Infecté par : Win32:Alueron-RJ [Rtk]
Résolu
rocambolo
Messages postés
124
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour, depuis plusieur jours je suis infecté par: Win32:Alueron-RJ [Rtk]
C'est Avast qui me l'a signalé et "partiellement" éradiqué
"L'outil" (?) de Windows, après un scan minutieux, devait le supprimer totalement
Mais ce virus est toujours signalé que partiellement supprimé à l'issue de ce scan ainsi que dans Avast (quarantaine)
Cependant mon PC fonctionne "correctement" depuis cette sppression partielle
Que faire pour éradiquer totalement ce virus ?
merci ...
C'est Avast qui me l'a signalé et "partiellement" éradiqué
"L'outil" (?) de Windows, après un scan minutieux, devait le supprimer totalement
Mais ce virus est toujours signalé que partiellement supprimé à l'issue de ce scan ainsi que dans Avast (quarantaine)
Cependant mon PC fonctionne "correctement" depuis cette sppression partielle
Que faire pour éradiquer totalement ce virus ?
merci ...
A voir également:
- Infecté par : Win32:Alueron-RJ [Rtk]
- Alerte windows ordinateur infecté - Accueil - Arnaque
- L'ordinateur de samantha a ete infecte par un virus - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment ✓ - Forum Virus
- Infecté par url blacklist - Forum Virus
- Infection par : ONLYPC Flow.co.in ✓ - Forum Virus
41 réponses
Ok, je vais vérifier et .... chercher
Je reviens sur le forum et vers vous le mardi 28 aout
Merci
Bonne soirée
Je reviens sur le forum et vers vous le mardi 28 aout
Merci
Bonne soirée
Bonjour, je reviens vers vous, mon PC 10" avec Windows7 Starter est toujours infesté, j'ai toujours l'ouverture de fenetres intempestives en connexion.
j'ai téléchargé et "installé" une version du Pack SP1 : Win7SP1.7601.17514.101119.1850.IA64CHK.Symbols
Suite à l'installation, j'ai, sur mon disque D (2ième partition) un dossier: Symbols
Dans ce dossier j'ai 3721 fichiers au format .pdb
Suite à "l'installation du dit Pack1" les fenêtres intempestives sont toujours là
Je suis à votre écoute pour la suite
Merci
j'ai téléchargé et "installé" une version du Pack SP1 : Win7SP1.7601.17514.101119.1850.IA64CHK.Symbols
Suite à l'installation, j'ai, sur mon disque D (2ième partition) un dossier: Symbols
Dans ce dossier j'ai 3721 fichiers au format .pdb
Suite à "l'installation du dit Pack1" les fenêtres intempestives sont toujours là
Je suis à votre écoute pour la suite
Merci
re
desinstalle snagIt Toolbar
desinstalle Bing Bar
==
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
C:\windows\System32\msasn1.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
==
supprime ces deux fichiers :
C:\windows\System32\Tasks\{E885B3E6-019A-4081-81FB-70416D2DCC82}
C:\windows\System32\Tasks\{EE77B18B-553D-49E1-9943-D2154A644613}
==
Télécharge et enregistre ADWcleaner sur ton bureau :
ADWCleaner (Merci à Xplode)
Lance le,
(Pour vista et seven => clic droit "executer en tant qu'administrateur")
clique sur suppression et poste son rapport.
==
▶ Télécharge : Gmer (by Przemyslaw Gmerek) clique sur "Download EXE" et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
desinstalle snagIt Toolbar
desinstalle Bing Bar
==
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :
C:\windows\System32\msasn1.dll
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.
==
supprime ces deux fichiers :
C:\windows\System32\Tasks\{E885B3E6-019A-4081-81FB-70416D2DCC82}
C:\windows\System32\Tasks\{EE77B18B-553D-49E1-9943-D2154A644613}
==
Télécharge et enregistre ADWcleaner sur ton bureau :
ADWCleaner (Merci à Xplode)
Lance le,
(Pour vista et seven => clic droit "executer en tant qu'administrateur")
clique sur suppression et poste son rapport.
==
▶ Télécharge : Gmer (by Przemyslaw Gmerek) clique sur "Download EXE" et enregistre-le sur ton bureau
Desactive toutes tes protections le temps du scan de gMer
Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "executer en tant que...."
▶ clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.
▶ Les lignes rouges indiquent la presence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans demarrer ,puis ouvres le bloc note,vas dans edition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon soir, à part SnagIt Toolbar que je n'ai pas pu désinstaller car iln'était pas sur mon ordi, j'ai suivi toutes les directives indiquées:
a) j'ai désinstallé "Bing Bar
b) j'ai utilisé Virus Total et voici le lien de l'analyse:
https://www.virustotal.com/gui/file/e84fb3d045cf0250c3de3c39248639d38625fcc31ac16b65bfac0d3245ff8feb/analysis/
c) j'ai supprimé les 2 fichiers indiqués du dossier "Tasks"
d) voici le rapport de ADWCleaner:
# AdwCleaner v1.801 - Rapport créé le 28/08/2012 à 22:10:39
# Mis à jour le 14/08/2012 par Xplode
# Système d'exploitation : Windows 7 Starter (32 bits)
# Nom d'utilisateur : Jean Claude - JICESAMSUNG
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Jean Claude\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
***** [Registre] *****
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
***** [Registre - GUID] *****
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v14.0.1 (fr)
Nom du profil : default
Fichier : C:\Users\Jean Claude\AppData\Roaming\Mozilla\Firefox\Profiles\n4rophn3.default\prefs.js
C:\Users\Jean Claude\AppData\Roaming\Mozilla\Firefox\Profiles\n4rophn3.default\user.js ... Supprimé !
[OK] Le fichier ne contient aucune entrée illégitime.
-\\ Google Chrome v21.0.1180.83
Fichier : C:\Users\Jean Claude\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Le fichier ne contient aucune entrée illégitime.
*************************
AdwCleaner[S1].txt - [1177 octets] - [28/08/2012 22:10:39]
########## EOF - C:\AdwCleaner[S1].txt - [1305 octets] ##########
e) Voici le rapport de Gmer :
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-28 23:17:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.ESBO
Running: s1hof9kq.exe; Driver: C:\Users\JEANCL~1\AppData\Local\Temp\kwrdrpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82C93599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.rsrc C:\windows\system32\DRIVERS\iaStor.sys entry point in ".rsrc" section [0x83AF0024]
? C:\windows\system32\DRIVERS\iaStor.sys suspicious PE modification
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 99793000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 99793123 629 Bytes [E5, 78, 99, FE, 05, 34, E5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 99793399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 997933FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 997934AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l'infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l'infrastructure de pilotes en mode noyau/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 85DBF6EC
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006b bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006d bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)
Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS543225A7A384_________________ESBOA60W#4&2c2488fd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Threads - GMER 1.0.15 ----
Thread System [4:1100] 997A0F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb115fe28
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1d2043e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb115fe28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1d2043e (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\windows\system32\DRIVERS\iaStor.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
f) Voilà ... tout a été fait ... J'attends vos observations et directives
Je dois vous signaler que je n'ai plus de fenêtres intempestives depuis, il me semble, la suppression de "Bing Bar
Comme il est tard, il me reste à vous dire bonne nuit et Merci.
a) j'ai désinstallé "Bing Bar
b) j'ai utilisé Virus Total et voici le lien de l'analyse:
https://www.virustotal.com/gui/file/e84fb3d045cf0250c3de3c39248639d38625fcc31ac16b65bfac0d3245ff8feb/analysis/
c) j'ai supprimé les 2 fichiers indiqués du dossier "Tasks"
d) voici le rapport de ADWCleaner:
# AdwCleaner v1.801 - Rapport créé le 28/08/2012 à 22:10:39
# Mis à jour le 14/08/2012 par Xplode
# Système d'exploitation : Windows 7 Starter (32 bits)
# Nom d'utilisateur : Jean Claude - JICESAMSUNG
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\Jean Claude\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
***** [Registre] *****
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
***** [Registre - GUID] *****
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v14.0.1 (fr)
Nom du profil : default
Fichier : C:\Users\Jean Claude\AppData\Roaming\Mozilla\Firefox\Profiles\n4rophn3.default\prefs.js
C:\Users\Jean Claude\AppData\Roaming\Mozilla\Firefox\Profiles\n4rophn3.default\user.js ... Supprimé !
[OK] Le fichier ne contient aucune entrée illégitime.
-\\ Google Chrome v21.0.1180.83
Fichier : C:\Users\Jean Claude\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Le fichier ne contient aucune entrée illégitime.
*************************
AdwCleaner[S1].txt - [1177 octets] - [28/08/2012 22:10:39]
########## EOF - C:\AdwCleaner[S1].txt - [1305 octets] ##########
e) Voici le rapport de Gmer :
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-28 23:17:36
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.ESBO
Running: s1hof9kq.exe; Driver: C:\Users\JEANCL~1\AppData\Local\Temp\kwrdrpow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 82C93599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB8092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.rsrc C:\windows\system32\DRIVERS\iaStor.sys entry point in ".rsrc" section [0x83AF0024]
? C:\windows\system32\DRIVERS\iaStor.sys suspicious PE modification
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 99793000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 99793123 629 Bytes [E5, 78, 99, FE, 05, 34, E5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 99793399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F 997933FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B 997934AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Runtime de l'infrastructure de pilotes en mode noyau/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Runtime de l'infrastructure de pilotes en mode noyau/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 85DBF6EC
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006b bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006d bthport.sys (Pilote de bus Bluetooth/Microsoft Corporation)
Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskHitachi_HTS543225A7A384_________________ESBOA60W#4&2c2488fd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Threads - GMER 1.0.15 ----
Thread System [4:1100] 997A0F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb115fe28
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb1d2043e
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb115fe28 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb1d2043e (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\windows\system32\DRIVERS\iaStor.sys suspicious modification; TDL3 <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
f) Voilà ... tout a été fait ... J'attends vos observations et directives
Je dois vous signaler que je n'ai plus de fenêtres intempestives depuis, il me semble, la suppression de "Bing Bar
Comme il est tard, il me reste à vous dire bonne nuit et Merci.
bonjour,
Deux mots pour vous dire que, tardivement, pour hier, et tôt, pour ce jour, je vous envoyé ma réponse aux instructions données
Vos observations et instructions ?
D'avance merci
Deux mots pour vous dire que, tardivement, pour hier, et tôt, pour ce jour, je vous envoyé ma réponse aux instructions données
Vos observations et instructions ?
