Sujet Précédent Sujet Suivant

Virus activité illégale

Résolu/Fermé
Psychotrope Messages postés 7 Date d'inscription mercredi 18 juillet 2012 Statut Membre Dernière intervention 19 juillet 2012 - 18 juil. 2012 à 22:44
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 19 juil. 2012 à 09:55
Bonjour,



Je suis sur windows 7, je viens d'etre infecté par le virus "Activité illégale détectéé".

J'ai réussi a activer le mode sans echec, et en parcourant les forums, j'ai utilisé le ZHPdiag, et j'ai posté le résultat à l'adresse :

http://dl.free.fr/getfile.pl?file=/JgsmprV4

A partir de là, je suis complètement perdu. Quelqu'un peut-il m'aider ?

10 réponses

Réponse 1 / 10
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
18 juil. 2012 à 22:46
bonjour

Téléchargez et enregistrez RogueKiller sur le bureau
https://www.luanagames.com/index.fr.html (by tigzy)

Quittez tous les programmes
Lancez RogueKiller.exe.
Attendez que le Prescan ait fini ...
Cliquez sur Scan. Cliquez sur Rapport et copiez-collez le contenu du notepad

* Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois
1
Psychotrope Messages postés 7 Date d'inscription mercredi 18 juillet 2012 Statut Membre Dernière intervention 19 juillet 2012
18 juil. 2012 à 23:08
Voici le resultat du RogueKiller :

RogueKiller V7.6.4 [07/17/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: Vincent [Droits d'admin]
Mode: Recherche -- Date: 07/18/2012 23:02:49

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 4 ¤¤¤
[Rans.Gendarm] HKCU\[...]\Run : Update (C:\Users\Vincent\AppData\Roaming\toip0_tmp.exe) -> FOUND
[Rans.Gendarm] HKUS\S-1-5-21-954789825-2839196598-34951441-1000[...]\Run : Update (C:\Users\Vincent\AppData\Roaming\toip0_tmp.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] b773a81a25ca6c358fa42109e64b038c
[BSP] ccd3accdb513340c9ac0d6cf9d035181 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD My Passport 070A USB Device +++++
--- User ---
[MBR] 9e717d618973e76f1de1b96fa17acb80
[BSP] 3ea43c578814ce9a5ee575e4ca807fdc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476269 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: +++++
--- User ---
[MBR] 641815eed99c9e28c2150980dcfc6de1
[BSP] 4231de2a25d826626999633afd255300 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 1900 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1].txt >>
RKreport[1].txt


Que faut-il faire ?
0
Réponse 2 / 10
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
18 juil. 2012 à 23:11
ok

1)

relance roguekiller
option suppression

poste le rapport stp

..............

2)

Rend toi sur http://pjjoint.malekal.com/

Clique sur "Parcourir "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
0
Réponse 3 / 10
Psychotrope Messages postés 7 Date d'inscription mercredi 18 juillet 2012 Statut Membre Dernière intervention 19 juillet 2012
18 juil. 2012 à 23:50
Merci mille fois pour votre support

1/ Voici le rapport Rogue Killer avec suppression

RogueKiller V7.6.4 [07/17/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur: Vincent [Droits d'admin]
Mode: Suppression -- Date: 07/18/2012 23:25:02

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 3 ¤¤¤
[Rans.Gendarm] HKCU\[...]\Run : Update (C:\Users\Vincent\AppData\Roaming\toip0_tmp.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [NON CHARGE] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST9320325AS +++++
--- User ---
[MBR] b773a81a25ca6c358fa42109e64b038c
[BSP] ccd3accdb513340c9ac0d6cf9d035181 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD My Passport 070A USB Device +++++
--- User ---
[MBR] 9e717d618973e76f1de1b96fa17acb80
[BSP] 3ea43c578814ce9a5ee575e4ca807fdc : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476269 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


2/ Je ne suis très doué.
Je ne parvient pas à envoyer le fichier sur http://pjjoint.malekal.com

Voici l'adresse ou ce fichier ZHPDiag_vincent.txt est déposé :
http://dl.free.fr/getfile.pl?file=/9U2WTuA2
0
Réponse 4 / 10
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
18 juil. 2012 à 23:53
je n'arrive pas à le trouver sur free

Télécharge Reload_TDSSKiller sur le bureau
https://forum.malekal.com/viewtopic.php?t=28637&start=

Lance le

choisis : lancer le nettoyage

TDSSKiller va s'ouvrir , clique sur "Start Scan"

Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
Si Rootkit.Win32.ZAccess.* est détecté règle sur "cure" en haut , et "delete" en bas

une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer

sinon , ferme tdssKiller et le rapport s'affichera sur le bureau


Copie/Colle son contenu dans ta prochaine réponse.
0
Mikiz86 Messages postés 127 Date d'inscription jeudi 23 février 2012 Statut Membre Dernière intervention 24 août 2015 22
Modifié par Mikiz86 le 19/07/2012 à 00:02
si je peux me permettre, j'ai reuploadé son zhpdiag au cas ou ;)

http://cjoint.com/data3/3Gsx5QBRbdY.htm
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 10
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
Modifié par moment de grace le 19/07/2012 à 00:04
@ Mikiz86

merci (sourire)

............

ok

on oublie tdss si ce n'est pas fait

1)


Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.

http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner

Lance le, clique sur SUPPRESSION puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleane.txt

.................

2)

lances MalwareByte's Anti-Malware que tu possèdes


. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen rapide
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

...................

3)

refais un nouveau rapport ZHPdiag stp

Rend toi sur http://pjjoint.malekal.com/

Clique sur "Parcourir "

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau

Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message


CONTRIBUTEUR SECURITE

En désinfection, c'est la fin le plus important !
"Restez" jusqu'au bout...merci
0
Réponse 6 / 10
Psychotrope Messages postés 7 Date d'inscription mercredi 18 juillet 2012 Statut Membre Dernière intervention 19 juillet 2012
19 juil. 2012 à 00:15
Voici le rapport TDSS rootkit

