PC bloqué par un virus "Police Judiciaire" [Résolu/Fermé]

Signaler
Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015
-
 speedou -
Bonjour, et merci d'avance pour votre écoute

Alors voila, mon pc, il y a quelques temps a été infecté par un virus et je recevais constamment des alertes de mon par feu qui détectait des virus du genre : "TR/Agent.8704.76".
Mais comme c'était la semaine du bac, je n'ai pas eu le temps de m'en occuper.

Et bref, hier matin ,en tentant d'allumer mon pc, je me retrouves avec une page de la " direction centrale de police judiciaire" qui me dit que je dois payer 100 euro d'amande ( via ukash ou pay safe card ) pour partage de contenu illicite. Je dois avouer que la page était très convainquant ! Mon pc était complètement bloqué et l'accès au bureau était complètement impossible. Et la page en question ressemblait à ça
http://www.forumcrack.com/viewtopic.php?f=4&t=11783 ( le screen qu'il y a sur ce topique mais avec quelques différences )

Puis hier soir l'ordi se rallume normalement et la page a mystérieusement disparus. Mais je continues à recevoir des alertes de mon parfeu pour ce même virus.

Je sais plus du tout quoi faire, surtout que mon père a absolument besoin de son pc et de ses données pour son buisness.
J'ai donc fait un scan HijackThis et voici le log :





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:52, on 25/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\Philips\SPC220NC\Monitor.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brian\Downloads\hijackthis_telechargement_01net.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Users\Brian\AppData\Local\Temp\01net\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2542115
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Softonic_France - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\tbSoft.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Monitor] C:\Windows\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [PPort12reminder] "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKCU\..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE /FU "C:\Windows\TEMP\E_S8036.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Widget Schneider] C:\PROGRA~1\SCHNEI~1\Schneider Widget.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: TrayMin220.lnk = ?
O4 - Global Startup: Vista QuickFix for Sinhala.lnk = ?
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{5DED2087-DE72-4701-9D13-900071BDFF0A}: NameServer = 212.27.40.240,212.27.41.240
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - Apple Inc. - (no file)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

27 réponses


bonjour,

désinstalle Spybot, il est inutile !

évite de télécharger les logiciels gratuits depuis 01net et Softonic :

ils repackent les logiciels gratuits pour y ajouter leurs barres d'outils !!!



* [*] Télécharger et enregistre RogueKiller sur le bureau
https://www.luanagames.com/index.fr.html (by tigzy)

[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du notepad

Note : Si Roguekiller ne se lance pas, change son nom en Winlogon.


3
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 60747 internautes nous ont dit merci ce mois-ci

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

D'accords, je fais ça tout de suite. Mais quand tu dis de quitter tous les programmes, je fermes aussi mon parefeu et mon antivirus.

Et merci de m'avoir répondu !

non, juste les programmes commeword et Cie pour ne pas perdre tes données au cas ou

roguekiller arrête le processus des programmes en cours d'execution :D

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

C'est bon j'ai effectué le scan. Mais cependant, je n'ai pas reussi a fermer avira, mais seulement le désactiver...
J'ai aussi cette page qui s'est ouverte :
http://tigzyrk.blogspot.fr/2011/09/rootkit-zeroaccess-max.html

Voila le rapport :


RogueKiller V7.5.4 [07/06/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Brian [Droits d'admin]
Mode: Recherche -- Date: 25/06/2012 13:09:54

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 12 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs) -> FOUND
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe c:\progra~2\crafiljmsub.dat,StartAs) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-2207460148-3193617796-3722516122-1000[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-18[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe c:\progra~2\crafiljmsub.dat,StartAs) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{5DED2087-DE72-4701-9D13-900071BDFF0A} : NameServer (212.27.40.240,212.27.41.240) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5DED2087-DE72-4701-9D13-900071BDFF0A} : NameServer (212.27.40.240,212.27.41.240) -> FOUND
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\n.) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
SSDT[186] : NtOpenFile @ 0x828173ED -> HOOKED (\??\C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys @ 0x88BF76A6)
SSDT[194] : NtOpenProcess @ 0x82831FAE -> HOOKED (Unknown @ 0x8A8C6008)
SSDT[218] : NtQueryDirectoryFile @ 0x8281A105 -> HOOKED (\??\C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys @ 0x88BF781A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\Assembly\GAC\Desktop.ini present!

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 5bedd849cc86dfa81b34bbade88918cb
[BSP] dcda6abd8ed780a846fb9e740d03a8c3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21100544 | Size: 228114 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt

relance Roguekiller, clique sur Supprimer,

poste son rapport.


puis suis la procedure de cette page que tu as du voir avec Tdsskiller et Combofix, poste les rapports :

http://tigzyrk.blogspot.fr/2011/09/rootkit-zeroaccess-max.html

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

Alors voila le rapport, puis je vais me lancer dans la procédure que tu m'as dit.



RogueKiller V7.5.4 [07/06/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Brian [Droits d'admin]
Mode: Suppression -- Date: 25/06/2012 13:20:19

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 10 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs) -> DELETED
[BLACKLIST DLL] HKUS\.DEFAULT[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe c:\progra~2\crafiljmsub.dat,StartAs) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-19[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs) -> DELETED
[BLACKLIST DLL] HKUS\S-1-5-20[...]\Run : ctfmon.exe (C:\Windows\system32\rundll32.exe C:\PROGRA~2\crafiljmsub.dat,StartAs) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8080) -> NOT REMOVED, USE PROXYFIX
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{5DED2087-DE72-4701-9D13-900071BDFF0A} : NameServer (212.27.40.240,212.27.41.240) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{5DED2087-DE72-4701-9D13-900071BDFF0A} : NameServer (212.27.40.240,212.27.41.240) -> NOT REMOVED, USE DNSFIX
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
SSDT[186] : NtOpenFile @ 0x828173ED -> HOOKED (\??\C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys @ 0x88BF76A6)
SSDT[194] : NtOpenProcess @ 0x82831FAE -> HOOKED (Unknown @ 0x8A8C6008)
SSDT[218] : NtQueryDirectoryFile @ 0x8281A105 -> HOOKED (\??\C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys @ 0x88BF781A)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\Assembly\GAC\Desktop.ini present!

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS ATA Device +++++
--- User ---
[MBR] 5bedd849cc86dfa81b34bbade88918cb
[BSP] dcda6abd8ed780a846fb9e740d03a8c3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 10240 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21100544 | Size: 228114 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

super, 'attends le rapport de Tdsskiller et Combofix :D

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

Tdsskiller m'as fait redémarrer mon pc et du coup je n'ai pas eu l'occasion de faire un rapport ( je croyais qu'il le ferait automatiquement ><' )
Du coup j'ai refait un scan, et voila le rapport :


