[réglé] datamnger

Zellec · le 02 Nov 2012 16:06

Bonjour.
Ayant téléchargé ILivid avec naïveté, j'ai aussi installé par mégarde un adware qui est searchnu/406 ainsi que des extensions/modules à Internet explorer du style datamanager. J'ai désactivé ce que je pouvais, passé un coup de Malwarebytes et adwcleaner. Mais je souhaiterais savoir s'il ne reste plus de cochonnerie sur mon système. UN grand merci à vous. Il semble que dans IE il reste des traces de datamnger que j'ai désactivé, j'en déduis que des clefs de registre qq part doivent être vérolées.

Dernière précision, j'ai téléchargé ZHP et ai eu un rapport de scan lisible avec le lien suivant:

http://cjoint.com/?BKck4oxwxN5

Quelqu'un pourrait-il m'aider à finir la procédure de décontamination ou vérifier que tout est OK sur mon système?
Un grand merci par avance.

jeanmimigab · le 02 Nov 2012 16:46

salut,

avec tous les outils que tu as passé, tu as fais du ménage mais tu as supprimé tous ce qui pouvait me permettre de faire un diagnostique précis...

Il reste une injection dll au démarrage de Windows crée par datamanager

fais un scanne OTL comme indiqué ici et poste les rapports OTL.txt et Extras.txt

Zellec · le 02 Nov 2012 17:03

Bonjour et merci pour la réponse. Désolé pour l'effacement des éléments. Ce truc a l'air plus compliqué que d'autres petits soucis. je pensais m'en débarrasser avec un coup d'anti malware avant de visiter des forums.
Pour les rapports OTL, la marche à suivre n'est pas dans ton message. Pourrais-tu m'aider plus avant?

jeanmimigab · le 02 Nov 2012 17:04

oops,

ici
preparer-demande-aide-desinfection-vt-55699.html

Zellec · le 02 Nov 2012 17:05

Plus simplement, comment fait-on un scan OTL?

Merci encore.

Zellec · le 02 Nov 2012 17:06

Ok merci je viens de voir le lien. je fais ça et reviens vers toi.

Zellec · le 02 Nov 2012 17:30

Re-bonjour, voici les liens pour les rapports:

OTL:
http://cjoint.com/?BKcrxiXANrl

et extra:

http://cjoint.com/?BKcrBsteg9n

Merci à nouveau et désolé le scan a pris du temps. J'ai utilisé cjoint pour poster les fichiers lourds j'espère que cela ira. :wink:

jeanmimigab · le 02 Nov 2012 18:15

mouai, tu as touché le gros lot...(rootkit Zeroaccess)

Télécharge TDSSKiller (Kapersky Lab) sur ton bureau en allant sur cette page web
http://support.kaspersky.com/fr/faq/?qid=208280685
Dezzipe le et fais un double-clic dessus pour l'exécuter et si une détection apparait après le scanne,suis les instructions et autorise le redémarrage du pc
/!\ ne change pas l'action proposé par TDSSKiller en fin de scanne (skip, quarantine, cure ) /!\
Poste le rapport "C:\TDSSKiller_Quarantine\DATE_HEURE"

ensuite refais un scanne otl pour me poster un nouveau rapport OTL.txt (cette fois-ci tu n'auras pas de rapport "extras.txt")

Zellec · le 02 Nov 2012 18:34

Bizarrement aucune action n'a été proposée en fin de scan, je te poste le rapport de TDSSKiller, c'est long et cela semble faire chou blanc, je te le copie-colle directement ci-dessous:

PS,( je lance un scan OTL comme tu le demandes et te renvoie un message ensuite), merci dans tous les cas:

:wink:

18:28:20.0617 6820 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:28:20.0752 6820 ============================================================
18:28:20.0752 6820 Current date / time: 2012/11/02 18:28:20.0752
18:28:20.0752 6820 SystemInfo:
18:28:20.0752 6820
18:28:20.0752 6820 OS Version: 6.1.7601 ServicePack: 1.0
18:28:20.0752 6820 Product type: Workstation
18:28:20.0752 6820 ComputerName: THIERRY-PC
18:28:20.0752 6820 UserName: Thierry
18:28:20.0752 6820 Windows directory: C:\Windows
18:28:20.0752 6820 System windows directory: C:\Windows
18:28:20.0752 6820 Running under WOW64
18:28:20.0752 6820 Processor architecture: Intel x64
18:28:20.0752 6820 Number of processors: 4
18:28:20.0752 6820 Page size: 0x1000
18:28:20.0752 6820 Boot type: Normal boot
18:28:20.0752 6820 ============================================================
18:28:21.0275 6820 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:28:21.0303 6820 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:28:28.0598 6820 ============================================================
18:28:28.0598 6820 \Device\Harddisk0\DR0:
18:28:28.0598 6820 MBR partitions:
18:28:28.0598 6820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000
18:28:28.0598 6820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x391E7000
18:28:28.0598 6820 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3B419800, BlocksNum 0x392EC800
18:28:28.0598 6820 \Device\Harddisk3\DR3:
18:28:28.0599 6820 MBR partitions:
18:28:28.0599 6820 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x747065B0
18:28:28.0599 6820 ============================================================
18:28:28.0627 6820 C: <-> \Device\Harddisk0\DR0\Partition2
18:28:28.0650 6820 D: <-> \Device\Harddisk0\DR0\Partition3
18:28:28.0653 6820 J: <-> \Device\Harddisk3\DR3\Partition1
18:28:28.0653 6820 ============================================================
18:28:28.0653 6820 Initialize success
18:28:28.0653 6820 ============================================================
18:29:08.0414 4048 ============================================================
18:29:08.0414 4048 Scan started
18:29:08.0414 4048 Mode: Manual;
18:29:08.0414 4048 ============================================================
18:29:08.0958 4048 ================ Scan system memory ========================
18:29:08.0958 4048 System memory - ok
18:29:08.0959 4048 ================ Scan services =============================
18:29:09.0079 4048 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:29:09.0083 4048 1394ohci - ok
18:29:09.0104 4048 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:29:09.0109 4048 ACPI - ok
18:29:09.0114 4048 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:29:09.0115 4048 AcpiPmi - ok
18:29:09.0209 4048 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:29:09.0210 4048 AdobeARMservice - ok
18:29:09.0288 4048 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:29:09.0292 4048 AdobeFlashPlayerUpdateSvc - ok
18:29:09.0313 4048 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:29:09.0319 4048 adp94xx - ok
18:29:09.0337 4048 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:29:09.0343 4048 adpahci - ok
18:29:09.0370 4048 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:29:09.0373 4048 adpu320 - ok
18:29:09.0403 4048 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:29:09.0405 4048 AeLookupSvc - ok
18:29:09.0452 4048 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
18:29:09.0460 4048 AFD - ok
18:29:09.0480 4048 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:29:09.0482 4048 agp440 - ok
18:29:09.0492 4048 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:29:09.0494 4048 ALG - ok
18:29:09.0499 4048 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:29:09.0500 4048 aliide - ok
18:29:09.0519 4048 [ B9C8770F3061582DA3F9AB39071DEE37 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:29:09.0521 4048 AMD External Events Utility - ok
18:29:09.0524 4048 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:29:09.0525 4048 amdide - ok
18:29:09.0529 4048 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:29:09.0530 4048 AmdK8 - ok
18:29:09.0696 4048 [ 31D7999C389C7F1EFFD4B861B64ECAA9 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:29:09.0848 4048 amdkmdag - ok
18:29:09.0876 4048 [ 48E49CB63CB14E1A6EE80A14381213B0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:29:09.0879 4048 amdkmdap - ok
18:29:09.0882 4048 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:29:09.0884 4048 AmdPPM - ok
18:29:09.0922 4048 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:29:09.0924 4048 amdsata - ok
18:29:09.0941 4048 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:29:09.0945 4048 amdsbs - ok
18:29:09.0968 4048 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:29:09.0969 4048 amdxata - ok
18:29:09.0989 4048 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:29:09.0991 4048 AppID - ok
18:29:10.0005 4048 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:29:10.0006 4048 AppIDSvc - ok
18:29:10.0020 4048 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:29:10.0022 4048 Appinfo - ok
18:29:10.0107 4048 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:29:10.0109 4048 Apple Mobile Device - ok
18:29:10.0115 4048 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
18:29:10.0117 4048 arc - ok
18:29:10.0122 4048 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:29:10.0125 4048 arcsas - ok
18:29:10.0184 4048 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
18:29:10.0185 4048 aswFsBlk - ok
18:29:10.0207 4048 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
18:29:10.0208 4048 aswMonFlt - ok
18:29:10.0238 4048 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
18:29:10.0239 4048 aswRdr - ok
18:29:10.0278 4048 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
18:29:10.0288 4048 aswSnx - ok
18:29:10.0330 4048 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
18:29:10.0334 4048 aswSP - ok
18:29:10.0359 4048 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
18:29:10.0361 4048 aswTdi - ok
18:29:10.0364 4048 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:29:10.0365 4048 AsyncMac - ok
18:29:10.0372 4048 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:29:10.0373 4048 atapi - ok
18:29:10.0399 4048 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:29:10.0401 4048 AtiHDAudioService - ok
18:29:10.0424 4048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:29:10.0431 4048 AudioEndpointBuilder - ok
18:29:10.0440 4048 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:29:10.0444 4048 AudioSrv - ok
18:29:10.0528 4048 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:29:10.0529 4048 avast! Antivirus - ok
18:29:10.0540 4048 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:29:10.0543 4048 AxInstSV - ok
18:29:10.0558 4048 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
18:29:10.0565 4048 b06bdrv - ok
18:29:10.0609 4048 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:29:10.0613 4048 b57nd60a - ok
18:29:10.0662 4048 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:29:10.0664 4048 BDESVC - ok
18:29:10.0683 4048 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:29:10.0684 4048 Beep - ok
18:29:10.0711 4048 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:29:10.0720 4048 BFE - ok
18:29:10.0757 4048 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
18:29:10.0770 4048 BITS - ok
18:29:10.0779 4048 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:29:10.0780 4048 blbdrive - ok
18:29:10.0814 4048 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:29:10.0818 4048 Bonjour Service - ok
18:29:10.0831 4048 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:29:10.0832 4048 bowser - ok
18:29:10.0848 4048 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:29:10.0849 4048 BrFiltLo - ok
18:29:10.0860 4048 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:29:10.0860 4048 BrFiltUp - ok
18:29:10.0895 4048 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:29:10.0897 4048 Browser - ok