00:07:55.0634 2948 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
00:07:55.0723 2948 ============================================================
00:07:55.0723 2948 Current date / time: 2012/07/19 00:07:55.0723
00:07:55.0723 2948 SystemInfo:
00:07:55.0723 2948
00:07:55.0723 2948 OS Version: 6.1.7601 ServicePack: 1.0
00:07:55.0723 2948 Product type: Workstation
00:07:55.0723 2948 ComputerName: VINCENT-PC
00:07:55.0724 2948 UserName: Vincent
00:07:55.0724 2948 Windows directory: C:\Windows
00:07:55.0724 2948 System windows directory: C:\Windows
00:07:55.0724 2948 Running under WOW64
00:07:55.0724 2948 Processor architecture: Intel x64
00:07:55.0724 2948 Number of processors: 4
00:07:55.0724 2948 Page size: 0x1000
00:07:55.0724 2948 Boot type: Safe boot with network
00:07:55.0724 2948 ============================================================
00:07:56.0593 2948 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:07:56.0596 2948 Drive \Device\Harddisk1\DR6 - Size: 0x7446E00000 (465.11 Gb), SectorSize: 0x200, Cylinders: 0xED2B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:08:00.0437 2948 Drive \Device\Harddisk3\DR10 - Size: 0x76CF8000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:08:00.0438 2948 ============================================================
00:08:00.0438 2948 \Device\Harddisk0\DR0:
00:08:00.0439 2948 MBR partitions:
00:08:00.0439 2948 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
00:08:00.0439 2948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
00:08:00.0439 2948 \Device\Harddisk1\DR6:
00:08:00.0462 2948 MBR partitions:
00:08:00.0462 2948 \Device\Harddisk1\DR6\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A236800
00:08:00.0462 2948 \Device\Harddisk3\DR10:
00:08:00.0463 2948 MBR partitions:
00:08:00.0463 2948 \Device\Harddisk3\DR10\Partition0: MBR, Type 0x6, StartLBA 0x3F, BlocksNum 0x3B6661
00:08:00.0463 2948 ============================================================
00:08:00.0501 2948 C: <-> \Device\Harddisk0\DR0\Partition1
00:08:00.0537 2948 H: <-> \Device\Harddisk1\DR6\Partition0
00:08:00.0537 2948 ============================================================
00:08:00.0537 2948 Initialize success
00:08:00.0537 2948 ============================================================
00:08:06.0780 1968 ============================================================
00:08:06.0780 1968 Scan started
00:08:06.0780 1968 Mode: Manual;
00:08:06.0780 1968 ============================================================
00:08:07.0300 1968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:08:07.0304 1968 1394ohci - ok
00:08:07.0340 1968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:08:07.0346 1968 ACPI - ok
00:08:07.0378 1968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:08:07.0380 1968 AcpiPmi - ok
00:08:07.0491 1968 AcrSch2Svc (57c18ea3cd976522d04cf5a8ad6d172e) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
00:08:07.0497 1968 AcrSch2Svc - ok
00:08:07.0595 1968 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:08:07.0595 1968 AdobeARMservice - ok
00:08:07.0736 1968 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:08:07.0738 1968 AdobeFlashPlayerUpdateSvc - ok
00:08:07.0875 1968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:08:07.0899 1968 adp94xx - ok
00:08:07.0940 1968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:08:07.0945 1968 adpahci - ok
00:08:07.0989 1968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:08:07.0993 1968 adpu320 - ok
00:08:08.0025 1968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:08:08.0027 1968 AeLookupSvc - ok
00:08:08.0134 1968 afcdp (1ee367dec27e3ce00657f5bb71f5f7a7) C:\Windows\system32\DRIVERS\afcdp.sys
00:08:08.0139 1968 afcdp - ok
00:08:08.0341 1968 afcdpsrv (a5b21ff40d3742e20f5fed6594d292d4) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
00:08:08.0355 1968 afcdpsrv - ok
00:08:08.0543 1968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:08:08.0546 1968 AFD - ok
00:08:08.0598 1968 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
00:08:08.0599 1968 AgereModemAudio - ok
00:08:08.0664 1968 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
00:08:08.0717 1968 AgereSoftModem - ok
00:08:08.0765 1968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:08:08.0767 1968 agp440 - ok
00:08:08.0814 1968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:08:08.0816 1968 ALG - ok
00:08:08.0846 1968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:08:08.0848 1968 aliide - ok
00:08:08.0928 1968 AMD External Events Utility (41a0813f22d3330c0ca71ce5bbd42b12) C:\Windows\system32\atiesrxx.exe
00:08:08.0932 1968 AMD External Events Utility - ok
00:08:08.0945 1968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:08:08.0947 1968 amdide - ok
00:08:08.0995 1968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:08:08.0997 1968 AmdK8 - ok
00:08:09.0017 1968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:08:09.0020 1968 AmdPPM - ok
00:08:09.0061 1968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:08:09.0064 1968 amdsata - ok
00:08:09.0094 1968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:08:09.0098 1968 amdsbs - ok
00:08:09.0113 1968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:08:09.0115 1968 amdxata - ok
00:08:09.0162 1968 AmUStor (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
00:08:09.0164 1968 AmUStor - ok
00:08:09.0233 1968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:08:09.0235 1968 AppID - ok
00:08:09.0266 1968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:08:09.0268 1968 AppIDSvc - ok
00:08:09.0314 1968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:08:09.0316 1968 Appinfo - ok
00:08:09.0455 1968 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:08:09.0456 1968 Apple Mobile Device - ok
00:08:09.0486 1968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:08:09.0488 1968 arc - ok
00:08:09.0514 1968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:08:09.0517 1968 arcsas - ok
00:08:09.0540 1968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:08:09.0542 1968 AsyncMac - ok
00:08:09.0606 1968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:08:09.0607 1968 atapi - ok
00:08:09.0706 1968 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
00:08:09.0766 1968 athr - ok
00:08:10.0157 1968 atikmdag (37456be85384e4cc38dc899f07f88c45) C:\Windows\system32\DRIVERS\atikmdag.sys
00:08:10.0303 1968 atikmdag - ok
00:08:10.0446 1968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:08:10.0464 1968 AudioEndpointBuilder - ok
00:08:10.0471 1968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:08:10.0475 1968 AudioSrv - ok
00:08:10.0560 1968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:08:10.0563 1968 AxInstSV - ok
00:08:10.0634 1968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:08:10.0653 1968 b06bdrv - ok
00:08:10.0702 1968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:08:10.0707 1968 b57nd60a - ok
00:08:10.0772 1968 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:08:10.0823 1968 BCM43XX - ok
00:08:10.0866 1968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:08:10.0869 1968 BDESVC - ok
00:08:10.0903 1968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:08:10.0905 1968 Beep - ok
00:08:11.0006 1968 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:08:11.0048 1968 BFE - ok
00:08:11.0099 1968 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:08:11.0137 1968 BITS - ok
00:08:11.0179 1968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:08:11.0181 1968 blbdrive - ok
00:08:11.0332 1968 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:08:11.0335 1968 Bonjour Service - ok
00:08:11.0394 1968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:08:11.0397 1968 bowser - ok
00:08:11.0432 1968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:08:11.0434 1968 BrFiltLo - ok
00:08:11.0445 1968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:08:11.0447 1968 BrFiltUp - ok
00:08:11.0504 1968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:08:11.0507 1968 Browser - ok
00:08:11.0547 1968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:08:11.0552 1968 Brserid - ok
00:08:11.0565 1968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:08:11.0567 1968 BrSerWdm - ok
00:08:11.0596 1968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:08:11.0598 1968 BrUsbMdm - ok
00:08:11.0602 1968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:08:11.0604 1968 BrUsbSer - ok
00:08:11.0623 1968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:08:11.0626 1968 BTHMODEM - ok
00:08:11.0687 1968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:08:11.0690 1968 bthserv - ok
00:08:11.0725 1968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:08:11.0726 1968 cdfs - ok
00:08:11.0796 1968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:08:11.0798 1968 cdrom - ok
