TROJANS LIES A LIVE PROTECTION

Résolu
DRONE_DU_COLLECTIF Messages postés 96 Date d'inscription   Statut Membre Dernière intervention   -  
DRONE_DU_COLLECTIF Messages postés 96 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
Il y a un programme se présentant comme un antivirus qui s'est installé sur un de mes ordinateurs (muni de XP) avec les droits d'Administrateur. Il se nomme LIVE PROTECTION.
Juste avant son apparition, le système a été littéralement submergé par une vague de TROJANS qui ont été bloqué par l'antivirus d'ORANGE.
Il est clair pour moi que ceux-ci ont été initiés par ce programme.
J'ai fermé l'accès à INTERNET.
J'ai essayé de me débarrasser des TROJANS en bootant avec un cd muni de PANDA SAFE mais le programme de Panda ne veut pas lancer de scan...
J'ai lancé un scan avec NORTON SECURITY SCAN qui me dit que tout va bien, qu'il n'y a aucun trojan.
En principe j''ai désinstallé LIVE PROTECTION mais dès que je me reconnecte au net, des trojans sont détectés par l'antivirus d'Orange et tout se bloque de façon indéfinie...
Merci pour toute aide !

7 réponses

  1. Utilisateur anonyme
     
    Bonsoir

    [*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy)
    [*] Quitter tous les programmes
    [*] Lancer RogueKiller.exe.
    [*] Attendre que le Prescan ait fini ...
    [*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du rapport

    @+
    1
  2. Utilisateur anonyme
     
    Re

    Si tu le penses!!!

    Je te laisses décider;mais ce n'est pas gagné...

    @+

    1
  3. Tigzy Messages postés 7983 Statut Contributeur sécurité 582
     
    Hello

    tu peux poster les rapports de TDSSKiller et cmbofix stp?
    ça aide à améliorer les outils
    1
  4. DRONE_DU_COLLECTIF Messages postés 96 Date d'inscription   Statut Membre Dernière intervention   3
     
    Merci !
    Ca sera pour la prochaine fois si ca recommence...
    J'ai pu installer SPYBOT 1.6.2 et AVIRA.
    Le système est sous contrôle apparemment.
    J'ai récupéré l'accès à internet sans problème pour le moment.
    Je croise les doigts...
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. DRONE_DU_COLLECTIF Messages postés 96 Date d'inscription   Statut Membre Dernière intervention   3
     
    Finalement, j'ai lancé ROGUEKILLER.
    J'ai obtenu 3 rapports.
    Les voici :
    RogueKiller V7.5.4 [07/06/2012] par Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Remontees: https://www.luanagames.com/index.fr.html
    Blog: http://tigzyrk.blogspot.com

    Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur: SONY [Droits d'admin]
    Mode: Recherche -- Date: 10/06/2012 15:09:23

    ¤¤¤ Processus malicieux: 0 ¤¤¤

    ¤¤¤ Entrees de registre: 2 ¤¤¤
    [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\n.) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver: [CHARGE] ¤¤¤
    SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xF7C0D66C)
    SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0xF7C0D626)
    SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xF7C0D676)
    SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xF7C0D61C)
    SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0xF7C0D62B)
    SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0xF7C0D635)
    SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xF7C0D667)
    SSDT[98] : NtLoadKey @ 0x806261FA -> HOOKED (Unknown @ 0xF7C0D63A)
    SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xF7C0D608)
    SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xF7C0D60D)
    SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0xF7C0D68F)
    SSDT[193] : NtReplaceKey @ 0x806260AA -> HOOKED (Unknown @ 0xF7C0D644)
    SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xF7C0D680)
    SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0xF7C0D63F)
    SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xF7C0D67B)
    SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xF7C0D685)
    SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0xF7C0D630)
    SSDT[255] : NtSystemDebugControl @ 0x80617FAA -> HOOKED (Unknown @ 0xF7C0D68A)
    SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xF7C0D617)
    S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C0D69E)
    S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C0D6A3)
    IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] dvd43llh.sys @ 0xF791BB20)
    IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    [...]

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
    --- User ---
    [MBR] fe8e86f28926dc4215b3b71595605e8f
    [BSP] 88446dfa687d2af5a923c2fa584677fd : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 8110 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16611210 | Size: 106360 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Termine : << RKreport[1].txt >>
    RKreport[1].txt

    --------------------------------------------------------------
    ---------------------------------------------------------------
    RogueKiller V7.5.4 [07/06/2012] par Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Remontees: https://www.luanagames.com/index.fr.html
    Blog: http://tigzyrk.blogspot.com

    Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur: SONY [Droits d'admin]
    Mode: Suppression -- Date: 10/06/2012 15:11:46

    ¤¤¤ Processus malicieux: 0 ¤¤¤

    ¤¤¤ Entrees de registre: 2 ¤¤¤
    [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver: [CHARGE] ¤¤¤
    SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xF7C0D66C)
    SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0xF7C0D626)
    SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xF7C0D676)
    SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xF7C0D61C)
    SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0xF7C0D62B)
    SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0xF7C0D635)
    SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xF7C0D667)
    SSDT[98] : NtLoadKey @ 0x806261FA -> HOOKED (Unknown @ 0xF7C0D63A)
    SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xF7C0D608)
    SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xF7C0D60D)
    SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0xF7C0D68F)
    SSDT[193] : NtReplaceKey @ 0x806260AA -> HOOKED (Unknown @ 0xF7C0D644)
    SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xF7C0D680)
    SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0xF7C0D63F)
    SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xF7C0D67B)
    SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xF7C0D685)
    SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0xF7C0D630)
    SSDT[255] : NtSystemDebugControl @ 0x80617FAA -> HOOKED (Unknown @ 0xF7C0D68A)
    SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xF7C0D617)
    S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7C0D69E)
    S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7C0D6A3)
    IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] dvd43llh.sys @ 0xF791BB20)
    IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)
    IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xF727AB40)

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    [...]

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
    --- User ---
    [MBR] fe8e86f28926dc4215b3b71595605e8f
    [BSP] 88446dfa687d2af5a923c2fa584677fd : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 8110 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16611210 | Size: 106360 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Termine : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    ------------------------------------------------------------------------------------------
    -----------------------------------------------------------------------------------------
    RogueKiller V7.5.4 [07/06/2012] par Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Remontees: https://www.luanagames.com/index.fr.html
    Blog: http://tigzyrk.blogspot.com

    Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur: SONY [Droits d'admin]
    Mode: Recherche -- Date: 10/06/2012 16:02:40

    ¤¤¤ Processus malicieux: 0 ¤¤¤

    ¤¤¤ Entrees de registre: 0 ¤¤¤

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver: [CHARGE] ¤¤¤
    SSDT[25] : NtClose @ 0x805BC538 -> HOOKED (Unknown @ 0xF7B784DC)
    SSDT[41] : NtCreateKey @ 0x80623FD6 -> HOOKED (Unknown @ 0xF7B78496)
    SSDT[50] : NtCreateSection @ 0x805AB3D0 -> HOOKED (Unknown @ 0xF7B784E6)
    SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0xF7B7848C)
    SSDT[63] : NtDeleteKey @ 0x80624472 -> HOOKED (Unknown @ 0xF7B7849B)
    SSDT[65] : NtDeleteValueKey @ 0x80624642 -> HOOKED (Unknown @ 0xF7B784A5)
    SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0xF7B784D7)
    SSDT[98] : NtLoadKey @ 0x806261FA -> HOOKED (Unknown @ 0xF7B784AA)
    SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0xF7B78478)
    SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0xF7B7847D)
    SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0xF7B784FF)
    SSDT[193] : NtReplaceKey @ 0x806260AA -> HOOKED (Unknown @ 0xF7B784B4)
    SSDT[200] : NtRequestWaitReplyPort @ 0x805A2D7E -> HOOKED (Unknown @ 0xF7B784F0)
    SSDT[204] : NtRestoreKey @ 0x806259B6 -> HOOKED (Unknown @ 0xF7B784AF)
    SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0xF7B784EB)
    SSDT[237] : NtSetSecurityObject @ 0x805C0636 -> HOOKED (Unknown @ 0xF7B784F5)
    SSDT[247] : NtSetValueKey @ 0x80622548 -> HOOKED (Unknown @ 0xF7B784A0)
    SSDT[255] : NtSystemDebugControl @ 0x80617FAA -> HOOKED (Unknown @ 0xF7B784FA)
    SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0xF7B78487)
    S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7B7850E)
    S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7B78513)
    IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : atapi.sys -> HOOKED ([MAJOR] dvd43llh.sys @ 0xF77ABB20)

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    [...]