13:29:20.0860 4544 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
13:29:21.0016 4544 ============================================================
13:29:21.0016 4544 Current date / time: 2012/06/25 13:29:21.0016
13:29:21.0016 4544 SystemInfo:
13:29:21.0016 4544
13:29:21.0016 4544 OS Version: 6.0.6002 ServicePack: 2.0
13:29:21.0016 4544 Product type: Workstation
13:29:21.0016 4544 ComputerName: PC-DE-BRIAN
13:29:21.0016 4544 UserName: Brian
13:29:21.0016 4544 Windows directory: C:\Windows
13:29:21.0016 4544 System windows directory: C:\Windows
13:29:21.0016 4544 Processor architecture: Intel x86
13:29:21.0016 4544 Number of processors: 2
13:29:21.0016 4544 Page size: 0x1000
13:29:21.0016 4544 Boot type: Normal boot
13:29:21.0016 4544 ============================================================
13:29:22.0061 4544 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:29:22.0186 4544 ============================================================
13:29:22.0186 4544 \Device\Harddisk0\DR0:
13:29:22.0201 4544 MBR partitions:
13:29:22.0201 4544 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1400000
13:29:22.0201 4544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141F800, BlocksNum 0x1BD89000
13:29:22.0201 4544 ============================================================
13:29:22.0264 4544 C: <-> \Device\Harddisk0\DR0\Partition1
13:29:22.0326 4544 D: <-> \Device\Harddisk0\DR0\Partition0
13:29:22.0326 4544 ============================================================
13:29:22.0326 4544 Initialize success
13:29:22.0326 4544 ============================================================
13:29:24.0105 4576 ============================================================
13:29:24.0105 4576 Scan started
13:29:24.0105 4576 Mode: Manual;
13:29:24.0105 4576 ============================================================
13:29:25.0290 4576 aawservice (0629361fac4576ba48ab39f4903dce9e) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
13:29:25.0290 4576 aawservice - ok
13:29:25.0665 4576 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:29:25.0665 4576 ACPI - ok
13:29:25.0711 4576 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:29:25.0789 4576 adp94xx - ok
13:29:25.0821 4576 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:29:25.0836 4576 adpahci - ok
13:29:25.0867 4576 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:29:25.0867 4576 adpu160m - ok
13:29:25.0883 4576 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:29:25.0899 4576 adpu320 - ok
13:29:25.0914 4576 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:29:25.0914 4576 AeLookupSvc - ok
13:29:25.0961 4576 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:29:25.0961 4576 AFD - ok
13:29:26.0008 4576 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
13:29:26.0008 4576 agp440 - ok
13:29:26.0023 4576 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:29:26.0023 4576 aic78xx - ok
13:29:26.0055 4576 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:29:26.0055 4576 ALG - ok
13:29:26.0086 4576 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
13:29:26.0086 4576 aliide - ok
13:29:26.0101 4576 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
13:29:26.0101 4576 amdagp - ok
13:29:26.0117 4576 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
13:29:26.0117 4576 amdide - ok
13:29:26.0133 4576 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:29:26.0133 4576 AmdK7 - ok
13:29:26.0133 4576 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:29:26.0133 4576 AmdK8 - ok
13:29:26.0226 4576 AntiVirSchedulerService (9015bc03f62940527ec92d45ee89e46f) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:29:26.0226 4576 AntiVirSchedulerService - ok
13:29:26.0257 4576 AntiVirService (b8720a787c1223492e6f319465e996ce) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:29:26.0257 4576 AntiVirService - ok
13:29:26.0304 4576 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:29:26.0304 4576 Appinfo - ok
13:29:26.0476 4576 Apple Mobile Device (557f35d1ca42aea14a6690e21887a31f) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:29:26.0476 4576 Apple Mobile Device - ok
13:29:26.0710 4576 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:29:26.0725 4576 arc - ok
13:29:26.0819 4576 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:29:26.0835 4576 arcsas - ok
13:29:26.0881 4576 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:29:26.0881 4576 AsyncMac - ok
13:29:26.0913 4576 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:29:26.0913 4576 atapi - ok
13:29:27.0037 4576 Ati External Event Utility (a98b419c1537457c12c5d42317550079) C:\Windows\system32\Ati2evxx.exe
13:29:27.0037 4576 Ati External Event Utility - ok
13:29:27.0365 4576 atikmdag (63fc6a312bb0fbbbf355cb5d4a1c7764) C:\Windows\system32\DRIVERS\atikmdag.sys
13:29:27.0396 4576 atikmdag - ok
13:29:27.0521 4576 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:29:27.0537 4576 AudioEndpointBuilder - ok
13:29:27.0537 4576 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:29:27.0552 4576 Audiosrv - ok
13:29:27.0661 4576 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:29:27.0661 4576 avgio - ok
13:29:27.0708 4576 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
13:29:27.0708 4576 avgntflt - ok
13:29:27.0755 4576 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
13:29:27.0771 4576 avipbb - ok
13:29:27.0786 4576 BDFsDrv - ok
13:29:27.0786 4576 BDRsDrv - ok
13:29:27.0833 4576 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:29:27.0849 4576 Beep - ok
13:29:27.0927 4576 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:29:27.0942 4576 BITS - ok
13:29:27.0942 4576 blbdrive - ok
13:29:28.0020 4576 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
13:29:28.0020 4576 Bonjour Service - ok
13:29:28.0098 4576 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:29:28.0098 4576 bowser - ok
13:29:28.0129 4576 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:29:28.0129 4576 BrFiltLo - ok
13:29:28.0129 4576 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:29:28.0129 4576 BrFiltUp - ok
13:29:28.0161 4576 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:29:28.0161 4576 Browser - ok
13:29:28.0239 4576 BrSerIb (9f80879913dc2712fd0c4d734e3f519b) C:\Windows\system32\DRIVERS\BrSerIb.sys
13:29:28.0239 4576 BrSerIb - ok
13:29:28.0270 4576 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:29:28.0270 4576 Brserid - ok
13:29:28.0285 4576 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:29:28.0285 4576 BrSerWdm - ok
13:29:28.0301 4576 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:29:28.0301 4576 BrUsbMdm - ok
13:29:28.0301 4576 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:29:28.0301 4576 BrUsbSer - ok
13:29:28.0379 4576 BrUsbSIb (b67512da42c0c90bf236d5485226c1c7) C:\Windows\system32\DRIVERS\BrUsbSIb.sys
13:29:28.0379 4576 BrUsbSIb - ok
13:29:28.0410 4576 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
13:29:28.0410 4576 BthEnum - ok
13:29:28.0441 4576 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:29:28.0457 4576 BTHMODEM - ok
13:29:28.0473 4576 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
13:29:28.0488 4576 BthPan - ok
13:29:28.0691 4576 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
13:29:28.0691 4576 BTHPORT - ok
13:29:28.0769 4576 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
13:29:28.0769 4576 BthServ - ok
13:29:28.0847 4576 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
13:29:28.0863 4576 BTHUSB - ok
13:29:28.0956 4576 catchme - ok
13:29:29.0003 4576 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:29:29.0003 4576 cdfs - ok
13:29:29.0034 4576 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:29:29.0050 4576 cdrom - ok
13:29:29.0097 4576 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:29:29.0097 4576 CertPropSvc - ok
13:29:29.0128 4576 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:29:29.0128 4576 circlass - ok
13:29:29.0268 4576 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:29:29.0284 4576 CLFS - ok
13:29:29.0331 4576 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:29:29.0331 4576 clr_optimization_v2.0.50727_32 - ok
13:29:29.0487 4576 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:29:29.0502 4576 clr_optimization_v4.0.30319_32 - ok
13:29:29.0533 4576 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
13:29:29.0533 4576 cmdide - ok
13:29:29.0549 4576 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
13:29:29.0549 4576 Compbatt - ok
13:29:29.0549 4576 COMSysApp - ok
13:29:29.0643 4576 cpuz132 - ok
13:29:29.0674 4576 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:29:29.0674 4576 crcdisk - ok
13:29:29.0689 4576 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:29:29.0689 4576 Crusoe - ok
13:29:29.0736 4576 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:29:29.0752 4576 CryptSvc - ok
13:29:29.0830 4576 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:29:29.0845 4576 DcomLaunch - ok