00:08:11.0857 1968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:08:11.0859 1968 CertPropSvc - ok
00:08:11.0897 1968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:08:11.0900 1968 circlass - ok
00:08:11.0930 1968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:08:11.0944 1968 CLFS - ok
00:08:12.0032 1968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:08:12.0035 1968 clr_optimization_v2.0.50727_32 - ok
00:08:12.0060 1968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:08:12.0064 1968 clr_optimization_v2.0.50727_64 - ok
00:08:12.0179 1968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:08:12.0247 1968 clr_optimization_v4.0.30319_32 - ok
00:08:12.0284 1968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:08:12.0288 1968 clr_optimization_v4.0.30319_64 - ok
00:08:12.0309 1968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:08:12.0311 1968 CmBatt - ok
00:08:12.0355 1968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:08:12.0357 1968 cmdide - ok
00:08:12.0436 1968 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
00:08:12.0459 1968 CNG - ok
00:08:12.0496 1968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:08:12.0498 1968 Compbatt - ok
00:08:12.0553 1968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:08:12.0555 1968 CompositeBus - ok
00:08:12.0578 1968 COMSysApp - ok
00:08:12.0589 1968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:08:12.0591 1968 crcdisk - ok
00:08:12.0651 1968 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:08:12.0655 1968 CryptSvc - ok
00:08:12.0717 1968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:08:12.0738 1968 DcomLaunch - ok
00:08:12.0777 1968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:08:12.0783 1968 defragsvc - ok
00:08:12.0826 1968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:08:12.0827 1968 DfsC - ok
00:08:12.0914 1968 dgderdrv (316c47f51f7d7ec67651802470cf3f6b) C:\Windows\system32\drivers\dgderdrv.sys
00:08:12.0916 1968 dgderdrv - ok
00:08:12.0990 1968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:08:13.0006 1968 Dhcp - ok
00:08:13.0037 1968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:08:13.0040 1968 discache - ok
00:08:13.0065 1968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:08:13.0067 1968 Disk - ok
00:08:13.0158 1968 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
00:08:13.0159 1968 DKbFltr - ok
00:08:13.0203 1968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:08:13.0207 1968 Dnscache - ok
00:08:13.0258 1968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:08:13.0263 1968 dot3svc - ok
00:08:13.0316 1968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:08:13.0320 1968 DPS - ok
00:08:13.0357 1968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:08:13.0358 1968 drmkaud - ok
00:08:13.0436 1968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:08:13.0483 1968 DXGKrnl - ok
00:08:13.0518 1968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:08:13.0521 1968 EapHost - ok
00:08:13.0666 1968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:08:13.0759 1968 ebdrv - ok
00:08:13.0886 1968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:08:13.0889 1968 EFS - ok
00:08:13.0971 1968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:08:13.0975 1968 ehRecvr - ok
00:08:14.0000 1968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:08:14.0001 1968 ehSched - ok
00:08:14.0099 1968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:08:14.0121 1968 elxstor - ok
00:08:14.0269 1968 ePowerSvc (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
00:08:14.0274 1968 ePowerSvc - ok
00:08:14.0406 1968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:08:14.0407 1968 ErrDev - ok
00:08:14.0474 1968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:08:14.0487 1968 EventSystem - ok
00:08:14.0530 1968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:08:14.0534 1968 exfat - ok
00:08:14.0560 1968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:08:14.0565 1968 fastfat - ok
00:08:14.0659 1968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:08:14.0705 1968 Fax - ok
00:08:14.0739 1968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:08:14.0741 1968 fdc - ok
00:08:14.0779 1968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:08:14.0781 1968 fdPHost - ok
00:08:14.0798 1968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:08:14.0800 1968 FDResPub - ok
00:08:14.0818 1968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:08:14.0821 1968 FileInfo - ok
00:08:14.0835 1968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:08:14.0837 1968 Filetrace - ok
00:08:14.0846 1968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:08:14.0848 1968 flpydisk - ok
00:08:14.0920 1968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:08:14.0925 1968 FltMgr - ok
00:08:15.0005 1968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:08:15.0061 1968 FontCache - ok
00:08:15.0140 1968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:08:15.0141 1968 FontCache3.0.0.0 - ok
00:08:15.0180 1968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:08:15.0182 1968 FsDepends - ok
00:08:15.0225 1968 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:08:15.0227 1968 Fs_Rec - ok
00:08:15.0290 1968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:08:15.0294 1968 fvevol - ok
00:08:15.0324 1968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:08:15.0326 1968 gagp30kx - ok
00:08:15.0384 1968 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:08:15.0386 1968 GEARAspiWDM - ok
00:08:15.0457 1968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:08:15.0496 1968 gpsvc - ok
00:08:15.0632 1968 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
00:08:15.0638 1968 Greg_Service - ok
00:08:15.0713 1968 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:08:15.0714 1968 gupdate - ok
00:08:15.0739 1968 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:08:15.0740 1968 gupdatem - ok
00:08:15.0851 1968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:08:15.0853 1968 hcw85cir - ok
00:08:15.0920 1968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:08:15.0926 1968 HdAudAddService - ok
00:08:15.0943 1968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:08:15.0946 1968 HDAudBus - ok
00:08:15.0979 1968 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:08:15.0981 1968 HECIx64 - ok
00:08:16.0000 1968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:08:16.0002 1968 HidBatt - ok
00:08:16.0028 1968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:08:16.0031 1968 HidBth - ok
00:08:16.0119 1968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:08:16.0121 1968 HidIr - ok
00:08:16.0149 1968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:08:16.0151 1968 hidserv - ok
00:08:16.0200 1968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:08:16.0202 1968 HidUsb - ok
00:08:16.0257 1968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:08:16.0260 1968 hkmsvc - ok
00:08:16.0315 1968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:08:16.0319 1968 HomeGroupListener - ok
00:08:16.0337 1968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:08:16.0342 1968 HomeGroupProvider - ok
00:08:16.0365 1968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:08:16.0368 1968 HpSAMD - ok
00:08:16.0461 1968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:08:16.0501 1968 HTTP - ok
00:08:16.0542 1968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:08:16.0543 1968 hwpolicy - ok
00:08:16.0609 1968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:08:16.0612 1968 i8042prt - ok
00:08:16.0725 1968 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
00:08:16.0728 1968 IAANTMON - ok
00:08:16.0755 1968 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
00:08:16.0757 1968 iaStor - ok
00:08:16.0831 1968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:08:16.0844 1968 iaStorV - ok
00:08:16.0973 1968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:08:16.0980 1968 idsvc - ok
00:08:17.0260 1968 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:08:17.0422 1968 igfx - ok
00:08:17.0571 1968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:08:17.0573 1968 iirsp - ok
00:08:17.0685 1968 IJPLMSVC (755519f49906b73c1fe9cbbf75e347ea) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
00:08:17.0687 1968 IJPLMSVC - ok
00:08:17.0776 1968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:08:17.0808 1968 IKEEXT - ok
00:08:17.0951 1968 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
00:08:18.0000 1968 IntcAzAudAddService - ok
00:08:18.0129 1968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:08:18.0131 1968 intelide - ok
00:08:18.0175 1968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:08:18.0177 1968 intelppm - ok
00:08:18.0212 1968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:08:18.0216 1968 IPBusEnum - ok
