virus police nationale Résolu

Question

Bonjour,  



j ai chopé hier soir un virus police notionale sacem sur mon portable qui est sous vista, je n ai plus d acces a windows ni en normal ni en mode sans echec. Quelqu un peu t il me venir en aide. 

merci 
bxlucky

Utilisateur anonyme · Answer

Bonsoir

Il va falloir proceder à partir d'un LiveCD

Télécharge OTLPE sur le bureau.
Prépare un CD vierge 
Utilise un logiciel de gravure dont tu disposes.
Ou celui-ci Cdburner
Attention il s'agit de graver une imageISO
Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM 
Pour se faire suivre ce lien : Booter sur un CD 
Tuto OTLPE 

Tu lances l'iso d'OTLPE que tu as gravé. 
Tu choisis le lecteur ou est installé ton système d'exploitation (par défaut C)
Et ensuite Windows
*	une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune 

*	Double-clique sur l'icone OTLPE 
*	quand demandé "Do you wish to load the remote registry", select Yes 
*	Tu choisis ta session
*	Sous Vista et Seven il faut développer l'arborescence du lecteur C qui par défaut embarque Windows et arriver sur le dossier Windows.
Rappel :Tutorial ici : https://forum.malekal.com/viewtopic.php?t=23453&start=
Ensuite
*	sous Custom Scan box 
1) copie_colle le contenu du cadre ci dessous: 

netsvcs 
msconfig 
safebootminimal 
safebootnetwork 
activex 
drivers32 
%ALLUSERSPROFILE%\Application Data\*. 
%ALLUSERSPROFILE%\Application Data\*.exe /s 
%SYSTEMDRIVE%\*.exe 
/md5start 
eventlog.dll 
scecli.dll 
netlogon.dll 
cngaudit.dll 
sceclt.dll 
ntelogon.dll 
logevent.dll 
iaStor.sys 
nvstor.sys 
atapi.sys 
cdrom.sys 
disk.sys 
ndis.sys 
mountmgr.sys 
aec.sys 
rasacd.sys 
mrxsmb10.sys 
mrxsmb20.sys 
termdd.sys 
mrxsmb.sys 
win32k.sys 
storport.sys 
IdeChnDr.sys 
viasraid.sys 
explorer.exe 
winlogon.exe 
wininit.exe
AGP440.sys 
vaxscsi.sys 
nvatabus.sys 
viamraid.sys 
nvata.sys 
nvgts.sys 
iastorv.sys 
ViPrt.sys 
eNetHook.dll 
ahcix86.sys 
KR10N.sys 
nvstor32.sys 
ahcix86s.sys 
nvrd32.sys 
/md5stop 
%systemroot%\*. /mp /s 
%systemroot%\system32\*.dll /lockedfiles 
%systemroot%\Tasks\*.job /lockedfiles 
%systemroot%\system32\drivers\*.sys /lockedfiles 
%systemroot%\System32\config\*.sav 
CREATERESTOREPOINT 

*	copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller. 

*	2) Clic Run Scan pour démarrer le scan. 
*	Une fois terminé , le fichier se trouve là C:\OTL.txt 
*	Copie_colle le contenu dans ta prochaine réponse. 


@+

bxlucky · Answer

merci pour ta reponse, je vais voir ca demain a tete repose, je te tiens au courant

bxlucky · Answer

bonsoir,

j'ai fait comme tu m a dit et j ai fait le scan, maintenant j ai un petit souci pour recuper le otl.txt, je n arrive plus a ouvrir le port usb avec reatogo, bien qu il me la reconnaisse en bas, je sais pas si je dois sortir et relancer.

bxlucky · Answer

c bon j'ai reussi a recuperer le raport

OTL logfile created on: 4/27/2012 6:38:54 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
Internet Explorer (Version = 7.0.6000.16982)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.77 Gb Total Space | 23.60 Gb Free Space | 33.82% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 46.51 Gb Free Space | 66.91% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

[color=#E56717]========== Win32 Services (SafeList) ==========/color

SRV - File not found [Auto] -- -- (symndis)
SRV - [2012/03/23 13:49:20 | 000,077,824 | ---- | M] () [Auto] -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL -- (SPService)
SRV - [2012/03/07 15:30:56 | 000,030,720 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto] -- C:\Windows\TEMP\htmijn\setup.exe -- (AMService)
SRV - [2011/10/21 10:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 12:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2007/09/14 09:32:46 | 000,167,936 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/08/10 04:11:32 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/05/22 09:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/05/10 08:05:36 | 000,024,576 | ---- | M] () [Auto] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/04/25 10:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/03/21 08:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/14 04:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/02/13 01:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2006/11/24 06:57:54 | 000,107,008 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/21 00:34:00 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2006/11/21 00:34:00 | 000,194,240 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Planificateur LiveUpdate automatique)
SRV - [2006/11/21 00:33:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006/11/21 00:33:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/21 00:33:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/11/21 00:32:22 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2006/11/21 00:31:30 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006/11/21 00:30:48 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006/11/02 05:45:47 | 000,005,632 | ---- | M] (Oak Technology Inc.) [Auto] -- C:\Windows\System32\Pcatip.dll -- (tap0901)

[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/04/27 01:37:52 | 000,068,096 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2007/08/10 04:13:29 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/08/02 10:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/06/18 06:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/06/13 22:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/04/29 18:45:18 | 002,219,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel(R)
DRV - [2007/03/21 16:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/07 04:26:50 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/02/24 08:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/30 01:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/01/23 10:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/07 13:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/21 00:34:46 | 000,275,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/21 00:34:46 | 000,245,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/21 00:34:46 | 000,024,184 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/21 00:34:40 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/21 00:32:56 | 000,831,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVEX15.SYS -- (NAVEX15)
DRV - [2006/11/21 00:32:54 | 000,079,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20061106.064\NAVENG.SYS -- (NAVENG)
DRV - [2006/11/21 00:32:52 | 000,387,432 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/21 00:30:58 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
DRV - [2006/11/02 11:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel(R)

[color=#E56717]========== Standard Registry (SafeList) ==========/color

[color=#E56717]========== Internet Explorer ==========/color

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.acer.com/worldwide/selection.html [binary data]
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.fr.yahoo.com/
IE - HKU\bruno_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\bruno_ON_C\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
IE - HKU\bruno_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\bruno_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

Hosts file not found
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (Ask.com)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKU\bruno_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\bruno_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKU\.DEFAULT..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\.DEFAULT..\Run: [QJa8hs7QNbxt4uL] C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O4 - HKU\bruno_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\bruno_ON_C..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\bruno_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\bruno_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\bruno_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.2.0.1 89.2.0.2
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKLM Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\.DEFAULT Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\bruno_ON_C Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - HKU\bruno_ON_C Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe ()
O20 - Winlogon\Notify\lkapoer: DllName - C:\Windows\system32\config\systemprofile\AppData\Local\lkapoer.dll - C:\Windows\System32\config\systemprofile\AppData\Local\lkapoer.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6b665650-5d7d-11e1-aa19-cf5f861a9c37}\Shell\AutoRun\command - "" = RunClubSanDisk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: tap0901 - C:\Windows\System32\Pcatip.dll (Oak Technology Inc.)
NetSvcs: foldersize - File not found
NetSvcs: PCDCODEC - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {tlMe4VA9-8LXI-r4nq-LmM7-2PRL0gJFErMy} -
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\DVWIZA~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2008/01/03 07:21:09 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008/01/03 05:47:36 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/01/03 05:47:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/10 10:40:58 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007/08/10 03:29:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2012/04/27 11:14:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 01:37:52 | 000,068,096 | ---- | M] () -- C:\Windows\System32\drivers\tdx.sys
[2012/04/26 15:55:00 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_trash_log.cmd
[2012/04/26 15:42:31 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:42:31 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 14:24:36 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/04/26 13:59:35 | 000,689,846 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2012/04/26 13:59:35 | 000,609,532 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/26 13:59:35 | 000,116,988 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2012/04/26 13:59:35 | 000,103,314 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/25 15:10:35 | 000,182,784 | ---- | M] () -- C:\Users\bruno\AppData\Roaming\ram_reserver64.exe
[2012/04/25 15:05:28 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{084DB03B-B2F6-4B43-8C0E-E5AEC842B1BC}.job
[2012/04/21 12:00:22 | 000,247,808 | ---- | M] () -- C:\Users\bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/07 12:09:36 | 733,828,026 | ---- | M] () -- C:\Users\bruno\Desktop\2011 - L.Ours.Montagne.avi
[2012/04/07 06:31:42 | 731,955,200 | ---- | M] () -- C:\Users\bruno\Desktop\2011 - la dame de fer.avi
[2012/03/28 19:21:50 | 1466,028,363 | ---- | M] () -- C:\Users\bruno\Desktop\2011 - Les.Lyonnais.avi

[color=#E56717]========== Files Created - No Company Name ==========/color

[2012/04/25 15:35:51 | 000,182,784 | ---- | C] () -- C:\Users\bruno\AppData\Roaming\ram_reserver64.exe
[2012/04/17 14:04:26 | 1466,028,363 | ---- | C] () -- C:\Users\bruno\Desktop\2011 - Les.Lyonnais.avi
[2012/04/17 14:03:37 | 731,955,200 | ---- | C] () -- C:\Users\bruno\Desktop\2011 - la dame de fer.avi
[2012/04/17 14:02:50 | 733,828,026 | ---- | C] () -- C:\Users\bruno\Desktop\2011 - L.Ours.Montagne.avi
[2012/04/07 12:08:10 | 1465,561,088 | ---- | C] () -- C:\Users\bruno\Desktop\The.Aventures.Of.Tintin.2011.FRENCH.DVDRip.XviD.AC3-FwD.avi
[2012/02/25 07:16:37 | 000,000,473 | ---- | C] () -- C:\Windows\BettingMarketAnalytics.ini
[2010/08/22 08:52:05 | 000,000,074 | ---- | C] () -- C:\Users\bruno\AppData\Roaming\default.pls
[2008/06/21 02:39:43 | 000,000,680 | ---- | C] () -- C:\Users\bruno\AppData\Local\d3d9caps.dat
[2008/01/03 15:41:23 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/01/03 15:41:12 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/01/03 14:36:57 | 000,247,808 | ---- | C] () -- C:\Users\bruno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/03 07:21:09 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/01/03 05:47:36 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
[2008/01/03 05:47:36 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
[2008/01/03 05:47:36 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini
[2008/01/03 05:47:36 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini
[2007/11/29 18:30:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/11/28 17:52:32 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/08/10 14:04:58 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/10 10:42:39 | 000,000,120 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007/08/10 10:41:15 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/10 10:41:15 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/10 10:41:15 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/08/10 10:40:58 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/08/10 10:40:58 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007/08/10 03:39:09 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/10 03:30:08 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/10 03:30:08 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/10 03:28:59 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/10 02:37:31 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/04/25 10:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 10:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 10:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 10:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 10:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 10:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 09:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/12 23:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 11:48:33 | 000,689,846 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 11:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 11:48:33 | 000,116,988 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 11:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,379,496 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,609,532 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,314 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:57:35 | 000,068,096 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/12/26 09:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 16:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 09:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 15:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[color=#E56717]========== LOP Check ==========/color

[2008/08/30 10:36:02 | 000,000,000 | ---D | M] -- C:\Users\bruno\AppData\Roaming\Gamelab
[2010/05/29 14:09:33 | 000,000,000 | ---D | M] -- C:\Users\bruno\AppData\Roaming\GetRightToGo
[2008/08/30 10:15:56 | 000,000,000 | ---D | M] -- C:\Users\bruno\AppData\Roaming\Spandex Force
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/08/30 09:01:01 | 000,000,000 | ---D | M] -- C:\ProgramData\FarmFrenzy2
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/07/06 05:18:51 | 000,000,000 | ---D | M] -- C:\ProgramData\FreshGames
[2008/12/13 04:56:02 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2008/01/03 05:54:49 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2008/09/13 07:55:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Sandlot Games
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/13 08:55:31 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/07/06 05:15:38 | 000,000,000 | ---D | M] -- C:\ProgramData\VirtualFarm
[2007/08/10 03:59:44 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2012/04/26 15:03:46 | 000,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/25 15:05:28 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{084DB03B-B2F6-4B43-8C0E-E5AEC842B1BC}.job

[color=#E56717]========== Purity Check ==========/color

[color=#E56717]========== Custom Scans ==========/color

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.

Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >/color
[2005/08/16 03:49:12 | 000,040,960 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\junction.exe

[color=#A23BEC]< MD5 for: AGP440.SYS >/color
[2008/01/19 03:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 05:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >/color
[2008/01/19 03:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 05:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/08/30 06:56:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\drivers\atapi.sys
[2008/08/30 06:56:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/08/30 06:56:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/08/30 06:56:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >/color
[2008/01/19 01:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\drivers\cdrom.sys
[2006/11/02 04:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >/color
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: DISK.SYS >/color
[2008/01/19 03:42:20 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\drivers\disk.sys
[2006/11/02 05:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

[color=#A23BEC]< MD5 for: ENETHOOK.DLL >/color
[2007/05/22 09:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Acer\Empowering Technology\eNet\eNetHook.dll
[2007/05/22 09:00:04 | 000,090,112 | ---- | M] (acer) MD5=2BB5B239A4501C0A846A2E43D3A98986 -- C:\Windows\System32\eNetHook.dll

[color=#A23BEC]< MD5 for: EXPLORER.EXE >/color
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/01/05 03:16:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/01/05 03:16:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: IASTOR.SYS >/color
[2006/12/21 23:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6c5f2dca\iaStor.sys
[2006/12/21 23:17:02 | 000,273,920 | ---- | M] (Intel Corporation) MD5=16EC9C934AE82B45BEB0CFF9C4277EE8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_4b499ec9\iaStor.sys
[2007/04/25 00:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Acer\Robson\WINALL\DRIVER\IASTOR.SYS
[2007/04/25 00:17:36 | 000,277,784 | ---- | M] (Intel Corporation) MD5=5DF93509037399B53D3ECAA8A67B6C58 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_b92fa6ec\iaStor.sys
[2007/04/25 00:18:12 | 000,537,368 | ---- | M] (Intel Corporation) MD5=6E9BEDAEFA5A3F86CECF40F4963F3021 -- C:\Acer\Robson\WINALL\DRIVER64\IASTOR.SYS
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IASTOR.SYS
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/03/21 07:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IASTOR.SYS

[color=#A23BEC]< MD5 for: IASTORV.SYS >/color
[2008/01/19 03:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

[color=#A23BEC]< MD5 for: MOUNTMGR.SYS >/color
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\System32\drivers\mountmgr.sys
[2006/11/02 05:49:57 | 000,054,888 | ---- | M] (Microsoft Corporation) MD5=01F1E5A3E4877C931CBB31613FEC16A6 -- C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6000.16386_none_f06162ca0a1ab2c0\mountmgr.sys
[2008/01/19 03:42:28 | 000,057,400 | ---- | M] (Microsoft Corporation) MD5=BDAFC88AA6B92F7842416EA6A48E1600 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.0.6001.18000_none_f29824c60705c394\mountmgr.sys

[color=#A23BEC]< MD5 for: MRXSMB.SYS >/color
[2010/02/23 07:16:50 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=1F0DAA8676E0B3D00C2EC1F82B140A1C -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.22346_none_81dc4772677c5da2\mrxsmb.sys
[2010/02/23 07:10:13 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=454341E652BDF5E01B0F2140232B073E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6002.18213_none_8170198d4e491e00\mrxsmb.sys
[2008/01/03 07:34:14 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=529B64F9735D27FEF1B8EA1678F8C79E -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16586_none_7d5aaf055432589d\mrxsmb.sys
[2010/02/23 07:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) MD5=7AFC42E60432FD1014F5342F2B1B1F74 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18431_none_7f7205535134d0e9\mrxsmb.sys
[2010/02/23 09:14:41 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=8AF705CE1BB907932157FAB821170F27 -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 09:14:41 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=8AF705CE1BB907932157FAB821170F27 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.17025_none_7d9a6dfd5402bf7e\mrxsmb.sys
[2010/02/23 07:30:49 | 000,102,912 | ---- | M] (Microsoft Corporation) MD5=BBB0D31B477CFF3B4F737ED0367F635F -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.21230_none_7e143b506d2cf9ad\mrxsmb.sys
[2008/01/19 01:28:36 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C4AD205530888404E2B5FC8D9319B119 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.18000_none_7f916d35511d6f23\mrxsmb.sys
[2010/02/23 07:30:23 | 000,106,496 | ---- | M] (Microsoft Corporation) MD5=D92DB980E8F791286750127C8E371A7D -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6001.22641_none_7ff0d4186a5a89cb\mrxsmb.sys
[2008/01/03 07:34:14 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=DC5632CBC8A3D02CE1114DEBB64B7037 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.20709_none_7e3dcdf46d0c620b\mrxsmb.sys
[2006/11/02 04:31:21 | 000,101,888 | ---- | M] (Microsoft Corporation) MD5=FCA7563D87F71C6DB0182CA67CC19AA7 -- C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.0.6000.16386_none_7d5aab3954325e4f\mrxsmb.sys

[color=#A23BEC]< MD5 for: MRXSMB10.SYS >/color
[2008/12/06 05:49:48 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0883E1ADA541F4201ECAF63C29F2DCAC -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22252_none_88fa1b3264b308d9\mrxsmb10.sys
[2008/12/06 05:49:48 | 000,212,480 | ---- | M] (Microsoft Corporation) MD5=0A986B34F1678A2697574D7B1664E2DD -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18130_none_88841dab4b86fe7f\mrxsmb10.sys
[2010/02/23 07:10:19 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=2A4901AFF069944FA945ED5BBF4DCDE3 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8a8337e1489a5c62\mrxsmb10.sys
[2008/12/06 05:49:48 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=2BBD3970018270D2C6A0B069F568154E -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16738_none_86a5e1554e593846\mrxsmb10.sys
[2010/02/23 07:16:58 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=32E743994055D8D4729E2F2E0EF4758D -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8aef65c661cd9c04\mrxsmb10.sys
[2010/02/23 09:14:51 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=47E13AB23371BE3279EEF22BBFA2C1BE -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 09:14:51 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=47E13AB23371BE3279EEF22BBFA2C1BE -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.17025_none_86ad8c514e53fde0\mrxsmb10.sys
[2010/02/23 07:30:28 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=581305791239FAC6B5B4225AB0C7A7E4 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8903f26c64abc82d\mrxsmb10.sys
[2006/11/02 04:31:27 | 000,211,456 | ---- | M] (Microsoft Corporation) MD5=58A9AB5754FA4CABEDE7401283B5A771 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.16386_none_866dc98d4e839cb1\mrxsmb10.sys
[2008/01/19 01:28:42 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=67E55CED3FC143C82A8197988BFC1F9A -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18000_none_88a48b894b6ead85\mrxsmb10.sys
[2010/02/23 07:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) MD5=8A75752AE17924F65452746674B14B78 -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6001.18431_none_888523a74b860f4b\mrxsmb10.sys
[2010/02/23 07:30:59 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=A6130566AC4178473B5DAC8F8F74407D -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.21230_none_872759a4677e380f\mrxsmb10.sys
[2008/12/06 05:49:48 | 000,211,968 | ---- | M] (Microsoft Corporation) MD5=F813456C00B904DC3B6558CAD7B13BBA -- C:\Windows\winsxs\x86_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.0.6000.20904_none_874beea267621c08\mrxsmb10.sys

[color=#A23BEC]< MD5 for: MRXSMB20.SYS >/color
[2010/02/23 07:10:13 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=28B3F1AB44BDD4432C041581412F17D9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.18213_none_8cb9a1f386f18fd3\mrxsmb20.sys
[2008/01/03 07:34:14 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=30A67C7D8B80281028916DED6A64AEC9 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16586_none_88a4376b8cdaca70\mrxsmb20.sys
[2008/01/19 01:28:37 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=3268B8C3FA92BFC086355C39B45E9CC9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18000_none_8adaf59b89c5e0f6\mrxsmb20.sys
[2010/02/23 07:30:53 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=3D475E770D3AB2D0C5E3E1386871F9DA -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.21230_none_895dc3b6a5d56b80\mrxsmb20.sys
[2008/01/03 07:34:14 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=5334E68E89628A117255B936B204977F -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.20709_none_8987565aa5b4d3de\mrxsmb20.sys
[2006/11/02 04:31:17 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=79B09504E4A790104683722CD04F76B4 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.16386_none_88a4339f8cdad022\mrxsmb20.sys
[2010/02/23 09:14:42 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=90B3FC7BD6B3D7EE7635DEBBA2187F66 -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/23 09:14:42 | 000,058,368 | ---- | M] (Microsoft Corporation) MD5=90B3FC7BD6B3D7EE7635DEBBA2187F66 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6000.17025_none_88e3f6638cab3151\mrxsmb20.sys
[2010/02/23 07:16:50 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=98A085E296A9BA865CAE56C1BCB1A0F6 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6002.22346_none_8d25cfd8a024cf75\mrxsmb20.sys
[2010/02/23 07:30:23 | 000,079,360 | ---- | M] (Microsoft Corporation) MD5=A4BD317F6D6AD2B3A1FF81DC063748D4 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.22641_none_8b3a5c7ea302fb9e\mrxsmb20.sys
[2010/02/23 07:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=F4D0F3252E651F02BE64984FFA738394 -- C:\Windows\winsxs\x86_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.0.6001.18431_none_8abb8db989dd42bc\mrxsmb20.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >/color
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\System32\drivers\ndis.sys
[2006/11/02 05:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008/01/19 03:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >/color
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006/11/02 05:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 03:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >/color
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 03:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[color=#A23BEC]< MD5 for: RASACD.SYS >/color
[2008/01/19 01:56:31 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=147D7F9C556D259924351FEB0DE606C3 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6001.18000_none_0fd9feb665531f63\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\System32\drivers\rasacd.sys
[2006/11/02 04:58:13 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=BD7B30F55B3649506DD8B3D38F571D2A -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.0.6000.16386_none_0da33cba68680e8f\rasacd.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >/color
[2008/01/19 03:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006/11/02 05:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[color=#A23BEC]< MD5 for: STORPORT.SYS >/color
[2008/01/19 03:43:12 | 000,123,960 | ---- | M] (Microsoft Corporation) MD5=39AD2C7B9C05C1CCD12480890DBA4EB5 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6001.18000_none_277c4ea9302ee5d3\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\System32\drivers\Storport.sys
[2006/11/02 05:50:47 | 000,117,864 | ---- | M] (Microsoft Corporation) MD5=ED386E31D263448B2ED36D4839F2CA04 -- C:\Windows\winsxs\x86_microsoft-windows-storport_31bf3856ad364e35_6.0.6000.16386_none_25458cad3343d4ff\Storport.sys

[color=#A23BEC]< MD5 for: TERMDD.SYS >/color
[2006/11/02 05:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=2C549BD9DD091FBFAA0A2A48E82EC2FB -- C:\Windows\System32\drivers\termdd.sys
[2006/11/02 05:50:28 | 000,050,792 | ---- | M] (Microsoft Corporation) MD5=2C549BD9DD091FBFAA0A2A48E82EC2FB -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\termdd.sys
[2008/01/19 03:42:19 | 000,054,328 | ---- | M] (Microsoft Corporation) MD5=A048056F5E1A96A9BF3071B91741A5AA -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\termdd.sys

[color=#A23BEC]< MD5 for: WIN32K.SYS >/color
[2007/08/10 02:57:34 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=00D35636A02BB4529A707FA4E0B7F957 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20537_none_b77d6655b68fe37f\win32k.sys
[2008/08/30 06:52:44 | 002,028,544 | ---- | M] (Microsoft Corporation) MD5=0FB1E39EE209B26B70A8C1E1A56D38DF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20782_none_b7425913b6bceacf\win32k.sys
[2009/04/21 07:55:06 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=13D686DF9652E7A397B2C3DA89881C34 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18246_none_b8ce3f929aa1cbdc\win32k.sys
[2009/08/14 09:53:16 | 002,035,712 | ---- | M] (Microsoft Corporation) MD5=18406CE410C1A4394FE1A8246D10567F -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18311_none_b8e9afca9a8df67d\win32k.sys
[2009/08/14 09:29:56 | 002,045,440 | ---- | M] (Microsoft Corporation) MD5=26AC4A647E67C7A7064309CBF1AAE3AC -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22200_none_bb639005b0cab34a\win32k.sys
[2009/02/08 22:54:45 | 002,033,664 | ---- | M] (Microsoft Corporation) MD5=33180D19BCCBF9CB6B96CE03BB613FD4 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22372_none_b9336b71b3db5a1d\win32k.sys
[2006/11/02 04:39:12 | 002,026,496 | ---- | M] (

bxlucky · Answer

la suite

C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22372_none_b9336b71b3db5a1d\win32k.sys
[2006/11/02 04:39:12 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=47754A68CC02A84DBD8413396368D963 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16386_none_b6bcb7be9d9bb8ec\win32k.sys
[2008/12/06 05:48:58 | 002,029,568 | ---- | M] (Microsoft Corporation) MD5=541DF3F03A378BDD96A917A4CB8C71A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20922_none_b7833c67b68c3d77\win32k.sys
[2008/08/30 06:52:43 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=5B1E0409A9A6C415543732F21B2B7CC6 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22125_none_b96c781fb3b0201f\win32k.sys
[2009/02/08 23:10:34 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=5CAE6E4513342909C7FDA4F83D85E958 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18211_none_b8e9ade49a8df956\win32k.sys
[2009/04/21 07:55:42 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=633B5887DC689EB3ECF2F0994F506F40 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21044_none_b76f7545b69adb49\win32k.sys
[2008/01/19 01:37:02 | 002,031,616 | ---- | M] (Microsoft Corporation) MD5=664FCB81B53ECC5A1ACB325D50EB11C0 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18000_none_b8f379ba9a86c9c0\win32k.sys
[2009/02/08 21:54:23 | 002,030,080 | ---- | M] (Microsoft Corporation) MD5=6730B1581BBE610596C322465229D8A2 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21006_none_b79cb589b6789e33\win32k.sys
[2009/02/08 21:59:26 | 002,028,032 | ---- | M] (Microsoft Corporation) MD5=68D3921F210FC146876B7815DF5BCC41 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16816_none_b70870b09d62e718\win32k.sys
[2008/08/30 06:52:44 | 002,027,008 | ---- | M] (Microsoft Corporation) MD5=6FF39E07708091C05FC748DB2DE833EA -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16646_none_b6e7fd209d7b409d\win32k.sys
[2007/08/10 02:57:34 | 002,026,496 | ---- | M] (Microsoft Corporation) MD5=832313608F8B128EC715047CF27732CF -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16438_none_b6f4c9d49d715d0c\win32k.sys
[2009/08/14 09:27:17 | 002,036,736 | ---- | M] (Microsoft Corporation) MD5=8705038245789561EE714D12CC3368CE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18091_none_ba79a25297f52b29\win32k.sys
[2008/12/06 05:48:57 | 002,033,152 | ---- | M] (Microsoft Corporation) MD5=8BE357305D4BBEC35DBBE7D5536EE8C9 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22271_none_b9326941b3dc439f\win32k.sys
[2008/08/30 06:52:44 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=8F2DA4DDC21250ABA9206352A1080299 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18027_none_b8e4dbe89a90b303\win32k.sys
[2008/12/06 05:48:58 | 002,032,640 | ---- | M] (Microsoft Corporation) MD5=9304DD0014438C06261994960E24418A -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.18145_none_b8cd3d629aa2b55e\win32k.sys
[2009/08/14 10:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) MD5=9352E049F234BFA756C840CD8BDF4FFE -- C:\Windows\System32\win32k.sys
[2009/08/14 10:01:34 | 002,031,104 | ---- | M] (Microsoft Corporation) MD5=9352E049F234BFA756C840CD8BDF4FFE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16908_none_b71543169d58fafc\win32k.sys
[2009/04/21 07:39:47 | 002,034,688 | ---- | M] (Microsoft Corporation) MD5=A1696D4E327DB3FC815DAE837DC3D8B8 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.18023_none_bac7525a97ba9a40\win32k.sys
[2008/12/06 05:48:58 | 002,027,520 | ---- | M] (Microsoft Corporation) MD5=A90760D6F915CBB28E7F240668881BDE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16754_none_b6db2e869d852707\win32k.sys
[2009/04/21 07:42:33 | 002,034,688 | ---- | M] (Microsoft Corporation) MD5=AB4D93D30AA6B51598ADAFB6AAAB5962 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6002.22119_none_bb61c0cdb0cab623\win32k.sys
[2009/08/14 09:46:38 | 002,036,224 | ---- | M] (Microsoft Corporation) MD5=D4F9530BB031E0BAEDBE08B21BE52ADD -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22497_none_b922cef1b3e70dd9\win32k.sys
[2008/01/05 03:16:46 | 002,027,008 | ---- | M] (Microsoft Corporation) MD5=D5D8B98DF632E47185B36CD67AFAF42E -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16551_none_b6d829dc9d87e0b4\win32k.sys
[2009/04/21 09:26:36 | 002,034,176 | ---- | M] (Microsoft Corporation) MD5=D8882CAF965DCBDE4278C88842D0ACFE -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6001.22416_none_b9784e07b3a714fa\win32k.sys
[2008/01/05 03:16:46 | 002,028,544 | ---- | M] (Microsoft Corporation) MD5=EB58A5AD90B05A75EE824635E150FA0B -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.20670_none_b74b2685b6b69f09\win32k.sys
[2009/04/21 08:04:30 | 002,028,032 | ---- | M] (Microsoft Corporation) MD5=F0F292B8E028D69ACF49A9A78FBE4B78 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.16849_none_b6eb01ca9d7886f0\win32k.sys
[2009/08/15 17:08:32 | 002,032,128 | ---- | M] (Microsoft Corporation) MD5=F140B984628DA0171AC67548A0515572 -- C:\Windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.0.6000.21108_none_b79eb803b676ce08\win32k.sys

[color=#A23BEC]< MD5 for: WININIT.EXE >/color
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >/color
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< %systemroot%\*. /mp /s >/color

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >/color
[2006/11/02 05:46:04 | 000,139,264 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\fontext.dll
[2008/11/06 08:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5/b -- C:\Windows\system32\shell32.dll

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >/color

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >/color

[color=#A23BEC]< %systemroot%\System32\config\*.sav >/color
[2007/08/10 10:43:28 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/08/10 10:43:26 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/08/10 10:43:28 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/08/10 10:43:38 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/08/10 10:43:39 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

[color=#A23BEC]< CREATERESTOREPOINT >/color

[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========/color
[C:\Windows\$NtUninstallKB32385$] -> -> Unknown point type

[color=#E56717]========== Alternate Data Streams ==========/color

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:E74DF3B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:08F16DBB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FF8F1AE3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:38849DE5
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:4F58D818
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:BBAEBA91
< End of report >

Utilisateur anonyme · Answer

Bonsoir

* Double-clique sur l'icone OTLPE 
* quand demandé "Do you wish to load the remote registry", selectionne "Yes" 
* quand demandé "Do you wish to load remote user profile(s) for scanning", selectionne "Yes" 
* verifier que "Automatically Load All Remaining Users" est sélectionné et presse OK 


http://imagesup.org/image 

* sous Custom Scan box copie_colle le tout ci dessous et clic RUNFIX 


:OTL
O4 - HKLM..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe () 
O4 - HKU\.DEFAULT..\Run: [QJa8hs7QNbxt4uL] C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe () 
O4 - HKU\bruno_ON_C..\Run: [QJa8hs7QNbxt4uL] C:\Users\bruno\AppData\Roaming\ram_reserver64.exe () 
O20 - HKLM Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe () 
O20 - HKLM Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe () 
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe () 
O20 - HKU\.DEFAULT Winlogon: UserInit - (C:\Windows\system32\config\systemprofile\AppData\Roaming\ram_reserver64.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\ram_reserver64.exe () 
O20 - HKU\bruno_ON_C Winlogon: Shell - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe () 
O20 - HKU\bruno_ON_C Winlogon: UserInit - (C:\Users\bruno\AppData\Roaming\ram_reserver64.exe) - C:\Users\bruno\AppData\Roaming\ram_reserver64.exe () 


:Files
C:\Users\bruno\AppData\Roaming\ram_reserver64.exe
c:\windows\system32\config\systemprofile\appdata\roaming\ram_reserver64.exe



tu conserves le rapport qui s'affiche ; et tu le copies et colles dans ta prochaine réponse


@+

kitty83 · Answer

Alors  j'ai eu aussi ce virus et j'ai simplement supprimer ma session (si tu as 2 sessions biensure)

bxlucky · Answer

bonjour,

le rapport

:========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QJa8hs7QNbxt4uL deleted successfully.
C:\Users\bruno\AppData\Roamingam_reserver64.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\QJa8hs7QNbxt4uL deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roamingam_reserver64.exe moved successfully.
Registry value HKEY_USERS\bruno_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\QJa8hs7QNbxt4uL deleted successfully.
File C:\Users\bruno\AppData\Roamingam_reserver64.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:C:\Users\bruno\AppData\Roamingam_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roamingam_reserver64.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit:C:\Users\bruno\AppData\Roamingam_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roamingam_reserver64.exe not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:C:\Windows\system32\config\systemprofile\AppData\Roamingam_reserver64.exe deleted successfully.
File C:\Windows\System32\config\systemprofile\AppData\Roamingam_reserver64.exe not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit:C:\Windows\system32\config\systemprofile\AppData\Roamingam_reserver64.exe deleted successfully.
File C:\Windows\System32\config\systemprofile\AppData\Roamingam_reserver64.exe not found.
Registry value HKEY_USERS\bruno_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell:C:\Users\bruno\AppData\Roamingam_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roamingam_reserver64.exe not found.
Registry value HKEY_USERS\bruno_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit:C:\Users\bruno\AppData\Roamingam_reserver64.exe deleted successfully.
File C:\Users\bruno\AppData\Roamingam_reserver64.exe not found.
========== FILES ==========
File\Folder C:\Users\bruno\AppData\Roamingam_reserver64.exe not found.
File\Folder c:\windows\system32\config\systemprofile\appdataoamingam_reserver64.exe not found.
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 04282012_160122

Utilisateur anonyme · Answer

Bonjour

Démarre ton PC normalement et dis moi si cela fonctionne.
Merci

@+

bxlucky · Answer

donc la j ai recupere la barre d outil en bas mais j ai le bureau qui est tout noir

Utilisateur anonyme · Answer

Re

[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy) 
[*] Quitter tous les programmes 
[*] Lancer RogueKiller.exe. 
[*] Attendre que le Prescan ait fini ... 
[*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du rapport

@+

bxlucky · Answer

rapport

RogueKiller V7.3.3 [22/04/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur: bruno [Droits d'admin]
Mode: Recherche -- Date: 28/04/2012 16:34:59

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\Windows\TEMP\htmijn\setup.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 +++++
--- User ---
[MBR] 811e76da944838bce900feb144bdf687
[BSP] 7d49a6c1e563065849e287f0934e3071 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 71448 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166793216 | Size: 71184 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt

Utilisateur anonyme · Answer

Re

Relance Roguekiller option suppression
Poste moi ce rapport
Merci

@+

bxlucky · Answer

voila

RogueKiller V7.3.3 [22/04/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6000 ) 32 bits version
Demarrage : Mode normal
Utilisateur: bruno [Droits d'admin]
Mode: Suppression -- Date: 28/04/2012 16:57:56

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] setup.exe -- C:\Windows\TEMP\htmijn\setup.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 6 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> DELETED
[HJPOL] HKCU\[...]\Policies\Explorer\Explorer : NoDesktop (1) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542516K9SA00 +++++
--- User ---
[MBR] 811e76da944838bce900feb144bdf687
[BSP] 7d49a6c1e563065849e287f0934e3071 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 71448 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 166793216 | Size: 71184 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Utilisateur anonyme · Answer

Re

Quelles sont les nouvelles?

à+

bxlucky · Answer

ben je sais pas fo que je relance la ?

bxlucky · Answer

j'ai recupere le bureau

Utilisateur anonyme · Answer

Re


1)Télécharge Malwaresbytes anti malware ici  
http://www.malwarebytes.org/mbam.php

Bouton »Download free version »
 
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et  mets le à jour .   

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ 

* Potasse le tuto pour te familiariser avec le prg : 

https://forum.pcastuces.com/sujet.asp?f=31&s=3 

(cela dis, il est très simple d'utilisation). 

relance Malwaresbytes en suivant scrupuleusement ces consignes : 

! Déconnecte toi et ferme toutes applications en cours ! 

* Lance Malwarebyte's.   Sous Vista et Seven   (clic droit de la souris « exécuter en tant que administrateur »)

*Procèdes à une mise à jour

*Fais un examen dit "Complet"

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ). 
--> à la fin tu cliques sur  "Afficher les résultats" "   . 
--> Vérifie que tous les objets infectés soient validés, puis  clique sur " supprimer la sélection "   . 

 Note   : si il faut redémarrer ton PC pour finir le nettoyage, fais le ! 


 Poste le rapport sauvegardé après la suppression des objets infectés   (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)




2)Et bien maintenant il faut mettre à jour ton PC et le maintenir.

Pour vérifier les mises à jour logiciels à appliquer sur ton PC
https://www.flexera.com/products/operations/software-vulnerability-management.html
Divers liens te seront proposés pour les logiciels non à jour.


Tiens moi au courant


@+

bxlucky · Answer

il y a autre chose a faire?

bxlucky · Answer

Malwarebytes Anti-Malware (Essai) 1.61.0.1400
www.malwarebytes.org

Version de la base de données: v2012.04.28.04

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
bruno :: PC-DE-BRUNO [administrateur]

Protection: Activé

28/04/2012 17:36:30
mbam-log-2012-04-28 (17-36-30).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 308463
Temps écoulé: 1 heure(s), 5 minute(s), 40 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 2
C:\Windows\System32\Pcatip.dll (RootKit.0Access.H) -> Suppression au redémarrage.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Suppression au redémarrage.

Clé(s) du Registre détectée(s): 5
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Mis en quarantaine et supprimé avec succès.
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.
HKCR\sp (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Données: sp -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Données:  -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Données: SPService^^ -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 10
C:\Windows\System32\Pcatip.dll (RootKit.0Access.H) -> Suppression au redémarrage.
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Suppression au redémarrage.
C:\Users\bruno\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4Q0KREUK\calc[1].exe (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\CdaD10BA.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\Intels51.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\lusbaudio.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32	oshidpt.dll (RootKit.0Access.H) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\Temp\jvetks\setup.exe (Trojan.Winlock.P) -> Mis en quarantaine et supprimé avec succès.
C:\_OTL\MovedFiles\04282012_160122\C_Users\bruno\AppData\Roamingam_reserver64.exe (Trojan.Winlock.P) -> Mis en quarantaine et supprimé avec succès.
C:\_OTL\MovedFiles\04282012_160122\C_Windows\System32\config\systemprofile\AppData\Roamingam_reserver64.exe (Trojan.Winlock.P) -> Mis en quarantaine et supprimé avec succès.

(fin)

bxlucky · Answer

en tout cas un grand merci pour ton aide, je vais faire les mises a jour

Utilisateur anonyme · Answer

Re

 Télécharge TDSSKiller 

    *Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
    * Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.


Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut. 
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée. 
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée. 
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas 
Si Suspicious file est indiqué, laisse l''option cochée sur Skip 
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer 

