Scribd Logo
Upload

Welcome to Scribd!

  • TDSSKiller.3.1.0.15 16.05.2017 13.00.29 Log

    Uploaded by

    moas moas1
    5 views16 pages
    TDSSKiller

    Original Title

    TDSSKiller.3.1.0.15_16.05.2017_13.00.29_log

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    TDSSKiller

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views16 pages

    TDSSKiller.3.1.0.15 16.05.2017 13.00.29 Log

    Uploaded by

    moas moas1
    TDSSKiller

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    13:00:30.0050 0x2358 TDSS rootkit removing tool 3.1.0.

    15 Apr 18 2017 11:34:02


    13:00:35.0986 0x2358 ============================================================
    13:00:35.0986 0x2358 Current date / time: 2017/05/16 13:00:35.0986
    13:00:35.0986 0x2358 SystemInfo:
    13:00:35.0986 0x2358
    13:00:35.0986 0x2358 OS Version: 10.0.14393 ServicePack: 0.0
    13:00:35.0986 0x2358 Product type: Workstation
    13:00:35.0986 0x2358 ComputerName: L-PC-PC
    13:00:35.0987 0x2358 UserName: MR CHOUATI
    13:00:35.0987 0x2358 Windows directory: C:\WINDOWS
    13:00:35.0987 0x2358 System windows directory: C:\WINDOWS
    13:00:35.0987 0x2358 Processor architecture: Intel x86
    13:00:35.0987 0x2358 Number of processors: 8
    13:00:35.0987 0x2358 Page size: 0x1000
    13:00:35.0987 0x2358 Boot type: Normal boot
    13:00:35.0987 0x2358 CodeIntegrityOptions = 0x00000202
    13:00:35.0987 0x2358 ============================================================
    13:00:41.0804 0x2358 KLMD registered as C:\WINDOWS\system32\drivers\82419412.sys
    13:00:41.0804 0x2358 KLMD ARK init status: drvProperties = 0xFFF00, osBuild =
    14393.1198, osProperties = 0x18
    13:00:42.0355 0x2358 System UUID: {D0227D63-2D4E-52B2-45B0-1A6BFE9BBEA0}
    13:00:42.0918 0x2358 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76
    Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F,
    TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:00:42.0939 0x2358 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 ( 232.89
    Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F,
    TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:00:42.0956 0x2358 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51
    Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F,
    TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:00:42.0980 0x2358 ============================================================
    13:00:42.0980 0x2358 \Device\Harddisk0\DR0:
    13:00:42.0980 0x2358 MBR partitions:
    13:00:42.0980 0x2358 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA
    0x800, BlocksNum 0x32000
    13:00:42.0980 0x2358 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA
    0x32800, BlocksNum 0x39F4F000
    13:00:42.0980 0x2358 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA
    0x39F81800, BlocksNum 0x400000
    13:00:42.0980 0x2358 \Device\Harddisk1\DR1:
    13:00:42.0981 0x2358 MBR partitions:
    13:00:42.0981 0x2358 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA
    0x3F, BlocksNum 0xC34F28D
    13:00:42.0991 0x2358 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA
    0xC34F30B, BlocksNum 0x10E713B5
    13:00:42.0991 0x2358 \Device\Harddisk2\DR2:
    13:00:42.0998 0x2358 MBR partitions:
    13:00:42.0998 0x2358 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA
    0x800, BlocksNum 0x74624800
    13:00:42.0998 0x2358 ============================================================
    13:00:43.0016 0x2358 C: <-> \Device\Harddisk2\DR2\Partition1
    13:00:43.0050 0x2358 D: <-> \Device\Harddisk0\DR0\Partition2
    13:00:43.0066 0x2358 E: <-> \Device\Harddisk1\DR1\Partition1
    13:00:43.0093 0x2358 F: <-> \Device\Harddisk1\DR1\Partition2
    13:00:43.0101 0x2358 G: <-> \Device\Harddisk0\DR0\Partition1
    13:00:43.0133 0x2358 H: <-> \Device\Harddisk0\DR0\Partition3
    13:00:43.0133 0x2358 ============================================================
    13:00:43.0133 0x2358 Initialize success
    13:00:43.0133 0x2358 ============================================================
    13:00:45.0060 0x18b8 ============================================================
    13:00:45.0060 0x18b8 Scan started
    13:00:45.0060 0x18b8 Mode: Manual;
    13:00:45.0060 0x18b8 ============================================================
    13:00:45.0060 0x18b8 KSN ping started
    13:00:54.0104 0x18b8 KSN ping finished: true
    13:01:01.0668 0x18b8 ================ Scan system memory ========================
    13:01:01.0668 0x18b8 System memory - ok
    13:01:01.0669 0x18b8 ================ Scan services =============================
    13:01:01.0803 0x18b8 1394ohci - ok
    13:01:01.0808 0x18b8 3ware - ok
    13:01:01.0817 0x18b8 ACPI - ok
    13:01:01.0822 0x18b8 AcpiDev - ok
    13:01:01.0827 0x18b8 acpiex - ok
    13:01:01.0832 0x18b8 acpipagr - ok
    13:01:01.0840 0x18b8 AcpiPmi - ok
    13:01:01.0846 0x18b8 acpitime - ok
    13:01:01.0984 0x18b8 [ 671133C0AC2D8B40B7574F69059653E9,
    A36CC49A0C829A5C4D6CF273791071213F5FFB57DC7022D523CFB731374FF63C ] AdobeARMservice
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    13:01:01.0989 0x18b8 AdobeARMservice - ok
    13:01:02.0084 0x18b8 [ E6A1D864EC90F4397DF5AB2633B34DD4,
    05F1B7291EBDD9CA1D74649C0DAFCBE5F2CF93E92C5CA16A8AC10B6DF83101A0 ]
    AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\
    FlashPlayerUpdateService.exe
    13:01:02.0095 0x18b8 AdobeFlashPlayerUpdateSvc - ok
    13:01:02.0128 0x18b8 ADP80XX - ok
    13:01:02.0138 0x18b8 AFD - ok
    13:01:02.0147 0x18b8 ahcache - ok
    13:01:02.0160 0x18b8 AJRouter - ok
    13:01:02.0207 0x18b8 [ F6C69673F1E73B6D649ECCAD1ED88DFB,