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK1234GSX +++++
    --- User ---
    [MBR] fe8e86f28926dc4215b3b71595605e8f
    [BSP] 88446dfa687d2af5a923c2fa584677fd : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 8110 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16611210 | Size: 106360 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Termine : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

    ------------------------------------------------------------------------
    ------------------------------------------------------------------------
    --------------------------------------------------------------------------
    FIN DES 3 RAPPORTS DE ROGUEKILLER.

    Donc a été détecté ZEROACCES

    J'ai téléchargé et lancé selon les conseils de RogueKiller le programme TDSSKILLER.

    Après redémarrage, je me suis rendu compte que AVIRA détectait à répétition après suppression (théorique) TR/ATRAPS.GENZ

    Donc j'ai installé et lancé COMBOFIX dont le traitement s'est poursuivi à terme sans encombre.

    J'espère que c'est bon maintenant.
    En tout cas, je ne réactiverai pas le BOOT RESEAU avant longtemps...

    Merci Guillaume5188 pour les conseils éclairés !!!
    0
  7. DRONE_DU_COLLECTIF Messages postés 96 Date d'inscription   Statut Membre Dernière intervention   3
     
    Voici le rapport de TDSSKILLER :

    15:15:01.0468 0724 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
    15:15:01.0937 0724 ============================================================
    15:15:01.0937 0724 Current date / time: 2012/06/10 15:15:01.0937
    15:15:01.0937 0724 SystemInfo:
    15:15:01.0937 0724
    15:15:01.0937 0724 OS Version: 5.1.2600 ServicePack: 3.0
    15:15:01.0937 0724 Product type: Workstation
    15:15:01.0937 0724 ComputerName: NOM-DD1C58CE1B2
    15:15:01.0937 0724 UserName: SONY
    15:15:01.0937 0724 Windows directory: C:\WINDOWS
    15:15:01.0937 0724 System windows directory: C:\WINDOWS
    15:15:01.0937 0724 Processor architecture: Intel x86
    15:15:01.0937 0724 Number of processors: 2
    15:15:01.0937 0724 Page size: 0x1000
    15:15:01.0937 0724 Boot type: Normal boot
    15:15:01.0937 0724 ============================================================
    15:15:04.0250 0724 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    15:15:04.0265 0724 ============================================================
    15:15:04.0265 0724 \Device\Harddisk0\DR0:
    15:15:04.0265 0724 MBR partitions:
    15:15:04.0265 0724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFD778A, BlocksNum 0xCFBC037
    15:15:04.0265 0724 ============================================================
    15:15:04.0296 0724 C: <-> \Device\Harddisk0\DR0\Partition0
    15:15:04.0312 0724 ============================================================
    15:15:04.0312 0724 Initialize success
    15:15:04.0312 0724 ============================================================
    15:15:15.0453 0692 ============================================================
    15:15:15.0453 0692 Scan started
    15:15:15.0453 0692 Mode: Manual;
    15:15:15.0453 0692 ============================================================
    15:15:15.0968 0692 Abiosdsk - ok
    15:15:15.0984 0692 abp480n5 - ok
    15:15:16.0031 0692 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    15:15:16.0031 0692 ACPI - ok
    15:15:16.0062 0692 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    15:15:16.0062 0692 ACPIEC - ok
    15:15:16.0203 0692 AdobeActiveFileMonitor4.0 (2486c8e3f14496341e90cf2ab8bc82ed) C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    15:15:16.0203 0692 AdobeActiveFileMonitor4.0 - ok
    15:15:16.0281 0692 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    15:15:16.0296 0692 AdobeFlashPlayerUpdateSvc - ok
    15:15:16.0296 0692 adpu160m - ok
    15:15:16.0328 0692 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    15:15:16.0343 0692 aec - ok
    15:15:16.0375 0692 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    15:15:16.0375 0692 AegisP - ok
    15:15:16.0421 0692 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    15:15:16.0421 0692 AFD - ok
    15:15:16.0421 0692 Aha154x - ok
    15:15:16.0437 0692 aic78u2 - ok
    15:15:16.0437 0692 aic78xx - ok
    15:15:16.0484 0692 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
    15:15:16.0515 0692 Alerter - ok
    15:15:16.0546 0692 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
    15:15:16.0578 0692 ALG - ok
    15:15:16.0593 0692 AliIde - ok
    15:15:16.0593 0692 amsint - ok
    15:15:16.0671 0692 AntiVirSchedulerService (27c9a4e1ef31c7a64de8fbc0aa568503) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    15:15:16.0671 0692 AntiVirSchedulerService - ok
    15:15:16.0718 0692 AntiVirService (e491888d529410d7bd8fbbad825795c8) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    15:15:16.0718 0692 AntiVirService - ok
    15:15:16.0765 0692 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    15:15:16.0765 0692 ApfiltrService - ok
    15:15:16.0828 0692 AppMgmt (f36c9f78fc902c8dce4d3b576bb0435a) C:\WINDOWS\System32\appmgmts.dll
    15:15:16.0875 0692 AppMgmt - ok
    15:15:16.0906 0692 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    15:15:16.0906 0692 Arp1394 - ok
    15:15:16.0921 0692 asc - ok
    15:15:16.0921 0692 asc3350p - ok
    15:15:16.0937 0692 asc3550 - ok
    15:15:17.0078 0692 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    15:15:17.0156 0692 aspnet_state - ok
    15:15:17.0187 0692 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    15:15:17.0187 0692 AsyncMac - ok
    15:15:17.0234 0692 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    15:15:17.0234 0692 atapi - ok
    15:15:17.0250 0692 Atdisk - ok
    15:15:17.0421 0692 ATE_PROCMON - ok
    15:15:17.0625 0692 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    15:15:17.0625 0692 Atmarpc - ok
    15:15:18.0078 0692 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
    15:15:18.0109 0692 AudioSrv - ok
    15:15:18.0171 0692 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    15:15:18.0171 0692 audstub - ok
    15:15:18.0609 0692 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    15:15:18.0609 0692 avgntflt - ok
    15:15:18.0828 0692 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    15:15:18.0828 0692 avipbb - ok
    15:15:18.0859 0692 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
    15:15:18.0859 0692 avkmgr - ok
    15:15:18.0906 0692 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    15:15:18.0906 0692 Beep - ok
    15:15:19.0015 0692 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
    15:15:19.0125 0692 BITS - ok
    15:15:19.0156 0692 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
    15:15:19.0156 0692 Browser - ok
    15:15:19.0187 0692 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    15:15:19.0187 0692 cbidf2k - ok
    15:15:19.0203 0692 cd20xrnt - ok
    15:15:19.0234 0692 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    15:15:19.0234 0692 Cdaudio - ok
    15:15:19.0250 0692 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    15:15:19.0250 0692 Cdfs - ok
    15:15:19.0265 0692 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    15:15:19.0265 0692 Cdrom - ok
    15:15:19.0281 0692 Changer - ok
    15:15:19.0296 0692 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
    15:15:19.0343 0692 CiSvc - ok
    15:15:19.0359 0692 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
    15:15:19.0390 0692 ClipSrv - ok
    15:15:19.0468 0692 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:15:19.0578 0692 clr_optimization_v2.0.50727_32 - ok
    15:15:19.0656 0692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    15:15:19.0734 0692 clr_optimization_v4.0.30319_32 - ok
    15:15:19.0765 0692 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    15:15:19.0765 0692 CmBatt - ok
    15:15:19.0765 0692 CmdIde - ok
    15:15:19.0796 0692 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    15:15:19.0796 0692 Compbatt - ok
    15:15:19.0796 0692 COMSysApp - ok
    15:15:19.0812 0692 Cpqarray - ok