13:29:29.0877 4576 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:29:29.0877 4576 DfsC - ok
13:29:30.0064 4576 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:29:30.0111 4576 DFSR - ok
13:29:30.0345 4576 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:29:30.0345 4576 Dhcp - ok
13:29:30.0407 4576 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:29:30.0407 4576 disk - ok
13:29:30.0625 4576 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:29:30.0625 4576 Dnscache - ok
13:29:30.0875 4576 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:29:30.0875 4576 dot3svc - ok
13:29:30.0937 4576 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:29:30.0937 4576 DPS - ok
13:29:31.0015 4576 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:29:31.0031 4576 drmkaud - ok
13:29:31.0608 4576 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:29:31.0608 4576 DXGKrnl - ok
13:29:31.0671 4576 e1express (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys
13:29:31.0686 4576 e1express - ok
13:29:31.0749 4576 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:29:31.0749 4576 E1G60 - ok
13:29:31.0827 4576 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:29:31.0827 4576 EapHost - ok
13:29:31.0858 4576 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:29:31.0873 4576 Ecache - ok
13:29:32.0295 4576 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:29:32.0295 4576 ehRecvr - ok
13:29:32.0731 4576 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:29:32.0731 4576 ehSched - ok
13:29:32.0763 4576 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:29:32.0763 4576 ehstart - ok
13:29:32.0809 4576 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:29:32.0809 4576 elxstor - ok
13:29:32.0872 4576 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:29:32.0887 4576 EMDMgmt - ok
13:29:33.0511 4576 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:29:33.0543 4576 EventSystem - ok
13:29:33.0574 4576 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:29:33.0574 4576 exfat - ok
13:29:33.0699 4576 Fabs - ok
13:29:33.0745 4576 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:29:33.0745 4576 fastfat - ok
13:29:33.0777 4576 fbxusb (504e93682655a7b3af1fb5bff3f44322) C:\Windows\system32\DRIVERS\fbxusb32.sys
13:29:33.0777 4576 fbxusb - ok
13:29:33.0808 4576 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:29:33.0808 4576 fdc - ok
13:29:33.0855 4576 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:29:33.0855 4576 fdPHost - ok
13:29:33.0886 4576 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:29:33.0886 4576 FDResPub - ok
13:29:34.0042 4576 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:29:34.0042 4576 FileInfo - ok
13:29:34.0057 4576 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:29:34.0073 4576 Filetrace - ok
13:29:34.0338 4576 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:29:34.0447 4576 FirebirdServerMAGIXInstance - ok
13:29:34.0697 4576 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:29:34.0697 4576 flpydisk - ok
13:29:34.0728 4576 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:29:34.0744 4576 FltMgr - ok
13:29:34.0822 4576 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:29:34.0853 4576 FontCache - ok
13:29:34.0947 4576 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:29:34.0947 4576 FontCache3.0.0.0 - ok
13:29:34.0978 4576 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:29:34.0978 4576 Fs_Rec - ok
13:29:35.0103 4576 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:29:35.0103 4576 gagp30kx - ok
13:29:35.0165 4576 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:29:35.0165 4576 GEARAspiWDM - ok
13:29:35.0555 4576 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:29:35.0571 4576 gpsvc - ok
13:29:35.0805 4576 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:29:35.0805 4576 gusvc - ok
13:29:36.0163 4576 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:29:36.0163 4576 HDAudBus - ok
13:29:36.0319 4576 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:29:36.0319 4576 HidBth - ok
13:29:36.0335 4576 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:29:36.0335 4576 HidIr - ok
13:29:36.0382 4576 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:29:36.0382 4576 hidserv - ok
13:29:36.0475 4576 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:29:36.0475 4576 HidUsb - ok
13:29:36.0803 4576 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:29:36.0803 4576 hkmsvc - ok
13:29:36.0897 4576 HMFAxCore8ca4fd17866cac11805503e882557762 (2a20de5280ba64032500dc40dddad5a3) C:\Windows\system32\drivers\HMFAxCore8ca4fd17866cac11805503e882557762.sys
13:29:36.0897 4576 HMFAxCore8ca4fd17866cac11805503e882557762 - ok
13:29:37.0474 4576 HP LaserJet Service (53dca61931847e35c950504bfb7559c6) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
13:29:37.0505 4576 HP LaserJet Service - ok
13:29:37.0552 4576 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:29:37.0552 4576 HpCISSs - ok
13:29:37.0583 4576 HPSIService (94d23d4f096f12ca42c2fe4196631f46) C:\Windows\system32\HPSIsvc.exe
13:29:37.0583 4576 HPSIService - ok
13:29:37.0817 4576 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:29:37.0817 4576 HTTP - ok
13:29:37.0879 4576 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:29:37.0895 4576 i2omp - ok
13:29:37.0942 4576 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:29:37.0942 4576 i8042prt - ok
13:29:37.0989 4576 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
13:29:37.0989 4576 iaStor - ok
13:29:38.0035 4576 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:29:38.0051 4576 iaStorV - ok
13:29:38.0238 4576 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:29:38.0238 4576 IDriverT - ok
13:29:38.0815 4576 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:29:38.0862 4576 idsvc - ok
13:29:39.0049 4576 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:29:39.0049 4576 iirsp - ok
13:29:39.0439 4576 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:29:39.0455 4576 IKEEXT - ok
13:29:39.0673 4576 IntcAzAudAddService (4eae74c8bcbca309a5d7cbad7e231427) C:\Windows\system32\drivers\RTKVHDA.sys
13:29:39.0689 4576 IntcAzAudAddService - ok
13:29:39.0876 4576 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\DRIVERS\intelide.sys
13:29:39.0876 4576 intelide - ok
13:29:39.0939 4576 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:29:39.0939 4576 intelppm - ok
13:29:39.0985 4576 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:29:40.0001 4576 IPBusEnum - ok
13:29:40.0017 4576 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:29:40.0017 4576 IpFilterDriver - ok
13:29:40.0017 4576 IpInIp - ok
13:29:40.0048 4576 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:29:40.0063 4576 IPMIDRV - ok
13:29:40.0110 4576 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:29:40.0110 4576 IPNAT - ok
13:29:40.0734 4576 iPod Service (6e0faea90e71c5f1b9f3bc71b4cca2fa) C:\Program Files\iPod\bin\iPodService.exe
13:29:40.0750 4576 iPod Service - ok
13:29:40.0781 4576 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:29:40.0781 4576 IRENUM - ok
13:29:40.0812 4576 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
13:29:40.0812 4576 isapnp - ok
13:29:40.0937 4576 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:29:40.0953 4576 iScsiPrt - ok
13:29:40.0984 4576 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:29:40.0984 4576 iteatapi - ok
13:29:40.0984 4576 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:29:40.0984 4576 iteraid - ok
13:29:41.0062 4576 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:29:41.0062 4576 kbdclass - ok
13:29:41.0124 4576 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:29:41.0124 4576 kbdhid - ok
13:29:41.0171 4576 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:41.0171 4576 KeyIso - ok
13:29:41.0296 4576 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:29:41.0296 4576 KSecDD - ok
13:29:41.0343 4576 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:29:41.0358 4576 KtmRm - ok
13:29:41.0389 4576 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:29:41.0405 4576 LanmanServer - ok
13:29:41.0436 4576 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:29:41.0436 4576 LanmanWorkstation - ok
13:29:41.0467 4576 lg3gbus - ok
13:29:41.0467 4576 lg3gmdfl - ok
13:29:41.0467 4576 lg3gmdm - ok
13:29:41.0483 4576 lg3gmgmt - ok
13:29:41.0483 4576 lg3gnd5 - ok
13:29:41.0499 4576 lg3gobex - ok
13:29:41.0514 4576 lg3gunic - ok
13:29:41.0545 4576 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:29:41.0545 4576 lltdio - ok
13:29:41.0811 4576 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:29:41.0826 4576 lltdsvc - ok
13:29:41.0920 4576 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:29:41.0920 4576 lmhosts - ok
13:29:41.0967 4576 LMIInfo - ok
13:29:41.0998 4576 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