    5B3320888906C2E33FFA8212B5BCAD4EAAF20CA84DCEAB7B6E43400CD5659411 ] aksfridge
    C:\WINDOWS\system32\drivers\aksfridge.sys
    13:01:02.0304 0x18b8 aksfridge - ok
    13:01:02.0342 0x18b8 [ 111DB14FAFB7041137B3379949184F80,
    A6BD64468E6061623AAF7183598DA42DF476F38143C3290C14602417346E4958 ] akshasp
    C:\WINDOWS\system32\DRIVERS\akshasp.sys
    13:01:02.0360 0x18b8 akshasp - ok
    13:01:02.0425 0x18b8 [ C2A29547EE95923D60A7B15DE24B27A6,
    FCA19FB99AD7AAB9E492435DFBD696446CF5714A6B5746E5CF40727193BC5F9B ] aksusb
    C:\WINDOWS\system32\DRIVERS\aksusb.sys
    13:01:02.0436 0x18b8 aksusb - ok
    13:01:02.0460 0x18b8 ALG - ok
    13:01:02.0479 0x18b8 AmdK8 - ok
    13:01:02.0483 0x18b8 AmdPPM - ok
    13:01:02.0488 0x18b8 amdsata - ok
    13:01:02.0493 0x18b8 amdsbs - ok
    13:01:02.0497 0x18b8 amdxata - ok
    13:01:02.0505 0x18b8 AppID - ok
    13:01:02.0541 0x18b8 AppIDSvc - ok
    13:01:02.0572 0x18b8 Appinfo - ok
    13:01:02.0580 0x18b8 applockerfltr - ok
    13:01:02.0587 0x18b8 AppMgmt - ok
    13:01:02.0597 0x18b8 AppReadiness - ok
    13:01:02.0624 0x18b8 AppVClient - ok
    13:01:02.0649 0x18b8 AppvStrm - ok
    13:01:02.0697 0x18b8 AppvVemgr - ok
    13:01:02.0707 0x18b8 AppvVfs - ok
    13:01:02.0722 0x18b8 AppXSvc - ok
    13:01:02.0737 0x18b8 arcsas - ok
    13:01:02.0741 0x18b8 AsyncMac - ok
    13:01:02.0780 0x18b8 atapi - ok
    13:01:02.0811 0x18b8 AudioEndpointBuilder - ok
    13:01:02.0840 0x18b8 Audiosrv - ok
    13:01:02.0978 0x18b8 [ EB603F1E43D60C1D0BD189DE0503D1DC,
    493796D9D5AF92172FABEB5AE219C5A5908129469F1C197C6CC742AFB757A93D ] AVP
    C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\
    avp.exe
    13:01:02.0998 0x18b8 AVP - ok
    13:01:03.0046 0x18b8 [ 4DF456BD9A0BD51D7624BBEA20F318D1,
    68730FB1099C7547514AA745A21288E06ADE8AF591D7D989A3770387EBBEB97D ] avpsus
    C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\
    avpsus.exe
    13:01:03.0083 0x18b8 avpsus - ok
    13:01:03.0113 0x18b8 AxInstSV - ok
    13:01:03.0136 0x18b8 BasicDisplay - ok
    13:01:03.0139 0x18b8 BasicRender - ok
    13:01:03.0169 0x18b8 [ 045ED769BF5396D346FA7493F47DF811,
    D0A57A040E3B18AC3A5ED56BF2D26E334DA0381AB686CC3F0517953EC3F7B46D ] bcmfn
    C:\WINDOWS\System32\drivers\bcmfn.sys
    13:01:03.0336 0x18b8 bcmfn - ok
    13:01:03.0366 0x18b8 [ E4D6B5E5E5CD2606391220B156235692,
    4633C60BDA9FCB892054D4F338323A4C9E35915D1BF7571A38AC25D51C1BFBE5 ] bcmfn2
    C:\WINDOWS\System32\drivers\bcmfn2.sys
    13:01:03.0368 0x18b8 bcmfn2 - ok
    13:01:03.0407 0x18b8 BDESVC - ok
    13:01:03.0411 0x18b8 Beep - ok
    13:01:03.0422 0x18b8 BFE - ok
    13:01:03.0436 0x18b8 BITS - ok
    13:01:03.0440 0x18b8 bowser - ok
    13:01:03.0444 0x18b8 BrokerInfrastructure - ok
    13:01:03.0546 0x18b8 Browser - ok
    13:01:03.0562 0x18b8 BthAvrcpTg - ok
    13:01:03.0566 0x18b8 BthHFEnum - ok
    13:01:03.0571 0x18b8 bthhfhid - ok
    13:01:03.0586 0x18b8 BthHFSrv - ok
    13:01:03.0590 0x18b8 BTHMODEM - ok
    13:01:03.0605 0x18b8 bthserv - ok
    13:01:03.0663 0x18b8 buttonconverter - ok
    13:01:03.0700 0x18b8 CapImg - ok
    13:01:03.0704 0x18b8 cdfs - ok
    13:01:03.0746 0x18b8 CDPSvc - ok
    13:01:03.0751 0x18b8 CDPUserSvc - ok
    13:01:03.0786 0x18b8 cdrom - ok
    13:01:03.0835 0x18b8 CertPropSvc - ok
    13:01:03.0839 0x18b8 circlass - ok
    13:01:03.0864 0x18b8 CLFS - ok
    13:01:04.0086 0x18b8 [ BBB69AD032A40F17B0A1027E1E1C592C,
    B184A3AE0A721891B9F5190F32FD8CFF84E144FD60CB3C96E878B59AA99BCD47 ] ClickToRunSvc
    C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
    13:01:04.0126 0x18b8 ClickToRunSvc - ok
    13:01:04.0155 0x18b8 ClipSVC - ok
    13:01:04.0167 0x18b8 clreg - ok
    13:01:04.0227 0x18b8 clr_optimization_v2.0.50727_32 - ok
    13:01:04.0256 0x18b8 CmBatt - ok
    13:01:04.0267 0x18b8 CNG - ok
    13:01:04.0281 0x18b8 cnghwassist - ok
    13:01:04.0326 0x18b8 CompositeBus - ok
    13:01:04.0331 0x18b8 COMSysApp - ok
    13:01:04.0336 0x18b8 condrv - ok
    13:01:04.0381 0x18b8 CoreMessagingRegistrar - ok
    13:01:04.0443 0x18b8 [ 5EC2BA2CC5A8A501ED11724C1F26255F,
    5B21753CA38D244A8B29910FF508F72989E6CC35B429EDF0DFBDEE40532D58AC ] cphs
    C:\WINDOWS\system32\IntelCpHeciSvc.exe
    13:01:07.0200 0x18b8 cphs - ok
    13:01:07.0207 0x18b8 CryptSvc - ok
    13:01:07.0242 0x18b8 CSC - ok
    13:01:07.0274 0x18b8 CscService - ok
    13:01:07.0278 0x18b8 dam - ok
    13:01:07.0285 0x18b8 DcomLaunch - ok
    13:01:07.0290 0x18b8 DcpSvc - ok
    13:01:07.0348 0x18b8 defragsvc - ok
    13:01:07.0353 0x18b8 DeviceAssociationService - ok
    13:01:07.0394 0x18b8 DeviceInstall - ok
    13:01:07.0440 0x18b8 DevQueryBroker - ok
    13:01:07.0485 0x18b8 Dfsc - ok
    13:01:07.0513 0x18b8 [ 9B14E0CDCBA20819B650A0D167BC5C32,
    10E33A5FDEA55E636881C1939C083466B53F18554015783112A30DB341A092FA ] dg_ssudbus
    C:\WINDOWS\system32\DRIVERS\ssudbus.sys
    13:01:07.0861 0x18b8 dg_ssudbus - ok
    13:01:07.0914 0x18b8 Dhcp - ok
    13:01:08.0013 0x18b8 diagnosticshub.standardcollector.service - ok
    13:01:08.0048 0x18b8 DiagTrack - ok
    13:01:08.0128 0x18b8 [ 74415A7CFD6A5BB615062C5A5BEF6732,
    54F8392E8649310E76FA5208B0169DEB429FF5C65C926B35CCB27AF5502A541F ] Disc Soft Lite
    Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    13:01:08.0153 0x18b8 Disc Soft Lite Bus Service - ok
    13:01:08.0181 0x18b8 disk - ok
    13:01:08.0187 0x18b8 DmEnrollmentSvc - ok
    13:01:08.0189 0x18b8 dmvsc - ok
    13:01:08.0206 0x18b8 dmwappushservice - ok
    13:01:08.0240 0x18b8 Dnscache - ok
    13:01:08.0244 0x18b8 dot3svc - ok
    13:01:08.0246 0x18b8 DPS - ok
    13:01:08.0256 0x18b8 drmkaud - ok