D'avance merci
re
ah.....interessant cette nouvelle variante :)
==
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan"
Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
Si Rootkit.Win32.ZAccess.* est détecté règle sur "cure" en haut , et "delete" en bas
une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer
sinon , ferme tdssKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
ah.....interessant cette nouvelle variante :)
==
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan"
Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
Si Rootkit.Win32.ZAccess.* est détecté règle sur "cure" en haut , et "delete" en bas
une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer
sinon , ferme tdssKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
Nettoyage avec Reload TDSSKiller fait,
TDSS.tdl3 seul a été détecté, Cure était coché,
nettoyage, redémarrage .... et le rapport:
12:38:36.0592 1396 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:38:36.0732 1396 ============================================================
12:38:36.0732 1396 Current date / time: 2012/08/29 12:38:36.0732
12:38:36.0732 1396 SystemInfo:
12:38:36.0732 1396
12:38:36.0732 1396 OS Version: 6.1.7600 ServicePack: 0.0
12:38:36.0732 1396 Product type: Workstation
12:38:36.0732 1396 ComputerName: JICESAMSUNG
12:38:36.0732 1396 UserName: Jean Claude
12:38:36.0732 1396 Windows directory: C:\windows
12:38:36.0732 1396 System windows directory: C:\windows
12:38:36.0732 1396 Processor architecture: Intel x86
12:38:36.0732 1396 Number of processors: 4
12:38:36.0732 1396 Page size: 0x1000
12:38:36.0732 1396 Boot type: Normal boot
12:38:36.0732 1396 ============================================================
12:38:37.0668 1396 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:38:37.0684 1396 ============================================================
12:38:37.0684 1396 \Device\Harddisk0\DR0:
12:38:37.0684 1396 MBR partitions:
12:38:37.0684 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:38:37.0684 1396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAE00000
12:38:37.0700 1396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAE33000, BlocksNum 0x101A4000
12:38:37.0700 1396 ============================================================
12:38:37.0746 1396 C: <-> \Device\Harddisk0\DR0\Partition2
12:38:37.0778 1396 D: <-> \Device\Harddisk0\DR0\Partition3
12:38:37.0793 1396 ============================================================
12:38:37.0793 1396 Initialize success
12:38:37.0793 1396 ============================================================
12:38:43.0784 3364 ============================================================
12:38:43.0784 3364 Scan started
12:38:43.0784 3364 Mode: Manual;
12:38:43.0784 3364 ============================================================
12:38:44.0345 3364 ================ Scan system memory ========================
12:38:44.0345 3364 System memory - ok
12:38:44.0345 3364 ================ Scan services =============================
12:38:44.0642 3364 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
12:38:44.0642 3364 1394ohci - ok
12:38:44.0720 3364 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
12:38:44.0735 3364 ACPI - ok
12:38:44.0766 3364 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
12:38:44.0766 3364 AcpiPmi - ok
12:38:44.0844 3364 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
12:38:44.0844 3364 adp94xx - ok
12:38:44.0876 3364 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
12:38:44.0876 3364 adpahci - ok
12:38:44.0907 3364 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
12:38:44.0907 3364 adpu320 - ok
12:38:44.0954 3364 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
12:38:44.0954 3364 AeLookupSvc - ok
12:38:45.0000 3364 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
12:38:45.0016 3364 AFD - ok
12:38:45.0047 3364 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
12:38:45.0047 3364 agp440 - ok
12:38:45.0110 3364 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
12:38:45.0110 3364 aic78xx - ok
12:38:45.0172 3364 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
12:38:45.0172 3364 ALG - ok
12:38:45.0203 3364 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
12:38:45.0203 3364 aliide - ok
12:38:45.0234 3364 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
12:38:45.0234 3364 amdagp - ok
12:38:45.0281 3364 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
12:38:45.0281 3364 amdide - ok
12:38:45.0312 3364 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
12:38:45.0312 3364 AmdK8 - ok
12:38:45.0328 3364 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
12:38:45.0344 3364 AmdPPM - ok
12:38:45.0390 3364 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\windows\system32\drivers\amdsata.sys
12:38:45.0390 3364 amdsata - ok
12:38:45.0437 3364 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
12:38:45.0437 3364 amdsbs - ok
12:38:45.0468 3364 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\windows\system32\drivers\amdxata.sys
12:38:45.0468 3364 amdxata - ok
12:38:45.0500 3364 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
12:38:45.0500 3364 AppID - ok
12:38:45.0546 3364 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
12:38:45.0546 3364 AppIDSvc - ok
12:38:45.0562 3364 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
12:38:45.0578 3364 Appinfo - ok
12:38:45.0609 3364 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
12:38:45.0609 3364 arc - ok
12:38:45.0624 3364 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
12:38:45.0640 3364 arcsas - ok
12:38:45.0687 3364 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
12:38:45.0687 3364 AsyncMac - ok
12:38:45.0718 3364 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
12:38:45.0718 3364 atapi - ok
12:38:45.0780 3364 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:38:45.0796 3364 AudioEndpointBuilder - ok
12:38:45.0812 3364 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
12:38:45.0827 3364 Audiosrv - ok
12:38:45.0843 3364 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
12:38:45.0858 3364 AxInstSV - ok
12:38:45.0905 3364 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
12:38:45.0921 3364 b06bdrv - ok
12:38:45.0952 3364 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
12:38:45.0968 3364 b57nd60x - ok
12:38:46.0092 3364 [ 2A61F5C96032AFDB0A6171CC591472F7 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
12:38:46.0155 3364 BCM43XX - ok
12:38:46.0186 3364 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
12:38:46.0202 3364 BDESVC - ok
12:38:46.0248 3364 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
12:38:46.0248 3364 Beep - ok
12:38:46.0311 3364 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
12:38:46.0326 3364 BFE - ok
12:38:46.0389 3364 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\System32\qmgr.dll
12:38:46.0404 3364 BITS - ok
12:38:46.0436 3364 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
12:38:46.0436 3364 blbdrive - ok
12:38:46.0498 3364 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
12:38:46.0498 3364 bowser - ok
12:38:46.0514 3364 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
12:38:46.0514 3364 BrFiltLo - ok
12:38:46.0545 3364 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
12:38:46.0545 3364 BrFiltUp - ok
12:38:46.0592 3364 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\windows\System32\browser.dll
12:38:46.0592 3364 Browser - ok
12:38:46.0623 3364 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
12:38:46.0638 3364 Brserid - ok
12:38:46.0654 3364 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
12:38:46.0670 3364 BrSerWdm - ok
12:38:46.0701 3364 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
12:38:46.0701 3364 BrUsbMdm - ok
12:38:46.0732 3364 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
12:38:46.0732 3364 BrUsbSer - ok
12:38:46.0779 3364 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
12:38:46.0779 3364 BthEnum - ok
12:38:46.0810 3364 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
12:38:46.0810 3364 BTHMODEM - ok
12:38:46.0841 3364 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
12:38:46.0841 3364 BthPan - ok
12:38:46.0919 3364 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
12:38:46.0919 3364 BTHPORT - ok
12:38:46.0950 3364 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
12:38:46.0950 3364 bthserv - ok
12:38:46.0997 3364 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
12:38:46.0997 3364 BTHUSB - ok
12:38:47.0044 3364 [ 525432CFD6D8C004860AF7ECD0A84234 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
12:38:47.0060 3364 btwampfl - ok
12:38:47.0075 3364 [ CF8799A563F734984D4E053CACEC1426 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
12:38:47.0091 3364 btwaudio - ok
12:38:47.0122 3364 [ 9ED9932043D599AEA04F6EA2D86964A1 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
12:38:47.0122 3364 btwavdt - ok
12:38:47.0231 3364 [ 7778C6BCAFF58C0E876B307514923A48 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:38:47.0247 3364 btwdins - ok
12:38:47.0325 3364 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
12:38:47.0325 3364 btwl2cap - ok
12:38:47.0356 3364 [ 373D1BB0F7DC8F1931F9B7E0DE3E9A30 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
12:38:47.0356 3364 btwrchid - ok
12:38:47.0403 3364 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
12:38:47.0403 3364 cdfs - ok
12:38:47.0434 3364 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
12:38:47.0450 3364 cdrom - ok
12:38:47.0496 3364 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
12:38:47.0496 3364 CertPropSvc - ok
12:38:47.0543 3364 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
12:38:47.0543 3364 circlass - ok
12:38:47.0574 3364 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
12:38:47.0574 3364 CLFS - ok
12:38:47.0652 3364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:47.0652 3364 clr_optimization_v2.0.50727_32 - ok
12:38:47.0730 3364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:47.0746 3364 clr_optimization_v4.0.30319_32 - ok
12:38:47.0793 3364 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
12:38:47.0793 3364 CmBatt - ok
12:38:47.0808 3364 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
12:38:47.0808 3364 cmdide - ok
12:38:47.0855 3364 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\windows\system32\Drivers\cng.sys
12:38:47.0855 3364 CNG - ok
12:38:47.0902 3364 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
12:38:47.0902 3364 Compbatt - ok
12:38:47.0933 3364 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
12:38:47.0933 3364 CompositeBus - ok
12:38:47.0949 3364 COMSysApp - ok
12:38:47.0980 3364 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
12:38:47.0980 3364 crcdisk - ok
12:38:48.0027 3364 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\windows\system32\cryptsvc.dll
12:38:48.0027 3364 CryptSvc - ok
12:38:48.0074 3364 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
12:38:48.0105 3364 DcomLaunch - ok
12:38:48.0136 3364 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
12:38:48.0136 3364 defragsvc - ok
12:38:48.0183 3364 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
12:38:48.0183 3364 DfsC - ok
12:38:48.0230 3364 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
12:38:48.0245 3364 Dhcp - ok
12:38:48.0292 3364 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
12:38:48.0292 3364 discache - ok
12:38:48.0323 3364 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
12:38:48.0323 3364 Disk - ok
12:38:48.0354 3364 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
12:38:48.0354 3364 Dnscache - ok
12:38:48.0401 3364 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
12:38:48.0401 3364 dot3svc - ok
12:38:48.0417 3364 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
12:38:48.0432 3364 DPS - ok
12:38:48.0464 3364 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
12:38:48.0479 3364 drmkaud - ok
12:38:48.0526 3364 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
12:38:48.0526 3364 dtsoftbus01 - ok
12:38:48.0588 3364 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
12:38:48.0604 3364 DXGKrnl - ok
12:38:48.0635 3364 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
12:38:48.0635 3364 EapHost - ok
12:38:48.0760 3364 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
12:38:48.0807 3364 ebdrv - ok
12:38:48.0854 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe
12:38:48.0854 3364 EFS - ok
12:38:48.0916 3364 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
12:38:48.0932 3364 elxstor - ok
12:38:48.0963 3364 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
12:38:48.0963 3364 ErrDev - ok
12:38:49.0025 3364 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
12:38:49.0041 3364 EventSystem - ok
12:38:49.0072 3364 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
12:38:49.0072 3364 exfat - ok
12:38:49.0103 3364 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
12:38:49.0103 3364 fastfat - ok
12:38:49.0166 3364 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
12:38:49.0181 3364 Fax - ok
12:38:49.0212 3364 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
12:38:49.0212 3364 fdc - ok
12:38:49.0275 3364 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
12:38:49.0275 3364 fdPHost - ok
12:38:49.0290 3364 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
12:38:49.0306 3364 FDResPub - ok
12:38:49.0337 3364 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
12:38:49.0337 3364 FileInfo - ok
12:38:49.0368 3364 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
12:38:49.0384 3364 Filetrace - ok
12:38:49.0415 3364 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
12:38:49.0431 3364 flpydisk - ok
12:38:49.0462 3364 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
12:38:49.0462 3364 FltMgr - ok
12:38:49.0524 3364 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\windows\system32\FntCache.dll
12:38:49.0540 3364 FontCache - ok
12:38:49.0602 3364 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:38:49.0602 3364 FontCache3.0.0.0 - ok
12:38:49.0634 3364 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
12:38:49.0649 3364 FsDepends - ok
12:38:49.0680 3364 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
12:38:49.0696 3364 Fs_Rec - ok
12:38:49.0743 3364 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
12:38:49.0743 3364 fvevol - ok
12:38:49.0805 3364 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
12:38:49.0821 3364 gagp30kx - ok
12:38:49.0883 3364 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
12:38:49.0883 3364 gpsvc - ok
12:38:49.0977 3364 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:38:49.0977 3364 gupdate - ok
12:38:49.0992 3364 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:38:49.0992 3364 gupdatem - ok
12:38:50.0024 3364 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
12:38:50.0024 3364 hcw85cir - ok
12:38:50.0070 3364 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:38:50.0086 3364 HdAudAddService - ok
12:38:50.0117 3364 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
12:38:50.0117 3364 HDAudBus - ok
12:38:50.0148 3364 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
12:38:50.0148 3364 HidBatt - ok
