Sujet Précédent Sujet Suivant

Problem kernel

Résolu/Fermé
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 - 3 avril 2013 à 22:37
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 - 22 avril 2013 à 14:48
Bonjour,

svp aidez-moi j'ai un problème qui m'innerve au démarrage de mon ordinateur Acer il y a un message:"impossible de trouver le fichier script "C:\Kernel\r00t3r" j'utilise Windows 7 professionnel 32 bits
comment je peux réparer ce problème,je suis nul en informatique
merci d'avance

j'ai faisais un scan avec kingofsat et voila le rapport svp aidez moi
<?xml version="1.0" encoding="UTF-8"?>

45 réponses

Réponse 1 / 45
Utilisateur anonyme
4 avril 2013 à 13:15
bonjour,

* Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html


* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

/!\Utilisateur de Vista, Seven et W8 :

* Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur le tourne vis, sélectionne tous les modules.

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :


https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers

0
Réponse 2 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
4 avril 2013 à 14:05
https://www.cjoint.com/?0Deoa26HoU4
0
Réponse 3 / 45
Utilisateur anonyme
4 avril 2013 à 17:03
ton pc est bien infecté !

* [*] Télécharger et enregistre RogueKiller sur le bureau
https://www.luanagames.com/index.fr.html (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du notepad

Note : Si RogueKiller ne se lance pas, change son nom en Winlogon.

Tuto :
http://tigzyrk.blogspot.fr/2012/10/fr-roguekiller-tutoriel-officiel.html

0
Réponse 4 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 01:41
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7600 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : pc [Droits d'admin]
Mode : Recherche -- Date : 05/04/2013 00:35:48
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SERVICE] IBUpdaterService -- C:\Windows\System32\dmwu.exe [7] -> STOPPÉ

¤¤¤ Entrees de registre : 13 ¤¤¤
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\System32\dmwu.exe) -> TROUVÉ
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\System32\dmwu.exe) -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[93] : NtCreateUserProcess @ 0x82C6F229 -> HOOKED (\??\C:\Windows\system32\drivers\kisknl.sys @ 0x8E8668DA)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 51ee66b0611633102158a8e1c29ace8a
[BSP] 089451b4f8604bcf2a4eaa280b58e069 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 221144 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 453109760 | Size: 83999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1]_S_05042013_003548.txt >>
RKreport[1]_S_05042013_003548.txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 45
Utilisateur anonyme
5 avril 2013 à 07:38
ok,

relance Roguekiller,

[*] Quitter tous les programmes, même ta messagerie incredimail !
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Cliquer sur Supprimer, Cliquer sur Rapport et copier coller le contenu du notepad

0
Réponse 6 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 15:43
salut frere
le bouton supprimer ne marche pas
0
Réponse 7 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 15:44
salut frere
le bouton supprimer ne marche pas
merci d'avance
0
Réponse 8 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 16:04
je vs remercie bien pour votre patience avec moi
hier lorsque j'ai t'envoyer le rapport de scan avant de sortir de rogue killer j'ai appuiye sur le bouton supprimer et j'ai sorti
s'il ya besoin de refaire tous les procédures parce que aujourd'hui le bouton supprime ne marche pas
je vs remercie infiniment
0
Réponse 9 / 45
Utilisateur anonyme
5 avril 2013 à 16:14
le bouton Supprimer ne fonctionne pas si tu ne lances pas la recherche avant !


0
Réponse 10 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 16:55
cher ami j'ai fais un autre scan et voila le rapport
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7600 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : pc [Droits d'admin]
Mode : Recherche -- Date : 05/04/2013 15:51:40
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SERVICE] IBUpdaterService -- C:\Windows\System32\dmwu.exe [7] -> STOPPÉ

¤¤¤ Entrees de registre : 13 ¤¤¤
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\System32\dmwu.exe) -> TROUVÉ
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\System32\dmwu.exe) -> TROUVÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[93] : NtCreateUserProcess @ 0x82C66229 -> HOOKED (\??\C:\Windows\system32\drivers\kisknl.sys @ 0x8BE448DA)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 51ee66b0611633102158a8e1c29ace8a
[BSP] 089451b4f8604bcf2a4eaa280b58e069 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 221144 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 453109760 | Size: 83999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2]_S_05042013_155140.txt >>
RKreport[1]_S_05042013_003548.txt ; RKreport[2]_S_05042013_155140.txt
0
Réponse 11 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 17:00
maintenant j'ai fait la supression et voila le rapport
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/

Systeme d'exploitation : Windows 7 (6.1.7600 Service Pack 1) 32 bits version
Demarrage : Mode normal
Utilisateur : pc [Droits d'admin]
Mode : Suppression -- Date : 05/04/2013 15:57:36
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SERVICE] IBUpdaterService -- C:\Windows\System32\dmwu.exe [7] -> STOPPÉ

¤¤¤ Entrees de registre : 13 ¤¤¤
[Services][BLSVC] HKLM\[...]\ControlSet001\Services\IBUpdaterService (C:\Windows\System32\dmwu.exe) -> SUPPRIMÉ
[Services][BLSVC] HKLM\[...]\ControlSet002\Services\IBUpdaterService (C:\Windows\System32\dmwu.exe) -> SUPPRIMÉ
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REMPLACÉ (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REMPLACÉ (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[93] : NtCreateUserProcess @ 0x82C66229 -> HOOKED (\??\C:\Windows\system32\drivers\kisknl.sys @ 0x8BE448DA)

¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 sls.microsoft.com


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] 51ee66b0611633102158a8e1c29ace8a
[BSP] 089451b4f8604bcf2a4eaa280b58e069 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 221144 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 453109760 | Size: 83999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[3]_D_05042013_155736.txt >>
RKreport[1]_S_05042013_003548.txt ; RKreport[2]_S_05042013_155140.txt ; RKreport[3]_D_05042013_155736.txt
0
Réponse 12 / 45
Utilisateur anonyme
5 avril 2013 à 17:39
super,

* Télécharge TDSSKiller sur ton bureau :

https://support.kaspersky.com/downloads/utils/tdsskiller.exe

* Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant qu'administrateur " )

* Clique sur [Start Scan] pour démarrer l'analyse.

* Si des élements sont trouvés, cliques sur [Continue] puis sur [Reboot Now]

* Un rapport s'ouvrira au redémarrage du PC.

* Copie/Colle son contenu dans ta prochaine réponse.

Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt.

note :
Conserve l'action proposée par défaut par l'outil :

- Si TDSS.tdl2 : l'option Delete sera cochée.
- Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
- Si "Suspicious object" ou Sptd ou ForgedFile.Multi.Generic : laisse l'option cochée sur Skip
- Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas:D

0
Réponse 13 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 18:09
1/lors de la fin de scan il n y a pas des touche continue ou reboot now il n y a que la touche "close"
ça c'est le rapport après le redémarrage de mon pc