    13:01:08.0259 0x18b8 DsmSvc - ok
    13:01:08.0279 0x18b8 DsSvc - ok
    13:01:08.0318 0x18b8 [ 8A32FF671D452D36CC7421171B78F939,
    E06CB58E561FA4B8E76763EE3D4443298906D661C4E63BAFA33103BAAB22AB9B ] dtlitescsibus
    C:\WINDOWS\System32\drivers\dtlitescsibus.sys
    13:01:08.0319 0x18b8 dtlitescsibus - ok
    13:01:08.0323 0x18b8 [ 0098B71A5D28FEAF321B4AC4549765D9,
    FE81E958261DDFA70559B7D8238527CE54C4C3D9D7AC8E0C796070E2705D18DA ] dtliteusbbus
    C:\WINDOWS\System32\drivers\dtliteusbbus.sys
    13:01:08.0325 0x18b8 dtliteusbbus - ok
    13:01:08.0352 0x18b8 DXGKrnl - ok
    13:01:08.0363 0x18b8 Eaphost - ok
    13:01:08.0371 0x18b8 EFS - ok
    13:01:08.0373 0x18b8 EhStorClass - ok
    13:01:08.0390 0x18b8 EhStorTcgDrv - ok
    13:01:08.0393 0x18b8 embeddedmode - ok
    13:01:08.0397 0x18b8 EntAppSvc - ok
    13:01:08.0412 0x18b8 eokamcwi - ok
    13:01:08.0423 0x18b8 ErrDev - ok
    13:01:08.0450 0x18b8 EventSystem - ok
    13:01:08.0452 0x18b8 exfat - ok
    13:01:08.0453 0x18b8 Suspicious service (NoAccess): Fakirato
    13:01:08.0478 0x18b8 fastfat - ok
    13:01:08.0486 0x18b8 Fax - ok
    13:01:08.0489 0x18b8 fdc - ok
    13:01:08.0492 0x18b8 fdPHost - ok
    13:01:08.0494 0x18b8 FDResPub - ok
    13:01:08.0547 0x18b8 fhsvc - ok
    13:01:08.0562 0x18b8 FileCrypt - ok
    13:01:08.0567 0x18b8 FileInfo - ok
    13:01:08.0572 0x18b8 Filetrace - ok
    13:01:08.0577 0x18b8 flpydisk - ok
    13:01:08.0582 0x18b8 FltMgr - ok
    13:01:08.0640 0x18b8 FontCache - ok
    13:01:08.0704 0x18b8 FontCache3.0.0.0 - ok
    13:01:08.0709 0x18b8 FrameServer - ok
    13:01:08.0740 0x18b8 FsDepends - ok
    13:01:08.0744 0x18b8 Fs_Rec - ok
    13:01:08.0749 0x18b8 fvevol - ok
    13:01:08.0754 0x18b8 gencounter - ok
    13:01:08.0758 0x18b8 genericusbfn - ok
    13:01:08.0860 0x18b8 [ 3467B3A097C3F80FE5BD2247FC7AD70B,
    3BB633127EB43DF49EA5020F1DF58FECB3563B1265B2E68033ED35CFD0AD9AAF ] GladFileMonSvc
    C:\Program Files\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
    13:01:08.0865 0x18b8 GladFileMonSvc - ok
    13:01:08.0898 0x18b8 GPIO - ok
    13:01:08.0903 0x18b8 GPIOClx0101 - ok
    13:01:08.0908 0x18b8 gpsvc - ok
    13:01:08.0912 0x18b8 GpuEnergyDrv - ok
    13:01:08.0964 0x18b8 [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4,
    51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdate
    C:\Program Files\Google\Update\GoogleUpdate.exe
    13:01:08.0977 0x18b8 gupdate - ok
    13:01:08.0985 0x18b8 [ 2D8BBF6C7241AAD9EDE7708EBB7B43A4,
    51AF8150C6CF738AF14F502E6BDAD1035773DD45980770E06393814B75259EF8 ] gupdatem
    C:\Program Files\Google\Update\GoogleUpdate.exe
    13:01:08.0989 0x18b8 gupdatem - ok
    13:01:09.0061 0x18b8 [ ABAB46B66364E934CC5BA9689562C379,
    4E61B52095678F459FDF60BA40C788AF972F29B406BF8E3405B004BEADAC7784 ] hardlock
    C:\WINDOWS\system32\drivers\hardlock.sys
    13:01:09.0078 0x18b8 hardlock - ok
    13:01:09.0081 0x18b8 hasplms - ok
    13:01:09.0085 0x18b8 HDAudBus - ok
    13:01:09.0087 0x18b8 HidBatt - ok
    13:01:09.0115 0x18b8 HidBth - ok
    13:01:09.0123 0x18b8 hidi2c - ok
    13:01:09.0125 0x18b8 hidinterrupt - ok
    13:01:09.0130 0x18b8 HidIr - ok
    13:01:09.0138 0x18b8 hidserv - ok
    13:01:09.0150 0x18b8 HidUsb - ok
    13:01:09.0160 0x18b8 HomeGroupListener - ok
    13:01:09.0164 0x18b8 HomeGroupProvider - ok
    13:01:09.0229 0x18b8 [ 53DCA61931847E35C950504BFB7559C6,
    3F57CE29B52D32F7061407B63C4A9786F5B623E9F9F1121B02182DE044110D08 ] HP LaserJet
    Service C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
    13:01:09.0236 0x18b8 HP LaserJet Service - ok
    13:01:09.0290 0x18b8 [ 0E0E87820BB4431B176A00FB95B5503F,
    91D35BEDEAEFA32F8B6A31318E70B954CFA1AFA74D02E3918FEF8135C82C57B3 ] hpqcaslwmiex
    C:\Program Files\HP\Shared\hpqwmiex.exe
    13:01:09.0311 0x18b8 hpqcaslwmiex - ok
    13:01:09.0331 0x18b8 HpSAMD - ok
    13:01:09.0363 0x18b8 [ 29D484B97EA0E4BD0AE85E23A7656021,
    C9366D7CD7C157711053EAF67661E688DF3A66995519ACEB31167B8392A7BCF6 ] HPSIService
    C:\WINDOWS\system32\HPSIsvc.exe
    13:01:09.0373 0x18b8 HPSIService - ok
    13:01:09.0458 0x18b8 [ 91ADA2CF99A0C28A231763E033FD6F98,
    80F6ABD22D018EBF5AC3FD5BEE941962B29B1517EACE0C7730C00D7DE17CEFAC ]
    HPSupportSolutionsFrameworkService C:\Program Files\Hewlett-Packard\HP Support
    Solutions\HPSupportSolutionsFrameworkService.exe
    13:01:09.0461 0x18b8 HPSupportSolutionsFrameworkService - ok
    13:01:09.0489 0x18b8 HTTP - ok
    13:01:09.0523 0x18b8 [ 4004657E385E6C714825EB9031ED2062,
    6AB3F3AE72B5939E5D551FBBAE1CDDA54CD63631685E311706FD2389B4F2BE56 ] HWiNFO32
    C:\WINDOWS\system32\drivers\HWiNFO32.SYS
    13:01:09.0526 0x18b8 HWiNFO32 - ok
    13:01:09.0531 0x18b8 hwpolicy - ok
    13:01:09.0536 0x18b8 hyperkbd - ok
    13:01:09.0546 0x18b8 i8042prt - ok
    13:01:09.0551 0x18b8 iagpio - ok
    13:01:09.0555 0x18b8 iai2c - ok
    13:01:09.0558 0x18b8 iaioi2c - ok
    13:01:09.0618 0x18b8 [ E64665E2A6CAEB52C8AE6E5EB6F3FD7C,
    3D123E673F334B47A7F90B6F462C0A3DF5684D51F6F87163F3F9D34CF5CAD62F ] iaStor
    C:\WINDOWS\system32\drivers\iaStor.sys
    13:01:09.0625 0x18b8 iaStor - ok
    13:01:09.0654 0x18b8 [ D20C95B7036A2188B881D0C9F09874EB,
    3D9189D3DAFC6D83EB5A76C9BEF0F3CEAFD730299EA33B276E6E85E562A6F68B ] iaStorA
    C:\WINDOWS\system32\drivers\iaStorA.sys
    13:01:09.0665 0x18b8 iaStorA - ok
    13:01:09.0690 0x18b8 iaStorAV - ok
    13:01:09.0730 0x18b8 [ 7D4B9A48430ED57ACA6373B71D5904CA,
    6ED72DAA7A4951142F036364E8F237E74246EF3E9EA089448DEF15380DAB0DB3 ] IAStorDataMgrSvc
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    13:01:09.0732 0x18b8 IAStorDataMgrSvc - ok