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau
    
Poste moi son rapport à l'issue; merci

@+

bxlucky · Answer

je trouve pas le rapport

Utilisateur anonyme · Answer

Re

Regarde à C:\TDSSKiller_N°Version_Date_Heure.txt 

@+

bxlucky · Answer

19:23:43.0576 7448 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43 19:23:43.0783 7448 ============================================================ 19:23:43.0783 7448 Current date / time: 2012/04/28 19:23:43.0783 19:23:43.0783 7448 SystemInfo: 19:23:43.0783 7448 19:23:43.0783 7448 OS Version: 6.0.6000 ServicePack: 0.0 19:23:43.0783 7448 Product type: Workstation 19:23:43.0783 7448 ComputerName: PC-DE-BRUNO 19:23:43.0783 7448 UserName: bruno 19:23:43.0783 7448 Windows directory: C:\Windows 19:23:43.0783 7448 System windows directory: C:\Windows 19:23:43.0783 7448 Processor architecture: Intel x86 19:23:43.0783 7448 Number of processors: 2 19:23:43.0783 7448 Page size: 0x1000 19:23:43.0783 7448 Boot type: Normal boot 19:23:43.0783 7448 ============================================================ 19:23:44.0503 7448 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 19:23:44.0633 7448 ============================================================ 19:23:44.0633 7448 \Device\Harddisk0\DR0: 19:23:44.0633 7448 MBR partitions: 19:23:44.0633 7448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x1385000, BlocksNum 0x8B8C000 19:23:44.0633 7448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9F11000, BlocksNum 0x8B08000 19:23:44.0633 7448 ============================================================ 19:23:44.0673 7448 C: <-> \Device\Harddisk0\DR0\Partition0 19:23:44.0713 7448 D: <-> \Device\Harddisk0\DR0\Partition1 19:23:44.0713 7448 ============================================================ 19:23:44.0713 7448 Initialize success 19:23:44.0713 7448 ============================================================ 19:23:49.0503 7548 ============================================================ 19:23:49.0503 7548 Scan started 19:23:49.0503 7548 Mode: Manual; 19:23:49.0503 7548 ============================================================ 19:23:52.0646 7548 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 19:23:52.0646 7548 ACPI - ok 19:23:52.0706 7548 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 19:23:52.0716 7548 adp94xx - ok 19:23:52.0766 7548 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 19:23:52.0786 7548 adpahci - ok 19:23:52.0816 7548 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 19:23:52.0826 7548 adpu160m - ok 19:23:52.0856 7548 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 19:23:52.0876 7548 adpu320 - ok 19:23:52.0926 7548 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 19:23:52.0926 7548 AeLookupSvc - ok 19:23:52.0956 7548 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 19:23:52.0966 7548 AFD - ok 19:23:53.0006 7548 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 19:23:53.0016 7548 agp440 - ok 19:23:53.0066 7548 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 19:23:53.0086 7548 aic78xx - ok 19:23:53.0096 7548 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe 19:23:53.0096 7548 ALG - ok 19:23:53.0136 7548 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 19:23:53.0136 7548 aliide - ok 19:23:53.0156 7548 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 19:23:53.0166 7548 amdagp - ok 19:23:53.0186 7548 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 19:23:53.0196 7548 amdide - ok 19:23:53.0216 7548 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 19:23:53.0216 7548 AmdK7 - ok 19:23:53.0246 7548 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 19:23:53.0256 7548 AmdK8 - ok 19:23:53.0346 7548 AMService - ok 19:23:53.0396 7548 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys 19:23:53.0406 7548 ApfiltrService - ok 19:23:53.0436 7548 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll 19:23:53.0436 7548 Appinfo - ok 19:23:53.0476 7548 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 19:23:53.0486 7548 arc - ok 19:23:53.0506 7548 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 19:23:53.0516 7548 arcsas - ok 19:23:53.0556 7548 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 19:23:53.0556 7548 AsyncMac - ok 19:23:53.0586 7548 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 19:23:53.0596 7548 atapi - ok 19:23:53.0656 7548 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys 19:23:53.0666 7548 athr - ok 19:23:53.0716 7548 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll 19:23:53.0716 7548 AudioEndpointBuilder - ok 19:23:53.0736 7548 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll 19:23:53.0736 7548 Audiosrv - ok 19:23:53.0786 7548 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys 19:23:53.0816 7548 b57nd60x - ok 19:23:53.0906 7548 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 19:23:53.0916 7548 BBSvc - ok 19:23:53.0976 7548 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 19:23:53.0986 7548 BBUpdate - ok 19:23:54.0066 7548 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 19:23:54.0066 7548 Beep - ok 19:23:54.0196 7548 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\System32\qmgr.dll 19:23:54.0216 7548 BITS - ok 19:23:54.0226 7548 blbdrive - ok 19:23:54.0276 7548 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 19:23:54.0276 7548 bowser - ok 19:23:54.0316 7548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 19:23:54.0336 7548 BrFiltLo - ok 19:23:54.0356 7548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 19:23:54.0366 7548 BrFiltUp - ok 19:23:54.0406 7548 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll 19:23:54.0416 7548 Browser - ok 19:23:54.0446 7548 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 19:23:54.0466 7548 Brserid - ok 19:23:54.0496 7548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 19:23:54.0506 7548 BrSerWdm - ok 19:23:54.0546 7548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 19:23:54.0556 7548 BrUsbMdm - ok 19:23:54.0576 7548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 19:23:54.0586 7548 BrUsbSer - ok 19:23:54.0626 7548 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 19:23:54.0626 7548 BTHMODEM - ok 19:23:54.0726 7548 ccEvtMgr (e7aab1a32ac2eea4c4b735b8d034c802) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 19:23:54.0726 7548 ccEvtMgr - ok 19:23:54.0736 7548 ccSetMgr (e7aab1a32ac2eea4c4b735b8d034c802) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 19:23:54.0736 7548 ccSetMgr - ok 19:23:54.0766 7548 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 19:23:54.0766 7548 cdfs - ok 19:23:54.0786 7548 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 19:23:54.0786 7548 cdrom - ok 19:23:54.0826 7548 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll 19:23:54.0826 7548 CertPropSvc - ok 19:23:54.0836 7548 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\DRIVERS\circlass.sys 19:23:54.0846 7548 circlass - ok 19:23:54.0906 7548 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 19:23:54.0916 7548 CLFS - ok 19:23:54.0986 7548 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:23:55.0006 7548 clr_optimization_v2.0.50727_32 - ok 19:23:55.0016 7548 CLTNetCnService (e7aab1a32ac2eea4c4b735b8d034c802) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe 19:23:55.0016 7548 CLTNetCnService - ok 19:23:55.0056 7548 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 19:23:55.0066 7548 CmBatt - ok 19:23:55.0096 7548 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 19:23:55.0106 7548 cmdide - ok 19:23:55.0156 7548 cmuda - ok 19:23:55.0196 7548 comHost (7ce352882828c12dd7632b172253a02c) C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe 19:23:55.0216 7548 comHost - ok 19:23:55.0246 7548 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 19:23:55.0246 7548 Compbatt - ok 19:23:55.0246 7548 COMSysApp - ok 19:23:55.0266 7548 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 19:23:55.0266 7548 crcdisk - ok 19:23:55.0296 7548 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 19:23:55.0306 7548 Crusoe - ok 19:23:55.0346 7548 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll 19:23:55.0356 7548 CryptSvc - ok 19:23:55.0426 7548 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32 pcss.dll 19:23:55.0436 7548 DcomLaunch - ok 19:23:55.0496 7548 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 19:23:55.0496 7548 DfsC - ok 19:23:55.0686 7548 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe 19:23:55.0736 7548 DFSR - ok 19:23:55.0876 7548 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll 19:23:55.0886 7548 Dhcp - ok 19:23:55.0926 7548 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 19:23:55.0926 7548 disk - ok 19:23:55.0946 7548 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 19:23:55.0956 7548 DKbFltr - ok 19:23:55.0996 7548 Dnscache (eecba1dd142bf8693c476be8f32fe253) C:\Windows\System32\dnsrslvr.dll 19:23:56.0006 7548 Dnscache - ok 19:23:56.0026 7548 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll 19:23:56.0036 7548 dot3svc - ok 19:23:56.0056 7548 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll 19:23:56.0066 7548 DPS - ok 19:23:56.0116 7548 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 19:23:56.0126 7548 DritekPortIO - ok 19:23:56.0146 7548 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 19:23:56.0156 7548 drmkaud - ok 19:23:56.0226 7548 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys 19:23:56.0226 7548 DXGKrnl - ok 19:23:56.0256 7548 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 19:23:56.0266 7548 E1G60 - ok 19:23:56.0296 7548 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll 19:23:56.0296 7548 EapHost - ok 19:23:56.0326 7548 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 19:23:56.0326 7548 Ecache - ok 19:23:56.0456 7548 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe 19:23:56.0476 7548 eDataSecurity Service - ok 19:23:56.0606 7548 eeCtrl (fb069d8270853023f6e315745b5bbad4) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 19:23:56.0626 7548 eeCtrl - ok 19:23:56.0686 7548 ehRecvr (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe 19:23:56.0696 7548 ehRecvr - ok 19:23:56.0716 7548 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 19:23:56.0716 7548 ehSched - ok 19:23:56.0726 7548 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 19:23:56.0736 7548 ehstart - ok 19:23:56.0786 7548 eLockService (fb5383bfd4dec6792aaef76c9343ecff) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe 19:23:56.0796 7548 eLockService - ok 19:23:56.0946 7548 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 19:23:56.0966 7548 elxstor - ok 19:23:57.0046 7548 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll 19:23:57.0056 7548 EMDMgmt - ok 19:23:57.0086 7548 enecir (29dcaeb81dde6f154aa4d36b18ecbb1f) C:\Windows\system32\DRIVERS\enecir.sys 19:23:57.0096 7548 enecir - ok 19:23:57.0146 7548 eNet Service (9316c26f089cf2cea2bd1496ac9f38a4) C:\Acer\Empowering Technology\eNet\eNet Service.exe 19:23:57.0166 7548 eNet Service - ok 19:23:57.0206 7548 eRecoveryService (3d184410ef5ee017e186ac96181b3ff8) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 19:23:57.0216 7548 eRecoveryService - ok 19:23:57.0236 7548 eSettingsService (cf2584cdf90da24d3044021aaad5dbab) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe 19:23:57.0246 7548 eSettingsService - ok 19:23:57.0306 7548 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll 19:23:57.0316 7548 EventSystem - ok 19:23:57.0346 7548 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 19:23:57.0346 7548 fastfat - ok 19:23:57.0396 7548 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 19:23:57.0406 7548 fdc - ok 19:23:57.0456 7548 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll 19:23:57.0456 7548 fdPHost - ok 19:23:57.0486 7548 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 19:23:57.0486 7548 FDResPub - ok 19:23:57.0496 7548 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 19:23:57.0506 7548 FileInfo - ok 19:23:57.0536 7548 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 19:23:57.0536 7548 Filetrace - ok 19:23:57.0546 7548 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 19:23:57.0556 7548 flpydisk - ok 19:23:57.0576 7548 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 19:23:57.0586 7548 FltMgr - ok 19:23:57.0676 7548 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 19:23:57.0696 7548 FontCache3.0.0.0 - ok 19:23:57.0726 7548 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys 19:23:57.0736 7548 fssfltr - ok 19:23:57.0896 7548 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 19:23:57.0926 7548 fsssvc - ok 19:23:57.0966 7548 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 19:23:57.0966 7548 Fs_Rec - ok 19:23:57.0986 7548 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 19:23:57.0996 7548 gagp30kx - ok 19:23:58.0056 7548 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll 19:23:58.0066 7548 gpsvc - ok 19:23:58.0106 7548 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 19:23:58.0116 7548 HdAudAddService - ok 19:23:58.0136 7548 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:23:58.0136 7548 HDAudBus - ok 19:23:58.0166 7548 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 19:23:58.0176 7548 HidBth - ok 19:23:58.0196 7548 HidIr (f24393c44fdfe2e5e9f416fd3bdf98e2) C:\Windows\system32\DRIVERS\hidir.sys 19:23:58.0196 7548 HidIr - ok 19:23:58.0206 7548 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll 19:23:58.0216 7548 hidserv - ok 19:23:58.0236 7548 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys 19:23:58.0246 7548 HidUsb - ok 19:23:58.0266 7548 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll 19:23:58.0276 7548 hkmsvc - ok 19:23:58.0296 7548 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 19:23:58.0306 7548 HpCISSs - ok 19:23:58.0336 7548 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 19:23:58.0346 7548 HSFHWAZL - ok 19:23:58.0516 7548 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys 19:23:58.0566 7548 HSF_DPV - ok 19:23:58.0596 7548 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 19:23:58.0606 7548 HSXHWAZL - ok 19:23:58.0676 7548 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 19:23:58.0696 7548 HTTP - ok 19:23:58.0736 7548 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 19:23:58.0746 7548 i2omp - ok 19:23:58.0786 7548 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 19:23:58.0796 7548 i8042prt - ok 19:23:58.0896 7548 IAANTMON (ae38a12f79a4980ddb88f36514f8a1da) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe 19:23:58.0926 7548 IAANTMON - ok 19:23:58.0966 7548 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\DRIVERS\iaStor.sys 19:23:58.0966 7548 iaStor - ok 19:23:59.0016 7548 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 19:23:59.0026 7548 iaStorV - ok 19:23:59.0236 7548 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 19:23:59.0266 7548 idsvc - ok 19:23:59.0346 7548 IDSvix86 (78432a57d085328cf8baf125985425d2) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys 19:23:59.0366 7548 IDSvix86 - ok 19:23:59.0606 7548 igfx (f93a6b133a2fa961cd49ddbcc16449bb) C:\Windows\system32\DRIVERS\igdkmd32.sys 19:23:59.0646 7548 igfx - ok 19:23:59.0766 7548 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 19:23:59.0776 7548 iirsp - ok 19:23:59.0836 7548 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll 19:23:59.0836 7548 IKEEXT - ok 19:23:59.0916 7548 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys 19:23:59.0926 7548 int15 - ok 19:24:00.0126 7548 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys 19:24:00.0186 7548 IntcAzAudAddService - ok 19:24:00.0306 7548 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 19:24:00.0316 7548 intelide - ok 19:24:00.0336 7548 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 19:24:00.0336 7548 intelppm - ok 19:24:00.0376 7548 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll 19:24:00.0396 7548 IPBusEnum - ok 19:24:00.0416 7548 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:24:00.0416 7548 IpFilterDriver - ok 19:24:00.0456 7548 IpInIp - ok 19:24:00.0526 7548 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 19:24:00.0536 7548 IPMIDRV - ok 19:24:00.0566 7548 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 19:24:00.0576 7548 IPNAT - ok 19:24:00.0616 7548 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 19:24:00.0626 7548 IRENUM - ok 19:24:00.0666 7548 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 19:24:00.0666 7548 isapnp - ok 19:24:00.0706 7548 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 19:24:00.0706 7548 iScsiPrt - ok 19:24:00.0786 7548 ISPwdSvc (36474fde02f8422b8b1a52ead9894dbc) C:\Program Files\Norton Internet Security\isPwdSvc.exe 19:24:00.0806 7548 ISPwdSvc - ok 19:24:00.0826 7548 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 19:24:00.0836 7548 iteatapi - ok 19:24:00.0886 7548 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 19:24:00.0896 7548 iteraid - ok 19:24:00.0936 7548 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 19:24:00.0956 7548 kbdclass - ok 19:24:00.0986 7548 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys 19:24:00.0996 7548 kbdhid - ok 19:24:01.0036 7548 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 19:24:01.0046 7548 KeyIso - ok 19:24:01.0096 7548 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 19:24:01.0106 7548 KSecDD - ok 19:24:01.0146 7548 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll 19:24:01.0156 7548 KtmRm - ok 19:24:01.0196 7548 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\system32\srvsvc.dll 19:24:01.0196 7548 LanmanServer - ok 19:24:01.0236 7548 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll 19:24:01.0236 7548 LanmanWorkstation - ok 19:24:01.0306 7548 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 19:24:01.0326 7548 LightScribeService - ok 19:24:01.0606 7548 LiveUpdate (3c7fcbbc35e0a52ce9b12e9cc4f5b991) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 19:24:01.0696 7548 LiveUpdate - ok 19:24:01.0816 7548 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 19:24:01.0826 7548 lltdio - ok 19:24:01.0866 7548 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll 19:24:01.0886 7548 lltdsvc - ok 19:24:01.0906 7548 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 19:24:01.0916 7548 lmhosts - ok 19:24:01.0946 7548 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 19:24:01.0956 7548 LSI_FC - ok 19:24:01.0976 7548 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 19:24:01.0986 7548 LSI_SAS - ok 19:24:02.0006 7548 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 19:24:02.0016 7548 LSI_SCSI - ok 19:24:02.0036 7548 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 19:24:02.0036 7548 luafv - ok 19:24:02.0096 7548 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 19:24:02.0106 7548 MBAMProtector - ok 19:24:02.0176 7548 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 19:24:02.0196 7548 MBAMService - ok 19:24:02.0236 7548 Mcx2Svc (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll 19:24:02.0246 7548 Mcx2Svc - ok 19:24:02.0256 7548 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 19:24:02.0266 7548 mdmxsdk - ok 19:24:02.0306 7548 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 19:24:02.0316 7548 megasas - ok 19:24:02.0326 7548 meraksmtp - ok 19:24:02.0366 7548 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll 19:24:02.0366 7548 MMCSS - ok 19:24:02.0406 7548 MobilityService - ok 19:24:02.0426 7548 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 19:24:02.0426 7548 Modem - ok 19:24:02.0456 7548 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 19:24:02.0456 7548 monitor - ok 19:24:02.0506 7548 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 19:24:02.0516 7548 mouclass - ok 19:24:02.0546 7548 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 19:24:02.0556 7548 mouhid - ok 19:24:02.0586 7548 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 19:24:02.0586 7548 MountMgr - ok 19:24:02.0616 7548 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 19:24:02.0626 7548 mpio - ok 19:24:02.0656 7548 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 19:24:02.0666 7548 mpsdrv - ok 19:24:02.0686 7548 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 19:24:02.0696 7548 Mraid35x - ok 19:24:02.0726 7548 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 19:24:02.0726 7548 MRxDAV - ok 19:24:02.0756 7548 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:24:02.0756 7548 mrxsmb - ok 19:24:02.0796 7548 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:24:02.0796 7548 mrxsmb10 - ok 19:24:02.0846 7548 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:24:02.0856 7548 mrxsmb20 - ok 19:24:02.0886 7548 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\DRIVERS\msahci.sys 19:24:02.0886 7548 msahci - ok 19:24:02.0916 7548 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 19:24:02.0926 7548 msdsm - ok 19:24:02.0966 7548 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe 19:24:02.0986 7548 MSDTC - ok 19:24:03.0006 7548 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 19:24:03.0016 7548 Msfs - ok 19:24:03.0036 7548 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 19:24:03.0046 7548 msisadrv - ok 19:24:03.0106 7548 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll 19:24:03.0116 7548 MSiSCSI - ok 19:24:03.0126 7548 msiserver - ok 19:24:03.0146 7548 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 19:24:03.0156 7548 MSKSSRV - ok 19:24:03.0196 7548 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 19:24:03.0206 7548 MSPCLOCK - ok 19:24:03.0226 7548 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 19:24:03.0236 7548 MSPQM - ok 19:24:03.0256 7548 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 19:24:03.0266 7548 MsRPC - ok 19:24:03.0296 7548 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 19:24:03.0296 7548 mssmbios - ok 19:24:03.0306 7548 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 19:24:03.0316 7548 MSTEE - ok 19:24:03.0336 7548 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 19:24:03.0336 7548 Mup - ok 19:24:03.0376 7548 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll 19:24:03.0386 7548 napagent - ok 19:24:03.0426 7548 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS wifi.sys 19:24:03.0436 7548 NativeWifiP - ok 19:24:03.0546 7548 NAVENG (ef04748a7a7266edbdbe02b161a0685d) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS 19:24:03.0546 7548 NAVENG - ok 19:24:03.0646 7548 NAVEX15 (09f3bfdc47718459b42d696cb671f65f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS 19:24:03.0656 7548 NAVEX15 - ok 19:24:03.0736 7548 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers dis.sys 19:24:03.0736 7548 NDIS - ok 19:24:03.0776 7548 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS distapi.sys 19:24:03.0776 7548 NdisTapi - ok 19:24:03.0796 7548 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS disuio.sys 19:24:03.0796 7548 Ndisuio - ok 19:24:03.0816 7548 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS diswan.sys 19:24:03.0826 7548 NdisWan - ok 19:24:03.0846 7548 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 19:24:03.0846 7548 NDProxy - ok 19:24:04.0026 7548 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe 19:24:04.0076 7548 Nero BackItUp Scheduler 3 - ok 19:24:04.0096 7548 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS etbios.sys 19:24:04.0096 7548 NetBIOS - ok 19:24:04.0196 7548 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS etbt.sys 19:24:04.0196 7548 netbt - ok 19:24:04.0226 7548 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 19:24:04.0226 7548 Netlogon - ok 19:24:04.0276 7548 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32 etman.dll 19:24:04.0276 7548 Netman - ok 19:24:04.0336 7548 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32 etprofm.dll 19:24:04.0346 7548 netprofm - ok 19:24:04.0486 7548 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:24:04.0506 7548 NetTcpPortSharing - ok 19:24:04.0676 7548 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 19:24:04.0696 7548 NETw3v32 - ok 19:24:04.0966 7548 NETw4v32 (cb3af516a6797b27725e3f1e73f3496c) C:\Windows\system32\DRIVERS\NETw4v32.sys 19:24:05.0026 7548 NETw4v32 - ok 19:24:05.0156 7548 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers frd960.sys 19:24:05.0156 7548 nfrd960 - ok 19:24:05.0196 7548 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32 lasvc.dll 19:24:05.0196 7548 NlaSvc - ok 19:24:05.0366 7548 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe 19:24:05.0376 7548 NMIndexingService - ok 19:24:05.0396 7548 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 19:24:05.0406 7548 Npfs - ok 19:24:05.0446 7548 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32 sisvc.dll 19:24:05.0446 7548 nsi - ok 19:24:05.0506 7548 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers siproxy.sys 19:24:05.0516 7548 nsiproxy - ok 19:24:05.0626 7548 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 19:24:05.0636 7548 Ntfs - ok 19:24:05.0676 7548 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 19:24:05.0686 7548 NTIDrvr - ok 19:24:05.0706 7548 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers trigdigi.sys 19:24:05.0716 7548 ntrigdigi - ok 19:24:05.0736 7548 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 19:24:05.0736 7548 Null - ok 19:24:05.0766 7548 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers vraid.sys 19:24:05.0766 7548 nvraid - ok 19:24:05.0796 7548 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers vstor.sys 19:24:05.0806 7548 nvstor - ok 19:24:05.0826 7548 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers v_agp.sys 19:24:05.0836 7548 nv_agp - ok 19:24:05.0836 7548 NwlnkFlt - ok 19:24:05.0846 7548 NwlnkFwd - ok 19:24:05.0996 7548 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:24:06.0016 7548 odserv - ok 19:24:06.0046 7548 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 19:24:06.0056 7548 ohci1394 - ok 19:24:06.0096 7548 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:24:06.0106 7548 ose - ok 19:24:06.0186 7548 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 19:24:06.0216 7548 p2pimsvc - ok 19:24:06.0226 7548 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 19:24:06.0236 7548 p2psvc - ok 19:24:06.0276 7548 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 19:24:06.0286 7548 Parport - ok 19:24:06.0296 7548 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 19:24:06.0296 7548 partmgr - ok 19:24:06.0316 7548 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 19:24:06.0316 7548 Parvdm - ok 19:24:06.0356 7548 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll 19:24:06.0356 7548 PcaSvc - ok 19:24:06.0366 7548 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 19:24:06.0376 7548 pci - ok 19:24:06.0426 7548 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\DRIVERS\pciide.sys 19:24:06.0436 7548 pciide - ok 19:24:06.0536 7548 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 19:24:06.0556 7548 pcmcia - ok 19:24:06.0666 7548 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 19:24:06.0676 7548 PEAUTH - ok 19:24:06.0896 7548 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll 19:24:06.0926 7548 pla - ok 19:24:07.0006 7548 Planificateur LiveUpdate automatique (018fe8992fe4d70b69ae866ea0d83f0d) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 19:24:07.0026 7548 Planificateur LiveUpdate automatique - ok 19:24:07.0172 7548 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe 19:24:07.0203 7548 PLFlash DeviceIoControl Service - ok 19:24:07.0244 7548 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll 19:24:07.0254 7548 PlugPlay - ok 19:24:07.0334 7548 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 19:24:07.0344 7548 PNRPAutoReg - ok 19:24:07.0364 7548 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll 19:24:07.0364 7548 PNRPsvc - ok 19:24:07.0424 7548 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll 19:24:07.0424 7548 PolicyAgent - ok 19:24:07.0564 7548 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS aspptp.sys 19:24:07.0564 7548 PptpMiniport - ok 19:24:07.0634 7548 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 19:24:07.0654 7548 Processor - ok 19:24:07.0694 7548 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll 19:24:07.0694 7548 ProfSvc - ok 19:24:07.0724 7548 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 19:24:07.0734 7548 ProtectedStorage - ok 19:24:07.0764 7548 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 19:24:07.0764 7548 PSched - ok 19:24:07.0784 7548 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys 19:24:07.0794 7548 PSDFilter - ok 19:24:07.0824 7548 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys 19:24:07.0844 7548 PSDNServ - ok 19:24:07.0874 7548 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys 19:24:07.0884 7548 psdvdisk - ok 19:24:07.0984 7548 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 19:24:08.0024 7548 ql2300 - ok 19:24:08.0074 7548 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 19:24:08.0094 7548 ql40xx - ok 19:24:08.0144 7548 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll 19:24:08.0144 7548 QWAVE - ok 19:24:08.0194 7548 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 19:24:08.0194 7548 QWAVEdrv - ok 19:24:08.0204 7548 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS asacd.sys 19:24:08.0214 7548 RasAcd - ok 19:24:08.0234 7548 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32 asauto.dll 19:24:08.0244 7548 RasAuto - ok 19:24:08.0274 7548 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS asl2tp.sys 19:24:08.0274 7548 Rasl2tp - ok 19:24:08.0314 7548 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32 asmans.dll 19:24:08.0334 7548 RasMan - ok 19:24:08.0354 7548 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS aspppoe.sys 19:24:08.0364 7548 RasPppoe - ok 19:24:08.0414 7548 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS dbss.sys 19:24:08.0414 7548 rdbss - ok 19:24:08.0444 7548 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:24:08.0454 7548 RDPCDD - ok 19:24:08.0534 7548 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers dpdr.sys 19:24:08.0544 7548 rdpdr - ok 19:24:08.0554 7548 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers dpencdd.sys 19:24:08.0564 7548 RDPENCDD - ok 19:24:08.0604 7548 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 19:24:08.0624 7548 RDPWD - ok 19:24:08.0664 7548 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll 19:24:08.0664 7548 RemoteAccess - ok 19:24:08.0714 7548 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32 egsvc.dll 19:24:08.0724 7548 RemoteRegistry - ok 19:24:08.0804 7548 RichVideo (0a468612a19feb657d127e7c4810f6fc) C:\Program Files\CyberLink\Shared Files\RichVideo.exe 19:24:08.0834 7548 RichVideo - ok 19:24:08.0864 7548 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS immptsk.sys 19:24:08.0874 7548 rimmptsk - ok 19:24:08.0914 7548 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS imsptsk.sys 19:24:08.0924 7548 rimsptsk - ok 19:24:08.0954 7548 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS ixdptsk.sys 19:24:08.0964 7548 rismxdp - ok 19:24:08.0994 7548 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 19:24:08.0994 7548 RpcLocator - ok 19:24:09.0064 7548 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32 pcss.dll 19:24:09.0074 7548 RpcSs - ok 19:24:09.0104 7548 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS spndr.sys 19:24:09.0114 7548 rspndr - ok 19:24:09.0134 7548 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe 19:24:09.0134 7548 SamSs - ok 19:24:09.0154 7548 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 19:24:09.0154 7548 sbp2port - ok 19:24:09.0194 7548 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll 19:24:09.0194 7548 SCardSvr - ok 19:24:09.0274 7548 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll 19:24:09.0284 7548 Schedule - ok 19:24:09.0314 7548 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll 19:24:09.0314 7548 SCPolicySvc - ok 19:24:09.0354 7548 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys 19:24:09.0364 7548 sdbus - ok 19:24:09.0394 7548 SDRSVC (f7b6bf02240d0a764adf8c8966735552) C:\Windows\System32\SDRSVC.dll 19:24:09.0394 7548 SDRSVC - ok 19:24:09.0414 7548 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 19:24:09.0424 7548 secdrv - ok 19:24:09.0454 7548 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll 19:24:09.0454 7548 seclogon - ok 19:24:09.0484 7548 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\System32\sens.dll 19:24:09.0484 7548 SENS - ok 19:24:09.0524 7548 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 19:24:09.0534 7548 Serenum - ok 19:24:09.0554 7548 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 19:24:09.0574 7548 Serial - ok 19:24:09.0624 7548 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 19:24:09.0634 7548 sermouse - ok 19:24:09.0674 7548 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll 19:24:09.0684 7548 SessionEnv - ok 19:24:09.0724 7548 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 19:24:09.0734 7548 sffdisk - ok 19:24:09.0754 7548 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 19:24:09.0754 7548 sffp_mmc - ok 19:24:09.0774 7548 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 19:24:09.0784 7548 sffp_sd - ok 19:24:09.0804 7548 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 19:24:09.0824 7548 sfloppy - ok 19:24:09.0894 7548 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll 19:24:09.0904 7548 SharedAccess - ok 19:24:09.0964 7548 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll 19:24:09.0974 7548 ShellHWDetection - ok 19:24:09.0994 7548 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 19:24:09.0994 7548 sisagp - ok 19:24:10.0024 7548 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 19:24:10.0034 7548 SiSRaid2 - ok 19:24:10.0054 7548 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 19:24:10.0064 7548 SiSRaid4 - ok 19:24:10.0254 7548 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe 19:24:10.0304 7548 slsvc - ok 19:24:10.0424 7548 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll 19:24:10.0424 7548 SLUINotify - ok 19:24:10.0504 7548 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 19:24:10.0514 7548 Smb - ok 19:24:10.0544 7548 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 19:24:10.0544 7548 SNMPTRAP - ok 19:24:10.0694 7548 SNP2UVC (ef1f141a83c61503333569d2862f3999) C:\Windows\system32\DRIVERS\snp2uvc.sys 19:24:10.0734 7548 SNP2UVC - ok 19:24:10.0864 7548 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 19:24:10.0884 7548 SPBBCDrv - ok 19:24:10.0994 7548 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 19:24:10.0994 7548 spldr - ok 19:24:11.0014 7548 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe 19:24:11.0024 7548 Spooler - ok 19:24:11.0054 7548 SRTSP (15e29eb26dd53eb6385629f4622b5519) C:\Windows\system32\Drivers\SRTSP.SYS 19:24:11.0054 7548 SRTSP - ok 19:24:11.0084 7548 SRTSPL (fd0c0333fae09dbd1170e0d607eca5c8) C:\Windows\system32\Drivers\SRTSPL.SYS 19:24:11.0104 7548 SRTSPL - ok 19:24:11.0124 7548 SRTSPX (7e60a4a4035be470f47c6806da57db99) C:\Windows\system32\Drivers\SRTSPX.SYS 19:24:11.0134 7548 SRTSPX - ok 19:24:11.0174 7548 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 19:24:11.0174 7548 srv - ok 19:24:11.0224 7548 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 19:24:11.0224 7548 srv2 - ok 19:24:11.0234 7548 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 19:24:11.0254 7548 srvnet - ok 19:24:11.0274 7548 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll 19:24:11.0274 7548 SSDPSRV - ok 19:24:11.0334 7548 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll 19:24:11.0344 7548 stisvc - ok 19:24:11.0374 7548 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 19:24:11.0374 7548 swenum - ok 19:24:11.0424 7548 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll 19:24:11.0434 7548 swprv - ok 19:24:11.0654 7548 Symantec Core LC (2698cd77f4d73ea7988f0bc63de8e3d6) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 19:24:11.0714 7548 Symantec Core LC - ok 19:24:11.0744 7548 SymAppCore (2fe779b1a07747fed8074c433c3c4604) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe 19:24:11.0764 7548 SymAppCore - ok 19:24:11.0894 7548 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 19:24:11.0914 7548 Symc8xx - ok 19:24:11.0944 7548 SymEvent (9d98270b5f10a4c84e8da417c30756e1) C:\Windows\system32\Drivers\SYMEVENT.SYS 19:24:11.0964 7548 SymEvent - ok 19:24:11.0994 7548 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 19:24:12.0004 7548 Sym_hi - ok 19:24:12.0034 7548 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 19:24:12.0044 7548 Sym_u3 - ok 19:24:12.0104 7548 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll 19:24:12.0114 7548 SysMain - ok 19:24:12.0154 7548 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 19:24:12.0154 7548 TabletInputService - ok 19:24:12.0174 7548 tap0901 - ok 19:24:12.0214 7548 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32 apisrv.dll 19:24:12.0224 7548 TapiSrv - ok 19:24:12.0234 7548 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32 bssvc.dll 19:24:12.0244 7548 TBS - ok 19:24:12.0324 7548 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers cpip.sys 19:24:12.0354 7548 Tcpip - ok 19:24:12.0384 7548 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS cpip.sys 19:24:12.0384 7548 Tcpip6 - ok 19:24:12.0414 7548 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers cpipreg.sys 19:24:12.0424 7548 tcpipreg - ok 19:24:12.0454 7548 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers dpipe.sys 19:24:12.0454 7548 TDPIPE - ok 19:24:12.0474 7548 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers dtcp.sys 19:24:12.0484 7548 TDTCP - ok 19:24:12.0524 7548 tdx (c46e1bfead0a2b4105c9fbc8da30a930) C:\Windows\system32\DRIVERS dx.sys 19:24:12.0534 7548 tdx ( Virus.Win32.ZAccess.c ) - infected 19:24:12.0534 7548 tdx - detected Virus.Win32.ZAccess.c (0) 19:24:12.0554 7548 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS ermdd.sys 19:24:12.0564 7548 TermDD - ok 19:24:12.0624 7548 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32 ermsrv.dll 19:24:12.0634 7548 TermService - ok 19:24:12.0684 7548 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll 19:24:12.0684 7548 Themes - ok 19:24:12.0714 7548 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll 19:24:12.0724 7548 THREADORDER - ok 19:24:12.0744 7548 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32 rkwks.dll 19:24:12.0744 7548 TrkWks - ok 19:24:12.0804 7548 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe 19:24:12.0804 7548 TrustedInstaller - ok 19:24:12.0824 7548 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS ssecsrv.sys 19:24:12.0834 7548 tssecsrv - ok 19:24:12.0864 7548 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS unmp.sys 19:24:12.0864 7548 tunmp - ok 19:24:12.0884 7548 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS unnel.sys 19:24:12.0884 7548 tunnel - ok 19:24:12.0924 7548 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 19:24:12.0934 7548 uagp35 - ok 19:24:12.0974 7548 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 19:24:12.0974 7548 udfs - ok 19:24:13.0024 7548 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe 19:24:13.0024 7548 UI0Detect - ok 19:24:13.0054 7548 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 19:24:13.0064 7548 uliagpkx - ok 19:24:13.0094 7548 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 19:24:13.0104 7548 uliahci - ok 19:24:13.0134 7548 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 19:24:13.0154 7548 UlSata - ok 19:24:13.0174 7548 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 19:24:13.0174 7548 ulsata2 - ok 19:24:13.0214 7548 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 19:24:13.0224 7548 umbus - ok 19:24:13.0244 7548 uphclean - ok 19:24:13.0304 7548 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll 19:24:13.0314 7548 upnphost - ok 19:24:13.0354 7548 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys 19:24:13.0364 7548 usbccgp - ok 19:24:13.0394 7548 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 19:24:13.0404 7548 usbcir - ok 19:24:13.0424 7548 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys 19:24:13.0434 7548 usbehci - ok 19:24:13.0474 7548 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys 19:24:13.0494 7548 usbhub - ok 19:24:13.0524 7548 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 19:24:13.0534 7548 usbohci - ok 19:24:13.0564 7548 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 19:24:13.0574 7548 usbprint - ok 19:24:13.0614 7548 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:24:13.0614 7548 USBSTOR - ok 19:24:13.0634 7548 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys 19:24:13.0644 7548 usbuhci - ok 19:24:13.0684 7548 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll 19:24:13.0694 7548 UxSms - ok 19:24:13.0744 7548 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe 19:24:13.0754 7548 vds - ok 19:24:13.0774 7548 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 19:24:13.0794 7548 vga - ok 19:24:13.0824 7548 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 19:24:13.0834 7548 VgaSave - ok 19:24:13.0864 7548 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 19:24:13.0884 7548 viaagp - ok 19:24:13.0914 7548 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 19:24:13.0924 7548 ViaC7 - ok 19:24:13.0944 7548 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 19:24:13.0954 7548 viaide - ok 19:24:13.0974 7548 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 19:24:13.0974 7548 volmgr - ok 19:24:14.0024 7548 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 19:24:14.0024 7548 volmgrx - ok 19:24:14.0054 7548 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 19:24:14.0054 7548 volsnap - ok 19:24:14.0094 7548 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 19:24:14.0104 7548 vsmraid - ok 19:24:14.0194 7548 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe 19:24:14.0214 7548 VSS - ok 19:24:14.0264 7548 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll 19:24:14.0264 7548 W32Time - ok 19:24:14.0304 7548 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 19:24:14.0314 7548 WacomPen - ok 19:24:14.0344 7548 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 19:24:14.0354 7548 Wanarp - ok 19:24:14.0364 7548 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 19:24:14.0364 7548 Wanarpv6 - ok 19:24:14.0404 7548 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll 19:24:14.0404 7548 wcncsvc - ok 19:24:14.0434 7548 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 19:24:14.0444 7548 WcsPlugInService - ok 19:24:14.0474 7548 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 19:24:14.0484 7548 Wd - ok 19:24:14.0544 7548 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys 19:24:14.0544 7548 Wdf01000 - ok 19:24:14.0564 7548 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll 19:24:14.0564 7548 WdiServiceHost - ok 19:24:14.0584 7548 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll 19:24:14.0584 7548 WdiSystemHost - ok 19:24:14.0624 7548 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll 19:24:14.0634 7548 WebClient - ok 19:24:14.0664 7548 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll 19:24:14.0674 7548 Wecsvc - ok 19:24:14.0684 7548 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll 19:24:14.0684 7548 wercplsupport - ok 19:24:14.0714 7548 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll 19:24:14.0714 7548 WerSvc - ok 19:24:14.0784 7548 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 19:24:14.0814 7548 winachsf - ok 19:24:14.0824 7548 WinHttpAutoProxySvc - ok 19:24:14.0894 7548 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll 19:24:14.0894 7548 Winmgmt - ok 19:24:14.0954 7548 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll 19:24:14.0964 7548 WinRM - ok 19:24:15.0044 7548 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll 19:24:15.0054 7548 Wlansvc - ok 19:24:15.0114 7548 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:24:15.0124 7548 WmiAcpi - ok 19:24:15.0164 7548 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe 19:24:15.0174 7548 wmiApSrv - ok 19:24:15.0254 7548 WMIService (7641b16bd15a392de305d2b1c76aa42a) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe 19:24:15.0274 7548 WMIService - ok 19:24:15.0404 7548 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe 19:24:15.0424 7548 WMPNetworkSvc - ok 19:24:15.0474 7548 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll 19:24:15.0484 7548 WPCSvc - ok 19:24:15.0504 7548 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll 19:24:15.0504 7548 WPDBusEnum - ok 19:24:15.0574 7548 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 19:24:15.0584 7548 ws2ifsl - ok 19:24:15.0594 7548 WSearch - ok 19:24:15.0784 7548 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 19:24:15.0844 7548 wuauserv - ok 19:24:15.0954 7548 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:24:15.0964 7548 WUDFRd - ok 19:24:15.0984 7548 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll 19:24:15.0984 7548 wudfsvc - ok 19:24:16.0024 7548 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys 19:24:16.0024 7548 XAudio - ok 19:24:16.0074 7548 XAudioService (f82fc2c30a19442b95ae554215837c46) C:\Windows\system32\DRIVERS\xaudio.exe 19:24:16.0154 7548 XAudioService - ok 19:24:16.0224 7548 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 19:24:16.0234 7548 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok 19:24:16.0254 7548 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0 19:24:19.0954 7548 \Device\Harddisk0\DR0 - ok 19:24:19.0974 7548 Boot (0x1200) (d158322288337b034bd7fc75abf55836) \Device\Harddisk0\DR0\Partition0 19:24:19.0974 7548 \Device\Harddisk0\DR0\Partition0 - ok 19:24:19.0994 7548 Boot (0x1200) (886632fadce28bb3b4361c42b8e6f22b) \Device\Harddisk0\DR0\Partition1 19:24:19.0994 7548 \Device\Harddisk0\DR0\Partition1 - ok 19:24:19.0994 7548 ============================================================ 19:24:19.0994 7548 Scan finished 19:24:19.0994 7548 ============================================================ 19:24:20.0024 7540 Detected object count: 1 19:24:20.0024 7540 Actual detected object count: 1 19:26:27.0004 7540 C:\Windows\system32\DRIVERS dx.sys - copied to quarantine 19:26:27.0014 7540 C:\Windows\$NtUninstallKB32385$\258240997\@ - copied to quarantine 19:26:27.0014 7540 C:\Windows\$NtUninstallKB32385$\258240997\cfg.ini - copied to quarantine 19:26:27.0024 7540 C:\Windows\$NtUninstallKB32385$\258240997\Desktop.ini - copied to quarantine 19:26:27.0054 7540 C:\Windows\$NtUninstallKB32385$\258240997\L\qnbwvoto - copied to quarantine 19:26:27.0064 7540 C:\Windows\$NtUninstallKB32385$\258240997\oemid - copied to quarantine 19:26:27.0084 7540 C:\Windows\$NtUninstallKB32385$\258240997\U\00000001.@ - copied to quarantine 19:26:27.0144 7540 C:\Windows\$NtUninstallKB32385$\258240997\U\00000002.@ - copied to quarantine 19:26:27.0174 7540 C:\Windows\$NtUninstallKB32385$\258240997\U\00000004.@ - copied to quarantine 19:26:27.0204 7540 C:\Windows\$NtUninstallKB32385$\258240997\U\80000000.@ - copied to quarantine 19:26:27.0234 7540 C:\Windows\$NtUninstallKB32385$\258240997\U\80000004.@ - copied to quarantine 19:26:27.0264 7540 C:\Windows\$NtUninstallKB32385$\258240997\U\80000032.@ - copied to quarantine 19:26:27.0284 7540 C:\Windows\$NtUninstallKB32385$\258240997\version - copied to quarantine 19:26:27.0294 7540 VerifyFileNameVersionInfo: Get