18:29:10.0911 4048 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:29:10.0914 4048 Brserid - ok
18:29:10.0922 4048 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:29:10.0924 4048 BrSerWdm - ok
18:29:10.0935 4048 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:29:10.0935 4048 BrUsbMdm - ok
18:29:10.0947 4048 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:29:10.0947 4048 BrUsbSer - ok
18:29:10.0951 4048 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:29:10.0952 4048 BTHMODEM - ok
18:29:10.0970 4048 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:29:10.0972 4048 bthserv - ok
18:29:10.0987 4048 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:29:10.0999 4048 cdfs - ok
18:29:11.0013 4048 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:29:11.0015 4048 cdrom - ok
18:29:11.0027 4048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:29:11.0029 4048 CertPropSvc - ok
18:29:11.0039 4048 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
18:29:11.0040 4048 circlass - ok
18:29:11.0067 4048 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:29:11.0072 4048 CLFS - ok
18:29:11.0116 4048 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:29:11.0118 4048 clr_optimization_v2.0.50727_32 - ok
18:29:11.0129 4048 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:29:11.0131 4048 clr_optimization_v2.0.50727_64 - ok
18:29:11.0177 4048 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:29:11.0179 4048 clr_optimization_v4.0.30319_32 - ok
18:29:11.0224 4048 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:29:11.0226 4048 clr_optimization_v4.0.30319_64 - ok
18:29:11.0229 4048 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
18:29:11.0230 4048 CmBatt - ok
18:29:11.0234 4048 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:29:11.0235 4048 cmdide - ok
18:29:11.0259 4048 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
18:29:11.0263 4048 CNG - ok
18:29:11.0283 4048 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
18:29:11.0284 4048 Compbatt - ok
18:29:11.0300 4048 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:29:11.0301 4048 CompositeBus - ok
18:29:11.0304 4048 COMSysApp - ok
18:29:11.0322 4048 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:29:11.0323 4048 crcdisk - ok
18:29:11.0364 4048 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:29:11.0368 4048 CryptSvc - ok
18:29:11.0398 4048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:29:11.0407 4048 DcomLaunch - ok
18:29:11.0462 4048 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:29:11.0467 4048 defragsvc - ok
18:29:11.0497 4048 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:29:11.0499 4048 DfsC - ok
18:29:11.0514 4048 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:29:11.0519 4048 Dhcp - ok
18:29:11.0527 4048 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:29:11.0528 4048 discache - ok
18:29:11.0544 4048 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
18:29:11.0545 4048 Disk - ok
18:29:11.0561 4048 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:29:11.0565 4048 Dnscache - ok
18:29:11.0581 4048 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:29:11.0584 4048 dot3svc - ok
18:29:11.0589 4048 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:29:11.0591 4048 DPS - ok
18:29:11.0600 4048 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:29:11.0601 4048 drmkaud - ok
18:29:11.0626 4048 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:29:11.0634 4048 DXGKrnl - ok
18:29:11.0667 4048 [ EAFCB4551836FF44EE775CEDDFA7A77E ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
18:29:11.0671 4048 e1cexpress - ok
18:29:11.0693 4048 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:29:11.0695 4048 EapHost - ok
18:29:11.0763 4048 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
18:29:11.0821 4048 ebdrv - ok
18:29:11.0855 4048 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:29:11.0857 4048 EFS - ok
18:29:11.0888 4048 [ 18DD872DD46ACB24E106DC2C9C270466 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
18:29:11.0890 4048 EgisTec Ticket Service - ok
18:29:11.0930 4048 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:29:11.0936 4048 ehRecvr - ok
18:29:11.0940 4048 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
18:29:11.0942 4048 ehSched - ok
18:29:11.0962 4048 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:29:11.0967 4048 elxstor - ok
18:29:11.0981 4048 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:29:11.0982 4048 ErrDev - ok
18:29:12.0002 4048 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:29:12.0007 4048 EventSystem - ok
18:29:12.0024 4048 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:29:12.0026 4048 exfat - ok
18:29:12.0042 4048 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:29:12.0044 4048 fastfat - ok
18:29:12.0069 4048 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:29:12.0077 4048 Fax - ok
18:29:12.0091 4048 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
18:29:12.0092 4048 fdc - ok
18:29:12.0111 4048 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:29:12.0112 4048 fdPHost - ok
18:29:12.0121 4048 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:29:12.0123 4048 FDResPub - ok
18:29:12.0132 4048 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:29:12.0134 4048 FileInfo - ok
18:29:12.0147 4048 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:29:12.0148 4048 Filetrace - ok
18:29:12.0162 4048 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:29:12.0163 4048 flpydisk - ok
18:29:12.0185 4048 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:29:12.0188 4048 FltMgr - ok
18:29:12.0211 4048 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:29:12.0222 4048 FontCache - ok
18:29:12.0254 4048 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:29:12.0255 4048 FontCache3.0.0.0 - ok
18:29:12.0272 4048 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:29:12.0273 4048 FsDepends - ok
18:29:12.0304 4048 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:29:12.0305 4048 Fs_Rec - ok
18:29:12.0321 4048 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:29:12.0323 4048 fvevol - ok
18:29:12.0341 4048 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:29:12.0342 4048 gagp30kx - ok
18:29:12.0375 4048 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:29:12.0377 4048 GamesAppService - ok
18:29:12.0407 4048 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:29:12.0409 4048 GEARAspiWDM - ok
18:29:12.0426 4048 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:29:12.0434 4048 gpsvc - ok
18:29:12.0461 4048 [ C9B2D1D3F86FD3673EF847DEF73B6F9E ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
18:29:12.0462 4048 GREGService - ok
18:29:12.0515 4048 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:29:12.0518 4048 gupdate - ok
18:29:12.0525 4048 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:29:12.0527 4048 gupdatem - ok
18:29:12.0573 4048 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:29:12.0575 4048 gusvc - ok
18:29:12.0590 4048 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:29:12.0591 4048 hcw85cir - ok
18:29:12.0611 4048 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:29:12.0614 4048 HdAudAddService - ok
18:29:12.0628 4048 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:29:12.0630 4048 HDAudBus - ok
18:29:12.0633 4048 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:29:12.0634 4048 HidBatt - ok
18:29:12.0637 4048 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:29:12.0638 4048 HidBth - ok
18:29:12.0649 4048 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
18:29:12.0650 4048 HidIr - ok
18:29:12.0663 4048 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
18:29:12.0665 4048 hidserv - ok
18:29:12.0668 4048 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:29:12.0669 4048 HidUsb - ok
18:29:12.0681 4048 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:29:12.0683 4048 hkmsvc - ok