12:38:50.0195 3364 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
12:38:50.0195 3364 HidBth - ok
12:38:50.0211 3364 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
12:38:50.0226 3364 HidIr - ok
12:38:50.0258 3364 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
12:38:50.0273 3364 hidserv - ok
12:38:50.0304 3364 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
12:38:50.0304 3364 HidUsb - ok
12:38:50.0351 3364 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
12:38:50.0351 3364 hkmsvc - ok
12:38:50.0382 3364 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:38:50.0382 3364 HomeGroupListener - ok
12:38:50.0414 3364 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:38:50.0429 3364 HomeGroupProvider - ok
12:38:50.0460 3364 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
12:38:50.0460 3364 HpSAMD - ok
12:38:50.0507 3364 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
12:38:50.0523 3364 HTTP - ok
12:38:50.0538 3364 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
12:38:50.0538 3364 hwpolicy - ok
12:38:50.0570 3364 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
12:38:50.0570 3364 i8042prt - ok
12:38:50.0616 3364 [ D6F99F0C27C2A605C33B488EA057D81B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
12:38:50.0632 3364 Suspicious file (Forged): C:\windows\system32\DRIVERS\iaStor.sys. Real md5: D6F99F0C27C2A605C33B488EA057D81B, Fake md5: D483687EACE0C065EE772481A96E05F5
12:38:50.0632 3364 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - infected
12:38:50.0632 3364 iaStor - detected Rootkit.Win32.TDSS.tdl3 (0)
12:38:50.0663 3364 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
12:38:50.0679 3364 iaStorV - ok
12:38:50.0757 3364 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:38:50.0772 3364 idsvc - ok
12:38:51.0006 3364 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
12:38:51.0147 3364 igfx - ok
12:38:51.0194 3364 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
12:38:51.0194 3364 iirsp - ok
12:38:51.0240 3364 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
12:38:51.0256 3364 IKEEXT - ok
12:38:51.0396 3364 [ 8C92829CCAE93139B90C46389FBEF4CF ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
12:38:51.0490 3364 IntcAzAudAddService - ok
12:38:51.0521 3364 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
12:38:51.0521 3364 intelide - ok
12:38:51.0552 3364 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
12:38:51.0568 3364 intelppm - ok
12:38:51.0599 3364 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
12:38:51.0599 3364 IPBusEnum - ok
12:38:51.0630 3364 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
12:38:51.0630 3364 IpFilterDriver - ok
12:38:51.0677 3364 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
12:38:51.0708 3364 iphlpsvc - ok
12:38:51.0740 3364 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
12:38:51.0755 3364 IPMIDRV - ok
12:38:51.0786 3364 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
12:38:51.0786 3364 IPNAT - ok
12:38:51.0818 3364 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
12:38:51.0818 3364 IRENUM - ok
12:38:51.0849 3364 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
12:38:51.0864 3364 isapnp - ok
12:38:51.0896 3364 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
12:38:51.0896 3364 iScsiPrt - ok
12:38:51.0942 3364 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
12:38:51.0942 3364 kbdclass - ok
12:38:51.0958 3364 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
12:38:51.0974 3364 kbdhid - ok
12:38:51.0989 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe
12:38:51.0989 3364 KeyIso - ok
12:38:52.0020 3364 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
12:38:52.0020 3364 KSecDD - ok
12:38:52.0052 3364 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
12:38:52.0052 3364 KSecPkg - ok
12:38:52.0083 3364 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
12:38:52.0098 3364 KtmRm - ok
12:38:52.0161 3364 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
12:38:52.0176 3364 LanmanServer - ok
12:38:52.0208 3364 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:38:52.0223 3364 LanmanWorkstation - ok
12:38:52.0379 3364 [ C5A28C73804571BF6966CA6B834175C1 ] LEC TranslateDotNet Server C:\Program Files\Power Translator 15\LogoMedia TranslateDotNet Server.exe
12:38:52.0442 3364 LEC TranslateDotNet Server - ok
12:38:52.0488 3364 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
12:38:52.0488 3364 lltdio - ok
12:38:52.0535 3364 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
12:38:52.0535 3364 lltdsvc - ok
12:38:52.0566 3364 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
12:38:52.0566 3364 lmhosts - ok
12:38:52.0613 3364 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
12:38:52.0629 3364 LSI_FC - ok
12:38:52.0644 3364 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
12:38:52.0660 3364 LSI_SAS - ok
12:38:52.0676 3364 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
12:38:52.0691 3364 LSI_SAS2 - ok
12:38:52.0707 3364 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
12:38:52.0722 3364 LSI_SCSI - ok
12:38:52.0738 3364 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
12:38:52.0738 3364 luafv - ok
12:38:52.0785 3364 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
12:38:52.0785 3364 megasas - ok
12:38:52.0816 3364 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
12:38:52.0816 3364 MegaSR - ok
12:38:52.0863 3364 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
12:38:52.0863 3364 MMCSS - ok
12:38:52.0894 3364 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
12:38:52.0894 3364 Modem - ok
12:38:52.0941 3364 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
12:38:52.0941 3364 monitor - ok
12:38:52.0956 3364 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
12:38:52.0956 3364 mouclass - ok
12:38:52.0988 3364 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
12:38:52.0988 3364 mouhid - ok
12:38:53.0003 3364 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
12:38:53.0003 3364 mountmgr - ok
12:38:53.0066 3364 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:38:53.0081 3364 MozillaMaintenance - ok
12:38:53.0128 3364 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
12:38:53.0128 3364 mpio - ok
12:38:53.0159 3364 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
12:38:53.0159 3364 mpsdrv - ok
12:38:53.0206 3364 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
12:38:53.0222 3364 MpsSvc - ok
12:38:53.0253 3364 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
12:38:53.0268 3364 MRxDAV - ok
12:38:53.0315 3364 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
12:38:53.0315 3364 mrxsmb - ok
12:38:53.0362 3364 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
12:38:53.0362 3364 mrxsmb10 - ok
12:38:53.0393 3364 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
12:38:53.0409 3364 mrxsmb20 - ok
12:38:53.0440 3364 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
12:38:53.0440 3364 msahci - ok
12:38:53.0471 3364 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
12:38:53.0471 3364 msdsm - ok
12:38:53.0487 3364 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
12:38:53.0502 3364 MSDTC - ok
12:38:53.0549 3364 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
12:38:53.0549 3364 Msfs - ok
12:38:53.0565 3364 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
12:38:53.0565 3364 mshidkmdf - ok
12:38:53.0580 3364 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
12:38:53.0580 3364 msisadrv - ok
12:38:53.0627 3364 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
12:38:53.0643 3364 MSiSCSI - ok
12:38:53.0658 3364 msiserver - ok
12:38:53.0690 3364 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
12:38:53.0690 3364 MSKSSRV - ok
12:38:53.0721 3364 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
12:38:53.0736 3364 MSPCLOCK - ok
12:38:53.0752 3364 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
12:38:53.0752 3364 MSPQM - ok
12:38:53.0783 3364 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
12:38:53.0783 3364 MsRPC - ok
12:38:53.0814 3364 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
12:38:53.0814 3364 mssmbios - ok
12:38:53.0846 3364 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
12:38:53.0861 3364 MSTEE - ok
12:38:53.0877 3364 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
12:38:53.0877 3364 MTConfig - ok
12:38:53.0908 3364 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
12:38:53.0908 3364 Mup - ok
12:38:53.0955 3364 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
12:38:53.0970 3364 napagent - ok
12:38:54.0033 3364 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
12:38:54.0033 3364 NativeWifiP - ok
12:38:54.0095 3364 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
12:38:54.0095 3364 NDIS - ok
12:38:54.0126 3364 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
12:38:54.0142 3364 NdisCap - ok
12:38:54.0173 3364 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
12:38:54.0173 3364 NdisTapi - ok
12:38:54.0204 3364 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
12:38:54.0220 3364 Ndisuio - ok
12:38:54.0236 3364 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
12:38:54.0251 3364 NdisWan - ok
12:38:54.0267 3364 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
12:38:54.0267 3364 NDProxy - ok
12:38:54.0298 3364 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
12:38:54.0298 3364 NetBIOS - ok
12:38:54.0345 3364 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
12:38:54.0345 3364 NetBT - ok
12:38:54.0376 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe
12:38:54.0376 3364 Netlogon - ok
12:38:54.0423 3364 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
12:38:54.0438 3364 Netman - ok
12:38:54.0485 3364 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
12:38:54.0485 3364 netprofm - ok
12:38:54.0532 3364 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:38:54.0532 3364 NetTcpPortSharing - ok
12:38:54.0579 3364 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
12:38:54.0579 3364 nfrd960 - ok
12:38:54.0610 3364 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
12:38:54.0626 3364 NlaSvc - ok
12:38:54.0657 3364 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
12:38:54.0657 3364 Npfs - ok
12:38:54.0688 3364 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
12:38:54.0704 3364 nsi - ok
12:38:54.0735 3364 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
12:38:54.0735 3364 nsiproxy - ok
12:38:54.0813 3364 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
12:38:54.0844 3364 Ntfs - ok
12:38:54.0875 3364 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
12:38:54.0875 3364 Null - ok
12:38:54.0922 3364 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\windows\system32\drivers\nvraid.sys
12:38:54.0922 3364 nvraid - ok
12:38:54.0953 3364 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\windows\system32\drivers\nvstor.sys
12:38:54.0969 3364 nvstor - ok
12:38:55.0000 3364 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
12:38:55.0016 3364 nv_agp - ok
12:38:55.0109 3364 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:38:55.0125 3364 odserv - ok
12:38:55.0156 3364 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
12:38:55.0156 3364 ohci1394 - ok
12:38:55.0187 3364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:38:55.0203 3364 ose - ok
12:38:55.0250 3364 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
12:38:55.0265 3364 p2pimsvc - ok
12:38:55.0312 3364 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
12:38:55.0328 3364 p2psvc - ok
12:38:55.0359 3364 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
12:38:55.0374 3364 Parport - ok
12:38:55.0406 3364 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\windows\system32\drivers\partmgr.sys
12:38:55.0406 3364 partmgr - ok
12:38:55.0437 3364 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
12:38:55.0437 3364 Parvdm - ok
12:38:55.0468 3364 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
12:38:55.0484 3364 PcaSvc - ok
12:38:55.0530 3364 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
12:38:55.0530 3364 pci - ok
12:38:55.0562 3364 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
12:38:55.0562 3364 pciide - ok
12:38:55.0608 3364 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
12:38:55.0608 3364 pcmcia - ok
12:38:55.0655 3364 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
12:38:55.0655 3364 pcw - ok
12:38:55.0702 3364 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
12:38:55.0702 3364 PEAUTH - ok
12:38:55.0811 3364 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
12:38:55.0842 3364 pla - ok
12:38:55.0889 3364 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
12:38:55.0905 3364 PlugPlay - ok
12:38:55.0936 3364 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
12:38:55.0952 3364 PNRPAutoReg - ok
12:38:55.0967 3364 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
12:38:55.0983 3364 PNRPsvc - ok
12:38:56.0030 3364 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
12:38:56.0030 3364 PolicyAgent - ok
12:38:56.0077 3364 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
12:38:56.0092 3364 Power - ok
12:38:56.0139 3364 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
12:38:56.0139 3364 PptpMiniport - ok
12:38:56.0170 3364 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
12:38:56.0170 3364 Processor - ok
12:38:56.0217 3364 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\windows\system32\profsvc.dll
12:38:56.0217 3364 ProfSvc - ok
12:38:56.0248 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
12:38:56.0248 3364 ProtectedStorage - ok
12:38:56.0295 3364 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
12:38:56.0295 3364 Psched - ok
12:38:56.0357 3364 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
12:38:56.0389 3364 ql2300 - ok
12:38:56.0420 3364 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
12:38:56.0420 3364 ql40xx - ok
12:38:56.0467 3364 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
12:38:56.0482 3364 QWAVE - ok
12:38:56.0513 3364 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
12:38:56.0513 3364 QWAVEdrv - ok
12:38:56.0545 3364 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
12:38:56.0545 3364 RasAcd - ok
12:38:56.0576 3364 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:38:56.0591 3364 RasAgileVpn - ok
12:38:56.0623 3364 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
12:38:56.0623 3364 RasAuto - ok
12:38:56.0669 3364 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:38:56.0669 3364 Rasl2tp - ok
12:38:56.0716 3364 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
12:38:56.0732 3364 RasMan - ok
12:38:56.0763 3364 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:38:56.0763 3364 RasPppoe - ok
12:38:56.0779 3364 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:38:56.0779 3364 RasSstp - ok
12:38:56.0810 3364 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:38:56.0825 3364 rdbss - ok
12:38:56.0841 3364 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
12:38:56.0841 3364 rdpbus - ok
12:38:56.0872 3364 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
12:38:56.0872 3364 RDPCDD - ok