Utilisateur anonyme · Answer

Re

Pour vérification:

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
Ou ici : https://forospyware.com 
>Renomme le pour l'enregistrer sur ton bureau en  asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista «  exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

 Avant d'utiliser ComboFix :  

->  Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.  

->  Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 


- Installe le console de récupération comme demandé ;utile en cas de plantage

- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur 

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

/!\  Ne touche à rien tant que le scan n'est pas terminé.  /!\ : risque de figer l'ordinateur (plantage complet) 


::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes


@+

bxlucky · Answer

impossible d ouvrir le fichier combofix.txt

bxlucky · Answer

en fait je peux rien ouvrir meme lancer internet

bxlucky · Answer

c est  bon

ComboFix 12-04-28.01 - bruno 28/04/2012  20:05:05.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium   6.0.6000.0.1252.33.1036.18.2037.1200 [GMT 2:00]
Lancé depuis: c:\users\bruno\Desktop\asdehi.exe
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\drv\Tuner\Yuan\Resources\_desktop.ini
c:\windows\$NtUninstallKB32385$
c:\windows\$NtUninstallKB32385$\258240997\L\qnbwvoto
c:\windows\system32\bdaplgin.ax
c:\windows\system32\cero.rs
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\divxdec.ax
c:\windows\system32\esrb.rs
c:\windows\system32\g711codc.ax
c:\windows\system32\htvcdsvcd70.ax
c:\windows\system32\iac25_32.ax
c:\windows\system32\ir41_32.ax
c:\windows\system32\ivfsrc.ax
c:\windows\system32\ksproxy.ax
c:\windows\system32\kstvtune.ax
c:\windows\system32\Kswdmcap.ax
c:\windows\system32\ksxbar.ax
c:\windows\system32\Mpeg2Data.ax
c:\windows\system32\mpg2splt.ax
c:\windows\system32\MSDvbNP.ax
c:\windows\system32\MSNP.ax
c:\windows\system32\oflc.rs
c:\windows\system32\pegi-fi.rs
c:\windows\system32\pegi-pt.rs
c:\windows\system32\pegi.rs
c:\windows\system32\pegibbfc.rs
c:\windows\system32\psisrndr.ax
c:\windows\system32\usk.rs
c:\windows\system32\VBICodec.ax
c:\windows\system32\vbisurf.ax
c:\windows\system32\vidcap.ax
c:\windows\system32\WEB.rs
c:\windows\system32\WSTPager.ax
.
.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AMService
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-03-28 au 2012-04-28  ))))))))))))))))))))))))))))))))))))
.
.
2012-04-28 20:01 . 2012-04-28 20:01	--------	d-----w-	C:\_OTL
2012-04-28 18:15 . 2012-04-28 18:19	--------	d-----w-	c:\users\bruno\AppData\Local	emp
2012-04-28 18:15 . 2012-04-28 18:15	--------	d-----w-	c:\users\Default\AppData\Local	emp
2012-04-28 17:26 . 2012-04-28 17:26	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-04-28 15:32 . 2012-04-28 15:32	--------	d-----w-	c:\users\bruno\AppData\Roaming\Malwarebytes
2012-04-28 15:32 . 2012-04-28 15:32	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-28 15:32 . 2012-04-28 15:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-28 15:32 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 17:28 . 2006-11-02 08:57	68096	----a-w-	c:\windows\system32\drivers	dx.sys
2012-04-27 03:40 . 2006-11-02 08:31	74752	----a-w-	c:\windows\system32\drivers\dfsc.sys
2012-03-07 19:20 . 2011-11-19 15:30	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2009-11-07 19:35	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-08 06:03 . 2012-03-06 19:53	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{412BF2C5-4008-444A-8162-A4F1537F999C}\mpengine.dll
2012-02-07 09:02 . 2012-02-07 09:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-12-13 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-02-03 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-11-21 46728]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-27 752136]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 206952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-10 535336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\jmcheng]
2012-04-28 14:22	10752	----a-w-	c:\windows\System32\config\systemprofile\AppData\Local\jmcheng.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\lkapoer]
2012-03-12 19:32	10752	----a-w-	c:\windows\System32\config\systemprofile\AppData\Local\lkapoer.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
tap0901
foldersize
uphclean
meraksmtp
cmuda
PCDCODEC
.
Contenu du dossier 'Tâches planifiées'
.
2012-04-28 c:\windows\Tasks\User_Feed_Synchronization-{084DB03B-B2F6-4B43-8C0E-E5AEC842B1BC}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://m.fr.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-Acer Tour - (no file)
HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-eRecoveryService - (no file)
SafeBoot-82236029.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-28 20:19
Windows 6.0.6000  NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(3664)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Microsoft\BingBar\BBSvc.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\acer\Empowering Technology\ENET\ENMTRAY.EXE
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Heure de fin: 2012-04-28  20:25:42 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-04-28 18:25
.
Avant-CF: 23 542 226 944 octets libres
Après-CF: 23 666 057 216 octets libres
.
- - End Of File - - F751B57962362E097DFF827349686CB6

Utilisateur anonyme · Answer

Re

Quoi de neuf?
Toujours des problèmes?

@+

bxlucky · Answer

a priorit tout marche nickel, je finis quelque mise a jour.

en tout cas un grand merci pour ton aide

Utilisateur anonyme · Answer

Re

1) Télécharge DelFix de Xplode

* Lance le.
* A l'invite,  [Suppression]  
* Un rapport va s'ouvrir à la fin, colle le dans la réponse

Ensuite pour le désinstaller ; tu relances et tu passes à l'option  [Désinstallation] 


2)C - Ccleaner :   

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

.enregistres le sur le bureau  
.double-cliques sur le fichier pour lancer l'installation  
.sur la fenêtre de l'installation langage bien choisir français et OK 
.cliques sur <gras>suivant  
.lis la licence et j'accepte  
.cliques sur suivant 
.la tu ne gardes de coché que mettre un raccourci sur le bureau  et puis contrôler automatiquement les mises à jour de Ccleaner 
.cliques sur installer 
.cliques sur fermer  
.double-cliques ou clic droit sous Vista ou Seven  sur l'icône  de Ccleaner pour l'ouvrir 
.une fois ouvert tu cliques sur option  et puis avancé  
.tu décoches  effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures 
.cliques sur nettoyeur  
.cliques sur windows et dans la colonne avancé  
. coches  la première case vieilles données du perfetch  ce qui te donnes la case vielles données du perfetch  
.cliques sur analyse  une fois l'analyse terminé 
.cliques sur lancer le nettoyage  et sur la demande de confirmation OK  il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien 
.clique maintenant sur registre  et puis sur rechercher les erreurs 
.laisse tout coché et clique sur réparer les erreurs sélectionnées 
.il te demande de sauvegarder OUI 
.tu lui donnes un nom pour pouvoir la retrouver et enregistre 
.clique sur corriger toutes les erreurs sélectionnées  et sur la demande de confirmation OK   
.il supprime et une fois fermé   tu vérifies en relançant rechercher les erreurs  
.tu retournes dans option  et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch  
.tu peux fermer Ccleaner.

Tuto : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm




@+

bxlucky · Answer

c est fait

Utilisateur anonyme · Answer

RE

Si tu le dis..
Je te propose donc de clore ce post si tu n'as plus de problèmes..
@+

bxlucky · Answer

je te remercie encore

Virus police nationale

35 réponses

Discussions similaires

Newsletters