Virus bloque activation antivir et mises à jo

Résolu
Jicé -  
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

J'ai honteusement chopé une vérole qui empêche Avira de s'activer au démarrage. Je ne peux pas l'activer manuellement. Et les mises à jour windows sont impossibles.
J'ai réussi apparemment à éliminer un fichier "iy4zowdz16.exe" qui contenait cutwail. Mais les choses doivent être plus profondes, car je ne peux toujours pas activer Avira.

Merci de m'aider !

47 réponses

Précédent
Réponse 21 / 47
Jicé
 
RogueKiller V7.1.0 [15/02/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version
Demarrage : Mode normal
Utilisateur: Banjo [Droits d'admin]
Mode: Suppression -- Date: 16/02/2012 13:07:31

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++
--- User ---
[MBR] 68a9e35c6719ec184144274918b45528
[BSP] 11a41b59a9c99f64aca46d7af2da7024 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
0
Réponse 22 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
Tu as un fichier Hosts modifié, en particulier par crack que tu avais télécahagé pour Adobe

- Télécharge RstHosts (d'Xplode) sur ton bureau.
- Lance le et appuie sur Restaurer
- Copie/colle le contenu du rapport qui s'ouvrira à l'écran dans ton prochain message.

Note : Le rapport est également sauvegardé à la racine du disque dur ( C:\RstHosts.txt )

Smart
0
Réponse 23 / 47
Jicé
 
-|x| RstHosts v2.0 - Rapport créé le 16/02/2012 à 18:29:44
-|x| Système d'exploitation : Windows 7 Home Premium (64 bits)
-|x| Nom d'utilisateur : Banjo - BANJO-PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrateurs - BUILTIN
Taille : 89 bytes
Date de création : 14/07/2009 - 03:34:48
Date de modification : 16/02/2012 - 18:29:39
Date de dernier accès : 16/02/2012 - 18:29:39

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 611 bytes -|x|-
0
Réponse 24 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
Est-ce que tu as les pb ?
Si oui tu vas faire ceci:

Avant de commencer, fais une sauvegarde de tous tes documents personnels. D'ailleurs, il faut le faire régulièrement

Attention pour ceux qui parcourent ce sujet, cet outil n'est pas à utiliser à la légère, et doit être recommandé uniquement par une personne formée à cet outil

Imprime la procédure

Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tutoriel pour bien utiliser l'outil ==> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

- /!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
- Double-clique sur ComboFix.exe
- Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
- Surtout si tu es sous XP, accepte d'installer la console de récupération

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

Smart
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 47
Jicé
 
oui j'ai toujours des soucis, je ne peux pas mettre à jour windows, je ne pas activer la protection temps réel d'avira.

je vais lire un peu ce que c'est combofix, parce que là tu me fais peur... :)
0
Réponse 26 / 47
Jicé
 
ComboFix 12-02-16.02 - Banjo 16/02/2012 19:45:20.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4028.2676 [GMT 1:00]
Lancé depuis: c:\users\Banjo\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Banjo\AppData\Roaming\.#
c:\users\Banjo\AppData\Roaming\Local
c:\users\Banjo\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Banjo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-01-16 au 2012-02-16 ))))))))))))))))))))))))))))))))))))
.
.
2012-02-16 18:52 . 2012-02-16 18:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-14 17:01 . 2012-02-14 17:01 -------- d-----w- c:\users\Banjo\AppData\Local\ElevatedDiagnostics
2012-02-14 16:51 . 2012-02-14 16:51 -------- d-----w- c:\users\Banjo\AppData\Roaming\Avira
2012-02-14 16:51 . 2012-02-14 16:51 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-02-14 16:46 . 2012-02-16 08:50 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-14 16:46 . 2011-12-16 08:51 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-14 16:46 . 2011-12-16 08:51 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-14 16:46 . 2012-02-14 16:46 -------- d-----w- c:\programdata\Avira
2012-02-14 16:46 . 2012-02-14 16:46 -------- d-----w- c:\program files (x86)\Avira
2012-02-13 10:51 . 2012-02-15 12:50 -------- d-----w- C:\ZHP
2012-02-13 10:50 . 2012-02-15 12:49 -------- d-----w- c:\program files (x86)\ZHPDiag
2012-02-12 14:58 . 2012-02-12 14:58 -------- d-----w- c:\users\Banjo\AppData\Roaming\Malwarebytes
2012-02-12 14:58 . 2012-02-12 14:58 -------- d-----w- c:\programdata\Malwarebytes
2012-02-12 14:58 . 2012-02-12 14:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 14:58 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-12 14:49 . 2012-02-12 14:49 -------- d-----w- c:\users\Banjo\AppData\Roaming\QuickScan
2012-02-11 08:10 . 2012-02-11 08:10 -------- d-----w- c:\program files\CCleaner
2012-02-08 12:08 . 2012-02-12 08:54 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-08 12:08 . 2012-02-12 08:54 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-31 08:40 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA5D16AB-6DC1-478F-AE4C-0055218EFD86}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:39 . 2010-06-09 05:45 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 10:14 . 2011-11-25 10:14 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 05:00 . 2011-12-15 20:06 3141632 ----a-w- c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-11 08:50 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 08:50 67072 ----a-w- c:\windows\SysWow64\packager.dll
2003-11-03 15:07 . 2004-04-23 15:06 499712 ----a-w- c:\program files (x86)\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06 348160 ----a-w- c:\program files (x86)\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09 344064 ----a-r- c:\program files (x86)\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09 487424 ----a-w- c:\program files (x86)\msvcp70.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2010-05-03 163992]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-12-27 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-05-01 420864]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448]
R3 NETw5s64;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-05-03 188416]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-10-02 786976]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 158240]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 96d3a22ff13478f7
.
Contenu du dossier 'Tâches planifiées'
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 12:18]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 12:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-27 200704]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-10-02 496160]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-09-04 221728]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_4810t&r=273606101416l0378z195t4951b44q
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_4810t&r=273606101416l0378z195t4951b44q
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles\n1xtfilk.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DivX Download Manager - c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\96d3a22ff13478f7]
"ImagePath"="\SystemRoot\System32\Drivers\96d3a22ff13478f7.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
.
**************************************************************************
.
Heure de fin: 2012-02-16 20:10:16 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-02-16 19:10
.
Avant-CF: 107 814 514 688 octets libres
Après-CF: 107 513 159 680 octets libres
.
- - End Of File - - 8815DC8CA4A9EEECC5D7637003EBDDAE
0
Réponse 27 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
Est-ce que tu as toujours les mêmes problèmes ?

Smart
0
Réponse 28 / 47
Jicé
 
oui. Et au démarrage, des applications (firefox par exemple) mettent très longtemps à démarrer. Et même souci pour la protection temps réel impossible à activer, et windows update non plus.
0
Réponse 29 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
On va vérifier autre chose:

* Télécharge TDSSKiller (de Kaspersky Labs) sur ton Bureau.
* Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur")
* Clique sur Start Scan pour démarrer l'analyse.
* Si TDSS.tdl2 : l'option Delete sera cochée.
* Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
* Si "Suspicious object" laisse l'option cochée sur Skip
* Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas
* Ensuite, clique sur Continue puis sur Reboot Now si nécessaire.
* Un rapport s'ouvrira au redémarrage de l'ordinateur.
* Copie/colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt

Smart
0
Réponse 30 / 47
Jicé
 
12:18:22.0991 4156 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:18:23.0111 4156 ============================================================
12:18:23.0111 4156 Current date / time: 2012/02/17 12:18:23.0111
12:18:23.0111 4156 SystemInfo:
12:18:23.0111 4156
12:18:23.0111 4156 OS Version: 6.1.7600 ServicePack: 0.0
12:18:23.0111 4156 Product type: Workstation
12:18:23.0111 4156 ComputerName: BANJO-PC
12:18:23.0118 4156 UserName: Banjo
12:18:23.0118 4156 Windows directory: C:\Windows
12:18:23.0118 4156 System windows directory: C:\Windows
12:18:23.0118 4156 Running under WOW64
12:18:23.0118 4156 Processor architecture: Intel x64
12:18:23.0118 4156 Number of processors: 2
12:18:23.0118 4156 Page size: 0x1000
12:18:23.0118 4156 Boot type: Normal boot
12:18:23.0118 4156 ============================================================
12:18:29.0248 4156 !crdlk
12:18:29.0255 4156 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:18:29.0310 4156 \Device\Harddisk0\DR0:
12:18:29.0310 4156 MBR used
12:18:29.0310 4156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
12:18:29.0310 4156 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
12:18:29.0329 4156 Initialize success
12:18:29.0329 4156 ============================================================
12:18:33.0335 4612 ============================================================
12:18:33.0335 4612 Scan started
12:18:33.0335 4612 Mode: Manual;
12:18:33.0335 4612 ============================================================
12:18:33.0908 4612 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:18:33.0913 4612 1394ohci - ok
12:18:33.0930 4612 Suspicious service (NoAccess): 96d3a22ff13478f7
12:18:34.0007 4612 96d3a22ff13478f7 (3cf7e5b421a18139d013180f6327fa2a) C:\Windows\System32\Drivers\96d3a22ff13478f7.sys
12:18:34.0007 4612 Suspicious file (NoAccess): C:\Windows\System32\Drivers\96d3a22ff13478f7.sys. md5: 3cf7e5b421a18139d013180f6327fa2a
12:18:34.0024 4612 96d3a22ff13478f7 ( LockedService.Multi.Generic ) - warning
12:18:34.0024 4612 96d3a22ff13478f7 - detected LockedService.Multi.Generic (1)
12:18:34.0109 4612 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:18:34.0115 4612 ACPI - ok
12:18:34.0183 4612 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:18:34.0185 4612 AcpiPmi - ok
12:18:34.0268 4612 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
12:18:34.0271 4612 adfs - ok
12:18:34.0340 4612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:18:34.0350 4612 adp94xx - ok
12:18:34.0394 4612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:18:34.0401 4612 adpahci - ok
12:18:34.0453 4612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:18:34.0458 4612 adpu320 - ok
12:18:34.0634 4612 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:18:34.0644 4612 AFD - ok
12:18:34.0712 4612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:18:34.0714 4612 agp440 - ok
12:18:34.0818 4612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:18:34.0819 4612 aliide - ok
12:18:34.0884 4612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:18:34.0886 4612 amdide - ok
12:18:34.0952 4612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:18:34.0954 4612 AmdK8 - ok
12:18:35.0296 4612 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:18:35.0527 4612 amdkmdag - ok
12:18:35.0698 4612 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
12:18:35.0705 4612 amdkmdap - ok
12:18:35.0768 4612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:18:35.0770 4612 AmdPPM - ok
12:18:35.0843 4612 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:18:35.0846 4612 amdsata - ok
12:18:35.0896 4612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:18:35.0900 4612 amdsbs - ok
12:18:35.0938 4612 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:18:35.0939 4612 amdxata - ok
12:18:36.0104 4612 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:18:36.0106 4612 AppID - ok
12:18:36.0339 4612 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:18:36.0341 4612 arc - ok
12:18:36.0383 4612 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:18:36.0385 4612 arcsas - ok
12:18:36.0435 4612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:18:36.0437 4612 AsyncMac - ok
12:18:36.0488 4612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:18:36.0489 4612 atapi - ok
12:18:36.0821 4612 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:18:36.0903 4612 atikmdag - ok
12:18:37.0116 4612 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:18:37.0117 4612 avgntflt - ok
12:18:37.0171 4612 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:18:37.0173 4612 avipbb - ok
12:18:37.0242 4612 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:18:37.0243 4612 avkmgr - ok
12:18:37.0355 4612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:18:37.0364 4612 b06bdrv - ok
12:18:37.0444 4612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:18:37.0449 4612 b57nd60a - ok
12:18:37.0553 4612 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:18:37.0601 4612 BCM43XX - ok
12:18:37.0773 4612 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:18:37.0774 4612 Beep - ok
12:18:37.0904 4612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:18:37.0906 4612 blbdrive - ok
12:18:38.0027 4612 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:18:38.0029 4612 bowser - ok
12:18:38.0099 4612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:18:38.0101 4612 BrFiltLo - ok
12:18:38.0146 4612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:18:38.0148 4612 BrFiltUp - ok
12:18:38.0214 4612 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:18:38.0217 4612 BridgeMP - ok
12:18:38.0314 4612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:18:38.0320 4612 Brserid - ok
12:18:38.0362 4612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:18:38.0364 4612 BrSerWdm - ok
12:18:38.0406 4612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:18:38.0408 4612 BrUsbMdm - ok
12:18:38.0440 4612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:18:38.0441 4612 BrUsbSer - ok
12:18:38.0490 4612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:18:38.0492 4612 BTHMODEM - ok
12:18:38.0577 4612 catchme - ok
12:18:38.0633 4612 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:18:38.0636 4612 cdfs - ok
12:18:38.0699 4612 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:18:38.0703 4612 cdrom - ok
12:18:38.0772 4612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:18:38.0774 4612 circlass - ok
12:18:38.0842 4612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:18:38.0849 4612 CLFS - ok
12:18:39.0118 4612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:18:39.0119 4612 CmBatt - ok
12:18:39.0194 4612 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:18:39.0195 4612 cmdide - ok
12:18:39.0308 4612 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:18:39.0316 4612 CNG - ok
12:18:39.0386 4612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:18:39.0387 4612 Compbatt - ok
12:18:39.0458 4612 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:18:39.0460 4612 CompositeBus - ok
12:18:39.0523 4612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:18:39.0525 4612 crcdisk - ok
12:18:39.0697 4612 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
12:18:39.0699 4612 dc3d - ok
12:18:39.0863 4612 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:18:39.0866 4612 DfsC - ok
12:18:39.0959 4612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:18:39.0960 4612 discache - ok
12:18:40.0014 4612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:18:40.0016 4612 Disk - ok
12:18:40.0044 4612 DKbFltr - ok
12:18:40.0158 4612 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:18:40.0159 4612 drmkaud - ok
12:18:40.0286 4612 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:18:40.0321 4612 DXGKrnl - ok
12:18:40.0489 4612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:18:40.0595 4612 ebdrv - ok
12:18:40.0833 4612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:18:40.0843 4612 elxstor - ok
12:18:40.0957 4612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:18:40.0958 4612 ErrDev - ok
12:18:41.0091 4612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:18:41.0096 4612 exfat - ok
12:18:41.0154 4612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:18:41.0159 4612 fastfat - ok
12:18:41.0231 4612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:18:41.0233 4612 fdc - ok
12:18:41.0368 4612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:18:41.0369 4612 FileInfo - ok
12:18:41.0415 4612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:18:41.0417 4612 Filetrace - ok
12:18:41.0469 4612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:18:41.0471 4612 flpydisk - ok
12:18:41.0533 4612 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:18:41.0539 4612 FltMgr - ok
12:18:41.0643 4612 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:18:41.0645 4612 FsDepends - ok
12:18:41.0703 4612 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:18:41.0704 4612 Fs_Rec - ok
12:18:41.0760 4612 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:18:41.0766 4612 fvevol - ok
12:18:41.0837 4612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:18:41.0839 4612 gagp30kx - ok
12:18:41.0907 4612 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:18:41.0908 4612 GEARAspiWDM - ok
12:18:42.0173 4612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:18:42.0176 4612 hcw85cir - ok
12:18:42.0260 4612 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:18:42.0267 4612 HdAudAddService - ok
12:18:42.0339 4612 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:18:42.0342 4612 HDAudBus - ok
12:18:42.0396 4612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:18:42.0397 4612 HidBatt - ok
12:18:42.0443 4612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:18:42.0445 4612 HidBth - ok
12:18:42.0493 4612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:18:42.0495 4612 HidIr - ok
12:18:42.0578 4612 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:18:42.0580 4612 HidUsb - ok
12:18:42.0723 4612 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:18:42.0725 4612 HpSAMD - ok
12:18:42.0798 4612 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:18:42.0812 4612 HTTP - ok
12:18:42.0864 4612 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:18:42.0865 4612 hwpolicy - ok
12:18:42.0923 4612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:18:42.0930 4612 i8042prt - ok
12:18:43.0035 4612 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:18:43.0043 4612 iaStor - ok
12:18:43.0125 4612 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:18:43.0133 4612 iaStorV - ok
12:18:43.0404 4612 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:18:43.0594 4612 igfx - ok
12:18:43.0789 4612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:18:43.0791 4612 iirsp - ok
12:18:43.0949 4612 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
12:18:43.0985 4612 IntcAzAudAddService - ok
12:18:44.0118 4612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:18:44.0120 4612 intelide - ok
12:18:44.0377 4612 intelkmd (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys
12:18:44.0545 4612 intelkmd - ok
12:18:44.0703 4612 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:18:44.0705 4612 intelppm - ok
12:18:44.0814 4612 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:18:44.0816 4612 IpFilterDriver - ok
12:18:44.0914 4612 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:18:44.0916 4612 IPMIDRV - ok
12:18:44.0966 4612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:18:44.0969 4612 IPNAT - ok
12:18:45.0065 4612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:18:45.0067 4612 IRENUM - ok
12:18:45.0112 4612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:18:45.0114 4612 isapnp - ok
12:18:45.0184 4612 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:18:45.0189 4612 iScsiPrt - ok
12:18:45.0240 4612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:18:45.0242 4612 kbdclass - ok
12:18:45.0292 4612 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:18:45.0294 4612 kbdhid - ok
12:18:45.0400 4612 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:18:45.0402 4612 KSecDD - ok
12:18:45.0446 4612 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:18:45.0449 4612 KSecPkg - ok
12:18:45.0507 4612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:18:45.0508 4612 ksthunk - ok
12:18:45.0597 4612 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:18:45.0599 4612 L1C - ok
12:18:45.0664 4612 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
12:18:45.0666 4612 L1E - ok
12:18:45.0813 4612 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:18:45.0816 4612 lltdio - ok
12:18:45.0953 4612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:18:45.0956 4612 LSI_FC - ok
12:18:46.0000 4612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:18:46.0003 4612 LSI_SAS - ok
12:18:46.0042 4612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:18:46.0045 4612 LSI_SAS2 - ok
12:18:46.0099 4612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:18:46.0102 4612 LSI_SCSI - ok
12:18:46.0171 4612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:18:46.0173 4612 luafv - ok
12:18:46.0267 4612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:18:46.0269 4612 megasas - ok
12:18:46.0320 4612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:18:46.0325 4612 MegaSR - ok
12:18:46.0410 4612 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:18:46.0412 4612 Modem - ok
12:18:46.0461 4612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:18:46.0462 4612 monitor - ok
12:18:46.0515 4612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:18:46.0517 4612 mouclass - ok
12:18:46.0573 4612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:18:46.0575 4612 mouhid - ok
12:18:46.0632 4612 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:18:46.0634 4612 mountmgr - ok
12:18:46.0686 4612 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:18:46.0690 4612 mpio - ok
12:18:46.0752 4612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:18:46.0754 4612 mpsdrv - ok
12:18:46.0866 4612 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:18:46.0869 4612 MRxDAV - ok
12:18:46.0952 4612 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:18:46.0955 4612 mrxsmb - ok
12:18:47.0021 4612 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:18:47.0027 4612 mrxsmb10 - ok
12:18:47.0104 4612 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:18:47.0107 4612 mrxsmb20 - ok
12:18:47.0173 4612 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:18:47.0174 4612 msahci - ok
12:18:47.0227 4612 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:18:47.0231 4612 msdsm - ok
12:18:47.0340 4612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:18:47.0340 4612 Msfs - ok
12:18:47.0384 4612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:18:47.0386 4612 mshidkmdf - ok
12:18:47.0434 4612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:18:47.0434 4612 msisadrv - ok
12:18:47.0532 4612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:18:47.0533 4612 MSKSSRV - ok
12:18:47.0578 4612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:18:47.0579 4612 MSPCLOCK - ok
12:18:47.0619 4612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:18:47.0620 4612 MSPQM - ok
12:18:47.0674 4612 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:18:47.0682 4612 MsRPC - ok
12:18:47.0751 4612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:18:47.0752 4612 mssmbios - ok
12:18:47.0799 4612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:18:47.0800 4612 MSTEE - ok
12:18:47.0850 4612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:18:47.0851 4612 MTConfig - ok
12:18:47.0909 4612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:18:47.0910 4612 Mup - ok
12:18:47.0973 4612 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:18:47.0974 4612 mwlPSDFilter - ok
12:18:48.0013 4612 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:18:48.0015 4612 mwlPSDNServ - ok
12:18:48.0055 4612 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:18:48.0058 4612 mwlPSDVDisk - ok
12:18:48.0237 4612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:18:48.0244 4612 NativeWifiP - ok
12:18:48.0341 4612 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
12:18:48.0357 4612 NDIS - ok
12:18:48.0407 4612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:18:48.0409 4612 NdisCap - ok
12:18:48.0470 4612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:18:48.0472 4612 NdisTapi - ok
12:18:48.0530 4612 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
12:18:48.0532 4612 Ndisuio - ok
12:18:48.0588 4612 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:18:48.0592 4612 NdisWan - ok
12:18:48.0633 4612 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:18:48.0636 4612 NDProxy - ok
12:18:48.0696 4612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:18:48.0697 4612 NetBIOS - ok
12:18:48.0780 4612 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
12:18:48.0786 4612 NetBT - ok
12:18:49.0182 4612 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:18:49.0373 4612 NETw5s64 - ok
12:18:49.0528 4612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:18:49.0530 4612 nfrd960 - ok
12:18:49.0610 4612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:18:49.0611 4612 Npfs - ok
12:18:49.0675 4612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:18:49.0677 4612 nsiproxy - ok
12:18:49.0833 4612 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:18:49.0877 4612 Ntfs - ok
12:18:50.0049 4612 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
12:18:50.0051 4612 NTIDrvr - ok
12:18:50.0143 4612 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:18:50.0144 4612 Null - ok
12:18:50.0218 4612 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
12:18:50.0222 4612 nvraid - ok
12:18:50.0277 4612 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
12:18:50.0282 4612 nvstor - ok
12:18:50.0356 4612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
12:18:50.0359 4612 nv_agp - ok
12:18:50.0469 4612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:18:50.0472 4612 ohci1394 - ok
12:18:50.0663 4612 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:18:50.0666 4612 Parport - ok
12:18:50.0729 4612 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:18:50.0731 4612 partmgr - ok
12:18:50.0826 4612 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:18:50.0829 4612 pci - ok
12:18:50.0875 4612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:18:50.0876 4612 pciide - ok