    13:01:09.0756 0x18b8 iaStorV - ok
    13:01:09.0768 0x18b8 icssvc - ok
    13:01:09.0871 0x18b8 [ CDAEA264A9D8E43C872530D2BE586BC8,
    87BB6545E0F96AFCEF2EDE7E5DFA18FED9CA7356079E17C6ACEFB4C41B67F15F ] igfx
    C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
    13:01:09.0916 0x18b8 igfx - ok
    13:01:09.0936 0x18b8 [ D94D51682D3BF160B3A981C5B68B8E36,
    98F508428F1D26293DA81AB13DF4E31CEBD21A9CC48FDB940302CBC9A9C71BFA ]
    igfxCUIService1.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
    13:01:09.0970 0x18b8 igfxCUIService1.0.0.0 - ok
    13:01:09.0980 0x18b8 IKEEXT - ok
    13:01:09.0990 0x18b8 IndirectKmd - ok
    13:01:10.0019 0x18b8 [ FCD13F042C9B4232C515FAB76D42EA74,
    E9A9A3FEFFFA6600F713BB484CDA7495223F22C9D61F2D7FFF3F312A1DCC1D58 ]
    intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
    13:01:10.0021 0x18b8 intaud_WaveExtensible - ok
    13:01:10.0038 0x18b8 intelide - ok
    13:01:10.0040 0x18b8 intelpep - ok
    13:01:10.0042 0x18b8 intelppm - ok
    13:01:10.0063 0x18b8 iorate - ok
    13:01:10.0066 0x18b8 IpFilterDriver - ok
    13:01:10.0100 0x18b8 iphlpsvc - ok
    13:01:10.0127 0x18b8 IPMIDRV - ok
    13:01:10.0131 0x18b8 IPNAT - ok
    13:01:10.0136 0x18b8 irda - ok
    13:01:10.0141 0x18b8 IRENUM - ok
    13:01:10.0168 0x18b8 irmon - ok
    13:01:10.0182 0x18b8 isapnp - ok
    13:01:10.0194 0x18b8 iScsiPrt - ok
    13:01:10.0221 0x18b8 [ 9CA4F56C74B45DAFC72BBD33F784D3AE,
    0EA0F89F719D780DF1B3F74CAFE66DEBC4A0CCB35DC38A9CB41CBC301F4B14F6 ] iwdbus
    C:\WINDOWS\System32\drivers\iwdbus.sys
    13:01:10.0225 0x18b8 iwdbus - ok
    13:01:10.0241 0x18b8 kbdclass - ok
    13:01:10.0266 0x18b8 kbdhid - ok
    13:01:10.0295 0x18b8 kdnic - ok
    13:01:10.0299 0x18b8 KeyIso - ok
    13:01:10.0359 0x18b8 [ B1DE832A8D46E3AB591EFE7BBD343338,
    7348C26900CA9051BAA77E6D13071898CFD2DC973104AF725F3E8446EBD1BBB6 ] kl1
    C:\WINDOWS\system32\DRIVERS\kl1.sys
    13:01:10.0366 0x18b8 kl1 - ok
    13:01:10.0377 0x18b8 [ 0D90922B2DCBABFD08E9921407183666,
    7930A97FD801C559B8A053A1FA55B57A358BDBC353D12AF40E6C8745C33BB70D ] klelam
    C:\WINDOWS\system32\DRIVERS\klelam.sys
    13:01:10.0380 0x18b8 klelam - ok
    13:01:10.0388 0x18b8 [ CD5DEEF26EA09BF60D674B87FF718E16,
    158E5952628C246AC3900AD4776E4D477E6E4A758E41B693542C6833C505D3B3 ] klflt
    C:\WINDOWS\system32\DRIVERS\klflt.sys
    13:01:10.0392 0x18b8 klflt - ok
    13:01:10.0397 0x18b8 [ F8DB27F3F8DB9E0F78265AA6E2513329,
    87A3C6A9CDF4B829274B6293407C3DB85DE0902E89560C091DF6B2F7770E9815 ] KLFLTDEV
    C:\WINDOWS\system32\DRIVERS\klfltdev.sys
    13:01:10.0400 0x18b8 KLFLTDEV - ok
    13:01:10.0420 0x18b8 [ 6931F6444906EB90C34393E3692E59E4,
    6600F106244B7DD65EEBE54FE017D1F0CF2E11E358BAF5A67B67A47CE1A9F52D ] KLIF
    C:\WINDOWS\system32\DRIVERS\klif.sys
    13:01:10.0434 0x18b8 KLIF - ok
    13:01:10.0440 0x18b8 [ 451A11DFEA07E3BF604F3EBE125AFEF1,
    5B04C75C34A1AA7F69EC4BB6BD8602B101CE135EDBB65274889B3579554C0985 ] KLIM6
    C:\WINDOWS\system32\DRIVERS\klim6.sys
    13:01:10.0442 0x18b8 KLIM6 - ok
    13:01:10.0454 0x18b8 [ 85CABAEB5FC4175A53DEB9B45DD5B21B,
    23BD08B6727D78F860E22660C14E81EB51D9F918FFAB20497B5147336D128F86 ] klwfp
    C:\WINDOWS\system32\DRIVERS\klwfp.sys
    13:01:10.0457 0x18b8 klwfp - ok
    13:01:10.0471 0x18b8 [ 205A525FCE8B96F57751480E72B1EC83,
    1E8A7ABB2FE3F472A9E2AF1B32F52F2FE73685A76F7E3D9B7388931896F9CF34 ] kneps
    C:\WINDOWS\system32\DRIVERS\kneps.sys
    13:01:10.0476 0x18b8 kneps - ok
    13:01:10.0479 0x18b8 KSecDD - ok
    13:01:10.0502 0x18b8 KSecPkg - ok
    13:01:10.0508 0x18b8 KtmRm - ok
    13:01:10.0546 0x18b8 L1C - ok
    13:01:10.0576 0x18b8 LanmanServer - ok
    13:01:10.0581 0x18b8 LanmanWorkstation - ok
    13:01:10.0593 0x18b8 lfsvc - ok
    13:01:10.0598 0x18b8 LicenseManager - ok
    13:01:10.0606 0x18b8 lltdio - ok
    13:01:10.0610 0x18b8 lltdsvc - ok
    13:01:10.0624 0x18b8 lmhosts - ok
    13:01:10.0632 0x18b8 LSI_SAS - ok
    13:01:10.0640 0x18b8 LSI_SAS2i - ok
    13:01:10.0643 0x18b8 LSI_SAS3i - ok
    13:01:10.0647 0x18b8 LSI_SSS - ok
    13:01:10.0659 0x18b8 LSM - ok
    13:01:10.0662 0x18b8 luafv - ok
    13:01:10.0674 0x18b8 MapsBroker - ok
    13:01:10.0678 0x18b8 megasas - ok
    13:01:10.0690 0x18b8 megasas2i - ok
    13:01:10.0696 0x18b8 megasr - ok
    13:01:10.0726 0x18b8 [ F053F1D48C8A92BDFA72654D0DCDF5AB,
    A9FD181ECCAD08118DA39D59158171C8D1D9BF67285D6766D2DA03B861CAD512 ] MEI
    C:\WINDOWS\System32\drivers\HECI.sys
    13:01:10.0734 0x18b8 MEI - ok
    13:01:10.0735 0x18b8 Suspicious service (NoAccess): Merci
    13:01:10.0748 0x18b8 [ 3464F5D6093554C7CD8B56D17C026C36,
    1E752603A3E2BB5E46586F92F4825133437044EAFFD2B853000F18920BF40FD4 ] Merci
    C:\WINDOWS\System32\Merci.sys
    13:01:11.0398 0x18b8 Merci - detected LockedService.Multi.Generic ( 1 )
    13:01:20.0274 0x18b8 Merci ( LockedService.Multi.Generic ) - warning
    13:01:20.0274 0x18b8 Force sending object to P2P due to detect: Merci
    13:01:25.0534 0x18b8 Object send P2P result: true
    13:01:36.0236 0x18b8 MessagingService - ok
    13:01:36.0261 0x18b8 MMCSS - ok
    13:01:36.0287 0x18b8 Modem - ok
    13:01:36.0295 0x18b8 monitor - ok
    13:01:36.0305 0x18b8 mouclass - ok
    13:01:36.0310 0x18b8 mouhid - ok
    13:01:36.0315 0x18b8 mountmgr - ok
    13:01:36.0366 0x18b8 [ 260DB638038D0D9ACCBFCA9F2BF9B692,
    68B9454D1E10A5A710AA3F823C7EAF2E8F3DDF5534262AC289BF454FC829B0B7 ]
    MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\
    maintenanceservice.exe
    13:01:36.0452 0x18b8 MozillaMaintenance - ok
    13:01:36.0455 0x18b8 mpsdrv - ok
    13:01:36.0477 0x18b8 MpsSvc - ok