    15:15:19.0843 0692 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
    15:15:19.0843 0692 CryptSvc - ok
    15:15:19.0859 0692 dac2w2k - ok
    15:15:19.0859 0692 dac960nt - ok
    15:15:19.0921 0692 DcomLaunch (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
    15:15:19.0937 0692 DcomLaunch - ok
    15:15:20.0000 0692 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
    15:15:20.0000 0692 Dhcp - ok
    15:15:20.0000 0692 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    15:15:20.0000 0692 Disk - ok
    15:15:20.0015 0692 dmadmin - ok
    15:15:20.0140 0692 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    15:15:20.0140 0692 dmboot - ok
    15:15:20.0171 0692 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
    15:15:20.0171 0692 DMICall - ok
    15:15:20.0203 0692 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    15:15:20.0203 0692 dmio - ok
    15:15:20.0218 0692 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    15:15:20.0234 0692 dmload - ok
    15:15:20.0250 0692 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
    15:15:20.0296 0692 dmserver - ok
    15:15:20.0328 0692 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    15:15:20.0328 0692 DMusic - ok
    15:15:20.0359 0692 Dnscache (1a1e59377fb6cacd711cc5073c4a7d79) C:\WINDOWS\System32\dnsrslvr.dll
    15:15:20.0359 0692 Dnscache - ok
    15:15:20.0421 0692 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
    15:15:20.0453 0692 Dot3svc - ok
    15:15:20.0453 0692 dpti2o - ok
    15:15:20.0531 0692 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    15:15:20.0546 0692 driverhardwarev2 - ok
    15:15:20.0578 0692 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    15:15:20.0578 0692 drmkaud - ok
    15:15:20.0609 0692 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
    15:15:20.0609 0692 dvd43llh - ok
    15:15:20.0656 0692 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
    15:15:20.0671 0692 EapHost - ok
    15:15:20.0765 0692 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
    15:15:20.0765 0692 ehRecvr - ok
    15:15:20.0812 0692 ehSched (980eeea91776357518892c5544768e2b) C:\WINDOWS\eHome\ehSched.exe
    15:15:20.0812 0692 ehSched - ok
    15:15:20.0859 0692 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
    15:15:20.0859 0692 ERSvc - ok
    15:15:20.0906 0692 Eventlog (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
    15:15:20.0906 0692 Eventlog - ok
    15:15:20.0968 0692 EventSystem (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
    15:15:20.0968 0692 EventSystem - ok
    15:15:21.0125 0692 EvtEng (a2ca7c9169f5781a261310dfadc52514) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    15:15:21.0140 0692 EvtEng - ok
    15:15:21.0234 0692 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    15:15:21.0234 0692 Fastfat - ok
    15:15:21.0265 0692 FastUserSwitchingCompatibility (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
    15:15:21.0281 0692 FastUserSwitchingCompatibility - ok
    15:15:21.0281 0692 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    15:15:21.0281 0692 Fdc - ok
    15:15:21.0296 0692 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    15:15:21.0296 0692 Fips - ok
    15:15:21.0328 0692 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    15:15:21.0328 0692 Flpydisk - ok
    15:15:21.0343 0692 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    15:15:21.0343 0692 FltMgr - ok
    15:15:21.0390 0692 FNETTHJM (9339335cfaf1ebd80734098ff938b32a) C:\WINDOWS\system32\drivers\fnetthjm.sys
    15:15:21.0390 0692 FNETTHJM - ok
    15:15:21.0468 0692 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    15:15:21.0531 0692 FontCache3.0.0.0 - ok
    15:15:21.0562 0692 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    15:15:21.0562 0692 Fs_Rec - ok
    15:15:21.0609 0692 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    15:15:21.0609 0692 Ftdisk - ok
    15:15:21.0656 0692 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    15:15:21.0656 0692 Gpc - ok
    15:15:21.0734 0692 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:15:21.0734 0692 gupdate - ok
    15:15:21.0750 0692 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    15:15:21.0750 0692 gupdatem - ok
    15:15:21.0796 0692 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    15:15:21.0796 0692 HDAudBus - ok
    15:15:21.0843 0692 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    15:15:21.0843 0692 helpsvc - ok
    15:15:21.0859 0692 HidServ - ok
    15:15:21.0875 0692 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    15:15:21.0875 0692 HidUsb - ok
    15:15:21.0921 0692 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
    15:15:21.0953 0692 hkmsvc - ok
    15:15:21.0953 0692 hpn - ok
    15:15:22.0000 0692 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    15:15:22.0000 0692 HPZid412 - ok
    15:15:22.0000 0692 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    15:15:22.0000 0692 HPZipr12 - ok
    15:15:22.0031 0692 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    15:15:22.0031 0692 HPZius12 - ok
    15:15:22.0078 0692 HSFHWAZL (be0a81f4337367ce94bb20e65b3d57c8) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
    15:15:22.0078 0692 HSFHWAZL - ok
    15:15:22.0156 0692 HSF_DPV (b46aa158f25ccbf03b12971b4c7f4723) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    15:15:22.0171 0692 HSF_DPV - ok
    15:15:22.0234 0692 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    15:15:22.0234 0692 HTTP - ok
    15:15:22.0250 0692 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
    15:15:22.0281 0692 HTTPFilter - ok
    15:15:22.0281 0692 i2omgmt - ok
    15:15:22.0296 0692 i2omp - ok
    15:15:22.0328 0692 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    15:15:22.0328 0692 i8042prt - ok
    15:15:22.0453 0692 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    15:15:22.0468 0692 ialm - ok
    15:15:22.0593 0692 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    15:15:22.0625 0692 IDriverT - ok
    15:15:22.0765 0692 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    15:15:22.0890 0692 idsvc - ok
    15:15:23.0000 0692 Image Converter video recording monitor for VAIO Entertainment (a16dedf58c40d8236578f0fbb520ea6d) C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
    15:15:23.0031 0692 Image Converter video recording monitor for VAIO Entertainment - ok
    15:15:23.0203 0692 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    15:15:23.0203 0692 Imapi - ok
    15:15:23.0250 0692 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
    15:15:23.0265 0692 ImapiService - ok
    15:15:23.0265 0692 ini910u - ok
    15:15:23.0625 0692 IntcAzAudAddService (ab2fe0faa519880bd16e4a0792d633d2) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    15:15:23.0687 0692 IntcAzAudAddService - ok
    15:15:23.0796 0692 IntelIde - ok
    15:15:23.0843 0692 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    15:15:23.0843 0692 intelppm - ok
    15:15:23.0859 0692 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    15:15:23.0859 0692 Ip6Fw - ok
    15:15:23.0906 0692 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    15:15:23.0906 0692 IpFilterDriver - ok
    15:15:23.0953 0692 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    15:15:23.0953 0692 IpInIp - ok
    15:15:23.0984 0692 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    15:15:23.0984 0692 IpNat - ok
    15:15:24.0000 0692 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    15:15:24.0000 0692 IPSec - ok
    15:15:24.0031 0692 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    15:15:24.0031 0692 IRENUM - ok
    15:15:24.0078 0692 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    15:15:24.0078 0692 isapnp - ok
    15:15:24.0218 0692 JavaQuickStarterService (a1509ba3a5fdc5366146e92b3d130eb5) C:\Program Files\Java\jre7\bin\jqs.exe
    15:15:24.0218 0692 JavaQuickStarterService - ok
    15:15:24.0250 0692 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    15:15:24.0250 0692 Kbdclass - ok
    15:15:24.0296 0692 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    15:15:24.0296 0692 kmixer - ok