18:29:12.0702 4048 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:29:12.0705 4048 HomeGroupListener - ok
18:29:12.0728 4048 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:29:12.0732 4048 HomeGroupProvider - ok
18:29:12.0735 4048 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:29:12.0737 4048 HpSAMD - ok
18:29:12.0755 4048 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:29:12.0762 4048 HTTP - ok
18:29:12.0781 4048 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:29:12.0782 4048 hwpolicy - ok
18:29:12.0794 4048 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:29:12.0795 4048 i8042prt - ok
18:29:12.0820 4048 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:29:12.0822 4048 iaStor - ok
18:29:12.0881 4048 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:29:12.0883 4048 IAStorDataMgrSvc - ok
18:29:12.0922 4048 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:29:12.0928 4048 iaStorV - ok
18:29:12.0967 4048 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:29:12.0977 4048 idsvc - ok
18:29:12.0992 4048 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:29:12.0994 4048 iirsp - ok
18:29:13.0021 4048 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:29:13.0030 4048 IKEEXT - ok
18:29:13.0110 4048 [ 82D0C8C47F6A52B695F405661D1DF50E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
18:29:13.0154 4048 IntcAzAudAddService - ok
18:29:13.0158 4048 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:29:13.0161 4048 intelide - ok
18:29:13.0192 4048 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:29:13.0193 4048 intelppm - ok
18:29:13.0209 4048 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:29:13.0211 4048 IPBusEnum - ok
18:29:13.0214 4048 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:29:13.0216 4048 IpFilterDriver - ok
18:29:13.0241 4048 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:29:13.0247 4048 iphlpsvc - ok
18:29:13.0251 4048 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:29:13.0252 4048 IPMIDRV - ok
18:29:13.0255 4048 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:29:13.0257 4048 IPNAT - ok
18:29:13.0327 4048 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:29:13.0339 4048 iPod Service - ok
18:29:13.0355 4048 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:29:13.0356 4048 IRENUM - ok
18:29:13.0359 4048 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:29:13.0360 4048 isapnp - ok
18:29:13.0378 4048 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:29:13.0381 4048 iScsiPrt - ok
18:29:13.0398 4048 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:29:13.0399 4048 kbdclass - ok
18:29:13.0408 4048 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:29:13.0410 4048 kbdhid - ok
18:29:13.0422 4048 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:29:13.0423 4048 KeyIso - ok
18:29:13.0444 4048 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:29:13.0446 4048 KSecDD - ok
18:29:13.0467 4048 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:29:13.0469 4048 KSecPkg - ok
18:29:13.0481 4048 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:29:13.0482 4048 ksthunk - ok
18:29:13.0517 4048 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:29:13.0522 4048 KtmRm - ok
18:29:13.0552 4048 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
18:29:13.0556 4048 LanmanServer - ok
18:29:13.0572 4048 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:29:13.0576 4048 LanmanWorkstation - ok
18:29:13.0622 4048 [ B705C7097F9A0EC941D02DCE7C7D426C ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
18:29:13.0625 4048 Live Updater Service - ok
18:29:13.0643 4048 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:29:13.0644 4048 lltdio - ok
18:29:13.0663 4048 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:29:13.0668 4048 lltdsvc - ok
18:29:13.0678 4048 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:29:13.0680 4048 lmhosts - ok
18:29:13.0715 4048 [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:29:13.0719 4048 LMS - ok
18:29:13.0737 4048 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:29:13.0739 4048 LSI_FC - ok
18:29:13.0743 4048 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:29:13.0745 4048 LSI_SAS - ok
18:29:13.0749 4048 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:29:13.0751 4048 LSI_SAS2 - ok
18:29:13.0769 4048 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:29:13.0771 4048 LSI_SCSI - ok
18:29:13.0774 4048 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:29:13.0776 4048 luafv - ok
18:29:13.0883 4048 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
18:29:13.0970 4048 LVUVC64 - ok
18:29:14.0032 4048 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
18:29:14.0034 4048 McAfee SiteAdvisor Service - ok
18:29:14.0046 4048 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:29:14.0049 4048 Mcx2Svc - ok
18:29:14.0053 4048 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
18:29:14.0054 4048 megasas - ok
18:29:14.0061 4048 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:29:14.0065 4048 MegaSR - ok
18:29:14.0068 4048 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
18:29:14.0069 4048 MEIx64 - ok
18:29:14.0082 4048 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:29:14.0085 4048 MMCSS - ok
18:29:14.0088 4048 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:29:14.0089 4048 Modem - ok
18:29:14.0100 4048 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:29:14.0102 4048 monitor - ok
18:29:14.0111 4048 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:29:14.0112 4048 mouclass - ok
18:29:14.0119 4048 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:29:14.0120 4048 mouhid - ok
18:29:14.0126 4048 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:29:14.0128 4048 mountmgr - ok
18:29:14.0159 4048 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:29:14.0161 4048 MozillaMaintenance - ok
18:29:14.0181 4048 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:29:14.0183 4048 mpio - ok
18:29:14.0201 4048 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:29:14.0203 4048 mpsdrv - ok
18:29:14.0213 4048 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:29:14.0221 4048 MpsSvc - ok
18:29:14.0225 4048 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:29:14.0227 4048 MRxDAV - ok
18:29:14.0257 4048 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:29:14.0259 4048 mrxsmb - ok
18:29:14.0273 4048 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:29:14.0276 4048 mrxsmb10 - ok
18:29:14.0287 4048 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:29:14.0289 4048 mrxsmb20 - ok
18:29:14.0296 4048 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:29:14.0298 4048 msahci - ok
18:29:14.0317 4048 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:29:14.0319 4048 msdsm - ok
18:29:14.0346 4048 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:29:14.0349 4048 MSDTC - ok
18:29:14.0362 4048 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:29:14.0363 4048 Msfs - ok
18:29:14.0373 4048 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:29:14.0373 4048 mshidkmdf - ok
18:29:14.0389 4048 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:29:14.0390 4048 msisadrv - ok
18:29:14.0417 4048 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:29:14.0420 4048 MSiSCSI - ok
18:29:14.0422 4048 msiserver - ok
18:29:14.0426 4048 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:29:14.0427 4048 MSKSSRV - ok
18:29:14.0430 4048 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:29:14.0431 4048 MSPCLOCK - ok
18:29:14.0439 4048 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:29:14.0440 4048 MSPQM - ok
18:29:14.0453 4048 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:29:14.0456 4048 MsRPC - ok
18:29:14.0486 4048 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:29:14.0487 4048 mssmbios - ok
18:29:14.0497 4048 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:29:14.0498 4048 MSTEE - ok
18:29:14.0500 4048 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:29:14.0501 4048 MTConfig - ok
18:29:14.0510 4048 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:29:14.0511 4048 Mup - ok
18:29:14.0522 4048 [ C009123B206C56854F4E88596035231D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
18:29:14.0523 4048 mwlPSDFilter - ok
18:29:14.0529 4048 [ BF3739EEB9F008B1DEBAC115089A53F8 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
18:29:14.0530 4048 mwlPSDNServ - ok
18:29:14.0545 4048 [ 38DD143D95E7A01B86F219DDA9C28779 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
18:29:14.0547 4048 mwlPSDVDisk - ok
18:29:14.0568 4048 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:29:14.0573 4048 napagent - ok
18:29:14.0586 4048 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:29:14.0589 4048 NativeWifiP - ok
18:29:14.0629 4048 [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
18:29:14.0631 4048 NAUpdate - ok
18:29:14.0673 4048 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:29:14.0685 4048 NDIS - ok
18:29:14.0701 4048 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:29:14.0702 4048 NdisCap - ok
18:29:14.0718 4048 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:29:14.0719 4048 NdisTapi - ok
18:29:14.0731 4048 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:29:14.0732 4048 Ndisuio - ok
18:29:14.0746 4048 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:29:14.0748 4048 NdisWan - ok
18:29:14.0762 4048 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:29:14.0763 4048 NDProxy - ok
18:29:14.0779 4048 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:29:14.0780 4048 NetBIOS - ok
18:29:14.0791 4048 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:29:14.0794 4048 NetBT - ok
18:29:14.0810 4048 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:29:14.0812 4048 Netlogon - ok
18:29:14.0822 4048 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:29:14.0827 4048 Netman - ok
18:29:14.0839 4048 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:29:14.0844 4048 netprofm - ok
18:29:14.0861 4048 [ B72BB9496A126FCFC7FC5945DED9B411 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
18:29:14.0867 4048 netr28x - ok
18:29:14.0896 4048 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:29:14.0897 4048 NetTcpPortSharing - ok
18:29:14.0900 4048 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:29:14.0902 4048 nfrd960 - ok
18:29:14.0923 4048 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:29:14.0927 4048 NlaSvc - ok
18:29:14.0994 4048 [ 5839A8027D6D324A7CD494051A96628C ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
18:29:15.0046 4048 NOBU - ok
18:29:15.0066 4048 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:29:15.0067 4048 Npfs - ok
18:29:15.0080 4048 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:29:15.0083 4048 nsi - ok
18:29:15.0096 4048 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:29:15.0096 4048 nsiproxy - ok
18:29:15.0148 4048 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:29:15.0183 4048 Ntfs - ok
18:29:15.0220 4048 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:29:15.0221 4048 Null - ok
18:29:15.0253 4048 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:29:15.0256 4048 nvraid - ok
18:29:15.0280 4048 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:29:15.0284 4048 nvstor - ok
18:29:15.0302 4048 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:29:15.0304 4048 nv_agp - ok
18:29:15.0370 4048 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:29:15.0377 4048 odserv - ok
18:29:15.0395 4048 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:29:15.0397 4048 ohci1394 - ok
18:29:15.0424 4048 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:29:15.0426 4048 ose - ok
18:29:15.0447 4048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:29:15.0452 4048 p2pimsvc - ok
18:29:15.0471 4048 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:29:15.0477 4048 p2psvc - ok
18:29:15.0481 4048 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
18:29:15.0483 4048 Parport - ok
18:29:15.0519 4048 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:29:15.0520 4048 partmgr - ok
18:29:15.0525 4048 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:29:15.0529 4048 PcaSvc - ok
18:29:15.0541 4048 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:29:15.0543 4048 pci - ok
18:29:15.0561 4048 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:29:15.0562 4048 pciide - ok
18:29:15.0567 4048 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:29:15.0570 4048 pcmcia - ok
18:29:15.0579 4048 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:29:15.0580 4048 pcw - ok
18:29:15.0588 4048 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:29:15.0594 4048 PEAUTH - ok
18:29:15.0648 4048 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:29:15.0650 4048 PerfHost - ok
18:29:15.0681 4048 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:29:15.0695 4048 pla - ok
18:29:15.0734 4048 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:29:15.0740 4048 PlugPlay - ok
18:29:15.0747 4048 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:29:15.0750 4048 PNRPAutoReg - ok
18:29:15.0755 4048 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:29:15.0758 4048 PNRPsvc - ok
18:29:15.0789 4048 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:29:15.0795 4048 PolicyAgent - ok
18:29:15.0823 4048 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:29:15.0827 4048 Power - ok
18:29:15.0840 4048 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:29:15.0842 4048 PptpMiniport - ok
18:29:15.0856 4048 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
18:29:15.0857 4048 Processor - ok
18:29:15.0889 4048 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:29:15.0893 4048 ProfSvc - ok
18:29:15.0899 4048 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:29:15.0901 4048 ProtectedStorage - ok
18:29:15.0916 4048 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:29:15.0918 4048 Psched - ok
18:29:15.0946 4048 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:29:15.0959 4048 ql2300 - ok
18:29:15.0963 4048 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:29:15.0965 4048 ql40xx - ok
18:29:15.0991 4048 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:29:15.0995 4048 QWAVE - ok
18:29:16.0007 4048 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:29:16.0008 4048 QWAVEdrv - ok
18:29:16.0011 4048 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:29:16.0012 4048 RasAcd - ok
18:29:16.0037 4048 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:29:16.0038 4048 RasAgileVpn - ok
18:29:16.0058 4048 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:29:16.0060 4048 RasAuto - ok
18:29:16.0070 4048 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:29:16.0072 4048 Rasl2tp - ok
18:29:16.0078 4048 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:29:16.0083 4048 RasMan - ok
18:29:16.0097 4048 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:29:16.0098 4048 RasPppoe - ok
18:29:16.0112 4048 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:29:16.0114 4048 RasSstp - ok
18:29:16.0124 4048 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:29:16.0127 4048 rdbss - ok
18:29:16.0136 4048 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:29:16.0137 4048 rdpbus - ok
18:29:16.0151 4048 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:29:16.0151 4048 RDPCDD - ok
18:29:16.0158 4048 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:29:16.0159 4048 RDPENCDD - ok
18:29:16.0168 4048 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:29:16.0169 4048 RDPREFMP - ok
18:29:16.0214 4048 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:29:16.0215 4048 RdpVideoMiniport - ok
18:29:16.0249 4048 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:29:16.0251 4048 RDPWD - ok
18:29:16.0256 4048 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:29:16.0258 4048 rdyboost - ok
18:29:16.0279 4048 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:29:16.0282 4048 RemoteAccess - ok
18:29:16.0298 4048 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:29:16.0302 4048 RemoteRegistry - ok