    13:01:36.0485 0x18b8 MRxDAV - ok
    13:01:36.0491 0x18b8 mrxsmb - ok
    13:01:36.0517 0x18b8 mrxsmb10 - ok
    13:01:36.0540 0x18b8 mrxsmb20 - ok
    13:01:36.0546 0x18b8 MsBridge - ok
    13:01:36.0551 0x18b8 MSDTC - ok
    13:01:36.0557 0x18b8 Msfs - ok
    13:01:36.0564 0x18b8 msgpiowin32 - ok
    13:01:36.0566 0x18b8 mshidkmdf - ok
    13:01:36.0569 0x18b8 mshidumdf - ok
    13:01:36.0571 0x18b8 msisadrv - ok
    13:01:36.0587 0x18b8 MSiSCSI - ok
    13:01:36.0589 0x18b8 msiserver - ok
    13:01:36.0601 0x18b8 MSKSSRV - ok
    13:01:36.0603 0x18b8 MsLldp - ok
    13:01:36.0605 0x18b8 MSPCLOCK - ok
    13:01:36.0607 0x18b8 MSPQM - ok
    13:01:36.0610 0x18b8 MsRPC - ok
    13:01:36.0613 0x18b8 MsSecFlt - ok
    13:01:36.0616 0x18b8 mssmbios - ok
    13:01:36.0618 0x18b8 MSTEE - ok
    13:01:36.0621 0x18b8 MTConfig - ok
    13:01:36.0623 0x18b8 Mup - ok
    13:01:36.0626 0x18b8 mvumis - ok
    13:01:36.0659 0x18b8 [ BA574D2ECDDE374AE2BDFAC0BDA8AAD0,
    EA1D4AC8ADF0533CD7D92A26E268F21746B22509B12C19CDBBE40F384C3553F2 ] mvusbews
    C:\WINDOWS\System32\Drivers\mvusbews.sys
    13:01:36.0661 0x18b8 mvusbews - ok
    13:01:36.0665 0x18b8 NativeWifiP - ok
    13:01:36.0691 0x18b8 NcaSvc - ok
    13:01:36.0703 0x18b8 NcbService - ok
    13:01:36.0705 0x18b8 NcdAutoSetup - ok
    13:01:36.0715 0x18b8 NDIS - ok
    13:01:36.0719 0x18b8 NdisCap - ok
    13:01:36.0744 0x18b8 NdisImPlatform - ok
    13:01:36.0749 0x18b8 NdisTapi - ok
    13:01:36.0777 0x18b8 Ndisuio - ok
    13:01:36.0789 0x18b8 NdisVirtualBus - ok
    13:01:36.0793 0x18b8 NdisWan - ok
    13:01:36.0798 0x18b8 ndiswanlegacy - ok
    13:01:36.0804 0x18b8 ndproxy - ok
    13:01:36.0812 0x18b8 Ndu - ok
    13:01:36.0817 0x18b8 NetAdapterCx - ok
    13:01:36.0821 0x18b8 NetBIOS - ok
    13:01:36.0827 0x18b8 NetBT - ok
    13:01:36.0830 0x18b8 Netlogon - ok
    13:01:36.0840 0x18b8 Netman - ok
    13:01:36.0843 0x18b8 netprofm - ok
    13:01:36.0858 0x18b8 NetSetupSvc - ok
    13:01:36.0920 0x18b8 NetTcpPortSharing - ok
    13:01:36.0966 0x18b8 NgcCtnrSvc - ok
    13:01:36.0969 0x18b8 NgcSvc - ok
    13:01:36.0996 0x18b8 NlaSvc - ok
    13:01:37.0000 0x18b8 Npfs - ok
    13:01:37.0014 0x18b8 npsvctrig - ok
    13:01:37.0019 0x18b8 nsi - ok
    13:01:37.0023 0x18b8 nsiproxy - ok
    13:01:37.0030 0x18b8 NTFS - ok
    13:01:37.0034 0x18b8 Null - ok
    13:01:37.0058 0x18b8 nvraid - ok
    13:01:37.0069 0x18b8 nvstor - ok
    13:01:37.0098 0x18b8 OneSyncSvc - ok
    13:01:37.0208 0x18b8 [ 5B32D0B4376B02DA2DCFC8C521D66A11,
    7442DA396874D01015345930ABB5986F66538CE80F06EA4758131E75954DBAF8 ] ose
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    13:01:37.0217 0x18b8 ose - ok
    13:01:37.0244 0x18b8 p2pimsvc - ok
    13:01:37.0248 0x18b8 p2psvc - ok
    13:01:37.0252 0x18b8 Parport - ok
    13:01:37.0261 0x18b8 partmgr - ok
    13:01:37.0272 0x18b8 Parvdm - ok
    13:01:37.0285 0x18b8 PcaSvc - ok
    13:01:37.0295 0x18b8 pci - ok
    13:01:37.0327 0x18b8 pciide - ok
    13:01:37.0332 0x18b8 pcmcia - ok
    13:01:37.0336 0x18b8 pcw - ok
    13:01:37.0341 0x18b8 pdc - ok
    13:01:37.0450 0x18b8 [ 95C46571BE9C33537652D1B1A7F5F5F5,
    93D24E634448FF6B1BF13482E6D818DC1E719ADA232C66FD409A1B819E5B5661 ] PDFProFiltSrv
    C:\Program Files\Nuance\PDF Create 8\PDFProFiltSrv.exe
    13:01:37.0480 0x18b8 PDFProFiltSrv - ok
    13:01:37.0488 0x18b8 PEAuth - ok
    13:01:37.0492 0x18b8 PeerDistSvc - ok
    13:01:37.0497 0x18b8 percsas2i - ok
    13:01:37.0502 0x18b8 percsas3i - ok
    13:01:37.0521 0x18b8 PhoneSvc - ok
    13:01:37.0536 0x18b8 PimIndexMaintenanceSvc - ok
    13:01:37.0544 0x18b8 pla - ok
    13:01:37.0551 0x18b8 PlugPlay - ok
    13:01:37.0554 0x18b8 PNRPAutoReg - ok
    13:01:37.0557 0x18b8 PNRPsvc - ok
    13:01:37.0562 0x18b8 PolicyAgent - ok
    13:01:37.0567 0x18b8 Power - ok
    13:01:37.0577 0x18b8 PptpMiniport - ok
    13:01:37.0669 0x18b8 [ 77B206DEF8F27F394473E02DEF76BE92,
    26DDB71DA2869B2C799E987E8A25A1D950FABDCBCFB9C40480062AE7558B4133 ] PrintNotify
    C:\WINDOWS\system32\spool\drivers\W32X86\3\PrintConfig.dll
    13:01:37.0711 0x18b8 PrintNotify - ok
    13:01:37.0741 0x18b8 Processor - ok
    13:01:37.0750 0x18b8 ProfSvc - ok
    13:01:37.0752 0x18b8 Psched - ok
    13:01:37.0762 0x18b8 QWAVE - ok
    13:01:37.0772 0x18b8 QWAVEdrv - ok
    13:01:37.0892 0x18b8 [ 8F97D374AD1857E1EED85A79F29A1D3D,
    4B2D1DBB60C0890E3CB497F534D8DE74952AF8774579B62B0F4ED14912CA583C ] RapiMgr
    C:\WINDOWS\WindowsMobile\rapimgr.dll
    13:01:37.0899 0x18b8 RapiMgr - ok
    13:01:37.0935 0x18b8 RasAcd - ok
    13:01:37.0978 0x18b8 RasAgileVpn - ok
    13:01:37.0990 0x18b8 RasAuto - ok
    13:01:37.0994 0x18b8 Rasl2tp - ok
    13:01:38.0005 0x18b8 RasMan - ok
    13:01:38.0017 0x18b8 RasPppoe - ok
    13:01:38.0022 0x18b8 RasSstp - ok
    13:01:38.0026 0x18b8 rdbss - ok
    13:01:38.0050 0x18b8 rdpbus - ok
    13:01:38.0053 0x18b8 RDPDR - ok
    13:01:38.0090 0x18b8 RdpVideoMiniport - ok
    13:01:38.0098 0x18b8 rdyboost - ok
    13:01:38.0235 0x18b8 [ 4E1AD0DF1100880CA800272EE474C7D1,
    31763DE1AC60AB7B04F87C57277C213B49F7EEB44A908AA2CF1D93796EA65071 ]
    RealPlayerUpdateSvc C:\Program Files\Real\UpdateService\RealPlayerUpdateSvc.exe
    13:01:38.0238 0x18b8 RealPlayerUpdateSvc - ok
    13:01:38.0380 0x18b8 [ 1B578EBD5A6557688DD082EDFD2E3FA9,
    3DDC03724A34761C194168BB0C74E6D30757AB44C0E8987C1D6AB5415D3FF45A ] RealTimes
    Desktop Service C:\Program Files\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    13:01:38.0396 0x18b8 RealTimes Desktop Service - ok
    13:01:38.0421 0x18b8 RemoteAccess - ok
    13:01:38.0430 0x18b8 RemoteRegistry - ok
    13:01:38.0455 0x18b8 RetailDemo - ok