16:48:22.0119 3412 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:48:23.0223 3412 ============================================================
16:48:23.0224 3412 Current date / time: 2013/04/05 16:48:23.0223
16:48:23.0224 3412 SystemInfo:
16:48:23.0224 3412
16:48:23.0224 3412 OS Version: 6.1.7600 ServicePack: 1.0
16:48:23.0224 3412 Product type: Workstation
16:48:23.0224 3412 ComputerName: PC-PC
16:48:23.0224 3412 UserName: pc
16:48:23.0224 3412 Windows directory: C:\Windows
16:48:23.0224 3412 System windows directory: C:\Windows
16:48:23.0224 3412 Processor architecture: Intel x86
16:48:23.0224 3412 Number of processors: 2
16:48:23.0224 3412 Page size: 0x1000
16:48:23.0225 3412 Boot type: Normal boot
16:48:23.0225 3412 ============================================================
16:48:25.0826 3412 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:48:25.0838 3412 ============================================================
16:48:25.0838 3412 \Device\Harddisk0\DR0:
16:48:25.0838 3412 MBR partitions:
16:48:25.0838 3412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:48:25.0838 3412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1AFEC000
16:48:25.0838 3412 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B01E800, BlocksNum 0xA40F800
16:48:25.0838 3412 ============================================================
16:48:25.0860 3412 C: <-> \Device\Harddisk0\DR0\Partition2
16:48:25.0928 3412 D: <-> \Device\Harddisk0\DR0\Partition3
16:48:25.0929 3412 ============================================================
16:48:25.0929 3412 Initialize success
16:48:25.0929 3412 ============================================================
16:48:48.0501 4248 ============================================================
16:48:48.0501 4248 Scan started
16:48:48.0501 4248 Mode: Manual;
16:48:48.0501 4248 ============================================================
16:48:49.0362 4248 ================ Scan system memory ========================
16:48:49.0362 4248 System memory - ok
16:48:49.0363 4248 ================ Scan services =============================
16:48:49.0520 4248 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:48:49.0523 4248 1394ohci - ok
16:48:49.0580 4248 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:48:49.0584 4248 ACPI - ok
16:48:49.0631 4248 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:48:49.0632 4248 AcpiPmi - ok
16:48:49.0753 4248 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:48:49.0756 4248 AdobeARMservice - ok
16:48:49.0842 4248 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:48:49.0846 4248 AdobeFlashPlayerUpdateSvc - ok
16:48:49.0904 4248 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:48:49.0910 4248 adp94xx - ok
16:48:49.0923 4248 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:48:49.0927 4248 adpahci - ok
16:48:49.0952 4248 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:48:49.0955 4248 adpu320 - ok
16:48:49.0989 4248 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:48:49.0994 4248 AeLookupSvc - ok
16:48:50.0045 4248 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:48:50.0050 4248 AFD - ok
16:48:50.0083 4248 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:48:50.0085 4248 agp440 - ok
16:48:50.0120 4248 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:48:50.0122 4248 aic78xx - ok
16:48:50.0158 4248 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:48:50.0161 4248 ALG - ok
16:48:50.0188 4248 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:48:50.0190 4248 aliide - ok
16:48:50.0220 4248 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:48:50.0222 4248 amdagp - ok
16:48:50.0266 4248 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:48:50.0268 4248 amdide - ok
16:48:50.0315 4248 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:48:50.0317 4248 AmdK8 - ok
16:48:50.0326 4248 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:48:50.0329 4248 AmdPPM - ok
16:48:50.0388 4248 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:48:50.0390 4248 amdsata - ok
16:48:50.0421 4248 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:48:50.0424 4248 amdsbs - ok
16:48:50.0447 4248 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:48:50.0448 4248 amdxata - ok
16:48:50.0485 4248 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:48:50.0489 4248 AppID - ok
16:48:50.0518 4248 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:48:50.0523 4248 AppIDSvc - ok
16:48:50.0585 4248 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:48:50.0587 4248 Appinfo - ok
16:48:50.0632 4248 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
16:48:50.0637 4248 AppMgmt - ok
16:48:50.0680 4248 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:48:50.0682 4248 arc - ok
16:48:50.0703 4248 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:48:50.0705 4248 arcsas - ok
16:48:50.0800 4248 [ 0AE43C6C411254049279C2EE55630F95 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
16:48:50.0801 4248 aswFsBlk - ok
16:48:50.0943 4248 [ 6693141560B1615D8DCCF0D8EB00087E ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:48:50.0944 4248 aswMonFlt - ok
16:48:50.0975 4248 [ 225013C16FE096714D71649AD7A20E8B ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
16:48:50.0977 4248 aswRdr - ok
16:48:51.0040 4248 [ DCB199B967375753B5019EC15F008F53 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:48:51.0046 4248 aswSnx - ok
16:48:51.0071 4248 [ B32873E5A1443C0A1E322266E203BF10 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:48:51.0075 4248 aswSP - ok
16:48:51.0093 4248 [ 6FF544175A9180C5D88534D3D9C9A9F7 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
16:48:51.0094 4248 aswTdi - ok
16:48:51.0109 4248 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:48:51.0110 4248 AsyncMac - ok
16:48:51.0147 4248 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:48:51.0148 4248 atapi - ok
16:48:51.0221 4248 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
16:48:51.0231 4248 athr - ok
16:48:51.0289 4248 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:48:51.0297 4248 AudioEndpointBuilder - ok
16:48:51.0321 4248 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:48:51.0326 4248 Audiosrv - ok
16:48:51.0383 4248 [ 4041D31508A2A084DFB42C595854090F ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
16:48:51.0385 4248 avast! Antivirus - ok
16:48:51.0427 4248 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:48:51.0430 4248 AxInstSV - ok
16:48:51.0467 4248 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:48:51.0470 4248 b06bdrv - ok
16:48:51.0502 4248 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:48:51.0504 4248 b57nd60x - ok
16:48:51.0540 4248 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:48:51.0543 4248 BDESVC - ok
16:48:51.0555 4248 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:48:51.0556 4248 Beep - ok
16:48:51.0602 4248 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:48:51.0619 4248 BFE - ok
16:48:51.0665 4248 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:48:51.0686 4248 BITS - ok
16:48:51.0718 4248 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:48:51.0719 4248 blbdrive - ok
16:48:51.0748 4248 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:48:51.0749 4248 bowser - ok
16:48:51.0775 4248 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:48:51.0776 4248 BrFiltLo - ok
16:48:51.0804 4248 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:48:51.0806 4248 BrFiltUp - ok
16:48:51.0837 4248 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:48:51.0841 4248 Browser - ok
16:48:51.0873 4248 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:48:51.0877 4248 Brserid - ok
16:48:51.0889 4248 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:48:51.0892 4248 BrSerWdm - ok
16:48:51.0904 4248 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:48:51.0906 4248 BrUsbMdm - ok
16:48:51.0920 4248 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:48:51.0922 4248 BrUsbSer - ok
16:48:51.0934 4248 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:48:51.0937 4248 BTHMODEM - ok
16:48:51.0981 4248 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:48:51.0984 4248 bthserv - ok
16:48:52.0012 4248 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:48:52.0015 4248 cdfs - ok
16:48:52.0067 4248 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:48:52.0069 4248 cdrom - ok
16:48:52.0134 4248 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:48:52.0138 4248 CertPropSvc - ok
16:48:52.0162 4248 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:48:52.0163 4248 circlass - ok
16:48:52.0205 4248 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:48:52.0209 4248 CLFS - ok
16:48:52.0265 4248 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:48:52.0268 4248 clr_optimization_v2.0.50727_32 - ok
16:48:52.0367 4248 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:48:52.0373 4248 clr_optimization_v4.0.30319_32 - ok
16:48:52.0414 4248 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:48:52.0416 4248 CmBatt - ok
16:48:52.0447 4248 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:48:52.0448 4248 cmdide - ok
16:48:52.0483 4248 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:48:52.0487 4248 CNG - ok
16:48:52.0520 4248 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:48:52.0522 4248 Compbatt - ok
16:48:52.0568 4248 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:48:52.0569 4248 CompositeBus - ok
16:48:52.0580 4248 COMSysApp - ok
16:48:52.0623 4248 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:48:52.0624 4248 crcdisk - ok
16:48:52.0679 4248 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:48:52.0683 4248 CryptSvc - ok
16:48:52.0734 4248 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
16:48:52.0739 4248 CSC - ok
16:48:52.0785 4248 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
16:48:52.0805 4248 CscService - ok
16:48:52.0834 4248 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:48:52.0857 4248 DcomLaunch - ok
16:48:52.0893 4248 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:48:52.0899 4248 defragsvc - ok
16:48:52.0953 4248 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:48:52.0955 4248 DfsC - ok
16:48:53.0013 4248 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:48:53.0020 4248 Dhcp - ok
16:48:53.0042 4248 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:48:53.0044 4248 discache - ok
16:48:53.0102 4248 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:48:53.0104 4248 Disk - ok
16:48:53.0138 4248 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:48:53.0144 4248 Dnscache - ok
16:48:53.0175 4248 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:48:53.0182 4248 dot3svc - ok
16:48:53.0224 4248 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:48:53.0230 4248 DPS - ok
16:48:53.0258 4248 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:48:53.0259 4248 drmkaud - ok
16:48:53.0307 4248 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:48:53.0316 4248 DXGKrnl - ok
16:48:53.0346 4248 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:48:53.0353 4248 EapHost - ok
16:48:53.0461 4248 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:48:53.0493 4248 ebdrv - ok
16:48:53.0513 4248 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:48:53.0519 4248 EFS - ok
16:48:53.0582 4248 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:48:53.0589 4248 ehRecvr - ok
16:48:53.0615 4248 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:48:53.0618 4248 ehSched - ok
16:48:53.0647 4248 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:48:53.0653 4248 elxstor - ok
16:48:53.0672 4248 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:48:53.0674 4248 ErrDev - ok
16:48:53.0735 4248 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:48:53.0742 4248 EventSystem - ok
16:48:53.0770 4248 ewusbmbb - ok
16:48:53.0791 4248 ew_hwusbdev - ok
16:48:53.0805 4248 ew_usbenumfilter - ok
16:48:53.0828 4248 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:48:53.0830 4248 exfat - ok
16:48:53.0846 4248 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:48:53.0848 4248 fastfat - ok
16:48:53.0890 4248 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:48:53.0898 4248 Fax - ok
16:48:53.0927 4248 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:48:53.0928 4248 fdc - ok
16:48:53.0950 4248 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:48:53.0953 4248 fdPHost - ok
16:48:53.0964 4248 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:48:53.0967 4248 FDResPub - ok
16:48:53.0980 4248 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:48:53.0982 4248 FileInfo - ok
16:48:54.0002 4248 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:48:54.0003 4248 Filetrace - ok
16:48:54.0015 4248 flpydisk - ok
16:48:54.0041 4248 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:48:54.0045 4248 FltMgr - ok
16:48:54.0094 4248 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:48:54.0128 4248 FontCache - ok
16:48:54.0191 4248 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:48:54.0194 4248 FontCache3.0.0.0 - ok
16:48:54.0213 4248 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:48:54.0215 4248 FsDepends - ok
16:48:54.0249 4248 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:48:54.0251 4248 Fs_Rec - ok
16:48:54.0300 4248 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:48:54.0304 4248 fvevol - ok
16:48:54.0332 4248 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:48:54.0334 4248 gagp30kx - ok
16:48:54.0400 4248 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:48:54.0424 4248 gpsvc - ok
16:48:54.0503 4248 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:48:54.0506 4248 gupdate - ok
16:48:54.0537 4248 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:48:54.0539 4248 gupdatem - ok
16:48:54.0593 4248 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:48:54.0596 4248 gusvc - ok
16:48:54.0623 4248 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:48:54.0625 4248 hcw85cir - ok
16:48:54.0671 4248 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:48:54.0674 4248 HdAudAddService - ok
16:48:54.0705 4248 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:48:54.0709 4248 HDAudBus - ok
16:48:54.0732 4248 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:48:54.0733 4248 HidBatt - ok
16:48:54.0741 4248 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:48:54.0743 4248 HidBth - ok
16:48:54.0762 4248 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:48:54.0763 4248 HidIr - ok
16:48:54.0791 4248 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:48:54.0796 4248 hidserv - ok
16:48:54.0855 4248 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:48:54.0856 4248 HidUsb - ok
16:48:54.0889 4248 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:48:54.0895 4248 hkmsvc - ok
16:48:54.0933 4248 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:48:54.0941 4248 HomeGroupListener - ok
16:48:54.0989 4248 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:48:54.0997 4248 HomeGroupProvider - ok
16:48:55.0033 4248 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:48:55.0035 4248 HpSAMD - ok
16:48:55.0074 4248 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:48:55.0080 4248 HTTP - ok
16:48:55.0095 4248 huawei_enumerator - ok
16:48:55.0111 4248 hwdatacard - ok
16:48:55.0156 4248 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:48:55.0158 4248 hwpolicy - ok
16:48:55.0202 4248 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:48:55.0204 4248 i8042prt - ok
16:48:55.0290 4248 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:48:55.0294 4248 iaStorV - ok
16:48:55.0354 4248 [ A7FFC60F06929C5433B452C7F13650E0 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
16:48:55.0356 4248 IDMWFP - ok
16:48:55.0417 4248 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:48:55.0452 4248 idsvc - ok
16:48:55.0711 4248 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:48:55.0811 4248 igfx - ok
16:48:55.0848 4248 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:48:55.0850 4248 iirsp - ok
16:48:55.0899 4248 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:48:55.0933 4248 IKEEXT - ok
16:48:55.0986 4248 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:48:55.0988 4248 intelide - ok
16:48:56.0012 4248 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:48:56.0014 4248 intelppm - ok
16:48:56.0045 4248 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:48:56.0054 4248 IPBusEnum - ok
16:48:56.0068 4248 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:48:56.0070 4248 IpFilterDriver - ok
16:48:56.0119 4248 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:48:56.0141 4248 iphlpsvc - ok
16:48:56.0182 4248 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:48:56.0183 4248 IPMIDRV - ok
16:48:56.0191 4248 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:48:56.0194 4248 IPNAT - ok
16:48:56.0232 4248 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:48:56.0234 4248 IRENUM - ok
16:48:56.0269 4248 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:48:56.0270 4248 isapnp - ok
16:48:56.0329 4248 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:48:56.0332 4248 iScsiPrt - ok
16:48:56.0395 4248 [ AE2200BA12EB181FD512B38B19953F4F ] jrdusbser C:\Windows\system32\DRIVERS\jrdusbser.sys
16:48:56.0398 4248 jrdusbser - ok
16:48:56.0446 4248 [ A16B3C62473F0EB6B25D3FE01D94D20A ] kavbootc C:\Windows\system32\drivers\kavbootc.sys
16:48:56.0447 4248 kavbootc - ok
16:48:56.0487 4248 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
16:48:56.0489 4248 kbdclass - ok
16:48:56.0517 4248 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:48:56.0518 4248 kbdhid - ok
16:48:56.0646 4248 [ 19A32BA59DF059B4DCBE28C5B5431ABA ] KDHacker c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys
16:48:56.0648 4248 KDHacker - ok
16:48:56.0671 4248 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:48:56.0679 4248 KeyIso - ok
16:48:56.0729 4248 [ 79AF9B1395D7B69A51B59776327545B6 ] kisknl C:\Windows\system32\drivers\kisknl.sys
16:48:56.0732 4248 kisknl - ok
16:48:56.0801 4248 [ 78942EF5E22E2D4107638A6148CD3BB5 ] ksapi C:\Windows\system32\drivers\ksapi.sys
16:48:56.0805 4248 ksapi - ok
16:48:56.0850 4248 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:48:56.0852 4248 KSecDD - ok
16:48:56.0879 4248 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:48:56.0884 4248 KSecPkg - ok
16:48:56.0920 4248 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:48:56.0941 4248 KtmRm - ok
16:48:56.0984 4248 [ 25D7B881312C8400E61E3963FCC1F002 ] KUsbGuard C:\Program Files\kingsoft\kingsoft antivirus\kusbquery.sys
16:48:56.0985 4248 KUsbGuard - ok
16:48:57.0080 4248 [ D475D06DE67A3A1D9AD9E632B4C1501C ] kxescore c:\program files\kingsoft\kingsoft antivirus\kxescore.exe
16:48:57.0082 4248 kxescore - ok
16:48:57.0120 4248 [ 6C32BFEAB708915D6BBF4B20D4F3EF7B ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
16:48:57.0122 4248 L1C - ok
16:48:57.0172 4248 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:48:57.0182 4248 LanmanServer - ok
16:48:57.0226 4248 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:48:57.0236 4248 LanmanWorkstation - ok
16:48:57.0287 4248 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:48:57.0288 4248 lltdio - ok
16:48:57.0334 4248 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:48:57.0342 4248 lltdsvc - ok
16:48:57.0365 4248 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:48:57.0371 4248 lmhosts - ok
16:48:57.0410 4248 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:48:57.0412 4248 LSI_FC - ok
16:48:57.0431 4248 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:48:57.0433 4248 LSI_SAS - ok
16:48:57.0448 4248 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:48:57.0450 4248 LSI_SAS2 - ok
16:48:57.0471 4248 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:48:57.0473 4248 LSI_SCSI - ok
16:48:57.0485 4248 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:48:57.0488 4248 luafv - ok
16:48:57.0579 4248 Mattel_Mauritel Wave Modem Device Helper - ok
16:48:57.0621 4248 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:48:57.0627 4248 Mcx2Svc - ok
16:48:57.0647 4248 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:48:57.0649 4248 megasas - ok
16:48:57.0679 4248 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:48:57.0682 4248 MegaSR - ok
16:48:57.0726 4248 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:48:57.0731 4248 MMCSS - ok
16:48:57.0754 4248 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:48:57.0755 4248 Modem - ok
16:48:57.0783 4248 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:48:57.0785 4248 monitor - ok
16:48:57.0812 4248 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:48:57.0814 4248 mouclass - ok
16:48:57.0823 4248 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:48:57.0825 4248 mouhid - ok
16:48:57.0862 4248 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:48:57.0864 4248 mountmgr - ok
16:48:57.0928 4248 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:48:57.0930 4248 MozillaMaintenance - ok
16:48:57.0967 4248 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:48:57.0970 4248 mpio - ok
16:48:57.0988 4248 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:48:57.0990 4248 mpsdrv - ok
16:48:58.0057 4248 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:48:58.0072 4248 MpsSvc - ok
16:48:58.0099 4248 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:48:58.0102 4248 MRxDAV - ok
16:48:58.0166 4248 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:48:58.0169 4248 mrxsmb - ok
16:48:58.0181 4248 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:48:58.0185 4248 mrxsmb10 - ok
16:48:58.0234 4248 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:48:58.0237 4248 mrxsmb20 - ok
16:48:58.0305 4248 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:48:58.0307 4248 msahci - ok
16:48:58.0348 4248 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:48:58.0351 4248 msdsm - ok
16:48:58.0377 4248 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:48:58.0387 4248 MSDTC - ok
16:48:58.0444 4248 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:48:58.0445 4248 Msfs - ok
16:48:58.0463 4248 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:48:58.0465 4248 mshidkmdf - ok
16:48:58.0514 4248 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:48:58.0516 4248 msisadrv - ok
16:48:58.0563 4248 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:48:58.0570 4248 MSiSCSI - ok
16:48:58.0577 4248 msiserver - ok
16:48:58.0623 4248 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:48:58.0625 4248 MSKSSRV - ok
16:48:58.0648 4248 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:48:58.0649 4248 MSPCLOCK - ok
16:48:58.0672 4248 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:48:58.0674 4248 MSPQM - ok
16:48:58.0692 4248 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:48:58.0695 4248 MsRPC - ok
16:48:58.0721 4248 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:48:58.0723 4248 mssmbios - ok
16:48:58.0768 4248 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:48:58.0770 4248 MSTEE - ok
16:48:58.0786 4248 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:48:58.0788 4248 MTConfig - ok
16:48:58.0796 4248 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:48:58.0799 4248 Mup - ok
16:48:58.0851 4248 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:48:58.0873 4248 napagent - ok
16:48:58.0921 4248 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:48:58.0925 4248 NativeWifiP - ok
16:48:58.0983 4248 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:48:58.0993 4248 NDIS - ok
16:48:59.0031 4248 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:48:59.0033 4248 NdisCap - ok
16:48:59.0058 4248 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:48:59.0060 4248 NdisTapi - ok
16:48:59.0091 4248 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:48:59.0093 4248 Ndisuio - ok
16:48:59.0136 4248 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:48:59.0139 4248 NdisWan - ok
16:48:59.0159 4248 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:48:59.0161 4248 NDProxy - ok
16:48:59.0203 4248 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:48:59.0205 4248 NetBIOS - ok
16:48:59.0246 4248 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:48:59.0249 4248 NetBT - ok
16:48:59.0261 4248 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:48:59.0268 4248 Netlogon - ok
16:48:59.0308 4248 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:48:59.0329 4248 Netman - ok
16:48:59.0342 4248 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:48:59.0353 4248 netprofm - ok
16:48:59.0392 4248 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:48:59.0395 4248 NetTcpPortSharing - ok
16:48:59.0420 4248 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:48:59.0422 4248 nfrd960 - ok
16:48:59.0485 4248 [ 54FCEA3A63C9A75FDCCF1EE512E29E93 ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
16:48:59.0488 4248 NitroReaderDriverReadSpool2 - ok
16:48:59.0525 4248 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:48:59.0547 4248 NlaSvc - ok
16:48:59.0586 4248 [ 3BC430CF68BC9ED111042BDE2DDD72FA ] nlsX86cc C:\Windows\system32\NLSSRV32.EXE
16:48:59.0593 4248 nlsX86cc - ok
16:48:59.0616 4248 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:48:59.0618 4248 Npfs - ok
16:48:59.0666 4248 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:48:59.0673 4248 nsi - ok
16:48:59.0716 4248 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:48:59.0718 4248 nsiproxy - ok
16:48:59.0801 4248 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:48:59.0847 4248 Ntfs - ok
16:48:59.0865 4248 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:48:59.0867 4248 Null - ok
16:48:59.0938 4248 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:48:59.0940 4248 nvraid - ok
16:48:59.0990 4248 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:48:59.0993 4248 nvstor - ok
16:49:00.0016 4248 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:49:00.0019 4248 nv_agp - ok
16:49:00.0158 4248 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:49:00.0164 4248 odserv - ok
16:49:00.0204 4248 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:49:00.0206 4248 ohci1394 - ok
16:49:00.0248 4248 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:49:00.0251 4248 ose - ok
16:49:00.0291 4248 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:49:00.0313 4248 p2pimsvc - ok
16:49:00.0353 4248 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:49:00.0376 4248 p2psvc - ok
16:49:00.0407 4248 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:49:00.0409 4248 Parport - ok
16:49:00.0451 4248 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:49:00.0453 4248 partmgr - ok
16:49:00.0485 4248 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:49:00.0486 4248 Parvdm - ok
16:49:00.0513 4248 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:49:00.0522 4248 PcaSvc - ok
16:49:00.0550 4248 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:49:00.0553 4248 pci - ok
16:49:00.0566 4248 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:49:00.0568 4248 pciide - ok
16:49:00.0588 4248 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:49:00.0592 4248 pcmcia - ok
16:49:00.0629 4248 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:49:00.0631 4248 pcw - ok
16:49:00.0779 4248 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:49:00.0786 4248 PEAUTH - ok
16:49:00.0834 4248 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:49:00.0880 4248 PeerDistSvc - ok
16:49:00.0971 4248 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:49:01.0029 4248 pla - ok
16:49:01.0070 4248 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:49:01.0093 4248 PlugPlay - ok
16:49:01.0122 4248 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:49:01.0131 4248 PNRPAutoReg - ok
16:49:01.0169 4248 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:49:01.0180 4248 PNRPsvc - ok
16:49:01.0208 4248 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:49:01.0239 4248 PolicyAgent - ok
16:49:01.0283 4248 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:49:01.0295 4248 Power - ok
16:49:01.0332 4248 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:49:01.0334 4248 PptpMiniport - ok
16:49:01.0364 4248 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:49:01.0366 4248 Processor - ok
16:49:01.0405 4248 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:49:01.0427 4248 ProfSvc - ok
16:49:01.0462 4248 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:49:01.0468 4248 ProtectedStorage - ok
16:49:01.0506 4248 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:49:01.0510 4248 Psched - ok
16:49:01.0650 4248 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:49:01.0665 4248 ql2300 - ok
16:49:01.0726 4248 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:49:01.0729 4248 ql40xx - ok
16:49:01.0778 4248 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:49:01.0800 4248 QWAVE - ok
16:49:01.0814 4248 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:49:01.0816 4248 QWAVEdrv - ok
16:49:01.0837 4248 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:49:01.0839 4248 RasAcd - ok
16:49:01.0887 4248 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:49:01.0889 4248 RasAgileVpn - ok
16:49:01.0909 4248 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:49:01.0922 4248 RasAuto - ok
16:49:01.0942 4248 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:49:01.0944 4248 Rasl2tp - ok
16:49:01.0998 4248 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:49:02.0020 4248 RasMan - ok
16:49:02.0034 4248 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:49:02.0037 4248 RasPppoe - ok
16:49:02.0048 4248 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:49:02.0051 4248 RasSstp - ok
16:49:02.0110 4248 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:49:02.0113 4248 rdbss - ok
16:49:02.0130 4248 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:49:02.0132 4248 rdpbus - ok
16:49:02.0179 4248 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:49:02.0181 4248 RDPCDD - ok
16:49:02.0221 4248 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:49:02.0224 4248 RDPDR - ok
16:49:02.0253 4248 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:49:02.0255 4248 RDPENCDD - ok
16:49:02.0268 4248 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:49:02.0271 4248 RDPREFMP - ok
16:49:02.0310 4248 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:49:02.0314 4248 RDPWD - ok
16:49:02.0365 4248 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:49:02.0368 4248 rdyboost - ok
16:49:02.0419 4248 RealNetworks Downloader Resolver Service - ok
16:49:02.0452 4248 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:49:02.0462 4248 RemoteAccess - ok
16:49:02.0506 4248 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:49:02.0517 4248 RemoteRegistry - ok
16:49:02.0540 4248 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:49:02.0551 4248 RpcEptMapper - ok
16:49:02.0584 4248 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:49:02.0592 4248 RpcLocator - ok
16:49:02.0617 4248 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:49:02.0634 4248 RpcSs - ok
16:49:02.0690 4248 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:49:02.0693 4248 rspndr - ok
16:49:02.0740 4248 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:49:02.0742 4248 s3cap - ok
16:49:02.0796 4248 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:49:02.0802 4248 SamSs - ok
16:49:02.0855 4248 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:49:02.0858 4248 sbp2port - ok
16:49:02.0905 4248 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:49:02.0916 4248 SCardSvr - ok
16:49:02.0938 4248 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:49:02.0940 4248 scfilter - ok
16:49:02.0994 4248 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:49:03.0040 4248 Schedule - ok
16:49:03.0063 4248 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:49:03.0065 4248 SCPolicySvc - ok
16:49:03.0139 4248 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:49:03.0149 4248 SDRSVC - ok
16:49:03.0198 4248 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:49:03.0200 4248 secdrv - ok
16:49:03.0239 4248 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:49:03.0248 4248 seclogon - ok
16:49:03.0285 4248 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:49:03.0295 4248 SENS - ok
16:49:03.0326 4248 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:49:03.0336 4248 SensrSvc - ok
16:49:03.0353 4248 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:49:03.0355 4248 Serenum - ok
16:49:03.0376 4248 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:49:03.0378 4248 Serial - ok
16:49:03.0404 4248 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:49:03.0406 4248 sermouse - ok
16:49:03.0456 4248 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:49:03.0464 4248 SessionEnv - ok
16:49:03.0503 4248 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:49:03.0504 4248 sffdisk - ok
16:49:03.0525 4248 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:49:03.0527 4248 sffp_mmc - ok
16:49:03.0554 4248 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:49:03.0555 4248 sffp_sd - ok
16:49:03.0570 4248 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:49:03.0571 4248 sfloppy - ok
16:49:03.0606 4248 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:49:03.0614 4248 SharedAccess - ok
16:49:03.0657 4248 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:49:03.0681 4248 ShellHWDetection - ok
16:49:03.0716 4248 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:49:03.0718 4248 sisagp - ok
16:49:03.0748 4248 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:49:03.0750 4248 SiSRaid2 - ok
16:49:03.0770 4248 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:49:03.0773 4248 SiSRaid4 - ok
16:49:03.0899 4248 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:49:03.0902 4248 SkypeUpdate - ok
16:49:03.0932 4248 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:49:03.0934 4248 Smb - ok
16:49:03.0972 4248 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:49:03.0981 4248 SNMPTRAP - ok
16:49:04.0018 4248 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:49:04.0020 4248 spldr - ok
16:49:04.0056 4248 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
16:49:04.0091 4248 Spooler - ok
16:49:04.0205 4248 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:49:04.0307 4248 sppsvc - ok
16:49:04.0336 4248 [ 7773AD40221ECBBD18053EC75AFF229B ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:49:04.0358 4248 sppuinotify - ok
16:49:04.0395 4248 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:49:04.0400 4248 srv - ok
16:49:04.0433 4248 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:49:04.0437 4248 srv2 - ok
16:49:04.0471 4248 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:49:04.0474 4248 srvnet - ok
16:49:04.0522 4248 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:49:04.0544 4248 SSDPSRV - ok
16:49:04.0576 4248 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:49:04.0587 4248 SstpSvc - ok
16:49:04.0625 4248 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:49:04.0627 4248 stexstor - ok
16:49:04.0695 4248 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:49:04.0729 4248 StiSvc - ok
16:49:04.0765 4248 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:49:04.0767 4248 storflt - ok
16:49:04.0820 4248 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
16:49:04.0831 4248 StorSvc - ok
16:49:04.0861 4248 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:49:04.0863 4248 storvsc - ok
16:49:04.0889 4248 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:49:04.0895 4248 swenum - ok
16:49:04.0935 4248 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:49:04.0958 4248 swprv - ok
16:49:05.0016 4248 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:49:05.0052 4248 SysMain - ok
16:49:05.0076 4248 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:49:05.0086 4248 TabletInputService - ok
16:49:05.0122 4248 [ 2D631E8B09C2D6DA3EF8D12797A9FA44 ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys
16:49:05.0124 4248 taphss6 - ok
16:49:05.0156 4248 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:49:05.0177 4248 TapiSrv - ok
16:49:05.0199 4248 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:49:05.0207 4248 TBS - ok
16:49:05.0271 4248 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:49:05.0283 4248 Tcpip - ok
16:49:05.0337 4248 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:49:05.0349 4248 TCPIP6 - ok
16:49:05.0405 4248 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:49:05.0406 4248 tcpipreg - ok
16:49:05.0445 4248 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:49:05.0447 4248 TDPIPE - ok
16:49:05.0470 4248 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:49:05.0471 4248 TDTCP - ok
16:49:05.0514 4248 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:49:05.0516 4248 tdx - ok
16:49:05.0552 4248 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:49:05.0553 4248 TermDD - ok
16:49:05.0601 4248 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:49:05.0624 4248 TermService - ok
16:49:05.0647 4248 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:49:05.0653 4248 Themes - ok
16:49:05.0675 4248 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:49:05.0678 4248 THREADORDER - ok
16:49:05.0688 4248 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:49:05.0696 4248 TrkWks - ok
16:49:05.0776 4248 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:49:05.0778 4248 TrustedInstaller - ok
16:49:05.0825 4248 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:49:05.0826 4248 tssecsrv - ok
16:49:05.0894 4248 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:49:05.0895 4248 TsUsbFlt - ok
16:49:05.0952 4248 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:49:05.0954 4248 tunnel - ok
16:49:05.0976 4248 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:49:05.0977 4248 uagp35 - ok
16:49:06.0021 4248 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:49:06.0024 4248 udfs - ok
16:49:06.0057 4248 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:49:06.0064 4248 UI0Detect - ok
16:49:06.0101 4248 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:49:06.0102 4248 uliagpkx - ok
16:49:06.0146 4248 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:49:06.0148 4248 umbus - ok
16:49:06.0176 4248 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:49:06.0178 4248 UmPass - ok
16:49:06.0233 4248 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
16:49:06.0241 4248 UmRdpService - ok
16:49:06.0280 4248 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:49:06.0301 4248 upnphost - ok
16:49:06.0343 4248 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:49:06.0345 4248 usbccgp - ok
16:49:06.0393 4248 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:49:06.0395 4248 usbcir - ok
16:49:06.0417 4248 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:49:06.0418 4248 usbehci - ok
16:49:06.0471 4248 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:49:06.0473 4248 usbhub - ok
16:49:06.0498 4248 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:49:06.0499 4248 usbohci - ok
16:49:06.0545 4248 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:49:06.0546 4248 usbprint - ok
16:49:06.0589 4248 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:49:06.0592 4248 USBSTOR - ok
16:49:06.0610 4248 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:49:06.0612 4248 usbuhci - ok
16:49:06.0658 4248 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:49:06.0661 4248 usbvideo - ok
16:49:06.0699 4248 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
16:49:06.0701 4248 usb_rndisx - ok
16:49:06.0722 4248 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:49:06.0733 4248 UxSms - ok
16:49:06.0754 4248 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:49:06.0760 4248 VaultSvc - ok
16:49:06.0791 4248 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:49:06.0794 4248 vdrvroot - ok
16:49:06.0837 4248 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:49:06.0851 4248 vds - ok
16:49:06.0883 4248 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:49:06.0886 4248 vga - ok
16:49:06.0907 4248 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:49:06.0910 4248 VgaSave - ok
16:49:06.0942 4248 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:49:06.0945 4248 vhdmp - ok
16:49:06.0970 4248 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:49:06.0973 4248 viaagp - ok
16:49:06.0993 4248 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:49:06.0995 4248 ViaC7 - ok
16:49:07.0030 4248 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:49:07.0032 4248 viaide - ok
16:49:07.0052 4248 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:49:07.0056 4248 vmbus - ok
16:49:07.0083 4248 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:49:07.0085 4248 VMBusHID - ok
16:49:07.0105 4248 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:49:07.0108 4248 volmgr - ok
16:49:07.0135 4248 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:49:07.0139 4248 volmgrx - ok
16:49:07.0164 4248 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:49:07.0169 4248 volsnap - ok
16:49:07.0202 4248 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:49:07.0205 4248 vsmraid - ok
16:49:07.0265 4248 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:49:07.0284 4248 VSS - ok
16:49:07.0297 4248 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:49:07.0299 4248 vwifibus - ok
16:49:07.0316 4248 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:49:07.0318 4248 vwififlt - ok
16:49:07.0362 4248 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:49:07.0384 4248 W32Time - ok
16:49:07.0411 4248 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:49:07.0414 4248 WacomPen - ok
16:49:07.0441 4248 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:49:07.0443 4248 WANARP - ok
16:49:07.0450 4248 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:49:07.0452 4248 Wanarpv6 - ok
16:49:07.0511 4248 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:49:07.0526 4248 WatAdminSvc - ok
16:49:07.0582 4248 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:49:07.0604 4248 wbengine - ok
16:49:07.0623 4248 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:49:07.0645 4248 WbioSrvc - ok
16:49:07.0727 4248 [ EE8A9734B448836B0127C76066119E9C ] WCMVCAM C:\Windows\system32\DRIVERS\wcmvcam.sys
16:49:07.0740 4248 WCMVCAM - ok
16:49:07.0781 4248 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:49:07.0803 4248 wcncsvc - ok
16:49:07.0817 4248 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:49:07.0828 4248 WcsPlugInService - ok
16:49:07.0866 4248 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:49:07.0868 4248 Wd - ok
16:49:07.0891 4248 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:49:07.0898 4248 Wdf01000 - ok
16:49:07.0918 4248 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:49:07.0930 4248 WdiServiceHost - ok
16:49:07.0937 4248 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:49:07.0949 4248 WdiSystemHost - ok
16:49:07.0993 4248 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:49:08.0016 4248 WebClient - ok
16:49:08.0034 4248 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:49:08.0057 4248 Wecsvc - ok
16:49:08.0079 4248 [
0
Réponse 14 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 18:30
mon ami
Electricien 69
le moderature m'a envoyer un message dise que "Votre message intitulé « problème kernel » datant du 20 mars 2013 à 12:35 vient d'être supprimé par un modérateur (baladur13)
Voici le commentaire laissé par le modérateur à votre attention : * Le message était posté en double dans le forum.
alors svp mon probleme n'est pas résolu jusqu'à ce moment.
comment je peux faire
je vous remercie beaucoup et désolé pour le derangement
0
Réponse 15 / 45
Utilisateur anonyme
5 avril 2013 à 21:21
tu avais un poste en doublon, les doublon sont supprimé illico presto du forum !