00:08:18.0259 1968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:08:18.0261 1968 IpFilterDriver - ok
00:08:18.0324 1968 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:08:18.0334 1968 iphlpsvc - ok
00:08:18.0366 1968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:08:18.0368 1968 IPMIDRV - ok
00:08:18.0397 1968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:08:18.0400 1968 IPNAT - ok
00:08:18.0532 1968 iPod Service (fdf57f795098ab29af780824315c9859) C:\Program Files\iPod\bin\iPodService.exe
00:08:18.0537 1968 iPod Service - ok
00:08:18.0568 1968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:08:18.0569 1968 IRENUM - ok
00:08:18.0615 1968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:08:18.0617 1968 isapnp - ok
00:08:18.0650 1968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:08:18.0655 1968 iScsiPrt - ok
00:08:18.0698 1968 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
00:08:18.0703 1968 k57nd60a - ok
00:08:18.0723 1968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:08:18.0726 1968 kbdclass - ok
00:08:18.0767 1968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:08:18.0769 1968 kbdhid - ok
00:08:18.0816 1968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:08:18.0817 1968 KeyIso - ok
00:08:18.0875 1968 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
00:08:18.0878 1968 KSecDD - ok
00:08:18.0904 1968 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
00:08:18.0907 1968 KSecPkg - ok
00:08:18.0936 1968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:08:18.0938 1968 ksthunk - ok
00:08:18.0986 1968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:08:18.0992 1968 KtmRm - ok
00:08:19.0083 1968 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
00:08:19.0085 1968 L1E - ok
00:08:19.0131 1968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:08:19.0136 1968 LanmanServer - ok
00:08:19.0175 1968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:08:19.0179 1968 LanmanWorkstation - ok
00:08:19.0232 1968 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:08:19.0235 1968 LHidFilt - ok
00:08:19.0251 1968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:08:19.0254 1968 lltdio - ok
00:08:19.0289 1968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:08:19.0296 1968 lltdsvc - ok
00:08:19.0318 1968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:08:19.0320 1968 lmhosts - ok
00:08:19.0329 1968 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:08:19.0331 1968 LMouFilt - ok
00:08:19.0425 1968 LMS (7485fbcef9136f530953575e2977859d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:08:19.0427 1968 LMS - ok
00:08:19.0472 1968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:08:19.0475 1968 LSI_FC - ok
00:08:19.0495 1968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:08:19.0498 1968 LSI_SAS - ok
00:08:19.0514 1968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:08:19.0516 1968 LSI_SAS2 - ok
00:08:19.0539 1968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:08:19.0542 1968 LSI_SCSI - ok
00:08:19.0582 1968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:08:19.0585 1968 luafv - ok
00:08:19.0635 1968 LUsbFilt (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys
00:08:19.0637 1968 LUsbFilt - ok
00:08:19.0718 1968 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
00:08:19.0720 1968 MBAMProtector - ok
00:08:19.0797 1968 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:08:19.0801 1968 MBAMService - ok
00:08:19.0856 1968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:08:19.0859 1968 Mcx2Svc - ok
00:08:19.0897 1968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:08:19.0899 1968 megasas - ok
00:08:19.0926 1968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:08:19.0931 1968 MegaSR - ok
00:08:20.0050 1968 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:08:20.0051 1968 Microsoft Office Groove Audit Service - ok
00:08:20.0095 1968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:08:20.0098 1968 MMCSS - ok
00:08:20.0153 1968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:08:20.0174 1968 Modem - ok
00:08:20.0209 1968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:08:20.0211 1968 monitor - ok
00:08:20.0257 1968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:08:20.0260 1968 mouclass - ok
00:08:20.0285 1968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:08:20.0287 1968 mouhid - ok
00:08:20.0330 1968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:08:20.0333 1968 mountmgr - ok
00:08:20.0431 1968 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:08:20.0432 1968 MozillaMaintenance - ok
00:08:20.0529 1968 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
00:08:20.0533 1968 MpFilter - ok
00:08:20.0577 1968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:08:20.0581 1968 mpio - ok
00:08:20.0600 1968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:08:20.0603 1968 mpsdrv - ok
00:08:20.0681 1968 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:08:20.0741 1968 MpsSvc - ok
00:08:20.0787 1968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:08:20.0790 1968 MRxDAV - ok
00:08:20.0843 1968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:08:20.0847 1968 mrxsmb - ok
00:08:20.0916 1968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:08:20.0921 1968 mrxsmb10 - ok
00:08:20.0933 1968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:08:20.0936 1968 mrxsmb20 - ok
00:08:20.0993 1968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:08:20.0995 1968 msahci - ok
00:08:21.0040 1968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:08:21.0043 1968 msdsm - ok
00:08:21.0080 1968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:08:21.0084 1968 MSDTC - ok
00:08:21.0374 1968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:08:21.0376 1968 Msfs - ok
00:08:21.0387 1968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:08:21.0389 1968 mshidkmdf - ok
00:08:21.0400 1968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:08:21.0402 1968 msisadrv - ok
00:08:21.0429 1968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:08:21.0433 1968 MSiSCSI - ok
00:08:21.0442 1968 msiserver - ok
00:08:21.0473 1968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:08:21.0475 1968 MSKSSRV - ok
00:08:21.0589 1968 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
00:08:21.0590 1968 MsMpSvc - ok
00:08:21.0603 1968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:08:21.0604 1968 MSPCLOCK - ok
00:08:21.0613 1968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:08:21.0614 1968 MSPQM - ok
00:08:21.0680 1968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:08:21.0686 1968 MsRPC - ok
00:08:21.0732 1968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:08:21.0734 1968 mssmbios - ok
00:08:21.0750 1968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:08:21.0751 1968 MSTEE - ok
00:08:21.0807 1968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:08:21.0809 1968 MTConfig - ok
00:08:21.0829 1968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:08:21.0831 1968 Mup - ok
00:08:21.0865 1968 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
00:08:21.0867 1968 mwlPSDFilter - ok
00:08:21.0896 1968 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
00:08:21.0898 1968 mwlPSDNServ - ok
00:08:21.0920 1968 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
00:08:21.0922 1968 mwlPSDVDisk - ok
00:08:22.0017 1968 MWLService (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
00:08:22.0019 1968 MWLService - ok
00:08:22.0086 1968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:08:22.0110 1968 napagent - ok
00:08:22.0169 1968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:08:22.0175 1968 NativeWifiP - ok
00:08:22.0251 1968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:08:22.0300 1968 NDIS - ok
00:08:22.0331 1968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:08:22.0334 1968 NdisCap - ok
00:08:22.0353 1968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:08:22.0355 1968 NdisTapi - ok
00:08:22.0403 1968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:08:22.0405 1968 Ndisuio - ok
00:08:22.0469 1968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:08:22.0473 1968 NdisWan - ok
00:08:22.0524 1968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:08:22.0526 1968 NDProxy - ok
00:08:22.0577 1968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:08:22.0579 1968 NetBIOS - ok
00:08:22.0598 1968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:08:22.0603 1968 NetBT - ok
00:08:22.0656 1968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:08:22.0658 1968 Netlogon - ok
00:08:22.0714 1968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:08:22.0728 1968 Netman - ok
00:08:22.0756 1968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:08:22.0780 1968 netprofm - ok