    13:01:38.0479 0x18b8 RmSvc - ok
    13:01:38.0491 0x18b8 RpcEptMapper - ok
    13:01:38.0501 0x18b8 RpcLocator - ok
    13:01:38.0513 0x18b8 RpcSs - ok
    13:01:38.0523 0x18b8 rspndr - ok
    13:01:38.0532 0x18b8 s3cap - ok
    13:01:38.0534 0x18b8 SamSs - ok
    13:01:38.0549 0x18b8 sbp2port - ok
    13:01:38.0595 0x18b8 SCardSvr - ok
    13:01:38.0634 0x18b8 [ 51EC343E322DD43C6BE884F1CDA4CA38,
    F2EA8811A1D67E7BD20137EEC144F2C634173435BAD3F7214B104D2498923FE9 ] SCDEmu
    C:\WINDOWS\system32\drivers\SCDEmu.sys
    13:01:38.0641 0x18b8 SCDEmu - ok
    13:01:38.0667 0x18b8 ScDeviceEnum - ok
    13:01:38.0696 0x18b8 scfilter - ok
    13:01:38.0701 0x18b8 Schedule - ok
    13:01:38.0706 0x18b8 SCPolicySvc - ok
    13:01:38.0731 0x18b8 sdbus - ok
    13:01:38.0738 0x18b8 SDRSVC - ok
    13:01:38.0744 0x18b8 sdstor - ok
    13:01:38.0750 0x18b8 seclogon - ok
    13:01:38.0760 0x18b8 SENS - ok
    13:01:38.0813 0x18b8 Sense - ok
    13:01:38.0822 0x18b8 SensorDataService - ok
    13:01:38.0827 0x18b8 SensorService - ok
    13:01:38.0831 0x18b8 SensrSvc - ok
    13:01:38.0834 0x18b8 SerCx - ok
    13:01:38.0838 0x18b8 SerCx2 - ok
    13:01:38.0843 0x18b8 Serenum - ok
    13:01:38.0848 0x18b8 Serial - ok
    13:01:38.0854 0x18b8 sermouse - ok
    13:01:38.0865 0x18b8 SessionEnv - ok
    13:01:38.0868 0x18b8 sfloppy - ok
    13:01:38.0905 0x18b8 SharedAccess - ok
    13:01:38.0918 0x18b8 ShellHWDetection - ok
    13:01:38.0945 0x18b8 shpamsvc - ok
    13:01:38.0966 0x18b8 SiSRaid2 - ok
    13:01:38.0970 0x18b8 SiSRaid4 - ok
    13:01:38.0975 0x18b8 smphost - ok
    13:01:38.0984 0x18b8 SmsRouter - ok
    13:01:38.0993 0x18b8 SNMPTRAP - ok
    13:01:39.0008 0x18b8 spaceport - ok
    13:01:39.0013 0x18b8 SpbCx - ok
    13:01:39.0019 0x18b8 Spooler - ok
    13:01:39.0022 0x18b8 sppsvc - ok
    13:01:39.0065 0x18b8 srv - ok
    13:01:39.0068 0x18b8 srv2 - ok
    13:01:39.0071 0x18b8 srvnet - ok
    13:01:39.0107 0x18b8 SSDPSRV - ok
    13:01:39.0116 0x18b8 SstpSvc - ok
    13:01:39.0167 0x18b8 [ 316B2240ED52450C453DB8876B945882,
    2019018318E9440C3AC598453B64B47ACAA94394DD42037E9B45BA3229E4ED7F ] ssudmdm
    C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
    13:01:39.0174 0x18b8 ssudmdm - ok
    13:01:39.0256 0x18b8 [ 46826B02C346D48A62FF11882AF662BB,
    DE8FAD3E99D0E90CE8ABA15D604CF1E80F16C9E4B92F1A41A63D56CF7D96A414 ] ss_conn_service
    C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    13:01:39.0270 0x18b8 ss_conn_service - ok
    13:01:39.0343 0x18b8 [ 158715A64FEF3D1040E434C8763A9898,
    02118C9A3A1B4319F9A65F904EDD8CEF1F93104CEDA938216915E4DB96009FB7 ] STacSV
    C:\Program Files\IDT\WDM\STacSV.exe
    13:01:39.0357 0x18b8 STacSV - ok
    13:01:39.0425 0x18b8 StateRepository - ok
    13:01:39.0458 0x18b8 stexstor - ok
    13:01:39.0500 0x18b8 [ C96B8F59F1714AE2FFFC84D49E4EFE3C,
    9B40CC80790B75E02B50666D02FC86B257E55740A8FA8A1EC78739F66609E806 ] STHDA
    C:\WINDOWS\system32\DRIVERS\stwrt.sys
    13:01:39.0547 0x18b8 STHDA - ok
    13:01:39.0579 0x18b8 StiSvc - ok
    13:01:39.0608 0x18b8 storahci - ok
    13:01:39.0613 0x18b8 storflt - ok
    13:01:39.0618 0x18b8 stornvme - ok
    13:01:39.0623 0x18b8 storqosflt - ok
    13:01:39.0637 0x18b8 StorSvc - ok
    13:01:39.0642 0x18b8 storufs - ok
    13:01:39.0646 0x18b8 storvsc - ok
    13:01:39.0658 0x18b8 svsvc - ok
    13:01:39.0661 0x18b8 swenum - ok
    13:01:39.0664 0x18b8 swprv - ok
    13:01:39.0668 0x18b8 Synth3dVsc - ok
    13:01:39.0674 0x18b8 SysMain - ok
    13:01:39.0684 0x18b8 SystemEventsBroker - ok
    13:01:39.0695 0x18b8 TabletInputService - ok
    13:01:39.0698 0x18b8 TapiSrv - ok
    13:01:39.0709 0x18b8 Tcpip - ok
    13:01:39.0712 0x18b8 Tcpip6 - ok
    13:01:39.0717 0x18b8 tcpipreg - ok
    13:01:39.0721 0x18b8 tdx - ok
    13:01:39.0724 0x18b8 terminpt - ok
    13:01:39.0728 0x18b8 TermService - ok
    13:01:39.0741 0x18b8 Themes - ok
    13:01:39.0754 0x18b8 TieringEngineService - ok
    13:01:39.0757 0x18b8 tiledatamodelsvc - ok
    13:01:39.0758 0x18b8 TimeBrokerSvc - ok
    13:01:39.0761 0x18b8 TPM - ok
    13:01:39.0763 0x18b8 TrkWks - ok
    13:01:39.0793 0x18b8 TrustedInstaller - ok
    13:01:39.0815 0x18b8 TsUsbFlt - ok
    13:01:39.0823 0x18b8 TsUsbGD - ok
    13:01:39.0825 0x18b8 tsusbhub - ok
    13:01:39.0828 0x18b8 tunnel - ok
    13:01:39.0857 0x18b8 tzautoupdate - ok
    13:01:39.0891 0x18b8 UASPStor - ok
    13:01:39.0896 0x18b8 UcmCx0101 - ok
    13:01:39.0902 0x18b8 UcmTcpciCx0101 - ok
    13:01:39.0908 0x18b8 UcmUcsi - ok
    13:01:39.0913 0x18b8 Ucx01000 - ok
    13:01:39.0918 0x18b8 UdeCx - ok
    13:01:39.0923 0x18b8 udfs - ok
    13:01:39.0931 0x18b8 UEFI - ok
    13:01:39.0936 0x18b8 UevAgentDriver - ok
    13:01:39.0943 0x18b8 UevAgentService - ok
    13:01:39.0946 0x18b8 Ufx01000 - ok
    13:01:39.0950 0x18b8 UfxChipidea - ok
    13:01:39.0952 0x18b8 ufxsynopsys - ok
    13:01:39.0957 0x18b8 UI0Detect - ok
    13:01:39.0960 0x18b8 umbus - ok
    13:01:39.0963 0x18b8 UmPass - ok
    13:01:39.0966 0x18b8 UmRdpService - ok
    13:01:39.0976 0x18b8 UnistoreSvc - ok
    13:01:40.0005 0x18b8 upnphost - ok
    13:01:40.0009 0x18b8 UrsChipidea - ok
    13:01:40.0016 0x18b8 UrsCx01000 - ok
    13:01:40.0021 0x18b8 UrsSynopsys - ok
    13:01:40.0026 0x18b8 usbccgp - ok
    13:01:40.0031 0x18b8 usbcir - ok
    13:01:40.0036 0x18b8 usbehci - ok
    13:01:40.0039 0x18b8 usbhub - ok
    13:01:40.0042 0x18b8 USBHUB3 - ok
    13:01:40.0044 0x18b8 usbohci - ok
    13:01:40.0047 0x18b8 usbprint - ok
    13:01:40.0050 0x18b8 usbser - ok
    13:01:40.0053 0x18b8 USBSTOR - ok
    13:01:40.0055 0x18b8 usbuhci - ok
    13:01:40.0057 0x18b8 USBXHCI - ok
    13:01:40.0083 0x18b8 UserDataSvc - ok
    13:01:40.0113 0x18b8 UserManager - ok
    13:01:40.0120 0x18b8 UsoSvc - ok
    13:01:40.0125 0x18b8 VaultSvc - ok
    13:01:40.0130 0x18b8 vdrvroot - ok
    13:01:40.0156 0x18b8 vds - ok
    13:01:40.0161 0x18b8 VerifierExt - ok
    13:01:40.0166 0x18b8 vhdmp - ok
    13:01:40.0171 0x18b8 vhf - ok
    13:01:40.0178 0x18b8 ViaC7 - ok
    13:01:40.0184 0x18b8 vmbus - ok
    13:01:40.0187 0x18b8 VMBusHID - ok
    13:01:40.0191 0x18b8 vmgid - ok
    13:01:40.0196 0x18b8 vmicguestinterface - ok
    13:01:40.0199 0x18b8 vmicheartbeat - ok
    13:01:40.0203 0x18b8 vmickvpexchange - ok
    13:01:40.0206 0x18b8 vmicrdv - ok
    13:01:40.0209 0x18b8 vmicshutdown - ok
    13:01:40.0213 0x18b8 vmictimesync - ok
    13:01:40.0216 0x18b8 vmicvmsession - ok
    13:01:40.0218 0x18b8 vmicvss - ok
    13:01:40.0221 0x18b8 volmgr - ok
    13:01:40.0223 0x18b8 volmgrx - ok
    13:01:40.0226 0x18b8 volsnap - ok
    13:01:40.0229 0x18b8 volume - ok
    13:01:40.0232 0x18b8 vpnva - ok
    13:01:40.0235 0x18b8 vsmraid - ok
    13:01:40.0242 0x18b8 VSS - ok
    13:01:40.0245 0x18b8 VSTXRAID - ok
    13:01:40.0250 0x18b8 vwifibus - ok
    13:01:40.0253 0x18b8 vwififlt - ok
    13:01:40.0262 0x18b8 W32Time - ok
    13:01:40.0265 0x18b8 WacomPen - ok
    13:01:40.0273 0x18b8 WalletService - ok
    13:01:40.0275 0x18b8 wanarp - ok
    13:01:40.0278 0x18b8 wanarpv6 - ok
    13:01:40.0285 0x18b8 wbengine - ok
    13:01:40.0294 0x18b8 WbioSrvc - ok
    13:01:40.0378 0x18b8 [ 59E19BD13C3BDB857646B9E436BA27F7,
    CC84C607E15F5F29D93510387D5486BAF320BDAF79026A0BECE0D242F7B1DF3E ] WcesComm
    C:\WINDOWS\WindowsMobile\wcescomm.dll
    13:01:40.0391 0x18b8 WcesComm - ok
    13:01:40.0416 0x18b8 wcifs - ok
    13:01:40.0419 0x18b8 Wcmsvc - ok
    13:01:40.0422 0x18b8 wcncsvc - ok
    13:01:40.0457 0x18b8 wcnfs - ok
    13:01:40.0462 0x18b8 WdBoot - ok
    13:01:40.0468 0x18b8 Wdf01000 - ok
    13:01:40.0473 0x18b8 WdFilter - ok
    13:01:40.0479 0x18b8 WdiServiceHost - ok
    13:01:40.0484 0x18b8 WdiSystemHost - ok
    13:01:40.0488 0x18b8 wdiwifi - ok
    13:01:40.0492 0x18b8 WdNisDrv - ok
    13:01:40.0516 0x18b8 WdNisSvc - ok
    13:01:40.0520 0x18b8 WebClient - ok
    13:01:40.0524 0x18b8 Wecsvc - ok
    13:01:40.0552 0x18b8 WEPHOSTSVC - ok
    13:01:40.0556 0x18b8 wercplsupport - ok
    13:01:40.0559 0x18b8 WerSvc - ok
    13:01:40.0562 0x18b8 WFPLWFS - ok
    13:01:40.0567 0x18b8 WiaRpc - ok
    13:01:40.0577 0x18b8 WIMMount - ok
    13:01:40.0579 0x18b8 WinDefend - ok
    13:01:40.0591 0x18b8 WindowsTrustedRT - ok
    13:01:40.0593 0x18b8 WindowsTrustedRTProxy - ok
    13:01:40.0606 0x18b8 WinHttpAutoProxySvc - ok
    13:01:40.0640 0x18b8 winmgmt - ok
    13:01:40.0672 0x18b8 WinRM - ok
    13:01:40.0683 0x18b8 WINUSB - ok
    13:01:40.0692 0x18b8 wisvc - ok
    13:01:40.0706 0x18b8 Wlansvc - ok
    13:01:40.0711 0x18b8 wlidsvc - ok
    13:01:40.0718 0x18b8 WmiAcpi - ok
    13:01:40.0727 0x18b8 wmiApSrv - ok
    13:01:40.0779 0x18b8 WMPNetworkSvc - ok
    13:01:40.0803 0x18b8 Wof - ok
    13:01:40.0840 0x18b8 workfolderssvc - ok
    13:01:40.0859 0x18b8 WPDBusEnum - ok
    13:01:40.0908 0x18b8 WpdUpFltr - ok
    13:01:40.0938 0x18b8 WpnService - ok
    13:01:40.0942 0x18b8 WpnUserService - ok
    13:01:40.0948 0x18b8 ws2ifsl - ok
    13:01:41.0054 0x18b8 [ E0A69AAB9D8F6EFDAD11AE261E3FE986,
    BD2B75A0A73636396F1556A8E153D994F75E4DC776B8FD1B1C73C5F2BF72FD79 ] WsAppService
    C:\Program Files\Wondershare\WAF\2.4.2.223\WsAppService.exe
    13:01:41.0069 0x18b8 WsAppService - ok
    13:01:41.0094 0x18b8 wscsvc - ok
    13:01:41.0143 0x18b8 WSDPrintDevice - ok
    13:01:41.0292 0x18b8 [ 16D3BC2534CDB7505049702713967E32,
    72AA025AB49FC07B0D065DE075865F5B601EBD930B1052317D46367B540B9EDA ] WsDrvInst
    C:\Program Files\Wondershare\dr.fone toolkit pour Android\Library\DriverInstaller\
    DriverInstall.exe
    13:01:41.0298 0x18b8 WsDrvInst - ok
    13:01:41.0303 0x18b8 WSearch - ok
    13:01:41.0340 0x18b8 wuauserv - ok
    13:01:41.0346 0x18b8 WudfPf - ok
    13:01:41.0357 0x18b8 WUDFRd - ok
    13:01:41.0368 0x18b8 wudfsvc - ok
    13:01:41.0373 0x18b8 WUDFWpdFs - ok
    13:01:41.0379 0x18b8 WUDFWpdMtp - ok
    13:01:41.0395 0x18b8 WwanSvc - ok
    13:01:41.0401 0x18b8 XblAuthManager - ok
    13:01:41.0424 0x18b8 XblGameSave - ok
    13:01:41.0427 0x18b8 xboxgip - ok
    13:01:41.0449 0x18b8 XboxNetApiSvc - ok
    13:01:41.0454 0x18b8 xinputhid - ok
    13:01:41.0460 0x18b8 ================ Scan global ===============================
    13:01:41.0550 0x18b8 [ Global ] - ok
    13:01:41.0551 0x18b8 ================ Scan MBR ==================================
    13:01:41.0565 0x18b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    13:01:41.0857 0x18b8 \Device\Harddisk0\DR0 - ok
    13:01:41.0871 0x18b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    13:01:41.0932 0x18b8 \Device\Harddisk1\DR1 - ok
    13:01:41.0944 0x18b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
    13:01:41.0997 0x18b8 \Device\Harddisk2\DR2 - ok
    13:01:41.0998 0x18b8 ================ Scan VBR ==================================
    13:01:42.0001 0x18b8 [ 1E765551646B8749CA7459D8F434BF50 ] \Device\Harddisk0\DR0\
    Partition1
    13:01:42.0003 0x18b8 \Device\Harddisk0\DR0\Partition1 - ok
    13:01:42.0007 0x18b8 [ 9E07C9B14DB77653B38BBCB0E46BAA21 ] \Device\Harddisk0\DR0\
    Partition2
    13:01:42.0008 0x18b8 \Device\Harddisk0\DR0\Partition2 - ok
    13:01:42.0012 0x18b8 [ 90CF4A2D7CC5965A856D190633B695AD ] \Device\Harddisk0\DR0\
    Partition3
    13:01:42.0013 0x18b8 \Device\Harddisk0\DR0\Partition3 - ok