12:18:50.0928 4612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:18:50.0933 4612 pcmcia - ok
12:18:50.0985 4612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:18:50.0986 4612 pcw - ok
12:18:51.0065 4612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:18:51.0082 4612 PEAUTH - ok
12:18:51.0420 4612 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
12:18:51.0422 4612 Point64 - ok
12:18:51.0564 4612 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
12:18:51.0567 4612 PptpMiniport - ok
12:18:51.0621 4612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:18:51.0623 4612 Processor - ok
12:18:51.0736 4612 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:18:51.0739 4612 Psched - ok
12:18:51.0837 4612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:18:51.0889 4612 ql2300 - ok
12:18:51.0995 4612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:18:51.0998 4612 ql40xx - ok
12:18:52.0083 4612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:18:52.0085 4612 QWAVEdrv - ok
12:18:52.0125 4612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:18:52.0127 4612 RasAcd - ok
12:18:52.0192 4612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:18:52.0194 4612 RasAgileVpn - ok
12:18:52.0263 4612 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:18:52.0266 4612 Rasl2tp - ok
12:18:52.0331 4612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:18:52.0334 4612 RasPppoe - ok
12:18:52.0396 4612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:18:52.0399 4612 RasSstp - ok
12:18:52.0461 4612 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
12:18:52.0467 4612 rdbss - ok
12:18:52.0519 4612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:18:52.0520 4612 rdpbus - ok
12:18:52.0567 4612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:18:52.0568 4612 RDPCDD - ok
12:18:52.0626 4612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:18:52.0627 4612 RDPENCDD - ok
12:18:52.0689 4612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:18:52.0692 4612 RDPREFMP - ok
12:18:52.0744 4612 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:18:52.0748 4612 RDPWD - ok
12:18:52.0819 4612 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
12:18:52.0824 4612 rdyboost - ok
12:18:53.0015 4612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:18:53.0018 4612 rspndr - ok
12:18:53.0084 4612 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
12:18:53.0089 4612 RSUSBSTOR - ok
12:18:53.0159 4612 RtsUIR - ok
12:18:53.0258 4612 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:18:53.0261 4612 sbp2port - ok
12:18:53.0336 4612 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:18:53.0338 4612 scfilter - ok
12:18:53.0444 4612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:18:53.0446 4612 secdrv - ok
12:18:53.0558 4612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:18:53.0560 4612 Serenum - ok
12:18:53.0605 4612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:18:53.0608 4612 Serial - ok
12:18:53.0668 4612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:18:53.0670 4612 sermouse - ok
12:18:53.0787 4612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:18:53.0788 4612 sffdisk - ok
12:18:53.0824 4612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:18:53.0825 4612 sffp_mmc - ok
12:18:53.0871 4612 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:18:53.0872 4612 sffp_sd - ok
12:18:53.0902 4612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:18:53.0904 4612 sfloppy - ok
12:18:54.0019 4612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:18:54.0021 4612 SiSRaid2 - ok
12:18:54.0071 4612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:18:54.0073 4612 SiSRaid4 - ok
12:18:54.0132 4612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:18:54.0134 4612 Smb - ok
12:18:54.0245 4612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:18:54.0246 4612 spldr - ok
12:18:54.0416 4612 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:18:54.0425 4612 srv - ok
12:18:54.0496 4612 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:18:54.0504 4612 srv2 - ok
12:18:54.0578 4612 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:18:54.0581 4612 srvnet - ok
12:18:54.0706 4612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:18:54.0708 4612 stexstor - ok
12:18:54.0805 4612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:18:54.0807 4612 swenum - ok
12:18:54.0945 4612 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
12:18:54.0951 4612 SynTP - ok
12:18:55.0201 4612 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
12:18:55.0248 4612 Tcpip - ok
12:18:55.0467 4612 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
12:18:55.0485 4612 TCPIP6 - ok
12:18:55.0605 4612 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
12:18:55.0607 4612 tcpipreg - ok
12:18:55.0664 4612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:18:55.0666 4612 TDPIPE - ok
12:18:55.0711 4612 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:18:55.0712 4612 TDTCP - ok
12:18:55.0763 4612 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
12:18:55.0766 4612 tdx - ok
12:18:55.0817 4612 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
12:18:55.0820 4612 TermDD - ok
12:18:56.0079 4612 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:18:56.0081 4612 tssecsrv - ok
12:18:56.0139 4612 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
12:18:56.0143 4612 tunnel - ok
12:18:56.0183 4612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:18:56.0186 4612 uagp35 - ok
12:18:56.0269 4612 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
12:18:56.0271 4612 UBHelper - ok
12:18:56.0350 4612 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:18:56.0357 4612 udfs - ok
12:18:56.0454 4612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:18:56.0457 4612 uliagpkx - ok
12:18:56.0519 4612 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:18:56.0521 4612 umbus - ok
12:18:56.0566 4612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:18:56.0568 4612 UmPass - ok
12:18:56.0692 4612 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:56.0695 4612 usbccgp - ok
12:18:56.0740 4612 USBCCID - ok
12:18:56.0818 4612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:18:56.0821 4612 usbcir - ok
12:18:56.0897 4612 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
12:18:56.0899 4612 usbehci - ok
12:18:56.0994 4612 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
12:18:57.0001 4612 usbhub - ok
12:18:57.0063 4612 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
12:18:57.0065 4612 usbohci - ok
12:18:57.0140 4612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:18:57.0142 4612 usbprint - ok
12:18:57.0197 4612 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:18:57.0199 4612 usbscan - ok
12:18:57.0262 4612 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:57.0265 4612 USBSTOR - ok
12:18:57.0334 4612 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
12:18:57.0336 4612 usbuhci - ok
12:18:57.0398 4612 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
12:18:57.0398 4612 Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvideo.sys. md5: 7cb8c573c6e4a2714402cc0a36eab4fe
12:18:57.0438 4612 usbvideo ( LockedFile.Multi.Generic ) - warning
12:18:57.0438 4612 usbvideo - detected LockedFile.Multi.Generic (1)
12:18:57.0623 4612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:18:57.0623 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
12:18:57.0642 4612 vdrvroot ( LockedFile.Multi.Generic ) - warning
12:18:57.0642 4612 vdrvroot - detected LockedFile.Multi.Generic (1)
12:18:57.0710 4612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:57.0710 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
12:18:57.0724 4612 vga ( LockedFile.Multi.Generic ) - warning
12:18:57.0724 4612 vga - detected LockedFile.Multi.Generic (1)
12:18:57.0782 4612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:18:57.0782 4612 Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
12:18:57.0795 4612 VgaSave ( LockedFile.Multi.Generic ) - warning
12:18:57.0795 4612 VgaSave - detected LockedFile.Multi.Generic (1)
12:18:57.0856 4612 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:18:57.0856 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: c82e748660f62a242b2dfac1442f22a4
12:18:57.0867 4612 vhdmp ( LockedFile.Multi.Generic ) - warning
12:18:57.0867 4612 vhdmp - detected LockedFile.Multi.Generic (1)
12:18:57.0929 4612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:18:57.0929 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
12:18:57.0937 4612 viaide ( LockedFile.Multi.Generic ) - warning
12:18:57.0937 4612 viaide - detected LockedFile.Multi.Generic (1)
12:18:57.0988 4612 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:18:57.0988 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2b1a3dae2b4e70dbba822b7a03fbd4a3
12:18:57.0996 4612 volmgr ( LockedFile.Multi.Generic ) - warning
12:18:57.0996 4612 volmgr - detected LockedFile.Multi.Generic (1)
12:18:58.0068 4612 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:18:58.0069 4612 Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: 99b0cbb569ca79acaed8c91461d765fb
12:18:58.0077 4612 volmgrx ( LockedFile.Multi.Generic ) - warning
12:18:58.0077 4612 volmgrx - detected LockedFile.Multi.Generic (1)
12:18:58.0131 4612 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:18:58.0131 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58f82eed8ca24b461441f9c3e4f0bf5c
12:18:58.0140 4612 volsnap ( LockedFile.Multi.Generic ) - warning
12:18:58.0140 4612 volsnap - detected LockedFile.Multi.Generic (1)
12:18:58.0193 4612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:18:58.0193 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
12:18:58.0204 4612 vsmraid ( LockedFile.Multi.Generic ) - warning
12:18:58.0204 4612 vsmraid - detected LockedFile.Multi.Generic (1)
12:18:58.0279 4612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:18:58.0279 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36d4720b72b5c5d9cb2b9c29e9df67a1
12:18:58.0286 4612 vwifibus ( LockedFile.Multi.Generic ) - warning
12:18:58.0287 4612 vwifibus - detected LockedFile.Multi.Generic (1)
12:18:58.0346 4612 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:18:58.0346 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6a3d66263414ff0d6fa754c646612f3f
12:18:58.0363 4612 vwififlt ( LockedFile.Multi.Generic ) - warning
12:18:58.0363 4612 vwififlt - detected LockedFile.Multi.Generic (1)
12:18:58.0418 4612 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:18:58.0418 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6a638fc4bfddc4d9b186c28c91bd1a01
12:18:58.0425 4612 vwifimp ( LockedFile.Multi.Generic ) - warning
12:18:58.0426 4612 vwifimp - detected LockedFile.Multi.Generic (1)
12:18:58.0530 4612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:18:58.0530 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
12:18:58.0553 4612 WacomPen ( LockedFile.Multi.Generic ) - warning
12:18:58.0553 4612 WacomPen - detected LockedFile.Multi.Generic (1)
12:18:58.0607 4612 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:58.0607 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47ca49400643effd3f1c9a27e1d69324
12:18:58.0629 4612 WANARP ( LockedFile.Multi.Generic ) - warning
12:18:58.0629 4612 WANARP - detected LockedFile.Multi.Generic (1)
12:18:58.0651 4612 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:58.0651 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47ca49400643effd3f1c9a27e1d69324
12:18:58.0663 4612 Wanarpv6 ( LockedFile.Multi.Generic ) - warning
12:18:58.0663 4612 Wanarpv6 - detected LockedFile.Multi.Generic (1)
12:18:58.0828 4612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:18:58.0828 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
12:18:58.0836 4612 Wd ( LockedFile.Multi.Generic ) - warning
12:18:58.0836 4612 Wd - detected LockedFile.Multi.Generic (1)
12:18:58.0920 4612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:18:58.0920 4612 Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
12:18:58.0943 4612 Wdf01000 ( LockedFile.Multi.Generic ) - warning
12:18:58.0943 4612 Wdf01000 - detected LockedFile.Multi.Generic (1)
12:18:59.0197 4612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:18:59.0197 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
12:18:59.0208 4612 WfpLwf ( LockedFile.Multi.Generic ) - warning
12:18:59.0208 4612 WfpLwf - detected LockedFile.Multi.Generic (1)
12:18:59.0285 4612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:18:59.0285 4612 Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
12:18:59.0310 4612 WIMMount ( LockedFile.Multi.Generic ) - warning
12:18:59.0310 4612 WIMMount - detected LockedFile.Multi.Generic (1)
12:18:59.0596 4612 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
12:18:59.0596 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: 817eaff5d38674edd7713b9dfb8e9791
12:18:59.0621 4612 WinUsb ( LockedFile.Multi.Generic ) - warning
12:18:59.0621 4612 WinUsb - detected LockedFile.Multi.Generic (1)
12:18:59.0843 4612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:18:59.0843 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
12:18:59.0865 4612 WmiAcpi ( LockedFile.Multi.Generic ) - warning
12:18:59.0865 4612 WmiAcpi - detected LockedFile.Multi.Generic (1)
12:19:00.0079 4612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:19:00.0079 4612 Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
12:19:00.0101 4612 ws2ifsl ( LockedFile.Multi.Generic ) - warning
12:19:00.0101 4612 ws2ifsl - detected LockedFile.Multi.Generic (1)
12:19:00.0340 4612 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:19:00.0340 4612 Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: 7cadc74271dd6461c452c271b30bd378
12:19:00.0356 4612 WudfPf ( LockedFile.Multi.Generic ) - warning
12:19:00.0356 4612 WudfPf - detected LockedFile.Multi.Generic (1)
12:19:00.0426 4612 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:19:00.0426 4612 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3b197af0fff08aa66b6b2241ca538d64
12:19:00.0442 4612 WUDFRd ( LockedFile.Multi.Generic ) - warning
12:19:00.0442 4612 WUDFRd - detected LockedFile.Multi.Generic (1)
12:19:00.0597 4612 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:19:00.0665 4612 \Device\Harddisk0\DR0 - ok
12:19:00.0673 4612 Boot (0x1200) (86d8a28d09e9ff15f45ae564c6258e5d) \Device\Harddisk0\DR0\Partition0
12:19:00.0676 4612 \Device\Harddisk0\DR0\Partition0 - ok
12:19:00.0693 4612 Boot (0x1200) (4d32885a6886e2e49b29ad5661556949) \Device\Harddisk0\DR0\Partition1
12:19:00.0695 4612 \Device\Harddisk0\DR0\Partition1 - ok
12:19:00.0696 4612 ============================================================
12:19:00.0696 4612 Scan finished
12:19:00.0696 4612 ============================================================
12:19:00.0711 1716 Detected object count: 26
12:19:00.0712 1716 Actual detected object count: 26
12:21:37.0864 1716 96d3a22ff13478f7 ( LockedService.Multi.Generic ) - skipped by user
12:21:37.0864 1716 96d3a22ff13478f7 ( LockedService.Multi.Generic ) - User select action: Skip
12:21:37.0868 1716 usbvideo ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0868 1716 usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0871 1716 vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0871 1716 vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0874 1716 vga ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0874 1716 vga ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0876 1716 VgaSave ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0876 1716 VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0879 1716 vhdmp ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0879 1716 vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0880 1716 viaide ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0880 1716 viaide ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0883 1716 volmgr ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0883 1716 volmgr ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0886 1716 volmgrx ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0886 1716 volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0888 1716 volsnap ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0889 1716 volsnap ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0891 1716 vsmraid ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0891 1716 vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0894 1716 vwifibus ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0894 1716 vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0897 1716 vwififlt ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0897 1716 vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0900 1716 vwifimp ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0900 1716 vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0903 1716 WacomPen ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0903 1716 WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0905 1716 WANARP ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0906 1716 WANARP ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0908 1716 Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0908 1716 Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0911 1716 Wd ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0911 1716 Wd ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0915 1716 Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0915 1716 Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0918 1716 WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0918 1716 WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0921 1716 WIMMount ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0921 1716 WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0923 1716 WinUsb ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0924 1716 WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0926 1716 WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0926 1716 WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0930 1716 ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0930 1716 ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0931 1716 WudfPf ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0931 1716 WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:37.0934 1716 WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0934 1716 WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip
12:21:48.0459 4300 Deinitialize success
0
Réponse 31 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
Relance TDSSKiller. Refais un scan.