18:29:16.0313 4048 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:29:16.0316 4048 RpcEptMapper - ok
18:29:16.0342 4048 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:29:16.0344 4048 RpcLocator - ok
18:29:16.0363 4048 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:29:16.0367 4048 RpcSs - ok
18:29:16.0380 4048 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:29:16.0381 4048 rspndr - ok
18:29:16.0388 4048 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:29:16.0390 4048 SamSs - ok
18:29:16.0402 4048 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:29:16.0404 4048 sbp2port - ok
18:29:16.0473 4048 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
18:29:16.0487 4048 SBSDWSCService - ok
18:29:16.0504 4048 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:29:16.0507 4048 SCardSvr - ok
18:29:16.0510 4048 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:29:16.0512 4048 scfilter - ok
18:29:16.0533 4048 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:29:16.0544 4048 Schedule - ok
18:29:16.0561 4048 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:29:16.0562 4048 SCPolicySvc - ok
18:29:16.0566 4048 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:29:16.0570 4048 SDRSVC - ok
18:29:16.0577 4048 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:29:16.0578 4048 secdrv - ok
18:29:16.0593 4048 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:29:16.0596 4048 seclogon - ok
18:29:16.0607 4048 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
18:29:16.0610 4048 SENS - ok
18:29:16.0623 4048 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:29:16.0626 4048 SensrSvc - ok
18:29:16.0629 4048 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
18:29:16.0630 4048 Serenum - ok
18:29:16.0633 4048 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
18:29:16.0635 4048 Serial - ok
18:29:16.0638 4048 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:29:16.0639 4048 sermouse - ok
18:29:16.0658 4048 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:29:16.0661 4048 SessionEnv - ok
18:29:16.0664 4048 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:29:16.0665 4048 sffdisk - ok
18:29:16.0668 4048 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:29:16.0668 4048 sffp_mmc - ok
18:29:16.0671 4048 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:29:16.0672 4048 sffp_sd - ok
18:29:16.0675 4048 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:29:16.0676 4048 sfloppy - ok
18:29:16.0692 4048 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:29:16.0696 4048 SharedAccess - ok
18:29:16.0728 4048 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:29:16.0733 4048 ShellHWDetection - ok
18:29:16.0736 4048 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:29:16.0738 4048 SiSRaid2 - ok
18:29:16.0741 4048 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:29:16.0742 4048 SiSRaid4 - ok
18:29:16.0783 4048 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:29:16.0785 4048 SkypeUpdate - ok
18:29:16.0804 4048 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:29:16.0805 4048 Smb - ok
18:29:16.0827 4048 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:29:16.0830 4048 SNMPTRAP - ok
18:29:16.0839 4048 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:29:16.0840 4048 spldr - ok
18:29:16.0875 4048 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:29:16.0882 4048 Spooler - ok
18:29:16.0940 4048 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:29:17.0008 4048 sppsvc - ok
18:29:17.0029 4048 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:29:17.0032 4048 sppuinotify - ok
18:29:17.0072 4048 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:29:17.0078 4048 srv - ok
18:29:17.0111 4048 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:29:17.0117 4048 srv2 - ok
18:29:17.0136 4048 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:29:17.0139 4048 srvnet - ok
18:29:17.0165 4048 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:29:17.0172 4048 SSDPSRV - ok
18:29:17.0178 4048 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:29:17.0184 4048 SstpSvc - ok
18:29:17.0200 4048 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:29:17.0201 4048 stexstor - ok
18:29:17.0224 4048 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:29:17.0232 4048 stisvc - ok
18:29:17.0248 4048 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:29:17.0250 4048 swenum - ok
18:29:17.0282 4048 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:29:17.0289 4048 swprv - ok
18:29:17.0327 4048 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:29:17.0359 4048 SysMain - ok
18:29:17.0370 4048 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:29:17.0374 4048 TabletInputService - ok
18:29:17.0394 4048 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:29:17.0400 4048 TapiSrv - ok
18:29:17.0417 4048 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:29:17.0420 4048 TBS - ok
18:29:17.0476 4048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:29:17.0508 4048 Tcpip - ok
18:29:17.0533 4048 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:29:17.0543 4048 TCPIP6 - ok
18:29:17.0579 4048 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:29:17.0580 4048 tcpipreg - ok
18:29:17.0597 4048 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:29:17.0598 4048 TDPIPE - ok
18:29:17.0619 4048 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:29:17.0620 4048 TDTCP - ok
18:29:17.0633 4048 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:29:17.0635 4048 tdx - ok
18:29:17.0651 4048 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:29:17.0652 4048 TermDD - ok
18:29:17.0672 4048 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:29:17.0680 4048 TermService - ok
18:29:17.0712 4048 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:29:17.0714 4048 Themes - ok
18:29:17.0727 4048 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:29:17.0728 4048 THREADORDER - ok
18:29:17.0771 4048 [ EFEF22B9577E5051057FDE1AE381B50C ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
18:29:17.0772 4048 TomTomHOMEService - ok
18:29:17.0786 4048 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:29:17.0789 4048 TrkWks - ok
18:29:17.0825 4048 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:29:17.0827 4048 TrustedInstaller - ok
18:29:17.0837 4048 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:29:17.0839 4048 tssecsrv - ok
18:29:17.0861 4048 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:29:17.0863 4048 TsUsbFlt - ok
18:29:17.0887 4048 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:29:17.0889 4048 TsUsbGD - ok
18:29:17.0899 4048 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:29:17.0901 4048 tunnel - ok
18:29:17.0911 4048 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:29:17.0913 4048 uagp35 - ok
18:29:17.0938 4048 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:29:17.0942 4048 udfs - ok
18:29:17.0974 4048 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:29:17.0979 4048 UI0Detect - ok
18:29:17.0992 4048 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:29:17.0994 4048 uliagpkx - ok
18:29:18.0004 4048 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:29:18.0006 4048 umbus - ok
18:29:18.0009 4048 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
18:29:18.0010 4048 UmPass - ok
18:29:18.0044 4048 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
18:29:18.0048 4048 UMVPFSrv - ok
18:29:18.0147 4048 [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
18:29:18.0205 4048 UNS - ok
18:29:18.0228 4048 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:29:18.0234 4048 upnphost - ok
18:29:18.0272 4048 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
18:29:18.0274 4048 USBAAPL64 - ok
18:29:18.0306 4048 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:29:18.0309 4048 usbaudio - ok
18:29:18.0342 4048 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:29:18.0344 4048 usbccgp - ok
18:29:18.0349 4048 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:29:18.0352 4048 usbcir - ok
18:29:18.0361 4048 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
18:29:18.0363 4048 usbehci - ok
18:29:18.0376 4048 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:29:18.0381 4048 usbhub - ok
18:29:18.0423 4048 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:29:18.0425 4048 usbohci - ok
18:29:18.0437 4048 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:29:18.0439 4048 usbprint - ok
18:29:18.0464 4048 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:29:18.0466 4048 usbscan - ok
18:29:18.0496 4048 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:29:18.0497 4048 USBSTOR - ok
18:29:18.0505 4048 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:29:18.0507 4048 usbuhci - ok
18:29:18.0535 4048 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:29:18.0538 4048 usbvideo - ok
18:29:18.0549 4048 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:29:18.0553 4048 UxSms - ok
18:29:18.0566 4048 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:29:18.0567 4048 VaultSvc - ok
18:29:18.0582 4048 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:29:18.0582 4048 vdrvroot - ok
18:29:18.0616 4048 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:29:18.0622 4048 vds - ok
18:29:18.0664 4048 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:29:18.0666 4048 vga - ok
18:29:18.0682 4048 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:29:18.0684 4048 VgaSave - ok
18:29:18.0691 4048 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:29:18.0695 4048 vhdmp - ok
18:29:18.0700 4048 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:29:18.0702 4048 viaide - ok
18:29:18.0713 4048 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:29:18.0715 4048 volmgr - ok
18:29:18.0734 4048 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:29:18.0737 4048 volmgrx - ok
18:29:18.0743 4048 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:29:18.0745 4048 volsnap - ok
18:29:18.0755 4048 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:29:18.0757 4048 vsmraid - ok
18:29:18.0792 4048 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:29:18.0812 4048 VSS - ok
18:29:18.0815 4048 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:29:18.0816 4048 vwifibus - ok
18:29:18.0826 4048 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:29:18.0828 4048 vwififlt - ok
18:29:18.0845 4048 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:29:18.0850 4048 W32Time - ok
18:29:18.0855 4048 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:29:18.0856 4048 WacomPen - ok
18:29:18.0874 4048 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:29:18.0875 4048 WANARP - ok
18:29:18.0880 4048 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:29:18.0881 4048 Wanarpv6 - ok
18:29:18.0918 4048 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:29:18.0929 4048 WatAdminSvc - ok
18:29:18.0964 4048 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:29:18.0985 4048 wbengine - ok
18:29:19.0004 4048 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:29:19.0009 4048 WbioSrvc - ok
18:29:19.0021 4048 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:29:19.0027 4048 wcncsvc - ok
18:29:19.0040 4048 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:29:19.0044 4048 WcsPlugInService - ok
18:29:19.0047 4048 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
18:29:19.0049 4048 Wd - ok
18:29:19.0057 4048 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:29:19.0063 4048 Wdf01000 - ok
18:29:19.0087 4048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:29:19.0090 4048 WdiServiceHost - ok
18:29:19.0093 4048 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:29:19.0096 4048 WdiSystemHost - ok
18:29:19.0117 4048 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:29:19.0121 4048 WebClient - ok
18:29:19.0133 4048 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:29:19.0138 4048 Wecsvc - ok
18:29:19.0162 4048 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:29:19.0165 4048 wercplsupport - ok
18:29:19.0179 4048 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:29:19.0182 4048 WerSvc - ok
18:29:19.0197 4048 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:29:19.0198 4048 WfpLwf - ok
18:29:19.0201 4048 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:29:19.0202 4048 WIMMount - ok
18:29:19.0231 4048 WinDefend - ok
18:29:19.0234 4048 WinHttpAutoProxySvc - ok
18:29:19.0277 4048 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:29:19.0279 4048 Winmgmt - ok
18:29:19.0337 4048 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:29:19.0378 4048 WinRM - ok
18:29:19.0425 4048 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS
18:29:19.0426 4048 winusb - ok
18:29:19.0460 4048 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:29:19.0471 4048 Wlansvc - ok
18:29:19.0512 4048 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:29:19.0514 4048 wlcrasvc - ok
18:29:19.0576 4048 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:29:19.0616 4048 wlidsvc - ok
18:29:19.0629 4048 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:29:19.0630 4048 WmiAcpi - ok
18:29:19.0648 4048 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:29:19.0651 4048 wmiApSrv - ok
18:29:19.0670 4048 WMPNetworkSvc - ok
18:29:19.0688 4048 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:29:19.0692 4048 WPCSvc - ok
18:29:19.0703 4048 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:29:19.0707 4048 WPDBusEnum - ok
18:29:19.0726 4048 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:29:19.0727 4048 ws2ifsl - ok
18:29:19.0746 4048 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
18:29:19.0750 4048 wscsvc - ok
18:29:19.0753 4048 WSearch - ok
18:29:19.0837 4048 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:29:19.0867 4048 wuauserv - ok
18:29:19.0884 4048 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:29:19.0886 4048 WudfPf - ok
18:29:19.0894 4048 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:29:19.0896 4048 WUDFRd - ok
18:29:19.0919 4048 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:29:19.0923 4048 wudfsvc - ok
18:29:19.0935 4048 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:29:19.0940 4048 WwanSvc - ok
18:29:19.0943 4048 ================ Scan global ===============================
18:29:19.0984 4048 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:29:20.0026 4048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:29:20.0038 4048 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:29:20.0059 4048 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:29:20.0084 4048 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:29:20.0090 4048 [Global] - ok
18:29:20.0090 4048 ================ Scan MBR ==================================
18:29:20.0108 4048 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:29:20.0318 4048 \Device\Harddisk0\DR0 - ok
18:29:20.0322 4048 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
18:29:20.0328 4048 \Device\Harddisk3\DR3 - ok
18:29:20.0329 4048 ================ Scan VBR ==================================
18:29:20.0332 4048 [ BFE0195308389FF7A639AE2305D8E469 ] \Device\Harddisk0\DR0\Partition1
18:29:20.0333 4048 \Device\Harddisk0\DR0\Partition1 - ok
18:29:20.0341 4048 [ 7289CFBAEC543ECFA205EA6BF21DC7C7 ] \Device\Harddisk0\DR0\Partition2
18:29:20.0342 4048 \Device\Harddisk0\DR0\Partition2 - ok
18:29:20.0361 4048 [ 4050A992F4AB4731C30701AFFF017186 ] \Device\Harddisk0\DR0\Partition3
18:29:20.0362 4048 \Device\Harddisk0\DR0\Partition3 - ok
18:29:20.0364 4048 [ 4DECADB028C37A052285622362201716 ] \Device\Harddisk3\DR3\Partition1
18:29:20.0366 4048 \Device\Harddisk3\DR3\Partition1 - ok
18:29:20.0366 4048 ============================================================
18:29:20.0367 4048 Scan finished
18:29:20.0367 4048 ============================================================
18:29:20.0374 5240 Detected object count: 0
18:29:20.0374 5240 Actual detected object count: 0