00:08:22.0860 1968 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:08:22.0861 1968 NetTcpPortSharing - ok
00:08:22.0912 1968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:08:22.0914 1968 nfrd960 - ok
00:08:22.0968 1968 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:08:22.0970 1968 NisDrv - ok
00:08:23.0099 1968 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
00:08:23.0101 1968 NisSrv - ok
00:08:23.0170 1968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:08:23.0176 1968 NlaSvc - ok
00:08:23.0216 1968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:08:23.0218 1968 Npfs - ok
00:08:23.0249 1968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:08:23.0252 1968 nsi - ok
00:08:23.0267 1968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:08:23.0269 1968 nsiproxy - ok
00:08:23.0380 1968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:08:23.0449 1968 Ntfs - ok
00:08:23.0551 1968 NTI IScheduleSvc (14e66f603fb187713aeb02ad3b0390cf) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
00:08:23.0552 1968 NTI IScheduleSvc - ok
00:08:23.0601 1968 NTIBackupSvc (fd324cce1d4d5bb5af65f8e55b462c7e) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
00:08:23.0601 1968 NTIBackupSvc - ok
00:08:23.0698 1968 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
00:08:23.0700 1968 NTIDrvr - ok
00:08:23.0732 1968 NTISchedulerSvc (3f6268a2ec33cd38cf75c880af8ded42) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
00:08:23.0734 1968 NTISchedulerSvc - ok
00:08:23.0774 1968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:08:23.0776 1968 Null - ok
00:08:23.0836 1968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:08:23.0839 1968 nvraid - ok
00:08:23.0862 1968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:08:23.0866 1968 nvstor - ok
00:08:23.0895 1968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:08:23.0898 1968 nv_agp - ok
00:08:24.0011 1968 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:08:24.0014 1968 odserv - ok
00:08:24.0062 1968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:08:24.0064 1968 ohci1394 - ok
00:08:24.0098 1968 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:08:24.0099 1968 ose - ok
00:08:24.0424 1968 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:08:24.0451 1968 osppsvc - ok
00:08:24.0559 1968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:08:24.0565 1968 p2pimsvc - ok
00:08:24.0598 1968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:08:24.0622 1968 p2psvc - ok
00:08:24.0670 1968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:08:24.0673 1968 Parport - ok
00:08:24.0737 1968 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:08:24.0739 1968 partmgr - ok
00:08:24.0770 1968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:08:24.0775 1968 PcaSvc - ok
00:08:24.0790 1968 pccsmcfd - ok
00:08:24.0845 1968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:08:24.0849 1968 pci - ok
00:08:24.0891 1968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:08:24.0893 1968 pciide - ok
00:08:24.0926 1968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:08:24.0930 1968 pcmcia - ok
00:08:24.0997 1968 PCTCore (60f19af0a9a26851ad9bc2d981afbac6) C:\Windows\system32\drivers\PCTCore64.sys
00:08:25.0001 1968 PCTCore - ok
00:08:25.0083 1968 pctgntdi (d6ad12ef986484d692253caca6882d89) C:\Windows\system32\drivers\pctgntdi64.sys
00:08:25.0088 1968 pctgntdi - ok
00:08:25.0106 1968 pctplsg (3424058d9b653dc1a8d0d7487281e6d5) C:\Windows\System32\drivers\pctplsg64.sys
00:08:25.0109 1968 pctplsg - ok
00:08:25.0149 1968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:08:25.0151 1968 pcw - ok
00:08:25.0187 1968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:08:25.0230 1968 PEAUTH - ok
00:08:25.0296 1968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:08:25.0298 1968 PerfHost - ok
00:08:25.0416 1968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:08:25.0496 1968 pla - ok
00:08:25.0598 1968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:08:25.0617 1968 PlugPlay - ok
00:08:25.0648 1968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:08:25.0650 1968 PNRPAutoReg - ok
00:08:25.0681 1968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:08:25.0684 1968 PNRPsvc - ok
00:08:25.0746 1968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:08:25.0769 1968 PolicyAgent - ok
00:08:25.0806 1968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:08:25.0810 1968 Power - ok
00:08:25.0897 1968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:08:25.0900 1968 PptpMiniport - ok
00:08:25.0927 1968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:08:25.0930 1968 Processor - ok
00:08:25.0986 1968 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:08:25.0992 1968 ProfSvc - ok
00:08:26.0046 1968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:08:26.0047 1968 ProtectedStorage - ok
00:08:26.0119 1968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:08:26.0122 1968 Psched - ok
00:08:26.0193 1968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:08:26.0266 1968 ql2300 - ok
00:08:26.0384 1968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:08:26.0387 1968 ql40xx - ok
00:08:26.0412 1968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:08:26.0418 1968 QWAVE - ok
00:08:26.0449 1968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:08:26.0451 1968 QWAVEdrv - ok
00:08:26.0463 1968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:08:26.0465 1968 RasAcd - ok
00:08:26.0507 1968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:08:26.0509 1968 RasAgileVpn - ok
00:08:26.0530 1968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:08:26.0533 1968 RasAuto - ok
00:08:26.0581 1968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:08:26.0584 1968 Rasl2tp - ok
00:08:26.0606 1968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:08:26.0612 1968 RasMan - ok
00:08:26.0637 1968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:08:26.0640 1968 RasPppoe - ok
00:08:26.0649 1968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:08:26.0651 1968 RasSstp - ok
00:08:26.0711 1968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:08:26.0717 1968 rdbss - ok
00:08:26.0729 1968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:08:26.0731 1968 rdpbus - ok
00:08:26.0758 1968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:08:26.0760 1968 RDPCDD - ok
00:08:26.0777 1968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:08:26.0778 1968 RDPENCDD - ok
00:08:26.0817 1968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:08:26.0818 1968 RDPREFMP - ok
00:08:26.0852 1968 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:08:26.0856 1968 RDPWD - ok
00:08:26.0933 1968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:08:26.0937 1968 rdyboost - ok
00:08:26.0960 1968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:08:26.0963 1968 RemoteAccess - ok
00:08:27.0010 1968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:08:27.0014 1968 RemoteRegistry - ok
00:08:27.0073 1968 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:08:27.0075 1968 RimUsb - ok
00:08:27.0113 1968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:08:27.0116 1968 RpcEptMapper - ok
00:08:27.0146 1968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:08:27.0148 1968 RpcLocator - ok
00:08:27.0221 1968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:08:27.0225 1968 RpcSs - ok
00:08:27.0268 1968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:08:27.0270 1968 rspndr - ok
00:08:27.0361 1968 RS_Service (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
00:08:27.0362 1968 RS_Service - ok
00:08:27.0424 1968 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
00:08:27.0429 1968 RTHDMIAzAudService - ok
00:08:27.0476 1968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:08:27.0477 1968 SamSs - ok
00:08:27.0539 1968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:08:27.0542 1968 sbp2port - ok
00:08:27.0587 1968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:08:27.0591 1968 SCardSvr - ok
00:08:27.0638 1968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:08:27.0641 1968 scfilter - ok
00:08:27.0731 1968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:08:27.0776 1968 Schedule - ok
00:08:27.0834 1968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:08:27.0835 1968 SCPolicySvc - ok
00:08:27.0859 1968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:08:27.0863 1968 SDRSVC - ok
00:08:27.0918 1968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:08:27.0920 1968 secdrv - ok
00:08:27.0963 1968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:08:27.0966 1968 seclogon - ok
00:08:27.0988 1968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:08:27.0991 1968 SENS - ok
00:08:28.0020 1968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:08:28.0023 1968 SensrSvc - ok
00:08:28.0047 1968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:08:28.0049 1968 Serenum - ok