12:38:56.0903 3364 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
12:38:56.0903 3364 RDPENCDD - ok
12:38:56.0935 3364 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
12:38:56.0935 3364 RDPREFMP - ok
12:38:56.0981 3364 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:38:56.0981 3364 RDPWD - ok
12:38:57.0028 3364 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:38:57.0044 3364 rdyboost - ok
12:38:57.0075 3364 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
12:38:57.0075 3364 RemoteAccess - ok
12:38:57.0122 3364 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:38:57.0122 3364 RemoteRegistry - ok
12:38:57.0184 3364 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
12:38:57.0184 3364 RFCOMM - ok
12:38:57.0247 3364 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:38:57.0247 3364 RpcEptMapper - ok
12:38:57.0293 3364 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
12:38:57.0293 3364 RpcLocator - ok
12:38:57.0325 3364 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
12:38:57.0340 3364 RpcSs - ok
12:38:57.0371 3364 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:38:57.0387 3364 rspndr - ok
12:38:57.0418 3364 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
12:38:57.0418 3364 RTL8167 - ok
12:38:57.0465 3364 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
12:38:57.0481 3364 SABI - ok
12:38:57.0496 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe
12:38:57.0496 3364 SamSs - ok
12:38:57.0527 3364 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
12:38:57.0543 3364 Samsung UPD Service - ok
12:38:57.0590 3364 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
12:38:57.0590 3364 sbp2port - ok
12:38:57.0637 3364 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
12:38:57.0637 3364 SCardSvr - ok
12:38:57.0668 3364 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:38:57.0668 3364 scfilter - ok
12:38:57.0715 3364 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
12:38:57.0730 3364 Schedule - ok
12:38:57.0761 3364 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
12:38:57.0761 3364 SCPolicySvc - ok
12:38:57.0808 3364 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:38:57.0808 3364 SDRSVC - ok
12:38:57.0855 3364 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
12:38:57.0855 3364 secdrv - ok
12:38:57.0902 3364 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
12:38:57.0902 3364 seclogon - ok
12:38:57.0933 3364 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
12:38:57.0933 3364 SENS - ok
12:38:57.0980 3364 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
12:38:57.0980 3364 Serenum - ok
12:38:58.0011 3364 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
12:38:58.0011 3364 Serial - ok
12:38:58.0027 3364 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
12:38:58.0027 3364 sermouse - ok
12:38:58.0089 3364 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
12:38:58.0105 3364 SessionEnv - ok
12:38:58.0120 3364 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
12:38:58.0136 3364 sffdisk - ok
12:38:58.0167 3364 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
12:38:58.0167 3364 sffp_mmc - ok
12:38:58.0183 3364 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
12:38:58.0183 3364 sffp_sd - ok
12:38:58.0214 3364 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
12:38:58.0214 3364 sfloppy - ok
12:38:58.0261 3364 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
12:38:58.0276 3364 SharedAccess - ok
12:38:58.0323 3364 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:38:58.0339 3364 ShellHWDetection - ok
12:38:58.0354 3364 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
12:38:58.0370 3364 sisagp - ok
12:38:58.0401 3364 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
12:38:58.0417 3364 SiSRaid2 - ok
12:38:58.0432 3364 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
12:38:58.0432 3364 SiSRaid4 - ok
12:38:58.0463 3364 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
12:38:58.0463 3364 Smb - ok
12:38:58.0526 3364 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:38:58.0541 3364 SNMPTRAP - ok
12:38:58.0557 3364 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
12:38:58.0557 3364 spldr - ok
12:38:58.0619 3364 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\windows\System32\spoolsv.exe
12:38:58.0635 3364 Spooler - ok
12:38:58.0760 3364 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
12:38:58.0822 3364 sppsvc - ok
12:38:58.0869 3364 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
12:38:58.0869 3364 sppuinotify - ok
12:38:58.0916 3364 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
12:38:58.0931 3364 srv - ok
12:38:58.0963 3364 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:38:58.0978 3364 srv2 - ok
12:38:58.0994 3364 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:38:58.0994 3364 srvnet - ok
12:38:59.0041 3364 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:38:59.0056 3364 SSDPSRV - ok
12:38:59.0072 3364 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
12:38:59.0072 3364 SstpSvc - ok
12:38:59.0103 3364 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
12:38:59.0119 3364 stexstor - ok
12:38:59.0150 3364 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\windows\system32\DRIVERS\serscan.sys
12:38:59.0150 3364 StillCam - ok
12:38:59.0197 3364 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
12:38:59.0228 3364 StiSvc - ok
12:38:59.0259 3364 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
12:38:59.0275 3364 swenum - ok
12:38:59.0321 3364 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
12:38:59.0337 3364 swprv - ok
12:38:59.0399 3364 [ 12966559C2E07CF430A610196BFE5438 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
12:38:59.0399 3364 SynTP - ok
12:38:59.0477 3364 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
12:38:59.0509 3364 SysMain - ok
12:38:59.0524 3364 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
12:38:59.0540 3364 TabletInputService - ok
12:38:59.0555 3364 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
12:38:59.0571 3364 TapiSrv - ok
12:38:59.0602 3364 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
12:38:59.0618 3364 TBS - ok
12:38:59.0696 3364 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:38:59.0727 3364 Tcpip - ok
12:38:59.0774 3364 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:38:59.0789 3364 TCPIP6 - ok
12:38:59.0821 3364 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:38:59.0836 3364 tcpipreg - ok
12:38:59.0852 3364 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
12:38:59.0867 3364 TDPIPE - ok
12:38:59.0883 3364 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
12:38:59.0899 3364 TDTCP - ok
12:38:59.0914 3364 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:38:59.0914 3364 tdx - ok
12:38:59.0945 3364 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
12:38:59.0961 3364 TermDD - ok
12:39:00.0008 3364 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
12:39:00.0023 3364 TermService - ok
12:39:00.0039 3364 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
12:39:00.0055 3364 Themes - ok
12:39:00.0070 3364 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
12:39:00.0086 3364 THREADORDER - ok
12:39:00.0133 3364 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
12:39:00.0133 3364 TrkWks - ok
12:39:00.0211 3364 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:39:00.0211 3364 TrustedInstaller - ok
12:39:00.0242 3364 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
12:39:00.0242 3364 tssecsrv - ok
12:39:00.0289 3364 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:39:00.0289 3364 tunnel - ok
12:39:00.0320 3364 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
12:39:00.0335 3364 uagp35 - ok
12:39:00.0382 3364 [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:39:00.0382 3364 udfs - ok
12:39:00.0429 3364 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
12:39:00.0445 3364 UI0Detect - ok
12:39:00.0491 3364 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
12:39:00.0491 3364 uliagpkx - ok
12:39:00.0523 3364 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
12:39:00.0523 3364 umbus - ok
12:39:00.0554 3364 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
12:39:00.0554 3364 UmPass - ok
12:39:00.0601 3364 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
12:39:00.0616 3364 upnphost - ok
12:39:00.0647 3364 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
12:39:00.0663 3364 usbccgp - ok
12:39:00.0694 3364 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
12:39:00.0694 3364 usbcir - ok
12:39:00.0741 3364 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\windows\system32\drivers\usbehci.sys
12:39:00.0741 3364 usbehci - ok
12:39:00.0772 3364 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
12:39:00.0788 3364 usbhub - ok
12:39:00.0803 3364 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\windows\system32\drivers\usbohci.sys
12:39:00.0819 3364 usbohci - ok
12:39:00.0835 3364 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
12:39:00.0835 3364 usbprint - ok
12:39:00.0866 3364 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
12:39:00.0866 3364 USBSTOR - ok
12:39:00.0897 3364 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\windows\system32\drivers\usbuhci.sys
12:39:00.0897 3364 usbuhci - ok
12:39:00.0959 3364 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
12:39:00.0959 3364 usbvideo - ok
12:39:01.0006 3364 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
12:39:01.0006 3364 UxSms - ok
12:39:01.0037 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe
12:39:01.0037 3364 VaultSvc - ok
12:39:01.0084 3364 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
12:39:01.0084 3364 vdrvroot - ok
12:39:01.0131 3364 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
12:39:01.0162 3364 vds - ok
12:39:01.0178 3364 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
12:39:01.0178 3364 vga - ok
12:39:01.0209 3364 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
12:39:01.0209 3364 VgaSave - ok
12:39:01.0240 3364 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
12:39:01.0256 3364 vhdmp - ok
12:39:01.0287 3364 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
12:39:01.0287 3364 viaagp - ok
12:39:01.0303 3364 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
12:39:01.0318 3364 ViaC7 - ok
12:39:01.0334 3364 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
12:39:01.0334 3364 viaide - ok
12:39:01.0365 3364 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
12:39:01.0365 3364 volmgr - ok
12:39:01.0381 3364 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:39:01.0396 3364 volmgrx - ok
12:39:01.0412 3364 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
12:39:01.0427 3364 volsnap - ok
12:39:01.0459 3364 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
12:39:01.0459 3364 vsmraid - ok
12:39:01.0537 3364 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
12:39:01.0552 3364 VSS - ok
12:39:01.0583 3364 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
12:39:01.0583 3364 vwifibus - ok
12:39:01.0615 3364 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:39:01.0615 3364 vwififlt - ok
12:39:01.0661 3364 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
12:39:01.0661 3364 vwifimp - ok
12:39:01.0677 3364 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
12:39:01.0693 3364 W32Time - ok
12:39:01.0724 3364 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
12:39:01.0724 3364 WacomPen - ok
12:39:01.0771 3364 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
12:39:01.0771 3364 WANARP - ok
12:39:01.0786 3364 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:39:01.0786 3364 Wanarpv6 - ok
12:39:01.0849 3364 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
12:39:01.0880 3364 wbengine - ok
12:39:01.0911 3364 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:39:01.0927 3364 WbioSrvc - ok
12:39:01.0973 3364 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\windows\System32\wcncsvc.dll
12:39:01.0973 3364 wcncsvc - ok
12:39:02.0005 3364 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:39:02.0020 3364 WcsPlugInService - ok
12:39:02.0067 3364 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
12:39:02.0067 3364 Wd - ok
12:39:02.0114 3364 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:39:02.0114 3364 Wdf01000 - ok
12:39:02.0145 3364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
12:39:02.0145 3364 WdiServiceHost - ok
12:39:02.0161 3364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
12:39:02.0176 3364 WdiSystemHost - ok
12:39:02.0223 3364 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\windows\System32\webclnt.dll
12:39:02.0223 3364 WebClient - ok
12:39:02.0270 3364 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
12:39:02.0285 3364 Wecsvc - ok
12:39:02.0301 3364 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
12:39:02.0317 3364 wercplsupport - ok
12:39:02.0363 3364 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
12:39:02.0363 3364 WerSvc - ok
12:39:02.0395 3364 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
12:39:02.0395 3364 WfpLwf - ok
12:39:02.0426 3364 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:39:02.0426 3364 WIMMount - ok
12:39:02.0488 3364 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:39:02.0504 3364 WinDefend - ok
12:39:02.0519 3364 WinHttpAutoProxySvc - ok
12:39:02.0582 3364 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:39:02.0597 3364 Winmgmt - ok
12:39:02.0660 3364 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
12:39:02.0691 3364 WinRM - ok
12:39:02.0785 3364 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
12:39:02.0800 3364 Wlansvc - ok
12:39:02.0863 3364 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:39:02.0863 3364 wlcrasvc - ok
12:39:02.0987 3364 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:39:03.0019 3364 wlidsvc - ok
12:39:03.0050 3364 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
12:39:03.0050 3364 WmiAcpi - ok
12:39:03.0097 3364 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:39:03.0097 3364 wmiApSrv - ok
12:39:03.0190 3364 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:39:03.0206 3364 WMPNetworkSvc - ok
12:39:03.0253 3364 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
12:39:03.0268 3364 WPCSvc - ok
12:39:03.0299 3364 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:39:03.0299 3364 WPDBusEnum - ok
12:39:03.0346 3364 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:39:03.0346 3364 ws2ifsl - ok
12:39:03.0393 3364 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\windows\System32\wscsvc.dll
12:39:03.0409 3364 wscsvc - ok
12:39:03.0440 3364 WSearch - ok
12:39:03.0549 3364 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
12:39:03.0596 3364 wuauserv - ok
12:39:03.0627 3364 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:39:03.0627 3364 WudfPf - ok
12:39:03.0658 3364 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
12:39:03.0674 3364 WUDFRd - ok
12:39:03.0721 3364 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:39:03.0736 3364 wudfsvc - ok
12:39:03.0752 3364 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
12:39:03.0767 3364 WwanSvc - ok
12:39:03.
TDSS.tdl3 seul a été détecté, Cure était coché,
nettoyage, redémarrage .... et le rapport:
12:38:36.0592 1396 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
12:38:36.0732 1396 ============================================================
12:38:36.0732 1396 Current date / time: 2012/08/29 12:38:36.0732
12:38:36.0732 1396 SystemInfo:
12:38:36.0732 1396
12:38:36.0732 1396 OS Version: 6.1.7600 ServicePack: 0.0
12:38:36.0732 1396 Product type: Workstation
12:38:36.0732 1396 ComputerName: JICESAMSUNG
12:38:36.0732 1396 UserName: Jean Claude
12:38:36.0732 1396 Windows directory: C:\windows
12:38:36.0732 1396 System windows directory: C:\windows
12:38:36.0732 1396 Processor architecture: Intel x86
12:38:36.0732 1396 Number of processors: 4
12:38:36.0732 1396 Page size: 0x1000
12:38:36.0732 1396 Boot type: Normal boot
12:38:36.0732 1396 ============================================================
12:38:37.0668 1396 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:38:37.0684 1396 ============================================================
12:38:37.0684 1396 \Device\Harddisk0\DR0:
12:38:37.0684 1396 MBR partitions:
12:38:37.0684 1396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:38:37.0684 1396 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAE00000
12:38:37.0700 1396 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAE33000, BlocksNum 0x101A4000
12:38:37.0700 1396 ============================================================
12:38:37.0746 1396 C: <-> \Device\Harddisk0\DR0\Partition2
12:38:37.0778 1396 D: <-> \Device\Harddisk0\DR0\Partition3
12:38:37.0793 1396 ============================================================
12:38:37.0793 1396 Initialize success
12:38:37.0793 1396 ============================================================
12:38:43.0784 3364 ============================================================
12:38:43.0784 3364 Scan started
12:38:43.0784 3364 Mode: Manual;
12:38:43.0784 3364 ============================================================
12:38:44.0345 3364 ================ Scan system memory ========================
12:38:44.0345 3364 System memory - ok
12:38:44.0345 3364 ================ Scan services =============================
12:38:44.0642 3364 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
12:38:44.0642 3364 1394ohci - ok
12:38:44.0720 3364 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
12:38:44.0735 3364 ACPI - ok
12:38:44.0766 3364 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
12:38:44.0766 3364 AcpiPmi - ok
12:38:44.0844 3364 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
12:38:44.0844 3364 adp94xx - ok
12:38:44.0876 3364 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
12:38:44.0876 3364 adpahci - ok
12:38:44.0907 3364 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
12:38:44.0907 3364 adpu320 - ok
12:38:44.0954 3364 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
12:38:44.0954 3364 AeLookupSvc - ok
12:38:45.0000 3364 [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD C:\windows\system32\drivers\afd.sys
12:38:45.0016 3364 AFD - ok
12:38:45.0047 3364 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
12:38:45.0047 3364 agp440 - ok
12:38:45.0110 3364 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
12:38:45.0110 3364 aic78xx - ok
12:38:45.0172 3364 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
12:38:45.0172 3364 ALG - ok
12:38:45.0203 3364 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
12:38:45.0203 3364 aliide - ok
12:38:45.0234 3364 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
12:38:45.0234 3364 amdagp - ok
12:38:45.0281 3364 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
12:38:45.0281 3364 amdide - ok
12:38:45.0312 3364 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
12:38:45.0312 3364 AmdK8 - ok
12:38:45.0328 3364 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
12:38:45.0344 3364 AmdPPM - ok
12:38:45.0390 3364 [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata C:\windows\system32\drivers\amdsata.sys
12:38:45.0390 3364 amdsata - ok
12:38:45.0437 3364 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
12:38:45.0437 3364 amdsbs - ok
12:38:45.0468 3364 [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata C:\windows\system32\drivers\amdxata.sys
12:38:45.0468 3364 amdxata - ok
12:38:45.0500 3364 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
12:38:45.0500 3364 AppID - ok
12:38:45.0546 3364 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
12:38:45.0546 3364 AppIDSvc - ok
12:38:45.0562 3364 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
12:38:45.0578 3364 Appinfo - ok
12:38:45.0609 3364 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
12:38:45.0609 3364 arc - ok
12:38:45.0624 3364 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
12:38:45.0640 3364 arcsas - ok
12:38:45.0687 3364 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
12:38:45.0687 3364 AsyncMac - ok
12:38:45.0718 3364 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
12:38:45.0718 3364 atapi - ok
12:38:45.0780 3364 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
12:38:45.0796 3364 AudioEndpointBuilder - ok
12:38:45.0812 3364 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
12:38:45.0827 3364 Audiosrv - ok
12:38:45.0843 3364 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
12:38:45.0858 3364 AxInstSV - ok
12:38:45.0905 3364 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
12:38:45.0921 3364 b06bdrv - ok
12:38:45.0952 3364 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
12:38:45.0968 3364 b57nd60x - ok
12:38:46.0092 3364 [ 2A61F5C96032AFDB0A6171CC591472F7 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
12:38:46.0155 3364 BCM43XX - ok
12:38:46.0186 3364 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
12:38:46.0202 3364 BDESVC - ok
12:38:46.0248 3364 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
12:38:46.0248 3364 Beep - ok
12:38:46.0311 3364 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
12:38:46.0326 3364 BFE - ok
12:38:46.0389 3364 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\windows\System32\qmgr.dll
12:38:46.0404 3364 BITS - ok
12:38:46.0436 3364 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
12:38:46.0436 3364 blbdrive - ok
12:38:46.0498 3364 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
12:38:46.0498 3364 bowser - ok
12:38:46.0514 3364 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
12:38:46.0514 3364 BrFiltLo - ok
12:38:46.0545 3364 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
12:38:46.0545 3364 BrFiltUp - ok
12:38:46.0592 3364 [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser C:\windows\System32\browser.dll
12:38:46.0592 3364 Browser - ok
12:38:46.0623 3364 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
12:38:46.0638 3364 Brserid - ok
12:38:46.0654 3364 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
12:38:46.0670 3364 BrSerWdm - ok
12:38:46.0701 3364 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
12:38:46.0701 3364 BrUsbMdm - ok
12:38:46.0732 3364 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
12:38:46.0732 3364 BrUsbSer - ok
12:38:46.0779 3364 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
12:38:46.0779 3364 BthEnum - ok
12:38:46.0810 3364 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
12:38:46.0810 3364 BTHMODEM - ok
12:38:46.0841 3364 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
12:38:46.0841 3364 BthPan - ok
12:38:46.0919 3364 [ 04CEDA17A195924070B01174CB1F9AF8 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
12:38:46.0919 3364 BTHPORT - ok
12:38:46.0950 3364 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
12:38:46.0950 3364 bthserv - ok
12:38:46.0997 3364 [ 80E6384BEEC03B8BD45EDEA29802D657 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
12:38:46.0997 3364 BTHUSB - ok
12:38:47.0044 3364 [ 525432CFD6D8C004860AF7ECD0A84234 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
12:38:47.0060 3364 btwampfl - ok
12:38:47.0075 3364 [ CF8799A563F734984D4E053CACEC1426 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
12:38:47.0091 3364 btwaudio - ok
12:38:47.0122 3364 [ 9ED9932043D599AEA04F6EA2D86964A1 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
12:38:47.0122 3364 btwavdt - ok
12:38:47.0231 3364 [ 7778C6BCAFF58C0E876B307514923A48 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:38:47.0247 3364 btwdins - ok
12:38:47.0325 3364 [ DE53089F0678CB5F0AFEB867ACB0FB05 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
12:38:47.0325 3364 btwl2cap - ok
12:38:47.0356 3364 [ 373D1BB0F7DC8F1931F9B7E0DE3E9A30 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
12:38:47.0356 3364 btwrchid - ok
12:38:47.0403 3364 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
12:38:47.0403 3364 cdfs - ok
12:38:47.0434 3364 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
12:38:47.0450 3364 cdrom - ok
12:38:47.0496 3364 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
12:38:47.0496 3364 CertPropSvc - ok
12:38:47.0543 3364 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
12:38:47.0543 3364 circlass - ok
12:38:47.0574 3364 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
12:38:47.0574 3364 CLFS - ok
12:38:47.0652 3364 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:38:47.0652 3364 clr_optimization_v2.0.50727_32 - ok
12:38:47.0730 3364 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:38:47.0746 3364 clr_optimization_v4.0.30319_32 - ok
12:38:47.0793 3364 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
12:38:47.0793 3364 CmBatt - ok
12:38:47.0808 3364 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
12:38:47.0808 3364 cmdide - ok
12:38:47.0855 3364 [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG C:\windows\system32\Drivers\cng.sys
12:38:47.0855 3364 CNG - ok
12:38:47.0902 3364 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
12:38:47.0902 3364 Compbatt - ok
12:38:47.0933 3364 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
12:38:47.0933 3364 CompositeBus - ok
12:38:47.0949 3364 COMSysApp - ok
12:38:47.0980 3364 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
12:38:47.0980 3364 crcdisk - ok
12:38:48.0027 3364 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\windows\system32\cryptsvc.dll
12:38:48.0027 3364 CryptSvc - ok
12:38:48.0074 3364 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
12:38:48.0105 3364 DcomLaunch - ok
12:38:48.0136 3364 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
12:38:48.0136 3364 defragsvc - ok
12:38:48.0183 3364 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\windows\system32\Drivers\dfsc.sys
12:38:48.0183 3364 DfsC - ok
12:38:48.0230 3364 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
12:38:48.0245 3364 Dhcp - ok
12:38:48.0292 3364 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
12:38:48.0292 3364 discache - ok
12:38:48.0323 3364 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
12:38:48.0323 3364 Disk - ok
12:38:48.0354 3364 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\windows\System32\dnsrslvr.dll
12:38:48.0354 3364 Dnscache - ok
12:38:48.0401 3364 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
12:38:48.0401 3364 dot3svc - ok
12:38:48.0417 3364 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
12:38:48.0432 3364 DPS - ok
12:38:48.0464 3364 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
12:38:48.0479 3364 drmkaud - ok
12:38:48.0526 3364 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\windows\system32\DRIVERS\dtsoftbus01.sys
12:38:48.0526 3364 dtsoftbus01 - ok
12:38:48.0588 3364 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
12:38:48.0604 3364 DXGKrnl - ok
12:38:48.0635 3364 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
12:38:48.0635 3364 EapHost - ok
12:38:48.0760 3364 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
12:38:48.0807 3364 ebdrv - ok
12:38:48.0854 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe
12:38:48.0854 3364 EFS - ok
12:38:48.0916 3364 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
12:38:48.0932 3364 elxstor - ok
12:38:48.0963 3364 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
12:38:48.0963 3364 ErrDev - ok
12:38:49.0025 3364 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
12:38:49.0041 3364 EventSystem - ok
12:38:49.0072 3364 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
12:38:49.0072 3364 exfat - ok
12:38:49.0103 3364 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
12:38:49.0103 3364 fastfat - ok
12:38:49.0166 3364 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
12:38:49.0181 3364 Fax - ok
12:38:49.0212 3364 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
12:38:49.0212 3364 fdc - ok
12:38:49.0275 3364 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
12:38:49.0275 3364 fdPHost - ok
12:38:49.0290 3364 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
12:38:49.0306 3364 FDResPub - ok
12:38:49.0337 3364 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
12:38:49.0337 3364 FileInfo - ok
12:38:49.0368 3364 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
12:38:49.0384 3364 Filetrace - ok
12:38:49.0415 3364 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
12:38:49.0431 3364 flpydisk - ok
12:38:49.0462 3364 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
12:38:49.0462 3364 FltMgr - ok
12:38:49.0524 3364 [ 7FE4995528A7529A761875151EE3D512 ] FontCache C:\windows\system32\FntCache.dll
12:38:49.0540 3364 FontCache - ok
12:38:49.0602 3364 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:38:49.0602 3364 FontCache3.0.0.0 - ok
12:38:49.0634 3364 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
12:38:49.0649 3364 FsDepends - ok
12:38:49.0680 3364 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
12:38:49.0696 3364 Fs_Rec - ok
12:38:49.0743 3364 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
12:38:49.0743 3364 fvevol - ok
12:38:49.0805 3364 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
12:38:49.0821 3364 gagp30kx - ok
12:38:49.0883 3364 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
12:38:49.0883 3364 gpsvc - ok
12:38:49.0977 3364 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:38:49.0977 3364 gupdate - ok
12:38:49.0992 3364 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:38:49.0992 3364 gupdatem - ok
12:38:50.0024 3364 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
12:38:50.0024 3364 hcw85cir - ok
12:38:50.0070 3364 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
12:38:50.0086 3364 HdAudAddService - ok
12:38:50.0117 3364 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
12:38:50.0117 3364 HDAudBus - ok
12:38:50.0148 3364 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
12:38:50.0148 3364 HidBatt - ok
12:38:50.0195 3364 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
12:38:50.0195 3364 HidBth - ok
12:38:50.0211 3364 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
12:38:50.0226 3364 HidIr - ok
12:38:50.0258 3364 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\system32\hidserv.dll
12:38:50.0273 3364 hidserv - ok
12:38:50.0304 3364 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
12:38:50.0304 3364 HidUsb - ok
12:38:50.0351 3364 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
12:38:50.0351 3364 hkmsvc - ok
12:38:50.0382 3364 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
12:38:50.0382 3364 HomeGroupListener - ok
12:38:50.0414 3364 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
12:38:50.0429 3364 HomeGroupProvider - ok
12:38:50.0460 3364 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
12:38:50.0460 3364 HpSAMD - ok
12:38:50.0507 3364 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
12:38:50.0523 3364 HTTP - ok
12:38:50.0538 3364 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
12:38:50.0538 3364 hwpolicy - ok
12:38:50.0570 3364 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
12:38:50.0570 3364 i8042prt - ok
12:38:50.0616 3364 [ D6F99F0C27C2A605C33B488EA057D81B ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
12:38:50.0632 3364 Suspicious file (Forged): C:\windows\system32\DRIVERS\iaStor.sys. Real md5: D6F99F0C27C2A605C33B488EA057D81B, Fake md5: D483687EACE0C065EE772481A96E05F5
12:38:50.0632 3364 iaStor ( Rootkit.Win32.TDSS.tdl3 ) - infected
12:38:50.0632 3364 iaStor - detected Rootkit.Win32.TDSS.tdl3 (0)
12:38:50.0663 3364 [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
12:38:50.0679 3364 iaStorV - ok
12:38:50.0757 3364 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:38:50.0772 3364 idsvc - ok
12:38:51.0006 3364 [ D0074897C6BC132F3980EA4654BF7FB9 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
12:38:51.0147 3364 igfx - ok
12:38:51.0194 3364 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
12:38:51.0194 3364 iirsp - ok
12:38:51.0240 3364 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
12:38:51.0256 3364 IKEEXT - ok
12:38:51.0396 3364 [ 8C92829CCAE93139B90C46389FBEF4CF ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
12:38:51.0490 3364 IntcAzAudAddService - ok
12:38:51.0521 3364 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
12:38:51.0521 3364 intelide - ok
12:38:51.0552 3364 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
12:38:51.0568 3364 intelppm - ok
12:38:51.0599 3364 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
12:38:51.0599 3364 IPBusEnum - ok
12:38:51.0630 3364 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
12:38:51.0630 3364 IpFilterDriver - ok
12:38:51.0677 3364 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
12:38:51.0708 3364 iphlpsvc - ok
12:38:51.0740 3364 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
12:38:51.0755 3364 IPMIDRV - ok
12:38:51.0786 3364 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
12:38:51.0786 3364 IPNAT - ok
12:38:51.0818 3364 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
12:38:51.0818 3364 IRENUM - ok
12:38:51.0849 3364 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
12:38:51.0864 3364 isapnp - ok
12:38:51.0896 3364 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
12:38:51.0896 3364 iScsiPrt - ok
12:38:51.0942 3364 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
12:38:51.0942 3364 kbdclass - ok
12:38:51.0958 3364 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
12:38:51.0974 3364 kbdhid - ok
12:38:51.0989 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe
12:38:51.0989 3364 KeyIso - ok
12:38:52.0020 3364 [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
12:38:52.0020 3364 KSecDD - ok
12:38:52.0052 3364 [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
12:38:52.0052 3364 KSecPkg - ok
12:38:52.0083 3364 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
12:38:52.0098 3364 KtmRm - ok
12:38:52.0161 3364 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\windows\system32\srvsvc.dll
12:38:52.0176 3364 LanmanServer - ok
12:38:52.0208 3364 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
12:38:52.0223 3364 LanmanWorkstation - ok
12:38:52.0379 3364 [ C5A28C73804571BF6966CA6B834175C1 ] LEC TranslateDotNet Server C:\Program Files\Power Translator 15\LogoMedia TranslateDotNet Server.exe
12:38:52.0442 3364 LEC TranslateDotNet Server - ok
12:38:52.0488 3364 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
12:38:52.0488 3364 lltdio - ok
12:38:52.0535 3364 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
12:38:52.0535 3364 lltdsvc - ok
12:38:52.0566 3364 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
12:38:52.0566 3364 lmhosts - ok
12:38:52.0613 3364 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
12:38:52.0629 3364 LSI_FC - ok
12:38:52.0644 3364 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
12:38:52.0660 3364 LSI_SAS - ok
12:38:52.0676 3364 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
12:38:52.0691 3364 LSI_SAS2 - ok
12:38:52.0707 3364 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
12:38:52.0722 3364 LSI_SCSI - ok
12:38:52.0738 3364 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
12:38:52.0738 3364 luafv - ok
12:38:52.0785 3364 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
12:38:52.0785 3364 megasas - ok
12:38:52.0816 3364 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
12:38:52.0816 3364 MegaSR - ok
12:38:52.0863 3364 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
12:38:52.0863 3364 MMCSS - ok
12:38:52.0894 3364 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
12:38:52.0894 3364 Modem - ok
12:38:52.0941 3364 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
12:38:52.0941 3364 monitor - ok
12:38:52.0956 3364 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
12:38:52.0956 3364 mouclass - ok
12:38:52.0988 3364 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
12:38:52.0988 3364 mouhid - ok
12:38:53.0003 3364 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
12:38:53.0003 3364 mountmgr - ok
12:38:53.0066 3364 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:38:53.0081 3364 MozillaMaintenance - ok
12:38:53.0128 3364 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
12:38:53.0128 3364 mpio - ok
12:38:53.0159 3364 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
12:38:53.0159 3364 mpsdrv - ok
12:38:53.0206 3364 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
12:38:53.0222 3364 MpsSvc - ok
12:38:53.0253 3364 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
12:38:53.0268 3364 MRxDAV - ok
12:38:53.0315 3364 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
12:38:53.0315 3364 mrxsmb - ok
12:38:53.0362 3364 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
12:38:53.0362 3364 mrxsmb10 - ok
12:38:53.0393 3364 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
12:38:53.0409 3364 mrxsmb20 - ok
12:38:53.0440 3364 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
12:38:53.0440 3364 msahci - ok
12:38:53.0471 3364 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
12:38:53.0471 3364 msdsm - ok
12:38:53.0487 3364 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
12:38:53.0502 3364 MSDTC - ok
12:38:53.0549 3364 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
12:38:53.0549 3364 Msfs - ok
12:38:53.0565 3364 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
12:38:53.0565 3364 mshidkmdf - ok
12:38:53.0580 3364 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
12:38:53.0580 3364 msisadrv - ok
12:38:53.0627 3364 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
12:38:53.0643 3364 MSiSCSI - ok
12:38:53.0658 3364 msiserver - ok
12:38:53.0690 3364 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
12:38:53.0690 3364 MSKSSRV - ok
12:38:53.0721 3364 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
12:38:53.0736 3364 MSPCLOCK - ok
12:38:53.0752 3364 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
12:38:53.0752 3364 MSPQM - ok
12:38:53.0783 3364 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
12:38:53.0783 3364 MsRPC - ok
12:38:53.0814 3364 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
12:38:53.0814 3364 mssmbios - ok
12:38:53.0846 3364 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
12:38:53.0861 3364 MSTEE - ok
12:38:53.0877 3364 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
12:38:53.0877 3364 MTConfig - ok
12:38:53.0908 3364 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
12:38:53.0908 3364 Mup - ok
12:38:53.0955 3364 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
12:38:53.0970 3364 napagent - ok
12:38:54.0033 3364 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
12:38:54.0033 3364 NativeWifiP - ok
12:38:54.0095 3364 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
12:38:54.0095 3364 NDIS - ok
12:38:54.0126 3364 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
12:38:54.0142 3364 NdisCap - ok
12:38:54.0173 3364 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
12:38:54.0173 3364 NdisTapi - ok
12:38:54.0204 3364 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
12:38:54.0220 3364 Ndisuio - ok
12:38:54.0236 3364 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
12:38:54.0251 3364 NdisWan - ok
12:38:54.0267 3364 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
12:38:54.0267 3364 NDProxy - ok
12:38:54.0298 3364 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
12:38:54.0298 3364 NetBIOS - ok
12:38:54.0345 3364 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
12:38:54.0345 3364 NetBT - ok
12:38:54.0376 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe
12:38:54.0376 3364 Netlogon - ok
12:38:54.0423 3364 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
12:38:54.0438 3364 Netman - ok
12:38:54.0485 3364 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
12:38:54.0485 3364 netprofm - ok
12:38:54.0532 3364 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:38:54.0532 3364 NetTcpPortSharing - ok
12:38:54.0579 3364 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
12:38:54.0579 3364 nfrd960 - ok
12:38:54.0610 3364 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
12:38:54.0626 3364 NlaSvc - ok
12:38:54.0657 3364 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
12:38:54.0657 3364 Npfs - ok
12:38:54.0688 3364 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
12:38:54.0704 3364 nsi - ok
12:38:54.0735 3364 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
12:38:54.0735 3364 nsiproxy - ok
12:38:54.0813 3364 [ 187002CE05693C306F43C873F821381F ] Ntfs C:\windows\system32\drivers\Ntfs.sys
12:38:54.0844 3364 Ntfs - ok
12:38:54.0875 3364 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
12:38:54.0875 3364 Null - ok
12:38:54.0922 3364 [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid C:\windows\system32\drivers\nvraid.sys
12:38:54.0922 3364 nvraid - ok
12:38:54.0953 3364 [ 4520B63899E867F354EE012D34E11536 ] nvstor C:\windows\system32\drivers\nvstor.sys
12:38:54.0969 3364 nvstor - ok
12:38:55.0000 3364 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
12:38:55.0016 3364 nv_agp - ok
12:38:55.0109 3364 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:38:55.0125 3364 odserv - ok
12:38:55.0156 3364 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
12:38:55.0156 3364 ohci1394 - ok
12:38:55.0187 3364 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:38:55.0203 3364 ose - ok
12:38:55.0250 3364 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
12:38:55.0265 3364 p2pimsvc - ok
12:38:55.0312 3364 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
12:38:55.0328 3364 p2psvc - ok
12:38:55.0359 3364 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
12:38:55.0374 3364 Parport - ok
12:38:55.0406 3364 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\windows\system32\drivers\partmgr.sys
12:38:55.0406 3364 partmgr - ok
12:38:55.0437 3364 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
12:38:55.0437 3364 Parvdm - ok
12:38:55.0468 3364 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
12:38:55.0484 3364 PcaSvc - ok
12:38:55.0530 3364 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
12:38:55.0530 3364 pci - ok
12:38:55.0562 3364 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
12:38:55.0562 3364 pciide - ok
12:38:55.0608 3364 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
12:38:55.0608 3364 pcmcia - ok
12:38:55.0655 3364 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
12:38:55.0655 3364 pcw - ok
12:38:55.0702 3364 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
12:38:55.0702 3364 PEAUTH - ok
12:38:55.0811 3364 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
12:38:55.0842 3364 pla - ok
12:38:55.0889 3364 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\windows\system32\umpnpmgr.dll
12:38:55.0905 3364 PlugPlay - ok
12:38:55.0936 3364 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
12:38:55.0952 3364 PNRPAutoReg - ok
12:38:55.0967 3364 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
12:38:55.0983 3364 PNRPsvc - ok
12:38:56.0030 3364 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
12:38:56.0030 3364 PolicyAgent - ok
12:38:56.0077 3364 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
12:38:56.0092 3364 Power - ok
12:38:56.0139 3364 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
12:38:56.0139 3364 PptpMiniport - ok
12:38:56.0170 3364 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
12:38:56.0170 3364 Processor - ok
12:38:56.0217 3364 [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc C:\windows\system32\profsvc.dll
12:38:56.0217 3364 ProfSvc - ok
12:38:56.0248 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
12:38:56.0248 3364 ProtectedStorage - ok
12:38:56.0295 3364 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
12:38:56.0295 3364 Psched - ok
12:38:56.0357 3364 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
12:38:56.0389 3364 ql2300 - ok
12:38:56.0420 3364 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
12:38:56.0420 3364 ql40xx - ok
12:38:56.0467 3364 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
12:38:56.0482 3364 QWAVE - ok
12:38:56.0513 3364 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
12:38:56.0513 3364 QWAVEdrv - ok
12:38:56.0545 3364 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
12:38:56.0545 3364 RasAcd - ok
12:38:56.0576 3364 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
12:38:56.0591 3364 RasAgileVpn - ok
12:38:56.0623 3364 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
12:38:56.0623 3364 RasAuto - ok
12:38:56.0669 3364 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
12:38:56.0669 3364 Rasl2tp - ok
12:38:56.0716 3364 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
12:38:56.0732 3364 RasMan - ok
12:38:56.0763 3364 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
12:38:56.0763 3364 RasPppoe - ok
12:38:56.0779 3364 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
12:38:56.0779 3364 RasSstp - ok
12:38:56.0810 3364 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
12:38:56.0825 3364 rdbss - ok
12:38:56.0841 3364 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
12:38:56.0841 3364 rdpbus - ok
12:38:56.0872 3364 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
12:38:56.0872 3364 RDPCDD - ok
12:38:56.0903 3364 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
12:38:56.0903 3364 RDPENCDD - ok
12:38:56.0935 3364 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
12:38:56.0935 3364 RDPREFMP - ok
12:38:56.0981 3364 [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
12:38:56.0981 3364 RDPWD - ok
12:38:57.0028 3364 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
12:38:57.0044 3364 rdyboost - ok
12:38:57.0075 3364 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
12:38:57.0075 3364 RemoteAccess - ok
12:38:57.0122 3364 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
12:38:57.0122 3364 RemoteRegistry - ok
12:38:57.0184 3364 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
12:38:57.0184 3364 RFCOMM - ok
12:38:57.0247 3364 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
12:38:57.0247 3364 RpcEptMapper - ok
12:38:57.0293 3364 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
12:38:57.0293 3364 RpcLocator - ok
12:38:57.0325 3364 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
12:38:57.0340 3364 RpcSs - ok
12:38:57.0371 3364 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
12:38:57.0387 3364 rspndr - ok
12:38:57.0418 3364 [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
12:38:57.0418 3364 RTL8167 - ok
12:38:57.0465 3364 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\windows\system32\Drivers\SABI.sys
12:38:57.0481 3364 SABI - ok
12:38:57.0496 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe
12:38:57.0496 3364 SamSs - ok
12:38:57.0527 3364 [ BD26A150DC292913E48EE2B950372DFD ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
12:38:57.0543 3364 Samsung UPD Service - ok
12:38:57.0590 3364 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
12:38:57.0590 3364 sbp2port - ok
12:38:57.0637 3364 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
12:38:57.0637 3364 SCardSvr - ok
12:38:57.0668 3364 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
12:38:57.0668 3364 scfilter - ok
12:38:57.0715 3364 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\windows\system32\schedsvc.dll
12:38:57.0730 3364 Schedule - ok
12:38:57.0761 3364 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
12:38:57.0761 3364 SCPolicySvc - ok
12:38:57.0808 3364 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
12:38:57.0808 3364 SDRSVC - ok
12:38:57.0855 3364 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
12:38:57.0855 3364 secdrv - ok
12:38:57.0902 3364 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
12:38:57.0902 3364 seclogon - ok
12:38:57.0933 3364 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\System32\sens.dll
12:38:57.0933 3364 SENS - ok
12:38:57.0980 3364 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
12:38:57.0980 3364 Serenum - ok
12:38:58.0011 3364 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
12:38:58.0011 3364 Serial - ok
12:38:58.0027 3364 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
12:38:58.0027 3364 sermouse - ok
12:38:58.0089 3364 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
12:38:58.0105 3364 SessionEnv - ok
12:38:58.0120 3364 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
12:38:58.0136 3364 sffdisk - ok
12:38:58.0167 3364 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
12:38:58.0167 3364 sffp_mmc - ok
12:38:58.0183 3364 [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
12:38:58.0183 3364 sffp_sd - ok
12:38:58.0214 3364 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
12:38:58.0214 3364 sfloppy - ok
12:38:58.0261 3364 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
12:38:58.0276 3364 SharedAccess - ok
12:38:58.0323 3364 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
12:38:58.0339 3364 ShellHWDetection - ok
12:38:58.0354 3364 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
12:38:58.0370 3364 sisagp - ok
12:38:58.0401 3364 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
12:38:58.0417 3364 SiSRaid2 - ok
12:38:58.0432 3364 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
12:38:58.0432 3364 SiSRaid4 - ok
12:38:58.0463 3364 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
12:38:58.0463 3364 Smb - ok
12:38:58.0526 3364 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
12:38:58.0541 3364 SNMPTRAP - ok
12:38:58.0557 3364 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
12:38:58.0557 3364 spldr - ok
12:38:58.0619 3364 [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler C:\windows\System32\spoolsv.exe
12:38:58.0635 3364 Spooler - ok
12:38:58.0760 3364 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
12:38:58.0822 3364 sppsvc - ok
12:38:58.0869 3364 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
12:38:58.0869 3364 sppuinotify - ok
12:38:58.0916 3364 [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv C:\windows\system32\DRIVERS\srv.sys
12:38:58.0931 3364 srv - ok
12:38:58.0963 3364 [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
12:38:58.0978 3364 srv2 - ok
12:38:58.0994 3364 [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
12:38:58.0994 3364 srvnet - ok
12:38:59.0041 3364 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
12:38:59.0056 3364 SSDPSRV - ok
12:38:59.0072 3364 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
12:38:59.0072 3364 SstpSvc - ok
12:38:59.0103 3364 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
12:38:59.0119 3364 stexstor - ok
12:38:59.0150 3364 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\windows\system32\DRIVERS\serscan.sys
12:38:59.0150 3364 StillCam - ok
12:38:59.0197 3364 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
12:38:59.0228 3364 StiSvc - ok
12:38:59.0259 3364 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
12:38:59.0275 3364 swenum - ok
12:38:59.0321 3364 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
12:38:59.0337 3364 swprv - ok
12:38:59.0399 3364 [ 12966559C2E07CF430A610196BFE5438 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
12:38:59.0399 3364 SynTP - ok
12:38:59.0477 3364 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
12:38:59.0509 3364 SysMain - ok
12:38:59.0524 3364 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
12:38:59.0540 3364 TabletInputService - ok
12:38:59.0555 3364 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
12:38:59.0571 3364 TapiSrv - ok
12:38:59.0602 3364 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
12:38:59.0618 3364 TBS - ok
12:38:59.0696 3364 [ 55E9965552741F3850CB22CBBA9671ED ] Tcpip C:\windows\system32\drivers\tcpip.sys
12:38:59.0727 3364 Tcpip - ok
12:38:59.0774 3364 [ 55E9965552741F3850CB22CBBA9671ED ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
12:38:59.0789 3364 TCPIP6 - ok
12:38:59.0821 3364 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
12:38:59.0836 3364 tcpipreg - ok
12:38:59.0852 3364 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
12:38:59.0867 3364 TDPIPE - ok
12:38:59.0883 3364 [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
12:38:59.0899 3364 TDTCP - ok
12:38:59.0914 3364 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
12:38:59.0914 3364 tdx - ok
12:38:59.0945 3364 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
12:38:59.0961 3364 TermDD - ok
12:39:00.0008 3364 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
12:39:00.0023 3364 TermService - ok
12:39:00.0039 3364 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
12:39:00.0055 3364 Themes - ok
12:39:00.0070 3364 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
12:39:00.0086 3364 THREADORDER - ok
12:39:00.0133 3364 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
12:39:00.0133 3364 TrkWks - ok
12:39:00.0211 3364 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
12:39:00.0211 3364 TrustedInstaller - ok
12:39:00.0242 3364 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
12:39:00.0242 3364 tssecsrv - ok
12:39:00.0289 3364 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
12:39:00.0289 3364 tunnel - ok
12:39:00.0320 3364 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
12:39:00.0335 3364 uagp35 - ok
12:39:00.0382 3364 [ EB0A7BD4D471AC3CE55564A4C55B9D8E ] udfs C:\windows\system32\DRIVERS\udfs.sys
12:39:00.0382 3364 udfs - ok
12:39:00.0429 3364 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
12:39:00.0445 3364 UI0Detect - ok
12:39:00.0491 3364 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
12:39:00.0491 3364 uliagpkx - ok
12:39:00.0523 3364 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
12:39:00.0523 3364 umbus - ok
12:39:00.0554 3364 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
12:39:00.0554 3364 UmPass - ok
12:39:00.0601 3364 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
12:39:00.0616 3364 upnphost - ok
12:39:00.0647 3364 [ 5C233AEFB566EE78C1EFBC0493FB066A ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
12:39:00.0663 3364 usbccgp - ok
12:39:00.0694 3364 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
12:39:00.0694 3364 usbcir - ok
12:39:00.0741 3364 [ 5B71019A6ACA0116FD21B368F19C0B91 ] usbehci C:\windows\system32\drivers\usbehci.sys
12:39:00.0741 3364 usbehci - ok
12:39:00.0772 3364 [ 5823D3965C2A4F6F785ED1A3B403F3B8 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
12:39:00.0788 3364 usbhub - ok
12:39:00.0803 3364 [ E753ED6C49DA13967EBABF9EA616454A ] usbohci C:\windows\system32\drivers\usbohci.sys
12:39:00.0819 3364 usbohci - ok
12:39:00.0835 3364 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
12:39:00.0835 3364 usbprint - ok
12:39:00.0866 3364 [ 1C4287739A93594E57E2A9E6A3ED7353 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
12:39:00.0866 3364 USBSTOR - ok
12:39:00.0897 3364 [ 6A30928A469CE802600E1EA8C0F2F53F ] usbuhci C:\windows\system32\drivers\usbuhci.sys
12:39:00.0897 3364 usbuhci - ok
12:39:00.0959 3364 [ B5F6A992D996282B7FAE7048E50AF83A ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
12:39:00.0959 3364 usbvideo - ok
12:39:01.0006 3364 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
12:39:01.0006 3364 UxSms - ok
12:39:01.0037 3364 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe
12:39:01.0037 3364 VaultSvc - ok
12:39:01.0084 3364 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
12:39:01.0084 3364 vdrvroot - ok
12:39:01.0131 3364 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
12:39:01.0162 3364 vds - ok
12:39:01.0178 3364 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
12:39:01.0178 3364 vga - ok
12:39:01.0209 3364 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
12:39:01.0209 3364 VgaSave - ok
12:39:01.0240 3364 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
12:39:01.0256 3364 vhdmp - ok
12:39:01.0287 3364 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
12:39:01.0287 3364 viaagp - ok
12:39:01.0303 3364 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
12:39:01.0318 3364 ViaC7 - ok
12:39:01.0334 3364 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
12:39:01.0334 3364 viaide - ok
12:39:01.0365 3364 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
12:39:01.0365 3364 volmgr - ok
12:39:01.0381 3364 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
12:39:01.0396 3364 volmgrx - ok
12:39:01.0412 3364 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
12:39:01.0427 3364 volsnap - ok
12:39:01.0459 3364 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
12:39:01.0459 3364 vsmraid - ok
12:39:01.0537 3364 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
12:39:01.0552 3364 VSS - ok
12:39:01.0583 3364 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
12:39:01.0583 3364 vwifibus - ok
12:39:01.0615 3364 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
12:39:01.0615 3364 vwififlt - ok
12:39:01.0661 3364 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
12:39:01.0661 3364 vwifimp - ok
12:39:01.0677 3364 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
12:39:01.0693 3364 W32Time - ok
12:39:01.0724 3364 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
12:39:01.0724 3364 WacomPen - ok
12:39:01.0771 3364 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
12:39:01.0771 3364 WANARP - ok
12:39:01.0786 3364 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
12:39:01.0786 3364 Wanarpv6 - ok
12:39:01.0849 3364 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
12:39:01.0880 3364 wbengine - ok
12:39:01.0911 3364 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
12:39:01.0927 3364 WbioSrvc - ok
12:39:01.0973 3364 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\windows\System32\wcncsvc.dll
12:39:01.0973 3364 wcncsvc - ok
12:39:02.0005 3364 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
12:39:02.0020 3364 WcsPlugInService - ok
12:39:02.0067 3364 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
12:39:02.0067 3364 Wd - ok
12:39:02.0114 3364 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
12:39:02.0114 3364 Wdf01000 - ok
12:39:02.0145 3364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
12:39:02.0145 3364 WdiServiceHost - ok
12:39:02.0161 3364 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
12:39:02.0176 3364 WdiSystemHost - ok
12:39:02.0223 3364 [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient C:\windows\System32\webclnt.dll
12:39:02.0223 3364 WebClient - ok
12:39:02.0270 3364 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
12:39:02.0285 3364 Wecsvc - ok
12:39:02.0301 3364 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
12:39:02.0317 3364 wercplsupport - ok
12:39:02.0363 3364 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
12:39:02.0363 3364 WerSvc - ok
12:39:02.0395 3364 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
12:39:02.0395 3364 WfpLwf - ok
12:39:02.0426 3364 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
12:39:02.0426 3364 WIMMount - ok
12:39:02.0488 3364 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:39:02.0504 3364 WinDefend - ok
12:39:02.0519 3364 WinHttpAutoProxySvc - ok
12:39:02.0582 3364 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
12:39:02.0597 3364 Winmgmt - ok
12:39:02.0660 3364 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
12:39:02.0691 3364 WinRM - ok
12:39:02.0785 3364 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
12:39:02.0800 3364 Wlansvc - ok
12:39:02.0863 3364 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:39:02.0863 3364 wlcrasvc - ok
12:39:02.0987 3364 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:39:03.0019 3364 wlidsvc - ok
12:39:03.0050 3364 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
12:39:03.0050 3364 WmiAcpi - ok
12:39:03.0097 3364 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
12:39:03.0097 3364 wmiApSrv - ok
12:39:03.0190 3364 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:39:03.0206 3364 WMPNetworkSvc - ok
12:39:03.0253 3364 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
12:39:03.0268 3364 WPCSvc - ok
12:39:03.0299 3364 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
12:39:03.0299 3364 WPDBusEnum - ok
12:39:03.0346 3364 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
12:39:03.0346 3364 ws2ifsl - ok
12:39:03.0393 3364 [ A661A76333057B383A06E65F0073222F ] wscsvc C:\windows\System32\wscsvc.dll
12:39:03.0409 3364 wscsvc - ok
12:39:03.0440 3364 WSearch - ok
12:39:03.0549 3364 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
12:39:03.0596 3364 wuauserv - ok
12:39:03.0627 3364 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
12:39:03.0627 3364 WudfPf - ok
12:39:03.0658 3364 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
12:39:03.0674 3364 WUDFRd - ok
12:39:03.0721 3364 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
12:39:03.0736 3364 wudfsvc - ok
12:39:03.0752 3364 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
12:39:03.0767 3364 WwanSvc - ok
12:39:03.