    15:15:24.0343 0692 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    15:15:24.0359 0692 KSecDD - ok
    15:15:24.0390 0692 lanmanserver (1db8078a32e03ac8f5eb5e6dcac2aa34) C:\WINDOWS\System32\srvsvc.dll
    15:15:24.0390 0692 lanmanserver - ok
    15:15:24.0437 0692 lanmanworkstation (ad54ead46d92f413be189aabc1c59490) C:\WINDOWS\System32\wkssvc.dll
    15:15:24.0453 0692 lanmanworkstation - ok
    15:15:24.0453 0692 lbrtfdc - ok
    15:15:24.0531 0692 LEX_AS_NIC_SERVICE_YNOS (c74ba069968543f4b1bd99b1f4899f92) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
    15:15:24.0546 0692 LEX_AS_NIC_SERVICE_YNOS - ok
    15:15:24.0593 0692 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
    15:15:24.0593 0692 LmHosts - ok
    15:15:24.0640 0692 maconfservice (3137b276c48d77dc05b7592e156e2880) C:\Program Files\ma-config.com\maconfservice.exe
    15:15:24.0703 0692 maconfservice - ok
    15:15:24.0765 0692 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
    15:15:24.0765 0692 McrdSvc - ok
    15:15:24.0859 0692 MDM (2868e7dc2c450f76e36dab7ad9b49898) C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    15:15:24.0859 0692 MDM - ok
    15:15:24.0890 0692 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    15:15:24.0890 0692 mdmxsdk - ok
    15:15:24.0921 0692 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
    15:15:24.0968 0692 Messenger - ok
    15:15:25.0015 0692 MHN (184a03058c8cc399ea37dbeff6a8365a) C:\WINDOWS\System32\mhn.dll
    15:15:25.0046 0692 MHN - ok
    15:15:25.0078 0692 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    15:15:25.0078 0692 MHNDRV - ok
    15:15:25.0109 0692 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    15:15:25.0109 0692 mnmdd - ok
    15:15:25.0156 0692 mnmsrvc (d3a2870cd96cda7bcff3dc54f64087ad) C:\WINDOWS\system32\mnmsrvc.exe
    15:15:25.0171 0692 mnmsrvc - ok
    15:15:25.0203 0692 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    15:15:25.0203 0692 Modem - ok
    15:15:25.0218 0692 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    15:15:25.0218 0692 Mouclass - ok
    15:15:25.0250 0692 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    15:15:25.0250 0692 mouhid - ok
    15:15:25.0281 0692 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    15:15:25.0281 0692 MountMgr - ok
    15:15:25.0328 0692 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    15:15:25.0375 0692 MozillaMaintenance - ok
    15:15:25.0375 0692 mraid35x - ok
    15:15:25.0421 0692 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    15:15:25.0421 0692 MRxDAV - ok
    15:15:25.0484 0692 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    15:15:25.0484 0692 MRxSmb - ok
    15:15:25.0609 0692 MSCSPTISRV (f1534aca143ca86cd57672953754fab0) C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    15:15:25.0625 0692 MSCSPTISRV - ok
    15:15:25.0640 0692 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
    15:15:25.0671 0692 MSDTC - ok
    15:15:25.0718 0692 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    15:15:25.0718 0692 Msfs - ok
    15:15:25.0718 0692 MSIServer - ok
    15:15:25.0750 0692 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    15:15:25.0750 0692 MSKSSRV - ok
    15:15:25.0765 0692 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    15:15:25.0765 0692 MSPCLOCK - ok
    15:15:25.0781 0692 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    15:15:25.0781 0692 MSPQM - ok
    15:15:25.0812 0692 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15:15:25.0812 0692 mssmbios - ok
    15:15:25.0843 0692 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    15:15:25.0843 0692 Mup - ok
    15:15:25.0906 0692 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
    15:15:25.0953 0692 napagent - ok
    15:15:25.0984 0692 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    15:15:26.0000 0692 NDIS - ok
    15:15:26.0031 0692 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    15:15:26.0031 0692 NdisTapi - ok
    15:15:26.0046 0692 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    15:15:26.0046 0692 Ndisuio - ok
    15:15:26.0078 0692 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    15:15:26.0093 0692 NdisWan - ok
    15:15:26.0125 0692 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    15:15:26.0125 0692 NDProxy - ok
    15:15:26.0406 0692 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    15:15:26.0406 0692 NetBIOS - ok
    15:15:26.0437 0692 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    15:15:26.0437 0692 NetBT - ok
    15:15:26.0484 0692 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
    15:15:26.0515 0692 NetDDE - ok
    15:15:26.0531 0692 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
    15:15:26.0531 0692 NetDDEdsdm - ok
    15:15:26.0562 0692 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
    15:15:26.0562 0692 Netlogon - ok
    15:15:26.0593 0692 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
    15:15:26.0593 0692 Netman - ok
    15:15:26.0703 0692 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    15:15:26.0734 0692 NetTcpPortSharing - ok
    15:15:26.0843 0692 NETw3x32 (f886500c285af271fdd33bf8ba7b32ef) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
    15:15:26.0875 0692 NETw3x32 - ok
    15:15:27.0156 0692 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
    15:15:27.0187 0692 NETw4x32 - ok
    15:15:27.0328 0692 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    15:15:27.0328 0692 NIC1394 - ok
    15:15:27.0390 0692 Nla (6f5f546a92c7b6ae45db1d6910781eb0) C:\WINDOWS\System32\mswsock.dll
    15:15:27.0390 0692 Nla - ok
    15:15:27.0406 0692 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    15:15:27.0406 0692 Npfs - ok
    15:15:27.0468 0692 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    15:15:27.0468 0692 Ntfs - ok
    15:15:27.0484 0692 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
    15:15:27.0500 0692 NtLmSsp - ok
    15:15:27.0562 0692 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
    15:15:27.0609 0692 NtmsSvc - ok
    15:15:27.0656 0692 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    15:15:27.0656 0692 Null - ok
    15:15:27.0953 0692 nv (45231f169f9a384e93a11cf00e4530ab) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    15:15:27.0984 0692 nv - ok
    15:15:28.0156 0692 NVSvc (f2206624cedcac5581d6f9f0f95a31fb) C:\WINDOWS\system32\nvsvc32.exe
    15:15:28.0171 0692 NVSvc - ok
    15:15:28.0218 0692 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    15:15:28.0218 0692 NwlnkFlt - ok
    15:15:28.0218 0692 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    15:15:28.0218 0692 NwlnkFwd - ok
    15:15:28.0265 0692 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    15:15:28.0265 0692 ohci1394 - ok
    15:15:28.0453 0692 Orange update Core Service (fd209f8c2562c351f7a25b4ffcd8f856) C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
    15:15:28.0531 0692 Orange update Core Service - ok
    15:15:28.0578 0692 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    15:15:28.0609 0692 ose - ok
    15:15:28.0671 0692 OXSDIDRV_x32 (257190d58444732b68919c573368b64d) C:\WINDOWS\system32\DRIVERS\OXSDIDRV_x32.sys
    15:15:28.0671 0692 OXSDIDRV_x32 - ok
    15:15:28.0718 0692 OXUDIDRV (8f534a8630f6baba92e14531f96906cd) C:\WINDOWS\system32\Drivers\OXUDIDRV_X32.sys
    15:15:28.0718 0692 OXUDIDRV - ok
    15:15:28.0812 0692 PACSPTISVR (17bb6b38de8c2bda692ca1db0cea7325) C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    15:15:28.0859 0692 PACSPTISVR - ok
    15:15:28.0906 0692 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
    15:15:28.0906 0692 Parport - ok
    15:15:28.0937 0692 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    15:15:28.0937 0692 PartMgr - ok
    15:15:28.0968 0692 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    15:15:28.0968 0692 ParVdm - ok
    15:15:29.0000 0692 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    15:15:29.0000 0692 PCI - ok
    15:15:29.0015 0692 PCIDump - ok
    15:15:29.0046 0692 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    15:15:29.0046 0692 PCIIde - ok