00:08:28.0069 1968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:08:28.0072 1968 Serial - ok
00:08:28.0114 1968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:08:28.0116 1968 sermouse - ok
00:08:28.0167 1968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:08:28.0171 1968 SessionEnv - ok
00:08:28.0206 1968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:08:28.0209 1968 sffdisk - ok
00:08:28.0217 1968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:08:28.0218 1968 sffp_mmc - ok
00:08:28.0231 1968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:08:28.0233 1968 sffp_sd - ok
00:08:28.0250 1968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:08:28.0253 1968 sfloppy - ok
00:08:28.0292 1968 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:08:28.0298 1968 SharedAccess - ok
00:08:28.0358 1968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:08:28.0372 1968 ShellHWDetection - ok
00:08:28.0391 1968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:08:28.0393 1968 SiSRaid2 - ok
00:08:28.0406 1968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:08:28.0408 1968 SiSRaid4 - ok
00:08:28.0440 1968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:08:28.0443 1968 Smb - ok
00:08:28.0530 1968 snapman (27ba49f89468fddae6c2b311c53bce3a) C:\Windows\system32\DRIVERS\snapman.sys
00:08:28.0534 1968 snapman - ok
00:08:28.0573 1968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:08:28.0575 1968 SNMPTRAP - ok
00:08:28.0606 1968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:08:28.0608 1968 spldr - ok
00:08:28.0681 1968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:08:28.0703 1968 Spooler - ok
00:08:28.0880 1968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:08:28.0989 1968 sppsvc - ok
00:08:29.0088 1968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:08:29.0091 1968 sppuinotify - ok
00:08:29.0172 1968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:08:29.0196 1968 srv - ok
00:08:29.0224 1968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:08:29.0241 1968 srv2 - ok
00:08:29.0255 1968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:08:29.0259 1968 srvnet - ok
00:08:29.0332 1968 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
00:08:29.0335 1968 sscdbus - ok
00:08:29.0390 1968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:08:29.0395 1968 SSDPSRV - ok
00:08:29.0413 1968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:08:29.0417 1968 SstpSvc - ok
00:08:29.0475 1968 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
00:08:29.0478 1968 ss_bbus - ok
00:08:29.0517 1968 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
00:08:29.0519 1968 ss_bmdfl - ok
00:08:29.0569 1968 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
00:08:29.0572 1968 ss_bmdm - ok
00:08:29.0607 1968 ss_bserd (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys
00:08:29.0610 1968 ss_bserd - ok
00:08:29.0644 1968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:08:29.0646 1968 stexstor - ok
00:08:29.0712 1968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:08:29.0767 1968 stisvc - ok
00:08:29.0805 1968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:08:29.0807 1968 swenum - ok
00:08:29.0848 1968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:08:29.0871 1968 swprv - ok
00:08:29.0917 1968 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
00:08:29.0922 1968 SynTP - ok
00:08:30.0041 1968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:08:30.0100 1968 SysMain - ok
00:08:30.0235 1968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:08:30.0239 1968 TabletInputService - ok
00:08:30.0268 1968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:08:30.0274 1968 TapiSrv - ok
00:08:30.0319 1968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:08:30.0323 1968 TBS - ok
00:08:30.0470 1968 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:08:30.0546 1968 Tcpip - ok
00:08:30.0701 1968 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:08:30.0712 1968 TCPIP6 - ok
00:08:30.0807 1968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:08:30.0810 1968 tcpipreg - ok
00:08:30.0837 1968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:08:30.0838 1968 TDPIPE - ok
00:08:31.0001 1968 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
00:08:31.0039 1968 tdrpman258 - ok
00:08:31.0159 1968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:08:31.0162 1968 TDTCP - ok
00:08:31.0229 1968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:08:31.0231 1968 tdx - ok
00:08:31.0611 1968 TeamViewer7 (05582967e81703010239c2458211a2b7) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
00:08:31.0627 1968 TeamViewer7 - ok
00:08:31.0757 1968 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
00:08:31.0759 1968 teamviewervpn - ok
00:08:31.0799 1968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:08:31.0802 1968 TermDD - ok
00:08:31.0872 1968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:08:31.0902 1968 TermService - ok
00:08:31.0960 1968 TfFsMon (4b1c89130cf2e86921674de5ae7814e2) C:\Windows\system32\drivers\TfFsMon.sys
00:08:31.0962 1968 TfFsMon - ok
00:08:31.0996 1968 TfNetMon (a43b4746fb15e85ba816102c8ac5ef98) C:\Windows\system32\drivers\TfNetMon.sys
00:08:31.0998 1968 TfNetMon - ok
00:08:32.0030 1968 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
00:08:32.0032 1968 TFsExDisk - ok
00:08:32.0065 1968 TfSysMon (761f2e2b759389a472bd3d94141742b9) C:\Windows\system32\drivers\TfSysMon.sys
00:08:32.0068 1968 TfSysMon - ok
00:08:32.0097 1968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:08:32.0100 1968 Themes - ok
00:08:32.0135 1968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:08:32.0136 1968 THREADORDER - ok
00:08:32.0250 1968 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
00:08:32.0287 1968 timounter - ok
00:08:32.0322 1968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:08:32.0326 1968 TrkWks - ok
00:08:32.0388 1968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:08:32.0389 1968 TrustedInstaller - ok
00:08:32.0449 1968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:08:32.0451 1968 tssecsrv - ok
00:08:32.0523 1968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:08:32.0525 1968 TsUsbFlt - ok
00:08:32.0593 1968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:08:32.0596 1968 tunnel - ok
00:08:32.0636 1968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:08:32.0639 1968 uagp35 - ok
00:08:32.0661 1968 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
00:08:32.0663 1968 UBHelper - ok
00:08:32.0724 1968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:08:32.0729 1968 udfs - ok
00:08:32.0768 1968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:08:32.0771 1968 UI0Detect - ok
00:08:32.0822 1968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:08:32.0825 1968 uliagpkx - ok
00:08:32.0885 1968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:08:32.0888 1968 umbus - ok
00:08:32.0901 1968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:08:32.0903 1968 UmPass - ok
00:08:33.0066 1968 UNS (765f2dd351ba064f657751d8d75e58c0) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:08:33.0079 1968 UNS - ok
00:08:33.0155 1968 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
00:08:33.0157 1968 Updater Service - ok
00:08:33.0261 1968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:08:33.0276 1968 upnphost - ok
00:08:33.0338 1968 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
00:08:33.0340 1968 USBAAPL64 - ok
00:08:33.0384 1968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:08:33.0387 1968 usbccgp - ok
00:08:33.0418 1968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:08:33.0421 1968 usbcir - ok
00:08:33.0438 1968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:08:33.0440 1968 usbehci - ok
00:08:33.0488 1968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:08:33.0502 1968 usbhub - ok
00:08:33.0519 1968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:08:33.0521 1968 usbohci - ok
00:08:33.0557 1968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:08:33.0559 1968 usbprint - ok
00:08:33.0587 1968 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:08:33.0590 1968 usbscan - ok
00:08:33.0628 1968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:08:33.0631 1968 USBSTOR - ok
00:08:33.0700 1968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:08:33.0702 1968 usbuhci - ok
00:08:33.0733 1968 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drive
0
Réponse 7 / 10
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
19 juil. 2012 à 00:17
https://forums.commentcamarche.net/forum/affich-25626068-virus-activite-illegale#7
0
Psychotrope Messages postés 7 Date d'inscription mercredi 18 juillet 2012 Statut Membre Dernière intervention 19 juillet 2012
19 juil. 2012 à 02:33
1/ ADWCleaner