Excusez moi, mais je n'avais pas vu que le rapport était aussi long ...
Voici le lien:
https://pjjoint.malekal.com/files.php?id=20120829_m14g8s5z9d12
Voici le lien:
https://pjjoint.malekal.com/files.php?id=20120829_m14g8s5z9d12
je suis en train d'etudier ton rapport de pre_scan et je suis etonné de ne pas en voir signe de ce rootkit pourri....
edit::
ah si !!! j'ai raté son signe de vie dans la partie MBR....
bref :
<
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
edit::
ah si !!! j'ai raté son signe de vie dans la partie MBR....
bref :
<
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
Voilà le rapport log de Malwarebytes après la suppression des objets infectés:
2012/08/29 16:33:45 +0200 JICESAMSUNG Jean Claude MESSAGE Starting protection
2012/08/29 16:33:53 +0200 JICESAMSUNG Jean Claude MESSAGE Protection started successfully
2012/08/29 16:33:56 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/29 16:34:05 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
2012/08/29 16:34:14 +0200 JICESAMSUNG Jean Claude MESSAGE Starting database refresh
2012/08/29 16:34:14 +0200 JICESAMSUNG Jean Claude MESSAGE Stopping IP protection
2012/08/29 16:43:46 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection stopped
2012/08/29 16:43:53 +0200 JICESAMSUNG Jean Claude MESSAGE Database refreshed successfully
2012/08/29 16:43:53 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/29 16:44:02 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
2012/08/29 18:14:21 +0200 JICESAMSUNG Jean Claude MESSAGE Executing scheduled update: Daily
2012/08/29 18:14:21 +0200 JICESAMSUNG Jean Claude MESSAGE Starting protection
2012/08/29 18:14:31 +0200 JICESAMSUNG Jean Claude MESSAGE Database already up-to-date
2012/08/29 18:14:37 +0200 JICESAMSUNG Jean Claude MESSAGE Protection started successfully
2012/08/29 18:14:40 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/29 18:14:53 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
Nota: il a supprimé Winlogon.exe qui avait été téléchargé dans "Téléchargement" et copié sur le bureau ? Programme pris pour nuisible, sûrement dans l'ordre des choses ...
Il semble que votre aide est courronnée de succès ?
2012/08/29 16:33:45 +0200 JICESAMSUNG Jean Claude MESSAGE Starting protection
2012/08/29 16:33:53 +0200 JICESAMSUNG Jean Claude MESSAGE Protection started successfully
2012/08/29 16:33:56 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/29 16:34:05 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
2012/08/29 16:34:14 +0200 JICESAMSUNG Jean Claude MESSAGE Starting database refresh
2012/08/29 16:34:14 +0200 JICESAMSUNG Jean Claude MESSAGE Stopping IP protection
2012/08/29 16:43:46 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection stopped
2012/08/29 16:43:53 +0200 JICESAMSUNG Jean Claude MESSAGE Database refreshed successfully
2012/08/29 16:43:53 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/29 16:44:02 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
2012/08/29 18:14:21 +0200 JICESAMSUNG Jean Claude MESSAGE Executing scheduled update: Daily
2012/08/29 18:14:21 +0200 JICESAMSUNG Jean Claude MESSAGE Starting protection
2012/08/29 18:14:31 +0200 JICESAMSUNG Jean Claude MESSAGE Database already up-to-date
2012/08/29 18:14:37 +0200 JICESAMSUNG Jean Claude MESSAGE Protection started successfully
2012/08/29 18:14:40 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/29 18:14:53 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
Nota: il a supprimé Winlogon.exe qui avait été téléchargé dans "Téléchargement" et copié sur le bureau ? Programme pris pour nuisible, sûrement dans l'ordre des choses ...
Il semble que votre aide est courronnée de succès ?
Bonsoir,
J'ai relancé Malwarebytes, dans l'onglet "Rapport/Logs" il y a 3 fichiers .txt
J'en ai posté un , celui récupéré après suppression, qui ne serait pas le bon rapport ?
Voilà les 2 autres:
Rapport "B" :
Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org
Version de la base de données: v2012.08.29.05
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Jean Claude :: JICESAMSUNG [administrateur]
Protection: Activé
29/08/2012 16:35:46
mbam-log-2012-08-29 (16-35-46).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 344776
Temps écoulé: 1 heure(s), 22 minute(s), 50 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Users\Jean Claude\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Jean Claude\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.
(fin)
Rapport "C" :
2012/08/30 08:29:08 +0200 JICESAMSUNG Jean Claude MESSAGE Starting protection
2012/08/30 08:29:17 +0200 JICESAMSUNG Jean Claude MESSAGE Protection started successfully
2012/08/30 08:29:20 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/30 08:29:29 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
2012/08/30 16:15:12 +0200 JICESAMSUNG Jean Claude MESSAGE Executing scheduled update: Daily
2012/08/30 16:15:34 +0200 JICESAMSUNG Jean Claude MESSAGE Scheduled update executed successfully: database updated from version v2012.08.29.05 to version v2012.08.30.03
2012/08/30 16:15:34 +0200 JICESAMSUNG Jean Claude MESSAGE Starting database refresh
2012/08/30 16:15:34 +0200 JICESAMSUNG Jean Claude MESSAGE Stopping IP protection
2012/08/30 22:01:23 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection stopped
2012/08/30 22:01:30 +0200 JICESAMSUNG Jean Claude MESSAGE Database refreshed successfully
2012/08/30 22:01:30 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/30 22:01:39 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
Ce rapport "C" est d'aujourd'hui ? Malwarebytes reste en surveillance ?
L'ordi est-it éradiqué ?
J'ai relancé Malwarebytes, dans l'onglet "Rapport/Logs" il y a 3 fichiers .txt
J'en ai posté un , celui récupéré après suppression, qui ne serait pas le bon rapport ?
Voilà les 2 autres:
Rapport "B" :
Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org
Version de la base de données: v2012.08.29.05
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Jean Claude :: JICESAMSUNG [administrateur]
Protection: Activé
29/08/2012 16:35:46
mbam-log-2012-08-29 (16-35-46).txt
Type d'examen: Examen complet (C:\|D:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 344776
Temps écoulé: 1 heure(s), 22 minute(s), 50 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Users\Jean Claude\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Jean Claude\Downloads\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.
(fin)
Rapport "C" :
2012/08/30 08:29:08 +0200 JICESAMSUNG Jean Claude MESSAGE Starting protection
2012/08/30 08:29:17 +0200 JICESAMSUNG Jean Claude MESSAGE Protection started successfully
2012/08/30 08:29:20 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/30 08:29:29 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
2012/08/30 16:15:12 +0200 JICESAMSUNG Jean Claude MESSAGE Executing scheduled update: Daily
2012/08/30 16:15:34 +0200 JICESAMSUNG Jean Claude MESSAGE Scheduled update executed successfully: database updated from version v2012.08.29.05 to version v2012.08.30.03
2012/08/30 16:15:34 +0200 JICESAMSUNG Jean Claude MESSAGE Starting database refresh
2012/08/30 16:15:34 +0200 JICESAMSUNG Jean Claude MESSAGE Stopping IP protection
2012/08/30 22:01:23 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection stopped
2012/08/30 22:01:30 +0200 JICESAMSUNG Jean Claude MESSAGE Database refreshed successfully
2012/08/30 22:01:30 +0200 JICESAMSUNG Jean Claude MESSAGE Starting IP protection
2012/08/30 22:01:39 +0200 JICESAMSUNG Jean Claude MESSAGE IP Protection started successfully
Ce rapport "C" est d'aujourd'hui ? Malwarebytes reste en surveillance ?
L'ordi est-it éradiqué ?
Non, pas d'autres soucis, l'ordi tourne "rond", les fenêtres intempestives n'ont plus lieu.
L'éradication semble être un succès, mille mille mercis
Et ce "Rootkit" qu'est-ce que c'est ? et d'où vient-il ?
En bas de la fenêtre d'où j'écris, il est marqué (à cocher ou non ?):
"Tout accepter" "éradication" Roolkit" Bing"
dans quel but ?
Sûr, vous m'avez bien aidé, encore merci à vous et au site "Commantcamarche"
Bonne journée
Demain, suite à l'envoi de ce dernier message et votre éventuelle réponse, je signalerai mon problème comme résolut
MERCI
L'éradication semble être un succès, mille mille mercis
Et ce "Rootkit" qu'est-ce que c'est ? et d'où vient-il ?
En bas de la fenêtre d'où j'écris, il est marqué (à cocher ou non ?):
"Tout accepter" "éradication" Roolkit" Bing"
dans quel but ?
Sûr, vous m'avez bien aidé, encore merci à vous et au site "Commantcamarche"
Bonne journée
Demain, suite à l'envoi de ce dernier message et votre éventuelle réponse, je signalerai mon problème comme résolut
MERCI
La fenêtre de réponse .... voir la capture de ma présente réponse selon le lien:
https://pjjoint.malekal.com/files.php?id=20120831_h15l6x10j13d13
https://pjjoint.malekal.com/files.php?id=20120831_h15l6x10j13d13
Bonjour,
Excusez-moi pour ma reprise tardive ... le temps passe si vite ...
Merci pour votre aide, virus éradiqué, mon ordi est OK
pour ce que je vous indiquais :
"En bas de la fenêtre d'où j'écris, il est marqué (à cocher ou non ?):
"Tout accepter" "éradication" Roolkit" Bing"
dans quel but ? "
Ces indication apparaissent sous la fenêtre de saisie ... Sous celui que j'écris actuellement apparait 1case "Tout accepter" et une case "virus" .... et puis il vient de s'ajouter 2autres cases "éradication" et "bing" ... La case "Tout accepter" est avec un fond vert. A droite de l'ensemble de ces cases il y a un bouton (rond gris avec une croix) où le curseur indique, s'il y est pointé, "tout annuler"
Mais bon, cela n'a certainement pas une grande importance dans l'utilisation du forum ..... Cela m'a juste intrigué ?
Encore merci, je signale l'infection par: Win32:Alueron-RJ [Rtk] comme RESOLUE
Excusez-moi pour ma reprise tardive ... le temps passe si vite ...
Merci pour votre aide, virus éradiqué, mon ordi est OK
pour ce que je vous indiquais :
"En bas de la fenêtre d'où j'écris, il est marqué (à cocher ou non ?):
"Tout accepter" "éradication" Roolkit" Bing"
dans quel but ? "
Ces indication apparaissent sous la fenêtre de saisie ... Sous celui que j'écris actuellement apparait 1case "Tout accepter" et une case "virus" .... et puis il vient de s'ajouter 2autres cases "éradication" et "bing" ... La case "Tout accepter" est avec un fond vert. A droite de l'ensemble de ces cases il y a un bouton (rond gris avec une croix) où le curseur indique, s'il y est pointé, "tout annuler"
Mais bon, cela n'a certainement pas une grande importance dans l'utilisation du forum ..... Cela m'a juste intrigué ?
Encore merci, je signale l'infection par: Win32:Alueron-RJ [Rtk] comme RESOLUE