* /!\Avertissement :
Ce logiciel n'est à utiliser que prescrit par un helper qualifié.
Ne pas utiliser en dehors de ce cas de figure : dangereux!




► Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ou ici :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :

► ferme les fenêtres de tous les programmes en cours.

► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.

/!\Utilisateur de Vista & Windows7 : Clique droit sur le logo de Combofix, « exécuter en tant qu'Administrateur »

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

- il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\ComboFix\ComboFix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de Combofix.txt dans ton prochain message.


0
Réponse 16 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
5 avril 2013 à 22:49
ComboFix 13-04-05.01 - pc 05/04/2013 20:54:39.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7600.1.1252.33.1036.18.1977.1275 [GMT 1:00]
Lancé depuis: c:\users\pc\Downloads\Programs\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\pc\AppData\Local\Minibar
c:\users\pc\AppData\Local\Minibar\chrome\background.html
c:\users\pc\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\pc\AppData\Local\Minibar\chrome\extension_info.json
c:\users\pc\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\pc\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\pc\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\pc\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\pc\AppData\Local\Minibar\chrome\includes\content.js
c:\users\pc\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\pc\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\pc\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\pc\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\pc\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\console.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\io.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\pc\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\pc\AppData\Local\Minibar\chrome\main.js
c:\users\pc\AppData\Local\Minibar\chrome\manifest.json
c:\users\pc\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\pc\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\pc\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\pc\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\pc\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\pc\AppData\Local\Minibar\chrome\popup.html
c:\users\pc\AppData\Local\Minibar\chrome\popup.js
c:\users\pc\AppData\Local\Minibar\chrome\tab.html
c:\users\pc\AppData\Local\Minibar\chrome\tab.js
c:\users\pc\AppData\Local\Minibar\chrome_installer.js
c:\users\pc\AppData\Local\Minibar\common.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome.manifest
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\cached_http_request.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\content.xul
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\extension_info.json
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\console.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\io.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\main.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\config.json
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js
c:\users\pc\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js
c:\users\pc\AppData\Local\Minibar\firefox\install.rdf
c:\users\pc\AppData\Local\Minibar\firefox_installer.js
c:\users\pc\AppData\Local\Minibar\ie_installer.js
c:\users\pc\AppData\Local\Minibar\install.json
c:\users\pc\AppData\Local\Minibar\minibar.crx
c:\users\pc\AppData\Local\Minibar\minibar.xpi
c:\users\pc\AppData\Local\Minibar\sqlite3.exe
c:\users\pc\AppData\Local\Minibar\Uninstall.exe
.
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
.
Une copie infectée de c:\windows\System32\slui.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_5dc908a6fd144a83\slui.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-03-05 au 2013-04-05 ))))))))))))))))))))))))))))))))))))
.
.
2013-04-05 20:31 . 2013-04-05 20:33 -------- d-----w- c:\users\pc\AppData\Local\temp
2013-04-05 20:31 . 2013-04-05 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-04 11:51 . 2013-04-04 11:51 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2013-04-04 11:39 . 2013-04-04 11:51 -------- d-----w- C:\ZHP
2013-04-04 11:39 . 2013-04-04 11:51 -------- d-----w- c:\program files\ZHPDiag
2013-04-02 23:50 . 2013-04-02 23:50 -------- d-----w- c:\program files\Readon Technology
2013-04-02 14:40 . 2013-04-02 14:40 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AD59DBF-9C18-4B7C-B6E8-DA52806E8739}\offreg.dll
2013-04-02 14:40 . 2013-04-02 14:40 -------- d-----w- c:\windows\system32\Extensions
2013-04-02 14:39 . 2013-04-02 14:39 -------- d-----w- c:\windows\system32\searchplugins
2013-04-02 13:54 . 2013-04-02 13:54 -------- d-----w- c:\users\pc\AppData\Local\Babylon
2013-04-02 11:35 . 2013-04-02 12:01 -------- d-----w- c:\users\pc\AppData\Local\Readon_Technology
2013-04-01 22:34 . 2013-04-01 22:34 899184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-04-01 22:31 . 2013-04-01 22:31 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-04-01 22:31 . 2013-04-01 22:31 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-26 10:14 . 2013-03-26 10:14 -------- d-----w- c:\program files\Common Files\Java
2013-03-26 10:13 . 2013-03-26 10:13 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-25 10:57 . 2013-03-25 12:18 -------- d-----w- c:\program files\DefaultTab
2013-03-24 13:44 . 2013-03-24 13:45 -------- d-----w- c:\users\pc\AppData\Roaming\MyEmoticons
2013-03-21 23:45 . 2013-03-21 23:45 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-03-21 12:31 . 2009-07-14 02:03 -------- d-----w- C:\LiveKernelReports
2013-03-21 09:05 . 2011-06-20 08:00 106112 ----a-w- c:\windows\system32\drivers\jrdusbser.sys
2013-03-20 16:16 . 2013-03-20 16:16 -------- d-----w- c:\programdata\KRSHistory
2013-03-14 23:01 . 2013-03-14 23:46 -------- d-----w- c:\users\pc\AppData\Roaming\EurekaLog
2013-03-11 11:50 . 2009-07-14 11:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-03-11 11:50 . 2009-07-14 11:27 1461992 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01009.dll
2013-03-09 19:06 . 2013-03-21 14:15 -------- d-----w- c:\users\pc\AppData\Roaming\{4f7d2ba9-9012-4e67-be1e-1d00701f1f30}
2013-03-09 18:02 . 2013-03-21 14:15 -------- d-----w- c:\users\pc\AppData\Roaming\{af2daa6c-32dd-4ccc-b953-e1008568b206}
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-26 10:13 . 2012-12-27 18:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-26 10:13 . 2012-12-27 18:27 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-14 22:28 . 2012-08-25 10:57 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-14 22:28 . 2012-07-14 20:24 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-09 18:20 . 2009-06-10 21:38 113543 ----a-w- c:\windows\system32\slmgr.vbs
2013-03-09 14:28 . 2012-05-28 07:08 14336 ----a-w- c:\windows\system32\slwga.dll
2013-03-09 14:28 . 2009-07-13 23:36 118784 ----a-w- c:\windows\system32\sppwmi.dll
2013-03-09 14:28 . 2012-05-28 07:08 53760 ----a-w- c:\windows\system32\sppuinotify.dll
2013-03-09 14:28 . 2009-07-13 23:36 345088 ----a-w- c:\windows\system32\sppcommdlg.dll
2013-02-12 20:59 . 2013-02-12 20:59 37064 ----a-w- c:\windows\system32\drivers\taphss6.sys
2013-02-12 20:45 . 2013-02-12 20:45 36040 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2013-01-06 15:10 . 2013-01-06 15:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-01-06 15:10 . 2013-01-06 15:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-03-08 17:34 . 2013-03-08 17:34 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
[code]<pre>
c:\windows\svchost .exe
</pre>/code
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
.
[7] 2012-04-02 . 9D19079820928D72A5708A668B5B62AE . 3958128 . . [6.1.7600.16988] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntkrnlpa.exe
[7] 2012-03-31 . C6D1D128DE4148E35B6C04B6892EB71A . 3970928 . . [6.1.7600.21179] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntkrnlpa.exe
[7] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2012-03-06 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2012-03-06 . 06EF177FE7FEBB1314E42F568FCB55A3 . 3958128 . . [6.1.7600.16973] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16973_none_6c0f928015704824\ntkrnlpa.exe
[7] 2012-03-06 . 3B237D98A0DFC9395C7D97E33AA38ACF . 3971440 . . [6.1.7600.21163] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21163_none_6ca3d7592e85ff3f\ntkrnlpa.exe
[7] 2012-03-06 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2011-10-26 . FC9183A26D2AD7BD68F471262CF3946D . 3970928 . . [6.1.7601.21847] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21847_none_6ea3fd3d2b986563\ntkrnlpa.exe
[7] 2011-10-26 . 0E725E4D29CBA35E680DD51099EB6598 . 3970416 . . [6.1.7600.21077] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21077_none_6c9d06af2e8a8365\ntkrnlpa.exe
[7] 2011-10-26 . F2368C2A4B126B2EAEF1985116B88A1D . 3967856 . . [6.1.7601.17713] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17713_none_6e36cf0e12660c6a\ntkrnlpa.exe
[7] 2011-10-26 . 0E5E92C8AA8ADA52D37D551E322BF1FA . 3957104 . . [6.1.7600.16905] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16905_none_6c5d42881535b73b\ntkrnlpa.exe
[-] 2010-12-20 . 6BB5D70720DB62A363404836140C97E6 . 3958792 . . [6.1.7600.20738] . . c:\windows\System32\ntkrnlpa.exe
[7] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[7] 2010-10-27 . A6DCF9F73F2FCA7A96D9585817A08B43 . 3957120 . . [6.1.7600.16695] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16695_none_6bfbed8a157ebb3f\ntkrnlpa.exe
[7] 2010-10-27 . 8E641A407A795DFB7B3A34053EF8DB39 . 3966848 . . [6.1.7600.20826] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20826_none_6cd23bf92e62adf0\ntkrnlpa.exe
[7] 2009-12-08 . 9961859237C15878493ADE2119991614 . 3954776 . . [6.1.7600.20591] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20591_none_6c8185612e9ffb5f\ntkrnlpa.exe
[7] 2009-12-08 . 92345529A07F31547D73FF6E32E1AFE9 . 3955288 . . [6.1.7600.16481] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16481_none_6c02b882157a3fa4\ntkrnlpa.exe
[7] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
2013-02-28 06:58 214896 ----a-w- c:\users\pc\AppData\Roaming\MyEmoticons\myemoticons-1.6.1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 15:31 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-06-09 3380632]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"SDP"="c:\program files\FilesFrog Update Checker\update_checker.exe" [2013-01-31 201808]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Piratrax"="c:\program files\Piratrax\piratrax_launch.exe" [2013-03-04 418448]
"Facebook Update"="c:\users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-03-26 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"kxesc"="c:\program files\kingsoft\kingsoft antivirus\kxetray.exe" [2013-03-20 1595056]
"Mattel_Mauritel Wave ModemListener"="c:\program files\Mauritel 3G+\BackgroundService\ModemListener.exe" [2011-06-20 102400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de notification de cadeaux MSN.lnk - c:\users\pc\AppData\Roaming\Microsoft\Outil de notification de cadeaux MSN\msnotif.exe [2012-5-29 183096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2011-06-09 12:55 3380632 ----a-w- c:\program files\Internet Download Manager\IDMan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2009-08-16 19:36 955392 ----a-w- c:\program files\SuperCopier2\SuperCopier2.exe
.
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 kavbootc;kavbootc;c:\windows\system32\drivers\kavbootc.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 KDHacker;KDHacker;c:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [x]
S2 kxescore;Kingsoft Core Service;c:\program files\kingsoft\kingsoft antivirus\kxescore.exe [x]
S2 Mattel_Mauritel Wave Modem Device Helper;Mattel_Mauritel Wave Modem Device Helper;c:\program files\Mauritel 3G+\BackgroundService\ServiceManager.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [x]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam.sys [x]
S3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S4 KUsbGuard;KUsbGuard;c:\program files\kingsoft\kingsoft antivirus\kusbquery.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2013-04-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 22:28]
.
2013-04-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-784792315-1463112541-3058373257-1000Core.job
- c:\users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-26 23:05]
.
2013-04-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-784792315-1463112541-3058373257-1000UA.job
- c:\users\pc\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-26 23:05]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 09:09]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-26 09:09]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784792315-1463112541-3058373257-1000Core.job
- c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-08 12:54]
.
2013-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-784792315-1463112541-3058373257-1000UA.job
- c:\users\pc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-08 12:54]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.delta-search.com/?affID=119403&babsrc=HP_ss&mntrId=9015C80AA908AE40
mStart Page = hxxp://start.myplaycity.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm
FF - ProfilePath - c:\users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\f2jfwxc6.default\
FF - prefs.js: Keyword.Enabled - true
FF - prefs.js: browser.search.selectedEngine - Delta Search
FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119403&babsrc=HP_ss&mntrId=9015C80AA908AE40
FF - ExtSQL: 2013-03-02 21:24; {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}; c:\program files\IB Updater\Firefox
FF - ExtSQL: 2013-03-14 11:27; myemoticons@myemoticons.com; c:\users\pc\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.6.1
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyTuWxvWg&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 9015fa99000000000000001e101fe70e
FF - user.js: extensions.incredibar_i.instlDay - 15701
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:04
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyTuWxvWg
FF - user.js: extensions.incredibar_i.upn2n - 92262411815394352
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 666661
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9015fa99000000000000001e101f8924&q=
FF - user.js: extensions.BabylonToolbar.id - 9015fa99000000000000001e101f8924
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15722
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.221:54
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=116988&tt=0313_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 9015fa99000000000000000000000000
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15797
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.012:28
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-784792315-1463112541-3058373257-1000\Software\Microsoft\Notification de cadeaux MSN]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-784792315-1463112541-3058373257-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):71,98,d4,ff,a0,c2,a2,e0,ff,1c,81,bc,43,8e,84,d0,af,de,14,bb,f2,
06,ef,89,91,44,71,ab,e6,34,14,1d,52,a6,3d,62,0b,a1,6f,76,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-784792315-1463112541-3058373257-1000_Classes\CLSID\{fb8b178f-ff02-4fe7-a815-74de7cdcb8d4}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000010c
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,75,07,18,dd,fb,11,42,94,27,b7,99,0d,2a,ba,05,1a,a2,02,c9,3e,9b,f9,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3024)
c:\program files\kingsoft\kingsoft antivirus\kwsui.dll
c:\program files\kingsoft\kingsoft antivirus\kswebshield.dll
c:\program files\kingsoft\kingsoft antivirus\ktaskbar.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2013-04-05 21:38:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-04-05 20:38
.
Avant-CF: 183 742 283 776 octets libres
Après-CF: 183 767 814 144 octets libres
.
- - End Of File - - 302C52B5871C06DD238339656621949E
0
Réponse 17 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
6 avril 2013 à 00:46
vraiment je vous remercie beaucoup cher ami
il parait que le problème est résolu parce que lors de plusieurs démarrages effectues le message n'a pas apparaît sur l'écran de mon pc
bravo bravo bravo
et désolé pour le dérangement
mais je veux connaitre quel était ce problème
0
Réponse 18 / 45
Utilisateur anonyme
6 avril 2013 à 07:57
bonjour,

ton pc n'est pas tiré d'affaire,

remets moi un nouveau zhpdiag s'il te plait !



0
Réponse 19 / 45
lotfi rx Messages postés 39 Date d'inscription lundi 18 mars 2013 Statut Membre Dernière intervention 29 janvier 2014 6
7 avril 2013 à 00:19
https://www.cjoint.com/?CDhaqJ2OHx0
0
Réponse 20 / 45
Utilisateur anonyme
7 avril 2013 à 08:51
tu as deux antivirus sur ton pc :

Avast et Kingsoft !

il faut en désinstaller un !!!


aide toi de ceci pour exporter la valeur de registre de cette clé :

https://toolslib.net




[HKLM\Software\HAL7600]

copie et colle le contenu dans ton prochain rapport!



/!\ Attention :
de plus en plus de programmes proposent l'installation des barres d'outils (Toolbars, case précochée), donc n'oublie pas de décocher la/les cases correspondantes pendant l'installation.

De plus de ceci, évite fortement les sites comme 01@net (en voie de guérison !) et Softonic, les logiciels gratuits et libres sont repackés avec leurs barres d'outils !



? Télécharger et enregistre ADWcleaner sur ton bureau (Merci à Xplode) :

https://toolslib.net


Lance le,

clique sur rechercher et poste son rapport.


0

Discussions similaires

La fameuse erreur critique "Kernel-Power"...
Zakkarof -
Ano -

13 réponses
NT Kernel & System
cactus83 -
Vince -

10 réponses
Erreurs Critique "kernel-power"
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Erreur Kernel-Power ID=41 (63)
Samlfv -
cs_PaTaTe -

10 réponses
Redemarrage fréquent : kernel power id 41 categorie 63
Eklips -
ZEUSSEIIDON -

12 réponses