jeanmimigab · le 02 Nov 2012 18:52

bonne nouvelle car les dossiers cachés de ce rootkit sont bien là depuis l'année dernière (2011/11/17)

[2011/11/17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Thierry\AppData\Local\{360fd7ac-276c-c4f2-d8d9-a3a1251a22cb}\@
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Thierry\AppData\Local\{360fd7ac-276c-c4f2-d8d9-a3a1251a22cb}\L
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Thierry\AppData\Local\{360fd7ac-276c-c4f2-d8d9-a3a1251a22cb}\U

Télécharge Combofix.exe sur ton bureau

Double clique ComboFix.exe pour démarrer le scanne et suis les instructions indiquées par combofix.
Lorsque le scanne sera complet, le pc redémarrera et un rapport apparaîtra, enregistre le sur ton bureau.
Redémarre impérativement une nouvelle fois ton pc !!
Copie/colle le rapport combofix dans ta prochaine réponse

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ; ceci provoquerait le gel du programme.

Zellec · le 02 Nov 2012 20:07

Désolé pour le retard, c'était un peu long et je suis parti me commander une pizza

.
Merci dans tous les cas. je me demandais ce que ce rootkit pouvait bien faire. En termes de typologie, c'est quel genre de menace?

Voici le lien vers le rapport après redémarrage et scan de combofix, ou plutôt l'inverse dans le bon ordre:

http://cjoint.com/?BKcudDQJcQS

jeanmimigab · le 02 Nov 2012 20:36

tu m'as gardés une part j'espère

à l'époque où tu avais ce rootkit, il avait transformé ton pc en botnet.
Aujourd'hui ZA ne fonctionne plus exactement de la même manière
http://www.sophos.com/en-us/medialibrar ... Botnet.pdf

* Fais un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

:OTL
IE - HKLM\..\SearchScopes,DefaultScope =.
O2:64bit: - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - AutoRun File - [2009/12/01 10:06:48 | 000,000,000 | RH-D | M] - J:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/17 03:56:50 | 000,000,036 | RH-- | M] () - J:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{538885d1-d0bc-11e0-a3d6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{538885d1-d0bc-11e0-a3d6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{538885d1-d0bc-11e0-a3d6-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{538885d1-d0bc-11e0-a3d6-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34
[2011/11/17 07:41:18 | 000,002,048 | -HS- | M] () -- C:\Users\Thierry\AppData\Local\{360fd7ac-276c-c4f2-d8d9-a3a1251a22cb}\@
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Thierry\AppData\Local\{360fd7ac-276c-c4f2-d8d9-a3a1251a22cb}\L
[2011/11/17 07:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Thierry\AppData\Local\{360fd7ac-276c-c4f2-d8d9-a3a1251a22cb}\U

:Files
C:\Program Files (x86)\Search Results Toolbar\Datamngr
C:\Users\Thierry\AppData\Local\{360fd7ac-276c-c4f2-d8d9-a3a1251a22cb}

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

:Commands
[emptytemp]

* Cliques sur l'icône "Correction" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport va s'ouvrir
* Copie et colle le rapports dans ta réponse stp...

Zellec · le 02 Nov 2012 20:41

Merci beaucoup. je fais tout ça et le poste sur le forum.
Un enseignement en attendant le site keepvid.com semble être un site qui renvoie directement sur le téléchargement de ilivid, source coriace d'adware, à déconseiller. Finalement avec un realplayer, la possibilité de sauvegarder des vidéos est assez simple et semble moins risquée. On ne m'y reprendra plus.
A toute. et merci encore

Zellec · le 02 Nov 2012 20:54

Re-bonjour,

ou plutôt bonsoir (nuit tombée et pizza dégustée :lol:

)

Voici le dernier rapport:

http://cjoint.com/?BKcuZKDQyZc

Merci encore.

jeanmimigab · le 02 Nov 2012 20:55

vi, c'est la mode en ce moment
http://www.tomsguide.fr/article/virus-m ... 815-7.html

[réglé] datamnger

[réglé] datamnger

Re: datamnger

Re: datamnger

Re: datamnger

Re: datamnger

Re: datamnger

rapports OTL et EXtra

Re: datamnger

suite

Re: datamnger

suite après combofix

Re: datamnger

Re: datamnger

rapport OTL après redémarrage PC

Re: datamnger

Sujets similaires

Qui est en ligne