Message intempestif ADSAdclient31 sur MSN
Résolu/Fermé
A voir également:
- Message intempestif ADSAdclient31 sur MSN
- Comment recuperer un message supprimé sur whatsapp - Guide
- Message d'absence thunderbird - Guide
- Msn - Télécharger - Messagerie
- Retrouver conversation msn ✓ - Forum MSN / WLM
- Ce compte ne peut pas recevoir vos messages car il n’autorise aucune invitation par message ✓ - Forum Facebook
28 réponses
Utilisateur anonyme
21 avril 2012 à 13:29
21 avril 2012 à 13:29
bonjour,
ton pc a été rootkité !
* Télécharge TDSSKiller sur ton bureau :
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
* Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant qu'administrateur " )
* Clique sur [Start Scan] pour démarrer l'analyse.
* Si des élements sont trouvés, cliques sur [Continue] puis sur [Reboot Now]
* Un rapport s'ouvrira au redémarrage du PC.
* Copie/Colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt.
note :
Conserve l'action proposée par défaut par l'outil :
- Si TDSS.tdl2 : l'option Delete sera cochée.
- Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
- Si "Suspicious object" ou Sptd ou ForgedFile.Multi.Generic : laisse l'option cochée sur Skip
- Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas:D
ton pc a été rootkité !
* Télécharge TDSSKiller sur ton bureau :
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
* Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant qu'administrateur " )
* Clique sur [Start Scan] pour démarrer l'analyse.
* Si des élements sont trouvés, cliques sur [Continue] puis sur [Reboot Now]
* Un rapport s'ouvrira au redémarrage du PC.
* Copie/Colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt.
note :
Conserve l'action proposée par défaut par l'outil :
- Si TDSS.tdl2 : l'option Delete sera cochée.
- Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
- Si "Suspicious object" ou Sptd ou ForgedFile.Multi.Generic : laisse l'option cochée sur Skip
- Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas:D
Utilisateur anonyme
21 avril 2012 à 15:06
21 avril 2012 à 15:06
* /!\Avertissement :
Ce logiciel n'est à utiliser que prescrit par un helper qualifié.
Ne pas utiliser en dehors de ce cas de figure : dangereux!
/!\ Utilisateur de Vista : Ne pas oublier de désactiver l'UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
► Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
ou ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
► ferme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
/!\Utilisateur de Vista : Clique droit sur le logo de Combofix, « exécuter en tant qu'Administrateur »
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\ComboFix\ComboFix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Ce logiciel n'est à utiliser que prescrit par un helper qualifié.
Ne pas utiliser en dehors de ce cas de figure : dangereux!
/!\ Utilisateur de Vista : Ne pas oublier de désactiver l'UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
► Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
ou ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
► ferme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
/!\Utilisateur de Vista : Clique droit sur le logo de Combofix, « exécuter en tant qu'Administrateur »
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\ComboFix\ComboFix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Utilisateur anonyme
2 mai 2012 à 20:08
2 mai 2012 à 20:08
? Télécharger et enregistre ADWcleaner sur ton bureau (Merci à Xplode) :
http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
Lance le,
clique sur supprimer et poste son rapport
http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
Lance le,
clique sur supprimer et poste son rapport
Utilisateur anonyme
3 mai 2012 à 07:20
3 mai 2012 à 07:20
super,
relance ADWC, clique sur désinstaller !
relance zhpdiag,
clique sur la flèche verte pour lancer une mise à jour,
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
relance ADWC, clique sur désinstaller !
relance zhpdiag,
clique sur la flèche verte pour lancer une mise à jour,
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :
https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
3 mai 2012 à 20:48
3 mai 2012 à 20:48
installe la version 10 X de Adobe et 31 de java depuis leurs sites dédiés !
attention au P2P !
* Lance ZHPFix via le raccourci sur ton Bureau
Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
ouvre ce document et fais un copier coller de la totalité du contenu, dans la fenêtre de zhpfix
* * Copie ( Ctrl + C ) et colle ( Ctrl + V ) les lignes suivantes en gras dans Zhpfix :
---------------------------------------------------------
O43 - CFD: 18/02/2011 - 01:20:16 - [0,540] -SH-D C:\Users\bologue\AppData\Roaming\Network Antivirus Protection
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25535
[HKCU\Software\3]
O87 - FAEL: "{2E90078D-51FD-41C2-9FFE-A31DDA63C515}" |In - Private - P17 - TRUE | .(...) -- J:\Install\COMMON\TwoWorlds2.exe (.not file.) => Fichier absent
O87 - FAEL: "TCP Query User{E739F069-6D72-4663-BE1E-1C9530E02CC1}C:\programdata\1911c5\na191_2296.exe" |In - Private - P6 - TRUE | .(...) -- C:\programdata\1911c5\na191_2296.exe (.not file.) => Fichier absent
O87 - FAEL: "UDP Query User{03947220-3728-4161-A93F-F902E8319F34}C:\programdata\1911c5\na191_2296.exe" |In - Private - P17 - TRUE | .(...) -- C:\programdata\1911c5\na191_2296.exe (.not file.) => Fichier absent
O87 - FAEL: "{41126514-BF9F-4372-849A-F86916B391D9}" |In - Private - P6 - TRUE | .(...) -- C:\Users\bologue\AppData\Local\Temp\Update_0f66.exe (.not file.) => Fichier absent
O87 - FAEL: "{C56A612F-E955-4EA7-A75A-BC834AFC58C5}" |In - Private - P17 - TRUE | .(...) -- C:\Users\bologue\AppData\Local\Temp\Update_0f66.exe (.not O87 - FAEL: "{69E89C2F-DD2A-45B5-A257-59BE638735FA}" |In - Private - P6 - TRUE | .(...) -- J:\Install\COMMON\TwoWorlds2.exe (.not file.) => Fichier absent
file.)
O4 - Global Startup: C:\Users\bologue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Network Antivirus Protection.lnk . (...) -- C:\ProgramData\1911c5\NA191_2296.exe (.not file.) => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{9E298518-6FD1-4453-91C9-34F833BE9E05}] (...) -- J:\FairLight\Installer.exe (.not file.) => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{B770308D-09DC-4103-AAA5-382D7C5A3BC3}] (...) -- C:\Users\bologue\T'l'chargement\photofiltre_photofiltre_6.5.2_avec_toolbar_francais_10731.exe (.not file.) => Fichier absent
O43 - CFD: 22/04/2012 - 19:42:56 - [0] ----D C:\Users\bologue\AppData\Local\{00662544-426C-45C0-8D36-C445BCAF83BE} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 08:19:33 - [0] ----D C:\Users\bologue\AppData\Local\{00C631A0-3DCD-47E4-863F-62B90E7803D2} => Empty Folder not necessary
O43 - CFD: 04/04/2012 - 09:19:03 - [0] ----D C:\Users\bologue\AppData\Local\{010C2ED9-FC67-4531-8136-4E47933F0938} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 01:58:10 - [0] ----D C:\Users\bologue\AppData\Local\{03B6B4E9-7FF7-454C-8327-07A152F61669} => Empty Folder not necessary
O43 - CFD: 03/05/2012 - 16:25:16 - [0] ----D C:\Users\bologue\AppData\Local\{03CC9A91-063A-4051-A32A-1DB264B4BFAA} => Empty Folder not necessary
O43 - CFD: 12/04/2012 - 14:49:59 - [0] ----D C:\Users\bologue\AppData\Local\{064AD20A-8622-4D7B-8379-9136622BA0D0} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:22:54 - [0] ----D C:\Users\bologue\AppData\Local\{0E755D61-A750-442A-A41E-8E0824F46C44} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:46 - [0] ----D C:\Users\bologue\AppData\Local\{0EBB84F7-4D10-46C8-B0A0-92412CBD6CEF} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 23:22:05 - [0] ----D C:\Users\bologue\AppData\Local\{10909293-D442-4AF6-AC9C-2CAE0733B42F} => Empty Folder not necessary
O43 - CFD: 16/04/2012 - 18:13:57 - [0] ----D C:\Users\bologue\AppData\Local\{13227877-EE66-4EAA-949F-F9D2566C8551} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 01:57:49 - [0] ----D C:\Users\bologue\AppData\Local\{183DF008-7B59-4051-AE0E-EBDCC73BBDC4} => Empty Folder not necessary
O43 - CFD: 09/04/2012 - 10:04:25 - [0] ----D C:\Users\bologue\AppData\Local\{1E9C5C25-8132-4F91-9CE9-F1D187183077} => Empty Folder not necessary
O43 - CFD: 14/04/2012 - 18:14:20 - [0] ----D C:\Users\bologue\AppData\Local\{2666799E-1629-49CD-9796-5FAEEA14AE71} => Empty Folder not necessary
O43 - CFD: 15/04/2012 - 06:15:21 - [0] ----D C:\Users\bologue\AppData\Local\{2B25F58C-BC66-4B93-96E2-F86BB6CD668E} => Empty Folder not necessary
O43 - CFD: 03/05/2012 - 16:25:06 - [0] ----D C:\Users\bologue\AppData\Local\{3282CDA9-3AB0-4590-8184-B38721D90F4B} => Empty Folder not necessary
O43 - CFD: 24/04/2012 - 16:00:42 - [0] ----D C:\Users\bologue\AppData\Local\{3467C604-5F44-425B-B28D-D363E492AEDE} => Empty Folder not necessary
O43 - CFD: 20/04/2012 - 21:00:34 - [0] ----D C:\Users\bologue\AppData\Local\{4929B365-A3A0-47CA-9000-FCF67FDF3EEC} => Empty Folder not necessary
O43 - CFD: 28/04/2012 - 17:23:36 - [0] ----D C:\Users\bologue\AppData\Local\{4B681E96-8F45-4605-A2D0-C114A4D84B7D} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 15:43:58 - [0] ----D C:\Users\bologue\AppData\Local\{501B057A-D868-4EE0-A301-58A281E8FAD2} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:31 - [0] ----D C:\Users\bologue\AppData\Local\{52B0F863-14F8-4056-967B-FDA609B7B9E0} => Empty Folder not necessary
O43 - CFD: 10/04/2012 - 15:52:43 - [0] ----D C:\Users\bologue\AppData\Local\{57E131F3-CC2A-45A5-9852-3B35352B0E8F} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:22:34 - [0] ----D C:\Users\bologue\AppData\Local\{59673A05-A28A-4986-A039-B6011EE70F2F} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 23:21:50 - [0] ----D C:\Users\bologue\AppData\Local\{5AD9434B-834F-4B16-A5BA-8ABB840C4211} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 17:47:00 - [0] ----D C:\Users\bologue\AppData\Local\{5BD89913-FB55-4134-A15B-2AB3DA1AE1FE} => Empty Folder not necessary
O43 - CFD: 09/04/2012 - 10:04:10 - [0] ----D C:\Users\bologue\AppData\Local\{5C0F5D96-A640-4B94-9167-C98B860595E6} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 08:08:07 - [0] ----D C:\Users\bologue\AppData\Local\{5FC80B2F-17F7-420A-BD3C-FA61179EF985} => Empty Folder not necessary
O43 - CFD: 21/04/2012 - 13:20:14 - [0] ----D C:\Users\bologue\AppData\Local\{6276C6EC-4376-4520-A0F1-7541475CB407} => Empty Folder not necessary
O43 - CFD: 28/04/2012 - 17:23:15 - [0] ----D C:\Users\bologue\AppData\Local\{662EF680-8E4F-4FFD-ACAA-FA043DB9634E} => Empty Folder not necessary
O43 - CFD: 11/04/2012 - 19:32:12 - [0] ----D C:\Users\bologue\AppData\Local\{67D25791-048A-4B82-BAB8-FCBBA6545845} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 18:28:08 - [0] ----D C:\Users\bologue\AppData\Local\{699E6577-AB5C-4D2A-B66C-ED0AB01357EF} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:13 - [0] ----D C:\Users\bologue\AppData\Local\{6A4BA0B8-6264-48B0-A743-922DD7DC5511} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 23:21:29 - [0] ----D C:\Users\bologue\AppData\Local\{6E2B1DEB-58D3-438D-A7D3-517A73D9835B} => Empty Folder not necessary
O43 - CFD: 01/05/2012 - 10:49:26 - [0] ----D C:\Users\bologue\AppData\Local\{715F7ED3-4411-4C97-BF93-2786A1AF64AB} => Empty Folder not necessary
O43 - CFD: 07/04/2012 - 16:26:10 - [0] ----D C:\Users\bologue\AppData\Local\{79FF1C43-D6A1-48A8-9C82-BEF8925E2D37} => Empty Folder not necessary
O43 - CFD: 22/04/2012 - 19:42:40 - [0] ----D C:\Users\bologue\AppData\Local\{7A77EC88-4F64-4709-8091-9D5CC10FC2E9} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:23:03 - [0] ----D C:\Users\bologue\AppData\Local\{867387D2-D23E-4B89-B7F2-320A97F92025} => Empty Folder not necessary
O43 - CFD: 16/04/2012 - 18:13:41 - [0] ----D C:\Users\bologue\AppData\Local\{8696C69D-73C1-4D7D-AECA-6BD05D8E3709} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:22:44 - [0] ----D C:\Users\bologue\AppData\Local\{89FFE498-B38E-49D1-8AC4-15EEFE359E29} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:23 - [0] ----D C:\Users\bologue\AppData\Local\{8D5E49CD-37F2-4184-9006-1000C12D31EE} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 08:19:17 - [0] ----D C:\Users\bologue\AppData\Local\{8E911006-85AA-48EC-BFEE-2358FFC0F097} => Empty Folder not necessary
O43 - CFD: 17/04/2012 - 13:45:59 - [0] ----D C:\Users\bologue\AppData\Local\{95B9C23F-065A-44C0-9035-2BB984301D09} => Empty Folder not necessary
O43 - CFD: 11/04/2012 - 19:32:30 - [0] ----D C:\Users\bologue\AppData\Local\{98353369-C22B-47C2-A55A-DCEB9EA1D3E8} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:50 - [0] ----D C:\Users\bologue\AppData\Local\{9A03EDD1-D089-4DB2-B796-73CBA81E80AF} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 18:47:56 - [0] ----D C:\Users\bologue\AppData\Local\{9C4E21BF-EEEE-47E2-90E3-B0DA12511A2B} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:43 - [0] ----D C:\Users\bologue\AppData\Local\{A1343FF6-E7BE-4A8F-A7DE-B129F7F36960} => Empty Folder not necessary
O43 - CFD: 12/04/2012 - 14:49:45 - [0] ----D C:\Users\bologue\AppData\Local\{B1F8A4CC-DB61-450E-A3DE-E6BEE6EDEB19} => Empty Folder not necessary
O43 - CFD: 30/04/2012 - 18:52:52 - [0] ----D C:\Users\bologue\AppData\Local\{B5F0C2F1-5438-4A85-982A-FF996C615154} => Empty Folder not necessary
O43 - CFD: 07/04/2012 - 16:25:51 - [0] ----D C:\Users\bologue\AppData\Local\{B719B83D-E47F-4423-BDFB-EFFD084CA26F} => Empty Folder not necessary
O43 - CFD: 14/04/2012 - 18:14:40 - [0] ----D C:\Users\bologue\AppData\Local\{B7C1E802-E630-48F2-A920-75D674E7EEC2} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 18:47:45 - [0] ----D C:\Users\bologue\AppData\Local\{B7F0BEA9-BCA2-4B32-8A11-AA26DB51C630} => Empty Folder not necessary
O43 - CFD: 24/04/2012 - 16:00:31 - [0] ----D C:\Users\bologue\AppData\Local\{B9B738D1-AA5C-47D4-993D-4BB3BD772A88} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:33 - [0] ----D C:\Users\bologue\AppData\Local\{BC5F50BA-C6BE-4335-8E9A-47F1FF771619} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 17:46:58 - [0] ----D C:\Users\bologue\AppData\Local\{BD2A117F-249E-49C2-A1E0-B82B5056CAB7} => Empty Folder not necessary
O43 - CFD: 20/04/2012 - 21:00:47 - [0] ----D C:\Users\bologue\AppData\Local\{C7549B21-D017-4E27-9ECC-FDBD13D07C07} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 01:58:00 - [0] ----D C:\Users\bologue\AppData\Local\{D165B7CD-CBCF-45A1-AC45-277B7BDE8877} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 08:07:48 - [0] ----D C:\Users\bologue\AppData\Local\{D2D29328-0DF5-4DE7-95FA-C46A65E0D7C0} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:40 - [0] ----D C:\Users\bologue\AppData\Local\{D3D6C7C6-3812-4AC8-9C9F-31A9D881950A} => Empty Folder not necessary
O43 - CFD: 01/05/2012 - 10:49:36 - [0] ----D C:\Users\bologue\AppData\Local\{D6F5FC50-80AD-4BE3-8CCB-E700E1730D1A} => Empty Folder not necessary
O43 - CFD: 27/04/2012 - 11:24:31 - [0] ----D C:\Users\bologue\AppData\Local\{D7C3369E-D0E4-401D-8C64-506138BB7879} => Empty Folder not necessary
O43 - CFD: 10/04/2012 - 15:52:25 - [0] ----D C:\Users\bologue\AppData\Local\{D7F6B0E7-CF28-4609-A1DD-3A828FA7CBE4} => Empty Folder not necessary
O43 - CFD: 27/04/2012 - 11:24:41 - [0] ----D C:\Users\bologue\AppData\Local\{DE979918-B2F9-4F74-9B7C-A94C571D7CFE} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:26 - [0] ----D C:\Users\bologue\AppData\Local\{EB950AC2-DCBB-4E08-8C40-CB6EE1EB69FC} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:56 - [0] ----D C:\Users\bologue\AppData\Local\{EDC87DCF-DB10-444A-9404-4987D66DCF80} => Empty Folder not necessary
O43 - CFD: 21/04/2012 - 13:20:28 - [0] ----D C:\Users\bologue\AppData\Local\{EF0E9ABD-A0DF-40F8-BEFA-DE5736118E75} => Empty Folder not necessary
O43 - CFD: 17/04/2012 - 13:46:17 - [0] ----D C:\Users\bologue\AppData\Local\{F0C3054E-A8AB-4A8A-BB27-EA6EE651DB9B} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:21 - [0] ----D C:\Users\bologue\AppData\Local\{F11AC581-02C8-4816-9550-2986AC8A4FCC} => Empty Folder not necessary
O43 - CFD: 30/04/2012 - 18:53:05 - [0] ----D C:\Users\bologue\AppData\Local\{F66581AC-E53C-4B12-BAA0-CA51058F95E3} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 15:44:10 - [0] ----D C:\Users\bologue\AppData\Local\{FAC2F25D-3EDC-4230-81C4-CA0C23E7B899} => Empty Folder not necessary
O43 - CFD: 15/04/2012 - 06:15:31 - [0] ----D C:\Users\bologue\AppData\Local\{FC1B68AB-EF7A-4903-8375-71B32563C74A} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 18:27:43 - [0] ----D C:\Users\bologue\AppData\Local\{FD8754E8-C496-4164-88E8-3263908BBD63} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:36 - [0] ----D C:\Users\bologue\AppData\Local\{FF0D7195-A281-44BD-BA57-F86F735D07EB}
Emptytemp
Mbrfix
----------------------------------------------------------
- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
Tuto :
http://www.premiumorange.com/zeb-help-process/zhpfix.html
attention au P2P !