# AdwCleaner v1.702 - Rapport créé le 19/07/2012 à 00:20:16
# Mis à jour le 13/07/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Vincent - VINCENT-PC
# Exécuté depuis : C:\Users\Vincent\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Vincent\AppData\Local\TempDir
Dossier Supprimé : C:\Users\Vincent\AppData\Roaming\Babylon
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\QuestScan
Dossier Supprimé : C:\Program Files (x86)\QuestScan
Dossier Supprimé : C:\Program Files (x86)\Common Files\spigot
Fichier Supprimé : C:\Users\Public\Desktop\eBay.lnk
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\ilivid
Clé Supprimée : HKCU\Software\SweetIm
Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\Freeze.com
Clé Supprimée : HKLM\SOFTWARE\Iminent
Clé Supprimée : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[x64] Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v13.0.1 (fr)

Nom du profil : default
Fichier : C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\zprnyv52.default\prefs.js

C:\Users\Vincent\AppData\Roaming\Mozilla\Firefox\Profiles\zprnyv52.default\user.js ... Supprimé !

Supprimée : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Supprimée : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Supprimée : user_pref("browser.search.order.1", "Search the web (Babylon)");
Supprimée : user_pref("extensions.BabylonToolbar.admin", false);
Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Supprimée : user_pref("extensions.BabylonToolbar.babExt", "somoto");
Supprimée : user_pref("extensions.BabylonToolbar.babTrack", "affID=100789");
Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", 5);
Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Supprimée : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Supprimée : user_pref("extensions.BabylonToolbar.hmpg", true);
Supprimée : user_pref("extensions.BabylonToolbar.id", "bc8bdcfd0000000000000017c4e39720");
Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15312");
Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Supprimée : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=100789&babsrc=adbar[...]
Supprimée : user_pref("extensions.BabylonToolbar.lastDP", 5);
Supprimée : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.179:13:18");
Supprimée : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "8.0");
Supprimée : user_pref("extensions.BabylonToolbar.newTab", true);
Supprimée : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Supprimée : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Supprimée : user_pref("extensions.BabylonToolbar.propectorlck", 61626517);
Supprimée : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Supprimée : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Supprimée : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Supprimée : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Supprimée : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "tb5");
Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Supprimée : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.179:13:18");
Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Supprimée : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", "somoto");
Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100789");
Supprimée : user_pref("extensions.BabylonToolbar_i.hardId", "bc8bdcfd0000000000000017c4e39720");
Supprimée : user_pref("extensions.BabylonToolbar_i.id", "bc8bdcfd0000000000000017c4e39720");
Supprimée : user_pref("extensions.BabylonToolbar_i.instlDay", "15332");
Supprimée : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", false);
Supprimée : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=100789&babsrc=NT_s[...]
Supprimée : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Supprimée : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Supprimée : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb5");
Supprimée : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:27:16");
Supprimée : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Nom du profil : default
Fichier : C:\Users\Rafael\AppData\Roaming\Mozilla\Firefox\Profiles\97huk0iy.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v20.0.1132.57

