Sujet Précédent Sujet Suivant

Comment désinfecter mon ordinateur ?

Fermé
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012 - Modifié par Ioan3369 le 15/11/2012 à 22:45
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 - 29 nov. 2012 à 11:50
Bonjour,

J'ai eu récemment une infection par le "virus de la gendarmerie". J'ai éteint immédiatement l'ordinateur et ai pu le faire redémarrer normalement sans manipulation aucune. Cependant, je ne sais pas si je suis vraiment désinfecté. J'ai lancé Avira Free Antivirus, qui trouve un objet caché et un "TR/Rookit.Gen" quand l'ordinateur redémarre après le scan et la mise en quarantaine, Avira affiche "erreur" et je constate que, comme si le scan n'avait pas eu lieu, le "TR/Rookit.Gen" n'est pas en quarantaine.

Depuis l'attaque du virus de la gendarmerie, je trouve que mon ordi est plus lent, et depuis plusieurs semaine déjà, j'ai parfois des difficultés au démarrage : parfois Windows me dit que je ne peux pas démarrer, mais finit par le faire au bout de plusieurs tentatives.

Bref, j'ai donc décidé de me mettre à désinfecter mon ordinateur, qui a l'air visiblement mal en point. J'ai installé les versions les plus récents d'Adobe flash player et de Java et désinstallé les anciennes, pour éviter les failles de logiciels mal mis à jour.

Comment puis-je efficacement savoir si mon ordinateur est infecté et par quoi ? Comment ensuite les supprimer efficacement ?

Je précise que j'ai installé HiJackThis pour faire un rapport des infections, mais je ne comprends pas vraiment comment ça marche...

Merci de me répondre. N'hésitez pas éventuellement expliquer longuement, n'étant pas très bon en informatique. Merci beaucoup !

A voir également:

33 réponses

  • 1
  • 2
Réponse 1 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
15 nov. 2012 à 22:56
@Ioan

Fais ce que je t'ai demandé, c'est plus sûr

Smart
3
Utilisateur anonyme
15 nov. 2012 à 23:09
c'est clair ! ^^
0
Réponse 2 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
Modifié par Smart91 le 15/11/2012 à 22:45
Bonjour,

On va voir cela

* Télécharge sur le bureau RogueKiller (par tigzy)
* Quitte tous les programmes en cours
* Lance RogueKiller.exe.
* Attendre la fin du Prescan ...
* Clique sur Scan.
* A la fin du scan Clique sur Rapport. Copie et colle le rapport dans ta réponse

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
1
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012
15 nov. 2012 à 23:06
Merci de ta réponse si rapide Smart, je vais faire ça et je posterai le rapport. A bientôt !
0
Réponse 3 / 33
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012
15 nov. 2012 à 23:14
Voici comme prévu le rapport que j'obtiens :


RogueKiller V8.2.3 [07/11/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Website: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Antoine [Droits d'admin]
Mode : Recherche -- Date : 15/11/2012 23:17:27

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 4 ¤¤¤
[TASK][SUSP PATH] Norton Internet Security - Analyse système complète - Antoine : C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> TROUVÉ
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (172.16.0.254:3128) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82E6DF73 -> HOOKED (Unknown @ 0x8DAE38F8)
SSDT[14] : NtAlertThread @ 0x82E6DF1B -> HOOKED (Unknown @ 0x8DAB1560)
SSDT[18] : NtAllocateVirtualMemory @ 0x82DC98AD -> HOOKED (Unknown @ 0x8DAB4E80)
SSDT[48] : NtClose @ 0x82DDCB98 -> HOOKED (Unknown @ 0x8D43E45C)
SSDT[54] : NtConnectPort @ 0x82E213C7 -> HOOKED (Unknown @ 0x8DA42980)
SSDT[67] : NtCreateMutant @ 0x82E16947 -> HOOKED (Unknown @ 0x8DA5E4B0)
SSDT[75] : NtCreateSection @ 0x82E036E3 -> HOOKED (Unknown @ 0x8D43E466)
SSDT[78] : NtCreateThread @ 0x82E6BC9B -> HOOKED (Unknown @ 0x8D9E89B0)
SSDT[129] : NtDuplicateObject @ 0x82E12B75 -> HOOKED (Unknown @ 0x8D43E457)
SSDT[147] : NtFreeVirtualMemory @ 0x82C774E3 -> HOOKED (Unknown @ 0x8DA52760)
SSDT[156] : NtImpersonateAnonymousToken @ 0x82DA85C5 -> HOOKED (Unknown @ 0x8DA5E580)
SSDT[158] : NtImpersonateThread @ 0x82DAF964 -> HOOKED (Unknown @ 0x8DA5E640)
SSDT[177] : NtMapViewOfSection @ 0x82E0A9C1 -> HOOKED (Unknown @ 0x8DAB1620)
SSDT[184] : NtOpenEvent @ 0x82E0D359 -> HOOKED (Unknown @ 0x8DA5ED18)
SSDT[194] : NtOpenProcess @ 0x82DEA7BA -> HOOKED (Unknown @ 0x8D43E3F8)
SSDT[195] : NtOpenProcessToken @ 0x82E20DBD -> HOOKED (Unknown @ 0x8DA42B68)
SSDT[201] : NtOpenThread @ 0x82E25B36 -> HOOKED (Unknown @ 0x8D43E3FD)
SSDT[202] : NtOpenThreadToken @ 0x82DE8BFB -> HOOKED (Unknown @ 0x8DAB7328)
SSDT[275] : NtRequestWaitReplyPort @ 0x82DE7E8F -> HOOKED (Unknown @ 0x8D43E470)
SSDT[281] : NtResumeThread @ 0x82E0A384 -> HOOKED (Unknown @ 0x8DBF97C0)
SSDT[293] : NtSetContextThread @ 0x82E6D017 -> HOOKED (Unknown @ 0x8D43E46B)
SSDT[309] : NtSetInformationProcess @ 0x82DD19DA -> HOOKED (Unknown @ 0x8DB2E4C0)
SSDT[310] : NtSetInformationThread @ 0x82DDF91C -> HOOKED (Unknown @ 0x8DAB71D0)
SSDT[318] : NtSetSecurityObject @ 0x82DAF1F1 -> HOOKED (Unknown @ 0x8D43E475)
SSDT[334] : NtSuspendProcess @ 0x82E6DE5F -> HOOKED (Unknown @ 0x8DA5EC38)
SSDT[335] : NtSuspendThread @ 0x82E25930 -> HOOKED (Unknown @ 0x8DAB9DA8)
SSDT[336] : NtSystemDebugControl @ 0x82E981B0 -> HOOKED (Unknown @ 0x8D43E47A)
SSDT[338] : NtTerminateProcess @ 0x82DB8CEC -> HOOKED (Unknown @ 0x8D43E407)
SSDT[339] : NtTerminateThread @ 0x82DB79F6 -> HOOKED (Unknown @ 0x8DBCEE88)
SSDT[352] : NtUnmapViewOfSection @ 0x82E0C877 -> HOOKED (Unknown @ 0x8DAAD090)
SSDT[362] : NtWriteVirtualMemory @ 0x82DF71EE -> HOOKED (Unknown @ 0x8DAAFDC8)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8D43E48E)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8D43E493)
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8531C1F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8531C1F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8531C1F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8531C1F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8531C1F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8531C1F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x8531C1F8)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

::1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS ATA Device +++++
--- User ---
[MBR] 153740022eff6170ca4e0c84247c1ef3
[BSP] fd6e624551744bb8afac36f09936aab0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 8197 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 144429 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_15112012_231727.txt >>
RKreport[1]_S_15112012_231727.txt
0
Réponse 4 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
Modifié par Smart91 le 15/11/2012 à 23:27
* Lance RogueKiller.exe.
* Attendre la fin du Prescan ...
* Clique sur Scan.
* A la fin du scan
* Clique sur Proxy RAZ. Clique sur Rapport. Copier et coller le rapport dans ta réponse

Ensuite

Tu vas faire ceci pour vérifier quelque chose:

* Télécharge TDSSKiller (de Kaspersky Labs) sur ton Bureau.
* Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur")
* Clique sur Start Scan pour démarrer l'analyse.
* Si TDSS.tdl2 : l'option Delete sera cochée.
* Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
* Si "Suspicious object" laisse l'option cochée sur Skip
* Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas
* Ensuite, clique sur Continue puis sur Reboot Now si nécessaire.
* Un rapport s'ouvrira au redémarrage de l'ordinateur.
* Copie/colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 33
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012
Modifié par Ioan3369 le 15/11/2012 à 23:45
@Smart

J'ai fait un scan avec TDSSKILLER mais il ne me trouve que deux "suspicious objects". J'ai donc laissé Skip et n'ai pas eu besoin de redémarrer.

23:41:00.0956 4712 Detected object count: 2
23:41:00.0956 4712 Actual detected object count: 2
23:41:25.0675 4712 hhdttcw ( LockedService.Multi.Generic ) - skipped by user
23:41:25.0675 4712 hhdttcw ( LockedService.Multi.Generic ) - User select action: Skip
23:41:25.0691 4712 sptd ( LockedFile.Multi.Generic ) - skipped by user
23:41:25.0691 4712 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
0
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012
Modifié par Ioan3369 le 15/11/2012 à 23:46
Voilà le rapport de RogueKiller, en cliquant sur ProxyRAZ je crois que quelque chose a été supprimé

RogueKiller V8.2.3 [07/11/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Website: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Antoine [Droits d'admin]
Mode : Proxy RAZ -- Date : 15/11/2012 23:50:36

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 0 ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤

Termine : << RKreport[4]_PR_15112012_235036.txt >>
RKreport[1]_S_15112012_231727.txt ; RKreport[2]_S_15112012_235015.txt ; RKreport[3]_PR_15112012_235019.txt ; RKreport[4]_PR_15112012_235036.txt
0
Réponse 6 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
16 nov. 2012 à 00:25
Peux-tu poster le rapport TDSSKIller au complet

Smart
0
Réponse 7 / 33
Ioan3369
16 nov. 2012 à 08:28
@ Smart

Voilà le rapport complet :


23:37:27.0741 1416 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:37:29.0788 1416 ============================================================
23:37:29.0788 1416 Current date / time: 2012/11/15 23:37:29.0788
23:37:29.0788 1416 SystemInfo:
23:37:29.0788 1416
23:37:29.0788 1416 OS Version: 6.0.6000 ServicePack: 0.0
23:37:29.0788 1416 Product type: Workstation
23:37:29.0788 1416 ComputerName: PC-DE-ANTOINE
23:37:29.0788 1416 UserName: Antoine
23:37:29.0788 1416 Windows directory: C:\Windows
23:37:29.0788 1416 System windows directory: C:\Windows
23:37:29.0788 1416 Processor architecture: Intel x86
23:37:29.0788 1416 Number of processors: 2
23:37:29.0788 1416 Page size: 0x1000
23:37:29.0788 1416 Boot type: Normal boot
23:37:29.0788 1416 ============================================================
23:37:33.0772 1416 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:37:33.0850 1416 ============================================================
23:37:33.0850 1416 \Device\Harddisk0\DR0:
23:37:33.0850 1416 MBR partitions:
23:37:33.0850 1416 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x11A16CDB
23:37:33.0850 1416 ============================================================
23:37:33.0913 1416 C: <-> \Device\Harddisk0\DR0\Partition1
23:37:33.0928 1416 ============================================================
23:37:33.0928 1416 Initialize success
23:37:33.0928 1416 ============================================================
23:37:38.0178 0300 ============================================================
23:37:38.0178 0300 Scan started
23:37:38.0178 0300 Mode: Manual;
23:37:38.0178 0300 ============================================================
23:37:41.0631 0300 ================ Scan system memory ========================
23:37:41.0631 0300 System memory - ok
23:37:41.0631 0300 ================ Scan services =============================
23:37:42.0147 0300 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys
23:37:42.0147 0300 ACPI - ok
23:37:42.0288 0300 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:37:42.0288 0300 AdobeFlashPlayerUpdateSvc - ok
23:37:42.0381 0300 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:37:42.0413 0300 adp94xx - ok
23:37:42.0459 0300 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:37:42.0459 0300 adpahci - ok
23:37:42.0506 0300 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
23:37:42.0506 0300 adpu160m - ok
23:37:42.0538 0300 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:37:42.0538 0300 adpu320 - ok
23:37:42.0600 0300 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:37:42.0600 0300 AeLookupSvc - ok
23:37:42.0631 0300 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
23:37:42.0631 0300 AFD - ok
23:37:42.0678 0300 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:37:42.0694 0300 agp440 - ok
23:37:42.0756 0300 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
23:37:42.0756 0300 aic78xx - ok
23:37:42.0788 0300 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
23:37:42.0788 0300 ALG - ok
23:37:42.0819 0300 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
23:37:42.0819 0300 aliide - ok
23:37:42.0850 0300 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:37:42.0850 0300 amdagp - ok
23:37:42.0866 0300 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
23:37:42.0866 0300 amdide - ok
23:37:42.0913 0300 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
23:37:42.0913 0300 AmdK7 - ok
23:37:42.0944 0300 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:37:42.0944 0300 AmdK8 - ok
23:37:43.0178 0300 [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:37:43.0178 0300 AntiVirSchedulerService - ok
23:37:43.0241 0300 [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:37:43.0241 0300 AntiVirService - ok
23:37:43.0303 0300 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
23:37:43.0303 0300 Appinfo - ok
23:37:43.0397 0300 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:37:43.0397 0300 Apple Mobile Device - ok
23:37:43.0459 0300 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
23:37:43.0459 0300 arc - ok
23:37:43.0491 0300 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:37:43.0491 0300 arcsas - ok
23:37:43.0584 0300 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
23:37:43.0584 0300 ASLDRService - ok
23:37:43.0631 0300 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:37:43.0631 0300 AsyncMac - ok
23:37:43.0678 0300 [ B35CFCEF838382AB6490B321C87EDF17 ] atapi C:\Windows\system32\drivers\atapi.sys
23:37:43.0678 0300 atapi - ok
23:37:43.0928 0300 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
23:37:44.0350 0300 athr - ok
23:37:44.0522 0300 [ 3481D12334F065BBA19C16399C9CB171 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
23:37:44.0678 0300 Ati External Event Utility - ok
23:37:44.0819 0300 [ A356E45E8432432C06981EA63A1E0FE8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
23:37:44.0819 0300 AtiPcie - ok
23:37:44.0928 0300 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:37:44.0959 0300 AudioEndpointBuilder - ok
23:37:44.0975 0300 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:37:44.0991 0300 Audiosrv - ok
23:37:45.0131 0300 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:37:45.0131 0300 avgntflt - ok
23:37:45.0288 0300 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:37:45.0288 0300 avipbb - ok
23:37:45.0350 0300 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:37:45.0350 0300 avkmgr - ok
23:37:45.0428 0300 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
23:37:45.0444 0300 Beep - ok
23:37:45.0506 0300 [ 98EBDFFB824A7C265337D68DD480E45C ] BFE C:\Windows\System32\bfe.dll
23:37:45.0506 0300 BFE - ok
23:37:45.0584 0300 [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS C:\Windows\System32\qmgr.dll
23:37:45.0616 0300 BITS - ok
23:37:45.0631 0300 blbdrive - ok
23:37:45.0725 0300 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:37:45.0741 0300 Bonjour Service - ok
23:37:45.0772 0300 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:37:45.0772 0300 bowser - ok
23:37:45.0819 0300 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
23:37:45.0834 0300 BrFiltLo - ok
23:37:45.0850 0300 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
23:37:45.0850 0300 BrFiltUp - ok
23:37:45.0913 0300 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
23:37:45.0913 0300 Browser - ok
23:37:45.0944 0300 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
23:37:45.0944 0300 Brserid - ok
23:37:45.0975 0300 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
23:37:45.0975 0300 BrSerWdm - ok
23:37:46.0006 0300 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
23:37:46.0006 0300 BrUsbMdm - ok
23:37:46.0038 0300 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
23:37:46.0038 0300 BrUsbSer - ok
23:37:46.0069 0300 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:37:46.0084 0300 BTHMODEM - ok
23:37:46.0209 0300 [ 7621340D31FB049A1257A9840C537C47 ] Cam5603D C:\Windows\system32\Drivers\BisonCam.sys
23:37:46.0241 0300 Cam5603D - ok
23:37:46.0303 0300 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:37:46.0303 0300 ccEvtMgr - ok
23:37:46.0319 0300 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:37:46.0319 0300 ccSetMgr - ok
23:37:46.0366 0300 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:37:46.0366 0300 cdfs - ok
23:37:46.0428 0300 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:37:46.0428 0300 cdrom - ok
23:37:46.0522 0300 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
23:37:46.0522 0300 CertPropSvc - ok
23:37:46.0553 0300 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
23:37:46.0569 0300 circlass - ok
23:37:46.0600 0300 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys
23:37:46.0600 0300 CLFS - ok
23:37:46.0694 0300 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:37:46.0709 0300 clr_optimization_v2.0.50727_32 - ok
23:37:46.0741 0300 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] CLTNetCnService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:37:46.0741 0300 CLTNetCnService - ok
23:37:46.0788 0300 [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:37:46.0803 0300 CmBatt - ok
23:37:46.0834 0300 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:37:46.0834 0300 cmdide - ok
23:37:46.0897 0300 [ 7CE352882828C12DD7632B172253A02C ] comHost C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
23:37:46.0897 0300 comHost - ok
23:37:46.0928 0300 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:37:46.0928 0300 Compbatt - ok
23:37:46.0944 0300 COMSysApp - ok
23:37:46.0975 0300 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:37:46.0975 0300 crcdisk - ok
23:37:47.0022 0300 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
23:37:47.0038 0300 Crusoe - ok
23:37:47.0100 0300 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:37:47.0100 0300 CryptSvc - ok
23:37:47.0256 0300 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll
23:37:47.0272 0300 DcomLaunch - ok
23:37:47.0303 0300 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:37:47.0319 0300 DfsC - ok
23:37:47.0444 0300 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
23:37:47.0506 0300 DFSR - ok
23:37:47.0616 0300 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
23:37:47.0631 0300 Dhcp - ok
23:37:47.0709 0300 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
23:37:47.0709 0300 disk - ok
23:37:47.0756 0300 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:37:47.0756 0300 Dnscache - ok
23:37:47.0819 0300 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
23:37:47.0819 0300 dot3svc - ok
23:37:47.0881 0300 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll
23:37:47.0881 0300 DPS - ok
23:37:47.0913 0300 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:37:47.0913 0300 drmkaud - ok
23:37:47.0944 0300 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:37:47.0959 0300 DXGKrnl - ok
23:37:48.0038 0300 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
23:37:48.0038 0300 E1G60 - ok
23:37:48.0084 0300 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
23:37:48.0084 0300 EapHost - ok
23:37:48.0131 0300 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
23:37:48.0131 0300 Ecache - ok
23:37:48.0209 0300 [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:37:48.0209 0300 ehRecvr - ok
23:37:48.0256 0300 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
23:37:48.0256 0300 ehSched - ok
23:37:48.0319 0300 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
23:37:48.0319 0300 ehstart - ok
23:37:48.0366 0300 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:37:48.0366 0300 elxstor - ok
23:37:48.0444 0300 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
23:37:48.0459 0300 EMDMgmt - ok
23:37:48.0506 0300 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll
23:37:48.0522 0300 EventSystem - ok
23:37:48.0553 0300 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:37:48.0569 0300 fastfat - ok
23:37:48.0600 0300 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:37:48.0616 0300 fdc - ok
23:37:48.0631 0300 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
23:37:48.0647 0300 fdPHost - ok
23:37:48.0663 0300 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
23:37:48.0663 0300 FDResPub - ok
23:37:48.0678 0300 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:37:48.0678 0300 FileInfo - ok
23:37:48.0709 0300 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:37:48.0709 0300 Filetrace - ok
23:37:48.0741 0300 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:37:48.0741 0300 flpydisk - ok
23:37:48.0756 0300 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:37:48.0756 0300 FltMgr - ok
23:37:48.0803 0300 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:37:48.0819 0300 FontCache3.0.0.0 - ok
23:37:48.0834 0300 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:37:48.0850 0300 Fs_Rec - ok
23:37:48.0866 0300 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:37:48.0866 0300 gagp30kx - ok
23:37:48.0928 0300 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
23:37:48.0944 0300 GEARAspiWDM - ok
23:37:48.0991 0300 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
23:37:49.0038 0300 gpsvc - ok
23:37:49.0147 0300 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:37:49.0163 0300 gupdate - ok
23:37:49.0209 0300 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:37:49.0225 0300 gupdatem - ok
23:37:49.0256 0300 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:37:49.0256 0300 HDAudBus - ok
23:37:49.0272 0300 Suspicious service (NoAccess): hhdttcw
23:37:49.0319 0300 [ 2AACA53B0486E329E516E30F5430E26A ] hhdttcw C:\Windows\system32\drivers\hhdttcw.sys
23:37:49.0334 0300 Suspicious file (NoAccess): C:\Windows\system32\drivers\hhdttcw.sys. md5: 2AACA53B0486E329E516E30F5430E26A
23:37:49.0678 0300 hhdttcw ( LockedService.Multi.Generic ) - warning
23:37:49.0678 0300 hhdttcw - detected LockedService.Multi.Generic (1)
23:37:49.0725 0300 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:37:49.0725 0300 HidBth - ok
23:37:49.0756 0300 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
23:37:49.0772 0300 HidIr - ok
23:37:49.0803 0300 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
23:37:49.0803 0300 hidserv - ok
23:37:49.0834 0300 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:37:49.0834 0300 HidUsb - ok
23:37:49.0881 0300 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
23:37:49.0881 0300 hkmsvc - ok
23:37:49.0897 0300 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
23:37:49.0913 0300 HpCISSs - ok
23:37:49.0959 0300 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\Windows\system32\DRIVERS\HPZid412.sys
23:37:49.0959 0300 HPZid412 - ok
23:37:49.0991 0300 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\Windows\system32\DRIVERS\HPZipr12.sys
23:37:49.0991 0300 HPZipr12 - ok
23:37:50.0038 0300 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\Windows\system32\DRIVERS\HPZius12.sys
23:37:50.0053 0300 HPZius12 - ok
23:37:50.0116 0300 [ EA24FE637D974A8A31BC650F478E3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:37:50.0116 0300 HTTP - ok
23:37:50.0163 0300 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
23:37:50.0163 0300 i2omp - ok
23:37:50.0241 0300 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:37:50.0272 0300 i8042prt - ok
23:37:50.0350 0300 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
23:37:50.0350 0300 iaStorV - ok
23:37:50.0413 0300 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
23:37:50.0413 0300 IDriverT - ok
23:37:50.0522 0300 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:37:50.0569 0300 idsvc - ok
23:37:50.0709 0300 [ 9E453B17D70FC2DD332510033A3C0499 ] IDSvix86 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071011.001\IDSvix86.sys
23:37:50.0725 0300 IDSvix86 - ok
23:37:50.0772 0300 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:37:50.0772 0300 iirsp - ok
23:37:50.0834 0300 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
23:37:50.0834 0300 IKEEXT - ok
23:37:50.0959 0300 [ 04BEF1C4AA990E0D5851C7532FC8642C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:37:51.0022 0300 IntcAzAudAddService - ok
23:37:51.0053 0300 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
23:37:51.0053 0300 intelide - ok
23:37:51.0100 0300 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:37:51.0100 0300 intelppm - ok
23:37:51.0131 0300 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:37:51.0131 0300 IPBusEnum - ok
23:37:51.0163 0300 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:37:51.0163 0300 IpFilterDriver - ok
23:37:51.0209 0300 [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:37:51.0209 0300 iphlpsvc - ok
23:37:51.0225 0300 IpInIp - ok
23:37:51.0256 0300 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
23:37:51.0256 0300 IPMIDRV - ok
23:37:51.0272 0300 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
23:37:51.0288 0300 IPNAT - ok
23:37:51.0366 0300 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:37:51.0413 0300 iPod Service - ok
23:37:51.0428 0300 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:37:51.0428 0300 IRENUM - ok
23:37:51.0475 0300 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:37:51.0475 0300 isapnp - ok
23:37:51.0522 0300 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:37:51.0522 0300 iScsiPrt - ok
23:37:51.0584 0300 [ 36474FDE02F8422B8B1A52EAD9894DBC ] ISPwdSvc C:\Program Files\Norton Internet Security\isPwdSvc.exe
23:37:51.0600 0300 ISPwdSvc - ok
23:37:51.0616 0300 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
23:37:51.0631 0300 iteatapi - ok
23:37:51.0647 0300 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
23:37:51.0647 0300 iteraid - ok
23:37:51.0694 0300 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:37:51.0694 0300 kbdclass - ok
23:37:51.0725 0300 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:37:51.0725 0300 kbdhid - ok
23:37:51.0772 0300 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe
23:37:51.0772 0300 KeyIso - ok
23:37:51.0834 0300 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:37:51.0834 0300 KSecDD - ok
23:37:51.0897 0300 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
23:37:51.0897 0300 KtmRm - ok
23:37:51.0944 0300 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll
23:37:51.0944 0300 LanmanServer - ok
23:37:52.0038 0300 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:37:52.0038 0300 LanmanWorkstation - ok
23:37:52.0116 0300 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] LiveUpdate Notice Ex C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:37:52.0116 0300 LiveUpdate Notice Ex - ok
23:37:52.0225 0300 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
23:37:52.0241 0300 LiveUpdate Notice Service - ok
23:37:52.0319 0300 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:37:52.0334 0300 lltdio - ok
23:37:52.0366 0300 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:37:52.0397 0300 lltdsvc - ok
23:37:52.0413 0300 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:37:52.0428 0300 lmhosts - ok
23:37:52.0475 0300 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:37:52.0475 0300 LSI_FC - ok
23:37:52.0506 0300 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:37:52.0522 0300 LSI_SAS - ok
23:37:52.0538 0300 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:37:52.0538 0300 LSI_SCSI - ok
23:37:52.0584 0300 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
23:37:52.0584 0300 luafv - ok
23:37:52.0631 0300 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:37:52.0709 0300 Mcx2Svc - ok
23:37:52.0756 0300 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
23:37:52.0756 0300 megasas - ok
23:37:52.0803 0300 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
23:37:52.0803 0300 MMCSS - ok
23:37:52.0834 0300 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
23:37:52.0834 0300 Modem - ok
23:37:52.0913 0300 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:37:52.0913 0300 monitor - ok
23:37:52.0928 0300 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:37:52.0944 0300 mouclass - ok
23:37:52.0991 0300 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:37:52.0991 0300 mouhid - ok
23:37:53.0038 0300 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
23:37:53.0038 0300 MountMgr - ok
23:37:53.0084 0300 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
23:37:53.0084 0300 mpio - ok
23:37:53.0131 0300 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:37:53.0131 0300 mpsdrv - ok
23:37:53.0178 0300 [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc C:\Windows\system32\mpssvc.dll
23:37:53.0194 0300 MpsSvc - ok
23:37:53.0225 0300 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
23:37:53.0225 0300 Mraid35x - ok
23:37:53.0288 0300 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:37:53.0288 0300 MRxDAV - ok
23:37:53.0350 0300 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:37:53.0350 0300 mrxsmb - ok
23:37:53.0413 0300 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:37:53.0428 0300 mrxsmb10 - ok
23:37:53.0444 0300 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:37:53.0459 0300 mrxsmb20 - ok
23:37:53.0491 0300 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
23:37:53.0491 0300 msahci - ok
23:37:53.0522 0300 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:37:53.0522 0300 msdsm - ok
23:37:53.0553 0300 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
23:37:53.0569 0300 MSDTC - ok
23:37:53.0600 0300 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:37:53.0616 0300 Msfs - ok
23:37:53.0663 0300 [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:37:53.0663 0300 msisadrv - ok
23:37:53.0709 0300 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:37:53.0725 0300 MSiSCSI - ok
23:37:53.0725 0300 msiserver - ok
23:37:53.0756 0300 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:37:53.0772 0300 MSKSSRV - ok
23:37:53.0803 0300 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:37:53.0803 0300 MSPCLOCK - ok
23:37:53.0866 0300 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:37:53.0866 0300 MSPQM - ok
23:37:53.0897 0300 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:37:53.0913 0300 MsRPC - ok
23:37:53.0944 0300 [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:37:53.0944 0300 mssmbios - ok
23:37:53.0975 0300 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:37:53.0975 0300 MSTEE - ok
23:37:54.0022 0300 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
23:37:54.0038 0300 MTsensor - ok
23:37:54.0069 0300 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
23:37:54.0069 0300 Mup - ok
23:37:54.0116 0300 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
23:37:54.0131 0300 napagent - ok
23:37:54.0178 0300 [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:37:54.0194 0300 NativeWifiP - ok
23:37:54.0303 0300 NAVENG - ok
23:37:54.0334 0300 NAVEX15 - ok
23:37:54.0381 0300 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:37:54.0475 0300 NDIS - ok
23:37:54.0522 0300 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:37:54.0553 0300 NdisTapi - ok
23:37:54.0616 0300 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:37:54.0616 0300 Ndisuio - ok
23:37:54.0647 0300 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:37:54.0647 0300 NdisWan - ok
23:37:54.0694 0300 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:37:54.0709 0300 NDProxy - ok
23:37:54.0725 0300 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:37:54.0741 0300 NetBIOS - ok
23:37:54.0772 0300 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
23:37:54.0772 0300 netbt - ok
23:37:54.0819 0300 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe
23:37:54.0819 0300 Netlogon - ok
23:37:54.0881 0300 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
23:37:54.0881 0300 Netman - ok
23:37:54.0928 0300 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
23:37:54.0928 0300 netprofm - ok
23:37:54.0991 0300 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:37:55.0006 0300 NetTcpPortSharing - ok
23:37:55.0084 0300 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:37:55.0084 0300 nfrd960 - ok
23:37:55.0131 0300 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
23:37:55.0131 0300 NlaSvc - ok
23:37:55.0147 0300 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:37:55.0147 0300 Npfs - ok
23:37:55.0178 0300 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
23:37:55.0194 0300 nsi - ok
23:37:55.0194 0300 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:37:55.0194 0300 nsiproxy - ok
23:37:55.0616 0300 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:37:55.0772 0300 Ntfs - ok
23:37:55.0850 0300 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
23:37:55.0866 0300 ntrigdigi - ok
23:37:55.0913 0300 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
23:37:55.0913 0300 Null - ok
23:37:55.0959 0300 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:37:55.0975 0300 nvraid - ok
23:37:56.0006 0300 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:37:56.0006 0300 nvstor - ok
23:37:56.0038 0300 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:37:56.0038 0300 nv_agp - ok
23:37:56.0053 0300 NwlnkFlt - ok
23:37:56.0069 0300 NwlnkFwd - ok
23:37:56.0116 0300 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:37:56.0131 0300 ohci1394 - ok
23:37:56.0209 0300 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
23:37:56.0241 0300 p2pimsvc - ok
23:37:56.0288 0300 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
23:37:56.0303 0300 p2psvc - ok
23:37:56.0334 0300 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
23:37:56.0334 0300 Parport - ok
23:37:56.0366 0300 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:37:56.0381 0300 partmgr - ok
23:37:56.0397 0300 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
23:37:56.0397 0300 Parvdm - ok
23:37:56.0413 0300 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:37:56.0413 0300 PcaSvc - ok
23:37:56.0428 0300 [ 1085D75657807E0E8B32F9E19A1647C3 ] pci C:\Windows\system32\drivers\pci.sys
23:37:56.0428 0300 pci - ok
23:37:56.0475 0300 [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide C:\Windows\system32\drivers\pciide.sys
23:37:56.0475 0300 pciide - ok
23:37:56.0506 0300 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:37:56.0506 0300 pcmcia - ok
23:37:56.0569 0300 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:37:56.0600 0300 PEAUTH - ok
23:37:56.0741 0300 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
23:37:56.0819 0300 pla - ok
23:37:56.0866 0300 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:37:56.0866 0300 PlugPlay - ok
23:37:56.0913 0300 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
23:37:56.0944 0300 PNRPAutoReg - ok
23:37:56.0991 0300 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
23:37:56.0991 0300 PNRPsvc - ok
23:37:57.0038 0300 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:37:57.0069 0300 PolicyAgent - ok
23:37:57.0131 0300 [ C04DEC5ACE67C5247B150C4223970BB7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:37:57.0131 0300 PptpMiniport - ok
23:37:57.0163 0300 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
23:37:57.0163 0300 Processor - ok
23:37:57.0209 0300 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
23:37:57.0209 0300 ProfSvc - ok
23:37:57.0256 0300 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:37:57.0256 0300 ProtectedStorage - ok
23:37:57.0303 0300 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
23:37:57.0303 0300 PSched - ok
23:37:57.0350 0300 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
23:37:57.0350 0300 PxHelp20 - ok
23:37:57.0428 0300 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:37:57.0506 0300 ql2300 - ok
23:37:57.0569 0300 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:37:57.0584 0300 ql40xx - ok
23:37:57.0631 0300 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
23:37:57.0647 0300 QWAVE - ok
23:37:57.0663 0300 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:37:57.0663 0300 QWAVEdrv - ok
23:37:57.0788 0300 [ 252826C4BC88B01E945C2D3C6603F3B0 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
23:37:57.0881 0300 R300 - ok
23:37:57.0913 0300 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:37:57.0913 0300 RasAcd - ok
23:37:57.0975 0300 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
23:37:57.0991 0300 RasAuto - ok
23:37:58.0038 0300 [ 68B0019FEE429EC49D29017AF937E482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:37:58.0038 0300 Rasl2tp - ok
23:37:58.0069 0300 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
23:37:58.0084 0300 RasMan - ok
23:37:58.0116 0300 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:37:58.0116 0300 RasPppoe - ok
23:37:58.0147 0300 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:37:58.0147 0300 rdbss - ok
23:37:58.0163 0300 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:37:58.0178 0300 RDPCDD - ok
23:37:58.0225 0300 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
23:37:58.0241 0300 rdpdr - ok
23:37:58.0256 0300 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:37:58.0272 0300 RDPENCDD - ok
23:37:58.0303 0300 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:37:58.0319 0300 RDPWD - ok
23:37:58.0366 0300 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
23:37:58.0381 0300 RemoteAccess - ok
23:37:58.0413 0300 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:37:58.0413 0300 RemoteRegistry - ok
23:37:58.0522 0300 [ 9638E5820858593A12005C753B03CEAE ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
23:37:58.0553 0300 RoxMediaDB9 - ok
23:37:58.0569 0300 [ 910FBA95EE4F56449AA81315884C8EFD ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
23:37:58.0584 0300 RoxWatch9 - ok
23:37:58.0616 0300 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
23:37:58.0616 0300 RpcLocator - ok
23:37:58.0647 0300 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll
23:37:58.0663 0300 RpcSs - ok
23:37:58.0709 0300 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:37:58.0709 0300 rspndr - ok
23:37:58.0788 0300 [ FDDE6B3598660D3C51CB45EB3A95FE67 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:37:58.0788 0300 RTL8023xp - ok
23:37:58.0819 0300 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe
23:37:58.0819 0300 SamSs - ok
23:37:58.0850 0300 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:37:58.0850 0300 sbp2port - ok
23:37:58.0897 0300 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:37:58.0913 0300 SCardSvr - ok
23:37:58.0975 0300 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll
23:37:58.0991 0300 Schedule - ok
23:37:59.0022 0300 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:37:59.0022 0300 SCPolicySvc - ok
23:37:59.0038 0300 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:37:59.0038 0300 SDRSVC - ok
23:37:59.0069 0300 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
23:37:59.0069 0300 seclogon - ok
23:37:59.0131 0300 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll
23:37:59.0147 0300 SENS - ok
23:37:59.0194 0300 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
23:37:59.0194 0300 Serenum - ok
23:37:59.0225 0300 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
23:37:59.0241 0300 Serial - ok
23:37:59.0303 0300 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:37:59.0303 0300 sermouse - ok
23:37:59.0366 0300 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
23:37:59.0366 0300 SessionEnv - ok
23:37:59.0397 0300 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:37:59.0397 0300 sffdisk - ok
23:37:59.0428 0300 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:37:59.0428 0300 sffp_mmc - ok
23:37:59.0459 0300 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:37:59.0459 0300 sffp_sd - ok
23:37:59.0475 0300 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:37:59.0475 0300 sfloppy - ok
23:37:59.0538 0300 [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:37:59.0538 0300 SharedAccess - ok
23:37:59.0584 0300 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:37:59.0584 0300 ShellHWDetection - ok
23:37:59.0616 0300 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:37:59.0616 0300 sisagp - ok
23:37:59.0647 0300 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
23:37:59.0647 0300 SiSRaid2 - ok
23:37:59.0678 0300 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:37:59.0678 0300 SiSRaid4 - ok
23:37:59.0772 0300 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:37:59.0772 0300 SkypeUpdate - ok
23:37:59.0913 0300 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe
23:37:59.0991 0300 slsvc - ok
23:38:00.0069 0300 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
23:38:00.0069 0300 SLUINotify - ok
23:38:00.0100 0300 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:38:00.0100 0300 Smb - ok
23:38:00.0163 0300 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:38:00.0163 0300 SNMPTRAP - ok
23:38:00.0241 0300 [ 905782BCF15B6E5AF9905B77923C7FA2 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:38:02.0663 0300 SPBBCDrv - ok
23:38:02.0725 0300 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
23:38:02.0756 0300 spldr - ok
23:38:02.0803 0300 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
23:38:02.0803 0300 Spooler - ok
23:38:02.0866 0300 [ A199171385BE17973FD800FA91F8F78A ] sptd C:\Windows\system32\Drivers\sptd.sys
23:38:02.0866 0300 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A199171385BE17973FD800FA91F8F78A
23:38:02.0866 0300 sptd ( LockedFile.Multi.Generic ) - warning
23:38:02.0866 0300 sptd - detected LockedFile.Multi.Generic (1)
23:38:02.0928 0300 [ 655773F2F1A3730C6CF20280A49F4EE1 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
23:38:02.0928 0300 SRTSP - ok
23:38:02.0991 0300 [ 2A0AAF370D4C6574A34AE2F4A0709CAE ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
23:38:02.0991 0300 SRTSPL - ok
23:38:03.0022 0300 [ 3104BDCEACE2D5710776DD05E6A286C1 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
23:38:03.0022 0300 SRTSPX - ok
23:38:03.0084 0300 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys
23:38:03.0084 0300 srv - ok
23:38:03.0131 0300 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:38:03.0147 0300 srv2 - ok
23:38:03.0178 0300 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:38:03.0178 0300 srvnet - ok
23:38:03.0225 0300 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
23:38:03.0225 0300 sscdbus - ok
23:38:03.0288 0300 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:38:03.0288 0300 sscdmdfl - ok
23:38:03.0334 0300 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
23:38:03.0334 0300 sscdmdm - ok
23:38:03.0413 0300 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:38:03.0413 0300 SSDPSRV - ok
23:38:03.0459 0300 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:38:03.0475 0300 ssmdrv - ok
23:38:03.0584 0300 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
23:38:03.0600 0300 StarWindServiceAE - ok
23:38:03.0678 0300 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
23:38:03.0678 0300 stisvc - ok
23:38:03.0725 0300 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
23:38:03.0741 0300 stllssvr - ok
23:38:03.0803 0300 [ 1379BDB336F8158C176A465E30759F57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:38:03.0803 0300 swenum - ok
23:38:03.0866 0300 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
23:38:03.0866 0300 swprv - ok
23:38:03.0959 0300 [ FA2F6A8849219B16460BF44F9D1F3AA7 ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
23:38:04.0053 0300 Symantec Core LC - ok
23:38:04.0116 0300 [ 2FE779B1A07747FED8074C433C3C4604 ] SymAppCore C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
23:38:04.0116 0300 SymAppCore - ok
23:38:04.0178 0300 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
23:38:04.0194 0300 Symc8xx - ok
23:38:04.0225 0300 [ 3ADCC83BC09AFD901640FB5F7B2DE805 ] SYMDNS C:\Windows\System32\Drivers\SYMDNS.SYS
23:38:04.0241 0300 SYMDNS - ok
23:38:04.0288 0300 [ C5EAFB6A8C73FB26B73EE613C1A5AEF6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
23:38:04.0303 0300 SymEvent - ok
23:38:04.0350 0300 [ F8B9C44E32AE1BF1362A037B89C671D3 ] SYMFW C:\Windows\System32\Drivers\SYMFW.SYS
23:38:04.0366 0300 SYMFW - ok
23:38:04.0397 0300 [ 56E465EC84FFC6EA28FED08B16E71D10 ] SYMIDS C:\Windows\System32\Drivers\SYMIDS.SYS
23:38:04.0397 0300 SYMIDS - ok
23:38:04.0413 0300 [ 4366098DBDFBA752CF76F0C4183BFFA9 ] SYMNDISV C:\Windows\System32\Drivers\SYMNDISV.SYS
23:38:04.0413 0300 SYMNDISV - ok
23:38:04.0475 0300 [ 5E5723B168CC224A4E166BDA42B088A6 ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
23:38:04.0475 0300 SYMREDRV - ok
23:38:04.0538 0300 [ DC8744A9D3D80462E62427DEDCE0F0AA ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
23:38:04.0538 0300 SYMTDI - ok
23:38:04.0584 0300 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
23:38:04.0584 0300 Sym_hi - ok
23:38:04.0631 0300 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
23:38:04.0631 0300 Sym_u3 - ok
23:38:04.0678 0300 [ 24B43E9A3E6CACF9AFC69F48E9DEB690 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:38:04.0678 0300 SynTP - ok
23:38:04.0741 0300 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll
23:38:04.0756 0300 SysMain - ok
23:38:04.0819 0300 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:38:04.0834 0300 TabletInputService - ok
23:38:04.0897 0300 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:38:04.0897 0300 TapiSrv - ok
23:38:04.0928 0300 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
23:38:04.0944 0300 TBS - ok
23:38:05.0022 0300 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:38:05.0053 0300 Tcpip - ok
23:38:05.0100 0300 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
23:38:05.0116 0300 Tcpip6 - ok
23:38:05.0178 0300 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:38:05.0178 0300 tcpipreg - ok
23:38:05.0209 0300 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:38:05.0225 0300 TDPIPE - ok
23:38:05.0256 0300 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:38:05.0256 0300 TDTCP - ok
23:38:05.0303 0300 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:38:05.0303 0300 tdx - ok
23:38:05.0350 0300 [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:38:05.0350 0300 TermDD - ok
23:38:05.0397 0300 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
23:38:05.0413 0300 TermService - ok
23:38:05.0444 0300 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
23:38:05.0459 0300 Themes - ok
23:38:05.0475 0300 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
23:38:05.0491 0300 THREADORDER - ok
23:38:05.0522 0300 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
23:38:05.0522 0300 TrkWks - ok
23:38:05.0584 0300 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:38:05.0584 0300 TrustedInstaller - ok
23:38:05.0616 0300 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:38:05.0616 0300 tssecsrv - ok
23:38:05.0678 0300 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
23:38:05.0678 0300 tunmp - ok
23:38:05.0694 0300 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:38:05.0694 0300 tunnel - ok
23:38:05.0741 0300 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:38:05.0741 0300 uagp35 - ok
23:38:05.0788 0300 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:38:05.0803 0300 udfs - ok
23:38:05.0850 0300 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:38:05.0866 0300 UI0Detect - ok
23:38:05.0881 0300 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:38:05.0881 0300 uliagpkx - ok
23:38:05.0913 0300 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
23:38:05.0928 0300 uliahci - ok
23:38:05.0959 0300 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
23:38:05.0959 0300 UlSata - ok
23:38:05.0991 0300 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
23:38:05.0991 0300 ulsata2 - ok
23:38:06.0038 0300 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:38:06.0038 0300 umbus - ok
23:38:06.0069 0300 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
23:38:06.0084 0300 upnphost - ok
23:38:06.0147 0300 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:38:06.0147 0300 USBAAPL - ok
23:38:06.0178 0300 [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:38:06.0194 0300 usbccgp - ok
23:38:06.0225 0300 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:38:06.0225 0300 usbcir - ok
23:38:06.0272 0300 [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:38:06.0272 0300 usbehci - ok
23:38:06.0319 0300 [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:38:06.0319 0300 usbhub - ok
23:38:06.0366 0300 [ 9333E482A173938788CBDE8F81EC52FB ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:38:06.0366 0300 usbohci - ok
23:38:06.0381 0300 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:38:06.0381 0300 usbprint - ok
23:38:06.0428 0300 [ B1F95285C08DDFE00C0B955462637EC7 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:38:06.0428 0300 usbscan - ok
23:38:06.0491 0300 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:38:06.0491 0300 USBSTOR - ok
23:38:06.0522 0300 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:38:06.0522 0300 usbuhci - ok
23:38:06.0584 0300 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
23:38:06.0584 0300 UxSms - ok
23:38:06.0616 0300 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
23:38:06.0631 0300 vds - ok
23:38:06.0694 0300 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:38:06.0694 0300 vga - ok
23:38:06.0741 0300 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
23:38:06.0741 0300 VgaSave - ok
23:38:06.0772 0300 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:38:06.0788 0300 viaagp - ok
23:38:06.0834 0300 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
23:38:06.0834 0300 ViaC7 - ok
23:38:06.0866 0300 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
23:38:06.0881 0300 viaide - ok
23:38:06.0897 0300 [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:38:06.0913 0300 volmgr - ok
23:38:06.0944 0300 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:38:06.0959 0300 volmgrx - ok
23:38:06.0975 0300 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:38:06.0991 0300 volsnap - ok
23:38:07.0038 0300 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:38:07.0038 0300 vsmraid - ok
23:38:07.0116 0300 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
23:38:07.0163 0300 VSS - ok
23:38:07.0209 0300 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
23:38:07.0225 0300 W32Time - ok
23:38:07.0272 0300 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:38:07.0272 0300 WacomPen - ok
23:38:07.0319 0300 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
23:38:07.0319 0300 Wanarp - ok
23:38:07.0319 0300 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:38:07.0334 0300 Wanarpv6 - ok
23:38:07.0413 0300 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\Windows\system32\DRIVERS\wanatw4.sys
23:38:07.0413 0300 wanatw - ok
23:38:07.0459 0300 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:38:07.0475 0300 wcncsvc - ok
23:38:07.0506 0300 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:38:07.0506 0300 WcsPlugInService - ok
23:38:07.0553 0300 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
23:38:07.0553 0300 Wd - ok
23:38:07.0616 0300 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:38:07.0616 0300 Wdf01000 - ok
23:38:07.0663 0300 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:38:07.0663 0300 WdiServiceHost - ok
23:38:07.0678 0300 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:38:07.0678 0300 WdiSystemHost - ok
23:38:07.0741 0300 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll
23:38:07.0741 0300 WebClient - ok
23:38:07.0756 0300 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
23:38:07.0772 0300 Wecsvc - ok
23:38:07.0819 0300 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:38:07.0819 0300 wercplsupport - ok
23:38:07.0850 0300 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
23:38:07.0850 0300 WerSvc - ok
23:38:07.0913 0300 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:38:07.0928 0300 WinDefend - ok
23:38:07.0944 0300 WinHttpAutoProxySvc - ok
23:38:08.0022 0300 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:38:08.0022 0300 Winmgmt - ok
23:38:08.0084 0300 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
23:38:08.0100 0300 WinRM - ok
23:38:08.0178 0300 [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:38:08.0194 0300 Wlansvc - ok
23:38:08.0225 0300 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:38:08.0241 0300 WmiAcpi - ok
23:38:08.0272 0300 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:38:08.0272 0300 wmiApSrv - ok
23:38:08.0381 0300 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:38:08.0413 0300 WMPNetworkSvc - ok
23:38:08.0444 0300 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:38:08.0459 0300 WPCSvc - ok
23:38:08.0491 0300 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:38:08.0491 0300 WPDBusEnum - ok
23:38:08.0553 0300 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
23:38:08.0553 0300 WpdUsb - ok
23:38:08.0600 0300 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:38:08.0600 0300 ws2ifsl - ok
23:38:08.0631 0300 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\System32\wscsvc.dll
23:38:08.0631 0300 wscsvc - ok
23:38:08.0647 0300 WSearch - ok
23:38:08.0819 0300 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
23:38:08.0881 0300 wuauserv - ok
23:38:08.0944 0300 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:38:08.0944 0300 WUDFRd - ok
23:38:08.0991 0300 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:38:08.0991 0300 wudfsvc - ok
23:38:09.0038 0300 xxngedwu - ok
23:38:09.0053 0300 ================ Scan global ===============================
23:38:09.0084 0300 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
23:38:09.0147 0300 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
23:38:09.0209 0300 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
23:38:09.0241 0300 [ 329CF3C97CE4C19375C8ABCABAE258B0 ] C:\Windows\system32\services.exe
23:38:09.0256 0300 [Gl
0
Réponse 8 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
16 nov. 2012 à 11:45
Va sur ce site https://www.virustotal.com/gui/
- Clique sur "Choose File"
- Dans nom du fichier colle ce fichier : C:\Windows\system32\drivers\hhdttcw.sys
- Clique sur "Ouvrir" puis sur "Scan It"
- Le Fichier est mis en file d'attente.
- Clique sur Reanalyse si c'est proposé
- Attends la fin du scan ey poste le lien vers le rapport
Le lien se trouve en haut dans la barre d'adresse du navigateur Internet


Smart
0
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012
16 nov. 2012 à 17:42
J'ai essayé, mais quand j'inscris le nom du fichier, un message d'erreur me dit qu'un périphérique réseau ne fonctionne pas correctement... Du coup je ne peux pas l'ouvrir et donc pas le scanner. Connais-tu une alternative ?
Ioan
0
Réponse 9 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
Modifié par Smart91 le 16/11/2012 à 18:07
OK.

Relance TDSSKiller
* Si "Suspicious object pour hhdttcw.sys " coche delete
* Pour les autres Suspicious laisse sur skip
* Ensuite, clique sur Continue puis sur Reboot Now si nécessaire.
* Un rapport s'ouvrira au redémarrage de l'ordinateur.
* Copie/colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0
Réponse 10 / 33
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012
16 nov. 2012 à 19:06
J'ai fait la manip, j'ai eu besoin de redémarrer. Au redémarrage je n'ai pas eu de rapport spontané, donc j'ai été le cherché à l'endroit où tu me l'a indiqué. Le voici :


18:50:05.0844 5104 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:50:06.0235 5104 ============================================================
18:50:06.0235 5104 Current date / time: 2012/11/16 18:50:06.0235
18:50:06.0235 5104 SystemInfo:
18:50:06.0235 5104
18:50:06.0235 5104 OS Version: 6.0.6000 ServicePack: 0.0
18:50:06.0235 5104 Product type: Workstation
18:50:06.0235 5104 ComputerName: PC-DE-ANTOINE
18:50:06.0235 5104 UserName: Antoine
18:50:06.0235 5104 Windows directory: C:\Windows
18:50:06.0235 5104 System windows directory: C:\Windows
18:50:06.0235 5104 Processor architecture: Intel x86
18:50:06.0235 5104 Number of processors: 2
18:50:06.0235 5104 Page size: 0x1000
18:50:06.0235 5104 Boot type: Normal boot
18:50:06.0235 5104 ============================================================
18:50:07.0813 5104 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:50:07.0844 5104 ============================================================
18:50:07.0844 5104 \Device\Harddisk0\DR0:
18:50:07.0844 5104 MBR partitions:
18:50:07.0844 5104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10029D5, BlocksNum 0x11A16CDB
18:50:07.0844 5104 ============================================================
18:50:07.0891 5104 C: <-> \Device\Harddisk0\DR0\Partition1
18:50:07.0891 5104 ============================================================
18:50:07.0891 5104 Initialize success
18:50:07.0891 5104 ============================================================
18:50:12.0407 5460 ============================================================
18:50:12.0407 5460 Scan started
18:50:12.0407 5460 Mode: Manual;
18:50:12.0407 5460 ============================================================
18:50:14.0860 5460 ================ Scan system memory ========================
18:50:14.0860 5460 System memory - ok
18:50:14.0860 5460 ================ Scan services =============================
18:50:15.0063 5460 [ 84FC6DF81212D16BE5C4F441682FECCC ] ACPI C:\Windows\system32\drivers\acpi.sys
18:50:15.0078 5460 ACPI - ok
18:50:15.0172 5460 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:50:15.0219 5460 AdobeFlashPlayerUpdateSvc - ok
18:50:15.0297 5460 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:50:15.0360 5460 adp94xx - ok
18:50:15.0407 5460 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:50:15.0485 5460 adpahci - ok
18:50:15.0500 5460 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:50:15.0532 5460 adpu160m - ok
18:50:15.0563 5460 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:50:15.0657 5460 adpu320 - ok
18:50:15.0750 5460 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:50:15.0750 5460 AeLookupSvc - ok
18:50:15.0813 5460 [ 5D24CAF8EFD924A875698FF28384DB8B ] AFD C:\Windows\system32\drivers\afd.sys
18:50:15.0875 5460 AFD - ok
18:50:15.0985 5460 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:50:16.0000 5460 agp440 - ok
18:50:16.0063 5460 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:50:16.0078 5460 aic78xx - ok
18:50:16.0110 5460 [ E69FB0E3112C40FDC0EF7D21A52DC951 ] ALG C:\Windows\System32\alg.exe
18:50:16.0125 5460 ALG - ok
18:50:16.0157 5460 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
18:50:16.0172 5460 aliide - ok
18:50:16.0219 5460 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:50:16.0250 5460 amdagp - ok
18:50:16.0282 5460 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
18:50:16.0297 5460 amdide - ok
18:50:16.0328 5460 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:50:16.0375 5460 AmdK7 - ok
18:50:16.0422 5460 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:50:16.0453 5460 AmdK8 - ok
18:50:16.0813 5460 [ 50AF3AD6EDE5CD341AAA2E795F6E4135 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:50:16.0875 5460 AntiVirSchedulerService - ok
18:50:16.0938 5460 [ 7AF2A53FC0CF1D8AF3C013DECFCB0099 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:50:16.0953 5460 AntiVirService - ok
18:50:17.0016 5460 [ CFA455816879F06F1C4E5BBF9E8AEF7D ] Appinfo C:\Windows\System32\appinfo.dll
18:50:17.0016 5460 Appinfo - ok
18:50:17.0110 5460 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:50:17.0141 5460 Apple Mobile Device - ok
18:50:17.0203 5460 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:50:17.0219 5460 arc - ok
18:50:17.0250 5460 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:50:17.0282 5460 arcsas - ok
18:50:17.0391 5460 [ 66597AD6098352D11239C0C42100B176 ] ASLDRService C:\Program Files\ATK Hotkey\ASLDRSrv.exe
18:50:17.0391 5460 ASLDRService - ok
18:50:17.0453 5460 [ E86CF7CE67D5DE898F27EF884DC357D8 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:50:17.0469 5460 AsyncMac - ok
18:50:17.0516 5460 [ B35CFCEF838382AB6490B321C87EDF17 ] atapi C:\Windows\system32\drivers\atapi.sys
18:50:17.0516 5460 atapi - ok
18:50:17.0641 5460 [ 2846F5EE802889D500FCF5CC48B28381 ] athr C:\Windows\system32\DRIVERS\athr.sys
18:50:17.0782 5460 athr - ok
18:50:17.0844 5460 [ 3481D12334F065BBA19C16399C9CB171 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
18:50:17.0860 5460 Ati External Event Utility - ok
18:50:17.0953 5460 [ A356E45E8432432C06981EA63A1E0FE8 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
18:50:17.0985 5460 AtiPcie - ok
18:50:18.0047 5460 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:50:18.0063 5460 AudioEndpointBuilder - ok
18:50:18.0078 5460 [ E760FC1BD68F7F6F1B17EB4E8D9480B0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:50:18.0094 5460 Audiosrv - ok
18:50:18.0172 5460 [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
18:50:18.0188 5460 avgntflt - ok
18:50:18.0235 5460 [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
18:50:18.0266 5460 avipbb - ok
18:50:18.0282 5460 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
18:50:18.0313 5460 avkmgr - ok
18:50:18.0391 5460 [ AC3DD1708B22761EBD7CBE14DCC3B5D7 ] Beep C:\Windows\system32\drivers\Beep.sys
18:50:18.0407 5460 Beep - ok
18:50:18.0469 5460 [ 98EBDFFB824A7C265337D68DD480E45C ] BFE C:\Windows\System32\bfe.dll
18:50:18.0469 5460 BFE - ok
18:50:18.0547 5460 [ DA551697E34D2B9943C8B1C8EAFFE89A ] BITS C:\Windows\System32\qmgr.dll
18:50:18.0610 5460 BITS - ok
18:50:18.0641 5460 blbdrive - ok
18:50:18.0750 5460 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:50:18.0766 5460 Bonjour Service - ok
18:50:18.0782 5460 [ 913CD06FBE9105CE6077E90FD4418561 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:50:18.0813 5460 bowser - ok
18:50:18.0875 5460 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:50:18.0907 5460 BrFiltLo - ok
18:50:18.0938 5460 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:50:19.0000 5460 BrFiltUp - ok
18:50:19.0047 5460 [ BEB6470532B7461D7BB426E3FACB424F ] Browser C:\Windows\System32\browser.dll
18:50:19.0047 5460 Browser - ok
18:50:19.0141 5460 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:50:19.0203 5460 Brserid - ok
18:50:19.0219 5460 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:50:19.0250 5460 BrSerWdm - ok
18:50:19.0282 5460 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:50:19.0344 5460 BrUsbMdm - ok
18:50:19.0391 5460 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:50:19.0438 5460 BrUsbSer - ok
18:50:19.0532 5460 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:50:19.0547 5460 BTHMODEM - ok
18:50:19.0735 5460 [ 7621340D31FB049A1257A9840C537C47 ] Cam5603D C:\Windows\system32\Drivers\BisonCam.sys
18:50:19.0828 5460 Cam5603D - ok
18:50:19.0907 5460 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:50:19.0922 5460 ccEvtMgr - ok
18:50:19.0953 5460 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:50:19.0953 5460 ccSetMgr - ok
18:50:20.0016 5460 [ 6C3A437FC873C6F6A4FC620B6888CB86 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:50:20.0032 5460 cdfs - ok
18:50:20.0078 5460 [ 8D1866E61AF096AE8B582454F5E4D303 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:50:20.0110 5460 cdrom - ok
18:50:20.0203 5460 [ 0600E04315FE543802A379D5D23C8BE0 ] CertPropSvc C:\Windows\System32\certprop.dll
18:50:20.0203 5460 CertPropSvc - ok
18:50:20.0266 5460 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:50:20.0297 5460 circlass - ok
18:50:20.0360 5460 [ 1B84FD0937D3B99AF9BA38DDFF3DAF54 ] CLFS C:\Windows\system32\CLFS.sys
18:50:20.0422 5460 CLFS - ok
18:50:20.0500 5460 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:50:20.0547 5460 clr_optimization_v2.0.50727_32 - ok
18:50:20.0594 5460 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] CLTNetCnService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:50:20.0594 5460 CLTNetCnService - ok
18:50:20.0688 5460 [ ED97AD3DF1B9005989EAF149BF06C821 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:50:20.0766 5460 CmBatt - ok
18:50:20.0828 5460 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:50:20.0875 5460 cmdide - ok
18:50:20.0938 5460 [ 7CE352882828C12DD7632B172253A02C ] comHost C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
18:50:20.0969 5460 comHost - ok
18:50:21.0032 5460 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:50:21.0047 5460 Compbatt - ok
18:50:21.0063 5460 COMSysApp - ok
18:50:21.0094 5460 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:50:21.0157 5460 crcdisk - ok
18:50:21.0188 5460 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:50:21.0219 5460 Crusoe - ok
18:50:21.0282 5460 [ 1C26FB097170A2A91066D1E3A24366E3 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:50:21.0297 5460 CryptSvc - ok
18:50:21.0375 5460 [ 7B981222A257D076885BFFB66F19B7CE ] DcomLaunch C:\Windows\system32\rpcss.dll
18:50:21.0438 5460 DcomLaunch - ok
18:50:21.0485 5460 [ A7179DE59AE269AB70345527894CCD7C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:50:21.0563 5460 DfsC - ok
18:50:22.0094 5460 [ E0D584AA76C7D845BA9F3A788260528F ] DFSR C:\Windows\system32\DFSR.exe
18:50:22.0469 5460 DFSR - ok
18:50:22.0547 5460 [ DC45739BC22D528D2B3E50D3F6761750 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:50:22.0563 5460 Dhcp - ok
18:50:22.0641 5460 [ 841AF4C4D41D3E3B2F244E976B0F7963 ] disk C:\Windows\system32\drivers\disk.sys
18:50:22.0735 5460 disk - ok
18:50:22.0828 5460 [ EECBA1DD142BF8693C476BE8F32FE253 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:50:22.0844 5460 Dnscache - ok
18:50:22.0969 5460 [ 1F795D214820E496BF1124434A6DB546 ] dot3svc C:\Windows\System32\dot3svc.dll
18:50:23.0063 5460 dot3svc - ok
18:50:23.0219 5460 [ 032C90AD677BF7B7A8013D6087C7A921 ] DPS C:\Windows\system32\dps.dll
18:50:23.0219 5460 DPS - ok
18:50:23.0282 5460 [ EE472CD2C01F6F8E8AA1FA06FFEF61B6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:50:23.0297 5460 drmkaud - ok
18:50:23.0375 5460 [ 334988883DE69ADB27E2CF9F9715BBDB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:50:23.0453 5460 DXGKrnl - ok
18:50:23.0563 5460 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:50:23.0657 5460 E1G60 - ok
18:50:23.0719 5460 [ 90A0A875642E18618010645311B4E89E ] EapHost C:\Windows\System32\eapsvc.dll
18:50:23.0750 5460 EapHost - ok
18:50:23.0797 5460 [ 0EFC7531B936EE57FDB4E837664C509F ] Ecache C:\Windows\system32\drivers\ecache.sys
18:50:23.0828 5460 Ecache - ok
18:50:24.0063 5460 [ B4580122B0A7B263B6EE9ACBA69C8013 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:50:24.0172 5460 ehRecvr - ok
18:50:24.0282 5460 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:50:24.0344 5460 ehSched - ok
18:50:24.0469 5460 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:50:24.0469 5460 ehstart - ok
18:50:24.0641 5460 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:50:24.0875 5460 elxstor - ok
18:50:24.0985 5460 [ 3226FDA08988526E819E364E8CCE4CEE ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:50:25.0000 5460 EMDMgmt - ok
18:50:25.0063 5460 [ 7B4971C3D43525175A4EA0D143E0412E ] EventSystem C:\Windows\system32\es.dll
18:50:25.0078 5460 EventSystem - ok
18:50:25.0125 5460 [ 84A317CB0B3954D3768CDCD018DBF670 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:50:25.0157 5460 fastfat - ok
18:50:25.0235 5460 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:50:25.0266 5460 fdc - ok
18:50:25.0313 5460 [ E43BCE1A77D6FD4ED5F8E0482B9E7DF1 ] fdPHost C:\Windows\system32\fdPHost.dll