Et lorque tu vois ce fichier 96d3a22ff13478f7 coche delete et/ou sur cure
Les autres tu laisses sur skip
Et poste le rapport

Smart
0
Réponse 32 / 47
Jicé
 
13:13:50.0613 4284 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:13:50.0728 4284 ============================================================
13:13:50.0728 4284 Current date / time: 2012/02/17 13:13:50.0728
13:13:50.0728 4284 SystemInfo:
13:13:50.0728 4284
13:13:50.0728 4284 OS Version: 6.1.7600 ServicePack: 0.0
13:13:50.0728 4284 Product type: Workstation
13:13:50.0728 4284 ComputerName: BANJO-PC
13:13:50.0728 4284 UserName: Banjo
13:13:50.0728 4284 Windows directory: C:\Windows
13:13:50.0729 4284 System windows directory: C:\Windows
13:13:50.0729 4284 Running under WOW64
13:13:50.0729 4284 Processor architecture: Intel x64
13:13:50.0729 4284 Number of processors: 2
13:13:50.0729 4284 Page size: 0x1000
13:13:50.0729 4284 Boot type: Normal boot
13:13:50.0729 4284 ============================================================
13:13:57.0132 4284 Raw registry subsystem init failed!
13:13:57.0442 4284 !crdlk
13:13:57.0448 4284 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
13:13:57.0457 4284 \Device\Harddisk0\DR0:
13:13:57.0458 4284 MBR used
13:13:57.0458 4284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
13:13:57.0458 4284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
13:13:57.0515 4284 Initialize success
13:13:57.0515 4284 ============================================================
13:14:02.0764 3932 ============================================================
13:14:02.0764 3932 Scan started
13:14:02.0764 3932 Mode: Manual;
13:14:02.0764 3932 ============================================================
13:14:02.0765 3932 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:14:02.0773 3932 \Device\Harddisk0\DR0 - ok
13:14:02.0778 3932 Boot (0x1200) (86d8a28d09e9ff15f45ae564c6258e5d) \Device\Harddisk0\DR0\Partition0
13:14:02.0780 3932 \Device\Harddisk0\DR0\Partition0 - ok
13:14:02.0786 3932 Boot (0x1200) (4d32885a6886e2e49b29ad5661556949) \Device\Harddisk0\DR0\Partition1
13:14:02.0788 3932 \Device\Harddisk0\DR0\Partition1 - ok
13:14:02.0791 3932 ============================================================
13:14:02.0791 3932 Scan finished
13:14:02.0791 3932 ============================================================
13:14:02.0880 3908 Detected object count: 0
13:14:02.0880 3908 Actual detected object count: 0
0
Réponse 33 / 47
Jicé
 
le scan a été très rapide et il n'a pas remis les mêmes messages qu'au premier scan.
0
Réponse 34 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
Je pense que cela vient de ceci:
13:13:57.0132 4284 Raw registry subsystem init failed!

Tu l'as bien lancé en tant qu'administrateur ?
Recommence

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0
Réponse 35 / 47
Jicé
 
oui oui, je l'ai fait. Je vais redémarrer l'ordi et réessayer
0
Réponse 36 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
OK. Sinon on le supprimera autrement

Smart
0
Réponse 37 / 47
Jicé
 
Hourra ! Le parapluie d'Avira s'est enfin ouvert !
0
Réponse 38 / 47
Jicé
 
13:50:59.0107 4668 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:50:59.0278 4668 ============================================================
13:50:59.0278 4668 Current date / time: 2012/02/17 13:50:59.0278
13:50:59.0278 4668 SystemInfo:
13:50:59.0278 4668
13:50:59.0278 4668 OS Version: 6.1.7600 ServicePack: 0.0
13:50:59.0278 4668 Product type: Workstation
13:50:59.0278 4668 ComputerName: BANJO-PC
13:50:59.0278 4668 UserName: Banjo
13:50:59.0278 4668 Windows directory: C:\Windows
13:50:59.0278 4668 System windows directory: C:\Windows
13:50:59.0278 4668 Running under WOW64
13:50:59.0278 4668 Processor architecture: Intel x64
13:50:59.0278 4668 Number of processors: 2
13:50:59.0278 4668 Page size: 0x1000
13:50:59.0278 4668 Boot type: Normal boot
13:50:59.0278 4668 ============================================================
13:51:03.0381 4668 !crdlk
13:51:03.0397 4668 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
13:51:03.0412 4668 \Device\Harddisk0\DR0:
13:51:03.0412 4668 MBR used
13:51:03.0412 4668 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
13:51:03.0412 4668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
13:51:03.0459 4668 Initialize success
13:51:03.0459 4668 ============================================================
13:51:05.0815 3540 ============================================================
13:51:05.0815 3540 Scan started
13:51:05.0815 3540 Mode: Manual;
13:51:05.0815 3540 ============================================================
13:51:06.0205 3540 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:51:06.0205 3540 1394ohci - ok
13:51:06.0236 3540 Suspicious service (NoAccess): 96d3a22ff13478f7
13:51:06.0298 3540 96d3a22ff13478f7 (3cf7e5b421a18139d013180f6327fa2a) C:\Windows\System32\Drivers\96d3a22ff13478f7.sys
13:51:06.0298 3540 Suspicious file (NoAccess): C:\Windows\System32\Drivers\96d3a22ff13478f7.sys. md5: 3cf7e5b421a18139d013180f6327fa2a
13:51:06.0345 3540 96d3a22ff13478f7 ( LockedService.Multi.Generic ) - warning
13:51:06.0345 3540 96d3a22ff13478f7 - detected LockedService.Multi.Generic (1)
13:51:06.0439 3540 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:51:06.0454 3540 ACPI - ok
13:51:06.0501 3540 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:51:06.0501 3540 AcpiPmi - ok
13:51:06.0595 3540 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
13:51:06.0595 3540 adfs - ok
13:51:06.0673 3540 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:51:06.0688 3540 adp94xx - ok
13:51:06.0735 3540 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:51:06.0751 3540 adpahci - ok
13:51:06.0797 3540 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:51:06.0797 3540 adpu320 - ok
13:51:06.0938 3540 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:51:06.0938 3540 AFD - ok
13:51:07.0016 3540 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:51:07.0016 3540 agp440 - ok
13:51:07.0109 3540 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:51:07.0109 3540 aliide - ok
13:51:07.0172 3540 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:51:07.0172 3540 amdide - ok
13:51:07.0234 3540 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:51:07.0234 3540 AmdK8 - ok
13:51:07.0546 3540 amdkmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:51:07.0624 3540 amdkmdag - ok
13:51:07.0749 3540 amdkmdap (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:51:07.0749 3540 amdkmdap - ok
13:51:07.0811 3540 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:51:07.0811 3540 AmdPPM - ok
13:51:07.0874 3540 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:51:07.0874 3540 amdsata - ok
13:51:07.0952 3540 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:51:07.0952 3540 amdsbs - ok
13:51:08.0014 3540 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:51:08.0014 3540 amdxata - ok
13:51:08.0201 3540 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:51:08.0201 3540 AppID - ok
13:51:08.0451 3540 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:51:08.0451 3540 arc - ok
13:51:08.0513 3540 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:51:08.0513 3540 arcsas - ok
13:51:08.0576 3540 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:51:08.0576 3540 AsyncMac - ok
13:51:08.0638 3540 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:51:08.0638 3540 atapi - ok
13:51:08.0981 3540 atikmdag (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:51:09.0059 3540 atikmdag - ok
13:51:09.0278 3540 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:51:09.0278 3540 avgntflt - ok
13:51:09.0340 3540 avipbb (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
13:51:09.0340 3540 avipbb - ok
13:51:09.0418 3540 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:51:09.0418 3540 avkmgr - ok
13:51:09.0543 3540 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:51:09.0559 3540 b06bdrv - ok
13:51:09.0621 3540 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:51:09.0621 3540 b57nd60a - ok
13:51:09.0746 3540 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:51:09.0777 3540 BCM43XX - ok
13:51:09.0949 3540 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:51:09.0949 3540 Beep - ok
13:51:10.0073 3540 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:51:10.0089 3540 blbdrive - ok
13:51:10.0198 3540 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:51:10.0198 3540 bowser - ok
13:51:10.0261 3540 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:51:10.0261 3540 BrFiltLo - ok
13:51:10.0307 3540 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:51:10.0307 3540 BrFiltUp - ok
13:51:10.0370 3540 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:51:10.0370 3540 BridgeMP - ok
13:51:10.0463 3540 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:51:10.0479 3540 Brserid - ok
13:51:10.0526 3540 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:51:10.0526 3540 BrSerWdm - ok
13:51:10.0573 3540 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:51:10.0573 3540 BrUsbMdm - ok
13:51:10.0619 3540 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:51:10.0619 3540 BrUsbSer - ok
13:51:10.0651 3540 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:51:10.0651 3540 BTHMODEM - ok
13:51:10.0744 3540 catchme - ok
13:51:10.0807 3540 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:51:10.0807 3540 cdfs - ok
13:51:10.0869 3540 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:51:10.0885 3540 cdrom - ok
13:51:10.0947 3540 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:51:10.0947 3540 circlass - ok
13:51:11.0025 3540 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:51:11.0041 3540 CLFS - ok
13:51:11.0290 3540 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:51:11.0290 3540 CmBatt - ok
13:51:11.0353 3540 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:51:11.0353 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cmdide.sys. md5: e19d3f095812725d88f9001985b94edd
13:51:11.0384 3540 cmdide ( LockedFile.Multi.Generic ) - warning
13:51:11.0384 3540 cmdide - detected LockedFile.Multi.Generic (1)
13:51:11.0477 3540 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:51:11.0477 3540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 937beb186a735aca91d717044a49d17e
13:51:11.0524 3540 CNG ( LockedFile.Multi.Generic ) - warning
13:51:11.0524 3540 CNG - detected LockedFile.Multi.Generic (1)
13:51:11.0633 3540 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:51:11.0633 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102de219c3f61415f964c88e9085ad14
13:51:11.0649 3540 Compbatt ( LockedFile.Multi.Generic ) - warning
13:51:11.0649 3540 Compbatt - detected LockedFile.Multi.Generic (1)
13:51:11.0758 3540 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:51:11.0758 3540 CompositeBus - ok
13:51:11.0836 3540 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:51:11.0836 3540 crcdisk - ok
13:51:12.0070 3540 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
13:51:12.0070 3540 dc3d - ok
13:51:12.0257 3540 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:51:12.0257 3540 DfsC - ok
13:51:12.0335 3540 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:51:12.0335 3540 discache - ok
13:51:12.0398 3540 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:51:12.0398 3540 Disk - ok
13:51:12.0445 3540 DKbFltr - ok
13:51:12.0569 3540 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:51:12.0569 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9b19f34400d24df84c858a421c205754
13:51:12.0585 3540 drmkaud ( LockedFile.Multi.Generic ) - warning
13:51:12.0585 3540 drmkaud - detected LockedFile.Multi.Generic (1)
13:51:12.0772 3540 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:51:12.0772 3540 Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 1633b9abf52784a1331476397a48cbef
13:51:12.0788 3540 DXGKrnl ( LockedFile.Multi.Generic ) - warning
13:51:12.0788 3540 DXGKrnl - detected LockedFile.Multi.Generic (1)
13:51:13.0006 3540 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:51:13.0006 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: dc5d737f51be844d8c82c695eb17372f
13:51:13.0022 3540 ebdrv ( LockedFile.Multi.Generic ) - warning
13:51:13.0022 3540 ebdrv - detected LockedFile.Multi.Generic (1)
13:51:13.0178 3540 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:51:13.0178 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0e5da5369a0fcaea12456dd852545184
13:51:13.0193 3540 elxstor ( LockedFile.Multi.Generic ) - warning
13:51:13.0193 3540 elxstor - detected LockedFile.Multi.Generic (1)
13:51:13.0287 3540 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:51:13.0287 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\errdev.sys. md5: 34a3c54752046e79a126e15c51db409b
13:51:13.0318 3540 ErrDev ( LockedFile.Multi.Generic ) - warning
13:51:13.0318 3540 ErrDev - detected LockedFile.Multi.Generic (1)
13:51:13.0474 3540 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:51:13.0474 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: a510c654ec00c1e9bdd91eeb3a59823b
13:51:13.0474 3540 exfat ( LockedFile.Multi.Generic ) - warning
13:51:13.0474 3540 exfat - detected LockedFile.Multi.Generic (1)
13:51:13.0537 3540 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:51:13.0537 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0adc83218b66a6db380c330836f3e36d
13:51:13.0552 3540 fastfat ( LockedFile.Multi.Generic ) - warning
13:51:13.0552 3540 fastfat - detected LockedFile.Multi.Generic (1)
13:51:13.0630 3540 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:51:13.0630 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: d765d19cd8ef61f650c384f62fac00ab
13:51:13.0646 3540 fdc ( LockedFile.Multi.Generic ) - warning
13:51:13.0646 3540 fdc - detected LockedFile.Multi.Generic (1)
13:51:13.0817 3540 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:51:13.0817 3540 FileInfo - ok
13:51:13.0864 3540 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:51:13.0864 3540 Filetrace - ok
13:51:13.0942 3540 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:51:13.0942 3540 flpydisk - ok
13:51:14.0005 3540 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:51:14.0005 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: f7866af72abbaf84b1fa5aa195378c59
13:51:14.0036 3540 FltMgr ( LockedFile.Multi.Generic ) - warning
13:51:14.0036 3540 FltMgr - detected LockedFile.Multi.Generic (1)
13:51:14.0129 3540 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:51:14.0129 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: d43703496149971890703b4b1b723eac
13:51:14.0145 3540 FsDepends ( LockedFile.Multi.Generic ) - warning
13:51:14.0145 3540 FsDepends - detected LockedFile.Multi.Generic (1)
13:51:14.0239 3540 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:51:14.0254 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: e95ef8547de20cf0603557c0cf7a9462
13:51:14.0254 3540 Fs_Rec ( LockedFile.Multi.Generic ) - warning
13:51:14.0254 3540 Fs_Rec - detected LockedFile.Multi.Generic (1)
13:51:14.0332 3540 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:51:14.0332 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: ae87ba80d0ec3b57126ed2cdc15b24ed
13:51:14.0348 3540 fvevol ( LockedFile.Multi.Generic ) - warning
13:51:14.0348 3540 fvevol - detected LockedFile.Multi.Generic (1)
13:51:14.0426 3540 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:51:14.0426 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8c778d335c9d272cfd3298ab02abe3b6
13:51:14.0441 3540 gagp30kx ( LockedFile.Multi.Generic ) - warning
13:51:14.0441 3540 gagp30kx - detected LockedFile.Multi.Generic (1)