* Lance ZHPFix via le raccourci sur ton Bureau
Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
ouvre ce document et fais un copier coller de la totalité du contenu, dans la fenêtre de zhpfix
* * Copie ( Ctrl + C ) et colle ( Ctrl + V ) les lignes suivantes en gras dans Zhpfix :
---------------------------------------------------------
O43 - CFD: 18/02/2011 - 01:20:16 - [0,540] -SH-D C:\Users\bologue\AppData\Roaming\Network Antivirus Protection
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:25535
[HKCU\Software\3]
O87 - FAEL: "{2E90078D-51FD-41C2-9FFE-A31DDA63C515}" |In - Private - P17 - TRUE | .(...) -- J:\Install\COMMON\TwoWorlds2.exe (.not file.) => Fichier absent
O87 - FAEL: "TCP Query User{E739F069-6D72-4663-BE1E-1C9530E02CC1}C:\programdata\1911c5\na191_2296.exe" |In - Private - P6 - TRUE | .(...) -- C:\programdata\1911c5\na191_2296.exe (.not file.) => Fichier absent
O87 - FAEL: "UDP Query User{03947220-3728-4161-A93F-F902E8319F34}C:\programdata\1911c5\na191_2296.exe" |In - Private - P17 - TRUE | .(...) -- C:\programdata\1911c5\na191_2296.exe (.not file.) => Fichier absent
O87 - FAEL: "{41126514-BF9F-4372-849A-F86916B391D9}" |In - Private - P6 - TRUE | .(...) -- C:\Users\bologue\AppData\Local\Temp\Update_0f66.exe (.not file.) => Fichier absent
O87 - FAEL: "{C56A612F-E955-4EA7-A75A-BC834AFC58C5}" |In - Private - P17 - TRUE | .(...) -- C:\Users\bologue\AppData\Local\Temp\Update_0f66.exe (.not O87 - FAEL: "{69E89C2F-DD2A-45B5-A257-59BE638735FA}" |In - Private - P6 - TRUE | .(...) -- J:\Install\COMMON\TwoWorlds2.exe (.not file.) => Fichier absent
file.)
O4 - Global Startup: C:\Users\bologue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Network Antivirus Protection.lnk . (...) -- C:\ProgramData\1911c5\NA191_2296.exe (.not file.) => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{9E298518-6FD1-4453-91C9-34F833BE9E05}] (...) -- J:\FairLight\Installer.exe (.not file.) => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{B770308D-09DC-4103-AAA5-382D7C5A3BC3}] (...) -- C:\Users\bologue\T'l'chargement\photofiltre_photofiltre_6.5.2_avec_toolbar_francais_10731.exe (.not file.) => Fichier absent
O43 - CFD: 22/04/2012 - 19:42:56 - [0] ----D C:\Users\bologue\AppData\Local\{00662544-426C-45C0-8D36-C445BCAF83BE} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 08:19:33 - [0] ----D C:\Users\bologue\AppData\Local\{00C631A0-3DCD-47E4-863F-62B90E7803D2} => Empty Folder not necessary
O43 - CFD: 04/04/2012 - 09:19:03 - [0] ----D C:\Users\bologue\AppData\Local\{010C2ED9-FC67-4531-8136-4E47933F0938} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 01:58:10 - [0] ----D C:\Users\bologue\AppData\Local\{03B6B4E9-7FF7-454C-8327-07A152F61669} => Empty Folder not necessary
O43 - CFD: 03/05/2012 - 16:25:16 - [0] ----D C:\Users\bologue\AppData\Local\{03CC9A91-063A-4051-A32A-1DB264B4BFAA} => Empty Folder not necessary
O43 - CFD: 12/04/2012 - 14:49:59 - [0] ----D C:\Users\bologue\AppData\Local\{064AD20A-8622-4D7B-8379-9136622BA0D0} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:22:54 - [0] ----D C:\Users\bologue\AppData\Local\{0E755D61-A750-442A-A41E-8E0824F46C44} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:46 - [0] ----D C:\Users\bologue\AppData\Local\{0EBB84F7-4D10-46C8-B0A0-92412CBD6CEF} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 23:22:05 - [0] ----D C:\Users\bologue\AppData\Local\{10909293-D442-4AF6-AC9C-2CAE0733B42F} => Empty Folder not necessary
O43 - CFD: 16/04/2012 - 18:13:57 - [0] ----D C:\Users\bologue\AppData\Local\{13227877-EE66-4EAA-949F-F9D2566C8551} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 01:57:49 - [0] ----D C:\Users\bologue\AppData\Local\{183DF008-7B59-4051-AE0E-EBDCC73BBDC4} => Empty Folder not necessary
O43 - CFD: 09/04/2012 - 10:04:25 - [0] ----D C:\Users\bologue\AppData\Local\{1E9C5C25-8132-4F91-9CE9-F1D187183077} => Empty Folder not necessary
O43 - CFD: 14/04/2012 - 18:14:20 - [0] ----D C:\Users\bologue\AppData\Local\{2666799E-1629-49CD-9796-5FAEEA14AE71} => Empty Folder not necessary
O43 - CFD: 15/04/2012 - 06:15:21 - [0] ----D C:\Users\bologue\AppData\Local\{2B25F58C-BC66-4B93-96E2-F86BB6CD668E} => Empty Folder not necessary
O43 - CFD: 03/05/2012 - 16:25:06 - [0] ----D C:\Users\bologue\AppData\Local\{3282CDA9-3AB0-4590-8184-B38721D90F4B} => Empty Folder not necessary
O43 - CFD: 24/04/2012 - 16:00:42 - [0] ----D C:\Users\bologue\AppData\Local\{3467C604-5F44-425B-B28D-D363E492AEDE} => Empty Folder not necessary
O43 - CFD: 20/04/2012 - 21:00:34 - [0] ----D C:\Users\bologue\AppData\Local\{4929B365-A3A0-47CA-9000-FCF67FDF3EEC} => Empty Folder not necessary
O43 - CFD: 28/04/2012 - 17:23:36 - [0] ----D C:\Users\bologue\AppData\Local\{4B681E96-8F45-4605-A2D0-C114A4D84B7D} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 15:43:58 - [0] ----D C:\Users\bologue\AppData\Local\{501B057A-D868-4EE0-A301-58A281E8FAD2} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:31 - [0] ----D C:\Users\bologue\AppData\Local\{52B0F863-14F8-4056-967B-FDA609B7B9E0} => Empty Folder not necessary
O43 - CFD: 10/04/2012 - 15:52:43 - [0] ----D C:\Users\bologue\AppData\Local\{57E131F3-CC2A-45A5-9852-3B35352B0E8F} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:22:34 - [0] ----D C:\Users\bologue\AppData\Local\{59673A05-A28A-4986-A039-B6011EE70F2F} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 23:21:50 - [0] ----D C:\Users\bologue\AppData\Local\{5AD9434B-834F-4B16-A5BA-8ABB840C4211} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 17:47:00 - [0] ----D C:\Users\bologue\AppData\Local\{5BD89913-FB55-4134-A15B-2AB3DA1AE1FE} => Empty Folder not necessary
O43 - CFD: 09/04/2012 - 10:04:10 - [0] ----D C:\Users\bologue\AppData\Local\{5C0F5D96-A640-4B94-9167-C98B860595E6} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 08:08:07 - [0] ----D C:\Users\bologue\AppData\Local\{5FC80B2F-17F7-420A-BD3C-FA61179EF985} => Empty Folder not necessary
O43 - CFD: 21/04/2012 - 13:20:14 - [0] ----D C:\Users\bologue\AppData\Local\{6276C6EC-4376-4520-A0F1-7541475CB407} => Empty Folder not necessary
O43 - CFD: 28/04/2012 - 17:23:15 - [0] ----D C:\Users\bologue\AppData\Local\{662EF680-8E4F-4FFD-ACAA-FA043DB9634E} => Empty Folder not necessary
O43 - CFD: 11/04/2012 - 19:32:12 - [0] ----D C:\Users\bologue\AppData\Local\{67D25791-048A-4B82-BAB8-FCBBA6545845} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 18:28:08 - [0] ----D C:\Users\bologue\AppData\Local\{699E6577-AB5C-4D2A-B66C-ED0AB01357EF} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:13 - [0] ----D C:\Users\bologue\AppData\Local\{6A4BA0B8-6264-48B0-A743-922DD7DC5511} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 23:21:29 - [0] ----D C:\Users\bologue\AppData\Local\{6E2B1DEB-58D3-438D-A7D3-517A73D9835B} => Empty Folder not necessary
O43 - CFD: 01/05/2012 - 10:49:26 - [0] ----D C:\Users\bologue\AppData\Local\{715F7ED3-4411-4C97-BF93-2786A1AF64AB} => Empty Folder not necessary
O43 - CFD: 07/04/2012 - 16:26:10 - [0] ----D C:\Users\bologue\AppData\Local\{79FF1C43-D6A1-48A8-9C82-BEF8925E2D37} => Empty Folder not necessary
O43 - CFD: 22/04/2012 - 19:42:40 - [0] ----D C:\Users\bologue\AppData\Local\{7A77EC88-4F64-4709-8091-9D5CC10FC2E9} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:23:03 - [0] ----D C:\Users\bologue\AppData\Local\{867387D2-D23E-4B89-B7F2-320A97F92025} => Empty Folder not necessary
O43 - CFD: 16/04/2012 - 18:13:41 - [0] ----D C:\Users\bologue\AppData\Local\{8696C69D-73C1-4D7D-AECA-6BD05D8E3709} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 11:22:44 - [0] ----D C:\Users\bologue\AppData\Local\{89FFE498-B38E-49D1-8AC4-15EEFE359E29} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:23 - [0] ----D C:\Users\bologue\AppData\Local\{8D5E49CD-37F2-4184-9006-1000C12D31EE} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 08:19:17 - [0] ----D C:\Users\bologue\AppData\Local\{8E911006-85AA-48EC-BFEE-2358FFC0F097} => Empty Folder not necessary
O43 - CFD: 17/04/2012 - 13:45:59 - [0] ----D C:\Users\bologue\AppData\Local\{95B9C23F-065A-44C0-9035-2BB984301D09} => Empty Folder not necessary
O43 - CFD: 11/04/2012 - 19:32:30 - [0] ----D C:\Users\bologue\AppData\Local\{98353369-C22B-47C2-A55A-DCEB9EA1D3E8} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:50 - [0] ----D C:\Users\bologue\AppData\Local\{9A03EDD1-D089-4DB2-B796-73CBA81E80AF} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 18:47:56 - [0] ----D C:\Users\bologue\AppData\Local\{9C4E21BF-EEEE-47E2-90E3-B0DA12511A2B} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:43 - [0] ----D C:\Users\bologue\AppData\Local\{A1343FF6-E7BE-4A8F-A7DE-B129F7F36960} => Empty Folder not necessary
O43 - CFD: 12/04/2012 - 14:49:45 - [0] ----D C:\Users\bologue\AppData\Local\{B1F8A4CC-DB61-450E-A3DE-E6BEE6EDEB19} => Empty Folder not necessary
O43 - CFD: 30/04/2012 - 18:52:52 - [0] ----D C:\Users\bologue\AppData\Local\{B5F0C2F1-5438-4A85-982A-FF996C615154} => Empty Folder not necessary
O43 - CFD: 07/04/2012 - 16:25:51 - [0] ----D C:\Users\bologue\AppData\Local\{B719B83D-E47F-4423-BDFB-EFFD084CA26F} => Empty Folder not necessary
O43 - CFD: 14/04/2012 - 18:14:40 - [0] ----D C:\Users\bologue\AppData\Local\{B7C1E802-E630-48F2-A920-75D674E7EEC2} => Empty Folder not necessary
O43 - CFD: 02/05/2012 - 18:47:45 - [0] ----D C:\Users\bologue\AppData\Local\{B7F0BEA9-BCA2-4B32-8A11-AA26DB51C630} => Empty Folder not necessary
O43 - CFD: 24/04/2012 - 16:00:31 - [0] ----D C:\Users\bologue\AppData\Local\{B9B738D1-AA5C-47D4-993D-4BB3BD772A88} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 19:44:33 - [0] ----D C:\Users\bologue\AppData\Local\{BC5F50BA-C6BE-4335-8E9A-47F1FF771619} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 17:46:58 - [0] ----D C:\Users\bologue\AppData\Local\{BD2A117F-249E-49C2-A1E0-B82B5056CAB7} => Empty Folder not necessary
O43 - CFD: 20/04/2012 - 21:00:47 - [0] ----D C:\Users\bologue\AppData\Local\{C7549B21-D017-4E27-9ECC-FDBD13D07C07} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 01:58:00 - [0] ----D C:\Users\bologue\AppData\Local\{D165B7CD-CBCF-45A1-AC45-277B7BDE8877} => Empty Folder not necessary
O43 - CFD: 25/04/2012 - 08:07:48 - [0] ----D C:\Users\bologue\AppData\Local\{D2D29328-0DF5-4DE7-95FA-C46A65E0D7C0} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:40 - [0] ----D C:\Users\bologue\AppData\Local\{D3D6C7C6-3812-4AC8-9C9F-31A9D881950A} => Empty Folder not necessary
O43 - CFD: 01/05/2012 - 10:49:36 - [0] ----D C:\Users\bologue\AppData\Local\{D6F5FC50-80AD-4BE3-8CCB-E700E1730D1A} => Empty Folder not necessary
O43 - CFD: 27/04/2012 - 11:24:31 - [0] ----D C:\Users\bologue\AppData\Local\{D7C3369E-D0E4-401D-8C64-506138BB7879} => Empty Folder not necessary
O43 - CFD: 10/04/2012 - 15:52:25 - [0] ----D C:\Users\bologue\AppData\Local\{D7F6B0E7-CF28-4609-A1DD-3A828FA7CBE4} => Empty Folder not necessary
O43 - CFD: 27/04/2012 - 11:24:41 - [0] ----D C:\Users\bologue\AppData\Local\{DE979918-B2F9-4F74-9B7C-A94C571D7CFE} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:26 - [0] ----D C:\Users\bologue\AppData\Local\{EB950AC2-DCBB-4E08-8C40-CB6EE1EB69FC} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:56 - [0] ----D C:\Users\bologue\AppData\Local\{EDC87DCF-DB10-444A-9404-4987D66DCF80} => Empty Folder not necessary
O43 - CFD: 21/04/2012 - 13:20:28 - [0] ----D C:\Users\bologue\AppData\Local\{EF0E9ABD-A0DF-40F8-BEFA-DE5736118E75} => Empty Folder not necessary
O43 - CFD: 17/04/2012 - 13:46:17 - [0] ----D C:\Users\bologue\AppData\Local\{F0C3054E-A8AB-4A8A-BB27-EA6EE651DB9B} => Empty Folder not necessary
O43 - CFD: 23/04/2012 - 07:43:21 - [0] ----D C:\Users\bologue\AppData\Local\{F11AC581-02C8-4816-9550-2986AC8A4FCC} => Empty Folder not necessary
O43 - CFD: 30/04/2012 - 18:53:05 - [0] ----D C:\Users\bologue\AppData\Local\{F66581AC-E53C-4B12-BAA0-CA51058F95E3} => Empty Folder not necessary
O43 - CFD: 18/04/2012 - 15:44:10 - [0] ----D C:\Users\bologue\AppData\Local\{FAC2F25D-3EDC-4230-81C4-CA0C23E7B899} => Empty Folder not necessary
O43 - CFD: 15/04/2012 - 06:15:31 - [0] ----D C:\Users\bologue\AppData\Local\{FC1B68AB-EF7A-4903-8375-71B32563C74A} => Empty Folder not necessary
O43 - CFD: 06/04/2012 - 18:27:43 - [0] ----D C:\Users\bologue\AppData\Local\{FD8754E8-C496-4164-88E8-3263908BBD63} => Empty Folder not necessary
O43 - CFD: 26/04/2012 - 23:23:36 - [0] ----D C:\Users\bologue\AppData\Local\{FF0D7195-A281-44BD-BA57-F86F735D07EB}
Emptytemp
Mbrfix
----------------------------------------------------------
- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
Tuto :
http://www.premiumorange.com/zeb-help-process/zhpfix.html
Utilisateur anonyme
3 mai 2012 à 22:35
3 mai 2012 à 22:35
* /!\ Utilisateur de Vista : Ne pas oublier de désactiver l'UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau:
https://fr.malwarebytes.com/mwb-download/
ou :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
ou ici :
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
/!\Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminé
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. Tu cliques droit dans le cadre de la réponse et coller
. À la fin du scan, il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton bureau:
https://fr.malwarebytes.com/mwb-download/
ou :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
ou ici :
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
/!\Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Malwarebytes' Anti-Malware, « exécuter en tant qu'Administrateur »
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminé
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. Tu cliques droit dans le cadre de la réponse et coller
. À la fin du scan, il se peut que MBAM ait besoin de redémarrer le pc pour finaliser la suppression, donc pas de panique, redémarre ton pc !!!
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Sauf que la solution qu'il a trouvé, c'est à dire de mettre windows live mail en messagerie par défaut, ne me convient pas. La personne n'a pas fait de l'analyse de son ordinateur, ce que j'ai fait pour savoir exactement ce qui cloche.
ced57680
Messages postés
1331
Date d'inscription
jeudi 22 juin 2006
Statut
Membre
Dernière intervention
10 mars 2014
217
7 mai 2012 à 22:50
7 mai 2012 à 22:50
oui et mon probleme est revenu tout a l'heure ... va savoir pourquoi... mais apres j'ai pu desactiver live mail par defaut et je n'avais plus ces fenetres...mais là c'est revenu quand je me reconnectais a msn ...
Windows69
Messages postés
206
Date d'inscription
mercredi 7 décembre 2011
Statut
Membre
Dernière intervention
27 avril 2013
42
21 avril 2012 à 13:28
21 avril 2012 à 13:28
Up ! Je n'ai pas de solution désolé. Quelqu'un en a peut-être une.
Bonne chance !
Bonne chance !
Voici:
14:51:28.0609 5884 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
14:51:29.0830 5884 ============================================================
14:51:29.0830 5884 Current date / time: 2012/04/21 14:51:29.0830
14:51:29.0830 5884 SystemInfo:
14:51:29.0830 5884
14:51:29.0830 5884 OS Version: 6.0.6002 ServicePack: 2.0
14:51:29.0830 5884 Product type: Workstation
14:51:29.0830 5884 ComputerName: PC-DE-BOLOGUE
14:51:29.0830 5884 UserName: bologue
14:51:29.0830 5884 Windows directory: C:\Windows
14:51:29.0830 5884 System windows directory: C:\Windows
14:51:29.0830 5884 Processor architecture: Intel x86
14:51:29.0830 5884 Number of processors: 2
14:51:29.0830 5884 Page size: 0x1000
14:51:29.0830 5884 Boot type: Normal boot
14:51:29.0831 5884 ============================================================
14:51:30.0373 5884 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:51:30.0394 5884 Drive \Device\Harddisk1\DR1 - Size: 0x7470A00000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:51:30.0730 5884 \Device\Harddisk0\DR0:
14:51:30.0748 5884 MBR partitions:
14:51:30.0748 5884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1003000, BlocksNum 0x1C1C2000
14:51:30.0748 5884 \Device\Harddisk1\DR1:
14:51:30.0749 5884 Invalid mbr signature
14:51:30.0856 5884 C: <-> \Device\Harddisk0\DR0\Partition0
14:51:30.0856 5884 Initialize success
14:51:30.0856 5884 ============================================================
14:51:39.0189 5396 ============================================================
14:51:39.0189 5396 Scan started
14:51:39.0189 5396 Mode: Manual;
14:51:39.0189 5396 ============================================================
14:51:39.0694 5396 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:51:39.0697 5396 !SASCORE - ok
14:51:40.0214 5396 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:51:40.0219 5396 ACPI - ok
14:51:40.0320 5396 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:51:40.0321 5396 AdobeARMservice - ok
14:51:40.0446 5396 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:51:40.0450 5396 AdobeFlashPlayerUpdateSvc - ok
14:51:40.0641 5396 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:51:40.0693 5396 adp94xx - ok
14:51:41.0014 5396 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:51:41.0240 5396 adpahci - ok
14:51:41.0429 5396 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:51:41.0432 5396 adpu160m - ok
14:51:41.0467 5396 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:51:41.0471 5396 adpu320 - ok
14:51:41.0521 5396 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:51:41.0522 5396 AeLookupSvc - ok
14:51:41.0596 5396 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:51:41.0602 5396 AFD - ok
14:51:41.0693 5396 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:51:41.0700 5396 aic78xx - ok
14:51:42.0106 5396 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:51:42.0107 5396 ALG - ok
14:51:42.0235 5396 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:51:42.0261 5396 aliide - ok
14:51:42.0330 5396 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:51:42.0332 5396 amdagp - ok
14:51:42.0406 5396 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:51:42.0426 5396 amdide - ok
14:51:42.0479 5396 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:51:42.0505 5396 AmdK7 - ok
14:51:42.0546 5396 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:51:42.0548 5396 AmdK8 - ok
14:51:42.0608 5396 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:51:42.0630 5396 Appinfo - ok
14:51:42.0874 5396 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:51:42.0875 5396 Apple Mobile Device - ok
14:51:43.0332 5396 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:51:43.0368 5396 arc - ok
14:51:43.0705 5396 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:51:43.0708 5396 arcsas - ok
14:51:43.0815 5396 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:51:43.0840 5396 AsyncMac - ok
14:51:43.0886 5396 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:51:43.0887 5396 atapi - ok
14:51:43.0987 5396 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
14:51:43.0992 5396 atksgt - ok
14:51:44.0097 5396 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:51:44.0103 5396 AudioEndpointBuilder - ok
14:51:44.0111 5396 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:51:44.0114 5396 Audiosrv - ok
14:51:44.0897 5396 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:51:45.0010 5396 AVGIDSAgent - ok
14:51:45.0185 5396 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:51:45.0193 5396 AVGIDSDriver - ok
14:51:45.0245 5396 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:51:45.0270 5396 AVGIDSEH - ok
14:51:45.0308 5396 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:51:45.0309 5396 AVGIDSFilter - ok
14:51:45.0362 5396 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
14:51:45.0363 5396 AVGIDSShim - ok
14:51:45.0400 5396 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
14:51:45.0405 5396 Avgldx86 - ok
14:51:45.0473 5396 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
14:51:45.0475 5396 Avgmfx86 - ok
14:51:45.0535 5396 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
14:51:45.0560 5396 Avgrkx86 - ok
14:51:45.0621 5396 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
14:51:45.0646 5396 Avgtdix - ok
14:51:45.0984 5396 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:51:46.0005 5396 avgwd - ok
14:51:46.0144 5396 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:51:46.0168 5396 Beep - ok
14:51:46.0396 5396 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:51:46.0439 5396 BFE - ok
14:51:46.0723 5396 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
14:51:46.0757 5396 BITS - ok
14:51:46.0781 5396 blbdrive - ok
14:51:46.0981 5396 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:51:47.0030 5396 Bonjour Service - ok
14:51:47.0188 5396 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:51:47.0210 5396 bowser - ok
14:51:47.0330 5396 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:51:47.0351 5396 BrFiltLo - ok
14:51:47.0401 5396 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:51:47.0419 5396 BrFiltUp - ok
14:51:47.0467 5396 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:51:47.0470 5396 Browser - ok
14:51:47.0524 5396 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:51:47.0545 5396 Brserid - ok
14:51:47.0574 5396 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:51:47.0576 5396 BrSerWdm - ok
14:51:47.0610 5396 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:51:47.0612 5396 BrUsbMdm - ok
14:51:47.0671 5396 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:51:47.0681 5396 BrUsbSer - ok
14:51:47.0749 5396 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:51:47.0751 5396 BTHMODEM - ok
14:51:48.0216 5396 BytelMediaServer (02b1721da59c382f6f1c206b38e354c0) C:\ProgramData\media center Bouygues Telecom\MediaServer.exe
14:51:48.0642 5396 BytelMediaServer - ok
14:51:49.0032 5396 catchme - ok
14:51:49.0213 5396 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:51:49.0256 5396 cdfs - ok
14:51:49.0395 5396 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:51:49.0417 5396 cdrom - ok
14:51:49.0618 5396 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:51:49.0625 5396 CertPropSvc - ok
14:51:49.0714 5396 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:51:49.0722 5396 circlass - ok
14:51:49.0857 5396 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:51:49.0863 5396 CLFS - ok
14:51:50.0034 5396 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:50.0050 5396 clr_optimization_v2.0.50727_32 - ok
14:51:50.0233 5396 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:51:50.0244 5396 clr_optimization_v4.0.30319_32 - ok
14:51:50.0455 5396 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:51:50.0458 5396 cmdide - ok
14:51:50.0719 5396 cmuda3 (5d9e1c82428d99ff664139648a13fcbf) C:\Windows\system32\drivers\cmudax3.sys
14:51:50.0776 5396 cmuda3 - ok
14:51:51.0094 5396 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:51:51.0096 5396 Compbatt - ok
14:51:51.0198 5396 COMSysApp - ok
14:51:51.0434 5396 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:51:51.0442 5396 crcdisk - ok
14:51:51.0509 5396 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:51:51.0511 5396 Crusoe - ok
14:51:51.0583 5396 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:51:51.0586 5396 CryptSvc - ok
14:51:51.0707 5396 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:51:51.0752 5396 DcomLaunch - ok
14:51:51.0963 5396 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:51:51.0973 5396 DfsC - ok
14:51:52.0205 5396 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:51:52.0267 5396 DFSR - ok
14:51:52.0396 5396 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:51:52.0421 5396 Dhcp - ok
14:51:52.0496 5396 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:51:52.0498 5396 disk - ok
14:51:52.0569 5396 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:51:52.0572 5396 Dnscache - ok
14:51:52.0626 5396 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:51:52.0630 5396 dot3svc - ok
14:51:52.0721 5396 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:51:52.0724 5396 DPS - ok
14:51:52.0798 5396 driverhardwarev2 (6ec9ff140b4216481b8ab83589581d87) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
14:51:52.0822 5396 driverhardwarev2 - ok
14:51:53.0057 5396 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:51:53.0086 5396 drmkaud - ok
14:51:53.0277 5396 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:51:53.0329 5396 DXGKrnl - ok
14:51:53.0416 5396 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:51:53.0420 5396 E1G60 - ok
14:51:53.0480 5396 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:51:53.0499 5396 EapHost - ok
14:51:53.0654 5396 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:51:53.0670 5396 Ecache - ok
14:51:53.0725 5396 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:51:53.0730 5396 ehRecvr - ok
14:51:53.0804 5396 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:51:53.0826 5396 ehSched - ok
14:51:53.0853 5396 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:51:53.0855 5396 ehstart - ok
14:51:54.0138 5396 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:51:54.0144 5396 elxstor - ok
14:51:54.0341 5396 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:51:54.0376 5396 EMDMgmt - ok
14:51:54.0620 5396 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:51:54.0647 5396 EventSystem - ok
14:51:54.0927 5396 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:51:54.0931 5396 exfat - ok
14:51:55.0022 5396 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:51:55.0026 5396 fastfat - ok
14:51:55.0103 5396 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:51:55.0105 5396 fdc - ok
14:51:55.0157 5396 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:51:55.0176 5396 fdPHost - ok
14:51:55.0217 5396 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:51:55.0219 5396 FDResPub - ok
14:51:55.0272 5396 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:51:55.0275 5396 FileInfo - ok
14:51:55.0305 5396 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:51:55.0322 5396 Filetrace - ok
14:51:55.0359 5396 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:51:55.0381 5396 flpydisk - ok
14:51:55.0429 5396 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:51:55.0456 5396 FltMgr - ok
14:51:56.0106 5396 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:51:56.0489 5396 FontCache - ok
14:51:56.0634 5396 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:51:56.0656 5396 FontCache3.0.0.0 - ok
14:51:57.0148 5396 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:51:57.0160 5396 Fs_Rec - ok
14:51:57.0418 5396 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:51:57.0423 5396 gagp30kx - ok
14:51:57.0480 5396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:51:57.0505 5396 GEARAspiWDM - ok
14:51:57.0718 5396 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:51:57.0743 5396 gpsvc - ok
14:51:57.0801 5396 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:51:57.0821 5396 HdAudAddService - ok
14:51:58.0014 5396 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:51:58.0124 5396 HDAudBus - ok
14:51:58.0757 5396 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:51:58.0760 5396 HidBth - ok
14:51:58.0897 5396 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:51:58.0917 5396 HidIr - ok
14:51:59.0010 5396 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:51:59.0030 5396 hidserv - ok
14:51:59.0083 5396 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:51:59.0101 5396 HidUsb - ok
14:51:59.0134 5396 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:51:59.0159 5396 hkmsvc - ok
14:51:59.0252 5396 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:51:59.0272 5396 HpCISSs - ok
14:51:59.0502 5396 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:51:59.0516 5396 HTTP - ok
14:51:59.0698 5396 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:51:59.0700 5396 i2omp - ok
14:51:59.0769 5396 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:51:59.0790 5396 i8042prt - ok
14:52:00.0096 5396 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:52:00.0105 5396 iaStorV - ok
14:52:00.0336 5396 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:52:00.0368 5396 IDriverT - ok
14:52:00.0613 5396 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:52:00.0674 5396 idsvc - ok
14:52:01.0108 5396 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:52:01.0110 5396 iirsp - ok
14:52:01.0327 5396 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:52:01.0387 5396 IKEEXT - ok
14:52:01.0785 5396 IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys
14:52:01.0851 5396 IntcAzAudAddService - ok
14:52:02.0217 5396 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:52:02.0241 5396 intelide - ok
14:52:02.0492 5396 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:52:02.0493 5396 intelppm - ok
14:52:02.0603 5396 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:52:02.0633 5396 IPBusEnum - ok
14:52:02.0705 5396 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:02.0707 5396 IpFilterDriver - ok
14:52:02.0768 5396 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:52:02.0795 5396 iphlpsvc - ok
14:52:02.0865 5396 IpInIp - ok
14:52:03.0113 5396 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:52:03.0117 5396 IPMIDRV - ok
14:52:03.0198 5396 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:52:03.0202 5396 IPNAT - ok
14:52:03.0260 5396 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:52:03.0294 5396 iPod Service - ok
14:52:03.0554 5396 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:52:03.0577 5396 IRENUM - ok
14:52:03.0629 5396 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:52:03.0674 5396 isapnp - ok
14:52:03.0825 5396 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:52:03.0830 5396 iScsiPrt - ok
14:52:03.0851 5396 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:52:03.0853 5396 iteatapi - ok
14:52:03.0887 5396 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:52:03.0890 5396 iteraid - ok
14:52:03.0919 5396 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:03.0920 5396 kbdclass - ok
14:52:04.0004 5396 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:04.0033 5396 kbdhid - ok
14:52:04.0084 5396 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:04.0086 5396 KeyIso - ok
14:52:04.0132 5396 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:52:04.0140 5396 KSecDD - ok
14:52:04.0337 5396 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:52:04.0388 5396 KtmRm - ok
14:52:04.0710 5396 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:52:04.0715 5396 LanmanServer - ok
14:52:04.0781 5396 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:52:04.0805 5396 LanmanWorkstation - ok
14:52:04.0920 5396 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
14:52:04.0943 5396 lirsgt - ok
14:52:04.0993 5396 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:52:04.0995 5396 lltdio - ok
14:52:05.0025 5396 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:52:05.0030 5396 lltdsvc - ok
14:52:05.0071 5396 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:52:05.0074 5396 lmhosts - ok
14:52:05.0175 5396 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:52:05.0197 5396 LSI_FC - ok
14:52:05.0220 5396 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:52:05.0223 5396 LSI_SAS - ok
14:52:05.0250 5396 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:52:05.0252 5396 LSI_SCSI - ok
14:52:05.0283 5396 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:52:05.0285 5396 luafv - ok
14:52:05.0416 5396 maconfservice (214ae7b06aa17de54b1cffc2e9198f34) C:\Program Files\ma-config.com\maconfservice.exe
14:52:05.0467 5396 maconfservice - ok
14:52:05.0546 5396 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
14:52:05.0589 5396 McComponentHostService - ok
14:52:05.0776 5396 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:52:05.0779 5396 Mcx2Svc - ok
14:52:05.0838 5396 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:52:05.0859 5396 megasas - ok
14:52:05.0905 5396 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:52:05.0908 5396 MMCSS - ok
14:52:06.0044 5396 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:52:06.0066 5396 Modem - ok
14:52:06.0124 5396 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:52:06.0126 5396 monitor - ok
14:52:06.0183 5396 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:52:06.0186 5396 mouclass - ok
14:52:06.0239 5396 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:52:06.0246 5396 mouhid - ok
14:52:06.0296 5396 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:52:06.0298 5396 MountMgr - ok
14:52:06.0376 5396 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:52:06.0397 5396 mpio - ok
14:52:06.0445 5396 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:52:06.0447 5396 mpsdrv - ok
14:52:06.0484 5396 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:52:06.0508 5396 MpsSvc - ok
14:52:06.0798 5396 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:52:06.0824 5396 Mraid35x - ok
14:52:06.0882 5396 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:52:06.0909 5396 MRxDAV - ok
14:52:06.0970 5396 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:06.0973 5396 mrxsmb - ok
14:52:07.0098 5396 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:07.0101 5396 mrxsmb10 - ok
14:52:07.0157 5396 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:07.0180 5396 mrxsmb20 - ok
14:52:07.0250 5396 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:52:07.0252 5396 msahci - ok
14:52:07.0295 5396 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:52:07.0298 5396 msdsm - ok
14:52:07.0360 5396 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:52:07.0363 5396 MSDTC - ok
14:52:07.0450 5396 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:52:07.0451 5396 Msfs - ok
14:52:07.0495 5396 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:52:07.0497 5396 msisadrv - ok
14:52:07.0590 5396 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:52:07.0782 5396 MSiSCSI - ok
14:52:07.0805 5396 msiserver - ok
14:52:07.0866 5396 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:52:07.0884 5396 MSKSSRV - ok
14:52:07.0959 5396 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:07.0982 5396 MSPCLOCK - ok
14:52:08.0116 5396 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:52:08.0118 5396 MSPQM - ok
14:52:08.0154 5396 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:52:08.0179 5396 MsRPC - ok
14:52:08.0258 5396 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:08.0280 5396 mssmbios - ok
14:52:08.0471 5396 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:52:08.0474 5396 MSTEE - ok
14:52:08.0583 5396 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:52:08.0586 5396 Mup - ok
14:52:08.0706 5396 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:52:08.0713 5396 napagent - ok
14:52:08.0780 5396 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:52:09.0030 5396 NativeWifiP - ok
14:52:09.0102 5396 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:52:09.0111 5396 NDIS - ok
14:52:09.0220 5396 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:09.0252 5396 NdisTapi - ok
14:52:09.0369 5396 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:09.0389 5396 Ndisuio - ok
14:52:09.0451 5396 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:09.0471 5396 NdisWan - ok
14:52:09.0588 5396 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:52:09.0606 5396 NDProxy - ok
14:52:09.0653 5396 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:52:09.0659 5396 NetBIOS - ok
14:52:09.0701 5396 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:52:09.0705 5396 netbt - ok
14:52:09.0781 5396 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:09.0782 5396 Netlogon - ok
14:52:10.0043 5396 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:52:10.0076 5396 Netman - ok
14:52:10.0654 5396 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:52:10.0740 5396 netprofm - ok
14:52:11.0002 5396 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:11.0023 5396 NetTcpPortSharing - ok
14:52:11.0267 5396 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:52:11.0269 5396 nfrd960 - ok
14:52:11.0318 5396 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:52:11.0322 5396 NlaSvc - ok
14:52:11.0377 5396 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:52:11.0379 5396 Npfs - ok
14:52:11.0426 5396 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:52:11.0451 5396 nsi - ok
14:52:11.0668 5396 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:52:11.0679 5396 nsiproxy - ok
14:52:12.0036 5396 nsysaudm (03bff1de5b708e92a1926ba4a33595d0) C:\Users\bologue\AppData\Local\Temp\nsysaudm.sys
14:52:12.0040 5396 nsysaudm - ok
14:52:12.0259 5396 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:52:12.0301 5396 Ntfs - ok
14:52:12.0398 5396 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:52:12.0401 5396 ntrigdigi - ok
14:52:12.0446 5396 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:52:12.0448 5396 Null - ok
14:52:13.0805 5396 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:52:14.0030 5396 nvlddmkm - ok
14:52:14.0254 5396 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:52:14.0257 5396 nvraid - ok
14:52:14.0297 5396 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:52:14.0299 5396 nvstor - ok
14:52:14.0345 5396 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
14:52:14.0348 5396 nvsvc - ok
14:52:14.0377 5396 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:52:14.0380 5396 nv_agp - ok
14:52:14.0390 5396 NwlnkFlt - ok
14:52:14.0407 5396 NwlnkFwd - ok
14:52:14.0454 5396 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:52:14.0485 5396 ohci1394 - ok
14:52:14.0774 5396 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:14.0834 5396 p2pimsvc - ok
14:52:14.0849 5396 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:14.0856 5396 p2psvc - ok
14:52:15.0028 5396 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:52:15.0054 5396 Parport - ok
14:52:15.0121 5396 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:52:15.0141 5396 partmgr - ok
14:52:15.0181 5396 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:52:15.0183 5396 Parvdm - ok
14:52:15.0234 5396 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:52:15.0257 5396 PcaSvc - ok
14:52:15.0308 5396 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:52:15.0312 5396 pci - ok
14:52:15.0354 5396 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:52:15.0356 5396 pciide - ok
14:52:15.0412 5396 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:52:15.0417 5396 pcmcia - ok
14:52:15.0617 5396 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:52:15.0677 5396 PEAUTH - ok
14:52:15.0774 5396 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:52:15.0847 5396 pla - ok
14:52:15.0961 5396 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:52:16.0003 5396 PlugPlay - ok
14:52:16.0046 5396 PnkBstrA (0e01d7eebada0b324db0ca1ee73440ba) C:\Windows\system32\PnkBstrA.exe
14:52:16.0049 5396 PnkBstrA - ok
14:52:16.0092 5396 PnkBstrB (1428e6cc1458a36cbfc1f2e304c7c42d) C:\Windows\system32\PnkBstrB.exe
14:52:16.0096 5396 PnkBstrB - ok
14:52:16.0598 5396 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:16.0605 5396 PNRPAutoReg - ok
14:52:16.0779 5396 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:16.0786 5396 PNRPsvc - ok
14:52:16.0854 5396 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
14:52:16.0856 5396 Point32 - ok
14:52:16.0942 5396 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:52:16.0992 5396 PolicyAgent - ok
14:52:17.0149 5396 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:17.0172 5396 PptpMiniport - ok
14:52:17.0242 5396 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:52:17.0244 5396 Processor - ok
14:52:17.0320 5396 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:52:17.0325 5396 ProfSvc - ok
14:52:17.0394 5396 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:17.0395 5396 ProtectedStorage - ok
14:52:17.0503 5396 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:52:17.0505 5396 PSched - ok
14:52:17.0598 5396 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:52:17.0647 5396 ql2300 - ok
14:52:17.0707 5396 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:52:17.0710 5396 ql40xx - ok
14:52:17.0755 5396 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:52:17.0774 5396 QWAVE - ok
14:52:17.0881 5396 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:52:17.0904 5396 QWAVEdrv - ok
14:52:17.0962 5396 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:17.0964 5396 RasAcd - ok
14:52:17.0995 5396 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:52:18.0016 5396 RasAuto - ok
14:52:18.0088 5396 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:18.0091 5396 Rasl2tp - ok
14:52:18.0137 5396 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:52:18.0143 5396 RasMan - ok
14:52:18.0190 5396 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:18.0192 5396 RasPppoe - ok
14:52:18.0210 5396 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:52:18.0212 5396 RasSstp - ok
14:52:18.0247 5396 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:18.0269 5396 rdbss - ok
14:52:18.0408 5396 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:18.0426 5396 RDPCDD - ok
14:52:18.0479 5396 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:52:18.0514 5396 rdpdr - ok
14:52:18.0542 5396 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:52:18.0544 5396 RDPENCDD - ok
14:52:18.0668 5396 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:52:18.0736 5396 RDPWD - ok
14:52:18.0793 5396 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:52:18.0811 5396 RemoteAccess - ok
14:52:18.0854 5396 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:52:18.0858 5396 RemoteRegistry - ok
14:52:18.0893 5396 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:52:18.0895 5396 RpcLocator - ok
14:52:19.0026 5396 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:52:19.0032 5396 RpcSs - ok
14:52:19.0114 5396 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:52:19.0116 5396 rspndr - ok
14:52:19.0148 5396 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
14:52:19.0150 5396 RTL8023xp - ok
14:52:19.0206 5396 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:19.0207 5396 SamSs - ok
14:52:19.0438 5396 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:52:19.0455 5396 SASDIFSV - ok
14:52:19.0476 5396 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:52:19.0478 5396 SASKUTIL - ok
14:52:20.0009 5396 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:52:20.0028 5396 sbp2port - ok
14:52:20.0109 5396 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:52:20.0113 5396 SCardSvr - ok
14:52:20.0186 5396 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:52:20.0217 5396 Schedule - ok
14:52:20.0269 5396 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:52:20.0270 5396 SCPolicySvc - ok
14:52:20.0308 5396 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:52:20.0329 5396 SDRSVC - ok
14:52:20.0396 5396 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:52:20.0397 5396 secdrv - ok
14:52:20.0489 5396 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:52:20.0512 5396 seclogon - ok
14:52:20.0561 5396 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:52:20.0586 5396 SENS - ok
14:52:20.0650 5396 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:52:20.0652 5396 Serenum - ok
14:52:20.0709 5396 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:52:20.0712 5396 Serial - ok
14:52:20.0766 5396 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:52:20.0768 5396 sermouse - ok
14:52:20.0835 5396 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:52:20.0839 5396 SessionEnv - ok
14:52:20.0889 5396 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:52:20.0909 5396 sffdisk - ok
14:52:20.0962 5396 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:52:20.0987 5396 sffp_mmc - ok
14:52:21.0039 5396 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:52:21.0042 5396 sffp_sd - ok
14:52:21.0097 5396 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:52:21.0099 5396 sfloppy - ok
14:52:21.0147 5396 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:52:21.0153 5396 SharedAccess - ok
14:52:21.0293 5396 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:52:21.0314 5396 ShellHWDetection - ok
14:52:21.0549 5396 SiS6350 (74b370fd8b9c60b083a3460a64353f3b) C:\Windows\system32\DRIVERS\SISGRKMD.sys
14:52:21.0599 5396 SiS6350 - ok
14:52:21.0695 5396 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:52:21.0697 5396 SiSRaid2 - ok
14:52:21.0749 5396 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:52:21.0771 5396 SiSRaid4 - ok
14:52:22.0225 5396 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:52:22.0330 5396 slsvc - ok
14:52:22.0416 5396 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:52:22.0420 5396 SLUINotify - ok
14:52:22.0462 5396 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:52:22.0464 5396 Smb - ok
14:52:22.0536 5396 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:52:22.0539 5396 SNMPTRAP - ok
14:52:22.0592 5396 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:52:22.0595 5396 spldr - ok
14:52:22.0652 5396 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:52:22.0682 5396 Spooler - ok
14:52:22.0908 5396 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
14:52:22.0909 5396 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:52:22.0911 5396 sptd ( LockedFile.Multi.Generic ) - warning
14:52:22.0911 5396 sptd - detected LockedFile.Multi.Generic (1)
14:52:23.0111 5396 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:52:23.0117 5396 srv - ok
14:52:23.0210 5396 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:52:23.0252 5396 srv2 - ok
14:52:23.0300 5396 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:23.0303 5396 srvnet - ok
14:52:23.0591 5396 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:52:23.0602 5396 SSDPSRV - ok
14:52:23.0770 5396 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:52:23.0799 5396 SstpSvc - ok
14:52:23.0932 5396 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:52:23.0954 5396 stisvc - ok
14:52:24.0055 5396 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:52:24.0057 5396 swenum - ok
14:52:24.0152 5396 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:52:24.0179 5396 swprv - ok
14:52:24.0264 5396 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:52:24.0286 5396 Symc8xx - ok
14:52:24.0344 5396 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:52:24.0366 5396 Sym_hi - ok
14:52:24.0407 5396 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:52:24.0409 5396 Sym_u3 - ok
14:52:24.0535 5396 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:52:24.0586 5396 SysMain - ok
14:52:24.0616 5396 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:52:24.0620 5396 TabletInputService - ok
14:52:24.0650 5396 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:52:24.0655 5396 TapiSrv - ok
14:52:24.0712 5396 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:52:24.0735 5396 TBS - ok
14:52:24.0986 5396 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:52:25.0038 5396 Tcpip - ok
14:52:25.0111 5396 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:25.0120 5396 Tcpip6 - ok
14:52:25.0350 5396 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:52:25.0352 5396 tcpipreg - ok
14:52:25.0423 5396 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:52:25.0445 5396 TDPIPE - ok
14:52:25.0501 5396 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:52:25.0526 5396 TDTCP - ok
14:52:25.0626 5396 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:52:25.0652 5396 tdx - ok
14:52:25.0706 5396 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:52:25.0708 5396 TermDD - ok
14:52:25.0732 5396 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:52:25.0741 5396 TermService - ok
14:52:25.0916 5396 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:52:25.0920 5396 Themes - ok
14:52:26.0178 5396 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:52:26.0180 5396 THREADORDER - ok
14:52:26.0452 5396 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:52:26.0476 5396 TrkWks - ok
14:52:26.0518 5396 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:52:26.0520 5396 TrustedInstaller - ok
14:52:26.0791 5396 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:26.0793 5396 tssecsrv - ok
14:52:26.0865 5396 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:52:26.0891 5396 tunmp - ok
14:52:26.0935 5396 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:26.0937 5396 tunnel - ok
14:52:26.0975 5396 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
14:52:26.0978 5396 uagp35 - ok
14:52:27.0064 5396 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:52:27.0089 5396 udfs - ok
14:52:27.0191 5396 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:52:27.0218 5396 UI0Detect - ok
14:52:27.0317 5396 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:52:27.0344 5396 uliagpkx - ok
14:52:27.0413 5396 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:52:27.0432 5396 uliahci - ok
14:52:27.0534 5396 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:52:27.0553 5396 UlSata - ok
14:52:27.0587 5396 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:52:27.0590 5396 ulsata2 - ok
14:52:27.0629 5396 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:52:27.0650 5396 umbus - ok
14:52:27.0814 5396 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:52:27.0844 5396 upnphost - ok
14:52:27.0893 5396 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:52:27.0895 5396 USBAAPL - ok
14:52:27.0925 5396 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:27.0929 5396 usbccgp - ok
14:52:27.0962 5396 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:52:27.0965 5396 usbcir - ok
14:52:28.0075 5396 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:52:28.0101 5396 usbehci - ok
14:52:28.0209 5396 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:28.0239 5396 usbhub - ok
14:52:28.0571 5396 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:52:28.0584 5396 usbohci - ok
14:52:28.0879 5396 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:52:28.0897 5396 usbprint - ok
14:52:29.0117 5396 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:29.0120 5396 USBSTOR - ok
14:52:29.0176 5396 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
14:52:29.0179 5396 usbuhci - ok
14:52:29.0260 5396 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:52:29.0278 5396 UxSms - ok
14:52:29.0387 5396 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:52:29.0437 5396 vds - ok
14:52:29.0531 5396 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:29.0551 5396 vga - ok
14:52:29.0721 5396 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:52:29.0723 5396 VgaSave - ok
14:52:29.0767 5396 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:52:29.0790 5396 viaagp - ok
14:52:29.0955 5396 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:52:29.0996 5396 ViaC7 - ok
14:52:30.0095 5396 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:52:30.0097 5396 viaide - ok
14:52:30.0300 5396 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:52:30.0337 5396 volmgr - ok
14:52:30.0732 5396 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:52:30.0738 5396 volmgrx - ok
14:52:30.0824 5396 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:52:30.0829 5396 volsnap - ok
14:52:30.0900 5396 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:52:30.0904 5396 vsmraid - ok
14:52:30.0993 5396 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:52:31.0060 5396 VSS - ok
14:52:31.0121 5396 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:52:31.0145 5396 W32Time - ok
14:52:31.0453 5396 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:52:31.0456 5396 WacomPen - ok
14:52:31.0502 5396 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:31.0505 5396 Wanarp - ok
14:52:31.0509 5396 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:31.0511 5396 Wanarpv6 - ok
14:52:31.0723 5396 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:52:31.0731 5396 wcncsvc - ok
14:52:31.0786 5396 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:52:31.0789 5396 WcsPlugInService - ok
14:52:31.0821 5396 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:52:31.0823 5396 Wd - ok
14:52:31.0991 5396 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:52:32.0039 5396 Wdf01000 - ok
14:52:32.0140 5396 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:52:32.0144 5396 WdiServiceHost - ok
14:52:32.0157 5396 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:52:32.0160 5396 WdiSystemHost - ok
14:52:32.0200 5396 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:52:32.0224 5396 WebClient - ok
14:52:32.0270 5396 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:52:32.0293 5396 Wecsvc - ok
14:52:32.0341 5396 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:52:32.0345 5396 wercplsupport - ok
14:52:32.0420 5396 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:52:32.0425 5396 WerSvc - ok
14:52:32.0480 5396 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:52:32.0485 5396 WinDefend - ok
14:52:32.0497 5396 WinHttpAutoProxySvc - ok
14:52:32.0815 5396 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:52:32.0857 5396 Winmgmt - ok
14:52:33.0111 5396 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:52:33.0160 5396 WinRM - ok
14:52:33.0545 5396 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:52:33.0595 5396 Wlansvc - ok
14:52:34.0091 5396 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:34.0139 5396 wlidsvc - ok
14:52:34.0388 5396 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:52:34.0416 5396 WmiAcpi - ok
14:52:34.0549 5396 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:34.0577 5396 wmiApSrv - ok
14:52:34.0644 5396 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:52:34.0688 5396 WMPNetworkSvc - ok
14:52:34.0972 5396 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:52:34.0997 5396 WPCSvc - ok
14:52:35.0083 5396 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:52:35.0107 5396 WPDBusEnum - ok
14:52:35.0177 5396 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:52:35.0180 5396 WpdUsb - ok
14:52:35.0525 5396 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:52:35.0575 5396 WPFFontCache_v0400 - ok
14:52:35.0795 5396 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:35.0797 5396 ws2ifsl - ok
14:52:35.0853 5396 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:52:35.0857 5396 wscsvc - ok
14:52:35.0892 5396 WSearch - ok
14:52:36.0133 5396 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:52:36.0209 5396 wuauserv - ok
14:52:36.0306 5396 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:36.0309 5396 WUDFRd - ok
14:52:36.0400 5396 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:52:36.0423 5396 wudfsvc - ok
14:52:36.0523 5396 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:52:36.0601 5396 \Device\Harddisk0\DR0 - ok
14:52:36.0607 5396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:52:36.0615 5396 \Device\Harddisk1\DR1 - ok
14:52:36.0624 5396 Boot (0x1200) (83e306ad2f2760a5e3cb714f520bf009) \Device\Harddisk0\DR0\Partition0
14:52:36.0627 5396 \Device\Harddisk0\DR0\Partition0 - ok
14:52:36.0627 5396 ============================================================
14:52:36.0627 5396 Scan finished
14:52:36.0627 5396 ============================================================
14:52:36.0646 4688 Detected object count: 1
14:52:36.0646 4688 Actual detected object count: 1
14:53:09.0021 4688 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:53:09.0021 4688 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:53:18.0487 5948 Deinitialize success
14:51:28.0609 5884 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
14:51:29.0830 5884 ============================================================
14:51:29.0830 5884 Current date / time: 2012/04/21 14:51:29.0830
14:51:29.0830 5884 SystemInfo:
14:51:29.0830 5884
14:51:29.0830 5884 OS Version: 6.0.6002 ServicePack: 2.0
14:51:29.0830 5884 Product type: Workstation
14:51:29.0830 5884 ComputerName: PC-DE-BOLOGUE
14:51:29.0830 5884 UserName: bologue
14:51:29.0830 5884 Windows directory: C:\Windows
14:51:29.0830 5884 System windows directory: C:\Windows
14:51:29.0830 5884 Processor architecture: Intel x86
14:51:29.0830 5884 Number of processors: 2
14:51:29.0830 5884 Page size: 0x1000
14:51:29.0830 5884 Boot type: Normal boot
14:51:29.0831 5884 ============================================================
14:51:30.0373 5884 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:51:30.0394 5884 Drive \Device\Harddisk1\DR1 - Size: 0x7470A00000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:51:30.0730 5884 \Device\Harddisk0\DR0:
14:51:30.0748 5884 MBR partitions:
14:51:30.0748 5884 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1003000, BlocksNum 0x1C1C2000
14:51:30.0748 5884 \Device\Harddisk1\DR1:
14:51:30.0749 5884 Invalid mbr signature
14:51:30.0856 5884 C: <-> \Device\Harddisk0\DR0\Partition0
14:51:30.0856 5884 Initialize success
14:51:30.0856 5884 ============================================================
14:51:39.0189 5396 ============================================================
14:51:39.0189 5396 Scan started
14:51:39.0189 5396 Mode: Manual;
14:51:39.0189 5396 ============================================================
14:51:39.0694 5396 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:51:39.0697 5396 !SASCORE - ok
14:51:40.0214 5396 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:51:40.0219 5396 ACPI - ok
14:51:40.0320 5396 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:51:40.0321 5396 AdobeARMservice - ok
14:51:40.0446 5396 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:51:40.0450 5396 AdobeFlashPlayerUpdateSvc - ok
14:51:40.0641 5396 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:51:40.0693 5396 adp94xx - ok
14:51:41.0014 5396 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:51:41.0240 5396 adpahci - ok
14:51:41.0429 5396 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:51:41.0432 5396 adpu160m - ok
14:51:41.0467 5396 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:51:41.0471 5396 adpu320 - ok
14:51:41.0521 5396 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:51:41.0522 5396 AeLookupSvc - ok
14:51:41.0596 5396 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:51:41.0602 5396 AFD - ok
14:51:41.0693 5396 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:51:41.0700 5396 aic78xx - ok
14:51:42.0106 5396 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:51:42.0107 5396 ALG - ok
14:51:42.0235 5396 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:51:42.0261 5396 aliide - ok
14:51:42.0330 5396 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:51:42.0332 5396 amdagp - ok
14:51:42.0406 5396 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:51:42.0426 5396 amdide - ok
14:51:42.0479 5396 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:51:42.0505 5396 AmdK7 - ok
14:51:42.0546 5396 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:51:42.0548 5396 AmdK8 - ok
14:51:42.0608 5396 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:51:42.0630 5396 Appinfo - ok
14:51:42.0874 5396 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:51:42.0875 5396 Apple Mobile Device - ok
14:51:43.0332 5396 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:51:43.0368 5396 arc - ok
14:51:43.0705 5396 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:51:43.0708 5396 arcsas - ok
14:51:43.0815 5396 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:51:43.0840 5396 AsyncMac - ok
14:51:43.0886 5396 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:51:43.0887 5396 atapi - ok
14:51:43.0987 5396 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
14:51:43.0992 5396 atksgt - ok
14:51:44.0097 5396 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:51:44.0103 5396 AudioEndpointBuilder - ok
14:51:44.0111 5396 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:51:44.0114 5396 Audiosrv - ok
14:51:44.0897 5396 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
14:51:45.0010 5396 AVGIDSAgent - ok
14:51:45.0185 5396 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
14:51:45.0193 5396 AVGIDSDriver - ok
14:51:45.0245 5396 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
14:51:45.0270 5396 AVGIDSEH - ok
14:51:45.0308 5396 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
14:51:45.0309 5396 AVGIDSFilter - ok
14:51:45.0362 5396 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
14:51:45.0363 5396 AVGIDSShim - ok
14:51:45.0400 5396 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys
14:51:45.0405 5396 Avgldx86 - ok
14:51:45.0473 5396 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
14:51:45.0475 5396 Avgmfx86 - ok
14:51:45.0535 5396 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
14:51:45.0560 5396 Avgrkx86 - ok
14:51:45.0621 5396 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
14:51:45.0646 5396 Avgtdix - ok
14:51:45.0984 5396 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
14:51:46.0005 5396 avgwd - ok
14:51:46.0144 5396 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:51:46.0168 5396 Beep - ok
14:51:46.0396 5396 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:51:46.0439 5396 BFE - ok
14:51:46.0723 5396 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
14:51:46.0757 5396 BITS - ok
14:51:46.0781 5396 blbdrive - ok
14:51:46.0981 5396 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
14:51:47.0030 5396 Bonjour Service - ok
14:51:47.0188 5396 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:51:47.0210 5396 bowser - ok
14:51:47.0330 5396 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:51:47.0351 5396 BrFiltLo - ok
14:51:47.0401 5396 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:51:47.0419 5396 BrFiltUp - ok
14:51:47.0467 5396 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:51:47.0470 5396 Browser - ok
14:51:47.0524 5396 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:51:47.0545 5396 Brserid - ok
14:51:47.0574 5396 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:51:47.0576 5396 BrSerWdm - ok
14:51:47.0610 5396 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:51:47.0612 5396 BrUsbMdm - ok
14:51:47.0671 5396 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:51:47.0681 5396 BrUsbSer - ok
14:51:47.0749 5396 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:51:47.0751 5396 BTHMODEM - ok
14:51:48.0216 5396 BytelMediaServer (02b1721da59c382f6f1c206b38e354c0) C:\ProgramData\media center Bouygues Telecom\MediaServer.exe
14:51:48.0642 5396 BytelMediaServer - ok
14:51:49.0032 5396 catchme - ok
14:51:49.0213 5396 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:51:49.0256 5396 cdfs - ok
14:51:49.0395 5396 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:51:49.0417 5396 cdrom - ok
14:51:49.0618 5396 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:51:49.0625 5396 CertPropSvc - ok
14:51:49.0714 5396 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:51:49.0722 5396 circlass - ok
14:51:49.0857 5396 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:51:49.0863 5396 CLFS - ok
14:51:50.0034 5396 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:51:50.0050 5396 clr_optimization_v2.0.50727_32 - ok
14:51:50.0233 5396 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:51:50.0244 5396 clr_optimization_v4.0.30319_32 - ok
14:51:50.0455 5396 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:51:50.0458 5396 cmdide - ok
14:51:50.0719 5396 cmuda3 (5d9e1c82428d99ff664139648a13fcbf) C:\Windows\system32\drivers\cmudax3.sys
14:51:50.0776 5396 cmuda3 - ok
14:51:51.0094 5396 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:51:51.0096 5396 Compbatt - ok
14:51:51.0198 5396 COMSysApp - ok
14:51:51.0434 5396 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:51:51.0442 5396 crcdisk - ok
14:51:51.0509 5396 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:51:51.0511 5396 Crusoe - ok
14:51:51.0583 5396 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:51:51.0586 5396 CryptSvc - ok
14:51:51.0707 5396 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:51:51.0752 5396 DcomLaunch - ok
14:51:51.0963 5396 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:51:51.0973 5396 DfsC - ok
14:51:52.0205 5396 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:51:52.0267 5396 DFSR - ok
14:51:52.0396 5396 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:51:52.0421 5396 Dhcp - ok
14:51:52.0496 5396 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:51:52.0498 5396 disk - ok
14:51:52.0569 5396 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:51:52.0572 5396 Dnscache - ok
14:51:52.0626 5396 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:51:52.0630 5396 dot3svc - ok
14:51:52.0721 5396 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:51:52.0724 5396 DPS - ok
14:51:52.0798 5396 driverhardwarev2 (6ec9ff140b4216481b8ab83589581d87) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
14:51:52.0822 5396 driverhardwarev2 - ok
14:51:53.0057 5396 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:51:53.0086 5396 drmkaud - ok
14:51:53.0277 5396 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:51:53.0329 5396 DXGKrnl - ok
14:51:53.0416 5396 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:51:53.0420 5396 E1G60 - ok
14:51:53.0480 5396 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:51:53.0499 5396 EapHost - ok
14:51:53.0654 5396 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:51:53.0670 5396 Ecache - ok
14:51:53.0725 5396 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:51:53.0730 5396 ehRecvr - ok
14:51:53.0804 5396 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:51:53.0826 5396 ehSched - ok
14:51:53.0853 5396 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:51:53.0855 5396 ehstart - ok
14:51:54.0138 5396 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:51:54.0144 5396 elxstor - ok
14:51:54.0341 5396 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:51:54.0376 5396 EMDMgmt - ok
14:51:54.0620 5396 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:51:54.0647 5396 EventSystem - ok
14:51:54.0927 5396 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:51:54.0931 5396 exfat - ok
14:51:55.0022 5396 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:51:55.0026 5396 fastfat - ok
14:51:55.0103 5396 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:51:55.0105 5396 fdc - ok
14:51:55.0157 5396 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:51:55.0176 5396 fdPHost - ok
14:51:55.0217 5396 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:51:55.0219 5396 FDResPub - ok
14:51:55.0272 5396 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:51:55.0275 5396 FileInfo - ok
14:51:55.0305 5396 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:51:55.0322 5396 Filetrace - ok
14:51:55.0359 5396 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:51:55.0381 5396 flpydisk - ok
14:51:55.0429 5396 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:51:55.0456 5396 FltMgr - ok
14:51:56.0106 5396 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:51:56.0489 5396 FontCache - ok
14:51:56.0634 5396 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:51:56.0656 5396 FontCache3.0.0.0 - ok
14:51:57.0148 5396 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
14:51:57.0160 5396 Fs_Rec - ok
14:51:57.0418 5396 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:51:57.0423 5396 gagp30kx - ok
14:51:57.0480 5396 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:51:57.0505 5396 GEARAspiWDM - ok
14:51:57.0718 5396 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:51:57.0743 5396 gpsvc - ok
14:51:57.0801 5396 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:51:57.0821 5396 HdAudAddService - ok
14:51:58.0014 5396 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:51:58.0124 5396 HDAudBus - ok
14:51:58.0757 5396 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:51:58.0760 5396 HidBth - ok
14:51:58.0897 5396 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:51:58.0917 5396 HidIr - ok
14:51:59.0010 5396 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:51:59.0030 5396 hidserv - ok
14:51:59.0083 5396 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:51:59.0101 5396 HidUsb - ok
14:51:59.0134 5396 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:51:59.0159 5396 hkmsvc - ok
14:51:59.0252 5396 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:51:59.0272 5396 HpCISSs - ok
14:51:59.0502 5396 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:51:59.0516 5396 HTTP - ok
14:51:59.0698 5396 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:51:59.0700 5396 i2omp - ok
14:51:59.0769 5396 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:51:59.0790 5396 i8042prt - ok
14:52:00.0096 5396 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:52:00.0105 5396 iaStorV - ok
14:52:00.0336 5396 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:52:00.0368 5396 IDriverT - ok
14:52:00.0613 5396 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:52:00.0674 5396 idsvc - ok
14:52:01.0108 5396 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:52:01.0110 5396 iirsp - ok
14:52:01.0327 5396 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:52:01.0387 5396 IKEEXT - ok
14:52:01.0785 5396 IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys
14:52:01.0851 5396 IntcAzAudAddService - ok
14:52:02.0217 5396 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:52:02.0241 5396 intelide - ok
14:52:02.0492 5396 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:52:02.0493 5396 intelppm - ok
14:52:02.0603 5396 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:52:02.0633 5396 IPBusEnum - ok
14:52:02.0705 5396 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:52:02.0707 5396 IpFilterDriver - ok
14:52:02.0768 5396 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:52:02.0795 5396 iphlpsvc - ok
14:52:02.0865 5396 IpInIp - ok
14:52:03.0113 5396 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:52:03.0117 5396 IPMIDRV - ok
14:52:03.0198 5396 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:52:03.0202 5396 IPNAT - ok
14:52:03.0260 5396 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
14:52:03.0294 5396 iPod Service - ok
14:52:03.0554 5396 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:52:03.0577 5396 IRENUM - ok
14:52:03.0629 5396 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:52:03.0674 5396 isapnp - ok
14:52:03.0825 5396 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:52:03.0830 5396 iScsiPrt - ok
14:52:03.0851 5396 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:52:03.0853 5396 iteatapi - ok
14:52:03.0887 5396 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:52:03.0890 5396 iteraid - ok
14:52:03.0919 5396 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:52:03.0920 5396 kbdclass - ok
14:52:04.0004 5396 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:52:04.0033 5396 kbdhid - ok
14:52:04.0084 5396 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:04.0086 5396 KeyIso - ok
14:52:04.0132 5396 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:52:04.0140 5396 KSecDD - ok
14:52:04.0337 5396 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:52:04.0388 5396 KtmRm - ok
14:52:04.0710 5396 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:52:04.0715 5396 LanmanServer - ok
14:52:04.0781 5396 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:52:04.0805 5396 LanmanWorkstation - ok
14:52:04.0920 5396 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
14:52:04.0943 5396 lirsgt - ok
14:52:04.0993 5396 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:52:04.0995 5396 lltdio - ok
14:52:05.0025 5396 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:52:05.0030 5396 lltdsvc - ok
14:52:05.0071 5396 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:52:05.0074 5396 lmhosts - ok
14:52:05.0175 5396 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:52:05.0197 5396 LSI_FC - ok
14:52:05.0220 5396 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:52:05.0223 5396 LSI_SAS - ok
14:52:05.0250 5396 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:52:05.0252 5396 LSI_SCSI - ok
14:52:05.0283 5396 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:52:05.0285 5396 luafv - ok
14:52:05.0416 5396 maconfservice (214ae7b06aa17de54b1cffc2e9198f34) C:\Program Files\ma-config.com\maconfservice.exe
14:52:05.0467 5396 maconfservice - ok
14:52:05.0546 5396 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
14:52:05.0589 5396 McComponentHostService - ok
14:52:05.0776 5396 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:52:05.0779 5396 Mcx2Svc - ok
14:52:05.0838 5396 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:52:05.0859 5396 megasas - ok
14:52:05.0905 5396 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:52:05.0908 5396 MMCSS - ok
14:52:06.0044 5396 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:52:06.0066 5396 Modem - ok
14:52:06.0124 5396 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:52:06.0126 5396 monitor - ok
14:52:06.0183 5396 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:52:06.0186 5396 mouclass - ok
14:52:06.0239 5396 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:52:06.0246 5396 mouhid - ok
14:52:06.0296 5396 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:52:06.0298 5396 MountMgr - ok
14:52:06.0376 5396 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:52:06.0397 5396 mpio - ok
14:52:06.0445 5396 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:52:06.0447 5396 mpsdrv - ok
14:52:06.0484 5396 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:52:06.0508 5396 MpsSvc - ok
14:52:06.0798 5396 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:52:06.0824 5396 Mraid35x - ok
14:52:06.0882 5396 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:52:06.0909 5396 MRxDAV - ok
14:52:06.0970 5396 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:52:06.0973 5396 mrxsmb - ok
14:52:07.0098 5396 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:52:07.0101 5396 mrxsmb10 - ok
14:52:07.0157 5396 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:52:07.0180 5396 mrxsmb20 - ok
14:52:07.0250 5396 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:52:07.0252 5396 msahci - ok
14:52:07.0295 5396 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:52:07.0298 5396 msdsm - ok
14:52:07.0360 5396 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:52:07.0363 5396 MSDTC - ok
14:52:07.0450 5396 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:52:07.0451 5396 Msfs - ok
14:52:07.0495 5396 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:52:07.0497 5396 msisadrv - ok
14:52:07.0590 5396 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:52:07.0782 5396 MSiSCSI - ok
14:52:07.0805 5396 msiserver - ok
14:52:07.0866 5396 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:52:07.0884 5396 MSKSSRV - ok
14:52:07.0959 5396 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:52:07.0982 5396 MSPCLOCK - ok
14:52:08.0116 5396 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:52:08.0118 5396 MSPQM - ok
14:52:08.0154 5396 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:52:08.0179 5396 MsRPC - ok
14:52:08.0258 5396 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:52:08.0280 5396 mssmbios - ok
14:52:08.0471 5396 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:52:08.0474 5396 MSTEE - ok
14:52:08.0583 5396 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:52:08.0586 5396 Mup - ok
14:52:08.0706 5396 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:52:08.0713 5396 napagent - ok
14:52:08.0780 5396 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:52:09.0030 5396 NativeWifiP - ok
14:52:09.0102 5396 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:52:09.0111 5396 NDIS - ok
14:52:09.0220 5396 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:52:09.0252 5396 NdisTapi - ok
14:52:09.0369 5396 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:52:09.0389 5396 Ndisuio - ok
14:52:09.0451 5396 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:52:09.0471 5396 NdisWan - ok
14:52:09.0588 5396 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:52:09.0606 5396 NDProxy - ok
14:52:09.0653 5396 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:52:09.0659 5396 NetBIOS - ok
14:52:09.0701 5396 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:52:09.0705 5396 netbt - ok
14:52:09.0781 5396 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:09.0782 5396 Netlogon - ok
14:52:10.0043 5396 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:52:10.0076 5396 Netman - ok
14:52:10.0654 5396 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:52:10.0740 5396 netprofm - ok
14:52:11.0002 5396 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:52:11.0023 5396 NetTcpPortSharing - ok
14:52:11.0267 5396 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:52:11.0269 5396 nfrd960 - ok
14:52:11.0318 5396 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:52:11.0322 5396 NlaSvc - ok
14:52:11.0377 5396 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:52:11.0379 5396 Npfs - ok
14:52:11.0426 5396 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:52:11.0451 5396 nsi - ok
14:52:11.0668 5396 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:52:11.0679 5396 nsiproxy - ok
14:52:12.0036 5396 nsysaudm (03bff1de5b708e92a1926ba4a33595d0) C:\Users\bologue\AppData\Local\Temp\nsysaudm.sys
14:52:12.0040 5396 nsysaudm - ok
14:52:12.0259 5396 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:52:12.0301 5396 Ntfs - ok
14:52:12.0398 5396 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:52:12.0401 5396 ntrigdigi - ok
14:52:12.0446 5396 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:52:12.0448 5396 Null - ok
14:52:13.0805 5396 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:52:14.0030 5396 nvlddmkm - ok
14:52:14.0254 5396 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:52:14.0257 5396 nvraid - ok
14:52:14.0297 5396 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:52:14.0299 5396 nvstor - ok
14:52:14.0345 5396 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
14:52:14.0348 5396 nvsvc - ok
14:52:14.0377 5396 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:52:14.0380 5396 nv_agp - ok
14:52:14.0390 5396 NwlnkFlt - ok
14:52:14.0407 5396 NwlnkFwd - ok
14:52:14.0454 5396 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:52:14.0485 5396 ohci1394 - ok
14:52:14.0774 5396 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:14.0834 5396 p2pimsvc - ok
14:52:14.0849 5396 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:14.0856 5396 p2psvc - ok
14:52:15.0028 5396 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:52:15.0054 5396 Parport - ok
14:52:15.0121 5396 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:52:15.0141 5396 partmgr - ok
14:52:15.0181 5396 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:52:15.0183 5396 Parvdm - ok
14:52:15.0234 5396 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:52:15.0257 5396 PcaSvc - ok
14:52:15.0308 5396 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:52:15.0312 5396 pci - ok
14:52:15.0354 5396 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:52:15.0356 5396 pciide - ok
14:52:15.0412 5396 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:52:15.0417 5396 pcmcia - ok
14:52:15.0617 5396 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:52:15.0677 5396 PEAUTH - ok
14:52:15.0774 5396 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:52:15.0847 5396 pla - ok
14:52:15.0961 5396 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:52:16.0003 5396 PlugPlay - ok
14:52:16.0046 5396 PnkBstrA (0e01d7eebada0b324db0ca1ee73440ba) C:\Windows\system32\PnkBstrA.exe
14:52:16.0049 5396 PnkBstrA - ok
14:52:16.0092 5396 PnkBstrB (1428e6cc1458a36cbfc1f2e304c7c42d) C:\Windows\system32\PnkBstrB.exe
14:52:16.0096 5396 PnkBstrB - ok
14:52:16.0598 5396 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:16.0605 5396 PNRPAutoReg - ok
14:52:16.0779 5396 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:52:16.0786 5396 PNRPsvc - ok
14:52:16.0854 5396 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
14:52:16.0856 5396 Point32 - ok
14:52:16.0942 5396 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:52:16.0992 5396 PolicyAgent - ok
14:52:17.0149 5396 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:52:17.0172 5396 PptpMiniport - ok
14:52:17.0242 5396 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:52:17.0244 5396 Processor - ok
14:52:17.0320 5396 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:52:17.0325 5396 ProfSvc - ok
14:52:17.0394 5396 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:17.0395 5396 ProtectedStorage - ok
14:52:17.0503 5396 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:52:17.0505 5396 PSched - ok
14:52:17.0598 5396 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:52:17.0647 5396 ql2300 - ok
14:52:17.0707 5396 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:52:17.0710 5396 ql40xx - ok
14:52:17.0755 5396 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:52:17.0774 5396 QWAVE - ok
14:52:17.0881 5396 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:52:17.0904 5396 QWAVEdrv - ok
14:52:17.0962 5396 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:52:17.0964 5396 RasAcd - ok
14:52:17.0995 5396 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:52:18.0016 5396 RasAuto - ok
14:52:18.0088 5396 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:52:18.0091 5396 Rasl2tp - ok
14:52:18.0137 5396 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:52:18.0143 5396 RasMan - ok
14:52:18.0190 5396 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:52:18.0192 5396 RasPppoe - ok
14:52:18.0210 5396 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:52:18.0212 5396 RasSstp - ok
14:52:18.0247 5396 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:52:18.0269 5396 rdbss - ok
14:52:18.0408 5396 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:52:18.0426 5396 RDPCDD - ok
14:52:18.0479 5396 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:52:18.0514 5396 rdpdr - ok
14:52:18.0542 5396 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:52:18.0544 5396 RDPENCDD - ok
14:52:18.0668 5396 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:52:18.0736 5396 RDPWD - ok
14:52:18.0793 5396 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:52:18.0811 5396 RemoteAccess - ok
14:52:18.0854 5396 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:52:18.0858 5396 RemoteRegistry - ok
14:52:18.0893 5396 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:52:18.0895 5396 RpcLocator - ok
14:52:19.0026 5396 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:52:19.0032 5396 RpcSs - ok
14:52:19.0114 5396 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:52:19.0116 5396 rspndr - ok
14:52:19.0148 5396 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
14:52:19.0150 5396 RTL8023xp - ok
14:52:19.0206 5396 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:52:19.0207 5396 SamSs - ok
14:52:19.0438 5396 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:52:19.0455 5396 SASDIFSV - ok
14:52:19.0476 5396 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:52:19.0478 5396 SASKUTIL - ok
14:52:20.0009 5396 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:52:20.0028 5396 sbp2port - ok
14:52:20.0109 5396 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:52:20.0113 5396 SCardSvr - ok
14:52:20.0186 5396 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:52:20.0217 5396 Schedule - ok
14:52:20.0269 5396 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:52:20.0270 5396 SCPolicySvc - ok
14:52:20.0308 5396 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:52:20.0329 5396 SDRSVC - ok
14:52:20.0396 5396 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:52:20.0397 5396 secdrv - ok
14:52:20.0489 5396 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:52:20.0512 5396 seclogon - ok
14:52:20.0561 5396 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:52:20.0586 5396 SENS - ok
14:52:20.0650 5396 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:52:20.0652 5396 Serenum - ok
14:52:20.0709 5396 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:52:20.0712 5396 Serial - ok
14:52:20.0766 5396 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:52:20.0768 5396 sermouse - ok
14:52:20.0835 5396 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:52:20.0839 5396 SessionEnv - ok
14:52:20.0889 5396 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:52:20.0909 5396 sffdisk - ok
14:52:20.0962 5396 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:52:20.0987 5396 sffp_mmc - ok
14:52:21.0039 5396 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:52:21.0042 5396 sffp_sd - ok
14:52:21.0097 5396 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:52:21.0099 5396 sfloppy - ok
14:52:21.0147 5396 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:52:21.0153 5396 SharedAccess - ok
14:52:21.0293 5396 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:52:21.0314 5396 ShellHWDetection - ok
14:52:21.0549 5396 SiS6350 (74b370fd8b9c60b083a3460a64353f3b) C:\Windows\system32\DRIVERS\SISGRKMD.sys
14:52:21.0599 5396 SiS6350 - ok
14:52:21.0695 5396 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:52:21.0697 5396 SiSRaid2 - ok
14:52:21.0749 5396 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:52:21.0771 5396 SiSRaid4 - ok
14:52:22.0225 5396 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:52:22.0330 5396 slsvc - ok
14:52:22.0416 5396 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:52:22.0420 5396 SLUINotify - ok
14:52:22.0462 5396 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:52:22.0464 5396 Smb - ok
14:52:22.0536 5396 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:52:22.0539 5396 SNMPTRAP - ok
14:52:22.0592 5396 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:52:22.0595 5396 spldr - ok
14:52:22.0652 5396 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:52:22.0682 5396 Spooler - ok
14:52:22.0908 5396 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
14:52:22.0909 5396 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:52:22.0911 5396 sptd ( LockedFile.Multi.Generic ) - warning
14:52:22.0911 5396 sptd - detected LockedFile.Multi.Generic (1)
14:52:23.0111 5396 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:52:23.0117 5396 srv - ok
14:52:23.0210 5396 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:52:23.0252 5396 srv2 - ok
14:52:23.0300 5396 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:52:23.0303 5396 srvnet - ok
14:52:23.0591 5396 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:52:23.0602 5396 SSDPSRV - ok
14:52:23.0770 5396 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:52:23.0799 5396 SstpSvc - ok
14:52:23.0932 5396 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:52:23.0954 5396 stisvc - ok
14:52:24.0055 5396 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:52:24.0057 5396 swenum - ok
14:52:24.0152 5396 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:52:24.0179 5396 swprv - ok
14:52:24.0264 5396 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:52:24.0286 5396 Symc8xx - ok
14:52:24.0344 5396 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:52:24.0366 5396 Sym_hi - ok
14:52:24.0407 5396 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:52:24.0409 5396 Sym_u3 - ok
14:52:24.0535 5396 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:52:24.0586 5396 SysMain - ok
14:52:24.0616 5396 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:52:24.0620 5396 TabletInputService - ok
14:52:24.0650 5396 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:52:24.0655 5396 TapiSrv - ok
14:52:24.0712 5396 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:52:24.0735 5396 TBS - ok
14:52:24.0986 5396 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:52:25.0038 5396 Tcpip - ok
14:52:25.0111 5396 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:52:25.0120 5396 Tcpip6 - ok
14:52:25.0350 5396 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:52:25.0352 5396 tcpipreg - ok
14:52:25.0423 5396 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:52:25.0445 5396 TDPIPE - ok
14:52:25.0501 5396 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:52:25.0526 5396 TDTCP - ok
14:52:25.0626 5396 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:52:25.0652 5396 tdx - ok
14:52:25.0706 5396 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:52:25.0708 5396 TermDD - ok
14:52:25.0732 5396 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:52:25.0741 5396 TermService - ok
14:52:25.0916 5396 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:52:25.0920 5396 Themes - ok
14:52:26.0178 5396 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:52:26.0180 5396 THREADORDER - ok
14:52:26.0452 5396 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:52:26.0476 5396 TrkWks - ok
14:52:26.0518 5396 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:52:26.0520 5396 TrustedInstaller - ok
14:52:26.0791 5396 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:52:26.0793 5396 tssecsrv - ok
14:52:26.0865 5396 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:52:26.0891 5396 tunmp - ok
14:52:26.0935 5396 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:52:26.0937 5396 tunnel - ok
14:52:26.0975 5396 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
14:52:26.0978 5396 uagp35 - ok
14:52:27.0064 5396 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:52:27.0089 5396 udfs - ok
14:52:27.0191 5396 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:52:27.0218 5396 UI0Detect - ok
14:52:27.0317 5396 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:52:27.0344 5396 uliagpkx - ok
14:52:27.0413 5396 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:52:27.0432 5396 uliahci - ok
14:52:27.0534 5396 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:52:27.0553 5396 UlSata - ok
14:52:27.0587 5396 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:52:27.0590 5396 ulsata2 - ok
14:52:27.0629 5396 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:52:27.0650 5396 umbus - ok
14:52:27.0814 5396 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:52:27.0844 5396 upnphost - ok
14:52:27.0893 5396 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
14:52:27.0895 5396 USBAAPL - ok
14:52:27.0925 5396 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:52:27.0929 5396 usbccgp - ok
14:52:27.0962 5396 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:52:27.0965 5396 usbcir - ok
14:52:28.0075 5396 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:52:28.0101 5396 usbehci - ok
14:52:28.0209 5396 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:52:28.0239 5396 usbhub - ok
14:52:28.0571 5396 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:52:28.0584 5396 usbohci - ok
14:52:28.0879 5396 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
14:52:28.0897 5396 usbprint - ok
14:52:29.0117 5396 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:52:29.0120 5396 USBSTOR - ok
14:52:29.0176 5396 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
14:52:29.0179 5396 usbuhci - ok
14:52:29.0260 5396 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:52:29.0278 5396 UxSms - ok
14:52:29.0387 5396 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:52:29.0437 5396 vds - ok
14:52:29.0531 5396 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:52:29.0551 5396 vga - ok
14:52:29.0721 5396 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:52:29.0723 5396 VgaSave - ok
14:52:29.0767 5396 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:52:29.0790 5396 viaagp - ok
14:52:29.0955 5396 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:52:29.0996 5396 ViaC7 - ok
14:52:30.0095 5396 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:52:30.0097 5396 viaide - ok
14:52:30.0300 5396 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:52:30.0337 5396 volmgr - ok
14:52:30.0732 5396 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:52:30.0738 5396 volmgrx - ok
14:52:30.0824 5396 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:52:30.0829 5396 volsnap - ok
14:52:30.0900 5396 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:52:30.0904 5396 vsmraid - ok
14:52:30.0993 5396 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:52:31.0060 5396 VSS - ok
14:52:31.0121 5396 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:52:31.0145 5396 W32Time - ok
14:52:31.0453 5396 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:52:31.0456 5396 WacomPen - ok
14:52:31.0502 5396 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:31.0505 5396 Wanarp - ok
14:52:31.0509 5396 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:52:31.0511 5396 Wanarpv6 - ok
14:52:31.0723 5396 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:52:31.0731 5396 wcncsvc - ok
14:52:31.0786 5396 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:52:31.0789 5396 WcsPlugInService - ok
14:52:31.0821 5396 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:52:31.0823 5396 Wd - ok
14:52:31.0991 5396 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:52:32.0039 5396 Wdf01000 - ok
14:52:32.0140 5396 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:52:32.0144 5396 WdiServiceHost - ok
14:52:32.0157 5396 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:52:32.0160 5396 WdiSystemHost - ok
14:52:32.0200 5396 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:52:32.0224 5396 WebClient - ok
14:52:32.0270 5396 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:52:32.0293 5396 Wecsvc - ok
14:52:32.0341 5396 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:52:32.0345 5396 wercplsupport - ok
14:52:32.0420 5396 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:52:32.0425 5396 WerSvc - ok
14:52:32.0480 5396 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:52:32.0485 5396 WinDefend - ok
14:52:32.0497 5396 WinHttpAutoProxySvc - ok
14:52:32.0815 5396 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:52:32.0857 5396 Winmgmt - ok
14:52:33.0111 5396 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:52:33.0160 5396 WinRM - ok
14:52:33.0545 5396 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:52:33.0595 5396 Wlansvc - ok
14:52:34.0091 5396 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:52:34.0139 5396 wlidsvc - ok
14:52:34.0388 5396 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:52:34.0416 5396 WmiAcpi - ok
14:52:34.0549 5396 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:52:34.0577 5396 wmiApSrv - ok
14:52:34.0644 5396 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:52:34.0688 5396 WMPNetworkSvc - ok
14:52:34.0972 5396 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:52:34.0997 5396 WPCSvc - ok
14:52:35.0083 5396 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:52:35.0107 5396 WPDBusEnum - ok
14:52:35.0177 5396 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:52:35.0180 5396 WpdUsb - ok
14:52:35.0525 5396 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:52:35.0575 5396 WPFFontCache_v0400 - ok
14:52:35.0795 5396 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:52:35.0797 5396 ws2ifsl - ok
14:52:35.0853 5396 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:52:35.0857 5396 wscsvc - ok
14:52:35.0892 5396 WSearch - ok
14:52:36.0133 5396 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:52:36.0209 5396 wuauserv - ok
14:52:36.0306 5396 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:52:36.0309 5396 WUDFRd - ok
14:52:36.0400 5396 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
14:52:36.0423 5396 wudfsvc - ok
14:52:36.0523 5396 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:52:36.0601 5396 \Device\Harddisk0\DR0 - ok
14:52:36.0607 5396 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
14:52:36.0615 5396 \Device\Harddisk1\DR1 - ok
14:52:36.0624 5396 Boot (0x1200) (83e306ad2f2760a5e3cb714f520bf009) \Device\Harddisk0\DR0\Partition0
14:52:36.0627 5396 \Device\Harddisk0\DR0\Partition0 - ok
14:52:36.0627 5396 ============================================================
14:52:36.0627 5396 Scan finished
14:52:36.0627 5396 ============================================================
14:52:36.0646 4688 Detected object count: 1
14:52:36.0646 4688 Actual detected object count: 1
14:53:09.0021 4688 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:53:09.0021 4688 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:53:18.0487 5948 Deinitialize success
C'est fait:
ComboFix 12-05-02.03 - bologue 02/05/2012 18:59:37.3.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2047.1145 [GMT 2:00]
Lancé depuis: c:\users\bologue\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bologue\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-04-02 au 2012-05-02 ))))))))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-05-02 17:08 . 2012-05-02 17:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-02 17:08 . 2012-05-02 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 16:44 . 2012-05-02 16:46 -------- d-----w- c:\program files\Windows Live
2012-04-27 01:07 . 2012-04-27 01:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-26 14:19 . 2012-04-27 01:05 -------- d-----w- c:\program files\Microsoft Works
2012-04-26 14:15 . 2012-04-26 14:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-04-26 14:14 . 2012-04-26 14:14 -------- d-----w- c:\users\bologue\AppData\Local\Microsoft Help
2012-04-26 14:14 . 2012-05-02 15:26 -------- d-----w- c:\programdata\Microsoft Help
2012-04-26 14:11 . 2012-04-26 14:11 -------- d-----r- C:\MSOCache
2012-04-18 17:16 . 2012-04-18 17:16 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-04-18 17:12 . 2012-04-18 17:16 -------- d-----w- C:\ZHP
2012-04-18 17:11 . 2012-05-02 16:36 -------- d-----w- c:\program files\ZHPDiag
2012-04-18 13:57 . 2012-04-18 13:57 -------- d-----w- c:\program files\AxBx
2012-04-17 11:45 . 2012-04-17 12:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 20:50 . 2012-04-16 20:50 -------- d-----w- c:\users\bologue\AppData\Roaming\com.bytel.mediacenter
2012-04-16 20:40 . 2012-04-16 20:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-04-16 20:40 . 2012-04-16 20:41 -------- d-----w- c:\programdata\media center Bouygues Telecom
2012-04-12 01:08 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:08 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:08 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:08 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:08 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 01:08 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 17:39 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-04 06:37 . 2012-04-06 15:43 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-04 06:34 . 2012-05-02 16:42 -------- d-----w- c:\users\bologue\AppData\Local\Windows Live
2012-04-03 23:06 . 2012-04-03 23:06 -------- d-----w- c:\program files\iPod
2012-04-03 23:06 . 2012-04-03 23:07 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 16:44 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-17 12:06 . 2011-05-17 09:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 04:41 . 2012-03-08 04:41 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 04:41 . 2012-03-08 04:41 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 04:41 . 2012-03-08 04:41 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 04:41 . 2012-03-08 04:41 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 04:41 . 2012-03-08 04:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 04:41 . 2012-03-08 04:41 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 04:41 . 2012-03-08 04:41 367104 ----a-w- c:\windows\system32\html.iec
2012-03-08 04:41 . 2012-03-08 04:41 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 04:41 . 2012-03-08 04:41 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 04:41 . 2012-03-08 04:41 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 04:41 . 2012-03-08 04:41 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 04:41 . 2012-03-08 04:41 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 04:41 . 2012-03-08 04:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 04:41 . 2012-03-08 04:41 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 04:41 . 2012-03-08 04:41 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 04:41 . 2012-03-08 04:41 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 04:41 . 2012-03-08 04:41 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-15 09:01 . 2012-02-15 09:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 09:01 . 2012-02-15 09:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45 . 2012-03-14 09:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 09:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 09:10 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 09:10 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 09:10 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-03-18 17:58 . 2011-08-16 11:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"Skytel"="Skytel.exe" [2007-05-07 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\bologue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-18 110592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-10 16:10 4468736 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-07 17:51 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-20 14:47 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-09-05 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 12:06]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = http=127.0.0.1:25535
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\bologue\AppData\Roaming\Mozilla\Firefox\Profiles\ktrnwc4z.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=18cd7be8000000000000001a4d1d4c61&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Network Antivirus Protection - c:\programdata\1911c5\NA191_2296.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Heure de fin: 2012-05-02 19:16:58
ComboFix-quarantined-files.txt 2012-05-02 17:16
ComboFix2.txt 2011-02-18 07:55
ComboFix3.txt 2010-11-23 03:02
.
Avant-CF: 20 968 853 504 octets libres
Après-CF: 23 279 890 432 octets libres
.
- - End Of File - - EFA0A0351FF80FA933BF9689063DB153
ComboFix 12-05-02.03 - bologue 02/05/2012 18:59:37.3.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2047.1145 [GMT 2:00]
Lancé depuis: c:\users\bologue\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\bologue\AppData\Roaming\Microsoft\Windows\Recent\ppal.drv
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-04-02 au 2012-05-02 ))))))))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48 203576 ------w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-05-02 17:08 . 2012-05-02 17:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-02 17:08 . 2012-05-02 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 16:44 . 2012-05-02 16:46 -------- d-----w- c:\program files\Windows Live
2012-04-27 01:07 . 2012-04-27 01:07 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-26 14:19 . 2012-04-27 01:05 -------- d-----w- c:\program files\Microsoft Works
2012-04-26 14:15 . 2012-04-26 14:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-04-26 14:14 . 2012-04-26 14:14 -------- d-----w- c:\users\bologue\AppData\Local\Microsoft Help
2012-04-26 14:14 . 2012-05-02 15:26 -------- d-----w- c:\programdata\Microsoft Help
2012-04-26 14:11 . 2012-04-26 14:11 -------- d-----r- C:\MSOCache
2012-04-18 17:16 . 2012-04-18 17:16 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-04-18 17:12 . 2012-04-18 17:16 -------- d-----w- C:\ZHP
2012-04-18 17:11 . 2012-05-02 16:36 -------- d-----w- c:\program files\ZHPDiag
2012-04-18 13:57 . 2012-04-18 13:57 -------- d-----w- c:\program files\AxBx
2012-04-17 11:45 . 2012-04-17 12:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-16 20:50 . 2012-04-16 20:50 -------- d-----w- c:\users\bologue\AppData\Roaming\com.bytel.mediacenter
2012-04-16 20:40 . 2012-04-16 20:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-04-16 20:40 . 2012-04-16 20:41 -------- d-----w- c:\programdata\media center Bouygues Telecom
2012-04-12 01:08 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 01:08 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 01:08 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 01:08 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 01:08 . 2012-03-06 06:39 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-12 01:08 . 2012-03-06 06:39 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 17:39 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-04-04 06:37 . 2012-04-06 15:43 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-04 06:34 . 2012-05-02 16:42 -------- d-----w- c:\users\bologue\AppData\Local\Windows Live
2012-04-03 23:06 . 2012-04-03 23:06 -------- d-----w- c:\program files\iPod
2012-04-03 23:06 . 2012-04-03 23:07 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-02 16:44 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-17 12:06 . 2011-05-17 09:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 04:41 . 2012-03-08 04:41 161792 ----a-w- c:\windows\system32\msls31.dll
2012-03-08 04:41 . 2012-03-08 04:41 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-08 04:41 . 2012-03-08 04:41 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 04:41 . 2012-03-08 04:41 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 04:41 . 2012-03-08 04:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-08 04:41 . 2012-03-08 04:41 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-03-08 04:41 . 2012-03-08 04:41 367104 ----a-w- c:\windows\system32\html.iec
2012-03-08 04:41 . 2012-03-08 04:41 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-03-08 04:41 . 2012-03-08 04:41 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-08 04:41 . 2012-03-08 04:41 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-03-08 04:41 . 2012-03-08 04:41 152064 ----a-w- c:\windows\system32\wextract.exe
2012-03-08 04:41 . 2012-03-08 04:41 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-03-08 04:41 . 2012-03-08 04:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 04:41 . 2012-03-08 04:41 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-03-08 04:41 . 2012-03-08 04:41 11776 ----a-w- c:\windows\system32\mshta.exe
2012-03-08 04:41 . 2012-03-08 04:41 101888 ----a-w- c:\windows\system32\admparse.dll
2012-03-08 04:41 . 2012-03-08 04:41 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-15 09:01 . 2012-02-15 09:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 09:01 . 2012-02-15 09:01 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-14 15:45 . 2012-03-14 09:10 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 09:10 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-13 14:12 . 2012-03-14 09:10 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 13:47 . 2012-03-14 09:10 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 13:44 . 2012-03-14 09:10 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-03-18 17:58 . 2011-08-16 11:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]
"Skytel"="Skytel.exe" [2007-05-07 1826816]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\bologue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-3-18 110592]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-05-10 16:10 4468736 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-05-07 17:51 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-20 14:47 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-09-05 116608]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 12:06]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyServer = http=127.0.0.1:25535
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\bologue\AppData\Roaming\Mozilla\Firefox\Profiles\ktrnwc4z.default\
FF - prefs.js: browser.startup.homepage - google.fr
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=18cd7be8000000000000001a4d1d4c61&tlver=1.4.19.19&instlRef=sst&affID=17159&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Network Antivirus Protection - c:\programdata\1911c5\NA191_2296.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-02 19:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
Heure de fin: 2012-05-02 19:16:58
ComboFix-quarantined-files.txt 2012-05-02 17:16
ComboFix2.txt 2011-02-18 07:55
ComboFix3.txt 2010-11-23 03:02
.
Avant-CF: 20 968 853 504 octets libres
Après-CF: 23 279 890 432 octets libres
.
- - End Of File - - EFA0A0351FF80FA933BF9689063DB153
# AdwCleaner v1.604 - Rapport créé le 02/05/2012 à 21:43:33
# Mis à jour le 23/04/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : bologue - PC-DE-BOLOGUE
# Exécuté depuis : C:\Users\bologue\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\bologue\AppData\Local\Babylon
Dossier Supprimé : C:\Users\bologue\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\bologue\AppData\Roaming\Babylon
Dossier Supprimé : C:\ProgramData\Babylon
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
***** [Registre] *****
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\OpenCandy NSIS SDK
Clé Supprimée : HKLM\SOFTWARE\Messenger Plus!\OpenCandy
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
***** [Registre - GUID] *****
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v4.0 (fr)
Nom du profil : default
Fichier : C:\Users\bologue\AppData\Roaming\Mozilla\Firefox\Profiles\ktrnwc4z.default\prefs.js
Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", 10);
Supprimée : user_pref("extensions.BabylonToolbar.cntry", "FR");
Supprimée : user_pref("extensions.BabylonToolbar.firstRun", false);
Supprimée : user_pref("extensions.BabylonToolbar.hdrMd5", "0412C57691F5F220E71B88F1D0F7B0B3");
Supprimée : user_pref("extensions.BabylonToolbar.lastActv", "10");
Supprimée : user_pref("extensions.BabylonToolbar.lastDP", 10);
Supprimée : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=18cd7be8000000000000001a4d1[...]
*************************
AdwCleaner[S1].txt - [3026 octets] - [02/05/2012 21:43:33]
########## EOF - C:\AdwCleaner[S1].txt - [3154 octets] ##########
# Mis à jour le 23/04/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : bologue - PC-DE-BOLOGUE
# Exécuté depuis : C:\Users\bologue\Desktop\adwcleaner.exe
# Option [Suppression]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Supprimé : C:\Users\bologue\AppData\Local\Babylon
Dossier Supprimé : C:\Users\bologue\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\bologue\AppData\Roaming\Babylon
Dossier Supprimé : C:\ProgramData\Babylon
Fichier Supprimé : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
***** [Registre] *****
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKLM\SOFTWARE\Babylon
Clé Supprimée : HKLM\SOFTWARE\OpenCandy NSIS SDK
Clé Supprimée : HKLM\SOFTWARE\Messenger Plus!\OpenCandy
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
***** [Registre - GUID] *****
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Mozilla Firefox v4.0 (fr)
Nom du profil : default
Fichier : C:\Users\bologue\AppData\Roaming\Mozilla\Firefox\Profiles\ktrnwc4z.default\prefs.js
Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", 10);
Supprimée : user_pref("extensions.BabylonToolbar.cntry", "FR");
Supprimée : user_pref("extensions.BabylonToolbar.firstRun", false);
Supprimée : user_pref("extensions.BabylonToolbar.hdrMd5", "0412C57691F5F220E71B88F1D0F7B0B3");
Supprimée : user_pref("extensions.BabylonToolbar.lastActv", "10");
Supprimée : user_pref("extensions.BabylonToolbar.lastDP", 10);
Supprimée : user_pref("keyword.URL", "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=18cd7be8000000000000001a4d1[...]
*************************
AdwCleaner[S1].txt - [3026 octets] - [02/05/2012 21:43:33]
########## EOF - C:\AdwCleaner[S1].txt - [3154 octets] ##########
Rapport de ZHPFix 1.12.3372 par Nicolas Coolman, Update du 22/11/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-03-05-2012-21-55-10.txt
Run by bologue at 03/05/2012 21:55:10
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Clé(s) du Registre ==========
SUPPRIME Key: HKCU\Software\3
========== Valeur(s) du Registre ==========
SUPPRIME {2E90078D-51FD-41C2-9FFE-A31DDA63C515}
SUPPRIME TCP Query User{E739F069-6D72-4663-BE1E-1C9530E02CC1}C:/programdata/1911c5/na191_2296.exe
SUPPRIME UDP Query User{03947220-3728-4161-A93F-F902E8319F34}C:/programdata/1911c5/na191_2296.exe
SUPPRIME {41126514-BF9F-4372-849A-F86916B391D9}
SUPPRIME {C56A612F-E955-4EA7-A75A-BC834AFC58C5}
========== Elément(s) de donnée du Registre ==========
SUPPRIME R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
========== Dossier(s) ==========
SUPPRIME Folder: C:\Users\bologue\AppData\Roaming\Network Antivirus Protection
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{00662544-426C-45C0-8D36-C445BCAF83BE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{00C631A0-3DCD-47E4-863F-62B90E7803D2}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{010C2ED9-FC67-4531-8136-4E47933F0938}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{03B6B4E9-7FF7-454C-8327-07A152F61669}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{03CC9A91-063A-4051-A32A-1DB264B4BFAA}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{064AD20A-8622-4D7B-8379-9136622BA0D0}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{0E755D61-A750-442A-A41E-8E0824F46C44}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{0EBB84F7-4D10-46C8-B0A0-92412CBD6CEF}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{10909293-D442-4AF6-AC9C-2CAE0733B42F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{13227877-EE66-4EAA-949F-F9D2566C8551}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{183DF008-7B59-4051-AE0E-EBDCC73BBDC4}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{1E9C5C25-8132-4F91-9CE9-F1D187183077}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{2666799E-1629-49CD-9796-5FAEEA14AE71}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{2B25F58C-BC66-4B93-96E2-F86BB6CD668E}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{3282CDA9-3AB0-4590-8184-B38721D90F4B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{3467C604-5F44-425B-B28D-D363E492AEDE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{4929B365-A3A0-47CA-9000-FCF67FDF3EEC}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{4B681E96-8F45-4605-A2D0-C114A4D84B7D}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{501B057A-D868-4EE0-A301-58A281E8FAD2}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{52B0F863-14F8-4056-967B-FDA609B7B9E0}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{57E131F3-CC2A-45A5-9852-3B35352B0E8F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{59673A05-A28A-4986-A039-B6011EE70F2F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5AD9434B-834F-4B16-A5BA-8ABB840C4211}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5BD89913-FB55-4134-A15B-2AB3DA1AE1FE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5C0F5D96-A640-4B94-9167-C98B860595E6}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5FC80B2F-17F7-420A-BD3C-FA61179EF985}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{6276C6EC-4376-4520-A0F1-7541475CB407}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{662EF680-8E4F-4FFD-ACAA-FA043DB9634E}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{67D25791-048A-4B82-BAB8-FCBBA6545845}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{699E6577-AB5C-4D2A-B66C-ED0AB01357EF}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{6A4BA0B8-6264-48B0-A743-922DD7DC5511}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{6E2B1DEB-58D3-438D-A7D3-517A73D9835B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{715F7ED3-4411-4C97-BF93-2786A1AF64AB}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{79FF1C43-D6A1-48A8-9C82-BEF8925E2D37}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{7A77EC88-4F64-4709-8091-9D5CC10FC2E9}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{867387D2-D23E-4B89-B7F2-320A97F92025}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{8696C69D-73C1-4D7D-AECA-6BD05D8E3709}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{89FFE498-B38E-49D1-8AC4-15EEFE359E29}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{8D5E49CD-37F2-4184-9006-1000C12D31EE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{8E911006-85AA-48EC-BFEE-2358FFC0F097}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{95B9C23F-065A-44C0-9035-2BB984301D09}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{98353369-C22B-47C2-A55A-DCEB9EA1D3E8}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{9A03EDD1-D089-4DB2-B796-73CBA81E80AF}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{9C4E21BF-EEEE-47E2-90E3-B0DA12511A2B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{A1343FF6-E7BE-4A8F-A7DE-B129F7F36960}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B1F8A4CC-DB61-450E-A3DE-E6BEE6EDEB19}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B5F0C2F1-5438-4A85-982A-FF996C615154}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B719B83D-E47F-4423-BDFB-EFFD084CA26F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B7C1E802-E630-48F2-A920-75D674E7EEC2}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B7F0BEA9-BCA2-4B32-8A11-AA26DB51C630}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B9B738D1-AA5C-47D4-993D-4BB3BD772A88}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{BC5F50BA-C6BE-4335-8E9A-47F1FF771619}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{BD2A117F-249E-49C2-A1E0-B82B5056CAB7}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{C7549B21-D017-4E27-9ECC-FDBD13D07C07}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D165B7CD-CBCF-45A1-AC45-277B7BDE8877}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D2D29328-0DF5-4DE7-95FA-C46A65E0D7C0}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D3D6C7C6-3812-4AC8-9C9F-31A9D881950A}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D6F5FC50-80AD-4BE3-8CCB-E700E1730D1A}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D7C3369E-D0E4-401D-8C64-506138BB7879}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D7F6B0E7-CF28-4609-A1DD-3A828FA7CBE4}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{DE979918-B2F9-4F74-9B7C-A94C571D7CFE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{EB950AC2-DCBB-4E08-8C40-CB6EE1EB69FC}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{EDC87DCF-DB10-444A-9404-4987D66DCF80}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{EF0E9ABD-A0DF-40F8-BEFA-DE5736118E75}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{F0C3054E-A8AB-4A8A-BB27-EA6EE651DB9B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{F11AC581-02C8-4816-9550-2986AC8A4FCC}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{F66581AC-E53C-4B12-BAA0-CA51058F95E3}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FAC2F25D-3EDC-4230-81C4-CA0C23E7B899}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FC1B68AB-EF7A-4903-8375-71B32563C74A}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FD8754E8-C496-4164-88E8-3263908BBD63}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FF0D7195-A281-44BD-BA57-F86F735D07EB}
SUPPRIME Temporaires Windows: : 94
========== Fichier(s) ==========
SUPPRIME File: c:\users\bologue\appdata\roaming\microsoft\windows\start menu\programs\network antivirus protection.lnk
ABSENT File: c:\programdata\1911c5\na191_2296.exe
SUPPRIME Temporaires Windows: : 885
========== Master Boot Record ==========
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3250820AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A1C1F8]<<
1 ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Harddisk0\DR0[0x8523E5D0]
3 CLASSPNP[0x881B68B3] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> [0x84A908C8]
5 acpi[0x807B86BC] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Ide\IdeDeviceP1T0L0-1[0x84A846C0]
\Driver\atapi[0x84A82D40] -> IRP_MJ_CREATE -> 0x84A1C1F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x84a1c1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Resultat après le fix :
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3250820AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A1C1F8]<<
1 ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Harddisk0\DR0[0x8523E5D0]
3 CLASSPNP[0x881B68B3] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> [0x84A908C8]
5 acpi[0x807B86BC] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Ide\IdeDeviceP1T0L0-1[0x84A846C0]
\Driver\atapi[0x84A82D40] -> IRP_MJ_CREATE -> 0x84A1C1F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x84a1c1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
========== Tache planifiée ==========
SUPPRIME Task: {9E298518-6FD1-4453-91C9-34F833BE9E05}
SUPPRIME Task: {B770308D-09DC-4103-AAA5-382D7C5A3BC3}
========== Autre ==========
NON TRAITE file.)
========== Récapitulatif ==========
1 : Clé(s) du Registre
5 : Valeur(s) du Registre
1 : Elément(s) de donnée du Registre
73 : Dossier(s)
3 : Fichier(s)
2 : Tache planifiée
1 : Master Boot Record
1 : Autre
End of clean in 00mn 16s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 03/05/2012 21:55:10 [9784]
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-03-05-2012-21-55-10.txt
Run by bologue at 03/05/2012 21:55:10
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
========== Clé(s) du Registre ==========
SUPPRIME Key: HKCU\Software\3
========== Valeur(s) du Registre ==========
SUPPRIME {2E90078D-51FD-41C2-9FFE-A31DDA63C515}
SUPPRIME TCP Query User{E739F069-6D72-4663-BE1E-1C9530E02CC1}C:/programdata/1911c5/na191_2296.exe
SUPPRIME UDP Query User{03947220-3728-4161-A93F-F902E8319F34}C:/programdata/1911c5/na191_2296.exe
SUPPRIME {41126514-BF9F-4372-849A-F86916B391D9}
SUPPRIME {C56A612F-E955-4EA7-A75A-BC834AFC58C5}
========== Elément(s) de donnée du Registre ==========
SUPPRIME R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer
========== Dossier(s) ==========
SUPPRIME Folder: C:\Users\bologue\AppData\Roaming\Network Antivirus Protection
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{00662544-426C-45C0-8D36-C445BCAF83BE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{00C631A0-3DCD-47E4-863F-62B90E7803D2}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{010C2ED9-FC67-4531-8136-4E47933F0938}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{03B6B4E9-7FF7-454C-8327-07A152F61669}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{03CC9A91-063A-4051-A32A-1DB264B4BFAA}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{064AD20A-8622-4D7B-8379-9136622BA0D0}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{0E755D61-A750-442A-A41E-8E0824F46C44}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{0EBB84F7-4D10-46C8-B0A0-92412CBD6CEF}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{10909293-D442-4AF6-AC9C-2CAE0733B42F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{13227877-EE66-4EAA-949F-F9D2566C8551}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{183DF008-7B59-4051-AE0E-EBDCC73BBDC4}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{1E9C5C25-8132-4F91-9CE9-F1D187183077}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{2666799E-1629-49CD-9796-5FAEEA14AE71}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{2B25F58C-BC66-4B93-96E2-F86BB6CD668E}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{3282CDA9-3AB0-4590-8184-B38721D90F4B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{3467C604-5F44-425B-B28D-D363E492AEDE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{4929B365-A3A0-47CA-9000-FCF67FDF3EEC}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{4B681E96-8F45-4605-A2D0-C114A4D84B7D}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{501B057A-D868-4EE0-A301-58A281E8FAD2}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{52B0F863-14F8-4056-967B-FDA609B7B9E0}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{57E131F3-CC2A-45A5-9852-3B35352B0E8F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{59673A05-A28A-4986-A039-B6011EE70F2F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5AD9434B-834F-4B16-A5BA-8ABB840C4211}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5BD89913-FB55-4134-A15B-2AB3DA1AE1FE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5C0F5D96-A640-4B94-9167-C98B860595E6}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{5FC80B2F-17F7-420A-BD3C-FA61179EF985}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{6276C6EC-4376-4520-A0F1-7541475CB407}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{662EF680-8E4F-4FFD-ACAA-FA043DB9634E}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{67D25791-048A-4B82-BAB8-FCBBA6545845}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{699E6577-AB5C-4D2A-B66C-ED0AB01357EF}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{6A4BA0B8-6264-48B0-A743-922DD7DC5511}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{6E2B1DEB-58D3-438D-A7D3-517A73D9835B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{715F7ED3-4411-4C97-BF93-2786A1AF64AB}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{79FF1C43-D6A1-48A8-9C82-BEF8925E2D37}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{7A77EC88-4F64-4709-8091-9D5CC10FC2E9}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{867387D2-D23E-4B89-B7F2-320A97F92025}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{8696C69D-73C1-4D7D-AECA-6BD05D8E3709}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{89FFE498-B38E-49D1-8AC4-15EEFE359E29}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{8D5E49CD-37F2-4184-9006-1000C12D31EE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{8E911006-85AA-48EC-BFEE-2358FFC0F097}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{95B9C23F-065A-44C0-9035-2BB984301D09}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{98353369-C22B-47C2-A55A-DCEB9EA1D3E8}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{9A03EDD1-D089-4DB2-B796-73CBA81E80AF}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{9C4E21BF-EEEE-47E2-90E3-B0DA12511A2B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{A1343FF6-E7BE-4A8F-A7DE-B129F7F36960}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B1F8A4CC-DB61-450E-A3DE-E6BEE6EDEB19}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B5F0C2F1-5438-4A85-982A-FF996C615154}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B719B83D-E47F-4423-BDFB-EFFD084CA26F}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B7C1E802-E630-48F2-A920-75D674E7EEC2}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B7F0BEA9-BCA2-4B32-8A11-AA26DB51C630}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{B9B738D1-AA5C-47D4-993D-4BB3BD772A88}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{BC5F50BA-C6BE-4335-8E9A-47F1FF771619}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{BD2A117F-249E-49C2-A1E0-B82B5056CAB7}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{C7549B21-D017-4E27-9ECC-FDBD13D07C07}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D165B7CD-CBCF-45A1-AC45-277B7BDE8877}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D2D29328-0DF5-4DE7-95FA-C46A65E0D7C0}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D3D6C7C6-3812-4AC8-9C9F-31A9D881950A}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D6F5FC50-80AD-4BE3-8CCB-E700E1730D1A}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D7C3369E-D0E4-401D-8C64-506138BB7879}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{D7F6B0E7-CF28-4609-A1DD-3A828FA7CBE4}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{DE979918-B2F9-4F74-9B7C-A94C571D7CFE}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{EB950AC2-DCBB-4E08-8C40-CB6EE1EB69FC}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{EDC87DCF-DB10-444A-9404-4987D66DCF80}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{EF0E9ABD-A0DF-40F8-BEFA-DE5736118E75}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{F0C3054E-A8AB-4A8A-BB27-EA6EE651DB9B}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{F11AC581-02C8-4816-9550-2986AC8A4FCC}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{F66581AC-E53C-4B12-BAA0-CA51058F95E3}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FAC2F25D-3EDC-4230-81C4-CA0C23E7B899}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FC1B68AB-EF7A-4903-8375-71B32563C74A}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FD8754E8-C496-4164-88E8-3263908BBD63}
SUPPRIME Folder: C:\Users\bologue\AppData\Local\{FF0D7195-A281-44BD-BA57-F86F735D07EB}
SUPPRIME Temporaires Windows: : 94
========== Fichier(s) ==========
SUPPRIME File: c:\users\bologue\appdata\roaming\microsoft\windows\start menu\programs\network antivirus protection.lnk
ABSENT File: c:\programdata\1911c5\na191_2296.exe
SUPPRIME Temporaires Windows: : 885
========== Master Boot Record ==========
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3250820AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A1C1F8]<<
1 ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Harddisk0\DR0[0x8523E5D0]
3 CLASSPNP[0x881B68B3] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> [0x84A908C8]
5 acpi[0x807B86BC] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Ide\IdeDeviceP1T0L0-1[0x84A846C0]
\Driver\atapi[0x84A82D40] -> IRP_MJ_CREATE -> 0x84A1C1F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x84a1c1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
Resultat après le fix :
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3250820AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A1C1F8]<<
1 ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Harddisk0\DR0[0x8523E5D0]
3 CLASSPNP[0x881B68B3] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> [0x84A908C8]
5 acpi[0x807B86BC] -> ntkrnlpa!IofCallDriver[0x81E5A912] -> \Device\Ide\IdeDeviceP1T0L0-1[0x84A846C0]
\Driver\atapi[0x84A82D40] -> IRP_MJ_CREATE -> 0x84A1C1F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi -> 0x84a1c1f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
========== Tache planifiée ==========
SUPPRIME Task: {9E298518-6FD1-4453-91C9-34F833BE9E05}
SUPPRIME Task: {B770308D-09DC-4103-AAA5-382D7C5A3BC3}
========== Autre ==========
NON TRAITE file.)
========== Récapitulatif ==========
1 : Clé(s) du Registre
5 : Valeur(s) du Registre
1 : Elément(s) de donnée du Registre
73 : Dossier(s)
3 : Fichier(s)
2 : Tache planifiée
1 : Master Boot Record
1 : Autre
End of clean in 00mn 16s
========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 03/05/2012 21:55:10 [9784]
Vous allez voir, c'est très facile de bloquer
Ouvrez Internet Explorer. Dans le menu « Outils », cliquez sur « Options Internet ». Puis, cliquez sur l'onglet « Sécurité ». Cliquez sur l'icone « Sites sensibles », puis sur le bouton « Sites ». Puis, ajoutez ce site à la liste: « rad.msn.com » et confirmez avec OK.
voir en image explicative
http://www.fansub-streaming.eu/blog/bloquer-la-pub-de-windows-live-messenger.html
Ouvrez Internet Explorer. Dans le menu « Outils », cliquez sur « Options Internet ». Puis, cliquez sur l'onglet « Sécurité ». Cliquez sur l'icone « Sites sensibles », puis sur le bouton « Sites ». Puis, ajoutez ce site à la liste: « rad.msn.com » et confirmez avec OK.
voir en image explicative
http://www.fansub-streaming.eu/blog/bloquer-la-pub-de-windows-live-messenger.html
Malwarebytes Anti-Malware (Essai) 1.61.0.1400
www.malwarebytes.org
Version de la base de données: v2012.05.06.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
bologue :: PC-DE-BOLOGUE [administrateur]
Protection: Activé
06/05/2012 18:37:08
mbam-log-2012-05-06 (18-37-08).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 332918
Temps écoulé: 1 heure(s), 10 minute(s), 55 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Qoobox\Quarantine\C\Users\Public\Documents\Windows\winhelp.exe.vir (Spyware.Passwords.XGen) -> Mis en quarantaine et supprimé avec succès.
C:\Users\bologue\Documents\Jeux\BF2\BF2 DVD\RELOADED\fff-ea103.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès.
(fin)
www.malwarebytes.org
Version de la base de données: v2012.05.06.04
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
bologue :: PC-DE-BOLOGUE [administrateur]
Protection: Activé
06/05/2012 18:37:08
mbam-log-2012-05-06 (18-37-08).txt
Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 332918
Temps écoulé: 1 heure(s), 10 minute(s), 55 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 2
C:\Qoobox\Quarantine\C\Users\Public\Documents\Windows\winhelp.exe.vir (Spyware.Passwords.XGen) -> Mis en quarantaine et supprimé avec succès.
C:\Users\bologue\Documents\Jeux\BF2\BF2 DVD\RELOADED\fff-ea103.exe (RiskWare.Tool.CK) -> Mis en quarantaine et supprimé avec succès.
(fin)
Utilisateur anonyme
6 mai 2012 à 20:08
6 mai 2012 à 20:08
super,
lance ton navigateur, vide les fichiers temporaires et les Cookies,
redémarre ton pc pour voir si tu as envore le message du truc !
lance ton navigateur, vide les fichiers temporaires et les Cookies,
redémarre ton pc pour voir si tu as envore le message du truc !
C'est fait, mais le message revient encore...
En fait, il a disparu pendant un temps au début des manipulations que tu m'as demandé d'effectuer mais est revenu ces derniers jours. Je venais de désinstaller MSN et et MSN plus pour ne réinstaller que MSN à cause de ralentissements lors de son exécution.
@Nina: Je n'utilise pas IE mais Mozilla.
En fait, il a disparu pendant un temps au début des manipulations que tu m'as demandé d'effectuer mais est revenu ces derniers jours. Je venais de désinstaller MSN et et MSN plus pour ne réinstaller que MSN à cause de ralentissements lors de son exécution.
@Nina: Je n'utilise pas IE mais Mozilla.
Utilisateur anonyme
7 mai 2012 à 17:41
7 mai 2012 à 17:41
ok, mais as tu essayé de vider l'histoque de naigation et les cookies de firefox ?
Oui. J'ai aussi essayé la manipulation sur les sites sensibles avec IE et à présent, au lieu du message habituel j'ai: "Les paramètres de sécurité actuelle ne vous permettent pas de télécharger de fichier."
Utilisateur anonyme
7 mai 2012 à 18:39
7 mai 2012 à 18:39
essaie ceci :
https://www.commentcamarche.net/faq/20619-vos-parametres-de-securite-ne-vous-permettent-pas-de-telecharger
https://www.commentcamarche.net/faq/20619-vos-parametres-de-securite-ne-vous-permettent-pas-de-telecharger
21 avril 2012 à 13:34
Merci pour ton intervention ! J'espère que ça aidera Jacky !