18:50:25.0313 5460 fdPHost - ok
18:50:25.0328 5460 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:50:25.0344 5460 FDResPub - ok
18:50:25.0375 5460 [ 65773D6115C037FFD7EF8280AE85EB9D ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:50:25.0438 5460 FileInfo - ok
18:50:25.0469 5460 [ C226DD0DE060745F3E042F58DCF78402 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:50:25.0500 5460 Filetrace - ok
18:50:25.0547 5460 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:50:25.0563 5460 flpydisk - ok
18:50:25.0610 5460 [ A6A8DA7AE4D53394AB22AC3AB6D3F5D3 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:50:25.0641 5460 FltMgr - ok
18:50:25.0719 5460 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:50:25.0766 5460 FontCache3.0.0.0 - ok
18:50:25.0813 5460 [ 66A078591208BAA210C7634B11EB392C ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:50:25.0844 5460 Fs_Rec - ok
18:50:25.0891 5460 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:50:25.0938 5460 gagp30kx - ok
18:50:26.0032 5460 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
18:50:26.0078 5460 GEARAspiWDM - ok
18:50:26.0219 5460 [ BCF6589C42D8F6A20F33EF133FFE0524 ] gpsvc C:\Windows\System32\gpsvc.dll
18:50:26.0297 5460 gpsvc - ok
18:50:26.0453 5460 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:50:26.0453 5460 gupdate - ok
18:50:26.0485 5460 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:50:26.0500 5460 gupdatem - ok
18:50:26.0532 5460 [ 0DB613A7E427B5663563677796FD5258 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:50:26.0563 5460 HDAudBus - ok
18:50:26.0594 5460 Suspicious service (NoAccess): hhdttcw
18:50:26.0735 5460 [ 2AACA53B0486E329E516E30F5430E26A ] hhdttcw C:\Windows\system32\drivers\hhdttcw.sys
18:50:26.0735 5460 Suspicious file (NoAccess): C:\Windows\system32\drivers\hhdttcw.sys. md5: 2AACA53B0486E329E516E30F5430E26A
18:50:27.0188 5460 hhdttcw ( LockedService.Multi.Generic ) - warning
18:50:27.0188 5460 hhdttcw - detected LockedService.Multi.Generic (1)
18:50:27.0282 5460 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:50:27.0297 5460 HidBth - ok
18:50:27.0328 5460 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:50:27.0375 5460 HidIr - ok
18:50:27.0407 5460 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
18:50:27.0453 5460 hidserv - ok
18:50:27.0500 5460 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:50:27.0547 5460 HidUsb - ok
18:50:27.0594 5460 [ D40AA05E29BF6ED29B139F044B461E9B ] hkmsvc C:\Windows\system32\kmsvc.dll
18:50:27.0610 5460 hkmsvc - ok
18:50:27.0641 5460 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:50:27.0672 5460 HpCISSs - ok
18:50:27.0750 5460 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\Windows\system32\DRIVERS\HPZid412.sys
18:50:27.0782 5460 HPZid412 - ok
18:50:27.0828 5460 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\Windows\system32\DRIVERS\HPZipr12.sys
18:50:27.0844 5460 HPZipr12 - ok
18:50:27.0891 5460 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\Windows\system32\DRIVERS\HPZius12.sys
18:50:27.0922 5460 HPZius12 - ok
18:50:27.0985 5460 [ EA24FE637D974A8A31BC650F478E3533 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:50:28.0078 5460 HTTP - ok
18:50:28.0110 5460 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:50:28.0141 5460 i2omp - ok
18:50:28.0203 5460 [ 1C9EE072BAA3ABB460B91D7EE9152660 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:50:28.0219 5460 i8042prt - ok
18:50:28.0266 5460 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:50:28.0297 5460 iaStorV - ok
18:50:28.0375 5460 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:50:28.0422 5460 IDriverT - ok
18:50:28.0547 5460 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:50:28.0719 5460 idsvc - ok
18:50:28.0891 5460 [ 9E453B17D70FC2DD332510033A3C0499 ] IDSvix86 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071011.001\IDSvix86.sys
18:50:28.0938 5460 IDSvix86 - ok
18:50:28.0985 5460 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:50:29.0016 5460 iirsp - ok
18:50:29.0094 5460 [ 35662FE4D8622F667AA5A5568F7F1B40 ] IKEEXT C:\Windows\System32\ikeext.dll
18:50:29.0110 5460 IKEEXT - ok
18:50:29.0250 5460 [ 04BEF1C4AA990E0D5851C7532FC8642C ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:50:29.0407 5460 IntcAzAudAddService - ok
18:50:29.0469 5460 [ 97469037714070E45194ED318D636401 ] intelide C:\Windows\system32\drivers\intelide.sys
18:50:29.0500 5460 intelide - ok
18:50:29.0532 5460 [ CE44CC04262F28216DD4341E9E36A16F ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:50:29.0547 5460 intelppm - ok
18:50:29.0594 5460 [ 88CF5281ED9880D74DC9011CF8B5262D ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:50:29.0703 5460 IPBusEnum - ok
18:50:29.0782 5460 [ 880C6F86CC3F551B8FEA2C11141268C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:50:29.0797 5460 IpFilterDriver - ok
18:50:29.0860 5460 [ ECC9AD72CFC4AB41CF6A9BCC11F9FEF6 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:50:29.0875 5460 iphlpsvc - ok
18:50:29.0891 5460 IpInIp - ok
18:50:29.0953 5460 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:50:29.0969 5460 IPMIDRV - ok
18:50:30.0000 5460 [ 10077C35845101548037DF04FD1A420B ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:50:30.0032 5460 IPNAT - ok
18:50:30.0141 5460 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:50:30.0172 5460 iPod Service - ok
18:50:30.0203 5460 [ A82F328F4792304184642D6D397BB1E3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:50:30.0219 5460 IRENUM - ok
18:50:30.0250 5460 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:50:30.0282 5460 isapnp - ok
18:50:30.0344 5460 [ 4DCA456D4D5723F8FA9C6760D240B0DF ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:50:30.0344 5460 iScsiPrt - ok
18:50:30.0422 5460 [ 36474FDE02F8422B8B1A52EAD9894DBC ] ISPwdSvc C:\Program Files\Norton Internet Security\isPwdSvc.exe
18:50:30.0469 5460 ISPwdSvc - ok
18:50:30.0500 5460 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:50:30.0516 5460 iteatapi - ok
18:50:30.0563 5460 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:50:30.0594 5460 iteraid - ok
18:50:30.0641 5460 [ B076B2AB806B3F696DAB21375389101C ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:50:30.0672 5460 kbdclass - ok
18:50:30.0719 5460 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
18:50:30.0735 5460 kbdhid - ok
18:50:30.0782 5460 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] KeyIso C:\Windows\system32\lsass.exe
18:50:30.0797 5460 KeyIso - ok
18:50:30.0844 5460 [ 0A829977B078DEA11641FC2AF87CEADE ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:50:30.0922 5460 KSecDD - ok
18:50:30.0969 5460 [ 45C537FE5DDE9A0146AEFF76E615737D ] KtmRm C:\Windows\system32\msdtckrm.dll
18:50:31.0000 5460 KtmRm - ok
18:50:31.0047 5460 [ 53D1482FC1AA36AC015A85E6CF2146BD ] LanmanServer C:\Windows\system32\srvsvc.dll
18:50:31.0063 5460 LanmanServer - ok
18:50:31.0125 5460 [ 435F0F6DC87A4B5DA78F1FA309884189 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:50:31.0125 5460 LanmanWorkstation - ok
18:50:31.0188 5460 [ E7AAB1A32AC2EEA4C4B735B8D034C802 ] LiveUpdate Notice Ex C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
18:50:31.0188 5460 LiveUpdate Notice Ex - ok
18:50:31.0313 5460 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
18:50:31.0438 5460 LiveUpdate Notice Service - ok
18:50:31.0485 5460 [ FD015B4F95DAA2B712F0E372A116FBAD ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:50:31.0516 5460 lltdio - ok
18:50:31.0578 5460 [ 7450DBCF754391DD6363FFFD5EF0E789 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:50:31.0688 5460 lltdsvc - ok
18:50:31.0735 5460 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:50:31.0813 5460 lmhosts - ok
18:50:31.0953 5460 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:50:32.0000 5460 LSI_FC - ok
18:50:32.0063 5460 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:50:32.0094 5460 LSI_SAS - ok
18:50:32.0141 5460 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:50:32.0188 5460 LSI_SCSI - ok
18:50:32.0219 5460 [ 42885BB44B6E065B8575A8DD6C430C52 ] luafv C:\Windows\system32\drivers\luafv.sys
18:50:32.0250 5460 luafv - ok
18:50:32.0297 5460 [ E93C1AD58E88A0846EAEE10671C2A8F3 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:50:32.0328 5460 Mcx2Svc - ok
18:50:32.0438 5460 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:50:32.0500 5460 megasas - ok
18:50:32.0563 5460 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] MMCSS C:\Windows\system32\mmcss.dll
18:50:32.0578 5460 MMCSS - ok
18:50:32.0625 5460 [ 21755967298A46FB6ADFEC9DB6012211 ] Modem C:\Windows\system32\drivers\modem.sys
18:50:32.0657 5460 Modem - ok
18:50:32.0719 5460 [ 7446E104A5FE5987CA9E4983FBAC4F97 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:50:32.0735 5460 monitor - ok
18:50:32.0766 5460 [ 5FBA13C1A1841B0885D316ED3589489D ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:50:32.0797 5460 mouclass - ok
18:50:32.0844 5460 [ B569B5C5D3BDE545DF3A6AF512CCCDBA ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:50:32.0860 5460 mouhid - ok
18:50:32.0907 5460 [ 01F1E5A3E4877C931CBB31613FEC16A6 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:50:32.0922 5460 MountMgr - ok
18:50:32.0969 5460 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:50:33.0016 5460 mpio - ok
18:50:33.0063 5460 [ 6E7A7F0C1193EE5648443FE2D4B789EC ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:50:33.0110 5460 mpsdrv - ok
18:50:33.0188 5460 [ 563ED845885C6A7C09A7715D8BD0585C ] MpsSvc C:\Windows\system32\mpssvc.dll
18:50:33.0203 5460 MpsSvc - ok
18:50:33.0282 5460 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:50:33.0313 5460 Mraid35x - ok
18:50:33.0391 5460 [ 1D8828B98EE309D65E006F0829E280E5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:50:33.0422 5460 MRxDAV - ok
18:50:33.0469 5460 [ 8AF705CE1BB907932157FAB821170F27 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:50:33.0547 5460 mrxsmb - ok
18:50:33.0578 5460 [ 47E13AB23371BE3279EEF22BBFA2C1BE ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:50:33.0610 5460 mrxsmb10 - ok
18:50:33.0657 5460 [ 90B3FC7BD6B3D7EE7635DEBBA2187F66 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:50:33.0719 5460 mrxsmb20 - ok
18:50:33.0797 5460 [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci C:\Windows\system32\drivers\msahci.sys
18:50:33.0860 5460 msahci - ok
18:50:33.0953 5460 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:50:33.0985 5460 msdsm - ok
18:50:34.0016 5460 [ BC64A92D821EFEA8BAB8E8CAF1B668BC ] MSDTC C:\Windows\System32\msdtc.exe
18:50:34.0032 5460 MSDTC - ok
18:50:34.0063 5460 [ 729EAFEFD4E7417165F353A18DBE947D ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:50:34.0078 5460 Msfs - ok
18:50:34.0125 5460 [ 5F454A16A5146CD91A176D70F0CFA3EC ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:50:34.0141 5460 msisadrv - ok
18:50:34.0172 5460 [ 8ACF956D9154E893E789881430C12632 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:50:34.0203 5460 MSiSCSI - ok
18:50:34.0203 5460 msiserver - ok
18:50:34.0250 5460 [ 892CEDEFA7E0FFE7BE8DA651B651D047 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:50:34.0250 5460 MSKSSRV - ok
18:50:34.0282 5460 [ AE2CB1DA69B2676B4CEE2A501AF5871C ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:50:34.0297 5460 MSPCLOCK - ok
18:50:34.0344 5460 [ F910DA84FA90C44A3ADDB7CD874463FD ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:50:34.0360 5460 MSPQM - ok
18:50:34.0407 5460 [ 84571C0AE07647BA38D493F5F0015DF7 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:50:34.0422 5460 MsRPC - ok
18:50:34.0469 5460 [ 4385C80EDE885E25492D408CAD91BD6F ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:50:34.0469 5460 mssmbios - ok
18:50:34.0500 5460 [ C826DD1373F38AFD9CA46EC3C436A14E ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:50:34.0532 5460 MSTEE - ok
18:50:34.0563 5460 [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor C:\Windows\system32\DRIVERS\ATKACPI.sys
18:50:34.0578 5460 MTsensor - ok
18:50:34.0610 5460 [ FA7AA70050CF5E2D15DE00941E5665E5 ] Mup C:\Windows\system32\Drivers\mup.sys
18:50:34.0625 5460 Mup - ok
18:50:34.0703 5460 [ 1CDBB5D002FE2BC5300AA20550D8A52E ] napagent C:\Windows\system32\qagentRT.dll
18:50:34.0719 5460 napagent - ok
18:50:34.0766 5460 [ 6DA4A0FC7C0E83DF0CB3CFD0A514C3BC ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:50:34.0797 5460 NativeWifiP - ok
18:50:34.0938 5460 NAVENG - ok
18:50:34.0969 5460 NAVEX15 - ok
18:50:35.0125 5460 [ 227C11E1E7CF6EF8AFB2A238D209760C ] NDIS C:\Windows\system32\drivers\ndis.sys
18:50:35.0235 5460 NDIS - ok
18:50:35.0282 5460 [ 81659CDCBD0F9A9E07E6878AD8C78D3F ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:50:35.0297 5460 NdisTapi - ok
18:50:35.0344 5460 [ 5DE5EE546BF40838EBE0E01CB629DF64 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:50:35.0375 5460 Ndisuio - ok
18:50:35.0407 5460 [ 397402ADCBB8946223A1950101F6CD94 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:50:35.0438 5460 NdisWan - ok
18:50:35.0500 5460 [ 1B24FA907AF283199A81B3BB37E5E526 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:50:35.0532 5460 NDProxy - ok
18:50:35.0578 5460 [ 356DBB9F98E8DC1028DD3092FCEEB877 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:50:35.0594 5460 NetBIOS - ok
18:50:35.0641 5460 [ E3A168912E7EEFC3BD3B814720D68B41 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:50:35.0688 5460 netbt - ok
18:50:35.0703 5460 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] Netlogon C:\Windows\system32\lsass.exe
18:50:35.0719 5460 Netlogon - ok
18:50:35.0782 5460 [ 90A4DAE28B94497F83BEA0F2A3B77092 ] Netman C:\Windows\System32\netman.dll
18:50:35.0797 5460 Netman - ok
18:50:35.0828 5460 [ 7C5C3D9CEEE838856B828AB6F98A2857 ] netprofm C:\Windows\System32\netprofm.dll
18:50:35.0844 5460 netprofm - ok
18:50:35.0907 5460 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:50:35.0953 5460 NetTcpPortSharing - ok
18:50:36.0016 5460 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:50:36.0063 5460 nfrd960 - ok
18:50:36.0110 5460 [ C424117A562F2DE37A42266894C79AEB ] NlaSvc C:\Windows\System32\nlasvc.dll
18:50:36.0110 5460 NlaSvc - ok
18:50:36.0141 5460 [ 4F9832BEB9FAFD8CEB0E541F1323B26E ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:50:36.0157 5460 Npfs - ok
18:50:36.0203 5460 [ 23B8201A363DE0E649FC75EE9874DEE2 ] nsi C:\Windows\system32\nsisvc.dll
18:50:36.0219 5460 nsi - ok
18:50:36.0250 5460 [ B488DFEC274DE1FC9D653870EF2587BE ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:50:36.0282 5460 nsiproxy - ok
18:50:36.0500 5460 [ 37430AA7A66D7A63407ADC2C0D05E9F6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:50:36.0610 5460 Ntfs - ok
18:50:36.0657 5460 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:50:36.0703 5460 ntrigdigi - ok
18:50:36.0719 5460 [ EC5EFB3C60F1B624648344A328BCE596 ] Null C:\Windows\system32\drivers\Null.sys
18:50:36.0735 5460 Null - ok
18:50:36.0766 5460 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:50:36.0813 5460 nvraid - ok
18:50:36.0828 5460 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:50:36.0875 5460 nvstor - ok
18:50:36.0907 5460 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:50:36.0938 5460 nv_agp - ok
18:50:36.0953 5460 NwlnkFlt - ok
18:50:36.0969 5460 NwlnkFwd - ok
18:50:37.0094 5460 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:50:37.0141 5460 ohci1394 - ok
18:50:37.0219 5460 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:50:37.0344 5460 p2pimsvc - ok
18:50:37.0375 5460 [ 016D01D3B8FB976A193C7434BED8DCCF ] p2psvc C:\Windows\system32\p2psvc.dll
18:50:37.0407 5460 p2psvc - ok
18:50:37.0469 5460 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:50:37.0547 5460 Parport - ok
18:50:37.0578 5460 [ 555A5B2C8022983BC7467BC925B222EE ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:50:37.0610 5460 partmgr - ok
18:50:37.0657 5460 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:50:37.0688 5460 Parvdm - ok
18:50:37.0766 5460 [ D8C5C215C932233A4F1D7F368F4E4E65 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:50:37.0766 5460 PcaSvc - ok
18:50:37.0797 5460 [ 1085D75657807E0E8B32F9E19A1647C3 ] pci C:\Windows\system32\drivers\pci.sys
18:50:37.0828 5460 pci - ok
18:50:37.0922 5460 [ CABA65E9C41CD2900D4C92D4F825C5F8 ] pciide C:\Windows\system32\drivers\pciide.sys
18:50:37.0938 5460 pciide - ok
18:50:37.0985 5460 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:50:38.0032 5460 pcmcia - ok
18:50:38.0125 5460 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:50:38.0219 5460 PEAUTH - ok
18:50:38.0344 5460 [ CD05A38D166BEADE18030BAFC0C0A939 ] pla C:\Windows\system32\pla.dll
18:50:38.0500 5460 pla - ok
18:50:38.0547 5460 [ 747BB4C31F3B6E8D1B5ED0AD61518CB5 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:50:38.0563 5460 PlugPlay - ok
18:50:38.0625 5460 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:50:38.0641 5460 PNRPAutoReg - ok
18:50:38.0766 5460 [ 016D01D3B8FB976A193C7434BED8DCCF ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:50:38.0782 5460 PNRPsvc - ok
18:50:38.0875 5460 [ 5EBDEC613BD377CE9A85382BE5C6B83B ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:50:38.0891 5460 PolicyAgent - ok
18:50:38.0953 5460 [ C04DEC5ACE67C5247B150C4223970BB7 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:50:39.0000 5460 PptpMiniport - ok
18:50:39.0063 5460 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:50:39.0110 5460 Processor - ok
18:50:39.0172 5460 [ 213112E152E68F0E4705E36F052A2880 ] ProfSvc C:\Windows\system32\profsvc.dll
18:50:39.0188 5460 ProfSvc - ok
18:50:39.0203 5460 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:50:39.0219 5460 ProtectedStorage - ok
18:50:39.0250 5460 [ 2C8BAE55247C4E09352E870292E4D1AB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:50:39.0282 5460 PSched - ok
18:50:39.0344 5460 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:50:39.0407 5460 PxHelp20 - ok
18:50:39.0688 5460 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:50:40.0094 5460 ql2300 - ok
18:50:40.0172 5460 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:50:40.0203 5460 ql40xx - ok
18:50:40.0266 5460 [ CA61BDFD3713A7CE75F2812AFC431594 ] QWAVE C:\Windows\system32\qwave.dll
18:50:40.0344 5460 QWAVE - ok
18:50:40.0391 5460 [ D2B3E2B7426DC23E185FBC73C8936C12 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:50:40.0407 5460 QWAVEdrv - ok
18:50:40.0688 5460 [ 252826C4BC88B01E945C2D3C6603F3B0 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:50:40.0797 5460 R300 - ok
18:50:40.0844 5460 [ BD7B30F55B3649506DD8B3D38F571D2A ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:50:40.0875 5460 RasAcd - ok
18:50:40.0922 5460 [ F14F4AAB9F54D099FE99192BDB100AC9 ] RasAuto C:\Windows\System32\rasauto.dll
18:50:40.0969 5460 RasAuto - ok
18:50:41.0016 5460 [ 68B0019FEE429EC49D29017AF937E482 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:50:41.0047 5460 Rasl2tp - ok
18:50:41.0078 5460 [ 11D65E29BC9D1E4114D18FE68194394C ] RasMan C:\Windows\System32\rasmans.dll
18:50:41.0094 5460 RasMan - ok
18:50:41.0125 5460 [ CCF4E9C6CBBAC81437F88CB2AE0B6C96 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:50:41.0157 5460 RasPppoe - ok
18:50:41.0188 5460 [ 54129C5D9581BBEC8BD1EBD3BA813F47 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:50:41.0266 5460 rdbss - ok
18:50:41.0282 5460 [ 794585276B5D7FCA9F3FC15543F9F0B9 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:50:41.0313 5460 RDPCDD - ok
18:50:41.0375 5460 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:50:41.0438 5460 rdpdr - ok
18:50:41.0469 5460 [ 980B56E2E273E19D3A9D72D5C420F008 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:50:41.0516 5460 RDPENCDD - ok
18:50:41.0610 5460 [ 8830E790A74A96605FABA74F9665BB3C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:50:41.0657 5460 RDPWD - ok
18:50:41.0719 5460 [ 6C1A43C589EE8011A1EBFD51C01B77CE ] RemoteAccess C:\Windows\System32\mprdim.dll
18:50:41.0750 5460 RemoteAccess - ok
18:50:41.0797 5460 [ 9A043808667C8C1893DA7275AF373F0E ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:50:41.0844 5460 RemoteRegistry - ok
18:50:41.0985 5460 [ 9638E5820858593A12005C753B03CEAE ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:50:42.0047 5460 RoxMediaDB9 - ok
18:50:42.0125 5460 [ 910FBA95EE4F56449AA81315884C8EFD ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:50:42.0157 5460 RoxWatch9 - ok
18:50:42.0203 5460 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:50:42.0235 5460 RpcLocator - ok
18:50:42.0328 5460 [ 7B981222A257D076885BFFB66F19B7CE ] RpcSs C:\Windows\system32\rpcss.dll
18:50:42.0344 5460 RpcSs - ok
18:50:42.0391 5460 [ 97E939D2128FEC5D5A3E6E79B290A2F4 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:50:42.0422 5460 rspndr - ok
18:50:42.0516 5460 [ FDDE6B3598660D3C51CB45EB3A95FE67 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys
18:50:42.0547 5460 RTL8023xp - ok
18:50:42.0578 5460 [ C731B1FE449D4E9CEA358C9D55B69BE9 ] SamSs C:\Windows\system32\lsass.exe
18:50:42.0578 5460 SamSs - ok
18:50:42.0641 5460 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:50:42.0688 5460 sbp2port - ok
18:50:42.0735 5460 [ 565B4B9E5AD2F2F18A4F8AAFA6C06BBB ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:50:42.0797 5460 SCardSvr - ok
18:50:42.0891 5460 [ 886CEC884B5BE29AB9828B8AB46B11F7 ] Schedule C:\Windows\system32\schedsvc.dll
18:50:42.0907 5460 Schedule - ok
18:50:42.0938 5460 [ 0600E04315FE543802A379D5D23C8BE0 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:50:42.0938 5460 SCPolicySvc - ok
18:50:42.0985 5460 [ F7B6BF02240D0A764ADF8C8966735552 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:50:43.0032 5460 SDRSVC - ok
18:50:43.0047 5460 [ 8388C4133DDBE62AD7BC3EC9F14271ED ] seclogon C:\Windows\system32\seclogon.dll
18:50:43.0078 5460 seclogon - ok
18:50:43.0157 5460 [ 34350AE2C1D33D21C7305F861BD8DAD8 ] SENS C:\Windows\System32\sens.dll
18:50:43.0157 5460 SENS - ok
18:50:43.0250 5460 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:50:43.0282 5460 Serenum - ok
18:50:43.0313 5460 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:50:43.0344 5460 Serial - ok
18:50:43.0422 5460 [ 450ACCD77EC5CEA720C1CDB9E26B953B ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:50:43.0453 5460 sermouse - ok
18:50:43.0516 5460 [ 78878235DA4DF0D116E86837A0A21DF8 ] SessionEnv C:\Windows\system32\sessenv.dll
18:50:43.0532 5460 SessionEnv - ok
18:50:43.0578 5460 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:50:43.0625 5460 sffdisk - ok
18:50:43.0657 5460 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:50:43.0672 5460 sffp_mmc - ok
18:50:43.0703 5460 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:50:43.0750 5460 sffp_sd - ok
18:50:43.0782 5460 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:50:43.0828 5460 sfloppy - ok
18:50:43.0938 5460 [ 9A82BF4C90B00A63150A606A1E2FD82B ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:50:44.0047 5460 SharedAccess - ok
18:50:44.0172 5460 [ B264DFA21677728613267FE63802B332 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:50:44.0219 5460 ShellHWDetection - ok
18:50:44.0282 5460 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:50:44.0282 5460 sisagp - ok
18:50:44.0328 5460 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:50:44.0344 5460 SiSRaid2 - ok
18:50:44.0375 5460 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:50:44.0422 5460 SiSRaid4 - ok
18:50:44.0516 5460 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:50:44.0672 5460 SkypeUpdate - ok
18:50:45.0250 5460 [ A1DCD30534835CB67733AD00175125A6 ] slsvc C:\Windows\system32\SLsvc.exe
18:50:46.0485 5460 slsvc - ok
18:50:46.0563 5460 [ 56DA296E7B376A727E7BDC5AC7FBEE02 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:50:46.0610 5460 SLUINotify - ok
18:50:46.0641 5460 [ AC0D90738ADB51A6FD12FF00874A2162 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:50:46.0703 5460 Smb - ok
18:50:46.0813 5460 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:50:46.0860 5460 SNMPTRAP - ok
18:50:47.0016 5460 [ 905782BCF15B6E5AF9905B77923C7FA2 ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
18:50:50.0672 5460 SPBBCDrv - ok
18:50:50.0719 5460 [ 426F9B029AA9162CECCF65369457D046 ] spldr C:\Windows\system32\drivers\spldr.sys
18:50:50.0750 5460 spldr - ok
18:50:50.0782 5460 [ DA612EF2556776DF2630B68BF2D48935 ] Spooler C:\Windows\System32\spoolsv.exe
18:50:50.0813 5460 Spooler - ok
18:50:50.0875 5460 [ A199171385BE17973FD800FA91F8F78A ] sptd C:\Windows\system32\Drivers\sptd.sys
18:50:50.0875 5460 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A199171385BE17973FD800FA91F8F78A
18:50:50.0875 5460 sptd ( LockedFile.Multi.Generic ) - warning
18:50:50.0875 5460 sptd - detected LockedFile.Multi.Generic (1)
18:50:50.0985 5460 [ 655773F2F1A3730C6CF20280A49F4EE1 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
18:50:51.0063 5460 SRTSP - ok
18:50:51.0094 5460 [ 2A0AAF370D4C6574A34AE2F4A0709CAE ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
18:50:51.0157 5460 SRTSPL - ok
18:50:51.0188 5460 [ 3104BDCEACE2D5710776DD05E6A286C1 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
18:50:51.0219 5460 SRTSPX - ok
18:50:51.0297 5460 [ 038579C35F7CAD4A4BBF735DBF83277D ] srv C:\Windows\system32\DRIVERS\srv.sys
18:50:51.0375 5460 srv - ok
18:50:51.0422 5460 [ 6971A757AF8CB5E2CBCBB76CC530DB6C ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:50:51.0453 5460 srv2 - ok
18:50:51.0516 5460 [ 9E1A4603B874EEBCE0298113951ABEFB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:50:51.0547 5460 srvnet - ok
18:50:51.0594 5460 [ D5DFFEAA1E15D4EFFABB9D9A3068AC5B ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
18:50:51.0641 5460 sscdbus - ok
18:50:51.0688 5460 [ 8A1BE0C347814F482F493AEA619D57F6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
18:50:51.0703 5460 sscdmdfl - ok
18:50:51.0766 5460 [ 5AB0B1987F682A59B15B78F84C6AD7D0 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
18:50:51.0797 5460 sscdmdm - ok
18:50:51.0844 5460 [ 8D3E4BAFF8B3997138C38EB1B600519A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:50:51.0860 5460 SSDPSRV - ok
18:50:51.0907 5460 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
18:50:51.0938 5460 ssmdrv - ok
18:50:52.0063 5460 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
18:50:52.0172 5460 StarWindServiceAE - ok
18:50:52.0250 5460 [ A941E099EF46E3CC12F898CBE1C39910 ] stisvc C:\Windows\System32\wiaservc.dll
18:50:52.0391 5460 stisvc - ok
18:50:52.0453 5460 [ 51778FD315C9882F1CBD932743E62A72 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:50:52.0500 5460 stllssvr - ok
18:50:52.0547 5460 [ 1379BDB336F8158C176A465E30759F57 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:50:52.0563 5460 swenum - ok
18:50:52.0672 5460 [ 749ADA8D6C18A08ADFEDE69CBF5DB2E0 ] swprv C:\Windows\System32\swprv.dll
18:50:52.0782 5460 swprv - ok
18:50:53.0063 5460 [ FA2F6A8849219B16460BF44F9D1F3AA7 ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
18:50:53.0188 5460 Symantec Core LC - ok
18:50:53.0235 5460 [ 2FE779B1A07747FED8074C433C3C4604 ] SymAppCore C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
18:50:53.0250 5460 SymAppCore - ok
18:50:53.0297 5460 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:50:53.0328 5460 Symc8xx - ok
18:50:53.0422 5460 [ 3ADCC83BC09AFD901640FB5F7B2DE805 ] SYMDNS C:\Windows\System32\Drivers\SYMDNS.SYS
18:50:53.0453 5460 SYMDNS - ok
18:50:53.0500 5460 [ C5EAFB6A8C73FB26B73EE613C1A5AEF6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
18:50:53.0547 5460 SymEvent - ok
18:50:53.0578 5460 [ F8B9C44E32AE1BF1362A037B89C671D3 ] SYMFW C:\Windows\System32\Drivers\SYMFW.SYS
18:50:53.0625 5460 SYMFW - ok
18:50:53.0657 5460 [ 56E465EC84FFC6EA28FED08B16E71D10 ] SYMIDS C:\Windows\System32\Drivers\SYMIDS.SYS
18:50:53.0688 5460 SYMIDS - ok
18:50:53.0735 5460 [ 4366098DBDFBA752CF76F0C4183BFFA9 ] SYMNDISV C:\Windows\System32\Drivers\SYMNDISV.SYS
18:50:53.0766 5460 SYMNDISV - ok
18:50:53.0797 5460 [ 5E5723B168CC224A4E166BDA42B088A6 ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
18:50:53.0828 5460 SYMREDRV - ok
18:50:53.0875 5460 [ DC8744A9D3D80462E62427DEDCE0F0AA ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
18:50:53.0922 5460 SYMTDI - ok
18:50:53.0953 5460 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:50:53.0985 5460 Sym_hi - ok
18:50:54.0016 5460 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:50:54.0047 5460 Sym_u3 - ok
18:50:54.0094 5460 [ 24B43E9A3E6CACF9AFC69F48E9DEB690 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:50:54.0141 5460 SynTP - ok
18:50:54.0203 5460 [ 8F2B5FEDE18BD3C4C926CBF88E6F1264 ] SysMain C:\Windows\system32\sysmain.dll
18:50:54.0219 5460 SysMain - ok
18:50:54.0297 5460 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:50:54.0297 5460 TabletInputService - ok
18:50:54.0391 5460 [ EF3DD33C740FC2F82E7E4622F1C49289 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:50:54.0407 5460 TapiSrv - ok
18:50:54.0453 5460 [ 68FA52794AE9ACC61BDE16FE0956B414 ] TBS C:\Windows\System32\tbssvc.dll
18:50:54.0469 5460 TBS - ok
18:50:54.0641 5460 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:50:54.0719 5460 Tcpip - ok
18:50:54.0782 5460 [ 4A82FA8F0DF67AA354580C3FAAF8BDE3 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:50:54.0797 5460 Tcpip6 - ok
18:50:54.0828 5460 [ 5CE0C4A7B12D0067DAD527D72B68C726 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:50:54.0844 5460 tcpipreg - ok
18:50:54.0875 5460 [ 964248AEF49C31FA6A93201A73FFAF50 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:50:54.0875 5460 TDPIPE - ok
18:50:54.0907 5460 [ 7D2C1AE1648A60FCE4AA0F7982E419D3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:50:54.0922 5460 TDTCP - ok
18:50:54.0953 5460 [ AB4FDE8AF4A0270A46A001C08CBCE1C2 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:50:54.0985 5460 tdx - ok
18:50:55.0016 5460 [ 2C549BD9DD091FBFAA0A2A48E82EC2FB ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:50:55.0047 5460 TermDD - ok
18:50:55.0110 5460 [ FAD71C1E8E4047B154E899AE31EB8CAA ] TermService C:\Windows\System32\termsrv.dll
18:50:55.0219 5460 TermService - ok
18:50:55.0282 5460 [ B264DFA21677728613267FE63802B332 ] Themes C:\Windows\system32\shsvcs.dll
18:50:55.0375 5460 Themes - ok
18:50:55.0391 5460 [ 9DFA3A459AF0954AA85B4F7622AD87BB ] THREADORDER C:\Windows\system32\mmcss.dll
18:50:55.0391 5460 THREADORDER - ok
18:50:55.0453 5460 [ 6BBA0582C0025D43729A1112D3B57897 ] TrkWks C:\Windows\System32\trkwks.dll
18:50:55.0453 5460 TrkWks - ok
18:50:55.0547 5460 [ 34E388A395FEDBA1D0511ED39BBF4074 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:50:55.0547 5460 TrustedInstaller - ok
18:50:55.0578 5460 [ 29F0ECA726F0D51F7E048BDB0B372F29 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:50:55.0594 5460 tssecsrv - ok
18:50:55.0657 5460 [ 65E953BC0084D44498B51F59784D2A82 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:50:55.0688 5460 tunmp - ok
18:50:55.0719 5460 [ 4A39BDA5E0FD30BDF4884F9D33AE6105 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:50:55.0735 5460 tunnel - ok
18:50:55.0782 5460 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:50:55.0813 5460 uagp35 - ok
18:50:55.0860 5460 [ 6348DA98707CEDA8A0DFB05820E17732 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:50:55.0922 5460 udfs - ok
18:50:55.0985 5460 [ 24A333F4F14DCFB6FF6D5A1B9E5D79DD ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:50:56.0016 5460 UI0Detect - ok
18:50:56.0063 5460 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:50:56.0094 5460 uliagpkx - ok
18:50:56.0125 5460 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:50:56.0157 5460 uliahci - ok
18:50:56.0203 5460 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:50:56.0282 5460 UlSata - ok
18:50:56.0328 5460 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:50:56.0391 5460 ulsata2 - ok
18:50:56.0422 5460 [ 3FB78F1D1DD86D87BECECD9DFFA24DD9 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:50:56.0453 5460 umbus - ok
18:50:56.0500 5460 [ 8EB871A3DEB6B3D5A85EB6DDFC390B59 ] upnphost C:\Windows\System32\upnphost.dll
18:50:56.0516 5460 upnphost - ok
18:50:56.0578 5460 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
18:50:56.0610 5460 USBAAPL - ok
18:50:56.0688 5460 [ B0BA9CAFFE9B0555EC0317F30CB79CD2 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:50:56.0719 5460 usbccgp - ok
18:50:56.0766 5460 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:50:56.0782 5460 usbcir - ok
18:50:56.0844 5460 [ C9FCD05B0A80EA08C2768E5A279B14DE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:50:56.0860 5460 usbehci - ok
18:50:56.0907 5460 [ 5E44F7D957F7560DA06BFE6B84B58A35 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:50:56.0938 5460 usbhub - ok
18:50:56.0985 5460 [ 9333E482A173938788CBDE8F81EC52FB ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:50:57.0000 5460 usbohci - ok
18:50:57.0047 5460 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:50:57.0063 5460 usbprint - ok
18:50:57.0110 5460 [ B1F95285C08DDFE00C0B955462637EC7 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:50:57.0157 5460 usbscan - ok
18:50:57.0188 5460 [ 7887CE56934E7F104E98C975F47353C5 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:50:57.0219 5460 USBSTOR - ok
18:50:57.0250 5460 [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:50:57.0297 5460 usbuhci - ok
18:50:57.0344 5460 [ F79D0D7C9004474CB42746D9B2C30A2B ] UxSms C:\Windows\System32\uxsms.dll
18:50:57.0344 5460 UxSms - ok
18:50:57.0422 5460 [ C9D0BAFEE0D0A2681F048CA61BC0DA96 ] vds C:\Windows\System32\vds.exe
18:50:57.0578 5460 vds - ok
18:50:57.0672 5460 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:50:57.0750 5460 vga - ok
18:50:57.0797 5460 [ 17A8F877314E4067F8C8172CC6D9101C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:50:57.0844 5460 VgaSave - ok
18:50:57.0875 5460 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:50:57.0938 5460 viaagp - ok
18:50:57.0985 5460 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:50:58.0016 5460 ViaC7 - ok
18:50:58.0047 5460 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
18:50:58.0078 5460 viaide - ok
18:50:58.0125 5460 [ 103E84C95832D0ED93507997CC7B54E8 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:50:58.0141 5460 volmgr - ok
18:50:58.0235 5460 [ 294DA8D3F965F6A8DB934A83C7B461FF ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:50:58.0313 5460 volmgrx - ok
18:50:58.0375 5460 [ 80DC0C9BCB579ED9815001A4D37CBFD5 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:50:58.0407 5460 volsnap - ok
18:50:58.0453 5460 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:50:58.0485 5460 vsmraid - ok
18:50:58.0578 5460 [ E0E29D9EF2524ABD11749C7C2FD7F607 ] VSS C:\Windows\system32\vssvc.exe
18:50:58.0672 5460 VSS - ok
18:50:58.0719 5460 [ 62B0D0F6F5580D9D0DFA5E0B466FF2ED ] W32Time C:\Windows\system32\w32time.dll
18:50:58.0735 5460 W32Time - ok
18:50:58.0797 5460 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:50:58.0813 5460 WacomPen - ok
18:50:58.0860 5460 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:50:58.0907 5460 Wanarp - ok
18:50:58.0907 5460 [ 6798C1209A53B5A0DED8D437C45145FF ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:50:58.0922 5460 Wanarpv6 - ok
18:50:59.0016 5460 [ 0A716C08CB13C3A8F4F51E882DBF7416 ] wanatw C:\Windows\system32\DRIVERS\wanatw4.sys
18:50:59.0094 5460 wanatw - ok
18:50:59.0235 5460 [ C1B19162E0509CEAB4CDF664E139D956 ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:50:59.0344 5460 wcncsvc - ok
18:50:59.0375 5460 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:50:59.0407 5460 WcsPlugInService - ok
18:50:59.0453 5460 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:50:59.0469 5460 Wd - ok
18:50:59.0532 5460 [ 7B5F66E4A2219C7D9DAF9E738480E534 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:50:59.0610 5460 Wdf01000 - ok
18:50:59.0672 5460 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:50:59.0688 5460 WdiServiceHost - ok
18:50:59.0688 5460 [ 2A424B89B14EF17A3D06BCB5A8F79601 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:50:59.0703 5460 WdiSystemHost - ok
18:50:59.0750 5460 [ 01E41C264EEDCB827820A1909162579F ] WebClient C:\Windows\System32\webclnt.dll
18:50:59.0782 5460 WebClient - ok
18:50:59.0797 5460 [ 9CF67FF7F8D34CBF115D0C278B9F74AA ] Wecsvc C:\Windows\system32\wecsvc.dll
18:50:59.0844 5460 Wecsvc - ok
18:50:59.0875 5460 [ B68CAB45DB1DAB59D92ACADFAD6364A8 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:50:59.0891 5460 wercplsupport - ok
18:50:59.0938 5460 [ 36BA0707680EF4236FD752BEE982CC25 ] WerSvc C:\Windows\System32\WerSvc.dll
18:50:59.0985 5460 WerSvc - ok
18:51:00.0125 5460 [ 0D5AD0E71FF5DDAC5DD2F443B499ABD0 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:51:00.0438 5460 WinDefend - ok
18:51:00.0453 5460 WinHttpAutoProxySvc - ok
18:51:00.0703 5460 [ 38A7B89DE4E3417C122317949667FDD8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:51:00.0766 5460 Winmgmt - ok
18:51:00.0875 5460 [ 3F6823040030C3E4DA1CF11CD40B7534 ] WinRM C:\Windows\system32\WsmSvc.dll
18:51:00.0953 5460 WinRM - ok
18:51:01.0063 5460 [ 7640ACEA41348BFEF34B76E245501261 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:51:01.0094 5460 Wlansvc - ok
18:51:01.0141 5460 [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:51:01.0157 5460 WmiAcpi - ok
18:51:01.0203 5460 [ A279323BEE5FFFAFDA222910BCE92132 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:51:01.0250 5460 wmiApSrv - ok
18:51:01.0344 5460 [ ACB2E63D50157E3EA7140F29D9E76A48 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:51:01.0407 5460 WMPNetworkSvc - ok
18:51:01.0547 5460 [ 3D3B3B80C12ABE506F56930C46422C28 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:51:01.0610 5460 WPCSvc - ok
18:51:01.0672 5460 [ C24844A1D0D9528B19D5BC266B8CD572 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:51:01.0672 5460 WPDBusEnum - ok
18:51:01.0750 5460 [ 2D27171B16A577EF14C1273668753485 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
18:51:01.0797 5460 WpdUsb - ok
18:51:01.0844 5460 [ 84620AECDCFD2A7A14E6263927D8C0ED ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:51:01.0860 5460 ws2ifsl - ok
18:51:01.0907 5460 [ F97CBB919AF6D0A6643D1A59C15014D1 ] wscsvc C:\Windows\System32\wscsvc.dll
18:51:01.0922 5460 wscsvc - ok
18:51:01.0938 5460 WSearch - ok
18:51:02.0094 5460 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
18:51:02.0188 5460 wuauserv - ok
18:51:02.0235 5460 [ A2AAFCC8A204736296D937C7C545B53F ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:51:02.0250 5460 WUDFRd - ok
18:51:02.0297 5460 [ DB5BF5AAB72B1B99B5331231D09EBB26 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:51:02.0297 5460 wudfsvc - ok
18:51:02.0360 5460 xxngedwu - ok
18:51:02.0375 5460 ================ Scan global ===============================
18:51:02.0422 5460 [ 8CD98A8EC9CADAF4E051CDCAC15C96C4 ] C:\Windows\system32\basesrv.dll
18:51:02.0469 5460 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
18:51:02.0688 5460 [ E3F137ADC0A9D7F3A2E4F557272FE6B3 ] C:\Windows\system32\winsrv.dll
0
Réponse 11 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
16 nov. 2012 à 19:13
Le rapport est trop long il faut l'héberger sur ce site http://pjjoint.malekal.com/ et me donner le lien pour y accéder

Smart
0
Réponse 12 / 33
Ioan3369 Messages postés 10 Date d'inscription jeudi 15 novembre 2012 Statut Membre Dernière intervention 27 novembre 2012
17 nov. 2012 à 17:40
Ok, voilà le lien :

https://pjjoint.malekal.com/files.php?read=20121117_8y14r7q10j9
0
Réponse 13 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
18 nov. 2012 à 19:27
Désolé pour le retard de ma réponse:

Pour confirmer:
* Relance RogueKiller.exe.
* Attendre la fin du Prescan ...
* Clique sur Scan.
* A la fin du scan Clique sur Rapport. Copie et colle le rapport dans ta réponse

Ensuite tu vas faire ceci:

* Télécharge et installe Malwarebytes
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme). C'est très important
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet puis "Rechercher"
* Ne t'inquiète pas, l'analyse peut durer plusieurs heures en fonction du nombre de fichiers et infections à analyser
* A la fin de l'analyse, clique sur "Afficher les résultats"
* Coche tous les éléments détectés puis clique sur "Supprimer la sélection"
* Enregistre le rapport
* S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
* Un rapport apparait après la suppression : poste le dans ta prochaine réponse.

Smart
0
Réponse 14 / 33
Ioan3369
18 nov. 2012 à 19:45
Voilà le rapport de RogueKiller. Je vais faire la suite de ce que tu me dis. Merci de ta réponse !

RogueKiller V8.2.3 [07/11/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Antoine [Droits d'admin]
Mode : Recherche -- Date : 18/11/2012 19:50:42

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 3 ¤¤¤
[TASK][SUSP PATH] Norton Internet Security - Analyse système complète - Antoine : C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82E6DF73 -> HOOKED (Unknown @ 0x8D744678)
SSDT[14] : NtAlertThread @ 0x82E6DF1B -> HOOKED (Unknown @ 0x8D744758)
SSDT[18] : NtAllocateVirtualMemory @ 0x82DC98AD -> HOOKED (Unknown @ 0x85BE8950)
SSDT[48] : NtClose @ 0x82DDCB98 -> HOOKED (Unknown @ 0x8D009414)
SSDT[54] : NtConnectPort @ 0x82E213C7 -> HOOKED (Unknown @ 0x8D619DC8)
SSDT[67] : NtCreateMutant @ 0x82E16947 -> HOOKED (Unknown @ 0x8D7443C8)
SSDT[75] : NtCreateSection @ 0x82E036E3 -> HOOKED (Unknown @ 0x8D00941E)
SSDT[78] : NtCreateThread @ 0x82E6BC9B -> HOOKED (Unknown @ 0x85BE8AE0)
SSDT[129] : NtDuplicateObject @ 0x82E12B75 -> HOOKED (Unknown @ 0x8D00940F)
SSDT[147] : NtFreeVirtualMemory @ 0x82C774E3 -> HOOKED (Unknown @ 0x8D771298)
SSDT[156] : NtImpersonateAnonymousToken @ 0x82DA85C5 -> HOOKED (Unknown @ 0x8D7444B8)
SSDT[158] : NtImpersonateThread @ 0x82DAF964 -> HOOKED (Unknown @ 0x8D744598)
SSDT[177] : NtMapViewOfSection @ 0x82E0A9C1 -> HOOKED (Unknown @ 0x8D7711B8)
SSDT[184] : NtOpenEvent @ 0x82E0D359 -> HOOKED (Unknown @ 0x8D7442E8)
SSDT[194] : NtOpenProcess @ 0x82DEA7BA -> HOOKED (Unknown @ 0x8D0093B0)
SSDT[195] : NtOpenProcessToken @ 0x82E20DBD -> HOOKED (Unknown @ 0x85BE8A20)
SSDT[201] : NtOpenThread @ 0x82E25B36 -> HOOKED (Unknown @ 0x8D0093B5)
SSDT[202] : NtOpenThreadToken @ 0x82DE8BFB -> HOOKED (Unknown @ 0x8D7762D0)
SSDT[275] : NtRequestWaitReplyPort @ 0x82DE7E8F -> HOOKED (Unknown @ 0x8D009428)
SSDT[281] : NtResumeThread @ 0x82E0A384 -> HOOKED (Unknown @ 0x8D743378)
SSDT[293] : NtSetContextThread @ 0x82E6D017 -> HOOKED (Unknown @ 0x8D009423)
SSDT[309] : NtSetInformationProcess @ 0x82DD19DA -> HOOKED (Unknown @ 0x8D776008)
SSDT[310] : NtSetInformationThread @ 0x82DDF91C -> HOOKED (Unknown @ 0x8D776100)
SSDT[318] : NtSetSecurityObject @ 0x82DAF1F1 -> HOOKED (Unknown @ 0x8D00942D)
SSDT[334] : NtSuspendProcess @ 0x82E6DE5F -> HOOKED (Unknown @ 0x8D744208)
SSDT[335] : NtSuspendThread @ 0x82E25930 -> HOOKED (Unknown @ 0x8D7448A0)
SSDT[336] : NtSystemDebugControl @ 0x82E981B0 -> HOOKED (Unknown @ 0x8D009432)
SSDT[338] : NtTerminateProcess @ 0x82DB8CEC -> HOOKED (Unknown @ 0x8D0093BF)
SSDT[339] : NtTerminateThread @ 0x82DB79F6 -> HOOKED (Unknown @ 0x8D744980)
SSDT[352] : NtUnmapViewOfSection @ 0x82E0C877 -> HOOKED (Unknown @ 0x8D7710F8)
SSDT[362] : NtWriteVirtualMemory @ 0x82DF71EE -> HOOKED (Unknown @ 0x8D771008)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8D009446)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8D00944B)
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

::1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS ATA Device +++++
--- User ---
[MBR] 153740022eff6170ca4e0c84247c1ef3
[BSP] fd6e624551744bb8afac36f09936aab0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 8197 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 144429 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[7]_S_18112012_195042.txt >>
RKreport[1]_S_15112012_231727.txt ; RKreport[2]_S_15112012_235015.txt ; RKreport[3]_PR_15112012_235019.txt ; RKreport[4]_PR_15112012_235036.txt ; RKreport[5]_S_15112012_235204.txt ;
RKreport[6]_PR_15112012_235247.txt ; RKreport[7]_S_18112012_195042.txt
0
Réponse 15 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
18 nov. 2012 à 20:04
Je croyais que tu avais lancé RK en mode suppression:

* Télécharge sur le bureau RogueKiller (par tigzy)
* Quitte tous les programmes en cours
* Lance RogueKiller.exe.
* Attendre la fin du Prescan ...
* Clique sur Scan.
* A la fin du scan Clique sur Suppression. Clique sur Rapport. Copie et colle le rapport dans ta réponse

Et ensuite tu lances MBAM

Smart
0
Réponse 16 / 33
Ioan3369
18 nov. 2012 à 20:32
@Smart

J'avais dû mal comprendre. Voici le rapport RK après demande de suppression :

RogueKiller V8.3.0 [Nov 18 2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Website: http://www.sur-la-toile.com/RogueKiller/
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Antoine [Droits d'admin]
Mode : Suppression -- Date : 18/11/2012 20:37:16

¤¤¤ Processus malicieux : 0 ¤¤¤

¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON Stylus S20 Series (C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE /FU "C:\Windows\TEMP\E_SD24D.tmp" /EF "HKCU") -> SUPPRIMÉ
[TASK][SUSP PATH] Norton Internet Security - Analyse système complète - Antoine : C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe /TASK:"C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca" -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x82E6DF73 -> HOOKED (Unknown @ 0x8D744678)
SSDT[14] : NtAlertThread @ 0x82E6DF1B -> HOOKED (Unknown @ 0x8D744758)
SSDT[18] : NtAllocateVirtualMemory @ 0x82DC98AD -> HOOKED (Unknown @ 0x85BE8950)
SSDT[48] : NtClose @ 0x82DDCB98 -> HOOKED (Unknown @ 0x8D009414)
SSDT[54] : NtConnectPort @ 0x82E213C7 -> HOOKED (Unknown @ 0x8D619DC8)
SSDT[67] : NtCreateMutant @ 0x82E16947 -> HOOKED (Unknown @ 0x8D7443C8)
SSDT[75] : NtCreateSection @ 0x82E036E3 -> HOOKED (Unknown @ 0x8D00941E)
SSDT[78] : NtCreateThread @ 0x82E6BC9B -> HOOKED (Unknown @ 0x85BE8AE0)
SSDT[129] : NtDuplicateObject @ 0x82E12B75 -> HOOKED (Unknown @ 0x8D00940F)
SSDT[147] : NtFreeVirtualMemory @ 0x82C774E3 -> HOOKED (Unknown @ 0x8D771298)
SSDT[156] : NtImpersonateAnonymousToken @ 0x82DA85C5 -> HOOKED (Unknown @ 0x8D7444B8)
SSDT[158] : NtImpersonateThread @ 0x82DAF964 -> HOOKED (Unknown @ 0x8D744598)
SSDT[177] : NtMapViewOfSection @ 0x82E0A9C1 -> HOOKED (Unknown @ 0x8D7711B8)
SSDT[184] : NtOpenEvent @ 0x82E0D359 -> HOOKED (Unknown @ 0x8D7442E8)
SSDT[194] : NtOpenProcess @ 0x82DEA7BA -> HOOKED (Unknown @ 0x8D0093B0)
SSDT[195] : NtOpenProcessToken @ 0x82E20DBD -> HOOKED (Unknown @ 0x85BE8A20)
SSDT[201] : NtOpenThread @ 0x82E25B36 -> HOOKED (Unknown @ 0x8D0093B5)
SSDT[202] : NtOpenThreadToken @ 0x82DE8BFB -> HOOKED (Unknown @ 0x8D7762D0)
SSDT[275] : NtRequestWaitReplyPort @ 0x82DE7E8F -> HOOKED (Unknown @ 0x8D009428)
SSDT[281] : NtResumeThread @ 0x82E0A384 -> HOOKED (Unknown @ 0x8D743378)
SSDT[293] : NtSetContextThread @ 0x82E6D017 -> HOOKED (Unknown @ 0x8D009423)
SSDT[309] : NtSetInformationProcess @ 0x82DD19DA -> HOOKED (Unknown @ 0x8D776008)
SSDT[310] : NtSetInformationThread @ 0x82DDF91C -> HOOKED (Unknown @ 0x8D776100)
SSDT[318] : NtSetSecurityObject @ 0x82DAF1F1 -> HOOKED (Unknown @ 0x8D00942D)
SSDT[334] : NtSuspendProcess @ 0x82E6DE5F -> HOOKED (Unknown @ 0x8D744208)
SSDT[335] : NtSuspendThread @ 0x82E25930 -> HOOKED (Unknown @ 0x8D7448A0)
SSDT[336] : NtSystemDebugControl @ 0x82E981B0 -> HOOKED (Unknown @ 0x8D009432)
SSDT[338] : NtTerminateProcess @ 0x82DB8CEC -> HOOKED (Unknown @ 0x8D0093BF)
SSDT[339] : NtTerminateThread @ 0x82DB79F6 -> HOOKED (Unknown @ 0x8D744980)
SSDT[352] : NtUnmapViewOfSection @ 0x82E0C877 -> HOOKED (Unknown @ 0x8D7710F8)
SSDT[362] : NtWriteVirtualMemory @ 0x82DF71EE -> HOOKED (Unknown @ 0x8D771008)
S_SSDT[573] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8D009446)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8D00944B)
IRP[IRP_MJ_CREATE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_CLOSE] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_POWER] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_SYSTEM_CONTROL] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)
IRP[IRP_MJ_PNP] : \SystemRoot\system32\drivers\atapi.sys -> HOOKED ([MAJOR] Unknown @ 0x845951F8)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

::1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9160821AS ATA Device +++++
--- User ---
[MBR] 153740022eff6170ca4e0c84247c1ef3
[BSP] fd6e624551744bb8afac36f09936aab0 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 8197 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16787925 | Size: 144429 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[9]_D_18112012_203716.txt >>
RKreport[1]_S_15112012_231727.txt ; RKreport[2]_S_15112012_235015.txt ; RKreport[3]_PR_15112012_235019.txt ; RKreport[4]_PR_15112012_235036.txt ; RKreport[5]_S_15112012_235204.txt ;
RKreport[6]_PR_15112012_235247.txt ; RKreport[7]_S_18112012_195042.txt ; RKreport[8]_S_18112012_203647.txt ; RKreport[9]_D_18112012_203716.txt
0
Réponse 17 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
18 nov. 2012 à 22:59
Et maintenant passe MBAM

Smart
0
Réponse 18 / 33
Ioan3369
18 nov. 2012 à 23:36
Voilà, après plus de 2h30 de scan et un redémarrage, voilà le rapport de MBAM (c'est le rapport que j'ai enregistré avant de redémarré, je n'ai pas eu de nouveau rapport au démarrage) :


Malwarebytes Anti-Malware (Essai) 1.65.1.1000
www.malwarebytes.org

Version de la base de données: v2012.11.18.04

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
Antoine :: PC-DE-ANTOINE [administrateur]

Protection: Activé

18/11/2012 20:46:36
mbam-log-2012-11-18 (20-46-36).txt

Type d'examen: Examen complet (C:\|D:\|E:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 409544
Temps écoulé: 2 heure(s), 27 minute(s), 3 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 2
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Mis en quarantaine et supprimé avec succès.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Données: Giant Savings -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\TDSSKiller_Quarantine\16.11.2012_18.50.06\susp0000\svc0000\tsk0000.dta (Rootkit.Agent) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Ioan3369
18 nov. 2012 à 23:42
En rouvrant MBAM je constate que les fichiers repérés sont toujours en quarantaine. Ont-ils été bien supprimés ?
Ioan
0
Réponse 19 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
18 nov. 2012 à 23:57
Si les fichiers sont en quarantaine c'est qu'ils ne sont plus actifs (Et de plus il est était déjà dans la quarantaine de TDSSKILLER
Relance MBAM et vide la quarantaine.

Refais un scan ZHPDiag et poste le rapport via pjjoint


Smart
0
Ioan3369
19 nov. 2012 à 00:01
Pardonne-moi, mais qu'est-ce qu'un scan ZHPDiag ?
0
Réponse 20 / 33
Smart91 Messages postés 29096 Date d'inscription dimanche 15 juillet 2007 Statut Contributeur sécurité Dernière intervention 5 avril 2014 2 326
19 nov. 2012 à 00:13
Désolé, je pensais te l'avoir déjà demandé

En fait nous allons faire un diagnostic du PC afin de voir s'il y a des restes et/ou d'autres infections:

Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou depuis ce lien si le premier a des soucis:
http://www.forums-fec.be/ZHP/ZHPDiag2.exe

Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions.

/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.
- Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer.
- Si tu possèdes Avast 6 ou 7 comme antivirus, à l'alerte choisis "lancer normalement"
- Si tu obtiens le message "Voulez-vous autoriser le programme suivant..." tu réponds Oui
(/!\L'outil a créé 2 icônes ZHPDiag et ZHPFix)
- Clique sur le tournevis à droite et coche toutes les cases
- Clique sur la loupe pour lancer l'analyse.
- Laisse l'outil travailler, il peut être assez long.
- Ferme ZHPDiag en fin d'analyse.
- Pour transmettre le rapport clique sur ce lien: http://pjjoint.malekal.com/
- Clique sur Parcourir et cherche le répertoire C:\ZHP
- Sélectionne le fichier ZHPDiag.txt. puis clique sur "Ouvrir"
- Ensuite Clique sur "Envoyer le fichier".
- Copie le lien obtenu dans ta réponse.

Smart
0

Discussions similaires

Où est la touche SHIFT sur mon clavier d'ordi ?
joe! -
fernando-_ytb -

18 réponses
j'ai renversé de l'eau sur mon pc portable
sardine -
moudubulbe -

14 réponses