    13:01:42.0017 0x18b8 [ 6610E3C236AAD7BAC1A60ABDE3AC7FFB ] \Device\Harddisk1\DR1\
    Partition1
    13:01:42.0019 0x18b8 \Device\Harddisk1\DR1\Partition1 - ok
    13:01:42.0022 0x18b8 [ 1EF86F40219A6F05D0E86F1FAC2556BD ] \Device\Harddisk1\DR1\
    Partition2
    13:01:42.0024 0x18b8 \Device\Harddisk1\DR1\Partition2 - ok
    13:01:42.0027 0x18b8 [ E2C2B8416BA3831944F85C4DA8B0CADC ] \Device\Harddisk2\DR2\
    Partition1
    13:01:42.0029 0x18b8 \Device\Harddisk2\DR2\Partition1 - ok
    13:01:42.0029 0x18b8 ================ Scan generic autorun ======================
    13:01:42.0166 0x18b8 [ EB603F1E43D60C1D0BD189DE0503D1DC,
    493796D9D5AF92172FABEB5AE219C5A5908129469F1C197C6CC742AFB757A93D ] C:\Program
    Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows SP1\avp.exe
    13:01:42.0180 0x18b8 AVP - ok
    13:01:42.0280 0x18b8 [ 1C921F1F87865A1EEC32B10AB88178FF,
    FC5C658ED5C4AE264AD2EF1ED143BDDF326D2D002839C675E230C5A3A30A2364 ] C:\Program
    Files\Nuance\OmniPage19\Ereg\Ereg.exe
    13:01:42.0288 0x18b8 Nuance OmniPage Ultimate-reminder - ok
    13:01:42.0364 0x18b8 [ 892994FB295406E29600AEC1262D0FCF,
    04EBBA8E55408F6BE395D202E7A4C722711E817D15D81C1E510597B6264F8C79 ] C:\Program
    Files\Nuance\PDF Create 8\RegistryController.exe
    13:01:42.0372 0x18b8 PDF8 Registry Controller - ok
    13:01:42.0467 0x18b8 [ EAAF14251CEB583C162E402BDBDBE933,
    CB71A6D29C8209433AA6144B578242F0A475F133F12EB8EABCD04D888E8F620C ] C:\Program
    Files\Nuance\PDF Create 8\pdfpro8hook.exe
    13:01:42.0940 0x18b8 PDFProHook - ok
    13:01:42.0994 0x18b8 [ 96B3C4E20F02CA16AA1E3E425BFFCC8B,
    F94A548244071D406BDD6F770D4705B92F5485CA509B699A33472DFE7563BA39 ] C:\WINDOWS\
    WindowsMobile\wmdc.exe
    13:01:43.0010 0x18b8 Windows Mobile Device Center - ok
    13:01:43.0069 0x18b8 [ BDFE0D7AC114A3C0986B09468D841100,
    9FC2342D24F92EB731D905795A7B38EEF2B8084D29B1407796F6BAC9E3772BC3 ] C:\Program
    Files\HP\HP UT LEDM\bin\hppusg.exe
    13:01:43.0072 0x18b8 HPUsageTrackingLEDM - ok
    13:01:43.0236 0x18b8 [ 84907971C76F93C3BF746EEED058DE8B,
    D92AAD2BF6D6957C0DEFF81969979A95237D5B0F7AB581F59E670717A7FBB5F2 ] C:\Program
    Files\Real\RealPlayer\update\realsched.exe
    13:01:43.0246 0x18b8 TkBellExe - ok
    13:01:43.0359 0x18b8 [ D60B612673B5C8AF060F4EB7204F62B5,
    C895854E429243509A60210B5CC32818E332ABDF8C6282BA00112DA583761F75 ] C:\Program
    Files\Real\RealDownloader\downloader2.exe
    13:01:43.0373 0x18b8 RealDownloader - ok
    13:01:43.0490 0x18b8 [ EE8626BAD390E3F3EBCA5816F133F14A,
    2E6331418F6EE99539822E18FCACE74EEEC9A4970BBFB392C89AF32088753525 ] C:\Program
    Files\Samsung\Kies\KiesTrayAgent.exe
    13:01:43.0500 0x18b8 KiesTrayAgent - ok
    13:01:43.0535 0x18b8 OneDriveSetup - ok
    13:01:43.0537 0x18b8 OneDriveSetup - ok
    13:01:43.0692 0x18b8 [ 642102CCB9EF737E188D136B93AB9A1F,
    9BF47F3B3DAD7938C804C951FC81AC5C1EA8BDD94AB29630D5080CE797F3CC0F ] C:\Users\mr
    chouati\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    13:01:43.0714 0x18b8 OneDrive - ok
    13:01:43.0869 0x18b8 [ 2AA1DDE4CE26F216347FD9057B61BB5F,
    2BDD1B4013349975B1CF4FBC764E4D5ED7C01B39D9B0D5A20BE0A742634AE1D3 ] C:\Users\mr
    chouati\AppData\Roaming\uTorrent\uTorrent.exe
    13:01:43.0901 0x18b8 uTorrent - ok
    13:01:44.0045 0x18b8 [ 4F15D6C4850086F453CDDC36E1C083C8,
    DECC3713133DDD114B5AFECF676043FAAF4C178475E76D365430080994CED439 ] C:\Program
    Files\DAEMON Tools Lite\DTAgent.exe
    13:01:44.0099 0x18b8 DAEMON Tools Lite Automount - ok
    13:01:44.0215 0x18b8 [ C6BDF0F7C7354CE2073BAB2C8B1BE845,
    AF2B54FBFEC942E8B76DF194E97A4EEE2F8CEAA17FBA7A924C6C01728CCE8F8A ] C:\Program
    Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    13:01:44.0247 0x18b8 WSHelperSetup.exe - ok
    13:01:44.0421 0x18b8 [ 642102CCB9EF737E188D136B93AB9A1F,
    9BF47F3B3DAD7938C804C951FC81AC5C1EA8BDD94AB29630D5080CE797F3CC0F ] C:\Users\
    administrateur.LAMACOM\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    13:01:44.0445 0x18b8 OneDrive - ok
    13:01:44.0449 0x18b8 OneDriveSetup - ok
    13:01:44.0504 0x18b8 WAB Migrate - ok
    13:01:44.0507 0x18b8 OneDriveSetup - ok
    13:01:44.0508 0x18b8 WAB Migrate - ok
    13:01:44.0512 0x18b8 Waiting for KSN requests completion. In queue: 29
    13:01:45.0513 0x18b8 Waiting for KSN requests completion. In queue: 29
    13:01:46.0514 0x18b8 Waiting for KSN requests completion. In queue: 29
    13:01:47.0515 0x18b8 Waiting for KSN requests completion. In queue: 29
    13:01:48.0684 0x18b8 AV detected via SS2: Windows Defender, C:\Program Files\
    Windows Defender\MSASCui.exe ( 4.10.14393.1198 ), 0x60100 ( disabled : updated )
    13:01:48.0728 0x18b8 AV detected via SS2: Kaspersky Endpoint Security 10 for
    Windows, C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows
    SP1\wmiav.exe ( 10.2.4.674 ), 0x41000 ( enabled : updated )
    13:01:48.0751 0x18b8 FW detected via SS2: Kaspersky Endpoint Security 10 for
    Windows, C:\Program Files\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows
    SP1\wmifw.exe ( 10.2.4.674 ), 0x41010 ( enabled )
    13:01:59.0559 0x18b8 ============================================================
    13:01:59.0559 0x18b8 Scan finished
    13:01:59.0559 0x18b8 ============================================================
    13:01:59.0569 0x16c0 Detected object count: 1
    13:01:59.0569 0x16c0 Actual detected object count: 1
    13:02:17.0878 0x16c0 C:\WINDOWS\System32\Merci.sys - copied to quarantine
    13:02:17.0878 0x16c0 Merci ( LockedService.Multi.Generic ) - User select action:
    Quarantine
    13:02:23.0254 0x02fc Deinitialize success

    You might also like