13:29:41.0998 4576 lmimirr - ok
13:29:42.0013 4576 LMIRfsClientNP - ok
13:29:42.0045 4576 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
13:29:42.0045 4576 LMIRfsDriver - ok
13:29:42.0076 4576 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:29:42.0076 4576 LSI_FC - ok
13:29:42.0107 4576 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:29:42.0107 4576 LSI_SAS - ok
13:29:42.0123 4576 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:29:42.0138 4576 LSI_SCSI - ok
13:29:42.0154 4576 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:29:42.0169 4576 luafv - ok
13:29:42.0201 4576 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:29:42.0216 4576 Mcx2Svc - ok
13:29:42.0232 4576 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:29:42.0232 4576 megasas - ok
13:29:42.0325 4576 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:29:42.0325 4576 MMCSS - ok
13:29:42.0372 4576 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:29:42.0388 4576 Modem - ok
13:29:42.0419 4576 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:29:42.0419 4576 monitor - ok
13:29:42.0450 4576 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:29:42.0450 4576 mouclass - ok
13:29:42.0466 4576 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:29:42.0466 4576 mouhid - ok
13:29:42.0544 4576 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:29:42.0544 4576 MountMgr - ok
13:29:42.0591 4576 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:29:42.0591 4576 mpio - ok
13:29:42.0622 4576 MPRIFL (a252adb815e5186382d79e19dd7a486b) C:\Windows\system32\DRIVERS\MPRIFL.SYS
13:29:42.0622 4576 MPRIFL - ok
13:29:42.0653 4576 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:29:42.0653 4576 mpsdrv - ok
13:29:42.0684 4576 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:29:42.0684 4576 Mraid35x - ok
13:29:42.0715 4576 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:29:42.0731 4576 MRxDAV - ok
13:29:42.0762 4576 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:29:42.0762 4576 mrxsmb - ok
13:29:42.0825 4576 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:29:42.0825 4576 mrxsmb10 - ok
13:29:42.0856 4576 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:29:42.0856 4576 mrxsmb20 - ok
13:29:42.0887 4576 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
13:29:42.0887 4576 msahci - ok
13:29:42.0996 4576 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
13:29:43.0012 4576 MSCSPTISRV - ok
13:29:43.0027 4576 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:29:43.0027 4576 msdsm - ok
13:29:43.0090 4576 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:29:43.0105 4576 MSDTC - ok
13:29:43.0168 4576 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:29:43.0168 4576 Msfs - ok
13:29:43.0183 4576 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:29:43.0199 4576 msisadrv - ok
13:29:43.0246 4576 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:29:43.0261 4576 MSiSCSI - ok
13:29:43.0261 4576 msiserver - ok
13:29:43.0324 4576 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:29:43.0324 4576 MSKSSRV - ok
13:29:43.0355 4576 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:29:43.0355 4576 MSPCLOCK - ok
13:29:43.0371 4576 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:29:43.0371 4576 MSPQM - ok
13:29:43.0386 4576 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:29:43.0402 4576 MsRPC - ok
13:29:43.0433 4576 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:29:43.0449 4576 mssmbios - ok
13:29:43.0449 4576 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:29:43.0449 4576 MSTEE - ok
13:29:43.0464 4576 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:29:43.0480 4576 Mup - ok
13:29:43.0542 4576 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\Windows\system32\Drivers\mvusbews.sys
13:29:43.0542 4576 mvusbews - ok
13:29:43.0573 4576 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:29:43.0589 4576 napagent - ok
13:29:43.0620 4576 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:29:43.0620 4576 NativeWifiP - ok
13:29:43.0745 4576 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:29:43.0761 4576 NDIS - ok
13:29:43.0792 4576 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:29:43.0792 4576 NdisTapi - ok
13:29:43.0807 4576 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:29:43.0807 4576 Ndisuio - ok
13:29:43.0823 4576 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:29:43.0839 4576 NdisWan - ok
13:29:43.0854 4576 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:29:43.0854 4576 NDProxy - ok
13:29:43.0948 4576 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:29:43.0948 4576 NetBIOS - ok
13:29:44.0010 4576 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:29:44.0010 4576 netbt - ok
13:29:44.0041 4576 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:44.0057 4576 Netlogon - ok
13:29:44.0541 4576 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:29:44.0556 4576 Netman - ok
13:29:44.0587 4576 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:29:44.0603 4576 netprofm - ok
13:29:44.0697 4576 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:29:44.0697 4576 NetTcpPortSharing - ok
13:29:44.0728 4576 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:29:44.0728 4576 nfrd960 - ok
13:29:44.0884 4576 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:29:44.0884 4576 NlaSvc - ok
13:29:44.0962 4576 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:29:44.0962 4576 Npfs - ok
13:29:44.0993 4576 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:29:45.0009 4576 nsi - ok
13:29:45.0024 4576 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:29:45.0024 4576 nsiproxy - ok
13:29:45.0087 4576 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:29:45.0102 4576 Ntfs - ok
13:29:45.0165 4576 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:29:45.0165 4576 ntrigdigi - ok
13:29:45.0211 4576 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:29:45.0211 4576 Null - ok
13:29:45.0336 4576 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:29:45.0336 4576 nvraid - ok
13:29:45.0430 4576 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:29:45.0430 4576 nvstor - ok
13:29:45.0586 4576 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
13:29:45.0586 4576 nv_agp - ok
13:29:45.0586 4576 NwlnkFlt - ok
13:29:45.0601 4576 NwlnkFwd - ok
13:29:45.0633 4576 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
13:29:45.0633 4576 ohci1394 - ok
13:29:45.0711 4576 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:45.0742 4576 p2pimsvc - ok
13:29:45.0757 4576 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:45.0773 4576 p2psvc - ok
13:29:45.0882 4576 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
13:29:45.0882 4576 PACSPTISVR - ok
13:29:46.0038 4576 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:29:46.0038 4576 Parport - ok
13:29:46.0132 4576 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:29:46.0132 4576 partmgr - ok
13:29:46.0179 4576 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:29:46.0179 4576 Parvdm - ok
13:29:46.0241 4576 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:29:46.0257 4576 PcaSvc - ok
13:29:46.0319 4576 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:29:46.0319 4576 pci - ok
13:29:46.0335 4576 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:29:46.0350 4576 pciide - ok
13:29:46.0366 4576 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:29:46.0381 4576 pcmcia - ok
13:29:46.0428 4576 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\Windows\system32\drivers\PCTAppEvent.sys
13:29:46.0428 4576 PCTAppEvent - ok
13:29:46.0459 4576 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\Windows\System32\drivers\pctgntdi.sys
13:29:46.0475 4576 pctgntdi - ok
13:29:46.0647 4576 PCToolsFirewallPlus (d93108a20fa4b4317952234de106f199) C:\Program Files\PC Tools Firewall Plus\FWService.exe
13:29:46.0647 4576 PCToolsFirewallPlus - ok
13:29:46.0771 4576 pctplfw (0eec24affc5ab0a2bbe4a6a886230aa5) C:\Windows\System32\drivers\pctplfw.sys
13:29:46.0771 4576 pctplfw - ok
13:29:46.0818 4576 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:29:46.0865 4576 PEAUTH - ok
13:29:46.0896 4576 pgfilter - ok
13:29:47.0083 4576 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:29:47.0146 4576 pla - ok
13:29:47.0567 4576 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:29:47.0583 4576 PlugPlay - ok
13:29:47.0614 4576 PnkBstrA (831883b107684301f48ace752c963984) C:\Windows\system32\PnkBstrA.exe
13:29:47.0629 4576 PnkBstrA - ok
13:29:47.0941 4576 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:47.0957 4576 PNRPAutoReg - ok
13:29:47.0973 4576 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:29:47.0988 4576 PNRPsvc - ok
13:29:48.0051 4576 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:29:48.0066 4576 PolicyAgent - ok
13:29:48.0207 4576 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:29:48.0207 4576 PptpMiniport - ok