Fichier : C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée : "homepage": "hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=bc8bdcfd0000000000000017[...]
Supprimée : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=b[...]
Supprimée : "homepage": "hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=bc8bdcfd0000000000000017c4e[...]
Supprimée : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?AF=100789&babsrc=HP_ss&mntrId=bc8b[...]

*************************

AdwCleaner[R1].txt - [7527 octets] - [18/07/2012 22:49:03]
AdwCleaner[S1].txt - [284 octets] - [19/07/2012 00:18:48]
AdwCleaner[S2].txt - [7113 octets] - [19/07/2012 00:20:16]

########## EOF - C:\AdwCleaner[S2].txt - [7241 octets] ##########


*********************************************************************************************

2/ Antimalware

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.18.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Vincent :: VINCENT-PC [administrateur]

Protection: Activé

7/19/2012 12:27:20 AM
mbam-log-2012-07-19 (00-27-20).txt

Type d'examen: Examen complet (C:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 405224
Temps écoulé: 1 heure(s), 38 minute(s), 41 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Users\Vincent\Desktop\RK_Quarantine\toip0_tmp.exe.vir (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Users\Vincent\AppData\Roaming\toip0_tmp.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

(fin)
*******************************************************************************************************

3/ ZHPdiag

Voici le lien pour le fichier :

https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120719_s6m5y14o8f13


Encore mille fois merci.
0
Réponse 8 / 10
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
19 juil. 2012 à 04:08
ok

1)

Copie tout le texte présent en gras ci-dessous (tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )



SysRestore
EMPTYTEMP
EMPTYFLASH
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At1.job => Infection Rogue (Rogue.HDDDoctor)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At2.job => Infection Diverse (P2P.Worm)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At3.job => Infection Diverse (P2P.Worm)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\At4.job => Infection Diverse (P2P.Worm)
[MD5.00000000000000000000000000000000] [APT] [{22116563-108C-42c0-A7CE-60161B75E508}] (...) -- C:\Users\Vincent\AppData\Local\Temp\Mf1.exe (.not file.) => Infection FakeAlert (Trojan.FakeAlert)
O43 - CFD: 1/19/2011 - 9:21:28 AM - [0.002] ----D C:\Program Files (x86)\GamesBar => Infection BT (Adware.GamesBar)
O43 - CFD: 1/17/2011 - 1:40:33 AM - [0.001] ----D C:\ProgramData\Trymedia => Infection BT (Adware.Trymedia)
O43 - CFD: 1/19/2011 - 9:21:28 AM - [0.002] ----D C:\Program Files (x86)\GamesBar => Infection BT (Adware.GamesBar)
C:\Program Files (x86)\GamesBar => Infection BT (Adware.GamesBar)
C:\ProgramData\Trymedia => Infection BT (Adware.Trymedia)



Puis Lance ZHPFix depuis le raccourci du bureau . (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)

* Une fois l'outil ZHPFix ouvert ,

- Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse



le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport

.........................

2)

Redemarre le pc et dis moi si tu as encore des soucis
0
Réponse 9 / 10
Psychotrope Messages postés 7 Date d'inscription mercredi 18 juillet 2012 Statut Membre Dernière intervention 19 juillet 2012
19 juil. 2012 à 07:12
Bonjour Moment de grace,

Voici le rapport,

Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012
Fichier d'export Registre :
Run by Vincent at 7/19/2012 7:07:30 AM
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Dossier(s) ==========
SUPPRIME Temporaires Windows:
SUPPRIME Flash Cookies:
SUPPRIME Folder: C:\Program Files (x86)\GamesBar
SUPPRIME Folder: C:\ProgramData\Trymedia

========== Fichier(s) ==========
SUPPRIME Temporaires Windows:
SUPPRIME Flash Cookies:
SUPPRIME File: c:\windows\tasks\at1.job
SUPPRIME File: c:\windows\tasks\at2.job
SUPPRIME File: c:\windows\tasks\at3.job
SUPPRIME File: c:\windows\tasks\at4.job
ABSENT Folder/File: c:\program files (x86)\gamesbar
ABSENT Folder/File: c:\programdata\trymedia

========== Tache planifiée ==========
SUPPRIME Task: {22116563-108C-42c0-A7CE-60161B75E508}

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
4 : Dossier(s)
8 : Fichier(s)
1 : Tache planifiée
1 : Restauration Système


End of clean in 52mn AMs

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 7/19/2012 7:07:30 AM [1255]

--------------------------------------------------------------------------------------------

J'ai l'impression que c'est ok.
Merci, merci, merci.
0
Psychotrope Messages postés 7 Date d'inscription mercredi 18 juillet 2012 Statut Membre Dernière intervention 19 juillet 2012
19 juil. 2012 à 08:02
Mille mercis.
Vous m'avez rendu un grand service.
0
Réponse 10 / 10
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 272
Modifié par moment de grace le 19/07/2012 à 09:55
tu es parti un peu vite
pour terminer on fait le ménage

tout est ecrit là :
https://gen-hackman.kanak.fr/

(merci à mon ami g3n-h@ckm@n)

CONTRIBUTEUR SECURITE

En désinfection, c'est la fin le plus important !
"Restez" jusqu'au bout...merci
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Mon Amazon est verrouillé suite à une activité suspecte
Aurax10 -
Jacqueter -

35 réponses
impossible de recuperer mon compte facebook
Lou -
Morpheus2021 -

4 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses