6213FD35EC473FC3109 ] srv
C:\Win
dows\system32\DRIVERS\srv.sys
16:39:31.0676 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv.s
ys. Real md5: DBE66330EAE4C6213FD35EC473FC3109, Fake md5: 441FBA48BFF01FDB9D5969
EBC1838F0B
16:39:31.0677 10456 srv ( ForgedFile.Multi.Generic ) - warning
16:39:31.0677 10456 srv - detected ForgedFile.Multi.Generic (1)
16:39:31.0704 10456 [ AF0B5F1637EBDF57D7590FC123428EF9 ] srv2
C:\Win
dows\system32\DRIVERS\srv2.sys
16:39:31.0743 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv2.
sys. Real md5: AF0B5F1637EBDF57D7590FC123428EF9, Fake md5: B4ADEBBF5E3677CCE9651
E0F01F7CC28
16:39:31.0744 10456 srv2 ( ForgedFile.Multi.Generic ) - warning
16:39:31.0744 10456 srv2 - detected ForgedFile.Multi.Generic (1)
16:39:31.0749 10456 [ 1E517742239024F78839DAEE35CB395B ] srvnet
C:\Win
dows\system32\DRIVERS\srvnet.sys
16:39:31.0772 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srvne
t.sys. Real md5: 1E517742239024F78839DAEE35CB395B, Fake md5: 27E461F0BE5BFF5FC73
7328F749538C3
16:39:31.0772 10456 srvnet ( ForgedFile.Multi.Generic ) - warning
16:39:31.0772 10456 srvnet - detected ForgedFile.Multi.Generic (1)
16:39:31.0782 10456 [ 3FAA64A9833D04C95E49398B1B4E11AA ] SSDPSRV
C:\Win
dows\System32\ssdpsrv.dll
16:39:31.0830 10456 Suspicious file (Forged): C:\Windows\System32\ssdpsrv.dll.
Real md5: 3FAA64A9833D04C95E49398B1B4E11AA, Fake md5: 51B52FBD583CDE8AA9BA62B8B4
298F33
16:39:31.0830 10456 SSDPSRV ( ForgedFile.Multi.Generic ) - warning
16:39:31.0831 10456 SSDPSRV - detected ForgedFile.Multi.Generic (1)
16:39:31.0858 10456 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc
C:\Win
dows\system32\sstpsvc.dll
16:39:31.0956 10456 SstpSvc - ok
16:39:32.0016 10456 [ A6761BA0C8FA8DE5851AF7A679112599 ] ss_bus
C:\Win
dows\system32\DRIVERS\ss_bus.sys
16:39:32.0041 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ss_bu
s.sys. Real md5: A6761BA0C8FA8DE5851AF7A679112599, Fake md5: D21FF3592DAEE244EE8
376830A672B52
16:39:32.0041 10456 ss_bus ( ForgedFile.Multi.Generic ) - warning
16:39:32.0041 10456 ss_bus - detected ForgedFile.Multi.Generic (1)
16:39:32.0079 10456 [ F3817967ED533D08327DC73BC4D5542A ] stexstor
C:\Win
dows\system32\DRIVERS\stexstor.sys
16:39:32.0106 10456 stexstor - ok
16:39:32.0212 10456 [ 97AD8CDF092E54B27C3D0C0B2A0F0849 ] stisvc
C:\Win
dows\System32\wiaservc.dll
16:39:32.0303 10456 Suspicious file (Forged): C:\Windows\System32\wiaservc.dll.
Real md5: 97AD8CDF092E54B27C3D0C0B2A0F0849, Fake md5: 8DD52E8E6128F4B2DA92CE274
02871C1
16:39:32.0304 10456 stisvc ( ForgedFile.Multi.Generic ) - warning
16:39:32.0304 10456 stisvc - detected ForgedFile.Multi.Generic (1)
16:39:32.0338 10456 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum
C:\Win
dows\system32\drivers\swenum.sys
16:39:32.0371 10456 swenum - ok
16:39:32.0400 10456 [ 59071590099D21DD439896592338BF95 ] swprv
C:\Win
dows\System32\swprv.dll
16:39:32.0422 10456 Suspicious file (Forged): C:\Windows\System32\swprv.dll. Re
al md5: 59071590099D21DD439896592338BF95, Fake md5: E08E46FDD841B7184194011CA195
5A0B
16:39:32.0423 10456 swprv ( ForgedFile.Multi.Generic ) - warning
16:39:32.0423 10456 swprv - detected ForgedFile.Multi.Generic (1)
16:39:32.0470 10456 [ 411258D8A39220B4817EB2F55C4D8FEE ] SysMain
C:\Win
dows\system32\sysmain.dll
16:39:32.0595 10456 Suspicious file (Forged): C:\Windows\system32\sysmain.dll.
Real md5: 411258D8A39220B4817EB2F55C4D8FEE, Fake md5: BF9CCC0BF39B418C8D0AE8B05C
F95B7D
16:39:32.0614 10456 SysMain ( ForgedFile.Multi.Generic ) - warning
16:39:32.0614 10456 SysMain - detected ForgedFile.Multi.Generic (1)
16:39:32.0684 10456 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\
Windows\System32\TabSvc.dll
16:39:32.0819 10456 TabletInputService - ok
16:39:32.0866 10456 [ 3A05225B4172D0FA20107BD503A84681 ] TapiSrv
C:\Win
dows\System32\tapisrv.dll
16:39:32.0916 10456 Suspicious file (Forged): C:\Windows\System32\tapisrv.dll.
Real md5: 3A05225B4172D0FA20107BD503A84681, Fake md5: 40F0849F65D13EE87B9A9AE3C1
DD6823
16:39:32.0917 10456 TapiSrv ( ForgedFile.Multi.Generic ) - warning
16:39:32.0917 10456 TapiSrv - detected ForgedFile.Multi.Generic (1)
16:39:32.0953 10456 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS
C:\Win
dows\System32\tbssvc.dll
16:39:33.0089 10456 TBS - ok
16:39:33.0146 10456 [ C7CE09C1A058F0654866D19049232316 ] Tcpip
C:\Win
dows\system32\drivers\tcpip.sys
16:39:33.0249 10456 Suspicious file (Forged): C:\Windows\system32\drivers\tcpip
.sys. Real md5: C7CE09C1A058F0654866D19049232316, Fake md5: B62A953F2BF3922C8764
A29C34A22899
16:39:33.0255 10456 Tcpip ( ForgedFile.Multi.Generic ) - warning
16:39:33.0255 10456 Tcpip - detected ForgedFile.Multi.Generic (1)
16:39:33.0281 10456 [ C7CE09C1A058F0654866D19049232316 ] TCPIP6
C:\Win
dows\system32\DRIVERS\tcpip.sys
16:39:33.0298 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip
A29C34A22899
16:39:33.0303 10456 TCPIP6 ( ForgedFile.Multi.Generic ) - warning
16:39:33.0304 10456 TCPIP6 - detected ForgedFile.Multi.Generic (1)
16:39:33.0336 10456 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg
C:\Win
dows\system32\drivers\tcpipreg.sys
16:39:33.0443 10456 tcpipreg - ok
16:39:33.0480 10456 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE
C:\Win
dows\system32\drivers\tdpipe.sys
16:39:33.0576 10456 TDPIPE - ok
16:39:33.0586 10456 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP
C:\Win
dows\system32\drivers\tdtcp.sys
16:39:33.0633 10456 TDTCP - ok
16:39:33.0667 10456 [ 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A ] tdx
C:\Win
dows\system32\DRIVERS\tdx.sys
16:39:33.0689 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.s
ys. Real md5: 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A, Fake md5: DDAD5A7AB24D8B65F8D724
F5C20FD806
16:39:33.0689 10456 tdx ( ForgedFile.Multi.Generic ) - warning
16:39:33.0689 10456 tdx - detected ForgedFile.Multi.Generic (1)
16:39:33.0720 10456 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD
C:\Win
dows\system32\drivers\termdd.sys
16:39:33.0749 10456 TermDD - ok
16:39:33.0781 10456 [ 08D4C02950BB5DAD4FC126E2AF2AA66F ] TermService
C:\Win
dows\System32\termsrv.dll
16:39:33.0845 10456 Suspicious file (Forged): C:\Windows\System32\termsrv.dll.
Real md5: 08D4C02950BB5DAD4FC126E2AF2AA66F, Fake md5: 2E648163254233755035B46DD7
B89123
16:39:33.0847 10456 TermService ( ForgedFile.Multi.Generic ) - warning
16:39:33.0847 10456 TermService - detected ForgedFile.Multi.Generic (1)
16:39:33.0894 10456 [ F0344071948D1A1FA732231785A0664C ] Themes
C:\Win
dows\system32\themeservice.dll
16:39:34.0063 10456 Themes - ok
16:39:34.0129 10456 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER
C:\Win
16:39:34.0229 10456 THREADORDER - ok
16:39:34.0293 10456 [ 075F78AFFB479E0089DC0877EDFCF141 ] TmFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
o\OfficeScan Client\TmXPFlt.sys. Real md5: 075F78AFFB479E0089DC0877EDFCF141, Fak
e md5: 7473EE150FF40460166470B59A765091
16:39:34.0345 10456 TmFilter ( ForgedFile.Multi.Generic ) - warning
16:39:34.0345 10456 TmFilter - detected ForgedFile.Multi.Generic (1)
16:39:34.0412 10456 [ 44469AB6C1D3DAD5A1DD9E337464E67F ] tmlisten
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
o\OfficeScan Client\tmlisten.exe. Real md5: 44469AB6C1D3DAD5A1DD9E337464E67F, Fa
ke md5: 72FD200F1B49E83969D252E5EFF6B6D1
16:39:34.0478 10456 tmlisten ( ForgedFile.Multi.Generic ) - warning
16:39:34.0478 10456 tmlisten - detected ForgedFile.Multi.Generic (1)
16:39:34.0512 10456 [ 5E56A8E5436AB08C637C457A88524E87 ] TmPreFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
16:39:34.0537 10456 TmPreFilter - ok
16:39:34.0563 10456 [ F3FF1337A57E252C40E9EDABC4F1BB33 ] TmProxy
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
o\OfficeScan Client\TmProxy.exe. Real md5: F3FF1337A57E252C40E9EDABC4F1BB33, Fak
e md5: B55961FC9C78290F89538B4F932525B4
16:39:34.0688 10456 TmProxy ( ForgedFile.Multi.Generic ) - warning
16:39:34.0688 10456 TmProxy - detected ForgedFile.Multi.Generic (1)
16:39:34.0734 10456 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi
C:\Win
dows\system32\DRIVERS\tmtdi.sys
16:39:34.0830 10456 tmtdi - ok
16:39:34.0858 10456 [ 72434F76A48A4CAA82E9674DDB8229FC ] TrkWks
C:\Win
dows\System32\trkwks.dll
16:39:34.0895 10456 Suspicious file (Forged): C:\Windows\System32\trkwks.dll. R
eal md5: 72434F76A48A4CAA82E9674DDB8229FC, Fake md5: 7E7AFD841694F6AC397E99D75CE
AD49D
16:39:34.0896 10456 TrkWks ( ForgedFile.Multi.Generic ) - warning
16:39:34.0896 10456 TrkWks - detected ForgedFile.Multi.Generic (1)
16:39:34.0935 10456 [ 1823AD3A8B64356EEA654470565A0791 ] TrustedInstaller C:\Wi
ndows\servicing\TrustedInstaller.exe
16:39:34.0995 10456 Suspicious file (Forged): C:\Windows\servicing\TrustedInsta
ller.exe. Real md5: 1823AD3A8B64356EEA654470565A0791, Fake md5: 773212B2AAA24C1E
31F10246B15B276C
16:39:34.0996 10456 TrustedInstaller ( ForgedFile.Multi.Generic ) - warning
16:39:34.0996 10456 TrustedInstaller - detected ForgedFile.Multi.Generic (1)
16:39:35.0028 10456 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv
C:\Win
dows\system32\DRIVERS\tssecsrv.sys
16:39:35.0212 10456 tssecsrv - ok
16:39:35.0298 10456 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt
C:\Win
dows\system32\drivers\tsusbflt.sys
16:39:35.0430 10456 TsUsbFlt - ok
16:39:35.0459 10456 [ D99804343B53D8D25A5B97FC8266BDF3 ] tunnel
C:\Win
dows\system32\DRIVERS\tunnel.sys
16:39:35.0472 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tunne
l.sys. Real md5: D99804343B53D8D25A5B97FC8266BDF3, Fake md5: 3566A8DAAFA27AF944F
5D705EAA64894
16:39:35.0472 10456 tunnel ( ForgedFile.Multi.Generic ) - warning
16:39:35.0472 10456 tunnel - detected ForgedFile.Multi.Generic (1)
16:39:35.0506 10456 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35
C:\Win
dows\system32\DRIVERS\uagp35.sys
16:39:35.0531 10456 uagp35 - ok
16:39:35.0591 10456 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor
C:\Pro
gram Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:39:35.0657 10456 uCamMonitor - ok
16:39:35.0687 10456 [ BF738E1E02E9B04AF982F237D486512A ] udfs
C:\Win
dows\system32\DRIVERS\udfs.sys
16:39:35.0738 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\udfs.
sys. Real md5: BF738E1E02E9B04AF982F237D486512A, Fake md5: FF4232A1A64012BAA1FD9
7C7B67DF593
16:39:35.0739 10456 udfs ( ForgedFile.Multi.Generic ) - warning
16:39:35.0739 10456 udfs - detected ForgedFile.Multi.Generic (1)
16:39:35.0791 10456 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect
C:\Win
dows\system32\UI0Detect.exe
16:39:35.0860 10456 UI0Detect - ok
16:39:35.0891 10456 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx
C:\Win
dows\system32\drivers\uliagpkx.sys
16:39:35.0927 10456 uliagpkx - ok
16:39:35.0977 10456 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus
C:\Win
dows\system32\drivers\umbus.sys
16:39:36.0110 10456 umbus - ok
16:39:36.0155 10456 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass
C:\Win
dows\system32\DRIVERS\umpass.sys
16:39:36.0238 10456 UmPass - ok
16:39:36.0259 10456 [ 015FD40C79EACFEA2A26BF80C3280749 ] upnphost
C:\Win
dows\System32\upnphost.dll
16:39:36.0302 10456 Suspicious file (Forged): C:\Windows\System32\upnphost.dll.
Real md5: 015FD40C79EACFEA2A26BF80C3280749, Fake md5: D47EC6A8E81633DD18D2436B1
9BAF6DE
16:39:36.0303 10456 upnphost ( ForgedFile.Multi.Generic ) - warning
16:39:36.0303 10456 upnphost - detected ForgedFile.Multi.Generic (1)
16:39:36.0343 10456 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64
C:\Win
dows\system32\Drivers\usbaapl64.sys
16:39:36.0459 10456 USBAAPL64 - ok
16:39:36.0489 10456 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio
C:\Win
dows\system32\drivers\usbaudio.sys
16:39:36.0549 10456 usbaudio - ok
16:39:36.0589 10456 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp
C:\Win
dows\system32\DRIVERS\usbccgp.sys
16:39:36.0695 10456 usbccgp - ok
16:39:36.0749 10456 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir
C:\Win
dows\system32\drivers\usbcir.sys
16:39:36.0866 10456 usbcir - ok
16:39:36.0909 10456 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci
C:\Win
dows\system32\DRIVERS\usbehci.sys
16:39:36.0977 10456 usbehci - ok
16:39:37.0004 10456 [ 3C75F8040BD7DE4A57BF2187C8AD9F4D ] usbhub
C:\Win
dows\system32\DRIVERS\usbhub.sys
16:39:37.0043 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbhu
b.sys. Real md5: 3C75F8040BD7DE4A57BF2187C8AD9F4D, Fake md5: 287C6C9410B111B68B5
2CA298F7B8C24
16:39:37.0044 10456 usbhub ( ForgedFile.Multi.Generic ) - warning
16:39:37.0044 10456 usbhub - detected ForgedFile.Multi.Generic (1)
16:39:37.0064 10456 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci

C:\Win
dows\system32\drivers\usbohci.sys
16:39:37.0112 10456 usbohci - ok
16:39:37.0159 10456 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint
C:\Win
dows\system32\DRIVERS\usbprint.sys
16:39:37.0259 10456 usbprint - ok
16:39:37.0297 10456 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR
C:\Win
dows\system32\DRIVERS\USBSTOR.SYS
16:39:37.0415 10456 USBSTOR - ok
16:39:37.0458 10456 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci
C:\Win
dows\system32\DRIVERS\usbuhci.sys
16:39:37.0568 10456 usbuhci - ok
16:39:37.0710 10456 [ 99790D6ACC90A801967685915E8E7440 ] usbvideo
C:\Win
dows\system32\Drivers\usbvideo.sys
16:39:37.0883 10456 Suspicious file (Forged): C:\Windows\system32\Drivers\usbvi
deo.sys. Real md5: 99790D6ACC90A801967685915E8E7440, Fake md5: 454800C2BC7F3927C
E030141EE4F4C50
16:39:37.0892 10456 usbvideo ( ForgedFile.Multi.Generic ) - warning
16:39:37.0892 10456 usbvideo - detected ForgedFile.Multi.Generic (1)
16:39:37.0923 10456 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms
C:\Win
dows\System32\uxsms.dll
16:39:38.0103 10456 UxSms - ok
16:39:38.0183 10456 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV
Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO
Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHar
dwareResourceManager.exe
16:39:38.0273 10456 VAIO Entertainment TV Device Arbitration Service ( Unsigned
File.Multi.Generic ) - warning
16:39:38.0291 10456 VAIO Entertainment TV Device Arbitration Service - detected
UnsignedFile.Multi.Generic (1)
16:39:38.0338 10456 [ D7676B939E352C6E95CCFAA0FEAA1CFD ] VAIO Event Service C:\
Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
16:39:38.0379 10456 Suspicious file (Forged): C:\Program Files (x86)\Sony\VAIO
Event Service\VESMgr.exe. Real md5: D7676B939E352C6E95CCFAA0FEAA1CFD, Fake md5:
D4197CF0C8567046FD4AF28FF47AF528
16:39:38.0380 10456 VAIO Event Service ( ForgedFile.Multi.Generic ) - warning
16:39:38.0380 10456 VAIO Event Service - detected ForgedFile.Multi.Generic (1)
16:39:38.0440 10456 [ 82E50C245DC7C15204D2E585D199E4C9 ] VAIO Power Management
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
16:39:38.0472 10456 Suspicious file (Forged): C:\Program Files\Sony\VAIO Power
Management\SPMService.exe. Real md5: 82E50C245DC7C15204D2E585D199E4C9, Fake md5:
2D6605C1F0BBD0F71A4CB3A5B1E07240
16:39:38.0473 10456 VAIO Power Management ( ForgedFile.Multi.Generic ) - warnin
g
16:39:38.0473 10456 VAIO Power Management - detected ForgedFile.Multi.Generic (
1)
16:39:38.0516 10456 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc
C:\Win
16:39:38.0545 10456 VaultSvc - ok
16:39:38.0575 10456 [ E8C8FFE8AF04E0F12AB4A383399DE0AD ] VCFw
C:\Pro
gram Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
es\Sony Shared\VAIO Content Folder Watcher\VCFw.exe. Real md5: E8C8FFE8AF04E0F12
AB4A383399DE0AD, Fake md5: 06FE5BEDDADB158D84E6DE33CBE19F3E
16:39:38.0709 10456 VCFw ( ForgedFile.Multi.Generic ) - warning
16:39:38.0709 10456 VCFw - detected ForgedFile.Multi.Generic (1)
16:39:38.0764 10456 [ 2344BFA2C0F516B85A9DC89C1D0DC288 ] VcmIAlzMgr
C:\Pro
gram Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
16:39:38.0783 10456 Suspicious file (Forged): C:\Program Files\Sony\VCM Intelli
gent Analyzing Manager\VcmIAlzMgr.exe. Real md5: 2344BFA2C0F516B85A9DC89C1D0DC28
8, Fake md5: 34063C0B842E73662067F9B03947C55C

16:39:38.0784 10456 VcmIAlzMgr ( ForgedFile.Multi.Generic ) - warning
16:39:38.0784 10456 VcmIAlzMgr - detected ForgedFile.Multi.Generic (1)
16:39:38.0802 10456 [ A9C61176B5F0EF971A2841FDD046E298 ] VcmINSMgr
C:\Pro
gram Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
gent Network Service Manager\VcmINSMgr.exe. Real md5: A9C61176B5F0EF971A2841FDD0
46E298, Fake md5: A8F5D1651A324ABC6C308891A1252EE3
16:39:38.0818 10456 VcmINSMgr ( ForgedFile.Multi.Generic ) - warning
16:39:38.0818 10456 VcmINSMgr - detected ForgedFile.Multi.Generic (1)
16:39:38.0860 10456 [ DB544B487F360128DC1C383E0A6FCC2F ] VcmXmlIfHelper C:\Pro
gram Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
16:39:38.0936 10456 VcmXmlIfHelper - ok
16:39:38.0939 10456 Vcsw - ok
16:39:38.0992 10456 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot
C:\Win
dows\system32\drivers\vdrvroot.sys
16:39:39.0043 10456 vdrvroot - ok
16:39:39.0078 10456 [ C947B368975791BA3D8DCC65F9A65F6E ] vds
C:\Win
dows\System32\vds.exe
16:39:39.0115 10456 Suspicious file (Forged): C:\Windows\System32\vds.exe. Real
md5: C947B368975791BA3D8DCC65F9A65F6E, Fake md5: 8D6B481601D01A456E75C3210F1830
BE
16:39:39.0116 10456 vds ( ForgedFile.Multi.Generic ) - warning
16:39:39.0116 10456 vds - detected ForgedFile.Multi.Generic (1)
16:39:39.0149 10456 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga
C:\Win
dows\system32\DRIVERS\vgapnp.sys
16:39:39.0235 10456 vga - ok
16:39:39.0273 10456 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave
C:\Win
dows\System32\drivers\vga.sys
16:39:39.0435 10456 VgaSave - ok
16:39:39.0469 10456 [ F273AE7DF195873B02D35BC9C364F391 ] vhdmp
C:\Win
dows\system32\drivers\vhdmp.sys
16:39:39.0511 10456 Suspicious file (Forged): C:\Windows\system32\drivers\vhdmp
.sys. Real md5: F273AE7DF195873B02D35BC9C364F391, Fake md5: 2CE2DF28C83AEAF30084
E1B1EB253CBB
16:39:39.0511 10456 vhdmp ( ForgedFile.Multi.Generic ) - warning
16:39:39.0511 10456 vhdmp - detected ForgedFile.Multi.Generic (1)
16:39:39.0550 10456 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide
C:\Win
dows\system32\drivers\viaide.sys
16:39:39.0605 10456 viaide - ok
16:39:39.0658 10456 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr
C:\Win
dows\system32\drivers\volmgr.sys
16:39:39.0678 10456 volmgr - ok
16:39:39.0712 10456 [ EED4A4371FA68DD36706BD5EA3B92E56 ] volmgrx
C:\Win
dows\system32\drivers\volmgrx.sys
16:39:39.0729 10456 Suspicious file (Forged): C:\Windows\system32\drivers\volmg
rx.sys. Real md5: EED4A4371FA68DD36706BD5EA3B92E56, Fake md5: A255814907C89BE58B
79EF2F189B843B
16:39:39.0729 10456 volmgrx ( ForgedFile.Multi.Generic ) - warning
16:39:39.0729 10456 volmgrx - detected ForgedFile.Multi.Generic (1)
16:39:39.0753 10456 [ 684E4A3CB099DAF06A9A03669D74B367 ] volsnap
C:\Win
dows\system32\drivers\volsnap.sys
16:39:39.0792 10456 Suspicious file (Forged): C:\Windows\system32\drivers\volsn
ap.sys. Real md5: 684E4A3CB099DAF06A9A03669D74B367, Fake md5: 0D08D2F3B3FF84E433
346669B5E0F639
16:39:39.0793 10456 volsnap ( ForgedFile.Multi.Generic ) - warning
16:39:39.0793 10456 volsnap - detected ForgedFile.Multi.Generic (1)
16:39:39.0857 10456 [ 56905A2F1227AF3B2269D34C00F7EF1B ] VSApiNt
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
o\OfficeScan Client\VSApiNt.sys. Real md5: 56905A2F1227AF3B2269D34C00F7EF1B, Fak

e md5: B7435B80F795229296D3E1DEFC2A42BE
16:39:39.0964 10456 VSApiNt ( ForgedFile.Multi.Generic ) - warning
16:39:39.0964 10456 VSApiNt - detected ForgedFile.Multi.Generic (1)
16:39:40.0002 10456 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid
C:\Win
dows\system32\DRIVERS\vsmraid.sys
16:39:40.0039 10456 vsmraid - ok
16:39:40.0077 10456 [ F280E882CBE895379B08A970439F9F54 ] VSNService
C:\Pro
gram Files\Sony\VAIO Smart Network\VSNService.exe
16:39:40.0142 10456 Suspicious file (Forged): C:\Program Files\Sony\VAIO Smart
Network\VSNService.exe. Real md5: F280E882CBE895379B08A970439F9F54, Fake md5: E9
638E51373D527E22438B80126B64F9
16:39:40.0143 10456 VSNService ( ForgedFile.Multi.Generic ) - warning
16:39:40.0143 10456 VSNService - detected ForgedFile.Multi.Generic (1)
16:39:40.0183 10456 [ B3FF4C44A8D6671BBEDCE561A877A9D5 ] VSS
C:\Win
dows\system32\vssvc.exe
16:39:40.0288 10456 Suspicious file (Forged): C:\Windows\system32\vssvc.exe. Re
al md5: B3FF4C44A8D6671BBEDCE561A877A9D5, Fake md5: B60BA0BC31B0CB414593E169F6F2
1CC2
16:39:40.0293 10456 VSS ( ForgedFile.Multi.Generic ) - warning
16:39:40.0293 10456 VSS - detected ForgedFile.Multi.Generic (1)
16:39:40.0398 10456 [ 758404B2D693B9DA599C0A3E81932D91 ] vToolbarUpdater15.2.0
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\Too
lbarUpdater.exe
es\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe. Real md5: 758404
B2D693B9DA599C0A3E81932D91, Fake md5: 4B817450226F93C31ADD5BCC27FED27A
16:39:40.0528 10456 vToolbarUpdater15.2.0 ( ForgedFile.Multi.Generic ) - warnin
g
16:39:40.0528 10456 vToolbarUpdater15.2.0 - detected ForgedFile.Multi.Generic (
1)
16:39:40.0565 10456 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus
C:\Win
dows\system32\DRIVERS\vwifibus.sys
16:39:40.0650 10456 vwifibus - ok
16:39:40.0696 10456 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt
C:\Win
dows\system32\DRIVERS\vwififlt.sys
16:39:40.0787 10456 vwififlt - ok
16:39:40.0832 10456 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp
C:\Win
dows\system32\DRIVERS\vwifimp.sys
16:39:40.0897 10456 vwifimp - ok
16:39:40.0961 10456 [ B050C170017B7FC0D3C4797706A0B776 ] VzCdbSvc
C:\Pro
gram Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCd
bSvc.exe
es\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe. Real md5: B050C17
0017B7FC0D3C4797706A0B776, Fake md5: D8BEF4AC1EAC809DBDBD441D6CFF6C4C
16:39:40.0989 10456 VzCdbSvc ( ForgedFile.Multi.Generic ) - warning
16:39:40.0989 10456 VzCdbSvc - detected ForgedFile.Multi.Generic (1)
16:39:41.0018 10456 [ 8196C95E5740C671891CB9E538247E8C ] W32Time
C:\Win
dows\system32\w32time.dll
16:39:41.0048 10456 Suspicious file (Forged): C:\Windows\system32\w32time.dll.
Real md5: 8196C95E5740C671891CB9E538247E8C, Fake md5: 1C9D80CC3849B3788048078C26
486E1A
16:39:41.0050 10456 W32Time ( ForgedFile.Multi.Generic ) - warning
16:39:41.0050 10456 W32Time - detected ForgedFile.Multi.Generic (1)
16:39:41.0101 10456 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen
C:\Win
dows\system32\DRIVERS\wacompen.sys
16:39:41.0178 10456 WacomPen - ok
16:39:41.0222 10456 [ 356AFD78A6ED4457169241AC3965230C ] WANARP
C:\Win
dows\system32\DRIVERS\wanarp.sys
16:39:41.0394 10456 WANARP - ok

16:39:41.0439 10456 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6
C:\Win
16:39:41.0544 10456 Wanarpv6 - ok
16:39:41.0590 10456 [ A8FD7C75729256076702792BDCC3863E ] WatAdminSvc
C:\Win
dows\system32\Wat\WatAdminSvc.exe
16:39:41.0672 10456 Suspicious file (Forged): C:\Windows\system32\Wat\WatAdminS
vc.exe. Real md5: A8FD7C75729256076702792BDCC3863E, Fake md5: 3CEC96DE223E49EAAE
3651FCF8FAEA6C
16:39:41.0676 10456 WatAdminSvc ( ForgedFile.Multi.Generic ) - warning
16:39:41.0676 10456 WatAdminSvc - detected ForgedFile.Multi.Generic (1)
16:39:41.0715 10456 [ 5256A6D3FC641504ED0A6F78807B1DBB ] wbengine
C:\Win
dows\system32\wbengine.exe
16:39:41.0796 10456 Suspicious file (Forged): C:\Windows\system32\wbengine.exe.
Real md5: 5256A6D3FC641504ED0A6F78807B1DBB, Fake md5: 78F4E7F5C56CB9716238EB57D
A4B6A75
16:39:41.0801 10456 wbengine ( ForgedFile.Multi.Generic ) - warning
16:39:41.0801 10456 wbengine - detected ForgedFile.Multi.Generic (1)
16:39:41.0834 10456 [ B12609FDC2C8766BBBAD14A0F1ABC2FE ] WbioSrvc
C:\Win
dows\System32\wbiosrvc.dll
16:39:41.0851 10456 Suspicious file (Forged): C:\Windows\System32\wbiosrvc.dll.
Real md5: B12609FDC2C8766BBBAD14A0F1ABC2FE, Fake md5: 3AA101E8EDAB2DB4131333F43
25C76A3
16:39:41.0851 10456 WbioSrvc ( ForgedFile.Multi.Generic ) - warning
16:39:41.0851 10456 WbioSrvc - detected ForgedFile.Multi.Generic (1)
16:39:41.0868 10456 [ F87B640172C16239D3F4C5762A665AF0 ] wcncsvc
C:\Win
dows\System32\wcncsvc.dll
16:39:41.0906 10456 Suspicious file (Forged): C:\Windows\System32\wcncsvc.dll.
Real md5: F87B640172C16239D3F4C5762A665AF0, Fake md5: 7368A2AFD46E5A4481D1DE9D14
848EDD
16:39:41.0908 10456 wcncsvc ( ForgedFile.Multi.Generic ) - warning
16:39:41.0908 10456 wcncsvc - detected ForgedFile.Multi.Generic (1)
16:39:41.0924 10456 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Wi
ndows\System32\WcsPlugInService.dll
16:39:42.0013 10456 WcsPlugInService - ok
16:39:42.0048 10456 [ 72889E16FF12BA0F235467D6091B17DC ] Wd
C:\Win
dows\system32\DRIVERS\wd.sys
16:39:42.0065 10456 Wd - ok
16:39:42.0112 10456 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM
C:\Win
dows\system32\DRIVERS\wdcsam64.sys
16:39:42.0203 10456 WDC_SAM - ok
16:39:42.0245 10456 [ D5490C8CA364A67AD46BC77A212ECF0E ] Wdf01000
C:\Win
dows\system32\drivers\Wdf01000.sys
16:39:42.0301 10456 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01
000.sys. Real md5: D5490C8CA364A67AD46BC77A212ECF0E, Fake md5: 442783E2CB0DA1987
3B7A63833FF4CB4
16:39:42.0303 10456 Wdf01000 ( ForgedFile.Multi.Generic ) - warning
16:39:42.0303 10456 Wdf01000 - detected ForgedFile.Multi.Generic (1)
16:39:42.0345 10456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Win
dows\system32\wdi.dll
16:39:42.0534 10456 WdiServiceHost - ok
16:39:42.0620 10456 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Win
16:39:42.0677 10456 WdiSystemHost - ok
16:39:42.0714 10456 [ 10E51E4DC536BBE7CCE80D852585860E ] WebClient
C:\Win
dows\System32\webclnt.dll
16:39:42.0752 10456 Suspicious file (Forged): C:\Windows\System32\webclnt.dll.
Real md5: 10E51E4DC536BBE7CCE80D852585860E, Fake md5: 3DB6D04E1C64272F8B14EB8BC4
616280
16:39:42.0753 10456 WebClient ( ForgedFile.Multi.Generic ) - warning
16:39:42.0753 10456 WebClient - detected ForgedFile.Multi.Generic (1)

16:39:42.0776 10456 [ 05E5A05F373C3DA1AE7488A7C2338D37 ] Wecsvc
C:\Win
dows\system32\wecsvc.dll
16:39:42.0799 10456 Suspicious file (Forged): C:\Windows\system32\wecsvc.dll. R
eal md5: 05E5A05F373C3DA1AE7488A7C2338D37, Fake md5: C749025A679C5103E575E3B48E0
92C43
16:39:42.0799 10456 Wecsvc ( ForgedFile.Multi.Generic ) - warning
16:39:42.0799 10456 Wecsvc - detected ForgedFile.Multi.Generic (1)
16:39:42.0827 10456 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Win
dows\System32\wercplsupport.dll
16:39:43.0153 10456 wercplsupport - ok
16:39:43.0217 10456 [ 6D137963730144698CBD10F202E9F251 ] WerSvc
C:\Win
dows\System32\WerSvc.dll
16:39:43.0469 10456 WerSvc - ok
16:39:43.0527 10456 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf
C:\Win
dows\system32\DRIVERS\wfplwf.sys
16:39:43.0668 10456 WfpLwf - ok
16:39:43.0707 10456 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount
C:\Win
dows\system32\drivers\wimmount.sys
16:39:43.0738 10456 WIMMount - ok
16:39:43.0776 10456 WinDefend - ok
16:39:43.0799 10456 WinHttpAutoProxySvc - ok
16:39:43.0833 10456 [ 689CB8A9930F9D6F3838F751619FA22F ] Winmgmt
C:\Win
dows\system32\wbem\WMIsvc.dll
16:39:43.0857 10456 Suspicious file (Forged): C:\Windows\system32\wbem\WMIsvc.d
ll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: 19B07E7E8915D701225DA4
1CB3877306
16:39:43.0857 10456 Winmgmt ( ForgedFile.Multi.Generic ) - warning
16:39:43.0857 10456 Winmgmt - detected ForgedFile.Multi.Generic (1)
16:39:43.0903 10456 [ 6B41F54D52A852D9E58151DCCF762C50 ] WinRM
C:\Win
dows\system32\WsmSvc.dll
16:39:44.0100 10456 Suspicious file (Forged): C:\Windows\system32\WsmSvc.dll. R
eal md5: 6B41F54D52A852D9E58151DCCF762C50, Fake md5: BCB1310604AA415C4508708975B
3931E
16:39:44.0105 10456 WinRM ( ForgedFile.Multi.Generic ) - warning
16:39:44.0106 10456 WinRM - detected ForgedFile.Multi.Generic (1)
16:39:44.0170 10456 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb
C:\Win
dows\system32\DRIVERS\WinUsb.sys
16:39:44.0290 10456 WinUsb - ok
16:39:44.0347 10456 [ 20D7E63F02281DD42F40B446279A13F2 ] Wlansvc
C:\Win
dows\System32\wlansvc.dll
16:39:44.0368 10456 Suspicious file (Forged): C:\Windows\System32\wlansvc.dll.
Real md5: 20D7E63F02281DD42F40B446279A13F2, Fake md5: 4FADA86E62F18A1B2F42BA18AE
24E6AA
16:39:44.0370 10456 Wlansvc ( ForgedFile.Multi.Generic ) - warning
16:39:44.0370 10456 Wlansvc - detected ForgedFile.Multi.Generic (1)
16:39:44.0412 10456 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi
C:\Win
dows\system32\drivers\wmiacpi.sys
16:39:44.0562 10456 WmiAcpi - ok
16:39:44.0608 10456 [ E704EB19C459B4FB9CDF0200A54D07BA ] wmiApSrv
C:\Win
dows\system32\wbem\WmiApSrv.exe
16:39:44.0628 10456 Suspicious file (Forged): C:\Windows\system32\wbem\WmiApSrv
.exe. Real md5: E704EB19C459B4FB9CDF0200A54D07BA, Fake md5: 38B84C94C5A8AF291ADF
EA478AE54F93
16:39:44.0629 10456 wmiApSrv ( ForgedFile.Multi.Generic ) - warning
16:39:44.0629 10456 wmiApSrv - detected ForgedFile.Multi.Generic (1)
16:39:44.0667 10456 WMPNetworkSvc - ok
16:39:44.0706 10456 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc
C:\Win
dows\System32\wpcsvc.dll
16:39:44.0830 10456 WPCSvc - ok
16:39:44.0870 10456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum

C:\Win
dows\system32\wpdbusenum.dll
16:39:44.0939 10456 WPDBusEnum - ok
16:39:44.0984 10456 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl
C:\Win
dows\system32\drivers\ws2ifsl.sys
16:39:45.0137 10456 ws2ifsl - ok
16:39:45.0176 10456 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc
C:\Win
dows\System32\wscsvc.dll
16:39:45.0295 10456 wscsvc - ok
16:39:45.0300 10456 WSearch - ok
16:39:45.0350 10456 [ C2AA7A6E955F3B83FAC30F2728C46C3E ] wuauserv
C:\Win
dows\system32\wuaueng.dll
16:39:45.0433 10456 Suspicious file (Forged): C:\Windows\system32\wuaueng.dll.
Real md5: C2AA7A6E955F3B83FAC30F2728C46C3E, Fake md5: D9EF901DCA379CFE914E9FA13B
73B4C4
16:39:45.0447 10456 wuauserv ( ForgedFile.Multi.Generic ) - warning
16:39:45.0447 10456 wuauserv - detected ForgedFile.Multi.Generic (1)
16:39:45.0482 10456 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf
C:\Win
dows\system32\drivers\WudfPf.sys
16:39:45.0641 10456 WudfPf - ok
16:39:45.0679 10456 [ 66E6E5621E341FF0BB2B2CBFA3CFF68C ] WUDFRd
C:\Win
dows\system32\DRIVERS\WUDFRd.sys
16:39:45.0694 10456 Suspicious file (Forged): C:\Windows\system32\DRIVERS\WUDFR
d.sys. Real md5: 66E6E5621E341FF0BB2B2CBFA3CFF68C, Fake md5: DDA4CAF29D8C0A297F8
86BFE561E6659
16:39:45.0695 10456 WUDFRd ( ForgedFile.Multi.Generic ) - warning
16:39:45.0695 10456 WUDFRd - detected ForgedFile.Multi.Generic (1)
16:39:45.0723 10456 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc
C:\Win
dows\System32\WUDFSvc.dll
16:39:45.0873 10456 wudfsvc - ok
16:39:45.0915 10456 [ 63FF779A3108E00301D2A99644432D71 ] WwanSvc
C:\Win
dows\System32\wwansvc.dll
16:39:45.0955 10456 Suspicious file (Forged): C:\Windows\System32\wwansvc.dll.
Real md5: 63FF779A3108E00301D2A99644432D71, Fake md5: FE90B750AB808FB9DD8FBB428B
5FF83B
16:39:45.0956 10456 WwanSvc ( ForgedFile.Multi.Generic ) - warning
16:39:45.0956 10456 WwanSvc - detected ForgedFile.Multi.Generic (1)
16:39:46.0090 10456 [ 0923939BC1C4B802365F24E87C9A0F66 ] YouTubeDownloaderConve
rter C:\Users\EdgeTouchscreen\AppData\Roaming\GVU Technologies\Free YouTube Down
loader Converter\CertifiedBrowserService.exe
16:39:46.0221 10456 YouTubeDownloaderConverter ( UnsignedFile.Multi.Generic ) warning
16:39:46.0222 10456 YouTubeDownloaderConverter - detected UnsignedFile.Multi.Ge
neric (1)
16:39:46.0267 10456 ================ Scan global ==============================
=
16:39:46.0301 10456 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\ba
sesrv.dll
16:39:46.0328 10456 [ F4EE8F6FE52ED378A0853D160E5F4607 ] C:\Windows\system32\wi
nsrv.dll
16:39:46.0370 10456 Suspicious file (Forged): C:\Windows\system32\winsrv.dll. R
eal md5: F4EE8F6FE52ED378A0853D160E5F4607, Fake md5: 0C27239FEA4DB8A2AAC9E502186
B7264
nsrv.dll
B7264
16:39:46.0418 10456 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sx
ssrv.dll
16:39:46.0463 10456 [ FFBE62C7CFA81689A3EFDF9C9072D47C ] C:\Windows\system32\se

rvices.exe
16:39:46.0474 10456 Suspicious file (Forged): C:\Windows\system32\services.exe.
Real md5: FFBE62C7CFA81689A3EFDF9C9072D47C, Fake md5: 24ACB7E5BE595468E3B9AA488
B9B4FCB
16:39:46.0475 10456 [Global] - ok
16:39:46.0475 10456 ================ Scan MBR =================================
=
16:39:46.0486 10456 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:39:46.0667 10456 \Device\Harddisk0\DR0 - ok
16:39:46.0667 10456 ================ Scan VBR =================================
=
16:39:46.0669 10456 [ 0621CBB711A03DC6FA70280A1716247D ] \Device\Harddisk0\DR0\
Partition1
16:39:46.0670 10456 \Device\Harddisk0\DR0\Partition1 - ok
16:39:46.0687 10456 [ E667434EBB7EABD94225B79F31BF6948 ] \Device\Harddisk0\DR0\
Partition2
16:39:46.0689 10456 ===========================================================
=
16:39:46.0689 10456 Scan finished
16:39:46.0689 10456 ===========================================================
=
16:39:46.0701 11072 Detected object count: 186
16:39:46.0702 11072 Actual detected object count: 186
16:40:12.0921 11072 1394ohci ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0932 11072 1394ohci ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0934 11072 ACPI ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0934 11072 ACPI ( ForgedFile.Multi.Generic ) - User select action: Ski
p
16:40:12.0935 11072 AdobeActiveFileMonitor7.0 ( ForgedFile.Multi.Generic ) - sk
ipped by user
16:40:12.0936 11072 AdobeActiveFileMonitor7.0 ( ForgedFile.Multi.Generic ) - Us
er select action: Skip
16:40:12.0937 11072 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - sk
ipped by user
16:40:12.0937 11072 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - Us
16:40:12.0938 11072 adp94xx ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0938 11072 adp94xx ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0940 11072 adpahci ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0940 11072 adpahci ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0942 11072 adpu320 ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0943 11072 adpu320 ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0945 11072 AFD ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0946 11072 AFD ( ForgedFile.Multi.Generic ) - User select action: Skip
16:40:12.0947
16:40:12.0947
kip
16:40:12.0948
16:40:12.0948
p
16:40:12.0950
by user
16:40:12.0950
11072 amdsbs ( ForgedFile.Multi.Generic ) - skipped by user

11072 amdsbs ( ForgedFile.Multi.Generic ) - User select action: S
11072 athr ( ForgedFile.Multi.Generic ) - skipped by user
11072 athr ( ForgedFile.Multi.Generic ) - User select action: Ski
11072 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - skipped
11072 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - User se
lect action: Skip

16:40:12.0951 11072
16:40:12.0951 11072
Skip
16:40:12.0953 11072
16:40:12.0953 11072
Skip
16:40:12.0954 11072
16:40:12.0954 11072
Skip
16:40:12.0955 11072
16:40:12.0955 11072
Skip
16:40:12.0957 11072
16:40:12.0957 11072
AudioSrv ( ForgedFile.Multi.Generic ) - skipped by user

AudioSrv ( ForgedFile.Multi.Generic ) - User select action:
AVerAVF2 ( ForgedFile.Multi.Generic ) - skipped by user
AVerAVF2 ( ForgedFile.Multi.Generic ) - User select action:
b06bdrv ( ForgedFile.Multi.Generic ) - skipped by user
b06bdrv ( ForgedFile.Multi.Generic ) - User select action:
b57nd60a ( ForgedFile.Multi.Generic ) - skipped by user
b57nd60a ( ForgedFile.Multi.Generic ) - User select action:
BFE ( ForgedFile.Multi.Generic ) - skipped by user
BFE ( ForgedFile.Multi.Generic ) - User select action: Skip
16:40:12.0960 11072 BITS ( ForgedFile.Multi.Generic ) - skipped by user

16:40:12.0960 11072 BITS ( ForgedFile.Multi.Generic ) - User select action: Ski
p
16:40:12.0961 11072 Bonjour Service ( ForgedFile.Multi.Generic ) - skipped by u
ser
16:40:12.0961 11072 Bonjour Service ( ForgedFile.Multi.Generic ) - User select
action: Skip
16:40:12.0964 11072 Browser ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0964 11072 Browser ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0965 11072 Brserid ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0966 11072 Brserid ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0967 11072 BTHPORT ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0967 11072 BTHPORT ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0968 11072 btwavdt ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0969 11072 btwavdt ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0970 11072 btwdins ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0970 11072 btwdins ( ForgedFile.Multi.Generic ) - User select action:
Skip
16:40:12.0971 11072 cdrom ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0971 11072 cdrom ( ForgedFile.Multi.Generic ) - User select action: Sk
ip
16:40:12.0973 11072 CLFS ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0973 11072 CLFS ( ForgedFile.Multi.Generic ) - User select action: Ski
p
- skipped by user
- User select action: Skip
- skipped by user
16:40:12.0981 11072 CNG ( ForgedFile.Multi.Generic ) - skipped by user
16:40:12.0981 11072 CNG ( ForgedFile.Multi.Generic ) - User select action: Skip
16:40:12.0982
16:40:12.0983
Skip
16:40:12.0984
16:40:12.0984
11072 CryptSvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 CryptSvc ( ForgedFile.Multi.Generic ) - User select action:
11072 DcomLaunch ( ForgedFile.Multi.Generic ) - skipped by user
11072 DcomLaunch ( ForgedFile.Multi.Generic ) - User select actio
n: Skip
16:40:12.0985
16:40:12.0985
: Skip
16:40:12.0987
16:40:12.0987
p
16:40:12.0988
16:40:12.0988
Skip
16:40:12.0989
16:40:12.0990
Skip
16:40:12.0993
16:40:12.0993
16:40:12.0994
16:40:12.0995
Skip
16:40:12.0997
16:40:12.0997
n: Skip
16:40:12.0999
16:40:12.0999
ip
16:40:13.0000
16:40:13.0000
Skip
16:40:13.0001
16:40:13.0002
Skip
16:40:13.0003
16:40:13.0003
Skip
16:40:13.0004
16:40:13.0005
on: Skip
16:40:13.0007
16:40:13.0007
ip
16:40:13.0010
16:40:13.0010
Skip
16:40:13.0011
16:40:13.0011
11072 defragsvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 defragsvc ( ForgedFile.Multi.Generic ) - User select action
11072 Dhcp ( ForgedFile.Multi.Generic ) - skipped by user
11072 Dhcp ( ForgedFile.Multi.Generic ) - User select action: Ski
11072 Dnscache ( ForgedFile.Multi.Generic ) - skipped by user
11072 Dnscache ( ForgedFile.Multi.Generic ) - User select action:
11072 dot3svc ( ForgedFile.Multi.Generic ) - skipped by user
11072 dot3svc ( ForgedFile.Multi.Generic ) - User select action:
11072 DPS ( ForgedFile.Multi.Generic ) - skipped by user
11072 DPS ( ForgedFile.Multi.Generic ) - User select action: Skip
11072 DXGKrnl ( ForgedFile.Multi.Generic ) - skipped by user
11072 DXGKrnl ( ForgedFile.Multi.Generic ) - User select action:
11072 e1yexpress ( ForgedFile.Multi.Generic ) - skipped by user
11072 e1yexpress ( ForgedFile.Multi.Generic ) - User select actio
11072 ebdrv ( ForgedFile.Multi.Generic ) - skipped by user
11072 ebdrv ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 ehRecvr ( ForgedFile.Multi.Generic ) - skipped by user
11072 ehRecvr ( ForgedFile.Multi.Generic ) - User select action:
11072 ehSched ( ForgedFile.Multi.Generic ) - skipped by user
11072 ehSched ( ForgedFile.Multi.Generic ) - User select action:
11072 elxstor ( ForgedFile.Multi.Generic ) - skipped by user
11072 elxstor ( ForgedFile.Multi.Generic ) - User select action:
11072 EventSystem ( ForgedFile.Multi.Generic ) - skipped by user
11072 EventSystem ( ForgedFile.Multi.Generic ) - User select acti
11072 exfat ( ForgedFile.Multi.Generic ) - skipped by user
11072 exfat ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 fastfat ( ForgedFile.Multi.Generic ) - skipped by user
11072 fastfat ( ForgedFile.Multi.Generic ) - User select action:
11072 Fax ( ForgedFile.Multi.Generic ) - skipped by user
11072 Fax ( ForgedFile.Multi.Generic ) - User select action: Skip
16:40:13.0015 11072 FLEXnet Licensing Service ( ForgedFile.Multi.Generic ) - sk

ipped by user
16:40:13.0015 11072 FLEXnet Licensing Service ( ForgedFile.Multi.Generic ) - Us
16:40:13.0016 11072 FltMgr ( ForgedFile.Multi.Generic ) - skipped by user
16:40:13.0016 11072 FltMgr ( ForgedFile.Multi.Generic ) - User select action: S
kip
16:40:13.0018 11072 FontCache ( ForgedFile.Multi.Generic ) - skipped by user
16:40:13.0018 11072 FontCache ( ForgedFile.Multi.Generic ) - User select action
: Skip
16:40:13.0021 11072 fvevol ( ForgedFile.Multi.Generic ) - skipped by user
16:40:13.0021 11072 fvevol ( ForgedFile.Multi.Generic ) - User select action: S
kip
16:40:13.0022 11072 gpsvc ( ForgedFile.Multi.Generic ) - skipped by user
16:40:13.0022 11072
ip
16:40:13.0023 11072
16:40:13.0023 11072
Skip
16:40:13.0028 11072
16:40:13.0029 11072
Skip
16:40:13.0032 11072
16:40:13.0032 11072
ip
16:40:13.0033 11072
ser
16:40:13.0033 11072
action: Skip
16:40:13.0034 11072
16:40:13.0034 11072
Skip
16:40:13.0036 11072
user
16:40:13.0036 11072
t action: Skip
16:40:13.0037 11072
user
16:40:13.0038 11072
t action: Skip
16:40:13.0039 11072
16:40:13.0039 11072
p
16:40:13.0040 11072
16:40:13.0040 11072
Skip
16:40:13.0043 11072
16:40:13.0043 11072
ip
16:40:13.0044 11072
16:40:13.0044 11072
kip
16:40:13.0047 11072
by user
16:40:13.0047 11072
ect action: Skip
16:40:13.0049 11072
16:40:13.0049 11072
Skip
16:40:13.0050 11072
16:40:13.0050 11072
ion: Skip
16:40:13.0052 11072
16:40:13.0052 11072
Skip
16:40:13.0053 11072
16:40:13.0053 11072
Skip
16:40:13.0054 11072
16:40:13.0054 11072
ip
16:40:13.0057 11072
16:40:13.0057 11072
ion: Skip
gpsvc ( ForgedFile.Multi.Generic ) - User select action: Sk

gupdate ( ForgedFile.Multi.Generic ) - skipped by user
gupdate ( ForgedFile.Multi.Generic ) - User select action:
gupdatem ( ForgedFile.Multi.Generic ) - skipped by user
gupdatem ( ForgedFile.Multi.Generic ) - User select action:
gusvc ( ForgedFile.Multi.Generic ) - skipped by user
gusvc ( ForgedFile.Multi.Generic ) - User select action: Sk
HdAudAddService ( ForgedFile.Multi.Generic ) - skipped by u
HdAudAddService ( ForgedFile.Multi.Generic ) - User select
HDAudBus ( ForgedFile.Multi.Generic ) - skipped by user
HDAudBus ( ForgedFile.Multi.Generic ) - User select action:
HomeGroupListener ( ForgedFile.Multi.Generic ) - skipped by
HomeGroupListener ( ForgedFile.Multi.Generic ) - User selec
HomeGroupProvider ( ForgedFile.Multi.Generic ) - skipped by
HomeGroupProvider ( ForgedFile.Multi.Generic ) - User selec
HTTP ( ForgedFile.Multi.Generic ) - skipped by user
HTTP ( ForgedFile.Multi.Generic ) - User select action: Ski
iaStorV ( ForgedFile.Multi.Generic ) - skipped by user
iaStorV ( ForgedFile.Multi.Generic ) - User select action:
idsvc ( ForgedFile.Multi.Generic ) - skipped by user
idsvc ( ForgedFile.Multi.Generic ) - User select action: Sk
IKEEXT ( ForgedFile.Multi.Generic ) - skipped by user
IKEEXT ( ForgedFile.Multi.Generic ) - User select action: S
IntcAzAudAddService ( ForgedFile.Multi.Generic ) - skipped
IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User sel
iphlpsvc ( ForgedFile.Multi.Generic ) - skipped by user
iphlpsvc ( ForgedFile.Multi.Generic ) - User select action:
iPod Service ( ForgedFile.Multi.Generic ) - skipped by user
iPod Service ( ForgedFile.Multi.Generic ) - User select act
iScsiPrt ( ForgedFile.Multi.Generic ) - skipped by user
iScsiPrt ( ForgedFile.Multi.Generic ) - User select action:
KSecPkg ( ForgedFile.Multi.Generic ) - skipped by user
KSecPkg ( ForgedFile.Multi.Generic ) - User select action:
KtmRm ( ForgedFile.Multi.Generic ) - skipped by user
KtmRm ( ForgedFile.Multi.Generic ) - User select action: Sk
LanmanServer ( ForgedFile.Multi.Generic ) - skipped by user
LanmanServer ( ForgedFile.Multi.Generic ) - User select act
16:40:13.0060
16:40:13.0060
Skip
16:40:13.0061
16:40:13.0061
kip
16:40:13.0063
16:40:13.0063
p
16:40:13.0064
16:40:13.0064
kip
16:40:13.0068
16:40:13.0068
kip
16:40:13.0070
16:40:13.0070
kip
16:40:13.0071
16:40:13.0071
Skip
16:40:13.0072
16:40:13.0072
Skip
16:40:13.0074
16:40:13.0074
ip
16:40:13.0078
16:40:13.0078
ip
16:40:13.0080
16:40:13.0080
Skip
16:40:13.0081
16:40:13.0081
ip
16:40:13.0083
16:40:13.0083
Skip
16:40:13.0084
16:40:13.0084
on: Skip
16:40:13.0085
16:40:13.0085
p
16:40:13.0087
16:40:13.0087
Skip
16:40:13.0090
16:40:13.0090
ip
16:40:13.0092
16:40:13.0092
kip
16:40:13.0094
16:40:13.0094
Skip
16:40:13.0095
16:40:13.0095
kip
11072 lltdsvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 lltdsvc ( ForgedFile.Multi.Generic ) - User select action:
11072 MegaSR ( ForgedFile.Multi.Generic ) - skipped by user
11072 MegaSR ( ForgedFile.Multi.Generic ) - User select action: S
11072 mpio ( ForgedFile.Multi.Generic ) - skipped by user
11072 mpio ( ForgedFile.Multi.Generic ) - User select action: Ski
11072 MpsSvc ( ForgedFile.Multi.Generic ) - skipped by user
11072 MpsSvc ( ForgedFile.Multi.Generic ) - User select action: S
11072 MRxDAV ( ForgedFile.Multi.Generic ) - skipped by user
11072 MRxDAV ( ForgedFile.Multi.Generic ) - User select action: S
11072 mrxsmb ( ForgedFile.Multi.Generic ) - skipped by user
11072 mrxsmb ( ForgedFile.Multi.Generic ) - User select action: S
11072 mrxsmb10 ( ForgedFile.Multi.Generic ) - skipped by user
11072 mrxsmb10 ( ForgedFile.Multi.Generic ) - User select action:
11072 mrxsmb20 ( ForgedFile.Multi.Generic ) - skipped by user
11072 msdsm ( ForgedFile.Multi.Generic ) - skipped by user
11072 msdsm ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 MSDTC ( ForgedFile.Multi.Generic ) - skipped by user
11072 MSDTC ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 MSiSCSI ( ForgedFile.Multi.Generic ) - skipped by user
11072 MSiSCSI ( ForgedFile.Multi.Generic ) - User select action:
11072 MsRPC ( ForgedFile.Multi.Generic ) - skipped by user
11072 MsRPC ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 napagent ( ForgedFile.Multi.Generic ) - skipped by user
11072 napagent ( ForgedFile.Multi.Generic ) - User select action:
11072 NativeWifiP ( ForgedFile.Multi.Generic ) - skipped by user
11072 NativeWifiP ( ForgedFile.Multi.Generic ) - User select acti
11072 NDIS ( ForgedFile.Multi.Generic ) - skipped by user
11072 NDIS ( ForgedFile.Multi.Generic ) - User select action: Ski
11072 NdisWan ( ForgedFile.Multi.Generic ) - skipped by user
11072 NdisWan ( ForgedFile.Multi.Generic ) - User select action:
11072 NetBT ( ForgedFile.Multi.Generic ) - skipped by user
11072 NetBT ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 Netman ( ForgedFile.Multi.Generic ) - skipped by user
11072 Netman ( ForgedFile.Multi.Generic ) - User select action: S
11072 netprofm ( ForgedFile.Multi.Generic ) - skipped by user
11072 netprofm ( ForgedFile.Multi.Generic ) - User select action:
11072 NlaSvc ( ForgedFile.Multi.Generic ) - skipped by user
11072 NlaSvc ( ForgedFile.Multi.Generic ) - User select action: S
16:40:13.0097
16:40:13.0097
p
16:40:13.0098
16:40:13.0098
Skip
16:40:13.0100
16:40:13.0100
Skip
16:40:13.0101
16:40:13.0101
kip
16:40:13.0103
16:40:13.0103
kip
16:40:13.0104
16:40:13.0104
ip
16:40:13.0105
16:40:13.0105
kip
16:40:13.0107
16:40:13.0107
11072 Ntfs ( ForgedFile.Multi.Generic ) - skipped by user

11072 Ntfs ( ForgedFile.Multi.Generic ) - User select action: Ski
16:40:13.0111
16:40:13.0111
Skip
16:40:13.0113
16:40:13.0113
kip
16:40:13.0114
16:40:13.0114
kip
16:40:13.0115
16:40:13.0116
11072 p2pimsvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 p2pimsvc ( ForgedFile.Multi.Generic ) - User select action:
16:40:13.0117
16:40:13.0117
kip
16:40:13.0120
16:40:13.0120
kip
16:40:13.0121
16:40:13.0121
11072 pcmcia ( ForgedFile.Multi.Generic ) - skipped by user

11072 pcmcia ( ForgedFile.Multi.Generic ) - User select action: S
16:40:13.0123
16:40:13.0123
Skip
16:40:13.0125
16:40:13.0125
Skip
16:40:13.0127
16:40:13.0127
on: Skip
16:40:13.0128
16:40:13.0128
ip
16:40:13.0132
16:40:13.0132
Skip
11072 PlugPlay ( ForgedFile.Multi.Generic ) - skipped by user

11072 PlugPlay ( ForgedFile.Multi.Generic ) - User select action:
11072 ntrtscan ( ForgedFile.Multi.Generic ) - skipped by user

11072 ntrtscan ( ForgedFile.Multi.Generic ) - User select action:
11072 nvlddmkm ( ForgedFile.Multi.Generic ) - skipped by user
11072 nvlddmkm ( ForgedFile.Multi.Generic ) - User select action:
11072 nvraid ( ForgedFile.Multi.Generic ) - skipped by user
11072 nvraid ( ForgedFile.Multi.Generic ) - User select action: S
11072 nvstor ( ForgedFile.Multi.Generic ) - skipped by user
11072 nvstor ( ForgedFile.Multi.Generic ) - User select action: S
11072 nvsvc ( ForgedFile.Multi.Generic ) - skipped by user
11072 nvsvc ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 nv_agp ( ForgedFile.Multi.Generic ) - skipped by user
11072 nv_agp ( ForgedFile.Multi.Generic ) - User select action: S
11072 ose ( ForgedFile.Multi.Generic ) - skipped by user
11072 ose ( ForgedFile.Multi.Generic ) - User select action: Skip
11072 p2psvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 p2psvc ( ForgedFile.Multi.Generic ) - User select action: S
11072 PcaSvc ( ForgedFile.Multi.Generic ) - skipped by user
11072 PcaSvc ( ForgedFile.Multi.Generic ) - User select action: S
11072 pci ( ForgedFile.Multi.Generic ) - skipped by user
11072 pci ( ForgedFile.Multi.Generic ) - User select action: Skip
11072 PEAUTH ( ForgedFile.Multi.Generic ) - skipped by user

11072 PEAUTH ( ForgedFile.Multi.Generic ) - User select action: S
11072 pla ( ForgedFile.Multi.Generic ) - skipped by user
11072 pla ( ForgedFile.Multi.Generic ) - User select action: Skip
11072 PNRPsvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 PNRPsvc ( ForgedFile.Multi.Generic ) - User select action:
11072 PolicyAgent ( ForgedFile.Multi.Generic ) - skipped by user
11072 PolicyAgent ( ForgedFile.Multi.Generic ) - User select acti
11072 Power ( ForgedFile.Multi.Generic ) - skipped by user
11072 Power ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 ProfSvc ( ForgedFile.Multi.Generic ) - skipped by user
11072 ProfSvc ( ForgedFile.Multi.Generic ) - User select action:
16:40:13.0135
16:40:13.0135
kip
16:40:13.0136
16:40:13.0136
kip
16:40:13.0140
16:40:13.0140
kip
16:40:13.0142
16:40:13.0142
ip
16:40:13.0144
16:40:13.0144
Skip
16:40:13.0146
16:40:13.0146
kip
16:40:13.0147
16:40:13.0147
ip
16:40:13.0148
16:40:13.0148
ip
16:40:13.0151
16:40:13.0151
Skip
16:40:13.0153
er
16:40:13.0153
ction: Skip
16:40:13.0154
16:40:13.0154
kip
16:40:13.0156
16:40:13.0156
ip
16:40:13.0157
16:40:13.0157
Skip
16:40:13.0160
16:40:13.0160
Skip
16:40:13.0162
16:40:13.0162
kip
16:40:13.0163
16:40:13.0163
n: Skip
16:40:13.0167
16:40:13.0167
ion: Skip
16:40:13.0168
user
16:40:13.0168
action: Skip
16:40:13.0171
16:40:13.0171
Skip
16:40:13.0171
11072 Psched ( ForgedFile.Multi.Generic ) - skipped by user

11072 Psched ( ForgedFile.Multi.Generic ) - User select action: S
11072 ql2300 ( ForgedFile.Multi.Generic ) - skipped by user
11072 ql2300 ( ForgedFile.Multi.Generic ) - User select action: S
11072 ql40xx ( ForgedFile.Multi.Generic ) - skipped by user
11072 ql40xx ( ForgedFile.Multi.Generic ) - User select action: S
11072 QWAVE ( ForgedFile.Multi.Generic ) - skipped by user
11072 QWAVE ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 Rasl2tp ( ForgedFile.Multi.Generic ) - skipped by user
11072 Rasl2tp ( ForgedFile.Multi.Generic ) - User select action:
11072 RasMan ( ForgedFile.Multi.Generic ) - skipped by user
11072 RasMan ( ForgedFile.Multi.Generic ) - User select action: S
11072 rdbss ( ForgedFile.Multi.Generic ) - skipped by user
11072 rdbss ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 RDPWD ( ForgedFile.Multi.Generic ) - skipped by user
11072 RDPWD ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 rdyboost ( ForgedFile.Multi.Generic ) - skipped by user
11072 rdyboost ( ForgedFile.Multi.Generic ) - User select action:
11072 RemoteRegistry ( ForgedFile.Multi.Generic ) - skipped by us
11072 RemoteRegistry ( ForgedFile.Multi.Generic ) - User select a
11072 RFCOMM ( ForgedFile.Multi.Generic ) - skipped by user
11072 RFCOMM ( ForgedFile.Multi.Generic ) - User select action: S
11072 RpcSs ( ForgedFile.Multi.Generic ) - skipped by user
11072 RpcSs ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 SCardSvr ( ForgedFile.Multi.Generic ) - skipped by user
11072 SCardSvr ( ForgedFile.Multi.Generic ) - User select action:
11072 Schedule ( ForgedFile.Multi.Generic ) - skipped by user
11072 Schedule ( ForgedFile.Multi.Generic ) - User select action:
11072 SDRSVC ( ForgedFile.Multi.Generic ) - skipped by user
11072 SDRSVC ( ForgedFile.Multi.Generic ) - User select action: S
11072 SessionEnv ( ForgedFile.Multi.Generic ) - skipped by user
11072 SessionEnv ( ForgedFile.Multi.Generic ) - User select actio
11072 SharedAccess ( ForgedFile.Multi.Generic ) - skipped by user
11072 SharedAccess ( ForgedFile.Multi.Generic ) - User select act
11072 ShellHWDetection ( ForgedFile.Multi.Generic ) - skipped by
11072 ShellHWDetection ( ForgedFile.Multi.Generic ) - User select
11072 SOHCImp ( ForgedFile.Multi.Generic ) - skipped by user
11072 SOHCImp ( ForgedFile.Multi.Generic ) - User select action:
11072 SOHDms ( ForgedFile.Multi.Generic ) - skipped by user
16:40:13.0171
kip
16:40:13.0173
16:40:13.0173
Skip
16:40:13.0176
16:40:13.0176
kip
16:40:13.0177
16:40:13.0178
n: Skip
16:40:13.0179
16:40:13.0179
: Skip
16:40:13.0182
16:40:13.0182
11072 SOHDms ( ForgedFile.Multi.Generic ) - User select action: S
16:40:13.0184
16:40:13.0184
p
16:40:13.0186
16:40:13.0186
kip
16:40:13.0187
16:40:13.0187
Skip
16:40:13.0189
16:40:13.0189
kip
16:40:13.0190
16:40:13.0190
kip
16:40:13.0193
16:40:13.0193
ip
16:40:13.0195
16:40:13.0195
Skip
16:40:13.0196
16:40:13.0196
Skip
16:40:13.0199
16:40:13.0199
ip
16:40:13.0201
16:40:13.0201
kip
16:40:13.0202
16:40:13.0202
11072 srv2 ( ForgedFile.Multi.Generic ) - skipped by user

11072 srv2 ( ForgedFile.Multi.Generic ) - User select action: Ski
16:40:13.0204
16:40:13.0204
on: Skip
16:40:13.0205
16:40:13.0205
Skip
16:40:13.0206
16:40:13.0206
Skip
16:40:13.0210
11072 TermService ( ForgedFile.Multi.Generic ) - skipped by user

11072 TermService ( ForgedFile.Multi.Generic ) - User select acti
11072 Spooler ( ForgedFile.Multi.Generic ) - skipped by user

11072 Spooler ( ForgedFile.Multi.Generic ) - User select action:
11072 sppsvc ( ForgedFile.Multi.Generic ) - skipped by user
11072 sppsvc ( ForgedFile.Multi.Generic ) - User select action: S
11072 SQLBrowser ( ForgedFile.Multi.Generic ) - skipped by user
11072 SQLBrowser ( ForgedFile.Multi.Generic ) - User select actio
11072 SQLWriter ( ForgedFile.Multi.Generic ) - skipped by user
11072 SQLWriter ( ForgedFile.Multi.Generic ) - User select action
11072 srv ( ForgedFile.Multi.Generic ) - skipped by user
11072 srv ( ForgedFile.Multi.Generic ) - User select action: Skip
11072 srvnet ( ForgedFile.Multi.Generic ) - skipped by user

11072 srvnet ( ForgedFile.Multi.Generic ) - User select action: S
11072 SSDPSRV ( ForgedFile.Multi.Generic ) - skipped by user
11072 SSDPSRV ( ForgedFile.Multi.Generic ) - User select action:
11072 ss_bus ( ForgedFile.Multi.Generic ) - skipped by user
11072 ss_bus ( ForgedFile.Multi.Generic ) - User select action: S
11072 stisvc ( ForgedFile.Multi.Generic ) - skipped by user
11072 stisvc ( ForgedFile.Multi.Generic ) - User select action: S
11072 swprv ( ForgedFile.Multi.Generic ) - skipped by user
11072 swprv ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 SysMain ( ForgedFile.Multi.Generic ) - skipped by user
11072 SysMain ( ForgedFile.Multi.Generic ) - User select action:
11072 TapiSrv ( ForgedFile.Multi.Generic ) - skipped by user
11072 TapiSrv ( ForgedFile.Multi.Generic ) - User select action:
11072 Tcpip ( ForgedFile.Multi.Generic ) - skipped by user
11072 Tcpip ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 TCPIP6 ( ForgedFile.Multi.Generic ) - skipped by user
11072 TCPIP6 ( ForgedFile.Multi.Generic ) - User select action: S
11072 tdx ( ForgedFile.Multi.Generic ) - skipped by user
11072 tdx ( ForgedFile.Multi.Generic ) - User select action: Skip
11072 TmFilter ( ForgedFile.Multi.Generic ) - skipped by user

11072 TmFilter ( ForgedFile.Multi.Generic ) - User select action:
11072 tmlisten ( ForgedFile.Multi.Generic ) - skipped by user
11072 tmlisten ( ForgedFile.Multi.Generic ) - User select action:
11072 TmProxy ( ForgedFile.Multi.Generic ) - skipped by user
16:40:13.0210 11072
Skip
16:40:13.0212 11072
16:40:13.0212 11072
kip
16:40:13.0214 11072
user
16:40:13.0214 11072
action: Skip
16:40:13.0215 11072
16:40:13.0215 11072
kip
16:40:13.0216 11072
16:40:13.0216 11072
p
16:40:13.0219 11072
16:40:13.0220 11072
Skip
16:40:13.0221 11072
16:40:13.0221 11072
kip
16:40:13.0223 11072
16:40:13.0223 11072
Skip
16:40:13.0226 11072
File.Multi.Generic )
16:40:13.0226 11072
File.Multi.Generic )
16:40:13.0228 11072
y user
16:40:13.0228 11072
ct action: Skip
16:40:13.0230 11072
d by user
16:40:13.0230 11072
elect action: Skip
16:40:13.0231 11072
16:40:13.0232 11072
p
16:40:13.0234 11072
16:40:13.0234 11072
n: Skip
16:40:13.0235 11072
16:40:13.0235 11072
: Skip
16:40:13.0237 11072
16:40:13.0237 11072
16:40:13.0238
16:40:13.0238
ip
16:40:13.0240
16:40:13.0240
Skip
16:40:13.0245
16:40:13.0245
Skip
16:40:13.0248
16:40:13.0248
Skip
TmProxy ( ForgedFile.Multi.Generic ) - User select action:

TrkWks ( ForgedFile.Multi.Generic ) - skipped by user
TrkWks ( ForgedFile.Multi.Generic ) - User select action: S
TrustedInstaller ( ForgedFile.Multi.Generic ) - skipped by
TrustedInstaller ( ForgedFile.Multi.Generic ) - User select
tunnel ( ForgedFile.Multi.Generic ) - skipped by user
tunnel ( ForgedFile.Multi.Generic ) - User select action: S
udfs ( ForgedFile.Multi.Generic ) - skipped by user
udfs ( ForgedFile.Multi.Generic ) - User select action: Ski
upnphost ( ForgedFile.Multi.Generic ) - skipped by user
upnphost ( ForgedFile.Multi.Generic ) - User select action:
usbhub ( ForgedFile.Multi.Generic ) - skipped by user
usbhub ( ForgedFile.Multi.Generic ) - User select action: S
usbvideo ( ForgedFile.Multi.Generic ) - skipped by user
usbvideo ( ForgedFile.Multi.Generic ) - User select action:
VAIO Entertainment TV Device Arbitration Service ( Unsigned
- skipped by user
VAIO Entertainment TV Device Arbitration Service ( Unsigned
VAIO Event Service ( ForgedFile.Multi.Generic ) - skipped b
VAIO Event Service ( ForgedFile.Multi.Generic ) - User sele
VAIO Power Management ( ForgedFile.Multi.Generic ) - skippe
VAIO Power Management ( ForgedFile.Multi.Generic ) - User s
VCFw ( ForgedFile.Multi.Generic ) - skipped by user
VCFw ( ForgedFile.Multi.Generic ) - User select action: Ski
VcmIAlzMgr ( ForgedFile.Multi.Generic ) - skipped by user
VcmIAlzMgr ( ForgedFile.Multi.Generic ) - User select actio
VcmINSMgr ( ForgedFile.Multi.Generic ) - skipped by user
VcmINSMgr ( ForgedFile.Multi.Generic ) - User select action
vds ( ForgedFile.Multi.Generic ) - skipped by user
vds ( ForgedFile.Multi.Generic ) - User select action: Skip
11072 vhdmp ( ForgedFile.Multi.Generic ) - skipped by user

11072 vhdmp ( ForgedFile.Multi.Generic ) - User select action: Sk
11072 volmgrx ( ForgedFile.Multi.Generic ) - skipped by user
11072 volmgrx ( ForgedFile.Multi.Generic ) - User select action:
11072 volsnap ( ForgedFile.Multi.Generic ) - skipped by user
11072 volsnap ( ForgedFile.Multi.Generic ) - User select action:
11072 VSApiNt ( ForgedFile.Multi.Generic ) - skipped by user
11072 VSApiNt ( ForgedFile.Multi.Generic ) - User select action:
16:40:13.0249
16:40:13.0249
n: Skip
16:40:13.0252
16:40:13.0252
11072 VSNService ( ForgedFile.Multi.Generic ) - skipped by user

11072 VSNService ( ForgedFile.Multi.Generic ) - User select actio
11072 VSS ( ForgedFile.Multi.Generic ) - skipped by user
11072 VSS ( ForgedFile.Multi.Generic ) - User select action: Skip
16:40:13.0254 11072
d by user
16:40:13.0254 11072
elect action: Skip
16:40:13.0256 11072
16:40:13.0256 11072
Skip
16:40:13.0257 11072
16:40:13.0257 11072
Skip
16:40:13.0260 11072
16:40:13.0260 11072
on: Skip
16:40:13.0261 11072
16:40:13.0262 11072
Skip
16:40:13.0264 11072
16:40:13.0264 11072
Skip
16:40:13.0266 11072
16:40:13.0266 11072
Skip
16:40:13.0267 11072
16:40:13.0268 11072
Skip
16:40:13.0269 11072
16:40:13.0269 11072
: Skip
16:40:13.0271 11072
16:40:13.0271 11072
kip
16:40:13.0273 11072
16:40:13.0273 11072
Skip
16:40:13.0276 11072
16:40:13.0276 11072
ip
16:40:13.0278 11072
16:40:13.0278 11072
Skip
16:40:13.0279 11072
16:40:13.0280 11072
Skip
16:40:13.0281 11072
16:40:13.0281 11072
Skip
16:40:13.0282 11072
16:40:13.0282 11072
kip
16:40:13.0284 11072
16:40:13.0284 11072
Skip
16:40:13.0287 11072
skipped by user
vToolbarUpdater15.2.0 ( ForgedFile.Multi.Generic ) - skippe

vToolbarUpdater15.2.0 ( ForgedFile.Multi.Generic ) - User s
VzCdbSvc ( ForgedFile.Multi.Generic ) - skipped by user
VzCdbSvc ( ForgedFile.Multi.Generic ) - User select action:
W32Time ( ForgedFile.Multi.Generic ) - skipped by user
W32Time ( ForgedFile.Multi.Generic ) - User select action:
WatAdminSvc ( ForgedFile.Multi.Generic ) - skipped by user
WatAdminSvc ( ForgedFile.Multi.Generic ) - User select acti
wbengine ( ForgedFile.Multi.Generic ) - skipped by user
wbengine ( ForgedFile.Multi.Generic ) - User select action:
WbioSrvc ( ForgedFile.Multi.Generic ) - skipped by user
WbioSrvc ( ForgedFile.Multi.Generic ) - User select action:
wcncsvc ( ForgedFile.Multi.Generic ) - skipped by user
wcncsvc ( ForgedFile.Multi.Generic ) - User select action:
Wdf01000 ( ForgedFile.Multi.Generic ) - skipped by user
Wdf01000 ( ForgedFile.Multi.Generic ) - User select action:
WebClient ( ForgedFile.Multi.Generic ) - skipped by user
WebClient ( ForgedFile.Multi.Generic ) - User select action
Wecsvc ( ForgedFile.Multi.Generic ) - skipped by user
Wecsvc ( ForgedFile.Multi.Generic ) - User select action: S
Winmgmt ( ForgedFile.Multi.Generic ) - skipped by user
Winmgmt ( ForgedFile.Multi.Generic ) - User select action:
WinRM ( ForgedFile.Multi.Generic ) - skipped by user
WinRM ( ForgedFile.Multi.Generic ) - User select action: Sk
Wlansvc ( ForgedFile.Multi.Generic ) - skipped by user
Wlansvc ( ForgedFile.Multi.Generic ) - User select action:
wmiApSrv ( ForgedFile.Multi.Generic ) - skipped by user
wmiApSrv ( ForgedFile.Multi.Generic ) - User select action:
wuauserv ( ForgedFile.Multi.Generic ) - skipped by user
wuauserv ( ForgedFile.Multi.Generic ) - User select action:
WUDFRd ( ForgedFile.Multi.Generic ) - skipped by user
WUDFRd ( ForgedFile.Multi.Generic ) - User select action: S
WwanSvc ( ForgedFile.Multi.Generic ) - skipped by user
WwanSvc ( ForgedFile.Multi.Generic ) - User select action:
YouTubeDownloaderConverter ( UnsignedFile.Multi.Generic ) -
16:40:13.0287 11072 YouTubeDownloaderConverter ( UnsignedFile.Multi.Generic ) User select action: Skip

16:40:52.0074 10700 ===========================================================
=
16:40:52.0083 10700 Scan started
16:40:52.0083 10700 Mode: Manual;
16:40:52.0083 10700 ===========================================================
=
16:40:52.0304 10700 ================ Scan system memory =======================
=
16:40:52.0317 10700 System memory - ok
16:40:52.0319 10700 ================ Scan services ============================
=
16:40:52.0460 10700 [ FBDA3F2E23ED8E8ACFD3AC47CB32B5DA ] 1394ohci
C:\Win
dows\system32\drivers\1394ohci.sys
16:40:52.0527 10700 Suspicious file (Forged): C:\Windows\system32\drivers\1394o
hci.sys. Real md5: FBDA3F2E23ED8E8ACFD3AC47CB32B5DA, Fake md5: A87D604AEA3601763
11474C87A63BB88
16:40:52.0528 10700 1394ohci ( ForgedFile.Multi.Generic ) - warning
16:40:52.0528 10700 1394ohci - detected ForgedFile.Multi.Generic (1)
16:40:52.0603 10700 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon
C:\Pro
gram Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:40:52.0616 10700 ACDaemon - ok
16:40:52.0628 10700 [ 6691410244FFECEC41BE4C47C10FAAFA ] ACPI
C:\Win
dows\system32\drivers\ACPI.sys
16:40:52.0642 10700 Suspicious file (Forged): C:\Windows\system32\drivers\ACPI.
sys. Real md5: 6691410244FFECEC41BE4C47C10FAAFA, Fake md5: D81D9E70B8A6DD14D42D7
B4EFA65D5F2
16:40:52.0643 10700 ACPI ( ForgedFile.Multi.Generic ) - warning
16:40:52.0643 10700 ACPI - detected ForgedFile.Multi.Generic (1)
16:40:52.0669 10700 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi
C:\Win
dows\system32\drivers\acpipmi.sys
16:40:52.0670 10700 AcpiPmi - ok
16:40:52.0701 10700 [ 5647CFBC7535F94BAE796B567D0169E8 ] AdobeActiveFileMonitor
7.0 c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAge
nt.exe
16:40:52.0710 10700 Suspicious file (Forged): c:\Program Files (x86)\Adobe\Phot
oshop Elements 7.0\PhotoshopElementsFileAgent.exe. Real md5: 5647CFBC7535F94BAE7
96B567D0169E8, Fake md5: 6D9FC1E7EA3C548F4D3455F0C3FEEF8C
16:40:52.0711 10700 AdobeActiveFileMonitor7.0 ( ForgedFile.Multi.Generic ) - wa
rning
16:40:52.0711 10700 AdobeActiveFileMonitor7.0 - detected ForgedFile.Multi.Gener
ic (1)
16:40:52.0798 10700 [ D8890C56B6D5568064BCF78A99998340 ] AdobeFlashPlayerUpdate
Svc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:40:52.0814 10700 Suspicious file (Forged): C:\Windows\SysWOW64\Macromed\Flas
h\FlashPlayerUpdateService.exe. Real md5: D8890C56B6D5568064BCF78A99998340, Fake
md5: F040037B149FD0F5A5044AE563390FA7
16:40:52.0815 10700 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - wa
rning
16:40:52.0815 10700 AdobeFlashPlayerUpdateSvc - detected ForgedFile.Multi.Gener
ic (1)
16:40:52.0857 10700 [ 4447CB4BB00391A6442BD48BC399B2DD ] adp94xx
C:\Win
dows\system32\DRIVERS\adp94xx.sys
16:40:52.0875 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adp94
xx.sys. Real md5: 4447CB4BB00391A6442BD48BC399B2DD, Fake md5: 2F6B34B83843F0C511
8B63AC634F5BF4
16:40:52.0877 10700 adp94xx ( ForgedFile.Multi.Generic ) - warning
16:40:52.0877 10700 adp94xx - detected ForgedFile.Multi.Generic (1)
16:40:52.0896 10700 [ B0FF150AB317F7BB56EFD37F5AF5F6A0 ] adpahci
C:\Win
dows\system32\DRIVERS\adpahci.sys
16:40:52.0911 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adpah
ci.sys. Real md5: B0FF150AB317F7BB56EFD37F5AF5F6A0, Fake md5: 597F78224EE9224EA1
A13D6350CED962
16:40:52.0911 10700 adpahci ( ForgedFile.Multi.Generic ) - warning
16:40:52.0911 10700 adpahci - detected ForgedFile.Multi.Generic (1)
16:40:52.0919 10700 [ 1C42EEAE0241B6945805E719739A7A69 ] adpu320
C:\Win
dows\system32\DRIVERS\adpu320.sys
16:40:52.0934 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\adpu3
20.sys. Real md5: 1C42EEAE0241B6945805E719739A7A69, Fake md5: E109549C90F62FB570
B9540C4B148E54
16:40:52.0934 10700 adpu320 ( ForgedFile.Multi.Generic ) - warning
16:40:52.0934 10700 adpu320 - detected ForgedFile.Multi.Generic (1)
16:40:52.0962 10700 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc
C:\Win
dows\System32\aelupsvc.dll
16:40:52.0964 10700 AeLookupSvc - ok
16:40:52.0981 10700 [ 2EF70BAABAB756361309C358D012FA74 ] AFD
C:\Win
dows\system32\drivers\afd.sys
16:40:53.0040 10700 Suspicious file (Forged): C:\Windows\system32\drivers\afd.s
ys. Real md5: 2EF70BAABAB756361309C358D012FA74, Fake md5: 1C7857B62DE5994A75B054
A9FD4C3825
16:40:53.0041 10700 AFD ( ForgedFile.Multi.Generic ) - warning
16:40:53.0041 10700 AFD - detected ForgedFile.Multi.Generic (1)
16:40:53.0070 10700 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440
C:\Win
dows\system32\drivers\agp440.sys
16:40:53.0072 10700 agp440 - ok
16:40:53.0090 10700 [ 3290D6946B5E30E70414990574883DDB ] ALG
C:\Win
dows\System32\alg.exe
16:40:53.0091 10700 ALG - ok
16:40:53.0121 10700 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide
C:\Win
dows\system32\drivers\aliide.sys
16:40:53.0122 10700 aliide - ok
16:40:53.0128 10700 [ 1FF8B4431C353CE385C875F194924C0C ] amdide
C:\Win
dows\system32\drivers\amdide.sys
16:40:53.0129 10700 amdide - ok
16:40:53.0155 10700 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8
C:\Win
dows\system32\DRIVERS\amdk8.sys
16:40:53.0156 10700 AmdK8 - ok
16:40:53.0173 10700 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM
C:\Win
dows\system32\DRIVERS\amdppm.sys
16:40:53.0174 10700 AmdPPM - ok
16:40:53.0207 10700 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata
C:\Win
dows\system32\drivers\amdsata.sys
16:40:53.0209 10700 amdsata - ok
16:40:53.0224 10700 [ EB7A232A20D3EE8115F5CE881C6316C4 ] amdsbs
C:\Win
dows\system32\DRIVERS\amdsbs.sys
16:40:53.0240 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\amdsb
s.sys. Real md5: EB7A232A20D3EE8115F5CE881C6316C4, Fake md5: F67F933E79241ED32FF
46A4F29B5120B
16:40:53.0241 10700 amdsbs ( ForgedFile.Multi.Generic ) - warning
16:40:53.0241 10700 amdsbs - detected ForgedFile.Multi.Generic (1)
16:40:53.0260 10700 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata
C:\Win
dows\system32\drivers\amdxata.sys
16:40:53.0261 10700 amdxata - ok
16:40:53.0305 10700 [ 89A69C3F2F319B43379399547526D952 ] AppID
C:\Win
dows\system32\drivers\appid.sys
16:40:53.0307 10700 AppID - ok
16:40:53.0328 10700 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc
C:\Win
dows\System32\appidsvc.dll
16:40:53.0330 10700 AppIDSvc - ok
16:40:53.0355 10700 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo

C:\Win
dows\System32\appinfo.dll
16:40:53.0357 10700 Appinfo - ok
16:40:53.0432 10700 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:
\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceS
ervice.exe
16:40:53.0434 10700 Apple Mobile Device - ok
16:40:53.0477 10700 [ C484F8CEB1717C540242531DB7845C4E ] arc
C:\Win
dows\system32\DRIVERS\arc.sys
16:40:53.0479 10700 arc - ok
16:40:53.0484 10700 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas
C:\Win
dows\system32\DRIVERS\arcsas.sys
16:40:53.0486 10700 arcsas - ok
16:40:53.0525 10700 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Wi
ndows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:40:53.0526 10700 ArcSoftKsUFilter - ok
16:40:53.0542 10700 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac
C:\Win
dows\system32\DRIVERS\asyncmac.sys
16:40:53.0543 10700 AsyncMac - ok
16:40:53.0574 10700 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi
C:\Win
dows\system32\drivers\atapi.sys
16:40:53.0575 10700 atapi - ok
16:40:53.0604 10700 [ 73877CCD74A0D9B065B8C5A02114EA10 ] athr
C:\Win
dows\system32\DRIVERS\athrx.sys
16:40:53.0634 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\athrx
.sys. Real md5: 73877CCD74A0D9B065B8C5A02114EA10, Fake md5: 5D4529AC4156E16BEDB0
1441AE0CF984
16:40:53.0637 10700 athr ( ForgedFile.Multi.Generic ) - warning
16:40:53.0638 10700 athr - detected ForgedFile.Multi.Generic (1)
16:40:53.0684 10700 [ D6F8ED39444B5BEC033ACD76D41413FF ] AudioEndpointBuilder C
:\Windows\System32\Audiosrv.dll
A8BECF1
16:40:53.0713 10700 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - warning
16:40:53.0713 10700 AudioEndpointBuilder - detected ForgedFile.Multi.Generic (1
)
16:40:53.0720 10700 [ D6F8ED39444B5BEC033ACD76D41413FF ] AudioSrv
C:\Win
dows\System32\Audiosrv.dll
A8BECF1
16:40:53.0724 10700 AudioSrv ( ForgedFile.Multi.Generic ) - warning
16:40:53.0724 10700 AudioSrv - detected ForgedFile.Multi.Generic (1)
16:40:53.0745 10700 [ FC89DFDD6B9E5E7D86B06432E990401E ] AVerAVF2
C:\Win
dows\system32\DRIVERS\AVerAVF2.sys
16:40:53.0771 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\AVerA
VF2.sys. Real md5: FC89DFDD6B9E5E7D86B06432E990401E, Fake md5: 59E75082DC7DA2525
92EC3489A2CF4EA
16:40:53.0773 10700 AVerAVF2 ( ForgedFile.Multi.Generic ) - warning
16:40:53.0774 10700 AVerAVF2 - detected ForgedFile.Multi.Generic (1)
16:40:53.0810 10700 [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp
C:\Win
dows\system32\drivers\avgtpx64.sys
16:40:53.0811 10700 avgtp - ok
16:40:53.0849 10700 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV
C:\Win
dows\System32\AxInstSV.dll
16:40:53.0851 10700 AxInstSV - ok
16:40:53.0874 10700 [ 3E7FA18FEA3BE0AF9614DE5C65092795 ] b06bdrv
C:\Win
dows\system32\DRIVERS\bxvbda.sys
16:40:53.0888 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\bxvbd
a.sys. Real md5: 3E7FA18FEA3BE0AF9614DE5C65092795, Fake md5: 3E5B191307609F75141

48C6832BB0842
16:40:53.0889 10700 b06bdrv ( ForgedFile.Multi.Generic ) - warning
16:40:53.0889 10700 b06bdrv - detected ForgedFile.Multi.Generic (1)
16:40:53.0914 10700 [ A51E3C2C28CC549C77C41CE609F3C89F ] b57nd60a
C:\Win
dows\system32\DRIVERS\b57nd60a.sys
16:40:53.0931 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\b57nd
60a.sys. Real md5: A51E3C2C28CC549C77C41CE609F3C89F, Fake md5: B5ACE6968304A3900
EEB1EBFD9622DF2
16:40:53.0932 10700 b57nd60a ( ForgedFile.Multi.Generic ) - warning
16:40:53.0932 10700 b57nd60a - detected ForgedFile.Multi.Generic (1)
16:40:53.0982 10700 [ CE5A6AB907758186A5B5536B7ED78323 ] BackupStack
C:\Pro
gram Files (x86)\MyPC Backup\BackupStack.exe
16:40:53.0984 10700 BackupStack - ok
16:40:54.0028 10700 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC
C:\Win
dows\System32\bdesvc.dll
16:40:54.0030 10700 BDESVC - ok
16:40:54.0041 10700 [ 16A47CE2DECC9B099349A5F840654746 ] Beep
C:\Win
dows\system32\drivers\Beep.sys
16:40:54.0042 10700 Beep - ok
16:40:54.0065 10700 [ 99337200D3F66033B87F19A70B2B2DEC ] BFE
C:\Win
dows\System32\bfe.dll
16:40:54.0092 10700 Suspicious file (Forged): C:\Windows\System32\bfe.dll. Real
md5: 99337200D3F66033B87F19A70B2B2DEC, Fake md5: 82974D6A2FD19445CC5171FC378668
A4
16:40:54.0094 10700 BFE ( ForgedFile.Multi.Generic ) - warning
16:40:54.0094 10700 BFE - detected ForgedFile.Multi.Generic (1)
16:40:54.0104 10700 [ 5E70BFA2F6D20D0CE0C4BC8CB9978695 ] BITS
C:\Win
dows\System32\qmgr.dll
16:40:54.0140 10700 Suspicious file (Forged): C:\Windows\System32\qmgr.dll. Rea
l md5: 5E70BFA2F6D20D0CE0C4BC8CB9978695, Fake md5: 1EA7969E3271CBC59E1730697DC74
682
16:40:54.0143 10700 BITS ( ForgedFile.Multi.Generic ) - warning
16:40:54.0143 10700 BITS - detected ForgedFile.Multi.Generic (1)
16:40:54.0216 10700 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive
C:\Win
dows\system32\DRIVERS\blbdrive.sys
16:40:54.0218 10700 blbdrive - ok
16:40:54.0287 10700 [ 63CB337BD7477B44CC7156D3E67E3EC3 ] Bonjour Service C:\Pro
gram Files\Bonjour\mDNSResponder.exe
16:40:54.0302 10700 Suspicious file (Forged): C:\Program Files\Bonjour\mDNSResp
onder.exe. Real md5: 63CB337BD7477B44CC7156D3E67E3EC3, Fake md5: EBBCD5DFBB1DE70
E8F4AF8FA59E401FD
16:40:54.0303 10700 Bonjour Service ( ForgedFile.Multi.Generic ) - warning
16:40:54.0303 10700 Bonjour Service - detected ForgedFile.Multi.Generic (1)
16:40:54.0329 10700 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser
C:\Win
dows\system32\DRIVERS\bowser.sys
16:40:54.0331 10700 bowser - ok
16:40:54.0358 10700 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo
C:\Win
dows\system32\DRIVERS\BrFiltLo.sys
16:40:54.0360 10700 BrFiltLo - ok
16:40:54.0364 10700 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp
C:\Win
dows\system32\DRIVERS\BrFiltUp.sys
16:40:54.0365 10700 BrFiltUp - ok
16:40:54.0416 10700 [ DD5448BF498735A4AF29D9B7A08BAA98 ] Browser
C:\Win
dows\System32\browser.dll
16:40:54.0429 10700 Suspicious file (Forged): C:\Windows\System32\browser.dll.
Real md5: DD5448BF498735A4AF29D9B7A08BAA98, Fake md5: 05F5A0D14A2EE1D8255C2AA0E9
E8E694
16:40:54.0430 10700 Browser ( ForgedFile.Multi.Generic ) - warning
16:40:54.0430 10700 Browser - detected ForgedFile.Multi.Generic (1)
16:40:54.0435 10700 [ 4579108CDA3CEBC6432027A86E7B7A9B ] Brserid

C:\Win
dows\System32\Drivers\Brserid.sys
16:40:54.0451 10700 Suspicious file (Forged): C:\Windows\System32\Drivers\Brser
id.sys. Real md5: 4579108CDA3CEBC6432027A86E7B7A9B, Fake md5: 43BEA8D483BF1870F0
18E2D02E06A5BD
16:40:54.0452 10700 Brserid ( ForgedFile.Multi.Generic ) - warning
16:40:54.0452 10700 Brserid - detected ForgedFile.Multi.Generic (1)
16:40:54.0467 10700 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm
C:\Win
dows\System32\Drivers\BrSerWdm.sys
16:40:54.0469 10700 BrSerWdm - ok
16:40:54.0473 10700 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm
C:\Win
dows\System32\Drivers\BrUsbMdm.sys
16:40:54.0474 10700 BrUsbMdm - ok
16:40:54.0504 10700 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer
C:\Win
dows\System32\Drivers\BrUsbSer.sys
16:40:54.0506 10700 BrUsbSer - ok
16:40:54.0550 10700 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum
C:\Win
dows\system32\drivers\BthEnum.sys
16:40:54.0552 10700 BthEnum - ok
16:40:54.0567 10700 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM
C:\Win
dows\system32\DRIVERS\bthmodem.sys
16:40:54.0569 10700 BTHMODEM - ok
16:40:54.0577 10700 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan
C:\Win
dows\system32\DRIVERS\bthpan.sys
16:40:54.0579 10700 BthPan - ok
16:40:54.0611 10700 [ B07500770CF6E855A4BE94DD0177051E ] BTHPORT
C:\Win
dows\System32\Drivers\BTHport.sys
16:40:54.0633 10700 Suspicious file (Forged): C:\Windows\System32\Drivers\BTHpo
rt.sys. Real md5: B07500770CF6E855A4BE94DD0177051E, Fake md5: 738D0E9272F59EB7A1
449C3EC118E6C4
16:40:54.0635 10700 BTHPORT ( ForgedFile.Multi.Generic ) - warning
16:40:54.0635 10700 BTHPORT - detected ForgedFile.Multi.Generic (1)
16:40:54.0666 10700 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv
C:\Win
dows\system32\bthserv.dll
16:40:54.0668 10700 bthserv - ok
16:40:54.0704 10700 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB
C:\Win
dows\System32\Drivers\BTHUSB.sys
16:40:54.0706 10700 BTHUSB - ok
16:40:54.0747 10700 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio
C:\Win
dows\system32\drivers\btwaudio.sys
16:40:54.0749 10700 btwaudio - ok
16:40:54.0764 10700 [ 1B983FC6B8C60383B0960DD75942C527 ] btwavdt
C:\Win
dows\system32\drivers\btwavdt.sys
16:40:54.0766 10700 Suspicious file (Forged): C:\Windows\system32\drivers\btwav
dt.sys. Real md5: 1B983FC6B8C60383B0960DD75942C527, Fake md5: 82DC8B7C626E526681
C1BEBED2BC3FF9
16:40:54.0766 10700 btwavdt ( ForgedFile.Multi.Generic ) - warning
16:40:54.0766 10700 btwavdt - detected ForgedFile.Multi.Generic (1)
16:40:54.0817 10700 [ 44A3523497B2D41D1C88715332D796A8 ] btwdins
C:\Pro
gram Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:40:54.0838 10700 Suspicious file (Forged): C:\Program Files\WIDCOMM\Bluetoot
h Software\btwdins.exe. Real md5: 44A3523497B2D41D1C88715332D796A8, Fake md5: D6
5AA164ACD0F6706DBCFBBCC9731584
16:40:54.0842 10700 btwdins ( ForgedFile.Multi.Generic ) - warning
16:40:54.0842 10700 btwdins - detected ForgedFile.Multi.Generic (1)
16:40:54.0870 10700 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap
C:\Win
dows\system32\DRIVERS\btwl2cap.sys
16:40:54.0871 10700 btwl2cap - ok
16:40:54.0899 10700 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid
C:\Win
dows\system32\DRIVERS\btwrchid.sys
16:40:54.0900 10700 btwrchid - ok

16:40:54.0923 10700 [ B8BD2BB284668C84865658C77574381A ] cdfs
C:\Win
dows\system32\DRIVERS\cdfs.sys
16:40:54.0925 10700 cdfs - ok
16:40:54.0958 10700 [ 4368EEFD9E44D770C90A5E241139A7D3 ] cdrom
C:\Win
dows\system32\DRIVERS\cdrom.sys
16:40:54.0972 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\cdrom
.sys. Real md5: 4368EEFD9E44D770C90A5E241139A7D3, Fake md5: F036CE71586E93D94DAB
220D7BDF4416
16:40:54.0973 10700 cdrom ( ForgedFile.Multi.Generic ) - warning
16:40:54.0973 10700 cdrom - detected ForgedFile.Multi.Generic (1)
16:40:55.0002 10700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc
C:\Win
16:40:55.0004 10700 CertPropSvc - ok
16:40:55.0043 10700 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass
C:\Win
dows\system32\DRIVERS\circlass.sys
16:40:55.0045 10700 circlass - ok
16:40:55.0064 10700 [ B912731923C57874FDDD3B8FFADA991D ] CLFS
C:\Win
dows\system32\CLFS.sys
16:40:55.0074 10700 Suspicious file (Forged): C:\Windows\system32\CLFS.sys. Rea
l md5: B912731923C57874FDDD3B8FFADA991D, Fake md5: FE1EC06F2253F691FE36217C592A0
206
16:40:55.0075 10700 CLFS ( ForgedFile.Multi.Generic ) - warning
16:40:55.0075 10700 CLFS - detected ForgedFile.Multi.Generic (1)
16:40:55.0121 10700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.
16:40:55.0212 10700 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.
16:40:55.0276 10700 [ B89B6C8262ACA6654AF4C5C96B00EAD4 ] clr_optimization_v4.0.
k\v4.0.30319\mscorsvw.exe. Real md5: B89B6C8262ACA6654AF4C5C96B00EAD4, Fake md5:
C5A75EB48E2344ABDC162BDA79E16841
- warning
Generic (1)
16:40:55.0303 10700 [ C2037CCEB132485E72DE44AB2EF6755C ] clr_optimization_v4.0.
k64\v4.0.30319\mscorsvw.exe. Real md5: C2037CCEB132485E72DE44AB2EF6755C, Fake md
5: C6F9AF94DCD58122A4D7E89DB6BED29D
- warning
Generic (1)
16:40:55.0345 10700 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt
C:\Win
dows\system32\DRIVERS\CmBatt.sys
16:40:55.0346 10700 CmBatt - ok
16:40:55.0370 10700 [ E19D3F095812725D88F9001985B94EDD ] cmdide
C:\Win
dows\system32\drivers\cmdide.sys
16:40:55.0371 10700 cmdide - ok
16:40:55.0390 10700 [ 236B2DCD25AB87A4A963B5D894656334 ] CNG
C:\Win
dows\system32\Drivers\cng.sys
16:40:55.0404 10700 Suspicious file (Forged): C:\Windows\system32\Drivers\cng.s
ys. Real md5: 236B2DCD25AB87A4A963B5D894656334, Fake md5: 9AC4F97C2D3E93367E2148
EA940CD2CD
16:40:55.0405 10700 CNG ( ForgedFile.Multi.Generic ) - warning
16:40:55.0405 10700 CNG - detected ForgedFile.Multi.Generic (1)

16:40:55.0422 10700 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt
C:\Win
dows\system32\DRIVERS\compbatt.sys
16:40:55.0423 10700 Compbatt - ok
16:40:55.0452 10700 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus
C:\Win
dows\system32\drivers\CompositeBus.sys
16:40:55.0454 10700 CompositeBus - ok
16:40:55.0466 10700 COMSysApp - ok
16:40:55.0494 10700 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk
C:\Win
dows\system32\DRIVERS\crcdisk.sys
16:40:55.0495 10700 crcdisk - ok
16:40:55.0539 10700 [ 638817CAAAB58D879A2711EF122AEE89 ] CryptSvc
C:\Win
dows\system32\cryptsvc.dll
16:40:55.0556 10700 Suspicious file (Forged): C:\Windows\system32\cryptsvc.dll.
Real md5: 638817CAAAB58D879A2711EF122AEE89, Fake md5: 9C01375BE382E834CC26D1B7E
AF2C4FE
16:40:55.0557 10700 CryptSvc ( ForgedFile.Multi.Generic ) - warning
16:40:55.0557 10700 CryptSvc - detected ForgedFile.Multi.Generic (1)
16:40:55.0591 10700 [ 816DF6F64DEBA63B029CA19D880EE10A ] DcomLaunch
C:\Win
D123
16:40:55.0611 10700 DcomLaunch ( ForgedFile.Multi.Generic ) - warning
16:40:55.0611 10700 DcomLaunch - detected ForgedFile.Multi.Generic (1)
16:40:55.0635 10700 [ 1E30DDE23D301F1191564ACC17FAE198 ] defragsvc
C:\Win
dows\System32\defragsvc.dll
16:40:55.0645 10700 Suspicious file (Forged): C:\Windows\System32\defragsvc.dll
. Real md5: 1E30DDE23D301F1191564ACC17FAE198, Fake md5: 3CEC7631A84943677AA8FA8E
E5B6B43D
16:40:55.0645 10700 defragsvc ( ForgedFile.Multi.Generic ) - warning
16:40:55.0645 10700 defragsvc - detected ForgedFile.Multi.Generic (1)
16:40:55.0681 10700 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC
C:\Win
dows\system32\Drivers\dfsc.sys
16:40:55.0683 10700 DfsC - ok
16:40:55.0715 10700 [ 15B3FF0D22AB9E82E799064B5545CF3D ] Dhcp
C:\Win
dows\system32\dhcpcore.dll
16:40:55.0735 10700 Suspicious file (Forged): C:\Windows\system32\dhcpcore.dll.
Real md5: 15B3FF0D22AB9E82E799064B5545CF3D, Fake md5: 43D808F5D9E1A18E5EEB5EBC8
3969E4E
16:40:55.0736 10700 Dhcp ( ForgedFile.Multi.Generic ) - warning
16:40:55.0736 10700 Dhcp - detected ForgedFile.Multi.Generic (1)
16:40:55.0764 10700 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache
C:\Win
dows\system32\drivers\discache.sys
16:40:55.0765 10700 discache - ok
16:40:55.0795 10700 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk
C:\Win
dows\system32\DRIVERS\disk.sys
16:40:55.0796 10700 Disk - ok
16:40:55.0824 10700 [ 9DE938B56930C5B59AF440E41120853F ] Dnscache
C:\Win
dows\System32\dnsrslvr.dll
16:40:55.0835 10700 Suspicious file (Forged): C:\Windows\System32\dnsrslvr.dll.
Real md5: 9DE938B56930C5B59AF440E41120853F, Fake md5: 16835866AAA693C7D7FCEBA8F
FF706E4
16:40:55.0836 10700 Dnscache ( ForgedFile.Multi.Generic ) - warning
16:40:55.0836 10700 Dnscache - detected ForgedFile.Multi.Generic (1)
16:40:55.0855 10700 [ 6070A8634574510CCE8E9678901AB34A ] dot3svc
C:\Win
dows\System32\dot3svc.dll
16:40:55.0871 10700 Suspicious file (Forged): C:\Windows\System32\dot3svc.dll.
Real md5: 6070A8634574510CCE8E9678901AB34A, Fake md5: B1FB3DDCA0FDF408750D584359
1AFBC6
16:40:55.0872 10700 dot3svc ( ForgedFile.Multi.Generic ) - warning

16:40:55.0872 10700 dot3svc - detected ForgedFile.Multi.Generic (1)
16:40:55.0892 10700 [ E60F81BC7C76D6EB28F5816311B971B6 ] DPS
C:\Win
dows\system32\dps.dll
16:40:55.0910 10700 Suspicious file (Forged): C:\Windows\system32\dps.dll. Real
md5: E60F81BC7C76D6EB28F5816311B971B6, Fake md5: B26F4F737E8F9DF4F31AF6CF31D058
20
16:40:55.0910 10700 DPS ( ForgedFile.Multi.Generic ) - warning
16:40:55.0910 10700 DPS - detected ForgedFile.Multi.Generic (1)
16:40:55.0944 10700 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud
C:\Win
dows\system32\drivers\drmkaud.sys
16:40:55.0945 10700 drmkaud - ok
16:40:55.0969 10700 [ 1920CD1E5C68A76E66BBD16D85861EAA ] DXGKrnl
C:\Win
dows\System32\drivers\dxgkrnl.sys
16:40:55.0995 10700 Suspicious file (Forged): C:\Windows\System32\drivers\dxgkr
nl.sys. Real md5: 1920CD1E5C68A76E66BBD16D85861EAA, Fake md5: AF2E16242AA723F68F
461B6EAE2EAD3D
16:40:55.0998 10700 DXGKrnl ( ForgedFile.Multi.Generic ) - warning
16:40:55.0998 10700 DXGKrnl - detected ForgedFile.Multi.Generic (1)
16:40:56.0022 10700 [ 383DDFAC0F66F023E66EFC8346AE5703 ] e1yexpress
C:\Win
dows\system32\DRIVERS\e1y62x64.sys
16:40:56.0032 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\e1y62
x64.sys. Real md5: 383DDFAC0F66F023E66EFC8346AE5703, Fake md5: 761B9EDD97A021AA1
922501B7A056635
16:40:56.0033 10700 e1yexpress ( ForgedFile.Multi.Generic ) - warning
16:40:56.0033 10700 e1yexpress - detected ForgedFile.Multi.Generic (1)
16:40:56.0053 10700 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost
C:\Win
dows\System32\eapsvc.dll
16:40:56.0055 10700 EapHost - ok
16:40:56.0088 10700 [ 089813CB08A9A6948B7C5CD30B0B55C1 ] ebdrv
C:\Win
dows\system32\DRIVERS\evbda.sys
16:40:56.0156 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\evbda
.sys. Real md5: 089813CB08A9A6948B7C5CD30B0B55C1, Fake md5: DC5D737F51BE844D8C82
C695EB17372F
16:40:56.0166 10700 ebdrv ( ForgedFile.Multi.Generic ) - warning
16:40:56.0166 10700 ebdrv - detected ForgedFile.Multi.Generic (1)
16:40:56.0197 10700 [ C118A82CD78818C29AB228366EBF81C3 ] EFS
C:\Win
dows\System32\lsass.exe
16:40:56.0198 10700 EFS - ok
16:40:56.0240 10700 [ 43AD2E10E31F1AEB60D8296C1B966287 ] ehRecvr
C:\Win
dows\ehome\ehRecvr.exe
16:40:56.0264 10700 Suspicious file (Forged): C:\Windows\ehome\ehRecvr.exe. Rea
l md5: 43AD2E10E31F1AEB60D8296C1B966287, Fake md5: C4002B6B41975F057D98C439030CE
A07
16:40:56.0266 10700 ehRecvr ( ForgedFile.Multi.Generic ) - warning
16:40:56.0266 10700 ehRecvr - detected ForgedFile.Multi.Generic (1)
16:40:56.0281 10700 [ A6761BA0C8FA8DE5851AF7A679112599 ] ehSched
C:\Win
dows\ehome\ehsched.exe
16:40:56.0296 10700 Suspicious file (Forged): C:\Windows\ehome\ehsched.exe. Rea
l md5: A6761BA0C8FA8DE5851AF7A679112599, Fake md5: 4705E8EF9934482C5BB488CE28AFC
681
16:40:56.0297 10700 ehSched ( ForgedFile.Multi.Generic ) - warning
16:40:56.0297 10700 ehSched - detected ForgedFile.Multi.Generic (1)
16:40:56.0316 10700 [ FB016CA5AA7BB5E071CAFB6A0D7BA54B ] elxstor
C:\Win
dows\system32\DRIVERS\elxstor.sys
16:40:56.0335 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\elxst
or.sys. Real md5: FB016CA5AA7BB5E071CAFB6A0D7BA54B, Fake md5: 0E5DA5369A0FCAEA12
456DD852545184
16:40:56.0336 10700 elxstor ( ForgedFile.Multi.Generic ) - warning
16:40:56.0336 10700 elxstor - detected ForgedFile.Multi.Generic (1)
16:40:56.0356 10700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev

C:\Win
dows\system32\drivers\errdev.sys
16:40:56.0357 10700 ErrDev - ok
16:40:56.0388 10700 [ F94C41F8FA965F031D3E961CD80E5E8F ] EventSystem
C:\Win
dows\system32\es.dll
16:40:56.0405 10700 Suspicious file (Forged): C:\Windows\system32\es.dll. Real
md5: F94C41F8FA965F031D3E961CD80E5E8F, Fake md5: 4166F82BE4D24938977DD1746BE9B8A
0
16:40:56.0405 10700 EventSystem ( ForgedFile.Multi.Generic ) - warning
16:40:56.0405 10700 EventSystem - detected ForgedFile.Multi.Generic (1)
16:40:56.0416 10700 [ FECB77B39816ADA633949F4E27BC6026 ] exfat
C:\Win
dows\system32\drivers\exfat.sys
16:40:56.0431 10700 Suspicious file (Forged): C:\Windows\system32\drivers\exfat
.sys. Real md5: FECB77B39816ADA633949F4E27BC6026, Fake md5: A510C654EC00C1E9BDD9
1EEB3A59823B
16:40:56.0432 10700 exfat ( ForgedFile.Multi.Generic ) - warning
16:40:56.0432 10700 exfat - detected ForgedFile.Multi.Generic (1)
16:40:56.0440 10700 [ C522C1DB31CC1F90B5D21992FD30E2AB ] fastfat
C:\Win
dows\system32\drivers\fastfat.sys
16:40:56.0453 10700 Suspicious file (Forged): C:\Windows\system32\drivers\fastf
at.sys. Real md5: C522C1DB31CC1F90B5D21992FD30E2AB, Fake md5: 0ADC83218B66A6DB38
0C330836F3E36D
16:40:56.0454 10700 fastfat ( ForgedFile.Multi.Generic ) - warning
16:40:56.0454 10700 fastfat - detected ForgedFile.Multi.Generic (1)
16:40:56.0478 10700 [ 9159A2D73D2B652D6EF06B82F4ACCFFE ] Fax
C:\Win
dows\system32\fxssvc.exe
16:40:56.0505 10700 Suspicious file (Forged): C:\Windows\system32\fxssvc.exe. R
eal md5: 9159A2D73D2B652D6EF06B82F4ACCFFE, Fake md5: DBEFD454F8318A0EF691FDD2EAA
B44EB
16:40:56.0507 10700 Fax ( ForgedFile.Multi.Generic ) - warning
16:40:56.0507 10700 Fax - detected ForgedFile.Multi.Generic (1)
16:40:56.0534 10700 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc
C:\Win
dows\system32\DRIVERS\fdc.sys
16:40:56.0535 10700 fdc - ok
16:40:56.0566 10700 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost
C:\Win
dows\system32\fdPHost.dll
16:40:56.0567 10700 fdPHost - ok
16:40:56.0577 10700 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub
C:\Win
dows\system32\fdrespub.dll
16:40:56.0578 10700 FDResPub - ok
16:40:56.0605 10700 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo
C:\Win
dows\system32\drivers\fileinfo.sys
16:40:56.0606 10700 FileInfo - ok
16:40:56.0629 10700 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace
C:\Win
dows\system32\drivers\filetrace.sys
16:40:56.0630 10700 Filetrace - ok
16:40:56.0644 10700 [ B42C4F2962EA4EBEEC994F14B1EA54F4 ] FLEXnet Licensing Serv
ice C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNP
LicensingService.exe
es\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe. Real md5: B42C4
F2962EA4EBEEC994F14B1EA54F4, Fake md5: F76D04F7413B07DAA029F6520B64B4E8
16:40:56.0711 10700 FLEXnet Licensing Service ( ForgedFile.Multi.Generic ) - wa
rning
16:40:56.0711 10700 FLEXnet Licensing Service - detected ForgedFile.Multi.Gener
ic (1)
16:40:56.0753 10700 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk
C:\Win
dows\system32\DRIVERS\flpydisk.sys
16:40:56.0756 10700 flpydisk - ok
16:40:56.0792 10700 [ B85308A9694F3BF948499DEE870D47F7 ] FltMgr
C:\Win
dows\system32\drivers\fltmgr.sys
16:40:56.0810 10700 Suspicious file (Forged): C:\Windows\system32\drivers\fltmg
r.sys. Real md5: B85308A9694F3BF948499DEE870D47F7, Fake md5: DA6B67270FD9DB3697B
20FCE94950741
16:40:56.0811 10700 FltMgr ( ForgedFile.Multi.Generic ) - warning
16:40:56.0811 10700 FltMgr - detected ForgedFile.Multi.Generic (1)
16:40:56.0837 10700 [ CF83178C3B5A40F892BAF8C4E1CA8C7F ] FontCache
C:\Win
dows\system32\FntCache.dll
16:40:56.0860 10700 Suspicious file (Forged): C:\Windows\system32\FntCache.dll.
Real md5: CF83178C3B5A40F892BAF8C4E1CA8C7F, Fake md5: C4C183E6551084039EC862DA1
C945E3D
16:40:56.0864 10700 FontCache ( ForgedFile.Multi.Generic ) - warning
16:40:56.0864 10700 FontCache - detected ForgedFile.Multi.Generic (1)
16:40:56.0911 10700 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Wi
ndows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:40:56.0924 10700 FontCache3.0.0.0 - ok
16:40:56.0949 10700 [ D43703496149971890703B4B1B723EAC ] FsDepends
C:\Win
dows\system32\drivers\FsDepends.sys
16:40:56.0950 10700 FsDepends - ok
16:40:56.0978 10700 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec
C:\Win
dows\system32\drivers\Fs_Rec.sys
16:40:56.0979 10700 Fs_Rec - ok
16:40:56.0992 10700 [ 8A3254F809D1551A0C900A176B02E1CF ] fvevol
C:\Win
dows\system32\DRIVERS\fvevol.sys
16:40:57.0008 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\fvevo
l.sys. Real md5: 8A3254F809D1551A0C900A176B02E1CF, Fake md5: 8F6322049018354F45F
05A2FD2D4E5E0
16:40:57.0009 10700 fvevol ( ForgedFile.Multi.Generic ) - warning
16:40:57.0009 10700 fvevol - detected ForgedFile.Multi.Generic (1)
16:40:57.0032 10700 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx
C:\Win
dows\system32\DRIVERS\gagp30kx.sys
16:40:57.0034 10700 gagp30kx - ok
16:40:57.0090 10700 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM
C:\Win
dows\system32\DRIVERS\GEARAspiWDM.sys
16:40:57.0132 10700 GEARAspiWDM - ok
16:40:57.0152 10700 [ 7E31A55776827C483B057B22D5697EFC ] gpsvc
C:\Win
dows\System32\gpsvc.dll
16:40:57.0181 10700 Suspicious file (Forged): C:\Windows\System32\gpsvc.dll. Re
al md5: 7E31A55776827C483B057B22D5697EFC, Fake md5: 277BBC7E1AA1EE957F573A10ECA7
EF3A
16:40:57.0183 10700 gpsvc ( ForgedFile.Multi.Generic ) - warning
16:40:57.0183 10700 gpsvc - detected ForgedFile.Multi.Generic (1)
16:40:57.0217 10700 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdate
C:\Pro
533F517EB38333CB12A9E8963773
16:40:57.0234 10700 gupdate ( ForgedFile.Multi.Generic ) - warning
16:40:57.0234 10700 gupdate - detected ForgedFile.Multi.Generic (1)
16:40:57.0247 10700 [ E6FE1D6D33D67FD0288E02B40FC97C86 ] gupdatem
C:\Pro
533F517EB38333CB12A9E8963773
16:40:57.0249 10700 gupdatem ( ForgedFile.Multi.Generic ) - warning
16:40:57.0249 10700 gupdatem - detected ForgedFile.Multi.Generic (1)
16:40:57.0264 10700 [ 5F9A0013AB787BCFA38523CE57749A61 ] gusvc
C:\Pro
gram Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:40:57.0322 10700 Suspicious file (Forged): C:\Program Files (x86)\Google\Com
mon\Google Updater\GoogleUpdaterService.exe. Real md5: 5F9A0013AB787BCFA38523CE5
7749A61, Fake md5: 5D4BC124FAAE6730AC002CDB67BF1A1C

16:40:57.0323 10700 gusvc ( ForgedFile.Multi.Generic ) - warning
16:40:57.0323 10700 gusvc - detected ForgedFile.Multi.Generic (1)
16:40:57.0368 10700 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir
C:\Win
dows\system32\drivers\hcw85cir.sys
16:40:57.0369 10700 hcw85cir - ok
16:40:57.0399 10700 [ F8BF7AC80F6F693FB61227358B524761 ] HdAudAddService C:\Win
dows\system32\drivers\HdAudio.sys
16:40:57.0417 10700 Suspicious file (Forged): C:\Windows\system32\drivers\HdAud
io.sys. Real md5: F8BF7AC80F6F693FB61227358B524761, Fake md5: 975761C778E33CD224
98059B91E7373A
16:40:57.0418 10700 HdAudAddService ( ForgedFile.Multi.Generic ) - warning
16:40:57.0418 10700 HdAudAddService - detected ForgedFile.Multi.Generic (1)
16:40:57.0448 10700 [ B76CD2B5E058BD7EBDF2C164DAD1351A ] HDAudBus
C:\Win
dows\system32\drivers\HDAudBus.sys
16:40:57.0457 10700 Suspicious file (Forged): C:\Windows\system32\drivers\HDAud
Bus.sys. Real md5: B76CD2B5E058BD7EBDF2C164DAD1351A, Fake md5: 97BFED39B6B79EB12
CDDBFEED51F56BB
16:40:57.0457 10700 HDAudBus ( ForgedFile.Multi.Generic ) - warning
16:40:57.0458 10700 HDAudBus - detected ForgedFile.Multi.Generic (1)
16:40:57.0479 10700 [ E91AFF2610114CCAEBB90D4D991BB6B2 ] HECIx64
C:\Win
dows\system32\DRIVERS\HECIx64.sys
16:40:57.0481 10700 HECIx64 - ok
16:40:57.0505 10700 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt
C:\Win
dows\system32\DRIVERS\HidBatt.sys
16:40:57.0506 10700 HidBatt - ok
16:40:57.0529 10700 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth
C:\Win
dows\system32\DRIVERS\hidbth.sys
16:40:57.0530 10700 HidBth - ok
16:40:57.0559 10700 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr
C:\Win
dows\system32\DRIVERS\hidir.sys
16:40:57.0560 10700 HidIr - ok
16:40:57.0574 10700 [ AC3F07FD9A21419ADB46321291DE3DE3 ] hidkmdf
C:\Win
dows\system32\DRIVERS\hidkmdf.sys
16:40:57.0575 10700 hidkmdf - ok
16:40:57.0608 10700 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv
C:\Win
dows\system32\hidserv.dll
16:40:57.0610 10700 hidserv - ok
16:40:57.0646 10700 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb
C:\Win
dows\system32\DRIVERS\hidusb.sys
16:40:57.0647 10700 HidUsb - ok
16:40:57.0682 10700 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc
C:\Win
dows\system32\kmsvc.dll
16:40:57.0684 10700 hkmsvc - ok
16:40:57.0712 10700 [ 8B559828B6A296145C2C31C58D19C600 ] HomeGroupListener C:\W
indows\system32\ListSvc.dll
16:40:57.0730 10700 Suspicious file (Forged): C:\Windows\system32\ListSvc.dll.
Real md5: 8B559828B6A296145C2C31C58D19C600, Fake md5: EFDFB3DD38A4376F93E7985173
813ABD
16:40:57.0731 10700 HomeGroupListener ( ForgedFile.Multi.Generic ) - warning
16:40:57.0731 10700 HomeGroupListener - detected ForgedFile.Multi.Generic (1)
16:40:57.0750 10700 [ 918736048677CDEC5B9BE220905FB89D ] HomeGroupProvider C:\W
indows\system32\provsvc.dll
16:40:57.0770 10700 Suspicious file (Forged): C:\Windows\system32\provsvc.dll.
Real md5: 918736048677CDEC5B9BE220905FB89D, Fake md5: 908ACB1F594274965A53926B10
C81E89
16:40:57.0770 10700 HomeGroupProvider ( ForgedFile.Multi.Generic ) - warning
16:40:57.0770 10700 HomeGroupProvider - detected ForgedFile.Multi.Generic (1)
16:40:57.0804 10700 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD
C:\Win
dows\system32\drivers\HpSAMD.sys
16:40:57.0806 10700 HpSAMD - ok

16:40:57.0844 10700 [ C5FA6E35D7309D231A2CCF00E2785DF2 ] HTTP
C:\Win
dows\system32\drivers\HTTP.sys
16:40:57.0866 10700 Suspicious file (Forged): C:\Windows\system32\drivers\HTTP.
sys. Real md5: C5FA6E35D7309D231A2CCF00E2785DF2, Fake md5: 0EA7DE1ACB728DD5A369F
D742D6EEE28
16:40:57.0868 10700 HTTP ( ForgedFile.Multi.Generic ) - warning
16:40:57.0868 10700 HTTP - detected ForgedFile.Multi.Generic (1)
16:40:57.0912 10700 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy
C:\Win
dows\system32\drivers\hwpolicy.sys
16:40:57.0914 10700 hwpolicy - ok
16:40:57.0941 10700 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt
C:\Win
dows\system32\drivers\i8042prt.sys
16:40:57.0942 10700 i8042prt - ok
16:40:57.0949 10700 [ CF2A71080A02FDB14CC54E7ECF380877 ] iaStorV
C:\Win
dows\system32\drivers\iaStorV.sys
16:40:57.0961 10700 Suspicious file (Forged): C:\Windows\system32\drivers\iaSto
rV.sys. Real md5: CF2A71080A02FDB14CC54E7ECF380877, Fake md5: AAAF44DB3BD0B9D1FB
6969B23ECC8366
16:40:57.0962 10700 iaStorV ( ForgedFile.Multi.Generic ) - warning
16:40:57.0962 10700 iaStorV - detected ForgedFile.Multi.Generic (1)
16:40:57.0995 10700 [ 7C9915F74F4938AFDA8AEECB55D2CEF8 ] idsvc
C:\Win
dows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.ex
e
k64\v3.0\Windows Communication Foundation\infocard.exe. Real md5: 7C9915F74F4938
AFDA8AEECB55D2CEF8, Fake md5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
16:40:58.0031 10700 idsvc ( ForgedFile.Multi.Generic ) - warning
16:40:58.0031 10700 idsvc - detected ForgedFile.Multi.Generic (1)
16:40:58.0060 10700 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp
C:\Win
dows\system32\DRIVERS\iirsp.sys
16:40:58.0061 10700 iirsp - ok
16:40:58.0095 10700 [ C537780F4E20DC2035D308F3487174D9 ] IKEEXT
C:\Win
dows\System32\ikeext.dll
16:40:58.0118 10700 Suspicious file (Forged): C:\Windows\System32\ikeext.dll. R
eal md5: C537780F4E20DC2035D308F3487174D9, Fake md5: FCD84C381E0140AF901E58D4888
2D26B
16:40:58.0120 10700 IKEEXT ( ForgedFile.Multi.Generic ) - warning
16:40:58.0120 10700 IKEEXT - detected ForgedFile.Multi.Generic (1)
16:40:58.0165 10700 [ 2C5C11C2364955FA7F07B6920E1A66B3 ] IntcAzAudAddService C:
\Windows\system32\drivers\RTKVHD64.sys
16:40:58.0201 10700 Suspicious file (Forged): C:\Windows\system32\drivers\RTKVH
D64.sys. Real md5: 2C5C11C2364955FA7F07B6920E1A66B3, Fake md5: B16FC828CE7A76A8F
1CE682E6EAD2627
16:40:58.0206 10700 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - warning
16:40:58.0207 10700 IntcAzAudAddService - detected ForgedFile.Multi.Generic (1)
16:40:58.0248 10700 [ F00F20E70C6EC3AA366910083A0518AA ] intelide
C:\Win
dows\system32\drivers\intelide.sys
16:40:58.0262 10700 intelide - ok
16:40:58.0295 10700 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm
C:\Win
dows\system32\DRIVERS\intelppm.sys
16:40:58.0297 10700 intelppm - ok
16:40:58.0322 10700 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum
C:\Win
dows\system32\ipbusenum.dll
16:40:58.0324 10700 IPBusEnum - ok
16:40:58.0369 10700 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Win
dows\system32\DRIVERS\ipfltdrv.sys
16:40:58.0371 10700 IpFilterDriver - ok
16:40:58.0391 10700 [ 9D11046130DC3A861A5143631BC5BBDD ] iphlpsvc
C:\Win
dows\System32\iphlpsvc.dll
16:40:58.0406 10700 Suspicious file (Forged): C:\Windows\System32\iphlpsvc.dll.

Real md5: 9D11046130DC3A861A5143631BC5BBDD, Fake md5: 08C2957BB30058E663720C560
6885653
16:40:58.0408 10700 iphlpsvc ( ForgedFile.Multi.Generic ) - warning
16:40:58.0408 10700 iphlpsvc - detected ForgedFile.Multi.Generic (1)
16:40:58.0424 10700 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV
C:\Win
dows\system32\drivers\IPMIDrv.sys
16:40:58.0425 10700 IPMIDRV - ok
16:40:58.0450 10700 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT
C:\Win
dows\system32\drivers\ipnat.sys
16:40:58.0452 10700 IPNAT - ok
16:40:58.0493 10700 [ CFDD4A8C76A0848EB3A97793ACC3BF09 ] iPod Service
C:\Pro
gram Files\iPod\bin\iPodService.exe
16:40:58.0513 10700 Suspicious file (Forged): C:\Program Files\iPod\bin\iPodSer
vice.exe. Real md5: CFDD4A8C76A0848EB3A97793ACC3BF09, Fake md5: 4EFFC8FF6D349E97
1E94B1C670C0C66A
16:40:58.0514 10700 iPod Service ( ForgedFile.Multi.Generic ) - warning
16:40:58.0514 10700 iPod Service - detected ForgedFile.Multi.Generic (1)
16:40:58.0531 10700 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM
C:\Win
dows\system32\drivers\irenum.sys
16:40:58.0532 10700 IRENUM - ok
16:40:58.0556 10700 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp
C:\Win
dows\system32\drivers\isapnp.sys
16:40:58.0557 10700 isapnp - ok
16:40:58.0577 10700 [ 143ED63F0DA9D94E78099906D37FBA62 ] iScsiPrt
C:\Win
dows\system32\drivers\msiscsi.sys
16:40:58.0592 10700 Suspicious file (Forged): C:\Windows\system32\drivers\msisc
si.sys. Real md5: 143ED63F0DA9D94E78099906D37FBA62, Fake md5: D931D7309DEB231703
5B07C9F9E6B0BD
16:40:58.0592 10700 iScsiPrt ( ForgedFile.Multi.Generic ) - warning
16:40:58.0593 10700 iScsiPrt - detected ForgedFile.Multi.Generic (1)
16:40:58.0619 10700 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr
c:\Pro
gram Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:40:58.0621 10700 IviRegMgr - ok
16:40:58.0648 10700 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass
C:\Win
dows\system32\DRIVERS\kbdclass.sys
16:40:58.0650 10700 kbdclass - ok
16:40:58.0676 10700 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid
C:\Win
dows\system32\DRIVERS\kbdhid.sys
16:40:58.0677 10700 kbdhid - ok
16:40:58.0697 10700 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso
C:\Win
16:40:58.0700 10700 KeyIso - ok
16:40:58.0723 10700 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD
C:\Win
dows\system32\Drivers\ksecdd.sys
16:40:58.0725 10700 KSecDD - ok
16:40:58.0737 10700 [ 54FB419B56B3BD239C23F356264404AC ] KSecPkg
C:\Win
dows\system32\Drivers\ksecpkg.sys
16:40:58.0748 10700 Suspicious file (Forged): C:\Windows\system32\Drivers\ksecp
kg.sys. Real md5: 54FB419B56B3BD239C23F356264404AC, Fake md5: 26C43A7C2862447EC5
9DEDA188D1DA07
16:40:58.0748 10700 KSecPkg ( ForgedFile.Multi.Generic ) - warning
16:40:58.0748 10700 KSecPkg - detected ForgedFile.Multi.Generic (1)
16:40:58.0773 10700 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk
C:\Win
dows\system32\drivers\ksthunk.sys
16:40:58.0774 10700 ksthunk - ok
16:40:58.0795 10700 [ 32975E1A2D10A360331DE84682371277 ] KtmRm
C:\Win
dows\system32\msdtckrm.dll
16:40:58.0812 10700 Suspicious file (Forged): C:\Windows\system32\msdtckrm.dll.
Real md5: 32975E1A2D10A360331DE84682371277, Fake md5: 6AB66E16AA859232F64DEB668
87A8C9C
16:40:58.0813 10700 KtmRm ( ForgedFile.Multi.Generic ) - warning
16:40:58.0813 10700 KtmRm - detected ForgedFile.Multi.Generic (1)
16:40:58.0852 10700 [ 4BD20FA0B73B61D8415C27807475929B ] LanmanServer
C:\Win
dows\system32\srvsvc.dll
16:40:58.0868 10700 Suspicious file (Forged): C:\Windows\system32\srvsvc.dll. R
eal md5: 4BD20FA0B73B61D8415C27807475929B, Fake md5: D9F42719019740BAA6D1C6D536C
BDAA6
16:40:58.0869 10700 LanmanServer ( ForgedFile.Multi.Generic ) - warning
16:40:58.0869 10700 LanmanServer - detected ForgedFile.Multi.Generic (1)
16:40:58.0903 10700 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\W
indows\System32\wkssvc.dll
16:40:58.0907 10700 LanmanWorkstation - ok
16:40:58.0941 10700 [ 1538831CF8AD2979A04C423779465827 ] lltdio
C:\Win
dows\system32\DRIVERS\lltdio.sys
16:40:58.0943 10700 lltdio - ok
16:40:58.0960 10700 [ 6D532F61A64CCFCDA3EE9616674E7C3B ] lltdsvc
C:\Win
dows\System32\lltdsvc.dll
16:40:58.0977 10700 Suspicious file (Forged): C:\Windows\System32\lltdsvc.dll.
Real md5: 6D532F61A64CCFCDA3EE9616674E7C3B, Fake md5: C1185803384AB3FEED115F79F1
09427F
16:40:58.0977 10700 lltdsvc ( ForgedFile.Multi.Generic ) - warning
16:40:58.0977 10700 lltdsvc - detected ForgedFile.Multi.Generic (1)
16:40:58.0993 10700 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts
C:\Win
dows\System32\lmhsvc.dll
16:40:58.0994 10700 lmhosts - ok
16:40:59.0028 10700 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC
C:\Win
dows\system32\DRIVERS\lsi_fc.sys
16:40:59.0030 10700 LSI_FC - ok
16:40:59.0045 10700 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS
C:\Win
dows\system32\DRIVERS\lsi_sas.sys
16:40:59.0047 10700 LSI_SAS - ok
16:40:59.0065 10700 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2
C:\Win
dows\system32\DRIVERS\lsi_sas2.sys
16:40:59.0067 10700 LSI_SAS2 - ok
16:40:59.0084 10700 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI
C:\Win
dows\system32\DRIVERS\lsi_scsi.sys
16:40:59.0085 10700 LSI_SCSI - ok
16:40:59.0114 10700 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv
C:\Win
dows\system32\drivers\luafv.sys
16:40:59.0116 10700 luafv - ok
16:40:59.0162 10700 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc
C:\Win
dows\system32\Mcx2Svc.dll
16:40:59.0164 10700 Mcx2Svc - ok
16:40:59.0178 10700 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas
C:\Win
dows\system32\DRIVERS\megasas.sys
16:40:59.0179 10700 megasas - ok
16:40:59.0184 10700 [ A2BD129C8B7E87EA4DA821D729F177BB ] MegaSR
C:\Win
dows\system32\DRIVERS\MegaSR.sys
16:40:59.0196 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\MegaS
R.sys. Real md5: A2BD129C8B7E87EA4DA821D729F177BB, Fake md5: BAF74CE0072480C3B6B
7C13B2A94D6B3
16:40:59.0196 10700 MegaSR ( ForgedFile.Multi.Generic ) - warning
16:40:59.0196 10700 MegaSR - detected ForgedFile.Multi.Generic (1)
16:40:59.0335 10700 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS
C:\Win
16:40:59.0386 10700 MMCSS - ok
16:40:59.0463 10700 [ 800BA92F7010378B09F9ED9270F07137 ] Modem
C:\Win
dows\system32\drivers\modem.sys
16:40:59.0477 10700 Modem - ok
16:40:59.0499 10700 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor

C:\Win
dows\system32\DRIVERS\monitor.sys
16:40:59.0500 10700 monitor - ok
16:40:59.0528 10700 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass
C:\Win
dows\system32\DRIVERS\mouclass.sys
16:40:59.0530 10700 mouclass - ok
16:40:59.0548 10700 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid
C:\Win
dows\system32\DRIVERS\mouhid.sys
16:40:59.0550 10700 mouhid - ok
16:40:59.0588 10700 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr
C:\Win
dows\system32\drivers\mountmgr.sys
16:40:59.0589 10700 mountmgr - ok
16:40:59.0662 10700 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\
Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:40:59.0670 10700 MozillaMaintenance - ok
16:40:59.0691 10700 [ EEA6C7E32D7FA992B5E9C5C84643A57E ] mpio
C:\Win
dows\system32\drivers\mpio.sys
16:40:59.0705 10700 Suspicious file (Forged): C:\Windows\system32\drivers\mpio.
sys. Real md5: EEA6C7E32D7FA992B5E9C5C84643A57E, Fake md5: A44B420D30BD56E145D6A
2BC8768EC58
16:40:59.0705 10700 mpio ( ForgedFile.Multi.Generic ) - warning
16:40:59.0705 10700 mpio - detected ForgedFile.Multi.Generic (1)
16:40:59.0732 10700 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv
C:\Win
dows\system32\drivers\mpsdrv.sys
16:40:59.0734 10700 mpsdrv - ok
16:40:59.0753 10700 [ 6EC25B77CCC50CFA1F762C0EF9285635 ] MpsSvc
C:\Win
dows\system32\mpssvc.dll
16:40:59.0779 10700 Suspicious file (Forged): C:\Windows\system32\mpssvc.dll. R
eal md5: 6EC25B77CCC50CFA1F762C0EF9285635, Fake md5: 54FFC9C8898113ACE189D4AA719
9D2C1
16:40:59.0782 10700 MpsSvc ( ForgedFile.Multi.Generic ) - warning
16:40:59.0782 10700 MpsSvc - detected ForgedFile.Multi.Generic (1)
16:40:59.0808 10700 [ 370197CD43319BA40CCE4FC6DDF047B7 ] MRxDAV
C:\Win
dows\system32\drivers\mrxdav.sys
16:40:59.0821 10700 Suspicious file (Forged): C:\Windows\system32\drivers\mrxda
v.sys. Real md5: 370197CD43319BA40CCE4FC6DDF047B7, Fake md5: DC722758B8261E1ABAF
D31A3C0A66380
16:40:59.0821 10700 MRxDAV ( ForgedFile.Multi.Generic ) - warning
16:40:59.0821 10700 MRxDAV - detected ForgedFile.Multi.Generic (1)
16:40:59.0841 10700 [ 16AEFF7419654FA2B10C1D42AA290AFD ] mrxsmb
C:\Win
dows\system32\DRIVERS\mrxsmb.sys
b.sys. Real md5: 16AEFF7419654FA2B10C1D42AA290AFD, Fake md5: A5D9106A73DC88564C8
25D317CAC68AC
16:40:59.0850 10700 mrxsmb ( ForgedFile.Multi.Generic ) - warning
16:40:59.0850 10700 mrxsmb - detected ForgedFile.Multi.Generic (1)
16:40:59.0863 10700 [ E44601A4B7F19AB2F9AAB27B7FC435EA ] mrxsmb10
C:\Win
b10.sys. Real md5: E44601A4B7F19AB2F9AAB27B7FC435EA, Fake md5: D711B3C1D5F42C0C2
415687BE09FC163
16:40:59.0883 10700 [ 05DBBD20D38DEC7598E4AE3E255200AD ] mrxsmb20
C:\Win
b20.sys. Real md5: 05DBBD20D38DEC7598E4AE3E255200AD, Fake md5: 9423E9D355C8D303E
76B8CFBD8A5C30C
16:40:59.0921 10700 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci

C:\Win
dows\system32\drivers\msahci.sys
16:40:59.0922 10700 msahci - ok
16:40:59.0941 10700 [ 3D41AEB931541ACC9BEB8F4DF8BF79ED ] msdsm
C:\Win
dows\system32\drivers\msdsm.sys
16:40:59.0956 10700 Suspicious file (Forged): C:\Windows\system32\drivers\msdsm
.sys. Real md5: 3D41AEB931541ACC9BEB8F4DF8BF79ED, Fake md5: DB801A638D011B963382
9EB6F663C900
16:40:59.0956 10700 msdsm ( ForgedFile.Multi.Generic ) - warning
16:40:59.0956 10700 msdsm - detected ForgedFile.Multi.Generic (1)
16:40:59.0963 10700 [ 540CAC69CD8A592E498822E3C4B0A6A8 ] MSDTC
C:\Win
dows\System32\msdtc.exe
16:40:59.0971 10700 Suspicious file (Forged): C:\Windows\System32\msdtc.exe. Re
al md5: 540CAC69CD8A592E498822E3C4B0A6A8, Fake md5: DE0ECE52236CFA3ED2DBFC03F282
53A8
16:40:59.0971 10700 MSDTC ( ForgedFile.Multi.Generic ) - warning
16:40:59.0971 10700 MSDTC - detected ForgedFile.Multi.Generic (1)
16:41:00.0013 10700 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs
C:\Win
dows\system32\drivers\Msfs.sys
16:41:00.0043 10700 Msfs - ok
16:41:00.0054 10700 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf
C:\Win
dows\System32\drivers\mshidkmdf.sys
16:41:00.0059 10700 mshidkmdf - ok
16:41:00.0094 10700 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv
C:\Win
dows\system32\drivers\msisadrv.sys
16:41:00.0095 10700 msisadrv - ok
16:41:00.0107 10700 [ 44740F88A09C8BE6A556EA97998BE1C2 ] MSiSCSI
C:\Win
dows\system32\iscsiexe.dll
16:41:00.0132 10700 Suspicious file (Forged): C:\Windows\system32\iscsiexe.dll.
Real md5: 44740F88A09C8BE6A556EA97998BE1C2, Fake md5: 808E98FF49B155C522E640095
3177B08
16:41:00.0143 10700 MSiSCSI ( ForgedFile.Multi.Generic ) - warning
16:41:00.0144 10700 MSiSCSI - detected ForgedFile.Multi.Generic (1)
16:41:00.0160 10700 msiserver - ok
16:41:00.0199 10700 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV
C:\Win
dows\system32\drivers\MSKSSRV.sys
16:41:00.0209 10700 MSKSSRV - ok
16:41:00.0218 10700 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK
C:\Win
dows\system32\drivers\MSPCLOCK.sys
16:41:00.0219 10700 MSPCLOCK - ok
16:41:00.0229 10700 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM
C:\Win
dows\system32\drivers\MSPQM.sys
16:41:00.0230 10700 MSPQM - ok
16:41:00.0245 10700 [ 8137DA33C5BC9A8969959FF84CB8CC45 ] MsRPC
C:\Win
dows\system32\drivers\MsRPC.sys
16:41:00.0262 10700 Suspicious file (Forged): C:\Windows\system32\drivers\MsRPC
.sys. Real md5: 8137DA33C5BC9A8969959FF84CB8CC45, Fake md5: 759A9EEB0FA9ED79DA1F
B7D4EF78866D
16:41:00.0263 10700 MsRPC ( ForgedFile.Multi.Generic ) - warning
16:41:00.0263 10700 MsRPC - detected ForgedFile.Multi.Generic (1)
16:41:00.0354 10700 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios
C:\Win
dows\system32\drivers\mssmbios.sys
16:41:00.0391 10700 mssmbios - ok
16:41:00.0436 10700 MSSQL$MSSMLBIZ - ok
16:41:00.0461 10700 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:
\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
16:41:00.0474 10700 MSSQLServerADHelper - ok
16:41:00.0530 10700 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE
C:\Win
dows\system32\drivers\MSTEE.sys
16:41:00.0532 10700 MSTEE - ok
16:41:00.0566 10700 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig

C:\Win
dows\system32\DRIVERS\MTConfig.sys
16:41:00.0567 10700 MTConfig - ok
16:41:00.0587 10700 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup
C:\Win
dows\system32\Drivers\mup.sys
16:41:00.0589 10700 Mup - ok
16:41:00.0609 10700 [ B07B990A533EBEC7C943EAFD5B9D237D ] napagent
C:\Win
dows\system32\qagentRT.dll
16:41:00.0635 10700 Suspicious file (Forged): C:\Windows\system32\qagentRT.dll.
Real md5: B07B990A533EBEC7C943EAFD5B9D237D, Fake md5: 582AC6D9873E31DFA28A45472
70862DD
16:41:00.0636 10700 napagent ( ForgedFile.Multi.Generic ) - warning
16:41:00.0636 10700 napagent - detected ForgedFile.Multi.Generic (1)
16:41:00.0651 10700 [ E0D96589868533C98B2DBBD4E15B2A2A ] NativeWifiP
C:\Win
dows\system32\DRIVERS\nwifi.sys
16:41:00.0668 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nwifi
.sys. Real md5: E0D96589868533C98B2DBBD4E15B2A2A, Fake md5: 1EA3749C4114DB3E3161
156FFFFA6B33
16:41:00.0669 10700 NativeWifiP ( ForgedFile.Multi.Generic ) - warning
16:41:00.0669 10700 NativeWifiP - detected ForgedFile.Multi.Generic (1)
16:41:00.0697 10700 [ AA6CF591DBBAD99F0FBD222BC233516D ] NDIS
C:\Win
dows\system32\drivers\ndis.sys
16:41:00.0721 10700 Suspicious file (Forged): C:\Windows\system32\drivers\ndis.
sys. Real md5: AA6CF591DBBAD99F0FBD222BC233516D, Fake md5: 760E38053BF56E501D562
B70AD796B88
16:41:00.0724 10700 NDIS ( ForgedFile.Multi.Generic ) - warning
16:41:00.0724 10700 NDIS - detected ForgedFile.Multi.Generic (1)
16:41:00.0743 10700 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap
C:\Win
dows\system32\DRIVERS\ndiscap.sys
16:41:00.0744 10700 NdisCap - ok
16:41:00.0769 10700 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi
C:\Win
dows\system32\DRIVERS\ndistapi.sys
16:41:00.0771 10700 NdisTapi - ok
16:41:00.0813 10700 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio
C:\Win
dows\system32\DRIVERS\ndisuio.sys
16:41:00.0815 10700 Ndisuio - ok
16:41:00.0830 10700 [ 9C9F0B32E25EA08A1DB7E4175A9F2DEB ] NdisWan
C:\Win
dows\system32\DRIVERS\ndiswan.sys
16:41:00.0844 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ndisw
an.sys. Real md5: 9C9F0B32E25EA08A1DB7E4175A9F2DEB, Fake md5: 53F7305169863F0A2B
DDC49E116C2E11
16:41:00.0845 10700 NdisWan ( ForgedFile.Multi.Generic ) - warning
16:41:00.0845 10700 NdisWan - detected ForgedFile.Multi.Generic (1)
16:41:00.0875 10700 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy
C:\Win
dows\system32\drivers\NDProxy.sys
16:41:00.0877 10700 NDProxy - ok
16:41:00.0898 10700 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS
C:\Win
dows\system32\DRIVERS\netbios.sys
16:41:00.0899 10700 NetBIOS - ok
16:41:00.0923 10700 [ C716F948F1CC2F3E4EA170B4BC1BDD62 ] NetBT
C:\Win
dows\system32\DRIVERS\netbt.sys
16:41:00.0941 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\netbt
.sys. Real md5: C716F948F1CC2F3E4EA170B4BC1BDD62, Fake md5: 09594D1089C523423B32
A4229263F068
16:41:00.0942 10700 NetBT ( ForgedFile.Multi.Generic ) - warning
16:41:00.0942 10700 NetBT - detected ForgedFile.Multi.Generic (1)
16:41:00.0964 10700 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon
C:\Win
16:41:00.0966 10700 Netlogon - ok
16:41:00.0980 10700 [ C732877313B5D1F756829298C582E151 ] Netman
C:\Win
dows\System32\netman.dll
16:41:00.0996 10700 Suspicious file (Forged): C:\Windows\System32\netman.dll. R
eal md5: C732877313B5D1F756829298C582E151, Fake md5: 847D3AE376C0817161A14A82C89
22A9E
16:41:00.0997 10700 Netman ( ForgedFile.Multi.Generic ) - warning
16:41:00.0997 10700 Netman - detected ForgedFile.Multi.Generic (1)
16:41:01.0004 10700 [ 1E0ACBAFECBB719402A4E419F83860D6 ] netprofm
C:\Win
dows\System32\netprofm.dll
16:41:01.0016 10700 Suspicious file (Forged): C:\Windows\System32\netprofm.dll.
Real md5: 1E0ACBAFECBB719402A4E419F83860D6, Fake md5: 5F28111C648F1E24F7DBC87CD
EB091B8
16:41:01.0017 10700 netprofm ( ForgedFile.Multi.Generic ) - warning
16:41:01.0017 10700 netprofm - detected ForgedFile.Multi.Generic (1)
16:41:01.0050 10700 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\W
indows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost
.exe
16:41:01.0058 10700 NetTcpPortSharing - ok
16:41:01.0086 10700 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960
C:\Win
dows\system32\DRIVERS\nfrd960.sys
16:41:01.0087 10700 nfrd960 - ok
16:41:01.0106 10700 [ 80C9F3C4C44CD6012CAACC6E829AB935 ] NlaSvc
C:\Win
dows\System32\nlasvc.dll
16:41:01.0117 10700 Suspicious file (Forged): C:\Windows\System32\nlasvc.dll. R
eal md5: 80C9F3C4C44CD6012CAACC6E829AB935, Fake md5: 8AD77806D336673F270DB316452
67293
16:41:01.0118 10700 NlaSvc ( ForgedFile.Multi.Generic ) - warning
16:41:01.0118 10700 NlaSvc - detected ForgedFile.Multi.Generic (1)
16:41:01.0146 10700 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs
C:\Win
dows\system32\drivers\Npfs.sys
16:41:01.0161 10700 Npfs - ok
16:41:01.0188 10700 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi
C:\Win
dows\system32\nsisvc.dll
16:41:01.0190 10700 nsi - ok
16:41:01.0203 10700 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy
C:\Win
dows\system32\drivers\nsiproxy.sys
16:41:01.0214 10700 nsiproxy - ok
16:41:01.0251 10700 [ 500C699225885BA8B8C672339020626D ] Ntfs
C:\Win
dows\system32\drivers\Ntfs.sys
16:41:01.0298 10700 Suspicious file (Forged): C:\Windows\system32\drivers\Ntfs.
sys. Real md5: 500C699225885BA8B8C672339020626D, Fake md5: B98F8C6E31CD07B2E6F71
F7F648E38C0
16:41:01.0302 10700 Ntfs ( ForgedFile.Multi.Generic ) - warning
16:41:01.0302 10700 Ntfs - detected ForgedFile.Multi.Generic (1)
16:41:01.0365 10700 [ A15CDAB7892593C3216CFF8B11C8BF2D ] ntrtscan
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
o\OfficeScan Client\ntrtscan.exe. Real md5: A15CDAB7892593C3216CFF8B11C8BF2D, Fa
ke md5: 1B3BE4DFCC24640547DFBEC8BDD3C7C4
16:41:01.0420 10700 ntrtscan ( ForgedFile.Multi.Generic ) - warning
16:41:01.0421 10700 ntrtscan - detected ForgedFile.Multi.Generic (1)
16:41:01.0464 10700 [ 9899284589F75FA8724FF3D16AED75C1 ] Null
C:\Win
dows\system32\drivers\Null.sys
16:41:01.0465 10700 Null - ok
16:41:01.0530 10700 [ DD3739E40B7AADE288B72643E8C1E50C ] nvlddmkm
C:\Win
dows\system32\DRIVERS\nvlddmkm.sys
16:41:01.0700 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\nvldd
mkm.sys. Real md5: DD3739E40B7AADE288B72643E8C1E50C, Fake md5: FF02BAE39D23BB749
59F6F49BBD589D3
16:41:01.0733 10700 nvlddmkm ( ForgedFile.Multi.Generic ) - warning
16:41:01.0733 10700 nvlddmkm - detected ForgedFile.Multi.Generic (1)
16:41:01.0768 10700 [ 9C7B92EC80B77099D5C0FC8535B1B2CD ] nvraid

C:\Win
dows\system32\drivers\nvraid.sys
16:41:01.0780 10700 Suspicious file (Forged): C:\Windows\system32\drivers\nvrai
d.sys. Real md5: 9C7B92EC80B77099D5C0FC8535B1B2CD, Fake md5: 0A92CB65770442ED0DC
44834632F66AD
16:41:01.0780 10700 nvraid ( ForgedFile.Multi.Generic ) - warning
16:41:01.0780 10700 nvraid - detected ForgedFile.Multi.Generic (1)
16:41:01.0798 10700 [ D5746AD5407B29F81E008424B010526F ] nvstor
C:\Win
dows\system32\drivers\nvstor.sys
16:41:01.0809 10700 Suspicious file (Forged): C:\Windows\system32\drivers\nvsto
r.sys. Real md5: D5746AD5407B29F81E008424B010526F, Fake md5: DAB0E87525C10052BF6
5F06152F37E4A
16:41:01.0810 10700 nvstor ( ForgedFile.Multi.Generic ) - warning
16:41:01.0810 10700 nvstor - detected ForgedFile.Multi.Generic (1)
16:41:01.0840 10700 [ BEBBAF418E7EB23FE5C5F6465B7A7781 ] nvsvc
C:\Win
dows\system32\nvvsvc.exe
16:41:01.0854 10700 Suspicious file (Forged): C:\Windows\system32\nvvsvc.exe. R
eal md5: BEBBAF418E7EB23FE5C5F6465B7A7781, Fake md5: 7C1AD7110624B1B546CDC752486
AE9FA
16:41:01.0855 10700 nvsvc ( ForgedFile.Multi.Generic ) - warning
16:41:01.0855 10700 nvsvc - detected ForgedFile.Multi.Generic (1)
16:41:01.0868 10700 [ 38E1500522B8FB97248147FCDCE63B1F ] nv_agp
C:\Win
dows\system32\drivers\nv_agp.sys
16:41:01.0879 10700 Suspicious file (Forged): C:\Windows\system32\drivers\nv_ag
p.sys. Real md5: 38E1500522B8FB97248147FCDCE63B1F, Fake md5: 270D7CD42D6E3979F6D
D0146650F0E05
16:41:01.0880 10700 nv_agp ( ForgedFile.Multi.Generic ) - warning
16:41:01.0880 10700 nv_agp - detected ForgedFile.Multi.Generic (1)
16:41:01.0912 10700 [ 58D038F101EA35B08EA81F1BA9C0CE69 ] NW1950
C:\Win
dows\system32\DRIVERS\NW1950.sys
16:41:01.0914 10700 NW1950 - ok
16:41:01.0939 10700 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394
C:\Win
dows\system32\drivers\ohci1394.sys
16:41:01.0941 10700 ohci1394 - ok
16:41:01.0993 10700 [ 23345305EDC5827EDE315B8491292308 ] ose
C:\Pro
gram Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
es\Microsoft Shared\Source Engine\OSE.EXE. Real md5: 23345305EDC5827EDE315B84912
92308, Fake md5: 5A432A042DAE460ABE7199B758E8606C
16:41:02.0007 10700 ose ( ForgedFile.Multi.Generic ) - warning
16:41:02.0007 10700 ose - detected ForgedFile.Multi.Generic (1)
16:41:02.0043 10700 [ 5F6F4CE6E34C63088F2D049DB21AE060 ] p2pimsvc
C:\Win
0DCAFE
16:41:02.0062 10700 p2pimsvc ( ForgedFile.Multi.Generic ) - warning
16:41:02.0062 10700 p2pimsvc - detected ForgedFile.Multi.Generic (1)
16:41:02.0091 10700 [ 756645FB1BF7F3A406DD9A4C13CC73C0 ] p2psvc
C:\Win
dows\system32\p2psvc.dll
16:41:02.0110 10700 Suspicious file (Forged): C:\Windows\system32\p2psvc.dll. R
eal md5: 756645FB1BF7F3A406DD9A4C13CC73C0, Fake md5: 927463ECB02179F88E4B9A17568
C63C3
16:41:02.0111 10700 p2psvc ( ForgedFile.Multi.Generic ) - warning
16:41:02.0111 10700 p2psvc - detected ForgedFile.Multi.Generic (1)
16:41:02.0141 10700 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport
C:\Win
dows\system32\DRIVERS\parport.sys
16:41:02.0143 10700 Parport - ok
16:41:02.0183 10700 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr
C:\Win
dows\system32\drivers\partmgr.sys
16:41:02.0184 10700 partmgr - ok

16:41:02.0190 10700 [ F996ED9045A526FF8416402F74D649F0 ] PcaSvc
C:\Win
dows\System32\pcasvc.dll
16:41:02.0228 10700 Suspicious file (Forged): C:\Windows\System32\pcasvc.dll. R
eal md5: F996ED9045A526FF8416402F74D649F0, Fake md5: 3AEAA8B561E63452C655DC05849
22257
16:41:02.0229 10700 PcaSvc ( ForgedFile.Multi.Generic ) - warning
16:41:02.0229 10700 PcaSvc - detected ForgedFile.Multi.Generic (1)
16:41:02.0252 10700 [ C50B5F389659FB359CCB18459F719F6C ] pci
C:\Win
dows\system32\drivers\pci.sys
16:41:02.0263 10700 Suspicious file (Forged): C:\Windows\system32\drivers\pci.s
ys. Real md5: C50B5F389659FB359CCB18459F719F6C, Fake md5: 94575C0571D1462A0F70BD
E6BD6EE6B3
16:41:02.0263 10700 pci ( ForgedFile.Multi.Generic ) - warning
16:41:02.0263 10700 pci - detected ForgedFile.Multi.Generic (1)
16:41:02.0276 10700 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide
C:\Win
dows\system32\drivers\pciide.sys
16:41:02.0277 10700 pciide - ok
16:41:02.0300 10700 [ 363452647D3E2DA5E3E385C6475D4460 ] pcmcia
C:\Win
dows\system32\DRIVERS\pcmcia.sys
16:41:02.0318 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\pcmci
a.sys. Real md5: 363452647D3E2DA5E3E385C6475D4460, Fake md5: B2E81D4E87CE48589F9
8CB8C05B01F2F
16:41:02.0319 10700 pcmcia ( ForgedFile.Multi.Generic ) - warning
16:41:02.0319 10700 pcmcia - detected ForgedFile.Multi.Generic (1)
16:41:02.0335 10700 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw
C:\Win
dows\system32\drivers\pcw.sys
16:41:02.0336 10700 pcw - ok
16:41:02.0352 10700 [ 707702D6769F95D8FD2F41801D18DF5C ] PEAUTH
C:\Win
dows\system32\drivers\peauth.sys
16:41:02.0372 10700 Suspicious file (Forged): C:\Windows\system32\drivers\peaut
h.sys. Real md5: 707702D6769F95D8FD2F41801D18DF5C, Fake md5: 68769C3356B3BE5D1C7
32C97B9A80D6E
16:41:02.0373 10700 PEAUTH ( ForgedFile.Multi.Generic ) - warning
16:41:02.0374 10700 PEAUTH - detected ForgedFile.Multi.Generic (1)
16:41:02.0456 10700 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost
C:\Win
dows\SysWow64\perfhost.exe
16:41:02.0473 10700 PerfHost - ok
16:41:02.0530 10700 [ 27AE46A9E30F50A6BFA6198E51000357 ] pla
C:\Win
dows\system32\pla.dll
16:41:02.0563 10700 Suspicious file (Forged): C:\Windows\system32\pla.dll. Real
md5: 27AE46A9E30F50A6BFA6198E51000357, Fake md5: C7CF6A6E137463219E1259E3F0F0DD
6C
16:41:02.0567 10700 pla ( ForgedFile.Multi.Generic ) - warning
16:41:02.0567 10700 pla - detected ForgedFile.Multi.Generic (1)
16:41:02.0573 10700 [ 04F8E53EE6768DD99229CD2E938E4A7C ] PlugPlay
C:\Win
dows\system32\umpnpmgr.dll
16:41:02.0603 10700 Suspicious file (Forged): C:\Windows\system32\umpnpmgr.dll.
Real md5: 04F8E53EE6768DD99229CD2E938E4A7C, Fake md5: 25FBDEF06C4D92815B353F6E7
92C8129
16:41:02.0604 10700 PlugPlay ( ForgedFile.Multi.Generic ) - warning
16:41:02.0604 10700 PlugPlay - detected ForgedFile.Multi.Generic (1)
16:41:02.0642 10700 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg
C:\Win
dows\system32\pnrpauto.dll
16:41:02.0644 10700 PNRPAutoReg - ok
16:41:02.0651 10700 [ 5F6F4CE6E34C63088F2D049DB21AE060 ] PNRPsvc
C:\Win
0DCAFE
16:41:02.0687 10700 PNRPsvc ( ForgedFile.Multi.Generic ) - warning

16:41:02.0687 10700 PNRPsvc - detected ForgedFile.Multi.Generic (1)
16:41:02.0720 10700 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64
C:\Win
dows\system32\DRIVERS\point64.sys
16:41:02.0722 10700 Point64 - ok
16:41:02.0753 10700 [ 338C992A965C483EAD8B16F80036C913 ] PolicyAgent
C:\Win
dows\System32\ipsecsvc.dll
16:41:02.0776 10700 Suspicious file (Forged): C:\Windows\System32\ipsecsvc.dll.
Real md5: 338C992A965C483EAD8B16F80036C913, Fake md5: 4F15D75ADF6156BF56ECED6D4
A55C389
16:41:02.0778 10700 PolicyAgent ( ForgedFile.Multi.Generic ) - warning
16:41:02.0778 10700 PolicyAgent - detected ForgedFile.Multi.Generic (1)
16:41:02.0805 10700 [ 6CC3D8ECD5A9967C9227BE8D17B988A6 ] Power
C:\Win
dows\system32\umpo.dll
16:41:02.0815 10700 Suspicious file (Forged): C:\Windows\system32\umpo.dll. Rea
l md5: 6CC3D8ECD5A9967C9227BE8D17B988A6, Fake md5: 6BA9D927DDED70BD1A9CADED45F8B
184
16:41:02.0816 10700 Power ( ForgedFile.Multi.Generic ) - warning
16:41:02.0816 10700 Power - detected ForgedFile.Multi.Generic (1)
16:41:02.0853 10700 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport
C:\Win
dows\system32\DRIVERS\raspptp.sys
16:41:02.0854 10700 PptpMiniport - ok
16:41:02.0885 10700 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor
C:\Win
dows\system32\DRIVERS\processr.sys
16:41:02.0886 10700 Processor - ok
16:41:02.0903 10700 [ 6DC10BD52B9EBE73FB2FB9F06F91D576 ] ProfSvc
C:\Win
dows\system32\profsvc.dll
16:41:02.0918 10700 Suspicious file (Forged): C:\Windows\system32\profsvc.dll.
Real md5: 6DC10BD52B9EBE73FB2FB9F06F91D576, Fake md5: 53E83F1F6CF9D62F32801CF66D
8352A8
16:41:02.0919 10700 ProfSvc ( ForgedFile.Multi.Generic ) - warning
16:41:02.0919 10700 ProfSvc - detected ForgedFile.Multi.Generic (1)
16:41:02.0930 10700 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Wi
ndows\system32\lsass.exe
16:41:02.0932 10700 ProtectedStorage - ok
16:41:02.0958 10700 [ 310D59BD6E8CDC0F2000AF2010679936 ] Psched
C:\Win
dows\system32\DRIVERS\pacer.sys
16:41:02.0976 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\pacer
.sys. Real md5: 310D59BD6E8CDC0F2000AF2010679936, Fake md5: 0557CF5A2556BD58E263
84169D72438D
16:41:02.0977 10700 Psched ( ForgedFile.Multi.Generic ) - warning
16:41:02.0977 10700 Psched - detected ForgedFile.Multi.Generic (1)
16:41:03.0003 10700 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64
C:\Win
dows\system32\Drivers\PxHlpa64.sys
16:41:03.0005 10700 PxHlpa64 - ok
16:41:03.0028 10700 [ F7A7E5C35654A40DAC4F32DF6ACFB443 ] ql2300
C:\Win
dows\system32\DRIVERS\ql2300.sys
16:41:03.0079 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ql230
0.sys. Real md5: F7A7E5C35654A40DAC4F32DF6ACFB443, Fake md5: A53A15A11EBFD210774
63EE2C7AFEEF0
16:41:03.0083 10700 ql2300 ( ForgedFile.Multi.Generic ) - warning
16:41:03.0083 10700 ql2300 - detected ForgedFile.Multi.Generic (1)
16:41:03.0100 10700 [ 78C473D7CBD27DCD30D27035F4A25310 ] ql40xx
C:\Win
dows\system32\DRIVERS\ql40xx.sys
16:41:03.0111 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ql40x
x.sys. Real md5: 78C473D7CBD27DCD30D27035F4A25310, Fake md5: 4F6D12B51DE1AAEFF7D
C58C4D75423C8
16:41:03.0111 10700 ql40xx ( ForgedFile.Multi.Generic ) - warning
16:41:03.0111 10700 ql40xx - detected ForgedFile.Multi.Generic (1)
16:41:03.0134 10700 [ 689CB8A9930F9D6F3838F751619FA22F ] QWAVE
C:\Win
dows\system32\qwave.dll
16:41:03.0151 10700 Suspicious file (Forged): C:\Windows\system32\qwave.dll. Re
al md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: 906191634E99AEA92C4816150BDA
3732
16:41:03.0152 10700 QWAVE ( ForgedFile.Multi.Generic ) - warning
16:41:03.0152 10700 QWAVE - detected ForgedFile.Multi.Generic (1)
16:41:03.0170 10700 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv
C:\Win
dows\system32\drivers\qwavedrv.sys
16:41:03.0172 10700 QWAVEdrv - ok
16:41:03.0183 10700 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd
C:\Win
dows\system32\DRIVERS\rasacd.sys
16:41:03.0184 10700 RasAcd - ok
16:41:03.0208 10700 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn
C:\Win
dows\system32\DRIVERS\AgileVpn.sys
16:41:03.0224 10700 RasAgileVpn - ok
16:41:03.0258 10700 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto
C:\Win
dows\System32\rasauto.dll
16:41:03.0261 10700 RasAuto - ok
16:41:03.0282 10700 [ BF5D2350D0CD373BE05911DA4A7F21E3 ] Rasl2tp
C:\Win
dows\system32\DRIVERS\rasl2tp.sys
16:41:03.0297 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rasl2
tp.sys. Real md5: BF5D2350D0CD373BE05911DA4A7F21E3, Fake md5: 471815800AE33E6F1C
32FB1B97C490CA
16:41:03.0297 10700 Rasl2tp ( ForgedFile.Multi.Generic ) - warning
16:41:03.0297 10700 Rasl2tp - detected ForgedFile.Multi.Generic (1)
16:41:03.0331 10700 [ E265B60A4AF7915C7064C2B7AEC8E1D2 ] RasMan
C:\Win
dows\System32\rasmans.dll
16:41:03.0351 10700 Suspicious file (Forged): C:\Windows\System32\rasmans.dll.
Real md5: E265B60A4AF7915C7064C2B7AEC8E1D2, Fake md5: EE867A0870FC9E4972BA9EAAD3
5651E2
16:41:03.0352 10700 RasMan ( ForgedFile.Multi.Generic ) - warning
16:41:03.0352 10700 RasMan - detected ForgedFile.Multi.Generic (1)
16:41:03.0375 10700 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe
C:\Win
dows\system32\DRIVERS\raspppoe.sys
16:41:03.0376 10700 RasPppoe - ok
16:41:03.0389 10700 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp
C:\Win
dows\system32\DRIVERS\rassstp.sys
16:41:03.0391 10700 RasSstp - ok
16:41:03.0411 10700 [ 13F155753E1D4E9B6D6B1B362C9A7233 ] rdbss
C:\Win
dows\system32\DRIVERS\rdbss.sys
16:41:03.0427 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rdbss
.sys. Real md5: 13F155753E1D4E9B6D6B1B362C9A7233, Fake md5: 77F665941019A1594D88
7A74F301FA2F
16:41:03.0428 10700 rdbss ( ForgedFile.Multi.Generic ) - warning
16:41:03.0428 10700 rdbss - detected ForgedFile.Multi.Generic (1)
16:41:03.0443 10700 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus
C:\Win
dows\system32\DRIVERS\rdpbus.sys
16:41:03.0445 10700 rdpbus - ok
16:41:03.0471 10700 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD
C:\Win
dows\system32\DRIVERS\RDPCDD.sys
16:41:03.0472 10700 RDPCDD - ok
16:41:03.0484 10700 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD
C:\Win
dows\system32\drivers\rdpencdd.sys
16:41:03.0485 10700 RDPENCDD - ok
16:41:03.0494 10700 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP
C:\Win
dows\system32\drivers\rdprefmp.sys
16:41:03.0496 10700 RDPREFMP - ok
16:41:03.0511 10700 [ F1FBD4759044EA9A244E583F71FD94E1 ] RDPWD
C:\Win
dows\system32\drivers\RDPWD.sys
16:41:03.0519 10700 Suspicious file (Forged): C:\Windows\system32\drivers\RDPWD
.sys. Real md5: F1FBD4759044EA9A244E583F71FD94E1, Fake md5: E61608AA35E98999AF9A

AEEEA6114B0A
16:41:03.0519 10700 RDPWD ( ForgedFile.Multi.Generic ) - warning
16:41:03.0519 10700 RDPWD - detected ForgedFile.Multi.Generic (1)
16:41:03.0565 10700 [ 51687F8E2C144A2F04F9525887C58DA2 ] rdyboost
C:\Win
dows\system32\drivers\rdyboost.sys
16:41:03.0586 10700 Suspicious file (Forged): C:\Windows\system32\drivers\rdybo
ost.sys. Real md5: 51687F8E2C144A2F04F9525887C58DA2, Fake md5: 34ED295FA0121C241
BFEF24764FC4520
16:41:03.0586 10700 rdyboost ( ForgedFile.Multi.Generic ) - warning
16:41:03.0587 10700 rdyboost - detected ForgedFile.Multi.Generic (1)
16:41:03.0610 10700 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi
C:\Win
dows\system32\drivers\regi.sys
16:41:03.0611 10700 regi - ok
16:41:03.0640 10700 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess
C:\Win
dows\System32\mprdim.dll
16:41:03.0642 10700 RemoteAccess - ok
16:41:03.0660 10700 [ D68CCAD047B94686B0A004D9EBB3E94F ] RemoteRegistry C:\Win
dows\system32\regsvc.dll
16:41:03.0670 10700 Suspicious file (Forged): C:\Windows\system32\regsvc.dll. R
eal md5: D68CCAD047B94686B0A004D9EBB3E94F, Fake md5: E4D94F24081440B5FC5AA556C7C
62702
16:41:03.0670 10700 RemoteRegistry ( ForgedFile.Multi.Generic ) - warning
16:41:03.0670 10700 RemoteRegistry - detected ForgedFile.Multi.Generic (1)
16:41:03.0692 10700 [ 34CFD342C96F44062A4884C29535F37D ] RFCOMM
C:\Win
dows\system32\DRIVERS\rfcomm.sys
16:41:03.0703 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\rfcom
m.sys. Real md5: 34CFD342C96F44062A4884C29535F37D, Fake md5: 3DD798846E2C28102B9
22C56E71B7932
16:41:03.0703 10700 RFCOMM ( ForgedFile.Multi.Generic ) - warning
16:41:03.0703 10700 RFCOMM - detected ForgedFile.Multi.Generic (1)
16:41:03.0730 10700 [ 5767961268AA43D9F3FA6D59EC8B7B12 ] rimspci
C:\Win
dows\system32\DRIVERS\rimssne64.sys
16:41:03.0731 10700 rimspci - ok
16:41:03.0765 10700 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb
C:\Win
dows\system32\Drivers\RimUsb_AMD64.sys
16:41:03.0766 10700 RimUsb - ok
16:41:03.0790 10700 [ BB6E138AEB351728959DA5E2731D8140 ] risdsnpe
C:\Win
dows\system32\DRIVERS\risdsne64.sys
16:41:03.0792 10700 risdsnpe - ok
16:41:03.0821 10700 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper
C:\Win
dows\System32\RpcEpMap.dll
16:41:03.0823 10700 RpcEptMapper - ok
16:41:03.0840 10700 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator
C:\Win
dows\system32\locator.exe
16:41:03.0842 10700 RpcLocator - ok
16:41:03.0858 10700 [ 816DF6F64DEBA63B029CA19D880EE10A ] RpcSs
C:\Win
D123
16:41:03.0879 10700 RpcSs ( ForgedFile.Multi.Generic ) - warning
16:41:03.0879 10700 RpcSs - detected ForgedFile.Multi.Generic (1)
16:41:03.0920 10700 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr
C:\Win
dows\system32\DRIVERS\rspndr.sys
16:41:03.0922 10700 rspndr - ok
16:41:03.0939 10700 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs
C:\Win
16:41:03.0940 10700 SamSs - ok
16:41:03.0966 10700 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port
C:\Win
dows\system32\drivers\sbp2port.sys
16:41:03.0968 10700 sbp2port - ok
16:41:03.0985 10700 [ 8581913F73B26304A3DAFF46D9FC2B6D ] SCardSvr
C:\Win
dows\System32\SCardSvr.dll
16:41:03.0995 10700 Suspicious file (Forged): C:\Windows\System32\SCardSvr.dll.
Real md5: 8581913F73B26304A3DAFF46D9FC2B6D, Fake md5: 9B7395789E3791A3B6D000FE6
F8B131E
16:41:03.0996 10700 SCardSvr ( ForgedFile.Multi.Generic ) - warning
16:41:03.0996 10700 SCardSvr - detected ForgedFile.Multi.Generic (1)
16:41:04.0028 10700 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter
C:\Win
dows\system32\DRIVERS\scfilter.sys
16:41:04.0029 10700 scfilter - ok
16:41:04.0054 10700 [ B001E8346CD336D37D45A3D614A6B54B ] Schedule
C:\Win
dows\system32\schedsvc.dll
16:41:04.0081 10700 Suspicious file (Forged): C:\Windows\system32\schedsvc.dll.
Real md5: B001E8346CD336D37D45A3D614A6B54B, Fake md5: 262F6592C3299C005FD6BEC90
FC4463A
16:41:04.0084 10700 Schedule ( ForgedFile.Multi.Generic ) - warning
16:41:04.0084 10700 Schedule - detected ForgedFile.Multi.Generic (1)
16:41:04.0111 10700 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc
C:\Win
16:41:04.0112 10700 SCPolicySvc - ok
16:41:04.0154 10700 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus
C:\Win
dows\system32\drivers\sdbus.sys
16:41:04.0156 10700 sdbus - ok
16:41:04.0185 10700 [ 718760248EFD4756E809C731ADAF347B ] SDRSVC
C:\Win
dows\System32\SDRSVC.dll
16:41:04.0202 10700 Suspicious file (Forged): C:\Windows\System32\SDRSVC.dll. R
eal md5: 718760248EFD4756E809C731ADAF347B, Fake md5: 6EA4234DC55346E0709560FE7C2
C1972
16:41:04.0203 10700 SDRSVC ( ForgedFile.Multi.Generic ) - warning
16:41:04.0203 10700 SDRSVC - detected ForgedFile.Multi.Generic (1)
16:41:04.0227 10700 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv
C:\Win
dows\system32\drivers\secdrv.sys
16:41:04.0243 10700 secdrv - ok
16:41:04.0269 10700 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon
C:\Win
dows\system32\seclogon.dll
16:41:04.0271 10700 seclogon - ok
16:41:04.0297 10700 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS
C:\Win
dows\System32\sens.dll
16:41:04.0299 10700 SENS - ok
16:41:04.0327 10700 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc
C:\Win
dows\system32\sensrsvc.dll
16:41:04.0329 10700 SensrSvc - ok
16:41:04.0364 10700 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum
C:\Win
dows\system32\DRIVERS\serenum.sys
16:41:04.0380 10700 Serenum - ok
16:41:04.0398 10700 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial
C:\Win
dows\system32\DRIVERS\serial.sys
16:41:04.0400 10700 Serial - ok
16:41:04.0434 10700 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse
C:\Win
dows\system32\DRIVERS\sermouse.sys
16:41:04.0435 10700 sermouse - ok
16:41:04.0511 10700 [ A9DAE23C8CA1BA670997267B7B382AD4 ] SessionEnv
C:\Win
dows\system32\sessenv.dll
16:41:04.0526 10700 Suspicious file (Forged): C:\Windows\system32\sessenv.dll.
Real md5: A9DAE23C8CA1BA670997267B7B382AD4, Fake md5: 0B6231BF38174A1628C4AC812C
C75804
16:41:04.0527 10700 SessionEnv ( ForgedFile.Multi.Generic ) - warning
16:41:04.0527 10700 SessionEnv - detected ForgedFile.Multi.Generic (1)
16:41:04.0564 10700 [ 70F9C476B62DE4F2823E918A6C181ADE ] SFEP

C:\Win
dows\system32\DRIVERS\SFEP.sys
16:41:04.0565 10700 SFEP - ok
16:41:04.0594 10700 [ A554811BCD09279536440C964AE35BBF ] sffdisk
C:\Win
dows\system32\drivers\sffdisk.sys
16:41:04.0595 10700 sffdisk - ok
16:41:04.0606 10700 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc
C:\Win
dows\system32\drivers\sffp_mmc.sys
16:41:04.0607 10700 sffp_mmc - ok
16:41:04.0619 10700 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd
C:\Win
dows\system32\drivers\sffp_sd.sys
16:41:04.0621 10700 sffp_sd - ok
16:41:04.0654 10700 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy
C:\Win
dows\system32\DRIVERS\sfloppy.sys
16:41:04.0655 10700 sfloppy - ok
16:41:04.0673 10700 [ D006E20FA1B75DF0D4FED0C5200B5F4D ] SharedAccess
C:\Win
dows\System32\ipnathlp.dll
16:41:04.0690 10700 Suspicious file (Forged): C:\Windows\System32\ipnathlp.dll.
Real md5: D006E20FA1B75DF0D4FED0C5200B5F4D, Fake md5: B95F6501A2F8B2E78C697FEC4
01970CE
16:41:04.0691 10700 SharedAccess ( ForgedFile.Multi.Generic ) - warning
16:41:04.0691 10700 SharedAccess - detected ForgedFile.Multi.Generic (1)
16:41:04.0710 10700 [ D9A5896AD69E9B1A2A0C6F718095C50A ] ShellHWDetection C:\Wi
ndows\System32\shsvcs.dll
16:41:04.0734 10700 Suspicious file (Forged): C:\Windows\System32\shsvcs.dll. R
eal md5: D9A5896AD69E9B1A2A0C6F718095C50A, Fake md5: AAF932B4011D14052955D4B212A
4DA8D
16:41:04.0735 10700 ShellHWDetection ( ForgedFile.Multi.Generic ) - warning
16:41:04.0735 10700 ShellHWDetection - detected ForgedFile.Multi.Generic (1)
16:41:04.0767 10700 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2
C:\Win
dows\system32\DRIVERS\SiSRaid2.sys
16:41:04.0768 10700 SiSRaid2 - ok
16:41:04.0795 10700 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4
C:\Win
dows\system32\DRIVERS\sisraid4.sys
16:41:04.0797 10700 SiSRaid4 - ok
16:41:04.0819 10700 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb
C:\Win
dows\system32\DRIVERS\smb.sys
16:41:04.0821 10700 Smb - ok
16:41:04.0859 10700 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP
C:\Win
dows\System32\snmptrap.exe
16:41:04.0861 10700 SNMPTRAP - ok
16:41:04.0916 10700 [ 1C0076D76B8967F178E66BA1E8C57A54 ] SOHCImp
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
es\Sony Shared\SOHLib\SOHCImp.exe. Real md5: 1C0076D76B8967F178E66BA1E8C57A54, F
ake md5: 98886C88A1CB13D61672AE2C638B7E1C
16:41:04.0924 10700 SOHCImp ( ForgedFile.Multi.Generic ) - warning
16:41:04.0924 10700 SOHCImp - detected ForgedFile.Multi.Generic (1)
16:41:04.0961 10700 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
16:41:04.0963 10700 SOHDBSvr - ok
16:41:04.0967 10700 [ 4C46F4DFAFCE21820FF98978BF135530 ] SOHDms
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
es\Sony Shared\SOHLib\SOHDms.exe. Real md5: 4C46F4DFAFCE21820FF98978BF135530, Fa
ke md5: 556681BE668D71DC162391A45422B52C
16:41:04.0983 10700 SOHDms ( ForgedFile.Multi.Generic ) - warning
16:41:04.0983 10700 SOHDms - detected ForgedFile.Multi.Generic (1)
16:41:04.0994 10700 [ 72B46103E4111439109ACF5882627C24 ] SOHDs
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:41:04.0996 10700 SOHDs - ok

16:41:05.0002 10700 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr
C:\Pro
gram Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
16:41:05.0004 10700 SOHPlMgr - ok
16:41:05.0036 10700 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr
C:\Win
dows\system32\drivers\spldr.sys
16:41:05.0052 10700 spldr - ok
16:41:05.0067 10700 [ F9F18AB6CD212C1FD2B7CF9049D476A1 ] Spooler
C:\Win
dows\System32\spoolsv.exe
16:41:05.0086 10700 Suspicious file (Forged): C:\Windows\System32\spoolsv.exe.
Real md5: F9F18AB6CD212C1FD2B7CF9049D476A1, Fake md5: 85DAA09A98C9286D4EA2BA8D0E
644377
16:41:05.0088 10700 Spooler ( ForgedFile.Multi.Generic ) - warning
16:41:05.0088 10700 Spooler - detected ForgedFile.Multi.Generic (1)
16:41:05.0122 10700 [ 1030D0C9B2A5C7E26FAD2B5DA09A3F2C ] sppsvc
C:\Win
dows\system32\sppsvc.exe
16:41:05.0205 10700 Suspicious file (Forged): C:\Windows\system32\sppsvc.exe. R
eal md5: 1030D0C9B2A5C7E26FAD2B5DA09A3F2C, Fake md5: E17E0188BB90FAE42D83E98707E
FA59C
16:41:05.0214 10700 sppsvc ( ForgedFile.Multi.Generic ) - warning
16:41:05.0214 10700 sppsvc - detected ForgedFile.Multi.Generic (1)
16:41:05.0256 10700 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify
C:\Win
dows\system32\sppuinotify.dll
16:41:05.0259 10700 sppuinotify - ok
16:41:05.0276 10700 [ 0E4F0E65B32CB4132B39A439951342A3 ] SQLBrowser
c:\Pro
gram Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
16:41:05.0290 10700 Suspicious file (Forged): c:\Program Files (x86)\Microsoft
SQL Server\90\Shared\sqlbrowser.exe. Real md5: 0E4F0E65B32CB4132B39A439951342A3,
Fake md5: 86EBD8B1F23E743AAD21F4D5B4D40985
16:41:05.0290 10700 SQLBrowser ( ForgedFile.Multi.Generic ) - warning
16:41:05.0290 10700 SQLBrowser - detected ForgedFile.Multi.Generic (1)
16:41:05.0349 10700 [ EF0B70C00C2FD690FE0C99FFA07EB4EF ] SQLWriter
c:\Pro
gram Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
16:41:05.0364 10700 Suspicious file (Forged): c:\Program Files\Microsoft SQL Se
rver\90\Shared\sqlwriter.exe. Real md5: EF0B70C00C2FD690FE0C99FFA07EB4EF, Fake m
d5: 3C432A96363097870995E2A3C8B66ABD
16:41:05.0364 10700 SQLWriter ( ForgedFile.Multi.Generic ) - warning
16:41:05.0364 10700 SQLWriter - detected ForgedFile.Multi.Generic (1)
16:41:05.0380 10700 [ DBE66330EAE4C6213FD35EC473FC3109 ] srv
C:\Win
dows\system32\DRIVERS\srv.sys
16:41:05.0395 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv.s
ys. Real md5: DBE66330EAE4C6213FD35EC473FC3109, Fake md5: 441FBA48BFF01FDB9D5969
EBC1838F0B
16:41:05.0396 10700 srv ( ForgedFile.Multi.Generic ) - warning
16:41:05.0396 10700 srv - detected ForgedFile.Multi.Generic (1)
16:41:05.0402 10700 [ AF0B5F1637EBDF57D7590FC123428EF9 ] srv2
C:\Win
dows\system32\DRIVERS\srv2.sys
16:41:05.0417 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srv2.
sys. Real md5: AF0B5F1637EBDF57D7590FC123428EF9, Fake md5: B4ADEBBF5E3677CCE9651
E0F01F7CC28
16:41:05.0418 10700 srv2 ( ForgedFile.Multi.Generic ) - warning
16:41:05.0418 10700 srv2 - detected ForgedFile.Multi.Generic (1)
16:41:05.0434 10700 [ 1E517742239024F78839DAEE35CB395B ] srvnet
C:\Win
dows\system32\DRIVERS\srvnet.sys
16:41:05.0443 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\srvne
t.sys. Real md5: 1E517742239024F78839DAEE35CB395B, Fake md5: 27E461F0BE5BFF5FC73
7328F749538C3
16:41:05.0443 10700 srvnet ( ForgedFile.Multi.Generic ) - warning
16:41:05.0443 10700 srvnet - detected ForgedFile.Multi.Generic (1)
16:41:05.0470 10700 [ 3FAA64A9833D04C95E49398B1B4E11AA ] SSDPSRV
C:\Win
dows\System32\ssdpsrv.dll
16:41:05.0500 10700 Suspicious file (Forged): C:\Windows\System32\ssdpsrv.dll.
Real md5: 3FAA64A9833D04C95E49398B1B4E11AA, Fake md5: 51B52FBD583CDE8AA9BA62B8B4
298F33
16:41:05.0500 10700 SSDPSRV ( ForgedFile.Multi.Generic ) - warning
16:41:05.0501 10700 SSDPSRV - detected ForgedFile.Multi.Generic (1)
16:41:05.0513 10700 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc
C:\Win
dows\system32\sstpsvc.dll
16:41:05.0516 10700 SstpSvc - ok
16:41:05.0537 10700 [ A6761BA0C8FA8DE5851AF7A679112599 ] ss_bus
C:\Win
dows\system32\DRIVERS\ss_bus.sys
16:41:05.0555 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\ss_bu
s.sys. Real md5: A6761BA0C8FA8DE5851AF7A679112599, Fake md5: D21FF3592DAEE244EE8
376830A672B52
16:41:05.0556 10700 ss_bus ( ForgedFile.Multi.Generic ) - warning
16:41:05.0556 10700 ss_bus - detected ForgedFile.Multi.Generic (1)
16:41:05.0601 10700 [ F3817967ED533D08327DC73BC4D5542A ] stexstor
C:\Win
dows\system32\DRIVERS\stexstor.sys
16:41:05.0602 10700 stexstor - ok
16:41:05.0634 10700 [ 97AD8CDF092E54B27C3D0C0B2A0F0849 ] stisvc
C:\Win
dows\System32\wiaservc.dll
16:41:05.0657 10700 Suspicious file (Forged): C:\Windows\System32\wiaservc.dll.
Real md5: 97AD8CDF092E54B27C3D0C0B2A0F0849, Fake md5: 8DD52E8E6128F4B2DA92CE274
02871C1
16:41:05.0658 10700 stisvc ( ForgedFile.Multi.Generic ) - warning
16:41:05.0658 10700 stisvc - detected ForgedFile.Multi.Generic (1)
16:41:05.0684 10700 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum
C:\Win
dows\system32\drivers\swenum.sys
16:41:05.0685 10700 swenum - ok
16:41:05.0705 10700 [ 59071590099D21DD439896592338BF95 ] swprv
C:\Win
dows\System32\swprv.dll
16:41:05.0727 10700 Suspicious file (Forged): C:\Windows\System32\swprv.dll. Re
al md5: 59071590099D21DD439896592338BF95, Fake md5: E08E46FDD841B7184194011CA195
5A0B
16:41:05.0729 10700 swprv ( ForgedFile.Multi.Generic ) - warning
16:41:05.0729 10700 swprv - detected ForgedFile.Multi.Generic (1)
16:41:05.0767 10700 [ 411258D8A39220B4817EB2F55C4D8FEE ] SysMain
C:\Win
dows\system32\sysmain.dll
16:41:05.0809 10700 Suspicious file (Forged): C:\Windows\system32\sysmain.dll.
Real md5: 411258D8A39220B4817EB2F55C4D8FEE, Fake md5: BF9CCC0BF39B418C8D0AE8B05C
F95B7D
16:41:05.0814 10700 SysMain ( ForgedFile.Multi.Generic ) - warning
16:41:05.0814 10700 SysMain - detected ForgedFile.Multi.Generic (1)
16:41:05.0847 10700 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\
Windows\System32\TabSvc.dll
16:41:05.0850 10700 TabletInputService - ok
16:41:05.0871 10700 [ 3A05225B4172D0FA20107BD503A84681 ] TapiSrv
C:\Win
dows\System32\tapisrv.dll
16:41:05.0892 10700 Suspicious file (Forged): C:\Windows\System32\tapisrv.dll.
Real md5: 3A05225B4172D0FA20107BD503A84681, Fake md5: 40F0849F65D13EE87B9A9AE3C1
DD6823
16:41:05.0893 10700 TapiSrv ( ForgedFile.Multi.Generic ) - warning
16:41:05.0893 10700 TapiSrv - detected ForgedFile.Multi.Generic (1)
16:41:05.0933 10700 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS
C:\Win
dows\System32\tbssvc.dll
16:41:05.0935 10700 TBS - ok
16:41:05.0969 10700 [ C7CE09C1A058F0654866D19049232316 ] Tcpip
C:\Win
dows\system32\drivers\tcpip.sys
16:41:06.0020 10700 Suspicious file (Forged): C:\Windows\system32\drivers\tcpip
A29C34A22899
16:41:06.0025 10700 Tcpip ( ForgedFile.Multi.Generic ) - warning
16:41:06.0025 10700 Tcpip - detected ForgedFile.Multi.Generic (1)
16:41:06.0048 10700 [ C7CE09C1A058F0654866D19049232316 ] TCPIP6
C:\Win
dows\system32\DRIVERS\tcpip.sys
16:41:06.0086 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tcpip
A29C34A22899
16:41:06.0091 10700 TCPIP6 ( ForgedFile.Multi.Generic ) - warning
16:41:06.0091 10700 TCPIP6 - detected ForgedFile.Multi.Generic (1)
16:41:06.0133 10700 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg
C:\Win
dows\system32\drivers\tcpipreg.sys
16:41:06.0134 10700 tcpipreg - ok
16:41:06.0169 10700 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE
C:\Win
dows\system32\drivers\tdpipe.sys
16:41:06.0170 10700 TDPIPE - ok
16:41:06.0183 10700 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP
C:\Win
dows\system32\drivers\tdtcp.sys
16:41:06.0184 10700 TDTCP - ok
16:41:06.0214 10700 [ 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A ] tdx
C:\Win
dows\system32\DRIVERS\tdx.sys
16:41:06.0226 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tdx.s
ys. Real md5: 3FD4AB4CDFB66FCC9BB76BBC8B57EE5A, Fake md5: DDAD5A7AB24D8B65F8D724
F5C20FD806
16:41:06.0227 10700 tdx ( ForgedFile.Multi.Generic ) - warning
16:41:06.0227 10700 tdx - detected ForgedFile.Multi.Generic (1)
16:41:06.0259 10700 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD
C:\Win
dows\system32\drivers\termdd.sys
16:41:06.0260 10700 TermDD - ok
16:41:06.0273 10700 [ 08D4C02950BB5DAD4FC126E2AF2AA66F ] TermService
C:\Win
dows\System32\termsrv.dll
16:41:06.0298 10700 Suspicious file (Forged): C:\Windows\System32\termsrv.dll.
Real md5: 08D4C02950BB5DAD4FC126E2AF2AA66F, Fake md5: 2E648163254233755035B46DD7
B89123
16:41:06.0300 10700 TermService ( ForgedFile.Multi.Generic ) - warning
16:41:06.0300 10700 TermService - detected ForgedFile.Multi.Generic (1)
16:41:06.0349 10700 [ F0344071948D1A1FA732231785A0664C ] Themes
C:\Win
dows\system32\themeservice.dll
16:41:06.0370 10700 Themes - ok
16:41:06.0393 10700 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER
C:\Win
16:41:06.0395 10700 THREADORDER - ok
16:41:06.0431 10700 [ 075F78AFFB479E0089DC0877EDFCF141 ] TmFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
o\OfficeScan Client\TmXPFlt.sys. Real md5: 075F78AFFB479E0089DC0877EDFCF141, Fak
e md5: 7473EE150FF40460166470B59A765091
16:41:06.0447 10700 TmFilter ( ForgedFile.Multi.Generic ) - warning
16:41:06.0447 10700 TmFilter - detected ForgedFile.Multi.Generic (1)
16:41:06.0494 10700 [ 44469AB6C1D3DAD5A1DD9E337464E67F ] tmlisten
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
o\OfficeScan Client\tmlisten.exe. Real md5: 44469AB6C1D3DAD5A1DD9E337464E67F, Fa
ke md5: 72FD200F1B49E83969D252E5EFF6B6D1
16:41:06.0550 10700 tmlisten ( ForgedFile.Multi.Generic ) - warning
16:41:06.0550 10700 tmlisten - detected ForgedFile.Multi.Generic (1)
16:41:06.0584 10700 [ 5E56A8E5436AB08C637C457A88524E87 ] TmPreFilter
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
16:41:06.0585 10700 TmPreFilter - ok
16:41:06.0595 10700 [ F3FF1337A57E252C40E9EDABC4F1BB33 ] TmProxy
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe

o\OfficeScan Client\TmProxy.exe. Real md5: F3FF1337A57E252C40E9EDABC4F1BB33, Fak
e md5: B55961FC9C78290F89538B4F932525B4
16:41:06.0633 10700 TmProxy ( ForgedFile.Multi.Generic ) - warning
16:41:06.0633 10700 TmProxy - detected ForgedFile.Multi.Generic (1)
16:41:06.0681 10700 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi
C:\Win
dows\system32\DRIVERS\tmtdi.sys
16:41:06.0724 10700 tmtdi - ok
16:41:06.0746 10700 [ 72434F76A48A4CAA82E9674DDB8229FC ] TrkWks
C:\Win
dows\System32\trkwks.dll
16:41:06.0764 10700 Suspicious file (Forged): C:\Windows\System32\trkwks.dll. R
eal md5: 72434F76A48A4CAA82E9674DDB8229FC, Fake md5: 7E7AFD841694F6AC397E99D75CE
AD49D
16:41:06.0764 10700 TrkWks ( ForgedFile.Multi.Generic ) - warning
16:41:06.0764 10700 TrkWks - detected ForgedFile.Multi.Generic (1)
16:41:06.0799 10700 [ 1823AD3A8B64356EEA654470565A0791 ] TrustedInstaller C:\Wi
ndows\servicing\TrustedInstaller.exe
16:41:06.0825 10700 Suspicious file (Forged): C:\Windows\servicing\TrustedInsta
ller.exe. Real md5: 1823AD3A8B64356EEA654470565A0791, Fake md5: 773212B2AAA24C1E
31F10246B15B276C
16:41:06.0826 10700 TrustedInstaller ( ForgedFile.Multi.Generic ) - warning
16:41:06.0826 10700 TrustedInstaller - detected ForgedFile.Multi.Generic (1)
16:41:06.0858 10700 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv
C:\Win
dows\system32\DRIVERS\tssecsrv.sys
16:41:06.0859 10700 tssecsrv - ok
16:41:06.0912 10700 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt
C:\Win
dows\system32\drivers\tsusbflt.sys
16:41:06.0914 10700 TsUsbFlt - ok
16:41:06.0939 10700 [ D99804343B53D8D25A5B97FC8266BDF3 ] tunnel
C:\Win
dows\system32\DRIVERS\tunnel.sys
16:41:06.0952 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\tunne
l.sys. Real md5: D99804343B53D8D25A5B97FC8266BDF3, Fake md5: 3566A8DAAFA27AF944F
5D705EAA64894
16:41:06.0952 10700 tunnel ( ForgedFile.Multi.Generic ) - warning
16:41:06.0952 10700 tunnel - detected ForgedFile.Multi.Generic (1)
16:41:06.0986 10700 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35
C:\Win
dows\system32\DRIVERS\uagp35.sys
16:41:06.0988 10700 uagp35 - ok
16:41:07.0029 10700 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor
C:\Pro
gram Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:41:07.0032 10700 uCamMonitor - ok
16:41:07.0059 10700 [ BF738E1E02E9B04AF982F237D486512A ] udfs
C:\Win
dows\system32\DRIVERS\udfs.sys
16:41:07.0081 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\udfs.
sys. Real md5: BF738E1E02E9B04AF982F237D486512A, Fake md5: FF4232A1A64012BAA1FD9
7C7B67DF593
16:41:07.0082 10700 udfs ( ForgedFile.Multi.Generic ) - warning
16:41:07.0082 10700 udfs - detected ForgedFile.Multi.Generic (1)
16:41:07.0113 10700 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect
C:\Win
dows\system32\UI0Detect.exe
16:41:07.0116 10700 UI0Detect - ok
16:41:07.0147 10700 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx
C:\Win
dows\system32\drivers\uliagpkx.sys
16:41:07.0149 10700 uliagpkx - ok
16:41:07.0173 10700 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus
C:\Win
dows\system32\drivers\umbus.sys
16:41:07.0175 10700 umbus - ok
16:41:07.0210 10700 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass
C:\Win
dows\system32\DRIVERS\umpass.sys
16:41:07.0211 10700 UmPass - ok

16:41:07.0230 10700 [ 015FD40C79EACFEA2A26BF80C3280749 ] upnphost
C:\Win
dows\System32\upnphost.dll
16:41:07.0243 10700 Suspicious file (Forged): C:\Windows\System32\upnphost.dll.
Real md5: 015FD40C79EACFEA2A26BF80C3280749, Fake md5: D47EC6A8E81633DD18D2436B1
9BAF6DE
16:41:07.0244 10700 upnphost ( ForgedFile.Multi.Generic ) - warning
16:41:07.0244 10700 upnphost - detected ForgedFile.Multi.Generic (1)
16:41:07.0274 10700 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64
C:\Win
dows\system32\Drivers\usbaapl64.sys
16:41:07.0275 10700 USBAAPL64 - ok
16:41:07.0302 10700 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio
C:\Win
dows\system32\drivers\usbaudio.sys
16:41:07.0305 10700 usbaudio - ok
16:41:07.0328 10700 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp
C:\Win
dows\system32\DRIVERS\usbccgp.sys
16:41:07.0331 10700 usbccgp - ok
16:41:07.0362 10700 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir
C:\Win
dows\system32\drivers\usbcir.sys
16:41:07.0365 10700 usbcir - ok
16:41:07.0373 10700 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci
C:\Win
dows\system32\DRIVERS\usbehci.sys
16:41:07.0374 10700 usbehci - ok
16:41:07.0399 10700 [ 3C75F8040BD7DE4A57BF2187C8AD9F4D ] usbhub
C:\Win
dows\system32\DRIVERS\usbhub.sys
16:41:07.0410 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\usbhu
b.sys. Real md5: 3C75F8040BD7DE4A57BF2187C8AD9F4D, Fake md5: 287C6C9410B111B68B5
2CA298F7B8C24
16:41:07.0411 10700 usbhub ( ForgedFile.Multi.Generic ) - warning
16:41:07.0411 10700 usbhub - detected ForgedFile.Multi.Generic (1)
16:41:07.0427 10700 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci
C:\Win
dows\system32\drivers\usbohci.sys
16:41:07.0429 10700 usbohci - ok
16:41:07.0456 10700 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint
C:\Win
dows\system32\DRIVERS\usbprint.sys
16:41:07.0457 10700 usbprint - ok
16:41:07.0477 10700 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR
C:\Win
dows\system32\DRIVERS\USBSTOR.SYS
16:41:07.0479 10700 USBSTOR - ok
16:41:07.0488 10700 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci
C:\Win
dows\system32\DRIVERS\usbuhci.sys
16:41:07.0489 10700 usbuhci - ok
16:41:07.0516 10700 [ 99790D6ACC90A801967685915E8E7440 ] usbvideo
C:\Win
dows\system32\Drivers\usbvideo.sys
16:41:07.0531 10700 Suspicious file (Forged): C:\Windows\system32\Drivers\usbvi
deo.sys. Real md5: 99790D6ACC90A801967685915E8E7440, Fake md5: 454800C2BC7F3927C
E030141EE4F4C50
16:41:07.0531 10700 usbvideo ( ForgedFile.Multi.Generic ) - warning
16:41:07.0531 10700 usbvideo - detected ForgedFile.Multi.Generic (1)
16:41:07.0587 10700 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms
C:\Win
dows\System32\uxsms.dll
16:41:07.0589 10700 UxSms - ok
16:41:07.0639 10700 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV
Device Arbitration Service C:\Program Files (x86)\Common Files\Sony Shared\VAIO
Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHar
dwareResourceManager.exe
16:41:07.0653 10700 VAIO Entertainment TV Device Arbitration Service - ok
16:41:07.0693 10700 [ D7676B939E352C6E95CCFAA0FEAA1CFD ] VAIO Event Service C:\
Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
16:41:07.0710 10700 Suspicious file (Forged): C:\Program Files (x86)\Sony\VAIO
Event Service\VESMgr.exe. Real md5: D7676B939E352C6E95CCFAA0FEAA1CFD, Fake md5:

D4197CF0C8567046FD4AF28FF47AF528
16:41:07.0710 10700 VAIO Event Service ( ForgedFile.Multi.Generic ) - warning
16:41:07.0711 10700 VAIO Event Service - detected ForgedFile.Multi.Generic (1)
16:41:07.0761 10700 [ 82E50C245DC7C15204D2E585D199E4C9 ] VAIO Power Management
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
16:41:07.0774 10700 Suspicious file (Forged): C:\Program Files\Sony\VAIO Power
Management\SPMService.exe. Real md5: 82E50C245DC7C15204D2E585D199E4C9, Fake md5:
2D6605C1F0BBD0F71A4CB3A5B1E07240
16:41:07.0775 10700 VAIO Power Management ( ForgedFile.Multi.Generic ) - warnin
g
16:41:07.0775 10700 VAIO Power Management - detected ForgedFile.Multi.Generic (
1)
16:41:07.0797 10700 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc
C:\Win
16:41:07.0800 10700 VaultSvc - ok
16:41:07.0829 10700 [ E8C8FFE8AF04E0F12AB4A383399DE0AD ] VCFw
C:\Pro
gram Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
es\Sony Shared\VAIO Content Folder Watcher\VCFw.exe. Real md5: E8C8FFE8AF04E0F12
AB4A383399DE0AD, Fake md5: 06FE5BEDDADB158D84E6DE33CBE19F3E
16:41:07.0850 10700 VCFw ( ForgedFile.Multi.Generic ) - warning
16:41:07.0850 10700 VCFw - detected ForgedFile.Multi.Generic (1)
16:41:07.0884 10700 [ 2344BFA2C0F516B85A9DC89C1D0DC288 ] VcmIAlzMgr
C:\Pro
gram Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
gent Analyzing Manager\VcmIAlzMgr.exe. Real md5: 2344BFA2C0F516B85A9DC89C1D0DC28
8, Fake md5: 34063C0B842E73662067F9B03947C55C
16:41:07.0898 10700 VcmIAlzMgr ( ForgedFile.Multi.Generic ) - warning
16:41:07.0898 10700 VcmIAlzMgr - detected ForgedFile.Multi.Generic (1)
16:41:07.0907 10700 [ A9C61176B5F0EF971A2841FDD046E298 ] VcmINSMgr
C:\Pro
gram Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
gent Network Service Manager\VcmINSMgr.exe. Real md5: A9C61176B5F0EF971A2841FDD0
46E298, Fake md5: A8F5D1651A324ABC6C308891A1252EE3
16:41:07.0923 10700 VcmINSMgr ( ForgedFile.Multi.Generic ) - warning
16:41:07.0923 10700 VcmINSMgr - detected ForgedFile.Multi.Generic (1)
16:41:07.0965 10700 [ DB544B487F360128DC1C383E0A6FCC2F ] VcmXmlIfHelper C:\Pro
gram Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
16:41:07.0968 10700 VcmXmlIfHelper - ok
16:41:07.0971 10700 Vcsw - ok
16:41:08.0006 10700 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot
C:\Win
dows\system32\drivers\vdrvroot.sys
16:41:08.0007 10700 vdrvroot - ok
16:41:08.0034 10700 [ C947B368975791BA3D8DCC65F9A65F6E ] vds
C:\Win
dows\System32\vds.exe
16:41:08.0055 10700 Suspicious file (Forged): C:\Windows\System32\vds.exe. Real
md5: C947B368975791BA3D8DCC65F9A65F6E, Fake md5: 8D6B481601D01A456E75C3210F1830
BE
16:41:08.0056 10700 vds ( ForgedFile.Multi.Generic ) - warning
16:41:08.0056 10700 vds - detected ForgedFile.Multi.Generic (1)
16:41:08.0079 10700 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga
C:\Win
dows\system32\DRIVERS\vgapnp.sys
16:41:08.0080 10700 vga - ok
16:41:08.0103 10700 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave
C:\Win
dows\System32\drivers\vga.sys
16:41:08.0104 10700 VgaSave - ok
16:41:08.0116 10700 [ F273AE7DF195873B02D35BC9C364F391 ] vhdmp
C:\Win
dows\system32\drivers\vhdmp.sys
16:41:08.0130 10700 Suspicious file (Forged): C:\Windows\system32\drivers\vhdmp
.sys. Real md5: F273AE7DF195873B02D35BC9C364F391, Fake md5: 2CE2DF28C83AEAF30084

E1B1EB253CBB
16:41:08.0130 10700 vhdmp ( ForgedFile.Multi.Generic ) - warning
16:41:08.0130 10700 vhdmp - detected ForgedFile.Multi.Generic (1)
16:41:08.0164 10700 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide
C:\Win
dows\system32\drivers\viaide.sys
16:41:08.0165 10700 viaide - ok
16:41:08.0197 10700 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr
C:\Win
dows\system32\drivers\volmgr.sys
16:41:08.0199 10700 volmgr - ok
16:41:08.0226 10700 [ EED4A4371FA68DD36706BD5EA3B92E56 ] volmgrx
C:\Win
dows\system32\drivers\volmgrx.sys
16:41:08.0242 10700 Suspicious file (Forged): C:\Windows\system32\drivers\volmg
rx.sys. Real md5: EED4A4371FA68DD36706BD5EA3B92E56, Fake md5: A255814907C89BE58B
79EF2F189B843B
16:41:08.0243 10700 volmgrx ( ForgedFile.Multi.Generic ) - warning
16:41:08.0243 10700 volmgrx - detected ForgedFile.Multi.Generic (1)
16:41:08.0259 10700 [ 684E4A3CB099DAF06A9A03669D74B367 ] volsnap
C:\Win
dows\system32\drivers\volsnap.sys
16:41:08.0276 10700 Suspicious file (Forged): C:\Windows\system32\drivers\volsn
ap.sys. Real md5: 684E4A3CB099DAF06A9A03669D74B367, Fake md5: 0D08D2F3B3FF84E433
346669B5E0F639
16:41:08.0277 10700 volsnap ( ForgedFile.Multi.Generic ) - warning
16:41:08.0277 10700 volsnap - detected ForgedFile.Multi.Generic (1)
16:41:08.0313 10700 [ 56905A2F1227AF3B2269D34C00F7EF1B ] VSApiNt
C:\Pro
gram Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
o\OfficeScan Client\VSApiNt.sys. Real md5: 56905A2F1227AF3B2269D34C00F7EF1B, Fak
e md5: B7435B80F795229296D3E1DEFC2A42BE
16:41:08.0363 10700 VSApiNt ( ForgedFile.Multi.Generic ) - warning
16:41:08.0363 10700 VSApiNt - detected ForgedFile.Multi.Generic (1)
16:41:08.0409 10700 [ A9DFC2D78B7AC0D93D2664379AE1CC6A ] vsmraid
C:\Win
dows\system32\DRIVERS\vsmraid.sys
16:41:08.0424 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\vsmra
id.sys. Real md5: A9DFC2D78B7AC0D93D2664379AE1CC6A, Fake md5: 5E2016EA6EBACA03C0
4FEAC5F330D997
16:41:08.0425 10700 vsmraid ( ForgedFile.Multi.Generic ) - warning
16:41:08.0425 10700 vsmraid - detected ForgedFile.Multi.Generic (1)
16:41:08.0448 10700 [ F280E882CBE895379B08A970439F9F54 ] VSNService
C:\Pro
gram Files\Sony\VAIO Smart Network\VSNService.exe
16:41:08.0461 10700 Suspicious file (Forged): C:\Program Files\Sony\VAIO Smart
Network\VSNService.exe. Real md5: F280E882CBE895379B08A970439F9F54, Fake md5: E9
638E51373D527E22438B80126B64F9
16:41:08.0462 10700 VSNService ( ForgedFile.Multi.Generic ) - warning
16:41:08.0462 10700 VSNService - detected ForgedFile.Multi.Generic (1)
16:41:08.0497 10700 [ B3FF4C44A8D6671BBEDCE561A877A9D5 ] VSS
C:\Win
dows\system32\vssvc.exe
16:41:08.0536 10700 Suspicious file (Forged): C:\Windows\system32\vssvc.exe. Re
al md5: B3FF4C44A8D6671BBEDCE561A877A9D5, Fake md5: B60BA0BC31B0CB414593E169F6F2
1CC2
16:41:08.0540 10700 VSS ( ForgedFile.Multi.Generic ) - warning
16:41:08.0540 10700 VSS - detected ForgedFile.Multi.Generic (1)
16:41:08.0628 10700 [ 758404B2D693B9DA599C0A3E81932D91 ] vToolbarUpdater15.2.0
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\Too
lbarUpdater.exe
es\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe. Real md5: 758404
B2D693B9DA599C0A3E81932D91, Fake md5: 4B817450226F93C31ADD5BCC27FED27A
16:41:08.0655 10700 vToolbarUpdater15.2.0 ( ForgedFile.Multi.Generic ) - warnin
g
16:41:08.0655 10700 vToolbarUpdater15.2.0 - detected ForgedFile.Multi.Generic (

1)
16:41:08.0679 10700 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus
C:\Win
dows\system32\DRIVERS\vwifibus.sys
16:41:08.0680 10700 vwifibus - ok
16:41:08.0702 10700 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt
C:\Win
dows\system32\DRIVERS\vwififlt.sys
16:41:08.0703 10700 vwififlt - ok
16:41:08.0737 10700 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp
C:\Win
dows\system32\DRIVERS\vwifimp.sys
16:41:08.0739 10700 vwifimp - ok
16:41:08.0759 10700 [ B050C170017B7FC0D3C4797706A0B776 ] VzCdbSvc
C:\Pro
gram Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCd
bSvc.exe
es\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe. Real md5: B050C17
0017B7FC0D3C4797706A0B776, Fake md5: D8BEF4AC1EAC809DBDBD441D6CFF6C4C
16:41:08.0770 10700 VzCdbSvc ( ForgedFile.Multi.Generic ) - warning
16:41:08.0770 10700 VzCdbSvc - detected ForgedFile.Multi.Generic (1)
16:41:08.0798 10700 [ 8196C95E5740C671891CB9E538247E8C ] W32Time
C:\Win
dows\system32\w32time.dll
16:41:08.0817 10700 Suspicious file (Forged): C:\Windows\system32\w32time.dll.
Real md5: 8196C95E5740C671891CB9E538247E8C, Fake md5: 1C9D80CC3849B3788048078C26
486E1A
16:41:08.0818 10700 W32Time ( ForgedFile.Multi.Generic ) - warning
16:41:08.0818 10700 W32Time - detected ForgedFile.Multi.Generic (1)
16:41:08.0865 10700 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen
C:\Win
dows\system32\DRIVERS\wacompen.sys
16:41:08.0867 10700 WacomPen - ok
16:41:08.0911 10700 [ 356AFD78A6ED4457169241AC3965230C ] WANARP
C:\Win
16:41:08.0913 10700 WANARP - ok
16:41:08.0926 10700 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6
C:\Win
16:41:08.0927 10700 Wanarpv6 - ok
16:41:08.0954 10700 [ A8FD7C75729256076702792BDCC3863E ] WatAdminSvc
C:\Win
dows\system32\Wat\WatAdminSvc.exe
16:41:08.0988 10700 Suspicious file (Forged): C:\Windows\system32\Wat\WatAdminS
vc.exe. Real md5: A8FD7C75729256076702792BDCC3863E, Fake md5: 3CEC96DE223E49EAAE
3651FCF8FAEA6C
16:41:08.0992 10700 WatAdminSvc ( ForgedFile.Multi.Generic ) - warning
16:41:08.0992 10700 WatAdminSvc - detected ForgedFile.Multi.Generic (1)
16:41:09.0020 10700 [ 5256A6D3FC641504ED0A6F78807B1DBB ] wbengine
C:\Win
dows\system32\wbengine.exe
16:41:09.0053 10700 Suspicious file (Forged): C:\Windows\system32\wbengine.exe.
Real md5: 5256A6D3FC641504ED0A6F78807B1DBB, Fake md5: 78F4E7F5C56CB9716238EB57D
A4B6A75
16:41:09.0057 10700 wbengine ( ForgedFile.Multi.Generic ) - warning
16:41:09.0057 10700 wbengine - detected ForgedFile.Multi.Generic (1)
16:41:09.0081 10700 [ B12609FDC2C8766BBBAD14A0F1ABC2FE ] WbioSrvc
C:\Win
dows\System32\wbiosrvc.dll
16:41:09.0090 10700 Suspicious file (Forged): C:\Windows\System32\wbiosrvc.dll.
Real md5: B12609FDC2C8766BBBAD14A0F1ABC2FE, Fake md5: 3AA101E8EDAB2DB4131333F43
25C76A3
16:41:09.0091 10700 WbioSrvc ( ForgedFile.Multi.Generic ) - warning
16:41:09.0091 10700 WbioSrvc - detected ForgedFile.Multi.Generic (1)
16:41:09.0115 10700 [ F87B640172C16239D3F4C5762A665AF0 ] wcncsvc
C:\Win
dows\System32\wcncsvc.dll
16:41:09.0134 10700 Suspicious file (Forged): C:\Windows\System32\wcncsvc.dll.
Real md5: F87B640172C16239D3F4C5762A665AF0, Fake md5: 7368A2AFD46E5A4481D1DE9D14
848EDD
16:41:09.0135 10700 wcncsvc ( ForgedFile.Multi.Generic ) - warning
16:41:09.0135 10700 wcncsvc - detected ForgedFile.Multi.Generic (1)
16:41:09.0146 10700 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Wi
ndows\System32\WcsPlugInService.dll
16:41:09.0150 10700 WcsPlugInService - ok
16:41:09.0171 10700 [ 72889E16FF12BA0F235467D6091B17DC ] Wd
C:\Win
dows\system32\DRIVERS\wd.sys
16:41:09.0172 10700 Wd - ok
16:41:09.0201 10700 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM
C:\Win
dows\system32\DRIVERS\wdcsam64.sys
16:41:09.0202 10700 WDC_SAM - ok
16:41:09.0217 10700 [ D5490C8CA364A67AD46BC77A212ECF0E ] Wdf01000
C:\Win
dows\system32\drivers\Wdf01000.sys
16:41:09.0238 10700 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01
000.sys. Real md5: D5490C8CA364A67AD46BC77A212ECF0E, Fake md5: 442783E2CB0DA1987
3B7A63833FF4CB4
16:41:09.0240 10700 Wdf01000 ( ForgedFile.Multi.Generic ) - warning
16:41:09.0241 10700 Wdf01000 - detected ForgedFile.Multi.Generic (1)
16:41:09.0250 10700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Win
16:41:09.0253 10700 WdiServiceHost - ok
16:41:09.0257 10700 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Win
16:41:09.0259 10700 WdiSystemHost - ok
16:41:09.0287 10700 [ 10E51E4DC536BBE7CCE80D852585860E ] WebClient
C:\Win
dows\System32\webclnt.dll
16:41:09.0301 10700 Suspicious file (Forged): C:\Windows\System32\webclnt.dll.
Real md5: 10E51E4DC536BBE7CCE80D852585860E, Fake md5: 3DB6D04E1C64272F8B14EB8BC4
616280
16:41:09.0301 10700 WebClient ( ForgedFile.Multi.Generic ) - warning
16:41:09.0301 10700 WebClient - detected ForgedFile.Multi.Generic (1)
16:41:09.0314 10700 [ 05E5A05F373C3DA1AE7488A7C2338D37 ] Wecsvc
C:\Win
dows\system32\wecsvc.dll
16:41:09.0329 10700 Suspicious file (Forged): C:\Windows\system32\wecsvc.dll. R
eal md5: 05E5A05F373C3DA1AE7488A7C2338D37, Fake md5: C749025A679C5103E575E3B48E0
92C43
16:41:09.0330 10700 Wecsvc ( ForgedFile.Multi.Generic ) - warning
16:41:09.0330 10700 Wecsvc - detected ForgedFile.Multi.Generic (1)
16:41:09.0341 10700 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Win
dows\System32\wercplsupport.dll
16:41:09.0343 10700 wercplsupport - ok
16:41:09.0356 10700 [ 6D137963730144698CBD10F202E9F251 ] WerSvc
C:\Win
dows\System32\WerSvc.dll
16:41:09.0359 10700 WerSvc - ok
16:41:09.0391 10700 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf
C:\Win
dows\system32\DRIVERS\wfplwf.sys
16:41:09.0392 10700 WfpLwf - ok
16:41:09.0404 10700 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount
C:\Win
dows\system32\drivers\wimmount.sys
16:41:09.0405 10700 WIMMount - ok
16:41:09.0440 10700 WinDefend - ok
16:41:09.0462 10700 WinHttpAutoProxySvc - ok
16:41:09.0497 10700 [ 689CB8A9930F9D6F3838F751619FA22F ] Winmgmt
C:\Win
dows\system32\wbem\WMIsvc.dll
16:41:09.0511 10700 Suspicious file (Forged): C:\Windows\system32\wbem\WMIsvc.d
ll. Real md5: 689CB8A9930F9D6F3838F751619FA22F, Fake md5: 19B07E7E8915D701225DA4
1CB3877306
16:41:09.0512 10700 Winmgmt ( ForgedFile.Multi.Generic ) - warning
16:41:09.0512 10700 Winmgmt - detected ForgedFile.Multi.Generic (1)
16:41:09.0649 10700 [ 6B41F54D52A852D9E58151DCCF762C50 ] WinRM

C:\Win
dows\system32\WsmSvc.dll
16:41:09.0749 10700 Suspicious file (Forged): C:\Windows\system32\WsmSvc.dll. R
eal md5: 6B41F54D52A852D9E58151DCCF762C50, Fake md5: BCB1310604AA415C4508708975B
3931E
16:41:09.0822 10700 WinRM ( ForgedFile.Multi.Generic ) - warning
16:41:09.0822 10700 WinRM - detected ForgedFile.Multi.Generic (1)
16:41:09.0900 10700 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb
C:\Win
dows\system32\DRIVERS\WinUsb.sys
16:41:09.0902 10700 WinUsb - ok
16:41:09.0943 10700 [ 20D7E63F02281DD42F40B446279A13F2 ] Wlansvc
C:\Win
dows\System32\wlansvc.dll
16:41:09.0965 10700 Suspicious file (Forged): C:\Windows\System32\wlansvc.dll.
Real md5: 20D7E63F02281DD42F40B446279A13F2, Fake md5: 4FADA86E62F18A1B2F42BA18AE
24E6AA
16:41:09.0968 10700 Wlansvc ( ForgedFile.Multi.Generic ) - warning
16:41:09.0968 10700 Wlansvc - detected ForgedFile.Multi.Generic (1)
16:41:10.0001 10700 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi
C:\Win
dows\system32\drivers\wmiacpi.sys
16:41:10.0002 10700 WmiAcpi - ok
16:41:10.0030 10700 [ E704EB19C459B4FB9CDF0200A54D07BA ] wmiApSrv
C:\Win
dows\system32\wbem\WmiApSrv.exe
16:41:10.0050 10700 Suspicious file (Forged): C:\Windows\system32\wbem\WmiApSrv
.exe. Real md5: E704EB19C459B4FB9CDF0200A54D07BA, Fake md5: 38B84C94C5A8AF291ADF
EA478AE54F93
16:41:10.0051 10700 wmiApSrv ( ForgedFile.Multi.Generic ) - warning
16:41:10.0051 10700 wmiApSrv - detected ForgedFile.Multi.Generic (1)
16:41:10.0081 10700 WMPNetworkSvc - ok
16:41:10.0095 10700 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc
C:\Win
dows\System32\wpcsvc.dll
16:41:10.0098 10700 WPCSvc - ok
16:41:10.0134 10700 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum
C:\Win
dows\system32\wpdbusenum.dll
16:41:10.0137 10700 WPDBusEnum - ok
16:41:10.0156 10700 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl
C:\Win
dows\system32\drivers\ws2ifsl.sys
16:41:10.0157 10700 ws2ifsl - ok
16:41:10.0173 10700 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc
C:\Win
dows\System32\wscsvc.dll
16:41:10.0176 10700 wscsvc - ok
16:41:10.0180 10700 WSearch - ok
16:41:10.0240 10700 [ C2AA7A6E955F3B83FAC30F2728C46C3E ] wuauserv
C:\Win
dows\system32\wuaueng.dll
16:41:10.0297 10700 Suspicious file (Forged): C:\Windows\system32\wuaueng.dll.
Real md5: C2AA7A6E955F3B83FAC30F2728C46C3E, Fake md5: D9EF901DCA379CFE914E9FA13B
73B4C4
16:41:10.0304 10700 wuauserv ( ForgedFile.Multi.Generic ) - warning
16:41:10.0304 10700 wuauserv - detected ForgedFile.Multi.Generic (1)
16:41:10.0346 10700 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf
C:\Win
dows\system32\drivers\WudfPf.sys
16:41:10.0348 10700 WudfPf - ok
16:41:10.0360 10700 [ 66E6E5621E341FF0BB2B2CBFA3CFF68C ] WUDFRd
C:\Win
dows\system32\DRIVERS\WUDFRd.sys
16:41:10.0375 10700 Suspicious file (Forged): C:\Windows\system32\DRIVERS\WUDFR
d.sys. Real md5: 66E6E5621E341FF0BB2B2CBFA3CFF68C, Fake md5: DDA4CAF29D8C0A297F8
86BFE561E6659
16:41:10.0376 10700 WUDFRd ( ForgedFile.Multi.Generic ) - warning
16:41:10.0376 10700 WUDFRd - detected ForgedFile.Multi.Generic (1)
16:41:10.0403 10700 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc
C:\Win
dows\System32\WUDFSvc.dll
16:41:10.0406 10700 wudfsvc - ok

16:41:10.0437 10700 [ 63FF779A3108E00301D2A99644432D71 ] WwanSvc
C:\Win
dows\System32\wwansvc.dll
16:41:10.0451 10700 Suspicious file (Forged): C:\Windows\System32\wwansvc.dll.
Real md5: 63FF779A3108E00301D2A99644432D71, Fake md5: FE90B750AB808FB9DD8FBB428B
5FF83B
16:41:10.0452 10700 WwanSvc ( ForgedFile.Multi.Generic ) - warning
16:41:10.0452 10700 WwanSvc - detected ForgedFile.Multi.Generic (1)
16:41:10.0579 10700 [ 0923939BC1C4B802365F24E87C9A0F66 ] YouTubeDownloaderConve
rter C:\Users\EdgeTouchscreen\AppData\Roaming\GVU Technologies\Free YouTube Down
loader Converter\CertifiedBrowserService.exe
16:41:10.0634 10700 YouTubeDownloaderConverter - ok
16:41:10.0664 10700 ================ Scan global ==============================
=
16:41:10.0707 10700 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\ba
sesrv.dll
nsrv.dll
B7264
nsrv.dll
B7264
16:41:10.0774 10700 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sx
ssrv.dll
16:41:10.0786 10700 [ FFBE62C7CFA81689A3EFDF9C9072D47C ] C:\Windows\system32\se
rvices.exe
16:41:10.0797 10700 Suspicious file (Forged): C:\Windows\system32\services.exe.
Real md5: FFBE62C7CFA81689A3EFDF9C9072D47C, Fake md5: 24ACB7E5BE595468E3B9AA488
B9B4FCB
16:41:10.0797 10700 [Global] - ok
16:41:10.0801 10700 ================ Scan MBR =================================
=
16:41:10.0816 10700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:41:10.0999 10700 \Device\Harddisk0\DR0 - ok
16:41:10.0999 10700 ================ Scan VBR =================================
=
16:41:11.0003 10700 [ 0621CBB711A03DC6FA70280A1716247D ] \Device\Harddisk0\DR0\
Partition1
16:41:11.0018 10700 [ E667434EBB7EABD94225B79F31BF6948 ] \Device\Harddisk0\DR0\
Partition2
16:41:11.0022 10700 ===========================================================
=
16:41:11.0022 10700 Scan finished
16:41:11.0022 10700 ===========================================================
=
16:41:11.0028 6052 Detected object count: 185
16:41:11.0028 6052 Actual detected object count: 185
16:41:32.0073 6052 C:\Windows\system32\drivers\1394ohci.sys - copied to quarant
ine
16:41:32.0151 6052 1394ohci ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:32.0196 6052 C:\Windows\system32\drivers\ACPI.sys - copied to quarantine
16:41:32.0253 6052 ACPI ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:32.0299 6052 c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\Photosho

pElementsFileAgent.exe - copied to quarantine
16:41:32.0353 6052 AdobeActiveFileMonitor7.0 ( ForgedFile.Multi.Generic ) - Use
r select action: Quarantine
16:41:32.0474 6052 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.
exe - copied to quarantine
16:41:32.0560 6052 AdobeFlashPlayerUpdateSvc ( ForgedFile.Multi.Generic ) - Use
16:41:32.0615 6052 C:\Windows\system32\DRIVERS\adp94xx.sys - copied to quaranti
ne
16:41:32.0654 6052 adp94xx ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:32.0699 6052 C:\Windows\system32\DRIVERS\adpahci.sys - copied to quaranti
ne
16:41:32.0763 6052 adpahci ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:32.0830 6052 C:\Windows\system32\DRIVERS\adpu320.sys - copied to quaranti
ne
16:41:32.0865 6052 adpu320 ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:32.0959 6052 C:\Windows\system32\drivers\afd.sys - copied to quarantine
16:41:33.0036 6052 AFD ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:33.0088 6052 C:\Windows\system32\DRIVERS\amdsbs.sys - copied to quarantin
e
16:41:33.0151 6052 amdsbs ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:33.0264 6052 C:\Windows\system32\DRIVERS\athrx.sys - copied to quarantine
16:41:33.0318 6052 athr ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:33.0365 6052 C:\Windows\System32\Audiosrv.dll - copied to quarantine
16:41:33.0417 6052 AudioEndpointBuilder ( ForgedFile.Multi.Generic ) - User sel
ect action: Quarantine
16:41:33.0478 6052 C:\Windows\System32\Audiosrv.dll - copied to quarantine
16:41:33.0535 6052 AudioSrv ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:33.0605 6052 C:\Windows\system32\DRIVERS\AVerAVF2.sys - copied to quarant
ine
16:41:33.0709 6052 AVerAVF2 ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:33.0752 6052 C:\Windows\system32\DRIVERS\bxvbda.sys - copied to quarantin
e
16:41:33.0773 6052 b06bdrv ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:33.0812 6052 C:\Windows\system32\DRIVERS\b57nd60a.sys - copied to quarant
ine
16:41:33.0862 6052 b57nd60a ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:33.0931 6052 C:\Windows\System32\bfe.dll - copied to quarantine
16:41:34.0060 6052 BFE ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:34.0104 6052 C:\Windows\System32\qmgr.dll - copied to quarantine
16:41:34.0291 6052 BITS ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:34.0340 6052 C:\Program Files\Bonjour\mDNSResponder.exe - copied to quara
ntine
16:41:34.0393 6052 Bonjour Service ( ForgedFile.Multi.Generic ) - User select a
ction: Quarantine
16:41:34.0465 6052 C:\Windows\System32\browser.dll - copied to quarantine
16:41:34.0488 6052 Browser ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:34.0574 6052 C:\Windows\System32\Drivers\Brserid.sys - copied to quaranti
ne
16:41:34.0615 6052 Brserid ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:34.0703 6052 C:\Windows\System32\Drivers\BTHport.sys - copied to quaranti
ne
16:41:34.0774 6052 BTHPORT ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:34.0829 6052 C:\Windows\system32\drivers\btwavdt.sys - copied to quaranti
ne
16:41:34.0844 6052 btwavdt ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:34.0976 6052 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe - co
pied to quarantine
16:41:35.0064 6052 btwdins ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:35.0110 6052 C:\Windows\system32\DRIVERS\cdrom.sys - copied to quarantine
16:41:35.0126 6052 cdrom ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:35.0191 6052 C:\Windows\system32\CLFS.sys - copied to quarantine
16:41:35.0518 6052 CLFS ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:35.0698 6052 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe copied to quarantine
- User select action: Quarantine
16:41:35.0813 6052 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
- copied to quarantine
- User select action: Quarantine
16:41:35.0875 6052 C:\Windows\system32\Drivers\cng.sys - copied to quarantine
16:41:35.0895 6052 CNG ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:35.0944 6052 C:\Windows\system32\cryptsvc.dll - copied to quarantine
16:41:35.0960 6052 CryptSvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:36.0049 6052 C:\Windows\system32\rpcss.dll - copied to quarantine
16:41:36.0074 6052 DcomLaunch ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:36.0149 6052 C:\Windows\System32\defragsvc.dll - copied to quarantine
16:41:36.0165 6052 defragsvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:36.0230 6052 C:\Windows\system32\dhcpcore.dll - copied to quarantine
16:41:36.0261 6052 Dhcp ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:36.0336 6052 C:\Windows\System32\dnsrslvr.dll - copied to quarantine
16:41:36.0375 6052 Dnscache ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:36.0417 6052 C:\Windows\System32\dot3svc.dll - copied to quarantine
16:41:36.0454 6052 dot3svc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:36.0532 6052 C:\Windows\system32\dps.dll - copied to quarantine
16:41:36.0580 6052 DPS ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:36.0647 6052 C:\Windows\System32\drivers\dxgkrnl.sys - copied to quaranti
ne
16:41:36.0751 6052 DXGKrnl ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:36.0812 6052 C:\Windows\system32\DRIVERS\e1y62x64.sys - copied to quarant
ine
16:41:36.0846 6052 e1yexpress ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:36.0997 6052 C:\Windows\system32\DRIVERS\evbda.sys - copied to quarantine
16:41:37.0278 6052 ebdrv ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:37.0406 6052 C:\Windows\ehome\ehRecvr.exe - copied to quarantine
16:41:37.0472 6052 ehRecvr ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:37.0509 6052 C:\Windows\ehome\ehsched.exe - copied to quarantine
16:41:37.0528 6052 ehSched ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:37.0573 6052 C:\Windows\system32\DRIVERS\elxstor.sys - copied to quaranti
ne
16:41:37.0589 6052 elxstor ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:37.0700 6052 C:\Windows\system32\es.dll - copied to quarantine
16:41:37.0719 6052 EventSystem ( ForgedFile.Multi.Generic ) - User select actio
n: Quarantine
16:41:37.0775 6052 C:\Windows\system32\drivers\exfat.sys - copied to quarantine
16:41:37.0792 6052 exfat ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:37.0856 6052 C:\Windows\system32\drivers\fastfat.sys - copied to quaranti
ne
16:41:37.0896 6052 fastfat ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:38.0007 6052 C:\Windows\system32\fxssvc.exe - copied to quarantine
16:41:38.0061 6052 Fax ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:38.0283 6052 C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXn
et Publisher\FNPLicensingService.exe - copied to quarantine
16:41:38.0345 6052 FLEXnet Licensing Service ( ForgedFile.Multi.Generic ) - Use
16:41:38.0420 6052 C:\Windows\system32\drivers\fltmgr.sys - copied to quarantin
e
16:41:38.0481 6052 FltMgr ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:38.0581 6052 C:\Windows\system32\FntCache.dll - copied to quarantine
16:41:38.0599 6052 FontCache ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:38.0687 6052 C:\Windows\system32\DRIVERS\fvevol.sys - copied to quarantin
e
16:41:38.0707 6052 fvevol ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:38.0773 6052 C:\Windows\System32\gpsvc.dll - copied to quarantine
16:41:38.0837 6052 gpsvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:38.0983 6052 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - copi
ed to quarantine
16:41:39.0006 6052 gupdate ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:39.0041 6052 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - copi
ed to quarantine
16:41:39.0074 6052 gupdatem ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:39.0195 6052 C:\Program Files (x86)\Google\Common\Google Updater\GoogleUp
daterService.exe - copied to quarantine
16:41:39.0235 6052 gusvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:39.0292 6052 C:\Windows\system32\drivers\HdAudio.sys - copied to quaranti
ne
16:41:39.0309 6052 HdAudAddService ( ForgedFile.Multi.Generic ) - User select a
ction: Quarantine
16:41:39.0362 6052 C:\Windows\system32\drivers\HDAudBus.sys - copied to quarant
ine
16:41:39.0409 6052 HDAudBus ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:39.0459 6052 C:\Windows\system32\ListSvc.dll - copied to quarantine
16:41:39.0493 6052 HomeGroupListener ( ForgedFile.Multi.Generic ) - User select
action: Quarantine
16:41:39.0551 6052 C:\Windows\system32\provsvc.dll - copied to quarantine
16:41:39.0593 6052 HomeGroupProvider ( ForgedFile.Multi.Generic ) - User select
action: Quarantine
16:41:39.0659 6052 C:\Windows\system32\drivers\HTTP.sys - copied to quarantine
16:41:39.0676 6052 HTTP ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:39.0757 6052 C:\Windows\system32\drivers\iaStorV.sys - copied to quaranti
ne
16:41:39.0823 6052 iaStorV ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:39.0978 6052 C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communicat
ion Foundation\infocard.exe - copied to quarantine
16:41:40.0129 6052 idsvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:40.0197 6052 C:\Windows\System32\ikeext.dll - copied to quarantine
16:41:40.0248 6052 IKEEXT ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:40.0378 6052 C:\Windows\system32\drivers\RTKVHD64.sys - copied to quarant
ine
16:41:40.0488 6052 IntcAzAudAddService ( ForgedFile.Multi.Generic ) - User sele
ct action: Quarantine
16:41:40.0598 6052 C:\Windows\System32\iphlpsvc.dll - copied to quarantine
16:41:40.0836 6052 iphlpsvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:40.0975 6052 C:\Program Files\iPod\bin\iPodService.exe - copied to quaran
tine
16:41:41.0038 6052 iPod Service ( ForgedFile.Multi.Generic ) - User select acti
on: Quarantine
16:41:41.0087 6052 C:\Windows\system32\drivers\msiscsi.sys - copied to quaranti
ne
16:41:41.0106 6052 iScsiPrt ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:41.0188 6052 C:\Windows\system32\Drivers\ksecpkg.sys - copied to quaranti
ne
16:41:41.0208 6052 KSecPkg ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:41.0311 6052 C:\Windows\system32\msdtckrm.dll - copied to quarantine
16:41:41.0358 6052 KtmRm ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:41.0404 6052 C:\Windows\system32\srvsvc.dll - copied to quarantine
16:41:41.0440 6052 LanmanServer ( ForgedFile.Multi.Generic ) - User select acti
on: Quarantine
16:41:41.0502 6052 C:\Windows\System32\lltdsvc.dll - copied to quarantine
16:41:41.0518 6052 lltdsvc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:41.0558 6052 C:\Windows\system32\DRIVERS\MegaSR.sys - copied to quarantin
e
16:41:41.0597 6052 MegaSR ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:41.0651 6052 C:\Windows\system32\drivers\mpio.sys - copied to quarantine
16:41:41.0668
antine
16:41:41.0742
16:41:41.0810
arantine
16:41:41.0857
e
16:41:41.0873
arantine
16:41:41.0910
e
16:41:41.0927
arantine
16:41:41.0981
ine
16:41:42.0002
Quarantine
16:41:42.0071
ine
16:41:42.0090
Quarantine
16:41:42.0167
16:41:42.0191
rantine
16:41:42.0252
16:41:42.0305
rantine
16:41:42.0357
16:41:42.0372
uarantine
16:41:42.0443
16:41:42.0489
rantine
16:41:42.0609
16:41:42.0627
Quarantine
16:41:42.0738
16:41:42.0769
n: Quarantine
16:41:42.0839
16:41:42.0974
antine
16:41:43.0071
ne
16:41:43.0091
uarantine
16:41:43.0148
16:41:43.0189
rantine
16:41:43.0260
16:41:43.0287
arantine
16:41:43.0328
16:41:43.0390
Quarantine
16:41:43.0445
16:41:43.0461
arantine
16:41:43.0587
16:41:43.0680
6052 mpio ( ForgedFile.Multi.Generic ) - User select action: Quar

6052 C:\Windows\system32\mpssvc.dll - copied to quarantine
6052 MpsSvc ( ForgedFile.Multi.Generic ) - User select action: Qu
6052 C:\Windows\system32\drivers\mrxdav.sys - copied to quarantin
6052 MRxDAV ( ForgedFile.Multi.Generic ) - User select action: Qu
6052 C:\Windows\system32\DRIVERS\mrxsmb.sys - copied to quarantin
6052 mrxsmb ( ForgedFile.Multi.Generic ) - User select action: Qu
6052 C:\Windows\system32\DRIVERS\mrxsmb10.sys - copied to quarant
6052 C:\Windows\system32\DRIVERS\mrxsmb20.sys - copied to quarant
6052 C:\Windows\system32\drivers\msdsm.sys - copied to quarantine
6052 msdsm ( ForgedFile.Multi.Generic ) - User select action: Qua
6052 C:\Windows\System32\msdtc.exe - copied to quarantine
6052 MSDTC ( ForgedFile.Multi.Generic ) - User select action: Qua
6052 C:\Windows\system32\iscsiexe.dll - copied to quarantine
6052 MSiSCSI ( ForgedFile.Multi.Generic ) - User select action: Q
6052 C:\Windows\system32\drivers\MsRPC.sys - copied to quarantine
6052 MsRPC ( ForgedFile.Multi.Generic ) - User select action: Qua
6052 C:\Windows\system32\qagentRT.dll - copied to quarantine
6052 napagent ( ForgedFile.Multi.Generic ) - User select action:
6052 C:\Windows\system32\DRIVERS\nwifi.sys - copied to quarantine
6052 NativeWifiP ( ForgedFile.Multi.Generic ) - User select actio
6052 C:\Windows\system32\drivers\ndis.sys - copied to quarantine
6052 NDIS ( ForgedFile.Multi.Generic ) - User select action: Quar
6052 C:\Windows\system32\DRIVERS\ndiswan.sys - copied to quaranti
6052 NdisWan ( ForgedFile.Multi.Generic ) - User select action: Q
6052 C:\Windows\system32\DRIVERS\netbt.sys - copied to quarantine
6052 NetBT ( ForgedFile.Multi.Generic ) - User select action: Qua
6052 C:\Windows\System32\netman.dll - copied to quarantine
6052 Netman ( ForgedFile.Multi.Generic ) - User select action: Qu
6052 C:\Windows\System32\netprofm.dll - copied to quarantine
6052 netprofm ( ForgedFile.Multi.Generic ) - User select action:
6052 C:\Windows\System32\nlasvc.dll - copied to quarantine
6052 NlaSvc ( ForgedFile.Multi.Generic ) - User select action: Qu
6052 C:\Windows\system32\drivers\Ntfs.sys - copied to quarantine
6052 Ntfs ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:43.0848 6052 C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtsca
n.exe - copied to quarantine
16:41:43.0867 6052 ntrtscan ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:44.0433 6052 C:\Windows\system32\DRIVERS\nvlddmkm.sys - copied to quarant
ine
16:41:44.0907 6052 nvlddmkm ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:44.0999 6052 C:\Windows\system32\drivers\nvraid.sys - copied to quarantin
e
16:41:45.0016 6052 nvraid ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0059 6052 C:\Windows\system32\drivers\nvstor.sys - copied to quarantin
e
16:41:45.0100 6052 nvstor ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0140 6052 C:\Windows\system32\nvvsvc.exe - copied to quarantine
16:41:45.0220 6052 nvsvc ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:45.0281 6052 C:\Windows\system32\drivers\nv_agp.sys - copied to quarantin
e
16:41:45.0299 6052 nv_agp ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0360 6052 C:\Program Files (x86)\Common Files\Microsoft Shared\Source
Engine\OSE.EXE - copied to quarantine
16:41:45.0382 6052 ose ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:45.0448 6052 C:\Windows\system32\pnrpsvc.dll - copied to quarantine
16:41:45.0492 6052 p2pimsvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:45.0551 6052 C:\Windows\system32\p2psvc.dll - copied to quarantine
16:41:45.0643 6052 p2psvc ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0681 6052 C:\Windows\System32\pcasvc.dll - copied to quarantine
16:41:45.0729 6052 PcaSvc ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:45.0765 6052 C:\Windows\system32\drivers\pci.sys - copied to quarantine
16:41:45.0913 6052 pci ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:46.0104 6052 C:\Windows\system32\DRIVERS\pcmcia.sys - copied to quarantin
e
16:41:46.0135 6052 pcmcia ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:46.0208 6052 C:\Windows\system32\drivers\peauth.sys - copied to quarantin
e
16:41:46.0231 6052 PEAUTH ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:46.0325 6052 C:\Windows\system32\pla.dll - copied to quarantine
16:41:46.0362 6052 pla ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:46.0413 6052 C:\Windows\system32\umpnpmgr.dll - copied to quarantine
16:41:46.0432 6052 PlugPlay ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:46.0465 6052 C:\Windows\system32\pnrpsvc.dll - copied to quarantine
16:41:46.0480 6052 PNRPsvc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:46.0557 6052 C:\Windows\System32\ipsecsvc.dll - copied to quarantine
16:41:46.0630 6052 PolicyAgent ( ForgedFile.Multi.Generic ) - User select actio
n: Quarantine
16:41:46.0708 6052
16:41:46.0731 6052
rantine
16:41:46.0821 6052
16:41:46.0839 6052
uarantine
16:41:46.0912 6052
16:41:46.0997 6052
arantine
16:41:47.0084 6052
e
16:41:47.0216 6052
arantine
16:41:47.0333 6052
e
16:41:47.0350 6052
arantine
16:41:47.0437 6052
16:41:47.0501 6052
rantine
16:41:47.0563 6052
ne
16:41:47.0593 6052
uarantine
16:41:47.0646 6052
16:41:47.0661 6052
arantine
16:41:47.0707 6052
16:41:47.0724 6052
rantine
16:41:47.0788 6052
16:41:47.0805 6052
rantine
16:41:47.0888 6052
ine
16:41:47.0906 6052
Quarantine
16:41:47.0947 6052
16:41:47.0962 6052
tion: Quarantine
16:41:48.0006 6052
e
16:41:48.0038 6052
arantine
16:41:48.0097 6052
16:41:48.0129 6052
rantine
16:41:48.0198 6052
16:41:48.0237 6052
Quarantine
16:41:48.0326 6052
16:41:48.0460 6052
Quarantine
16:41:48.0547 6052
16:41:48.0562 6052
arantine
16:41:48.0671 6052
16:41:48.0685 6052
: Quarantine
16:41:48.0779 6052
C:\Windows\system32\umpo.dll - copied to quarantine

Power ( ForgedFile.Multi.Generic ) - User select action: Qua
C:\Windows\system32\profsvc.dll - copied to quarantine
ProfSvc ( ForgedFile.Multi.Generic ) - User select action: Q
C:\Windows\system32\DRIVERS\pacer.sys - copied to quarantine
Psched ( ForgedFile.Multi.Generic ) - User select action: Qu
C:\Windows\system32\DRIVERS\ql2300.sys - copied to quarantin
ql2300 ( ForgedFile.Multi.Generic ) - User select action: Qu
C:\Windows\system32\DRIVERS\ql40xx.sys - copied to quarantin
ql40xx ( ForgedFile.Multi.Generic ) - User select action: Qu
C:\Windows\system32\qwave.dll - copied to quarantine
QWAVE ( ForgedFile.Multi.Generic ) - User select action: Qua
C:\Windows\system32\DRIVERS\rasl2tp.sys - copied to quaranti
Rasl2tp ( ForgedFile.Multi.Generic ) - User select action: Q
C:\Windows\System32\rasmans.dll - copied to quarantine
RasMan ( ForgedFile.Multi.Generic ) - User select action: Qu
C:\Windows\system32\DRIVERS\rdbss.sys - copied to quarantine
rdbss ( ForgedFile.Multi.Generic ) - User select action: Qua
C:\Windows\system32\drivers\RDPWD.sys - copied to quarantine
RDPWD ( ForgedFile.Multi.Generic ) - User select action: Qua
C:\Windows\system32\drivers\rdyboost.sys - copied to quarant
rdyboost ( ForgedFile.Multi.Generic ) - User select action:
C:\Windows\system32\regsvc.dll - copied to quarantine
RemoteRegistry ( ForgedFile.Multi.Generic ) - User select ac
C:\Windows\system32\DRIVERS\rfcomm.sys - copied to quarantin
RFCOMM ( ForgedFile.Multi.Generic ) - User select action: Qu
C:\Windows\system32\rpcss.dll - copied to quarantine
RpcSs ( ForgedFile.Multi.Generic ) - User select action: Qua
C:\Windows\System32\SCardSvr.dll - copied to quarantine
SCardSvr ( ForgedFile.Multi.Generic ) - User select action:
C:\Windows\system32\schedsvc.dll - copied to quarantine
Schedule ( ForgedFile.Multi.Generic ) - User select action:
C:\Windows\System32\SDRSVC.dll - copied to quarantine
SDRSVC ( ForgedFile.Multi.Generic ) - User select action: Qu
C:\Windows\system32\sessenv.dll - copied to quarantine
SessionEnv ( ForgedFile.Multi.Generic ) - User select action
C:\Windows\System32\ipnathlp.dll - copied to quarantine
16:41:48.0800 6052 SharedAccess ( ForgedFile.Multi.Generic ) - User select acti

on: Quarantine
16:41:48.0882 6052 C:\Windows\System32\shsvcs.dll - copied to quarantine
16:41:48.0902 6052 ShellHWDetection ( ForgedFile.Multi.Generic ) - User select
action: Quarantine
16:41:49.0033 6052 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCI
mp.exe - copied to quarantine
16:41:49.0062 6052 SOHCImp ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:49.0121 6052 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDm
s.exe - copied to quarantine
16:41:49.0149 6052 SOHDms ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:49.0234 6052 C:\Windows\System32\spoolsv.exe - copied to quarantine
16:41:49.0291 6052 Spooler ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:49.0493 6052 C:\Windows\system32\sppsvc.exe - copied to quarantine
16:41:49.0866 6052 sppsvc ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:49.0952 6052 c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbro
wser.exe - copied to quarantine
16:41:49.0970 6052 SQLBrowser ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:50.0017 6052 c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.ex
e - copied to quarantine
16:41:50.0056 6052 SQLWriter ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:50.0107 6052 C:\Windows\system32\DRIVERS\srv.sys - copied to quarantine
16:41:50.0127 6052 srv ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:50.0155 6052 C:\Windows\system32\DRIVERS\srv2.sys - copied to quarantine
16:41:50.0196 6052 srv2 ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:50.0263 6052 C:\Windows\system32\DRIVERS\srvnet.sys - copied to quarantin
e
16:41:50.0279 6052 srvnet ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:50.0313 6052 C:\Windows\System32\ssdpsrv.dll - copied to quarantine
16:41:50.0327 6052 SSDPSRV ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:50.0367 6052 C:\Windows\system32\DRIVERS\ss_bus.sys - copied to quarantin
e
16:41:50.0383 6052 ss_bus ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:50.0445 6052 C:\Windows\System32\wiaservc.dll - copied to quarantine
16:41:50.0491 6052 stisvc ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:50.0560 6052 C:\Windows\System32\swprv.dll - copied to quarantine
16:41:50.0589 6052 swprv ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:50.0696 6052 C:\Windows\system32\sysmain.dll - copied to quarantine
16:41:50.0750 6052 SysMain ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:50.0893 6052 C:\Windows\System32\tapisrv.dll - copied to quarantine
16:41:50.0951 6052 TapiSrv ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:51.0061 6052 C:\Windows\system32\drivers\tcpip.sys - copied to quarantine
16:41:51.0113 6052 Tcpip ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:51.0473 6052 C:\Windows\system32\DRIVERS\tcpip.sys - copied to quarantine
16:41:51.0812 6052 TCPIP6 ( ForgedFile.Multi.Generic ) - User select action: Qu

arantine
16:41:51.0855 6052 C:\Windows\system32\DRIVERS\tdx.sys - copied to quarantine
16:41:51.0871 6052 tdx ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:51.0954 6052 C:\Windows\System32\termsrv.dll - copied to quarantine
16:41:52.0052 6052 TermService ( ForgedFile.Multi.Generic ) - User select actio
n: Quarantine
16:41:52.0100 6052 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt
.sys - copied to quarantine
16:41:52.0119 6052 TmFilter ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:52.0217 6052 C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmliste
n.exe - copied to quarantine
16:41:52.0320 6052 tmlisten ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:52.0392 6052 C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy
.exe - copied to quarantine
16:41:52.0413 6052 TmProxy ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:52.0542 6052 C:\Windows\System32\trkwks.dll - copied to quarantine
16:41:52.0555 6052 TrkWks ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:52.0654 6052 C:\Windows\servicing\TrustedInstaller.exe - copied to quaran
tine
16:41:52.0684 6052 TrustedInstaller ( ForgedFile.Multi.Generic ) - User select
action: Quarantine
16:41:52.0730 6052 C:\Windows\system32\DRIVERS\tunnel.sys - copied to quarantin
e
16:41:52.0746 6052 tunnel ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:52.0801 6052 C:\Windows\system32\DRIVERS\udfs.sys - copied to quarantine
16:41:52.0824 6052 udfs ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:52.0909 6052 C:\Windows\System32\upnphost.dll - copied to quarantine
16:41:52.0927 6052 upnphost ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:53.0022 6052 C:\Windows\system32\DRIVERS\usbhub.sys - copied to quarantin
e
16:41:53.0043 6052 usbhub ( ForgedFile.Multi.Generic ) - User select action: Qu
arantine
16:41:53.0118 6052 C:\Windows\system32\Drivers\usbvideo.sys - copied to quarant
ine
16:41:53.0136 6052 usbvideo ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:53.0255 6052 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe copied to quarantine
16:41:53.0289 6052 VAIO Event Service ( ForgedFile.Multi.Generic ) - User selec
t action: Quarantine
16:41:53.0390 6052 C:\Program Files\Sony\VAIO Power Management\SPMService.exe copied to quarantine
16:41:53.0450 6052 VAIO Power Management ( ForgedFile.Multi.Generic ) - User se
lect action: Quarantine
16:41:53.0560 6052 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content
Folder Watcher\VCFw.exe - copied to quarantine
16:41:53.0645 6052 VCFw ( ForgedFile.Multi.Generic ) - User select action: Quar
antine
16:41:53.0726 6052 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmI
AlzMgr.exe - copied to quarantine
16:41:53.0788 6052 VcmIAlzMgr ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:53.0851 6052 C:\Program Files\Sony\VCM Intelligent Network Service Manage
r\VcmINSMgr.exe - copied to quarantine
16:41:53.0921 6052 VcmINSMgr ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:53.0992 6052 C:\Windows\System32\vds.exe - copied to quarantine
16:41:54.0073 6052 vds ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:54.0134 6052 C:\Windows\system32\drivers\vhdmp.sys - copied to quarantine
16:41:54.0172 6052 vhdmp ( ForgedFile.Multi.Generic ) - User select action: Qua
rantine
16:41:54.0230 6052 C:\Windows\system32\drivers\volmgrx.sys - copied to quaranti
ne
16:41:54.0248 6052 volmgrx ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0314 6052 C:\Windows\system32\drivers\volsnap.sys - copied to quaranti
ne
16:41:54.0330 6052 volsnap ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0431 6052 C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt
.sys - copied to quarantine
16:41:54.0475 6052 VSApiNt ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0596 6052 C:\Windows\system32\DRIVERS\vsmraid.sys - copied to quaranti
ne
16:41:54.0664 6052 vsmraid ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:54.0740 6052 C:\Program Files\Sony\VAIO Smart Network\VSNService.exe - co
pied to quarantine
16:41:54.0804 6052 VSNService ( ForgedFile.Multi.Generic ) - User select action
: Quarantine
16:41:54.0937 6052 C:\Windows\system32\vssvc.exe - copied to quarantine
16:41:55.0045 6052 VSS ( ForgedFile.Multi.Generic ) - User select action: Quara
ntine
16:41:55.0161 6052 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolb
arUpdater\15.2.0\ToolbarUpdater.exe - copied to quarantine
16:41:55.0260 6052 vToolbarUpdater15.2.0 ( ForgedFile.Multi.Generic ) - User se
lect action: Quarantine
16:41:55.0342 6052 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Enterta
inment Platform\VzCdb\VzCdbSvc.exe - copied to quarantine
16:41:55.0386 6052 VzCdbSvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:55.0479 6052 C:\Windows\system32\w32time.dll - copied to quarantine
16:41:55.0499 6052 W32Time ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:55.0627 6052 C:\Windows\system32\Wat\WatAdminSvc.exe - copied to quaranti
ne
16:41:55.0677 6052 WatAdminSvc ( ForgedFile.Multi.Generic ) - User select actio
n: Quarantine
16:41:55.0789 6052 C:\Windows\system32\wbengine.exe - copied to quarantine
16:41:55.0845 6052 wbengine ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:55.0926 6052 C:\Windows\System32\wbiosrvc.dll - copied to quarantine
16:41:55.0956 6052 WbioSrvc ( ForgedFile.Multi.Generic ) - User select action:
Quarantine
16:41:56.0068 6052 C:\Windows\System32\wcncsvc.dll - copied to quarantine
16:41:56.0086 6052 wcncsvc ( ForgedFile.Multi.Generic ) - User select action: Q
uarantine
16:41:56.0216 6052 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarant
ine
16:41:56.0237
Quarantine
16:41:56.0323
16:41:56.0338
Quarantine
16:41:56.0485
16:41:56.0513
arantine
16:41:56.0626
16:41:56.0641
uarantine
16:41:56.0930
16:41:57.0070
rantine
16:41:57.0188
16:41:57.0269
uarantine
16:41:57.0353
16:41:57.0375
Quarantine
16:41:57.0568
16:41:57.0872
Quarantine
16:41:57.0928
e
16:41:57.0963
arantine
16:41:58.0038
16:41:58.0053
uarantine
16:42:03.0899
6052 Wdf01000 ( ForgedFile.Multi.Generic ) - User select action:

6052 C:\Windows\System32\webclnt.dll - copied to quarantine
6052 WebClient ( ForgedFile.Multi.Generic ) - User select action:
6052 C:\Windows\system32\wecsvc.dll - copied to quarantine
6052 Wecsvc ( ForgedFile.Multi.Generic ) - User select action: Qu
6052 C:\Windows\system32\wbem\WMIsvc.dll - copied to quarantine
6052 Winmgmt ( ForgedFile.Multi.Generic ) - User select action: Q
6052 C:\Windows\system32\WsmSvc.dll - copied to quarantine
6052 WinRM ( ForgedFile.Multi.Generic ) - User select action: Qua
6052 C:\Windows\System32\wlansvc.dll - copied to quarantine
6052 Wlansvc ( ForgedFile.Multi.Generic ) - User select action: Q
6052 C:\Windows\system32\wbem\WmiApSrv.exe - copied to quarantine
6052 wmiApSrv ( ForgedFile.Multi.Generic ) - User select action:
6052 C:\Windows\system32\wuaueng.dll - copied to quarantine
6052 wuauserv ( ForgedFile.Multi.Generic ) - User select action:
6052 C:\Windows\system32\DRIVERS\WUDFRd.sys - copied to quarantin
6052 WUDFRd ( ForgedFile.Multi.Generic ) - User select action: Qu
6052 C:\Windows\System32\wwansvc.dll - copied to quarantine
6052 WwanSvc ( ForgedFile.Multi.Generic ) - User select action: Q
7560 Deinitialize success

TDSSKiller.2.8.16.0 09.06.2013 16.38.30 Log

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

TDSSKiller.2.8.16.0 09.06.2013 16.38.30 Log

Caricato da

Copyright:

Formati disponibili

16:38:30.0993 7792 TDSS rootkit removing tool 2.8.16.

0 Feb 11 2013 18:50:42

16:38:47.0374 10456 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi

l md5: 5E70BFA2F6D20D0CE0C4BC8CB9978695, Fake md5: 1EA7969E3271CBC59E1730697DC74

16:38:54.0838 10456 BTHPORT ( ForgedFile.Multi.Generic ) - warning

16:38:57.0055 10456 [ B89B6C8262ACA6654AF4C5C96B00EAD4 ] clr_optimization_v4.0.

16:38:58.0038 10456 defragsvc ( ForgedFile.Multi.Generic ) - warning

16:39:00.0869 10456 Fax - detected ForgedFile.Multi.Generic (1)

16:39:07.0670 10456 iScsiPrt - detected ForgedFile.Multi.Generic (1)

16:39:11.0741 10456 MpsSvc ( ForgedFile.Multi.Generic ) - warning

16:39:14.0822 10456 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi

16:39:16.0500 10456 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi

16:39:18.0904 10456 NW1950 - ok

16:39:19.0923 10456 Suspicious file (Forged): C:\Windows\system32\drivers\peaut

16:39:21.0433 10456 ProfSvc ( ForgedFile.Multi.Generic ) - warning

16:39:23.0162 10456 RasMan ( ForgedFile.Multi.Generic ) - warning

16:39:25.0032 10456 RFCOMM - detected ForgedFile.Multi.Generic (1)

16:39:27.0610 10456 SDRSVC ( ForgedFile.Multi.Generic ) - warning

16:39:31.0500 10456 SQLBrowser - detected ForgedFile.Multi.Generic (1)

16:39:37.0064 10456 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci

8, Fake md5: 34063C0B842E73662067F9B03947C55C

o\OfficeScan Client\VSApiNt.sys. Real md5: 56905A2F1227AF3B2269D34C00F7EF1B, Fak

16:39:41.0394 10456 WANARP - ok

16:39:42.0753 10456 WebClient - detected ForgedFile.Multi.Generic (1)

16:39:44.0870 10456 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum

16:39:46.0463 10456 [ FFBE62C7CFA81689A3EFDF9C9072D47C ] C:\Windows\system32\se

11072 amdsbs ( ForgedFile.Multi.Generic ) - skipped by user

lect action: Skip

AudioSrv ( ForgedFile.Multi.Generic ) - skipped by user

16:40:12.0960 11072 BITS ( ForgedFile.Multi.Generic ) - skipped by user

11072 CryptSvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 defragsvc ( ForgedFile.Multi.Generic ) - skipped by user

16:40:13.0015 11072 FLEXnet Licensing Service ( ForgedFile.Multi.Generic ) - sk

gpsvc ( ForgedFile.Multi.Generic ) - User select action: Sk

11072 lltdsvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 Ntfs ( ForgedFile.Multi.Generic ) - skipped by user

11072 p2pimsvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 pcmcia ( ForgedFile.Multi.Generic ) - skipped by user

11072 PlugPlay ( ForgedFile.Multi.Generic ) - skipped by user

11072 ntrtscan ( ForgedFile.Multi.Generic ) - skipped by user

11072 p2psvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 PEAUTH ( ForgedFile.Multi.Generic ) - skipped by user

11072 PNRPsvc ( ForgedFile.Multi.Generic ) - skipped by user

11072 Psched ( ForgedFile.Multi.Generic ) - skipped by user

11072 SOHDms ( ForgedFile.Multi.Generic ) - User select action: S

11072 srv2 ( ForgedFile.Multi.Generic ) - skipped by user

11072 TermService ( ForgedFile.Multi.Generic ) - skipped by user

11072 Spooler ( ForgedFile.Multi.Generic ) - skipped by user

11072 srvnet ( ForgedFile.Multi.Generic ) - skipped by user

11072 TmFilter ( ForgedFile.Multi.Generic ) - skipped by user

TmProxy ( ForgedFile.Multi.Generic ) - User select action:

11072 vhdmp ( ForgedFile.Multi.Generic ) - skipped by user

11072 VSNService ( ForgedFile.Multi.Generic ) - skipped by user

vToolbarUpdater15.2.0 ( ForgedFile.Multi.Generic ) - skippe

16:40:13.0287 11072 YouTubeDownloaderConverter ( UnsignedFile.Multi.Generic ) User select action: Skip

16:40:53.0355 10700 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo

a.sys. Real md5: 3E7FA18FEA3BE0AF9614DE5C65092795, Fake md5: 3E5B191307609F75141

16:40:54.0435 10700 [ 4579108CDA3CEBC6432027A86E7B7A9B ] Brserid

16:40:54.0900 10700 btwrchid - ok

16:40:55.0405 10700 CNG - detected ForgedFile.Multi.Generic (1)

16:40:55.0872 10700 dot3svc ( ForgedFile.Multi.Generic ) - warning

16:40:56.0356 10700 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev

7749A61, Fake md5: 5D4BC124FAAE6730AC002CDB67BF1A1C