13:29:48.0300 4576 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:29:48.0300 4576 Processor - ok
13:29:48.0550 4576 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:29:48.0550 4576 ProfSvc - ok
13:29:48.0597 4576 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:48.0597 4576 ProtectedStorage - ok
13:29:48.0799 4576 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:29:48.0815 4576 PSched - ok
13:29:48.0862 4576 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
13:29:48.0862 4576 PxHelp20 - ok
13:29:48.0971 4576 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:29:48.0987 4576 ql2300 - ok
13:29:49.0080 4576 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:29:49.0080 4576 ql40xx - ok
13:29:49.0283 4576 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:29:49.0299 4576 QWAVE - ok
13:29:49.0330 4576 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:29:49.0330 4576 QWAVEdrv - ok
13:29:49.0907 4576 R300 (63fc6a312bb0fbbbf355cb5d4a1c7764) C:\Windows\system32\DRIVERS\atikmdag.sys
13:29:49.0938 4576 R300 - ok
13:29:50.0125 4576 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
13:29:50.0141 4576 RapiMgr - ok
13:29:50.0999 4576 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:29:51.0015 4576 RasAcd - ok
13:29:51.0077 4576 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:29:51.0077 4576 RasAuto - ok
13:29:51.0124 4576 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:29:51.0124 4576 Rasl2tp - ok
13:29:51.0249 4576 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:29:51.0264 4576 RasMan - ok
13:29:51.0311 4576 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:29:51.0311 4576 RasPppoe - ok
13:29:51.0373 4576 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:29:51.0373 4576 RasSstp - ok
13:29:51.0779 4576 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:29:51.0779 4576 rdbss - ok
13:29:51.0826 4576 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:29:51.0826 4576 RDPCDD - ok
13:29:51.0982 4576 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
13:29:51.0982 4576 rdpdr - ok
13:29:52.0029 4576 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:29:52.0029 4576 RDPENCDD - ok
13:29:52.0122 4576 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:29:52.0122 4576 RDPWD - ok
13:29:52.0153 4576 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:29:52.0169 4576 RemoteAccess - ok
13:29:52.0200 4576 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:29:52.0216 4576 RemoteRegistry - ok
13:29:52.0247 4576 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
13:29:52.0247 4576 RFCOMM - ok
13:29:53.0230 4576 RoxMediaDB9 (ebcde8b48fadc6479d96a56d0a432160) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
13:29:53.0277 4576 RoxMediaDB9 - ok
13:29:53.0511 4576 RoxWatch9 (ab2b1de1c8f31efce2384b14b3dc4260) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
13:29:53.0526 4576 RoxWatch9 - ok
13:29:53.0682 4576 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:29:53.0682 4576 RpcLocator - ok
13:29:53.0760 4576 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:29:53.0776 4576 RpcSs - ok
13:29:53.0854 4576 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:29:53.0854 4576 rspndr - ok
13:29:53.0916 4576 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:29:53.0916 4576 SamSs - ok
13:29:53.0979 4576 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:29:53.0979 4576 sbp2port - ok
13:29:54.0088 4576 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:29:54.0088 4576 SBSDWSCService - ok
13:29:54.0431 4576 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:29:54.0431 4576 SCardSvr - ok
13:29:54.0681 4576 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:29:54.0712 4576 Schedule - ok
13:29:54.0743 4576 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:29:54.0743 4576 SCPolicySvc - ok
13:29:54.0883 4576 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:29:54.0883 4576 SDRSVC - ok
13:29:54.0946 4576 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:29:54.0946 4576 secdrv - ok
13:29:54.0993 4576 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:29:55.0008 4576 seclogon - ok
13:29:55.0149 4576 SENS (3381c768e82ff6c2d6c985d3169f1a0c) C:\PROGRA~2\crafiljmsub.dat
13:29:55.0164 4576 SENS - ok
13:29:55.0195 4576 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
13:29:55.0195 4576 Serenum - ok
13:29:55.0351 4576 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
13:29:55.0351 4576 Serial - ok
13:29:55.0414 4576 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:29:55.0414 4576 sermouse - ok
13:29:55.0601 4576 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:29:55.0617 4576 SessionEnv - ok
13:29:55.0695 4576 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
13:29:55.0710 4576 sffdisk - ok
13:29:55.0726 4576 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
13:29:55.0726 4576 sffp_mmc - ok
13:29:55.0741 4576 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
13:29:55.0741 4576 sffp_sd - ok
13:29:55.0788 4576 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\Windows\system32\DRIVERS\pctfw.sys
13:29:55.0804 4576 SFilter - ok
13:29:55.0819 4576 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:29:55.0819 4576 sfloppy - ok
13:29:55.0897 4576 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:29:55.0913 4576 ShellHWDetection - ok
13:29:56.0038 4576 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
13:29:56.0053 4576 sisagp - ok
13:29:56.0147 4576 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:29:56.0147 4576 SiSRaid2 - ok
13:29:56.0178 4576 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:29:56.0178 4576 SiSRaid4 - ok
13:29:57.0114 4576 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:29:57.0208 4576 slsvc - ok
13:29:57.0442 4576 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:29:57.0457 4576 SLUINotify - ok
13:29:57.0598 4576 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:29:57.0613 4576 Smb - ok
13:29:57.0645 4576 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:29:57.0660 4576 SNMPTRAP - ok
13:29:57.0707 4576 SPC220NC (3526097e13a156a2276b855b555c2891) C:\Windows\system32\DRIVERS\SPC220NC.SYS
13:29:57.0723 4576 SPC220NC - ok
13:29:57.0754 4576 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:29:57.0754 4576 spldr - ok
13:29:57.0801 4576 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:29:57.0832 4576 Spooler - ok
13:29:57.0941 4576 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
13:29:57.0957 4576 SPTISRV - ok
13:29:58.0097 4576 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:29:58.0113 4576 srv - ok
13:29:58.0191 4576 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:29:58.0191 4576 srv2 - ok
13:29:58.0222 4576 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:29:58.0222 4576 srvnet - ok
13:29:58.0471 4576 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:29:58.0487 4576 SSDPSRV - ok
13:29:58.0503 4576 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:29:58.0503 4576 ssmdrv - ok
13:29:58.0659 4576 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:29:58.0674 4576 SstpSvc - ok
13:29:58.0690 4576 Steam Client Service - ok
13:29:58.0721 4576 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
13:29:58.0721 4576 StillCam - ok
13:29:58.0783 4576 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:29:58.0830 4576 stisvc - ok
13:29:58.0861 4576 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:29:58.0861 4576 stllssvr - ok
13:29:58.0893 4576 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:29:58.0893 4576 swenum - ok
13:29:59.0095 4576 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:29:59.0142 4576 swprv - ok
13:29:59.0173 4576 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:29:59.0173 4576 Symc8xx - ok
13:29:59.0205 4576 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:29:59.0205 4576 Sym_hi - ok
13:29:59.0236 4576 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:29:59.0236 4576 Sym_u3 - ok
13:29:59.0688 4576 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:29:59.0735 4576 SysMain - ok
13:29:59.0751 4576 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:29:59.0766 4576 TabletInputService - ok
13:29:59.0813 4576 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:29:59.0829 4576 TapiSrv - ok
13:29:59.0860 4576 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:29:59.0875 4576 TBS - ok
13:30:00.0125 4576 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:30:00.0141 4576 Tcpip - ok
13:30:00.0156 4576 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:30:00.0172 4576 Tcpip6 - ok
13:30:00.0219 4576 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:30:00.0219 4576 tcpipreg - ok
13:30:00.0265 4576 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:30:00.0281 4576 TDPIPE - ok
13:30:00.0328 4576 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:30:00.0328 4576 TDTCP - ok
13:30:00.0406 4576 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:30:00.0406 4576 tdx - ok
13:30:00.0577 4576 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:30:00.0577 4576 TermDD - ok
13:30:00.0796 4576 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:30:00.0827 4576 TermService - ok
13:30:00.0874 4576 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:30:00.0874 4576 Themes - ok
13:30:00.0921 4576 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:30:00.0921 4576 THREADORDER - ok
13:30:00.0952 4576 TICalc (0dabaa63799b0bf20f95c73ce5d9ca87) C:\Windows\system32\drivers\TICalc.sys
13:30:00.0952 4576 TICalc - ok
13:30:01.0077 4576 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:30:01.0092 4576 TrkWks - ok
13:30:01.0170 4576 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:30:01.0170 4576 TrustedInstaller - ok
13:30:01.0295 4576 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:30:01.0311 4576 tssecsrv - ok
13:30:01.0342 4576 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:30:01.0342 4576 tunmp - ok
13:30:01.0389 4576 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:30:01.0389 4576 tunnel - ok
13:30:01.0467 4576 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:30:01.0482 4576 uagp35 - ok
13:30:01.0747 4576 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:30:01.0747 4576 udfs - ok
13:30:01.0779 4576 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:30:01.0794 4576 UI0Detect - ok
13:30:01.0841 4576 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
13:30:01.0841 4576 uliagpkx - ok
13:30:02.0137 4576 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:30:02.0137 4576 uliahci - ok
13:30:02.0262 4576 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:30:02.0262 4576 UlSata - ok
13:30:02.0371 4576 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:30:02.0371 4576 ulsata2 - ok
13:30:02.0449 4576 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:30:02.0449 4576 umbus - ok
13:30:02.0512 4576 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
13:30:02.0512 4576 UMPass - ok
13:30:02.0808 4576 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:30:02.0824 4576 upnphost - ok
13:30:02.0855 4576 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
13:30:02.0871 4576 USBAAPL - ok
13:30:02.0902 4576 usbbus (5aadc9297c39aa249cd994acdba19034) C:\Windows\system32\DRIVERS\lgusbbus.sys
13:30:02.0902 4576 usbbus - ok
13:30:03.0042 4576 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:30:03.0042 4576 usbccgp - ok
13:30:03.0120 4576 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:30:03.0120 4576 usbcir - ok
13:30:03.0151 4576 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\Windows\system32\DRIVERS\lgusbdiag.sys
13:30:03.0151 4576 UsbDiag - ok
13:30:03.0183 4576 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:30:03.0183 4576 usbehci - ok
13:30:03.0245 4576 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:30:03.0245 4576 usbhub - ok
13:30:03.0292 4576 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\Windows\system32\DRIVERS\lgusbmodem.sys
13:30:03.0307 4576 USBModem - ok
13:30:03.0323 4576 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:30:03.0323 4576 usbohci - ok
13:30:03.0401 4576 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:30:03.0417 4576 usbprint - ok
13:30:03.0510 4576 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:30:03.0510 4576 usbscan - ok
13:30:03.0651 4576 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:30:03.0651 4576 USBSTOR - ok
13:30:03.0729 4576 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:30:03.0729 4576 usbuhci - ok
13:30:03.0838 4576 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:30:03.0838 4576 UxSms - ok
13:30:04.0087 4576 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:30:04.0103 4576 vds - ok
13:30:04.0197 4576 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:30:04.0197 4576 vga - ok
13:30:04.0259 4576 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:30:04.0259 4576 VgaSave - ok
13:30:04.0275 4576 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
13:30:04.0290 4576 viaagp - ok
13:30:04.0337 4576 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:30:04.0337 4576 ViaC7 - ok
13:30:04.0353 4576 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
13:30:04.0353 4576 viaide - ok
13:30:04.0446 4576 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:30:04.0446 4576 volmgr - ok
13:30:04.0555 4576 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:30:04.0555 4576 volmgrx - ok
13:30:04.0727 4576 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:30:04.0727 4576 volsnap - ok
13:30:04.0867 4576 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:30:04.0867 4576 vsmraid - ok
13:30:05.0195 4576 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:30:05.0226 4576 VSS - ok
13:30:05.0772 4576 vvdsvc (da162564646da62c40238153a1cbf268) C:\Windows\system32\Nagasoft\vjocx.dll
13:30:05.0835 4576 vvdsvc - ok
13:30:06.0318 4576 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:30:06.0334 4576 W32Time - ok
13:30:06.0552 4576 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:30:06.0552 4576 WacomPen - ok
13:30:06.0864 4576 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:30:06.0864 4576 Wanarp - ok
13:30:06.0880 4576 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:30:06.0880 4576 Wanarpv6 - ok
13:30:07.0239 4576 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
13:30:07.0239 4576 WcesComm - ok
13:30:07.0348 4576 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:30:07.0379 4576 wcncsvc - ok
13:30:07.0410 4576 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:30:07.0426 4576 WcsPlugInService - ok
13:30:07.0457 4576 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:30:07.0457 4576 Wd - ok
13:30:07.0909 4576 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:30:07.0925 4576 Wdf01000 - ok
13:30:08.0097 4576 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:30:08.0112 4576 WdiServiceHost - ok
13:30:08.0112 4576 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:30:08.0128 4576 WdiSystemHost - ok
13:30:08.0159 4576 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:30:08.0175 4576 WebClient - ok
13:30:08.0206 4576 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:30:08.0268 4576 Wecsvc - ok
13:30:08.0315 4576 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:30:08.0315 4576 wercplsupport - ok
13:30:08.0362 4576 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:30:08.0377 4576 WerSvc - ok
13:30:08.0393 4576 WinHttpAutoProxySvc - ok
13:30:08.0502 4576 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:30:08.0502 4576 Winmgmt - ok
13:30:08.0767 4576 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:30:08.0830 4576 WinRM - ok
13:30:08.0908 4576 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:30:08.0955 4576 Wlansvc - ok
13:30:09.0220 4576 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:30:09.0220 4576 WLSetupSvc - ok
13:30:09.0345 4576 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
13:30:09.0345 4576 WmiAcpi - ok
13:30:09.0516 4576 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:30:09.0532 4576 wmiApSrv - ok
13:30:09.0610 4576 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:30:09.0625 4576 WMPNetworkSvc - ok
13:30:09.0688 4576 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:30:09.0703 4576 WPCSvc - ok
13:30:09.0750 4576 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:30:09.0750 4576 WPDBusEnum - ok
13:30:09.0813 4576 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:30:09.0813 4576 WpdUsb - ok
13:30:09.0953 4576 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:30:09.0984 4576 WPFFontCache_v0400 - ok
13:30:10.0000 4576 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:30:10.0000 4576 ws2ifsl - ok
13:30:10.0000 4576 WSearch - ok
13:30:10.0140 4576 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:30:10.0218 4576 wuauserv - ok
13:30:10.0343 4576 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:30:10.0343 4576 WUDFRd - ok
13:30:10.0390 4576 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:30:10.0405 4576 wudfsvc - ok
13:30:10.0452 4576 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:30:10.0608 4576 \Device\Harddisk0\DR0 - ok
13:30:10.0624 4576 Boot (0x1200) (80b8a8f71b047c851ee1318ecbecc32d) \Device\Harddisk0\DR0\Partition0
13:30:10.0624 4576 \Device\Harddisk0\DR0\Partition0 - ok
13:30:10.0624 4576 Boot (0x1200) (3cc77e24b1f256008ddb54a3a1a76ae3) \Device\Harddisk0\DR0\Partition1
13:30:10.0639 4576 \Device\Harddisk0\DR0\Partition1 - ok
13:30:10.0639 4576 ============================================================
13:30:10.0639 4576 Scan finished
13:30:10.0639 4576 ============================================================
13:30:10.0655 4568 Detected object count: 0
13:30:10.0655 4568 Actual detected object count: 0
Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

Je suis en train d'essayer de lancer combofix mais il m'affiches ça :
http://image.noelshack.com/fichiers/2012/26/1340624649-screen.jpg

Et je n'arrives pas arrêter avira, juste désactiver antivir guard... J'ai beau faire "arrêter", il ne se passe rien ...

si besoin, désinstalle s'il s'agi de la vaersion gratuite, pour la version payante, assure toi d'avoir ce qu'il faut pour le réactiver avant la désinsatllation, tu le réinstalleras plus tard :D

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

Alors ça y est, j'ai finis les scan avec ComboFix. Que dois-je faire maintenant ?

Voici le rapport:

ComboFix 12-06-25.02 - Brian 25/06/2012 15:00:53.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1232 [GMT 2:00]
Lancé depuis: c:\users\Brian\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TelevisionFanaticEI
c:\programdata\2EEDEC141FE284E38C8FAF489EDFA25.exe
c:\programdata\2EEDEC141FE284E38C8FAF489EDFA25.exe.tmp
c:\programdata\crafiljmsub.dat
c:\users\Brian\AppData\Local\{585b719a-e61a-d317-137d-ce6d793f24df}\@
c:\users\Brian\AppData\Local\{585b719a-e61a-d317-137d-ce6d793f24df}\n
c:\users\Brian\AppData\Local\{585b719a-e61a-d317-137d-ce6d793f24df}\U\00000004.@
c:\users\Brian\AppData\Local\{585b719a-e61a-d317-137d-ce6d793f24df}\U\00000008.@
c:\users\Brian\AppData\Local\{585b719a-e61a-d317-137d-ce6d793f24df}\U\000000cb.@
c:\users\Brian\AppData\Local\{585b719a-e61a-d317-137d-ce6d793f24df}\U\80000000.@
c:\users\Brian\AppData\Local\{585b719a-e61a-d317-137d-ce6d793f24df}\U\80000032.@
c:\users\Brian\AppData\Local\gnc.exe
c:\users\Brian\AppData\Roaming\Desktopicon
c:\users\Brian\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Mcx1\AppData\Local\gnc.exe
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\@
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\L\00000004.@
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\L\1afb2d56
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\L\201d3dde
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\n
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\U\00000004.@
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\U\00000008.@
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\U\000000cb.@
c:\windows\Installer\{585b719a-e61a-d317-137d-ce6d793f24df}\U\80000000.@
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\msvcr71.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\Uninstall.exe
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\reghmf.exe
c:\windows\system32\regobj.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-05-25 au 2012-06-25 ))))))))))))))))))))))))))))))))))))
.
.
2012-06-25 13:10 . 2012-06-25 13:15 -------- d-----w- c:\users\Brian\AppData\Local\temp
2012-06-25 11:24 . 2012-06-25 11:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-25 10:41 . 2012-06-25 10:41 -------- d-----w- c:\users\Brian\AppData\Roaming\GetRightToGo
2012-06-14 04:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 04:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 04:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 04:10 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 04:10 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 20:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 20:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 20:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 20:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 20:43 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-08 20:43 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 20:43 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 20:43 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 20:43 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 23:23 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A7D3E55-DA60-4576-95FB-A4BF813956E2}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 08:16 . 2012-05-09 08:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-09 08:12 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-09 08:13 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-05-08 07:37 . 2011-12-14 17:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\Softonic_France\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4DAAC69C-CBA7-45E2-9BC8-1044483D3352}"= "c:\program files\Softonic_France\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856]
"Widget Schneider"="c:\progra~1\SCHNEI~1\Schneider Widget.exe" [2011-03-22 159744]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"IndexSearch"="c:\program files\Nuance\PaperPort\IndexSearch.exe" [2010-03-08 46368]
"PaperPort PTD"="c:\program files\Nuance\PaperPort\pptd40nt.exe" [2010-03-08 29984]
"PPort12reminder"="c:\program files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 328992]
"PDFHook"="c:\program files\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-05 636192]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-05 62752]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TrayMin220.lnk - c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe [2008-6-10 278528]
Vista QuickFix for Sinhala.lnk - c:\program files\Microimage\Vista QuickFix for Sinhala\VistaQuickFixSinhala.exe [2010-11-15 135168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"FilterAdministratorToken"= 1 (0x1)
"UacDisableNotify"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-06-23 21:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2012-06-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-23 18:44]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2207460148-3193617796-3722516122-1000Core.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 10:27]
.
2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2207460148-3193617796-3722516122-1000UA.job
- c:\users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 10:27]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = *.local
LSP: c:\windows\system32\wpclsp.dll
TCP: Interfaces\{5DED2087-DE72-4701-9D13-900071BDFF0A}: NameServer = 212.27.40.240,212.27.41.240
FF - ProfilePath - c:\users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\7jpf5m7z.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKU-Default-Run-ctfmon.exe - c:\progra~2\crafiljmsub.dat
Notify-WBSrv - (no file)
SafeBoot-54317025.sys
MSConfigStartUp-AlcoholAutomount - c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe
AddRemove-HijackThis - c:\users\Brian\Desktop\HijackThis.exe
AddRemove-SPVOD Player1.8 - c:\windows\system32\Nagasoft\Uninstall.exe
AddRemove-TI-Black Link - c:\progra~1\TIEDUC~1\BLACKL~1\Unwise.exe
AddRemove-TI-Graph Link 82 - Français - c:\progra~1\TIEDUC~1\TI-GRA~1\UNWISE.EXE
.
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe
c:\program files\HP\HPLaserJetService\HPLaserJetService.exe
c:\windows\system32\HPSIsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2012-06-25 15:21:50 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-06-25 13:21
.
Avant-CF: 13 469 356 032 octets libres
Après-CF: 14 597 550 080 octets libres
.
- - End Of File - - 648B410563AEA73D586636D32F866CC0

* télécharge ce programme Ransomfix (merci à Xplode)


* Un rapport sera créé sous C:\RansomFix_XXXX.txt ( XXXX correspond à la date et l'heure de création du rapport )
* copie, colle le dans ta prochaine réponse.

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

J'ai lancé le programme, mais il ne s'est rien passé de visible, je ne sais pas si c'est normal.
Mais j'ai trouvé le rapport:

RansomFix v1.0 - Xplode
# OS : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Brian - PC-DE-BRIAN (Administrateur)

_____| Winlogon - Shell |_____

Value : Explorer.exe [OK]

_____| HKCU\..\Run |_____

No bad key found

_____| Explorer.exe |_____

Checking explorer.exe...
Found : C:\Windows\explorer.exe [0xD07D4C3038F3578FFCE1C0237F2A1253]
[OK]

_____| EOF |_____

c'est normal :D

? Télécharger et enregistre ADWcleaner sur ton bureau (Merci à Xplode) :

http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner


Lance le,
clique sur rechercher et poste son rapport.

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

Voilà voilà :


# AdwCleaner v1.609 - Rapport créé le 25/06/2012 à 16:56:31
# Mis à jour le 10/06/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Brian - PC-DE-BRIAN
# Exécuté depuis : C:\Users\Brian\Desktop\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Users\Brian\AppData\LocalLow\Conduit
Dossier Présent : C:\Users\Brian\AppData\LocalLow\ConduitEngine
Dossier Présent : C:\Users\Brian\AppData\LocalLow\PriceGong
Dossier Présent : C:\Program Files\Conduit
Dossier Présent : C:\Program Files\ConduitEngine
Fichier Présent : C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [Registre] *****

[*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT2542115
Clé Présente : HKCU\Software\Softonic
Clé Présente : HKCU\Software\AppDataLow\Toolbar
Clé Présente : HKCU\Software\AppDataLow\Software\Conduit
Clé Présente : HKCU\Software\AppDataLow\Software\conduitEngine
Clé Présente : HKCU\Software\AppDataLow\Software\PriceGong
Clé Présente : HKLM\SOFTWARE\Conduit
Clé Présente : HKLM\SOFTWARE\conduitEngine
Clé Présente : HKLM\SOFTWARE\Software
Clé Présente : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Présente : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Clé Présente : HKLM\SOFTWARE\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88
Clé Présente : HKLM\SOFTWARE\Classes\Installer\Features\81337C0DA4B761D40A4CB3380F57AE88
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [Registre - GUID] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115

-\\ Mozilla Firefox v12.0 (fr)

Nom du profil : default
Fichier : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\7jpf5m7z.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v19.0.1084.56

Fichier : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [4433 octets] - [25/06/2012 16:56:31]

########## EOF - C:\AdwCleaner[R1].txt - [4561 octets] ##########

relance ADWC, clique sur Supprimer, poste son rapport :D


Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

Voilà :D


# AdwCleaner v1.609 - Rapport créé le 25/06/2012 à 16:59:00
# Mis à jour le 10/06/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Brian - PC-DE-BRIAN
# Exécuté depuis : C:\Users\Brian\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Brian\AppData\LocalLow\Conduit
Dossier Supprimé : C:\Users\Brian\AppData\LocalLow\ConduitEngine
Dossier Supprimé : C:\Users\Brian\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Program Files\Conduit
Dossier Supprimé : C:\Program Files\ConduitEngine
Fichier Supprimé : C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [Registre] *****

[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2542115
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\conduitEngine
Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\conduitEngine
Clé Supprimée : HKLM\SOFTWARE\Software
Clé Supprimée : HKLM\SOFTWARE\Classes\Conduit.Engine
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\81337C0DA4B761D40A4CB3380F57AE88
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\81337C0DA4B761D40A4CB3380F57AE88
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\81337C0DA4B761D40A4CB3380F57AE88
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D5A1EF9A-7948-435D-8B87-D6A598317288}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2542115 --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (fr)

Nom du profil : default
Fichier : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\7jpf5m7z.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v19.0.1084.56

Fichier : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [4562 octets] - [25/06/2012 16:56:31]
AdwCleaner[R2].txt - [4622 octets] - [25/06/2012 16:58:54]
AdwCleaner[S1].txt - [4633 octets] - [25/06/2012 16:59:00]

########## EOF - C:\AdwCleaner[S1].txt - [4761 octets] ##########

relance ADWC, clique sur désinstaller,



* Télécharge ZHPDiag sur ton bureau :


https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
http://www.premiumorange.com/zeb-help-process/zhpdiag.html
ou
https://www.commentcamarche.net/download/telecharger-34066799-zhpdiag

* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur le tourne vis, selectionne tous les modules


*Clique sur le tournevis pour selectionner tous les modules

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :


https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers

Messages postés
32
Date d'inscription
mardi 30 décembre 2008
Statut
Membre
Dernière intervention
29 mai 2015

Tiens et merci encore :
https://www.cjoint.com/?BFzsjGN64vD

installe la dernière version de java et Adobe reader depuis leurs sites dédiés :

https://www.java.com/fr/download/

décoche la barre de Google pour Adobe :

https://get.adobe.com/fr/reader/otherversions/






attention auP2P, crack et Keygen !!!







* Lance ZHPFix via le raccourci sur ton Bureau



Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)

* * Copie ( Ctrl + C ) et colle ( Ctrl + V ) les lignes suivantes en gras dans Zhpfix :
---------------------------------------------------------

O61 - LFC:Last File Created 25/06/2012 - 11:40:58 ---A- C:\Users\Brian\Downloads\hijackthis_telechargement_01net.exe
O43 - CFD: 23/01/2011 - 16:17:45 - [3,945] ----D C:\Program Files\Softonic_France
[MD5.00000000000000000000000000000000] [APT] [{00D49126-7C51-4340-B5D3-F35C53EF67C8}] (...) -- C:\Program Files\EUROBA~1\uninstall.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A249650F-5B5F-4049-BB3D-3A49ABE143BF}] (...) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\8ogp4f9s.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {168C3863-430F-4E56-87A4-12B8D7177909} - (Dealio) - http://www.dealio.com
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe
[HKLM\Software\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}] [HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]:{4e7bd74f-2b8d-469e-8da9-fd60bb9aae33}
[MD5.00000000000000000000000000000000] [APT] [{0DF973A4-C7CE-4403-AD76-13638AE17AE8}] (...) -- E:\LGPCSuite\Setup.exe (.not file.) => Fichier absent
[MD5.00000000000000000000000000000000] [APT] [{131541BC-4737-4028-8824-CCB7E3F86915}] (...) -- C:\Program Files\TIEDUC~1\DRIVER~1\InstDrvr.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{28E55B80-5A24-4E04-98FA-4CC123F8E92A}] (...) -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IWEAZND0\rkfree_setup[1].exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{41B8D984-E436-402D-A7EE-A041DD298A10}] (...) -- C:\Users\Brian\AppData\Local\Temp\Temp1_IconTranslateInstall[1].zip\IconTranslateInstall.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{5D351F25-609C-46B3-9D2B-D1DE0D0141E5}] (...) -- C:\Program Files\Online TV & Radio Stations\uninstall.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{78763999-1804-4E8A-B927-2DB7997D870E}] (...) -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIB9IL98\shoutcast-dnas-1-9-8-windows[1].exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{909B2AC6-A166-4B39-8381-9224C6F0482D}] (...) -- C:\Users\Brian\Desktop\AD-R (2).exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{9E92A0FD-3347-4E84-B3E8-81AEA68EF7C9}] (...) -- C:\Users\Brian\Documents\Downloads\ARENA\INSTALL.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A0D01BB0-3FC0-45DE-BA47-A2C672FEDF29}] (...) -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWHU9WZI\DofusInstaller_v1_24_0[1].exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D07CAF4B-910E-4618-9BFC-7D4AA96072F9}] (...) -- C:\Program Files\Dofus\uninstall.exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D1DBA1C9-D6E4-4DB6-9806-A7DE8040A82D}] (...) -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YGSQBVA1\Installation_LooknStop_205[1].exe (.not file.) [MD5.00000000000000000000000000000000] [APT] [{D2BF7363-8FCF-4516-BFE3-AFBA49FE5910}] (...) -- C:\Users\Brian\Documents\Downloads\Arena106.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{D6506A7F-B215-43AB-98E0-80865FBD2557}] (...) -- C:\Users\Brian\Desktop\APIBAT_Installateurs-Electriciens.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{DD0FF2CB-6566-4B81-BDA5-F1C16118D9C7}] (...) -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9PLX0WFL\LimeWireWin[1].exe (.not file.)
C:\Users\Brian\Documents\utorrent\Les Sims 2 DoubleDeluxe\CRACK\Clé\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
C:\Users\Brian\Documents\utorrent\les sims 2 DoubleDeluxe+15Extension et Kits+Extras\Power ISO v3.8 + keygen [h33t] [Original]\keygen.exe C:\Users\Brian\Documents\utorrent\les sims 2 DoubleDeluxe+15Extension et Kits+Extras\Power ISO v3.8 + keygen [h33t] [Original]\PowerISO38.exe C:\Users\Brian\Documents\utorrent\Les Sims 2 DoubleDeluxe\CRACK\Clé\keygen.exe => Crack, KeyGen, Keymaker - Possible Malware
C:\Users\Brian\Documents\utorrent\les sims 2 DoubleDeluxe+15Extension et Kits+Extras\Power ISO v3.8 + keygen [h33t] [Original]\keygen.exe C:\Users\Brian\Documents\utorrent\les sims 2 DoubleDeluxe+15Extension et Kits+Extras\Power ISO v3.8 + keygen [h33t] [Original]\PowerISO38.exe
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.3.0) -- C:\Program Files\Softonic_France\tbSoft.dll
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Conduit Ltd. - Conduit Toolbar.) (No version) -- (.not file.) => Toolbar.Conduit
R3 - URLSearchHook: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.3.0) -- C:\Program Files\Softonic_France\tbSoft.dll
O2 - BHO: Softonic_France - {4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France\tbSoft.dll
O3 - Toolbar: Softonic_France Toolbar - [HKLM]{4daac69c-cba7-45e2-9bc8-1044483d3352} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France\tbSoft.dll
O42 - Logiciel: Softonic_France Toolbar - (.Softonic_France.) [HKLM] -- Softonic_France Toolbar
[HKCU\Software\AppDataLow\Software\Softonic_France] [HKLM\Software\Softonic_France]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKLM\Software\Classes\CLSID\{4daac69c-cba7-45e2-9bc8-1044483d3352}] [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[HKCU\Software\AppDataLow\Software\Softonic_France] [HKLM\Software\Softonic_France]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France Toolbar]
C:\Users\Brian\AppData\LocalLow\Softonic_France
Emptytemp
Emptyflash
EmptyCLSID

----------------------------------------------------------

- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
Tuto :

http://www.premiumorange.com/zeb-help-process/zhpfix.html