13:51:14.0504 3540 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:51:14.0504 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: e403aacf8c7bb11375122d2464560311
13:51:14.0535 3540 GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
13:51:14.0535 3540 GEARAspiWDM - detected LockedFile.Multi.Generic (1)
13:51:14.0769 3540 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:51:14.0769 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: f2523ef6460fc42405b12248338ab2f0
13:51:14.0800 3540 hcw85cir ( LockedFile.Multi.Generic ) - warning
13:51:14.0800 3540 hcw85cir - detected LockedFile.Multi.Generic (1)
13:51:14.0878 3540 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:51:14.0878 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410f6f415b2a5a9037224c41da8bf12
13:51:14.0878 3540 HdAudAddService ( LockedFile.Multi.Generic ) - warning
13:51:14.0878 3540 HdAudAddService - detected LockedFile.Multi.Generic (1)
13:51:14.0925 3540 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:51:14.0925 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0a49913402747a0b67de940fb42cbdbb
13:51:14.0956 3540 HDAudBus ( LockedFile.Multi.Generic ) - warning
13:51:14.0956 3540 HDAudBus - detected LockedFile.Multi.Generic (1)
13:51:15.0003 3540 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:51:15.0003 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78e86380454a7b10a5eb255dc44a355f
13:51:15.0019 3540 HidBatt ( LockedFile.Multi.Generic ) - warning
13:51:15.0019 3540 HidBatt - detected LockedFile.Multi.Generic (1)
13:51:15.0065 3540 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:51:15.0065 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7fd2a313f7afe5c4dab14798c48dd104
13:51:15.0081 3540 HidBth ( LockedFile.Multi.Generic ) - warning
13:51:15.0081 3540 HidBth - detected LockedFile.Multi.Generic (1)
13:51:15.0143 3540 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:51:15.0143 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0a77d29f311b88cfae3b13f9c1a73825
13:51:15.0143 3540 HidIr ( LockedFile.Multi.Generic ) - warning
13:51:15.0143 3540 HidIr - detected LockedFile.Multi.Generic (1)
13:51:15.0268 3540 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:51:15.0268 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: b3bf6b5b50006def50b66306d99fcf6f
13:51:15.0284 3540 HidUsb ( LockedFile.Multi.Generic ) - warning
13:51:15.0284 3540 HidUsb - detected LockedFile.Multi.Generic (1)
13:51:15.0409 3540 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:51:15.0409 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886d440058f203eba0e1825e4355914
13:51:15.0424 3540 HpSAMD ( LockedFile.Multi.Generic ) - warning
13:51:15.0424 3540 HpSAMD - detected LockedFile.Multi.Generic (1)
13:51:15.0502 3540 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:51:15.0502 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: cee049cac4efa7f4e1e4ad014414a5d4
13:51:15.0533 3540 HTTP ( LockedFile.Multi.Generic ) - warning
13:51:15.0533 3540 HTTP - detected LockedFile.Multi.Generic (1)
13:51:15.0580 3540 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:51:15.0580 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: f17766a19145f111856378df337a5d79
13:51:15.0596 3540 hwpolicy ( LockedFile.Multi.Generic ) - warning
13:51:15.0596 3540 hwpolicy - detected LockedFile.Multi.Generic (1)
13:51:15.0658 3540 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:51:15.0658 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: fa55c73d4affa7ee23ac4be53b4592d3
13:51:15.0658 3540 i8042prt ( LockedFile.Multi.Generic ) - warning
13:51:15.0658 3540 i8042prt - detected LockedFile.Multi.Generic (1)
13:51:15.0783 3540 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:51:15.0783 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1d004cb1da6323b1f55caef7f94b61d9
13:51:15.0799 3540 iaStor ( LockedFile.Multi.Generic ) - warning
13:51:15.0799 3540 iaStor - detected LockedFile.Multi.Generic (1)
13:51:15.0892 3540 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:51:15.0892 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: b75e45c564e944a2657167d197ab29da
13:51:15.0908 3540 iaStorV ( LockedFile.Multi.Generic ) - warning
13:51:15.0908 3540 iaStorV - detected LockedFile.Multi.Generic (1)
13:51:16.0189 3540 igfx (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:51:16.0189 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: 37a65e3d89f6bbf5719ff9585f99eb7d
13:51:16.0235 3540 igfx ( LockedFile.Multi.Generic ) - warning
13:51:16.0235 3540 igfx - detected LockedFile.Multi.Generic (1)
13:51:16.0282 3540 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:51:16.0282 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5c18831c61933628f5bb0ea2675b9d21
13:51:16.0298 3540 iirsp ( LockedFile.Multi.Generic ) - warning
13:51:16.0298 3540 iirsp - detected LockedFile.Multi.Generic (1)
13:51:16.0454 3540 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
13:51:16.0454 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 9aa6a93852e36fe76c3f7fc2904f3b01
13:51:16.0469 3540 IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
13:51:16.0469 3540 IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
13:51:16.0516 3540 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:51:16.0516 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelide.sys. md5: f00f20e70c6ec3aa366910083a0518aa
13:51:16.0532 3540 intelide ( LockedFile.Multi.Generic ) - warning
13:51:16.0532 3540 intelide - detected LockedFile.Multi.Generic (1)
13:51:16.0766 3540 intelkmd (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys
13:51:16.0766 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdpmd64.sys. md5: 37a65e3d89f6bbf5719ff9585f99eb7d
13:51:16.0797 3540 intelkmd ( LockedFile.Multi.Generic ) - warning
13:51:16.0797 3540 intelkmd - detected LockedFile.Multi.Generic (1)
13:51:16.0937 3540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:51:16.0937 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ada036632c664caa754079041cf1f8c1
13:51:16.0953 3540 intelppm ( LockedFile.Multi.Generic ) - warning
13:51:16.0953 3540 intelppm - detected LockedFile.Multi.Generic (1)
13:51:17.0062 3540 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:51:17.0062 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722dd294df62483cecaae6e094b4d695
13:51:17.0078 3540 IpFilterDriver ( LockedFile.Multi.Generic ) - warning
13:51:17.0078 3540 IpFilterDriver - detected LockedFile.Multi.Generic (1)
13:51:17.0203 3540 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:51:17.0203 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: e2b4a4494db7cb9b89b55ca268c337c5
13:51:17.0203 3540 IPMIDRV ( LockedFile.Multi.Generic ) - warning
13:51:17.0203 3540 IPMIDRV - detected LockedFile.Multi.Generic (1)
13:51:17.0265 3540 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:51:17.0265 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: af9b39a7e7b6caa203b3862582e9f2d0
13:51:17.0265 3540 IPNAT ( LockedFile.Multi.Generic ) - warning
13:51:17.0265 3540 IPNAT - detected LockedFile.Multi.Generic (1)
13:51:17.0359 3540 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:51:17.0359 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3abf5e7213eb28966d55d58b515d5ce9
13:51:17.0374 3540 IRENUM ( LockedFile.Multi.Generic ) - warning
13:51:17.0374 3540 IRENUM - detected LockedFile.Multi.Generic (1)
13:51:17.0421 3540 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:51:17.0421 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2f7b28dc3e1183e5eb418df55c204f38
13:51:17.0421 3540 isapnp ( LockedFile.Multi.Generic ) - warning
13:51:17.0421 3540 isapnp - detected LockedFile.Multi.Generic (1)
13:51:17.0499 3540 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:51:17.0499 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: fa4d2557de56d45b0a346f93564be6e1
13:51:17.0499 3540 iScsiPrt ( LockedFile.Multi.Generic ) - warning
13:51:17.0499 3540 iScsiPrt - detected LockedFile.Multi.Generic (1)
13:51:17.0561 3540 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:51:17.0561 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: bc02336f1cba7dcc7d1213bb588a68a5
13:51:17.0577 3540 kbdclass ( LockedFile.Multi.Generic ) - warning
13:51:17.0577 3540 kbdclass - detected LockedFile.Multi.Generic (1)
13:51:17.0608 3540 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:51:17.0608 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6def98f8541e1b5dceb2c822a11f7323
13:51:17.0624 3540 kbdhid ( LockedFile.Multi.Generic ) - warning
13:51:17.0624 3540 kbdhid - detected LockedFile.Multi.Generic (1)
13:51:17.0717 3540 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:51:17.0717 3540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 16c1b906fc5ead84769f90b736b6bf0e
13:51:17.0733 3540 KSecDD ( LockedFile.Multi.Generic ) - warning
13:51:17.0733 3540 KSecDD - detected LockedFile.Multi.Generic (1)
13:51:17.0795 3540 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:51:17.0795 3540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 0b711550c56444879d71c7daabda6c83
13:51:17.0795 3540 KSecPkg ( LockedFile.Multi.Generic ) - warning
13:51:17.0795 3540 KSecPkg - detected LockedFile.Multi.Generic (1)
13:51:17.0858 3540 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:51:17.0858 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281e78cb31a43e969f06b57347c4
13:51:17.0873 3540 ksthunk ( LockedFile.Multi.Generic ) - warning
13:51:17.0873 3540 ksthunk - detected LockedFile.Multi.Generic (1)
13:51:17.0967 3540 L1C (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:51:17.0967 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\L1C62x64.sys. md5: 9c46a5421de9d116c47155317cabb522
13:51:17.0983 3540 L1C ( LockedFile.Multi.Generic ) - warning
13:51:17.0983 3540 L1C - detected LockedFile.Multi.Generic (1)
13:51:18.0045 3540 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
13:51:18.0045 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\L1E62x64.sys. md5: 2ac603c3188c704cfce353659aa7ad71
13:51:18.0061 3540 L1E ( LockedFile.Multi.Generic ) - warning
13:51:18.0061 3540 L1E - detected LockedFile.Multi.Generic (1)
13:51:18.0217 3540 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:51:18.0217 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831cf8ad2979a04c423779465827
13:51:18.0248 3540 lltdio ( LockedFile.Multi.Generic ) - warning
13:51:18.0248 3540 lltdio - detected LockedFile.Multi.Generic (1)
13:51:18.0373 3540 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:51:18.0373 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1a93e54eb0ece102495a51266dcdb6a6
13:51:18.0404 3540 LSI_FC ( LockedFile.Multi.Generic ) - warning
13:51:18.0404 3540 LSI_FC - detected LockedFile.Multi.Generic (1)
13:51:18.0451 3540 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:51:18.0451 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184a9fdc8bdbff857175875ee810
13:51:18.0451 3540 LSI_SAS ( LockedFile.Multi.Generic ) - warning
13:51:18.0451 3540 LSI_SAS - detected LockedFile.Multi.Generic (1)
13:51:18.0497 3540 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:51:18.0497 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30f5c0de1ee8b5bc9306c1f0e4a75f93
13:51:18.0513 3540 LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
13:51:18.0513 3540 LSI_SAS2 - detected LockedFile.Multi.Generic (1)
13:51:18.0560 3540 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:51:18.0560 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504eacaff0d3c8aed161c4b0d369d4a
13:51:18.0560 3540 LSI_SCSI ( LockedFile.Multi.Generic ) - warning
13:51:18.0560 3540 LSI_SCSI - detected LockedFile.Multi.Generic (1)
13:51:18.0607 3540 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:51:18.0607 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43d0f98e1d56ccddb0d5254cff7b356e
13:51:18.0638 3540 luafv ( LockedFile.Multi.Generic ) - warning
13:51:18.0638 3540 luafv - detected LockedFile.Multi.Generic (1)
13:51:18.0716 3540 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:51:18.0716 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: a55805f747c6edb6a9080d7c633bd0f4
13:51:18.0716 3540 megasas ( LockedFile.Multi.Generic ) - warning
13:51:18.0716 3540 megasas - detected LockedFile.Multi.Generic (1)
13:51:18.0778 3540 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:51:18.0778 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: baf74ce0072480c3b6b7c13b2a94d6b3
13:51:18.0809 3540 MegaSR ( LockedFile.Multi.Generic ) - warning
13:51:18.0809 3540 MegaSR - detected LockedFile.Multi.Generic (1)
13:51:18.0856 3540 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:51:18.0872 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800ba92f7010378b09f9ed9270f07137
13:51:18.0872 3540 Modem ( LockedFile.Multi.Generic ) - warning
13:51:18.0872 3540 Modem - detected LockedFile.Multi.Generic (1)
13:51:18.0934 3540 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:51:18.0934 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: b03d591dc7da45ece20b3b467e6aadaa
13:51:18.0934 3540 monitor ( LockedFile.Multi.Generic ) - warning
13:51:18.0934 3540 monitor - detected LockedFile.Multi.Generic (1)
13:51:18.0981 3540 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:51:18.0981 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7d27ea49f3c1f687d357e77a470aea99
13:51:18.0997 3540 mouclass ( LockedFile.Multi.Generic ) - warning
13:51:18.0997 3540 mouclass - detected LockedFile.Multi.Generic (1)
13:51:19.0043 3540 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:51:19.0043 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: d3bf052c40b0c4166d9fd86a4288c1e6
13:51:19.0059 3540 mouhid ( LockedFile.Multi.Generic ) - warning
13:51:19.0059 3540 mouhid - detected LockedFile.Multi.Generic (1)
13:51:19.0121 3540 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:51:19.0121 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 791af66c4d0e7c90a3646066386fb571
13:51:19.0153 3540 mountmgr ( LockedFile.Multi.Generic ) - warning
13:51:19.0153 3540 mountmgr - detected LockedFile.Multi.Generic (1)
13:51:19.0184 3540 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:51:19.0184 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609d1d87649ecc19796f4d76d4c15cea
13:51:19.0199 3540 mpio ( LockedFile.Multi.Generic ) - warning
13:51:19.0199 3540 mpio - detected LockedFile.Multi.Generic (1)
13:51:19.0246 3540 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:51:19.0246 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6c38c9e45ae0ea2fa5e551f2ed5e978f
13:51:19.0246 3540 mpsdrv ( LockedFile.Multi.Generic ) - warning
13:51:19.0246 3540 mpsdrv - detected LockedFile.Multi.Generic (1)
13:51:19.0371 3540 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:51:19.0371 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261bb51d96d6fcbac20c810183c
13:51:19.0387 3540 MRxDAV ( LockedFile.Multi.Generic ) - warning
13:51:19.0387 3540 MRxDAV - detected LockedFile.Multi.Generic (1)
13:51:19.0480 3540 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:51:19.0480 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 040d62a9d8ad28922632137acdd984f2
13:51:19.0496 3540 mrxsmb ( LockedFile.Multi.Generic ) - warning
13:51:19.0496 3540 mrxsmb - detected LockedFile.Multi.Generic (1)
13:51:19.0558 3540 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:51:19.0558 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: f0067552f8f9b33d7c59403ab808a3cb
13:51:19.0589 3540 mrxsmb10 ( LockedFile.Multi.Generic ) - warning
13:51:19.0589 3540 mrxsmb10 - detected LockedFile.Multi.Generic (1)
13:51:19.0652 3540 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:51:19.0652 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 3c142d31de9f2f193218a53fe2632051
13:51:19.0667 3540 mrxsmb20 ( LockedFile.Multi.Generic ) - warning
13:51:19.0667 3540 mrxsmb20 - detected LockedFile.Multi.Generic (1)
13:51:19.0730 3540 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:51:19.0730 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5c37497276e3b3a5488b23a326a754b7
13:51:19.0745 3540 msahci ( LockedFile.Multi.Generic ) - warning
13:51:19.0745 3540 msahci - detected LockedFile.Multi.Generic (1)
13:51:19.0792 3540 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:51:19.0792 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8d27b597229aed79430fb9db3bcbfbd0
13:51:19.0808 3540 msdsm ( LockedFile.Multi.Generic ) - warning
13:51:19.0808 3540 msdsm - detected LockedFile.Multi.Generic (1)
13:51:19.0964 3540 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:51:19.0964 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: aa3fb40e17ce1388fa1bedab50ea8f96
13:51:19.0979 3540 Msfs ( LockedFile.Multi.Generic ) - warning
13:51:19.0979 3540 Msfs - detected LockedFile.Multi.Generic (1)
13:51:20.0026 3540 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:51:20.0026 3540 Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: f9d215a46a8b9753f61767fa72a20326
13:51:20.0042 3540 mshidkmdf ( LockedFile.Multi.Generic ) - warning
13:51:20.0042 3540 mshidkmdf - detected LockedFile.Multi.Generic (1)
13:51:20.0089 3540 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:51:20.0089 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: d916874bbd4f8b07bfb7fa9b3ccae29d
13:51:20.0104 3540 msisadrv ( LockedFile.Multi.Generic ) - warning
13:51:20.0104 3540 msisadrv - detected LockedFile.Multi.Generic (1)
13:51:20.0260 3540 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:51:20.0260 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49ccf2c4fea34ffad8b1b59d49439366
13:51:20.0276 3540 MSKSSRV ( LockedFile.Multi.Generic ) - warning
13:51:20.0276 3540 MSKSSRV - detected LockedFile.Multi.Generic (1)
13:51:20.0323 3540 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:51:20.0323 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: bdd71ace35a232104ddd349ee70e1ab3
13:51:20.0338 3540 MSPCLOCK ( LockedFile.Multi.Generic ) - warning
13:51:20.0338 3540 MSPCLOCK - detected LockedFile.Multi.Generic (1)
13:51:20.0369 3540 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:51:20.0369 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ed981241db27c3383d72092b618a1d0
13:51:20.0385 3540 MSPQM ( LockedFile.Multi.Generic ) - warning
13:51:20.0385 3540 MSPQM - detected LockedFile.Multi.Generic (1)
13:51:20.0432 3540 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:51:20.0432 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 89cb141aa8616d8c6a4610fa26c60964
13:51:20.0447 3540 MsRPC ( LockedFile.Multi.Generic ) - warning
13:51:20.0447 3540 MsRPC - detected LockedFile.Multi.Generic (1)
13:51:20.0510 3540 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:51:20.0510 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0eed230e37515a0eaee3c2e1bc97b288
13:51:20.0525 3540 mssmbios ( LockedFile.Multi.Generic ) - warning
13:51:20.0525 3540 mssmbios - detected LockedFile.Multi.Generic (1)
13:51:20.0588 3540 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:51:20.0588 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2e66f9ecb30b4221a318c92ac2250779
13:51:20.0619 3540 MSTEE ( LockedFile.Multi.Generic ) - warning
13:51:20.0619 3540 MSTEE - detected LockedFile.Multi.Generic (1)
13:51:20.0666 3540 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:51:20.0666 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7ea404308934e675bffde8edf0757bcd
13:51:20.0666 3540 MTConfig ( LockedFile.Multi.Generic ) - warning
13:51:20.0666 3540 MTConfig - detected LockedFile.Multi.Generic (1)
13:51:20.0728 3540 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:51:20.0728 3540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: f9a18612fd3526fe473c1bda678d61c8
13:51:20.0744 3540 Mup ( LockedFile.Multi.Generic ) - warning
13:51:20.0744 3540 Mup - detected LockedFile.Multi.Generic (1)
13:51:20.0806 3540 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
13:51:20.0806 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mwlPSDFilter.sys. md5: 6ffecc25b39dc7652a0cec0ada9db589
13:51:20.0822 3540 mwlPSDFilter ( LockedFile.Multi.Generic ) - warning
13:51:20.0822 3540 mwlPSDFilter - detected LockedFile.Multi.Generic (1)
13:51:20.0869 3540 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
13:51:20.0869 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mwlPSDNServ.sys. md5: 0befe32ca56d6ee89d58175725596a85
13:51:20.0884 3540 mwlPSDNServ ( LockedFile.Multi.Generic ) - warning
13:51:20.0884 3540 mwlPSDNServ - detected LockedFile.Multi.Generic (1)
13:51:20.0915 3540 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
13:51:20.0915 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys. md5: d43bc633b8660463e446e28e14a51262
13:51:20.0931 3540 mwlPSDVDisk ( LockedFile.Multi.Generic ) - warning
13:51:20.0931 3540 mwlPSDVDisk - detected LockedFile.Multi.Generic (1)
13:51:21.0103 3540 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:51:21.0103 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nwifi.sys. md5: 1ea3749c4114db3e3161156ffffa6b33
13:51:21.0134 3540 NativeWifiP ( LockedFile.Multi.Generic ) - warning
13:51:21.0134 3540 NativeWifiP - detected LockedFile.Multi.Generic (1)
13:51:21.0274 3540 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:51:21.0274 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\ndis.sys. md5: cad515dbd07d082bb317d9928ce8962c
13:51:21.0305 3540 NDIS ( LockedFile.Multi.Generic ) - warning
13:51:21.0305 3540 NDIS - detected LockedFile.Multi.Generic (1)
13:51:21.0352 3540 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:51:21.0352 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiscap.sys. md5: 9f9a1f53aad7da4d6fef5bb73ab811ac
13:51:21.0368 3540 NdisCap ( LockedFile.Multi.Generic ) - warning
13:51:21.0368 3540 NdisCap - detected LockedFile.Multi.Generic (1)
13:51:21.0415 3540 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:51:21.0415 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndistapi.sys. md5: 30639c932d9fef22b31268fe25a1b6e5
13:51:21.0430 3540 NdisTapi ( LockedFile.Multi.Generic ) - warning
13:51:21.0430 3540 NdisTapi - detected LockedFile.Multi.Generic (1)
13:51:21.0477 3540 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:51:21.0477 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndisuio.sys. md5: f105ba1e22bf1f2ee8f005d4305e4bec
13:51:21.0477 3540 Ndisuio ( LockedFile.Multi.Generic ) - warning
13:51:21.0477 3540 Ndisuio - detected LockedFile.Multi.Generic (1)
13:51:21.0524 3540 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:51:21.0539 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ndiswan.sys. md5: 557dfab9ca1fcb036ac77564c010dad3
13:51:21.0555 3540 NdisWan ( LockedFile.Multi.Generic ) - warning
13:51:21.0555 3540 NdisWan - detected LockedFile.Multi.Generic (1)
13:51:21.0586 3540 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:51:21.0586 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 659b74fb74b86228d6338d643cd3e3cf
13:51:21.0602 3540 NDProxy ( LockedFile.Multi.Generic ) - warning
13:51:21.0602 3540 NDProxy - detected LockedFile.Multi.Generic (1)
13:51:21.0649 3540 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:51:21.0649 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbios.sys. md5: 86743d9f5d2b1048062b14b1d84501c4
13:51:21.0664 3540 NetBIOS ( LockedFile.Multi.Generic ) - warning
13:51:21.0664 3540 NetBIOS - detected LockedFile.Multi.Generic (1)
13:51:21.0789 3540 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:51:21.0789 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\netbt.sys. md5: 9162b273a44ab9dce5b44362731d062a
13:51:21.0836 3540 NetBT ( LockedFile.Multi.Generic ) - warning
13:51:21.0836 3540 NetBT - detected LockedFile.Multi.Generic (1)
13:51:22.0241 3540 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:51:22.0241 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NETw5s64.sys. md5: 4d85a450edef10c38882182753a49aae
13:51:22.0304 3540 NETw5s64 ( LockedFile.Multi.Generic ) - warning
13:51:22.0304 3540 NETw5s64 - detected LockedFile.Multi.Generic (1)
13:51:22.0366 3540 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:51:22.0366 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nfrd960.sys. md5: 77889813be4d166cdab78ddba990da92
13:51:22.0366 3540 nfrd960 ( LockedFile.Multi.Generic ) - warning
13:51:22.0366 3540 nfrd960 - detected LockedFile.Multi.Generic (1)
13:51:22.0460 3540 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:51:22.0460 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1e4c4ab5c9b8dd13179bbdc75a2a01f7
13:51:22.0475 3540 Npfs ( LockedFile.Multi.Generic ) - warning
13:51:22.0475 3540 Npfs - detected LockedFile.Multi.Generic (1)
13:51:22.0538 3540 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:51:22.0538 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\nsiproxy.sys. md5: e7f5ae18af4168178a642a9247c63001
13:51:22.0553 3540 nsiproxy ( LockedFile.Multi.Generic ) - warning
13:51:22.0553 3540 nsiproxy - detected LockedFile.Multi.Generic (1)
13:51:22.0694 3540 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:51:22.0694 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: 378e0e0dfea67d98ae6ea53adbbd76bc
13:51:22.0725 3540 Ntfs ( LockedFile.Multi.Generic ) - warning
13:51:22.0725 3540 Ntfs - detected LockedFile.Multi.Generic (1)
13:51:22.0865 3540 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
13:51:22.0865 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\NTIDrvr.sys. md5: 64ddd0dee976302f4bd93e5efcc2f013
13:51:22.0865 3540 NTIDrvr ( LockedFile.Multi.Generic ) - warning
13:51:22.0865 3540 NTIDrvr - detected LockedFile.Multi.Generic (1)
13:51:22.0959 3540 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:51:22.0959 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589f75fa8724ff3d16aed75c1
13:51:22.0975 3540 Null ( LockedFile.Multi.Generic ) - warning
13:51:22.0975 3540 Null - detected LockedFile.Multi.Generic (1)
13:51:23.0037 3540 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
13:51:23.0037 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvraid.sys. md5: a4d9c9a608a97f59307c2f2600edc6a4
13:51:23.0053 3540 nvraid ( LockedFile.Multi.Generic ) - warning
13:51:23.0053 3540 nvraid - detected LockedFile.Multi.Generic (1)
13:51:23.0115 3540 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
13:51:23.0115 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\nvstor.sys. md5: 6c1d5f70e7a6a3fd1c90d840edc048b9
13:51:23.0115 3540 nvstor ( LockedFile.Multi.Generic ) - warning
13:51:23.0115 3540 nvstor - detected LockedFile.Multi.Generic (1)
13:51:23.0177 3540 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:51:23.0177 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\nv_agp.sys. md5: 270d7cd42d6e3979f6dd0146650f0e05
13:51:23.0209 3540 nv_agp ( LockedFile.Multi.Generic ) - warning
13:51:23.0209 3540 nv_agp - detected LockedFile.Multi.Generic (1)
13:51:23.0287 3540 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:51:23.0287 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478e4b22ce21b41fa1bfc0b8b8a0
13:51:23.0302 3540 ohci1394 ( LockedFile.Multi.Generic ) - warning
13:51:23.0302 3540 ohci1394 - detected LockedFile.Multi.Generic (1)
13:51:23.0489 3540 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:51:23.0489 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431c29c35be1dbc43f52cc273887
13:51:23.0505 3540 Parport ( LockedFile.Multi.Generic ) - warning
13:51:23.0505 3540 Parport - detected LockedFile.Multi.Generic (1)
13:51:23.0567 3540 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:51:23.0567 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: 7daa117143316c4a1537e074a5a9eaf0
13:51:23.0567 3540 partmgr ( LockedFile.Multi.Generic ) - warning
13:51:23.0567 3540 partmgr - detected LockedFile.Multi.Generic (1)
13:51:23.0692 3540 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:51:23.0692 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pci.sys. md5: f36f6504009f2fb0dfd1b17a116ad74b
13:51:23.0708 3540 pci ( LockedFile.Multi.Generic ) - warning
13:51:23.0708 3540 pci - detected LockedFile.Multi.Generic (1)
13:51:23.0801 3540 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:51:23.0801 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pciide.sys. md5: b5b8b5ef2e5cb34df8dcf8831e3534fa
13:51:23.0801 3540 pciide ( LockedFile.Multi.Generic ) - warning
13:51:23.0801 3540 pciide - detected LockedFile.Multi.Generic (1)
13:51:23.0848 3540 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:51:23.0848 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: b2e81d4e87ce48589f98cb8c05b01f2f
13:51:23.0864 3540 pcmcia ( LockedFile.Multi.Generic ) - warning
13:51:23.0864 3540 pcmcia - detected LockedFile.Multi.Generic (1)
13:51:23.0911 3540 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:51:23.0911 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: d6b9c2e1a11a3a4b26a182ffef18f603
13:51:23.0926 3540 pcw ( LockedFile.Multi.Generic ) - warning
13:51:23.0926 3540 pcw - detected LockedFile.Multi.Generic (1)
13:51:24.0004 3540 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:51:24.0004 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769c3356b3be5d1c732c97b9a80d6e
13:51:24.0004 3540 PEAUTH ( LockedFile.Multi.Generic ) - warning
13:51:24.0004 3540 PEAUTH - detected LockedFile.Multi.Generic (1)
13:51:24.0347 3540 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
13:51:24.0347 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\point64.sys. md5: b23f79e41e30ed500586151a9ef27d8f
13:51:24.0363 3540 Point64 ( LockedFile.Multi.Generic ) - warning
13:51:24.0363 3540 Point64 - detected LockedFile.Multi.Generic (1)
13:51:24.0503 3540 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:51:24.0503 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspptp.sys. md5: 27cc19e81ba5e3403c48302127bda717
13:51:24.0503 3540 PptpMiniport ( LockedFile.Multi.Generic ) - warning
13:51:24.0503 3540 PptpMiniport - detected LockedFile.Multi.Generic (1)
13:51:24.0550 3540 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:51:24.0550 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0d922e23c041efb1c3fac2a6f943c9bf
13:51:24.0566 3540 Processor ( LockedFile.Multi.Generic ) - warning
13:51:24.0566 3540 Processor - detected LockedFile.Multi.Generic (1)
13:51:24.0722 3540 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:51:24.0722 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: ee992183bd8eaefd9973f352e587a299
13:51:24.0737 3540 Psched ( LockedFile.Multi.Generic ) - warning
13:51:24.0737 3540 Psched - detected LockedFile.Multi.Generic (1)
13:51:24.0862 3540 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:51:24.0862 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: a53a15a11ebfd21077463ee2c7afeef0
13:51:24.0893 3540 ql2300 ( LockedFile.Multi.Generic ) - warning
13:51:24.0893 3540 ql2300 - detected LockedFile.Multi.Generic (1)
13:51:24.0940 3540 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:51:24.0940 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4f6d12b51de1aaeff7dc58c4d75423c8
13:51:24.0956 3540 ql40xx ( LockedFile.Multi.Generic ) - warning
13:51:24.0956 3540 ql40xx - detected LockedFile.Multi.Generic (1)
13:51:25.0034 3540 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:51:25.0034 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707bb36430888d9ce9d705398adb6c
13:51:25.0065 3540 QWAVEdrv ( LockedFile.Multi.Generic ) - warning
13:51:25.0065 3540 QWAVEdrv - detected LockedFile.Multi.Generic (1)
13:51:25.0096 3540 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:51:25.0096 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasacd.sys. md5: 5a0da8ad5762fa2d91678a8a01311704
13:51:25.0112 3540 RasAcd ( LockedFile.Multi.Generic ) - warning
13:51:25.0112 3540 RasAcd - detected LockedFile.Multi.Generic (1)
13:51:25.0159 3540 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:51:25.0159 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ecff9b22276b73f43a99a15a6094e90
13:51:25.0159 3540 RasAgileVpn ( LockedFile.Multi.Generic ) - warning
13:51:25.0159 3540 RasAgileVpn - detected LockedFile.Multi.Generic (1)
13:51:25.0252 3540 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:51:25.0252 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rasl2tp.sys. md5: 87a6e852a22991580d6d39adc4790463
13:51:25.0252 3540 Rasl2tp ( LockedFile.Multi.Generic ) - warning
13:51:25.0252 3540 Rasl2tp - detected LockedFile.Multi.Generic (1)
13:51:25.0315 3540 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:51:25.0315 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\raspppoe.sys. md5: 855c9b1cd4756c5e9a2aa58a15f58c25
13:51:25.0330 3540 RasPppoe ( LockedFile.Multi.Generic ) - warning
13:51:25.0330 3540 RasPppoe - detected LockedFile.Multi.Generic (1)
13:51:25.0361 3540 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:51:25.0361 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rassstp.sys. md5: e8b1e447b008d07ff47d016c2b0eeecb
13:51:25.0377 3540 RasSstp ( LockedFile.Multi.Generic ) - warning
13:51:25.0377 3540 RasSstp - detected LockedFile.Multi.Generic (1)
13:51:25.0424 3540 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:51:25.0424 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdbss.sys. md5: 3bac8142102c15d59a87757c1d41dce5
13:51:25.0439 3540 rdbss ( LockedFile.Multi.Generic ) - warning
13:51:25.0439 3540 rdbss - detected LockedFile.Multi.Generic (1)
13:51:25.0533 3540 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:51:25.0533 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rdpbus.sys. md5: 302da2a0539f2cf54d7c6cc30c1f2d8d
13:51:25.0549 3540 rdpbus ( LockedFile.Multi.Generic ) - warning
13:51:25.0549 3540 rdpbus - detected LockedFile.Multi.Generic (1)
13:51:25.0611 3540 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:51:25.0611 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: cea6cc257fc9b7715f1c2b4849286d24
13:51:25.0627 3540 RDPCDD ( LockedFile.Multi.Generic ) - warning
13:51:25.0627 3540 RDPCDD - detected LockedFile.Multi.Generic (1)
13:51:25.0689 3540 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:51:25.0689 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdpencdd.sys. md5: bb5971a4f00659529a5c44831af22365
13:51:25.0705 3540 RDPENCDD ( LockedFile.Multi.Generic ) - warning
13:51:25.0705 3540 RDPENCDD - detected LockedFile.Multi.Generic (1)
13:51:25.0767 3540 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:51:25.0767 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdprefmp.sys. md5: 216f3fa57533d98e1f74ded70113177a
13:51:25.0783 3540 RDPREFMP ( LockedFile.Multi.Generic ) - warning
13:51:25.0783 3540 RDPREFMP - detected LockedFile.Multi.Generic (1)
13:51:25.0814 3540 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:51:25.0814 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: 8a3e6bea1c53ea6177fe2b6eba2c80d7
13:51:25.0829 3540 RDPWD ( LockedFile.Multi.Generic ) - warning
13:51:25.0829 3540 RDPWD - detected LockedFile.Multi.Generic (1)
13:51:25.0892 3540 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:51:25.0892 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\rdyboost.sys. md5: 634b9a2181d98f15941236886164ec8b
13:51:25.0939 3540 rdyboost ( LockedFile.Multi.Generic ) - warning
13:51:25.0939 3540 rdyboost - detected LockedFile.Multi.Generic (1)
13:51:26.0188 3540 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:51:26.0188 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\rspndr.sys. md5: ddc86e4f8e7456261e637e3552e804ff
13:51:26.0204 3540 rspndr ( LockedFile.Multi.Generic ) - warning
13:51:26.0204 3540 rspndr - detected LockedFile.Multi.Generic (1)
13:51:26.0282 3540 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
13:51:26.0282 3540 Suspicious file (NoAccess): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 2db8116d52b19216812c4e6d5d837810
13:51:26.0313 3540 RSUSBSTOR ( LockedFile.Multi.Generic ) - warning
13:51:26.0313 3540 RSUSBSTOR - detected LockedFile.Multi.Generic (1)
13:51:26.0407 3540 RtsUIR - ok
13:51:26.0531 3540 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:51:26.0531 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: e3bbb89983daf5622c1d50cf49f28227
13:51:26.0547 3540 sbp2port ( LockedFile.Multi.Generic ) - warning
13:51:26.0547 3540 sbp2port - detected LockedFile.Multi.Generic (1)
13:51:26.0625 3540 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:51:26.0625 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: c94da20c7e3ba1dca269bc8460d98387
13:51:26.0641 3540 scfilter ( LockedFile.Multi.Generic ) - warning
13:51:26.0641 3540 scfilter - detected LockedFile.Multi.Generic (1)
13:51:26.0797 3540 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:51:26.0797 3540 Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3ea8a16169c26afbeb544e0e48421186
13:51:26.0812 3540 secdrv ( LockedFile.Multi.Generic ) - warning
13:51:26.0812 3540 secdrv - detected LockedFile.Multi.Generic (1)
13:51:26.0953 3540 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:51:26.0953 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: cb624c0035412af0debec78c41f5ca1b
13:51:26.0953 3540 Serenum ( LockedFile.Multi.Generic ) - warning
13:51:26.0953 3540 Serenum - detected LockedFile.Multi.Generic (1)
13:51:26.0999 3540 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:51:26.0999 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: c1d8e28b2c2adfaec4ba89e9fda69bd6
13:51:27.0015 3540 Serial ( LockedFile.Multi.Generic ) - warning
13:51:27.0015 3540 Serial - detected LockedFile.Multi.Generic (1)
13:51:27.0077 3540 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:51:27.0077 3540 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1c545a7d0691cc4a027396535691
0
Réponse 39 / 47
Smart91 Messages postés 29097 Date d'inscription   Statut Contributeur sécurité Dernière intervention   2 328
 
Le rapport n'est pas complet. Comme il est trop long utilise pjjpont pour le poster.
Le rapport se trouve ici: C:\TDSSKiller.N°deversion_Date_Heure_log.txt

Super pour la protection temps réel d'Antivir.
Est-ce que pour Windows update c'est OK ?

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0
Réponse 40 / 47
Jicé
 
http://pjjoint.malekal.com/files.php?id=20120217_n10b9w7d10v14
0