    15:15:29.0062 0692 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    15:15:29.0062 0692 Pcmcia - ok
    15:15:29.0078 0692 PDCOMP - ok
    15:15:29.0078 0692 PDFRAME - ok
    15:15:29.0093 0692 PDRELI - ok
    15:15:29.0093 0692 PDRFRAME - ok
    15:15:29.0109 0692 perc2 - ok
    15:15:29.0125 0692 perc2hib - ok
    15:15:29.0187 0692 PlugPlay (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
    15:15:29.0187 0692 PlugPlay - ok
    15:15:29.0250 0692 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
    15:15:29.0250 0692 Pml Driver HPZ12 - ok
    15:15:29.0281 0692 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
    15:15:29.0281 0692 PolicyAgent - ok
    15:15:29.0312 0692 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    15:15:29.0312 0692 PptpMiniport - ok
    15:15:29.0312 0692 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
    15:15:29.0312 0692 ProtectedStorage - ok
    15:15:29.0343 0692 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    15:15:29.0343 0692 PSched - ok
    15:15:29.0390 0692 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    15:15:29.0390 0692 Ptilink - ok
    15:15:29.0421 0692 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    15:15:29.0421 0692 PxHelp20 - ok
    15:15:29.0437 0692 ql1080 - ok
    15:15:29.0437 0692 Ql10wnt - ok
    15:15:29.0453 0692 ql12160 - ok
    15:15:29.0453 0692 ql1240 - ok
    15:15:29.0468 0692 ql1280 - ok
    15:15:29.0500 0692 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    15:15:29.0500 0692 RasAcd - ok
    15:15:29.0546 0692 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
    15:15:29.0578 0692 RasAuto - ok
    15:15:29.0609 0692 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    15:15:29.0609 0692 Rasl2tp - ok
    15:15:29.0656 0692 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
    15:15:29.0656 0692 RasMan - ok
    15:15:29.0671 0692 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    15:15:29.0671 0692 RasPppoe - ok
    15:15:29.0671 0692 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    15:15:29.0671 0692 Raspti - ok
    15:15:29.0734 0692 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    15:15:29.0734 0692 Rdbss - ok
    15:15:29.0765 0692 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    15:15:29.0765 0692 RDPCDD - ok
    15:15:29.0796 0692 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    15:15:29.0812 0692 rdpdr - ok
    15:15:29.0859 0692 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
    15:15:29.0859 0692 RDPWD - ok
    15:15:29.0890 0692 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
    15:15:29.0921 0692 RDSessMgr - ok
    15:15:29.0953 0692 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    15:15:29.0953 0692 redbook - ok
    15:15:30.0093 0692 RegSrvc (8477d7c3ee18513911547785a06eaf70) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    15:15:30.0109 0692 RegSrvc - ok
    15:15:30.0156 0692 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
    15:15:30.0187 0692 RemoteAccess - ok
    15:15:30.0234 0692 RemoteRegistry (e598d81197e2e0ec42a0c55772bb00e8) C:\WINDOWS\system32\regsvc.dll
    15:15:30.0234 0692 RemoteRegistry - ok
    15:15:30.0281 0692 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
    15:15:30.0312 0692 RpcLocator - ok
    15:15:30.0390 0692 RpcSs (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
    15:15:30.0390 0692 RpcSs - ok
    15:15:30.0421 0692 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
    15:15:30.0468 0692 RSVP - ok
    15:15:30.0578 0692 S24EventMonitor (e087728d371709c1817ef6487f3e2e73) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    15:15:30.0609 0692 S24EventMonitor - ok
    15:15:30.0640 0692 s24trans (15f598ddaafae02102438f09d4d14461) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    15:15:30.0656 0692 s24trans - ok
    15:15:30.0671 0692 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
    15:15:30.0671 0692 SamSs - ok
    15:15:30.0703 0692 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
    15:15:30.0734 0692 SCardSvr - ok
    15:15:30.0781 0692 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
    15:15:30.0796 0692 Schedule - ok
    15:15:30.0843 0692 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    15:15:30.0843 0692 Secdrv - ok
    15:15:30.0843 0692 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
    15:15:30.0859 0692 seclogon - ok
    15:15:30.0875 0692 SENS (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
    15:15:30.0875 0692 SENS - ok
    15:15:30.0906 0692 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
    15:15:30.0921 0692 Serial - ok
    15:15:30.0968 0692 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    15:15:30.0968 0692 Sfloppy - ok
    15:15:31.0015 0692 ShellHWDetection (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
    15:15:31.0015 0692 ShellHWDetection - ok
    15:15:31.0031 0692 Simbad - ok
    15:15:31.0093 0692 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
    15:15:31.0093 0692 SNC - ok
    15:15:31.0093 0692 Sparrow - ok
    15:15:31.0125 0692 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    15:15:31.0125 0692 splitter - ok
    15:15:31.0171 0692 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    15:15:31.0171 0692 Spooler - ok
    15:15:31.0250 0692 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    15:15:31.0250 0692 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    15:15:31.0265 0692 sptd ( LockedFile.Multi.Generic ) - warning
    15:15:31.0265 0692 sptd - detected LockedFile.Multi.Generic (1)
    15:15:31.0406 0692 SPTISRV (3980b48dff300a7e4139f5c64da65f5c) C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    15:15:31.0437 0692 SPTISRV - ok
    15:15:31.0453 0692 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    15:15:31.0468 0692 sr - ok
    15:15:31.0500 0692 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
    15:15:31.0515 0692 srservice - ok
    15:15:31.0562 0692 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    15:15:31.0562 0692 Srv - ok
    15:15:31.0609 0692 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
    15:15:31.0609 0692 SSDPSRV - ok
    15:15:31.0656 0692 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    15:15:31.0656 0692 ssmdrv - ok
    15:15:31.0703 0692 SSScsiSV (3dbade5b4aa47c245a69e99d72b8e73b) C:\Program Files\Fichiers communs\Sony Shared\Avlib\SSScsiSV.exe
    15:15:31.0765 0692 SSScsiSV - ok
    15:15:31.0859 0692 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    15:15:31.0859 0692 StarWindServiceAE - ok
    15:15:31.0921 0692 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
    15:15:31.0937 0692 stisvc - ok
    15:15:31.0968 0692 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    15:15:31.0968 0692 swenum - ok
    15:15:32.0000 0692 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    15:15:32.0000 0692 swmidi - ok
    15:15:32.0000 0692 SwPrv - ok
    15:15:32.0265 0692 Symantec Core LC (96bb13ef21dd3887e43a1263f97c6c2e) C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    15:15:32.0703 0692 Symantec Core LC - ok
    15:15:32.0703 0692 symc810 - ok
    15:15:32.0703 0692 symc8xx - ok
    15:15:32.0765 0692 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
    15:15:32.0765 0692 symlcbrd - ok
    15:15:32.0765 0692 sym_hi - ok
    15:15:32.0781 0692 sym_u3 - ok
    15:15:32.0796 0692 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    15:15:32.0796 0692 sysaudio - ok
    15:15:32.0859 0692 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
    15:15:32.0890 0692 SysmonLog - ok
    15:15:32.0953 0692 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
    15:15:32.0953 0692 TapiSrv - ok
    15:15:33.0031 0692 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    15:15:33.0031 0692 Tcpip - ok
    15:15:33.0078 0692 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    15:15:33.0078 0692 TDPIPE - ok
    15:15:33.0109 0692 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    15:15:33.0109 0692 TDTCP - ok
    15:15:33.0140 0692 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    15:15:33.0140 0692 TermDD - ok
    15:15:33.0171 0692 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
    15:15:33.0187 0692 TermService - ok
    15:15:33.0218 0692 Themes (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
    15:15:33.0234 0692 Themes - ok
    15:15:33.0296 0692 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
    15:15:33.0296 0692 ti21sony - ok
    15:15:33.0343 0692 TlntSvr (d859a9d2f026ce5804485068ffd6eaf2) C:\WINDOWS\system32\tlntsvr.exe
    15:15:33.0375 0692 TlntSvr - ok
    15:15:33.0390 0692 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
    15:15:33.0406 0692 toshidpt - ok
    15:15:33.0406 0692 TosIde - ok
    15:15:33.0453 0692 tosporte (b2842672056ca33f0a4aab3e5cbbf181) C:\WINDOWS\system32\DRIVERS\tosporte.sys
    15:15:33.0453 0692 tosporte - ok
    15:15:33.0484 0692 Tosrfbd (926ca0b7fd2fa62d82c33b3117936070) C:\WINDOWS\system32\Drivers\tosrfbd.sys
    15:15:33.0484 0692 Tosrfbd - ok
    15:15:33.0500 0692 Tosrfbnp (1ae2ba74b2a4f5a358b13fcd35258c30) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    15:15:33.0515 0692 Tosrfbnp - ok
    15:15:33.0531 0692 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
    15:15:33.0531 0692 Tosrfcom - ok
    15:15:33.0578 0692 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    15:15:33.0578 0692 Tosrfhid - ok
    15:15:33.0593 0692 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    15:15:33.0593 0692 tosrfnds - ok
    15:15:33.0640 0692 TosRfSnd (ab6fd13d7efa2634fa6bdf84c7ef0696) C:\WINDOWS\system32\drivers\TosRfSnd.sys
    15:15:33.0640 0692 TosRfSnd - ok
    15:15:33.0656 0692 Tosrfusb (d870fd6ce9060b73289f47e88630ee0e) C:\WINDOWS\system32\Drivers\tosrfusb.sys
    15:15:33.0656 0692 Tosrfusb - ok
    15:15:33.0703 0692 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
    15:15:33.0703 0692 TrkWks - ok
    15:15:33.0750 0692 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    15:15:33.0750 0692 Udfs - ok
    15:15:33.0750 0692 ultra - ok
    15:15:33.0812 0692 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    15:15:33.0812 0692 Update - ok
    15:15:33.0859 0692 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
    15:15:33.0906 0692 upnphost - ok
    15:15:33.0921 0692 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
    15:15:33.0937 0692 UPS - ok
    15:15:33.0953 0692 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    15:15:33.0953 0692 usbccgp - ok
    15:15:34.0000 0692 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    15:15:34.0000 0692 usbehci - ok
    15:15:34.0015 0692 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    15:15:34.0015 0692 usbhub - ok
    15:15:34.0046 0692 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    15:15:34.0046 0692 usbprint - ok
    15:15:34.0109 0692 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    15:15:34.0109 0692 usbscan - ok
    15:15:34.0140 0692 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    15:15:34.0140 0692 USBSTOR - ok
    15:15:34.0187 0692 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    15:15:34.0187 0692 usbuhci - ok
    15:15:34.0296 0692 VAIO Entertainment TV Device Arbitration Service (fb1a8f8cbd361fc1f0d144d5018c97f3) C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    15:15:34.0343 0692 VAIO Entertainment TV Device Arbitration Service - ok
    15:15:34.0421 0692 VAIO Event Service (1d5425783d92f34c63075fa0c4e2c3d5) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    15:15:34.0437 0692 VAIO Event Service - ok
    15:15:34.0640 0692 VAIOMediaPlatform-IntegratedServer-AppServer (3f8c67061b6c0795068bb2bb252fa374) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    15:15:34.0734 0692 VAIOMediaPlatform-IntegratedServer-AppServer - ok
    15:15:34.0859 0692 VAIOMediaPlatform-IntegratedServer-HTTP (ded309af31cb6ebe06d72cc1a10d5566) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    15:15:34.0890 0692 VAIOMediaPlatform-IntegratedServer-HTTP - ok
    15:15:34.0953 0692 VAIOMediaPlatform-IntegratedServer-UPnP (a530cd1825c86e4ef32518b5e192bf09) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    15:15:35.0000 0692 VAIOMediaPlatform-IntegratedServer-UPnP - ok
    15:15:35.0093 0692 VCI (55a47a048e5fd13977ca47df39cba5ff) C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
    15:15:35.0140 0692 VCI - ok
    15:15:35.0218 0692 Vcsw - ok
    15:15:35.0343 0692 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    15:15:35.0343 0692 VgaSave - ok
    15:15:35.0359 0692 ViaIde - ok
    15:15:35.0375 0692 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    15:15:35.0375 0692 VolSnap - ok
    15:15:35.0437 0692 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
    15:15:35.0484 0692 VSS - ok
    15:15:35.0531 0692 VzCdbSvc (af9ebc7cf22a18e2369346067f555953) C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    15:15:35.0531 0692 VzCdbSvc - ok
    15:15:35.0562 0692 VzFw (37d04941a5b52027ee32d2685f0f72ba) C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    15:15:35.0562 0692 VzFw - ok
    15:15:35.0593 0692 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
    15:15:35.0593 0692 W32Time - ok
    15:15:35.0625 0692 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    15:15:35.0625 0692 Wanarp - ok
    15:15:35.0625 0692 WDICA - ok
    15:15:35.0640 0692 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    15:15:35.0640 0692 wdmaud - ok
    15:15:35.0671 0692 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
    15:15:35.0671 0692 WebClient - ok
    15:15:35.0765 0692 winachsf (317dc24899ad7a06e3430bf45f292989) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    15:15:35.0765 0692 winachsf - ok
    15:15:35.0875 0692 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
    15:15:35.0875 0692 winmgmt - ok
    15:15:35.0921 0692 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    15:15:35.0953 0692 WmdmPmSN - ok
    15:15:36.0046 0692 Wmi (31c1fd0bbdc5b81c21edba4331edae55) C:\WINDOWS\System32\advapi32.dll
    15:15:36.0062 0692 Wmi - ok
    15:15:36.0093 0692 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    15:15:36.0109 0692 WmiApSrv - ok
    15:15:36.0375 0692 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    15:15:36.0437 0692 WPFFontCache_v0400 - ok
    15:15:36.0484 0692 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
    15:15:36.0515 0692 wuauserv - ok
    15:15:36.0593 0692 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    15:15:36.0593 0692 WudfPf - ok
    15:15:36.0609 0692 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    15:15:36.0609 0692 WudfRd - ok
    15:15:36.0640 0692 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    15:15:36.0687 0692 WudfSvc - ok
    15:15:36.0765 0692 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
    15:15:36.0781 0692 WZCSVC - ok
    15:15:36.0812 0692 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
    15:15:36.0859 0692 xmlprov - ok
    15:15:36.0906 0692 yukonwxp (87f126d0f8dc176b282924df0417075e) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    15:15:36.0921 0692 yukonwxp - ok
    15:15:36.0953 0692 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
    15:15:37.0484 0692 \Device\Harddisk0\DR0 - ok
    15:15:37.0500 0692 Boot (0x1200) (0f93c03d199586fee1b971c24de26c1a) \Device\Harddisk0\DR0\Partition0
    15:15:37.0500 0692 \Device\Harddisk0\DR0\Partition0 - ok
    15:15:37.0500 0692 ============================================================
    15:15:37.0500 0692 Scan finished
    15:15:37.0500 0692 ============================================================
    15:15:37.0515 3904 Detected object count: 1
    15:15:37.0515 3904 Actual detected object count: 1
    15:17:26.0859 3904 C:\WINDOWS\system32\Drivers\sptd.sys - copied to quarantine
    15:17:26.0921 3904 HKLM\SYSTEM\ControlSet001\services\sptd - will be deleted on reboot
    15:17:26.0921 3904 HKLM\SYSTEM\ControlSet002\services\sptd - will be deleted on reboot
    15:17:26.0937 3904 C:\WINDOWS\system32\Drivers\sptd.sys - will be deleted on reboot
    15:17:26.0937 3904 sptd ( LockedFile.Multi.Generic ) - User select action: Delete
    15:17:59.0078 2924 Deinitialize success

    ----------------------------------------------
    ------------------------------------------------
    FIN DU RAPPORT DE TDSSKILLER

    --------------------------------------------------------------------------------

    RAPPORT DE COMBOFIX :

    ComboFix 12-06-09.02 - SONY 10/06/2012 16:25:15.1.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.463 [GMT 2:00]
    Lancé depuis: c:\documents and settings\SONY\Bureau\ComboFix.exe
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\SONY\Application Data\PriceGong
    c:\documents and settings\SONY\Bureau\Live Security Platinum.lnk
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\@
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\n
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\U\00000001.@
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\U\80000000.@
    c:\documents and settings\SONY\WINDOWS
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\@
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\n
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\U\80000000.@
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\U\800000cb.@
    c:\windows\system32\SET1E.tmp
    c:\windows\system32\SET20.tmp
    c:\windows\system32\SET29.tmp
    c:\windows\system32\SET2A.tmp
    c:\windows\system32\SET37.tmp
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-10 au 2012-06-10 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-10 13:17 . 2012-06-10 13:17 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-10 13:05 . 2012-06-10 13:05 1520128 ----a-w- C:\RogueKiller.exe
    2012-06-10 11:51 . 2012-06-10 11:51 -------- d-----r- c:\documents and settings\LocalService\Favoris
    2012-06-10 11:19 . 2012-06-10 11:19 -------- d-----w- c:\program files\CONEXANT
    2012-06-09 18:37 . 2012-06-10 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2012-06-09 18:37 . 2012-06-09 18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-06-09 17:39 . 2012-06-09 17:39 -------- d-----w- c:\documents and settings\SONY\Application Data\Avira
    2012-06-09 17:33 . 2012-06-09 19:12 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-06-09 17:33 . 2011-12-01 15:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-06-09 17:33 . 2011-12-01 15:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-06-09 17:33 . 2012-06-09 17:33 -------- d-----w- c:\program files\Avira
    2012-06-09 17:33 . 2012-06-09 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2012-06-09 17:11 . 2012-06-10 11:10 -------- d-----w- c:\program files\Anti Trojan Elite
    2012-06-09 13:55 . 2012-06-09 13:55 -------- d-----w- c:\documents and settings\SONY\Application Data\F-Secure
    2012-06-09 13:54 . 2012-06-09 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55EFF000073236306D8ABD151FC4E
    2012-06-08 06:52 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4BBDE138-F2B3-4B81-BE24-FB74598B8F41}\mpengine.dll
    2012-06-07 07:12 . 2012-06-07 07:12 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-07 07:12 . 2012-06-07 07:12 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-05 07:54 . 2012-06-05 07:54 -------- d-----w- c:\program files\DVDFab 8 Qt
    2012-06-01 20:07 . 2012-06-01 20:07 -------- d--h--w- c:\windows\PIF
    2012-06-01 19:30 . 2012-06-01 19:30 -------- d-----w- c:\program files\Marvell
    2012-06-01 19:23 . 2012-01-16 09:06 53248 ----a-w- c:\windows\system32\CSVer.dll
    2012-06-01 19:23 . 2012-06-01 19:23 -------- d-----w- C:\Intel
    2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\documents and settings\SONY\Application Data\Intel
    2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
    2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Intel
    2012-06-01 19:17 . 2008-03-13 01:25 2530176 ----a-w- c:\windows\system32\drivers\NETw4x32.sys
    2012-06-01 19:17 . 2007-08-08 13:29 2772992 ----a-w- c:\windows\system32\NETw4r32.dll
    2012-06-01 19:17 . 2007-08-08 13:28 684032 ----a-w- c:\windows\system32\NETw4c32.dll
    2012-06-01 19:17 . 2012-06-01 19:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
    2012-06-01 19:17 . 2012-06-01 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
    2012-06-01 17:10 . 2012-06-01 20:21 -------- d-----w- C:\__DRIVERS_CZ1_TOUS_MES_DRIVERS
    2012-06-01 17:02 . 2012-06-01 17:03 -------- d-----w- c:\program files\ma-config.com
    2012-06-01 17:02 . 2012-06-01 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2012-05-31 07:55 . 2012-05-31 07:55 -------- d-----w- C:\DriveKey
    2012-05-30 10:35 . 2012-05-30 10:35 -------- d-----w- C:\MODIFIER CLE ACTIVATION WINDOWS
    2012-05-30 10:29 . 2012-05-30 13:06 -------- d-----w- C:\CLE BOOTABLE
    2012-05-28 21:10 . 2012-05-28 21:18 -------- d-----w- C:\INTEL 855 PM CHIPSET DRIVER
    2012-05-21 14:40 . 2012-06-10 13:13 2127960 ----a-w- C:\TDSSKiller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-09 07:29 . 2012-04-06 07:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-09 07:29 . 2011-08-23 08:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-01 19:19 . 2006-09-04 12:59 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2012-05-31 13:22 . 2006-09-04 03:51 606208 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-08 16:40 . 2012-01-07 16:34 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-04-11 13:51 . 2004-08-04 00:48 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-11 13:51 . 2006-09-04 03:52 1862400 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:51 . 2006-09-04 03:52 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-27 14:48 . 2006-09-04 03:53 299424 ----a-w- c:\windows\system32\drivers\yk51x86.sys
    2012-06-07 07:12 . 2012-05-09 08:52 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
    "orangeinside"="c:\documents and settings\SONY\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2010-09-16 858624]
    "MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-31 7561216]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
    "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
    "Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-06-14 4076544]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-4-7 1773568]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-06-20 14:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09/06/2012 19:33 36000]
    R2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/06/2012 19:33 86224]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [04/09/2006 05:53 226304]
    S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/07/2010 19:09 136176]
    S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [20/05/2011 11:13 1055872]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/04/2012 09:29 257224]
    S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [27/11/2010 16:25 24448]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/07/2010 19:09 136176]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [25/11/2011 16:36 311928]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [09/05/2012 10:54 113120]
    S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [28/09/2009 09:55 52656]
    S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [28/03/2012 19:18 24880]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - 95300683
    *Deregistered* - 95300683
    *Deregistered* - TrueSight
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 07:29]
    .
    2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 17:09]
    .
    2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 17:09]
    .
    2012-06-09 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    2012-06-09 c:\windows\Tasks\Norton Security Scan for SONY.job
    - c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-19 00:45]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage
    uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/fr/
    IE: ajouter cette page à vos favoris Orange - c:\documents and settings\SONY\Application Data\Orange\OrangeInside\src\addfavorites_ht
    0
  8. DRONE_DU_COLLECTIF Messages postés 96 Date d'inscription   Statut Membre Dernière intervention   3
     
    VOICI LE RAPPORT COMPLET DE COMBOFIX (qui a été tronqué plus haut...) :

    ComboFix 12-06-09.02 - SONY 10/06/2012 16:25:15.1.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.463 [GMT 2:00]
    Lancé depuis: c:\documents and settings\SONY\Bureau\ComboFix.exe
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\SONY\Application Data\PriceGong
    c:\documents and settings\SONY\Bureau\Live Security Platinum.lnk
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\@
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\n
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\U\00000001.@
    c:\documents and settings\SONY\Local Settings\Application Data\{559f2757-518d-d670-0246-21a0ddba224a}\U\80000000.@
    c:\documents and settings\SONY\WINDOWS
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\@
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\n
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\U\80000000.@
    c:\windows\Installer\{559f2757-518d-d670-0246-21a0ddba224a}\U\800000cb.@
    c:\windows\system32\SET1E.tmp
    c:\windows\system32\SET20.tmp
    c:\windows\system32\SET29.tmp
    c:\windows\system32\SET2A.tmp
    c:\windows\system32\SET37.tmp
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-05-10 au 2012-06-10 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-06-10 13:17 . 2012-06-10 13:17 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-10 13:05 . 2012-06-10 13:05 1520128 ----a-w- C:\RogueKiller.exe
    2012-06-10 11:51 . 2012-06-10 11:51 -------- d-----r- c:\documents and settings\LocalService\Favoris
    2012-06-10 11:19 . 2012-06-10 11:19 -------- d-----w- c:\program files\CONEXANT
    2012-06-09 18:37 . 2012-06-10 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2012-06-09 18:37 . 2012-06-09 18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-06-09 17:39 . 2012-06-09 17:39 -------- d-----w- c:\documents and settings\SONY\Application Data\Avira
    2012-06-09 17:33 . 2012-06-09 19:12 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-06-09 17:33 . 2011-12-01 15:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-06-09 17:33 . 2011-12-01 15:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-06-09 17:33 . 2012-06-09 17:33 -------- d-----w- c:\program files\Avira
    2012-06-09 17:33 . 2012-06-09 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2012-06-09 17:11 . 2012-06-10 11:10 -------- d-----w- c:\program files\Anti Trojan Elite
    2012-06-09 13:55 . 2012-06-09 13:55 -------- d-----w- c:\documents and settings\SONY\Application Data\F-Secure
    2012-06-09 13:54 . 2012-06-09 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\F4D55EFF000073236306D8ABD151FC4E
    2012-06-08 06:52 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{4BBDE138-F2B3-4B81-BE24-FB74598B8F41}\mpengine.dll
    2012-06-07 07:12 . 2012-06-07 07:12 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-07 07:12 . 2012-06-07 07:12 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-05 07:54 . 2012-06-05 07:54 -------- d-----w- c:\program files\DVDFab 8 Qt
    2012-06-01 20:07 . 2012-06-01 20:07 -------- d--h--w- c:\windows\PIF
    2012-06-01 19:30 . 2012-06-01 19:30 -------- d-----w- c:\program files\Marvell
    2012-06-01 19:23 . 2012-01-16 09:06 53248 ----a-w- c:\windows\system32\CSVer.dll
    2012-06-01 19:23 . 2012-06-01 19:23 -------- d-----w- C:\Intel
    2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\documents and settings\SONY\Application Data\Intel
    2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
    2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Intel
    2012-06-01 19:17 . 2008-03-13 01:25 2530176 ----a-w- c:\windows\system32\drivers\NETw4x32.sys
    2012-06-01 19:17 . 2007-08-08 13:29 2772992 ----a-w- c:\windows\system32\NETw4r32.dll
    2012-06-01 19:17 . 2007-08-08 13:28 684032 ----a-w- c:\windows\system32\NETw4c32.dll
    2012-06-01 19:17 . 2012-06-01 19:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
    2012-06-01 19:17 . 2012-06-01 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
    2012-06-01 17:10 . 2012-06-01 20:21 -------- d-----w- C:\__DRIVERS_CZ1_TOUS_MES_DRIVERS
    2012-06-01 17:02 . 2012-06-01 17:03 -------- d-----w- c:\program files\ma-config.com
    2012-06-01 17:02 . 2012-06-01 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com
    2012-05-31 07:55 . 2012-05-31 07:55 -------- d-----w- C:\DriveKey
    2012-05-30 10:35 . 2012-05-30 10:35 -------- d-----w- C:\MODIFIER CLE ACTIVATION WINDOWS
    2012-05-30 10:29 . 2012-05-30 13:06 -------- d-----w- C:\CLE BOOTABLE
    2012-05-28 21:10 . 2012-05-28 21:18 -------- d-----w- C:\INTEL 855 PM CHIPSET DRIVER
    2012-05-21 14:40 . 2012-06-10 13:13 2127960 ----a-w- C:\TDSSKiller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-09 07:29 . 2012-04-06 07:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-09 07:29 . 2011-08-23 08:14 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-01 19:19 . 2006-09-04 12:59 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2012-05-31 13:22 . 2006-09-04 03:51 606208 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-08 16:40 . 2012-01-07 16:34 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-04-11 13:51 . 2004-08-04 00:48 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-11 13:51 . 2006-09-04 03:52 1862400 ----a-w- c:\windows\system32\win32k.sys
    2012-04-11 13:51 . 2006-09-04 03:52 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-27 14:48 . 2006-09-04 03:53 299424 ----a-w- c:\windows\system32\drivers\yk51x86.sys
    2012-06-07 07:12 . 2012-05-09 08:52 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
    "orangeinside"="c:\documents and settings\SONY\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2010-09-16 858624]
    "MailNotifier"="c:\program files\Orange\MailNotifier\MailNotifier.exe" [2010-11-04 634368]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-17 118784]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-31 7561216]
    "SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
    "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
    "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
    "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-11 151552]
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-03-03 483328]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
    "F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-05-04 252136]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-04 999424]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-04 1101824]
    "Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2009-06-14 4076544]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-01 258512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
    .
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-4-7 1773568]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-06-20 14:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
    .
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [09/06/2012 19:33 36000]
    R2 AntiVirSchedulerService;Avira Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [09/06/2012 19:33 86224]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [04/09/2006 05:53 226304]
    S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [03/07/2010 19:09 136176]
    S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [20/05/2011 11:13 1055872]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06/04/2012 09:29 257224]
    S3 FNETTHJM;Freecom Turbo USB 2.0;c:\windows\system32\drivers\fnetthjm.sys [27/11/2010 16:25 24448]
    S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [03/07/2010 19:09 136176]
    S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [25/11/2011 16:36 311928]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [09/05/2012 10:54 113120]
    S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\drivers\OXSDIDRV_x32.sys [28/09/2009 09:55 52656]
    S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_x32.sys [28/03/2012 19:18 24880]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - 95300683
    *Deregistered* - 95300683
    *Deregistered* - TrueSight
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-06-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 07:29]
    .
    2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 17:09]
    .
    2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-03 17:09]
    .
    2012-06-09 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
    .
    2012-06-09 c:\windows\Tasks\Norton Security Scan for SONY.job
    - c:\progra~1\NORTON~2\Engine\351~1.8\Nss.exe [2011-11-19 00:45]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage
    uInternet Connection Wizard,ShellNext = hxxp://www.club-vaio.com/fr/
    IE: ajouter cette page à vos favoris Orange - c:\documents and settings\SONY\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
    IE: Ajouter un site de support RSS à VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    IE: envoyer le texte sélectionné par sms - c:\documents and settings\SONY\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
    IE: envoyer par sms - c:\documents and settings\SONY\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
    IE: envoyer un mail - c:\documents and settings\SONY\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
    IE: orange.fr - c:\documents and settings\SONY\Application Data\Orange\OrangeInside\src\orange_html\orange.html
    IE: rechercher le texte sélectionné - c:\documents and settings\SONY\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
    Trusted Zone: orange.fr\logicielsgratuits
    Trusted Zone: sony-europe.com
    Trusted Zone: sonystyle-europe.com
    Trusted Zone: vaio-link.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\SONY\Application Data\Mozilla\Firefox\Profiles\9luevnsr.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage
    FF - prefs.js: keyword.URL - hxxp://rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    SafeBoot-95300683.sys
    SafeBoot-WinDefend
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-10 16:37
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(892)
    c:\windows\system32\VESWinlogon.dll
    c:\windows\system32\netprovcredman.dll
    .
    Heure de fin: 2012-06-10 16:41:13
    ComboFix-quarantined-files.txt 2012-06-10 14:41
    .
    Avant-CF: 8 785 567 744 octets libres
    Après-CF: 8 832 929 792 octets libres
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - AC1D193221D8E9B035CD44FC2AA094D7

    -------------------------------------------------------------
    -------------------------------------------------------------
    FIN DU RAPPORT DE COMBOFIX
    0