Sujet Précédent Sujet Suivant

Virus Live security platinum

Résolu/Fermé
cindy07 Messages postés 6 Date d'inscription samedi 28 juillet 2012 Statut Membre Dernière intervention 29 juillet 2012 - 28 juil. 2012 à 23:59
 Utilisateur anonyme - 31 juil. 2012 à 12:48
Bonjour,

Experte pour surfer sur le web, mais pas vraiment calée pour réparer quand ça déconne, j'ai besoin d'aide...

Mon ordinateur a été infecté par Live Security Platinum, après avoir fait Roguekiller:

RogueKiller V7.6.4 [17/07/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Cindy [Droits d'admin]
Mode: Suppression -- Date: 28/07/2012 20:38:47

¤¤¤ Processus malicieux: 7 ¤¤¤
[ZeroAccess] n -- c:\windows\system32\n -> UNLOADED
[ZeroAccess] n -- c:\windows\system32\n -> UNLOADED
[SUSP PATH] 036DFF8500483E6786ABFA152F3B707C.exe -- C:\ProgramData\036DFF8500483E6786ABFA152F3B707C\036DFF8500483E6786ABFA152F3B707C.exe -> KILLED [TermProc]
[ZeroAccess] n -- c:\windows\system32\n -> UNLOADED
[RESIDUE] 036DFF8500483E6786ABFA152F3B707C.exe -- C:\ProgramData\036DFF8500483E6786ABFA152F3B707C\036DFF8500483E6786ABFA152F3B707C.exe -> KILLED [TermProc]
[ZeroAccess] n -- c:\windows\system32\n -> UNLOADED
[RESIDUE] 036DFF8500483E6786ABFA152F3B707C.exe -- C:\ProgramData\036DFF8500483E6786ABFA152F3B707C\036DFF8500483E6786ABFA152F3B707C.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] n : c:\windows\installer\{7646c641-8eed-a95d-12d4-130064abf510}\n --> RAR ERROR
[ZeroAccess][FILE] @ : c:\windows\installer\{7646c641-8eed-a95d-12d4-130064abf510}\@ --> REMOVED AT REBOOT
[ZeroAccess][FOLDER] U : c:\windows\installer\{7646c641-8eed-a95d-12d4-130064abf510}\U --> RAR ERROR
[ZeroAccess][FOLDER] L : c:\windows\installer\{7646c641-8eed-a95d-12d4-130064abf510}\L --> RAR ERROR
[ZeroAccess][FOLDER] n : c:\users\cindy\appdata\local\{7646c641-8eed-a95d-12d4-130064abf510}\n --> RAR ERROR
[ZeroAccess][FOLDER] @ : c:\users\cindy\appdata\local\{7646c641-8eed-a95d-12d4-130064abf510}\@ --> RAR ERROR
[ZeroAccess][FOLDER] U : c:\users\cindy\appdata\local\{7646c641-8eed-a95d-12d4-130064abf510}\U --> RAR ERROR
[ZeroAccess][FOLDER] L : c:\users\cindy\appdata\local\{7646c641-8eed-a95d-12d4-130064abf510}\L --> RAR ERROR

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BEVT-22ZAT0 ATA Device +++++
--- User ---
[MBR] b2bd9dda226db935a665eb585df23bf5
[BSP] dbb55f1f3ff912d4e3646d7826eed06a : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 463626 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt


Après quelques recherches sur Internet, j'ai aussi lancé Mawarebytes Anti-Malware

Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.07.28.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Cindy :: PC-DE-CINDY [administrateur]

Protection: Désactivé

28/07/2012 23:35:26
mbam-log-2012-07-28 (23-35-26).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 228331
Temps écoulé: 5 minute(s), 56 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Et enfin AdwCleaner

# AdwCleaner v1.703 - Rapport créé le 28/07/2012 à 23:21:34
# Mis à jour le 20/07/2012 par Xplode
# Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Nom d'utilisateur : Cindy - PC-DE-CINDY
# Exécuté depuis : C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZQ6QH12\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\Cindy\AppData\Local\Wajam
Dossier Supprimé : C:\Users\Cindy\AppData\Local\widestream6 Air
Dossier Supprimé : C:\Users\Cindy\AppData\LocalLow\PriceGong
Dossier Supprimé : C:\Users\Cindy\AppData\Roaming\cacaoweb
Dossier Supprimé : C:\Users\Cindy\AppData\Roaming\CrazyLoader
Dossier Supprimé : C:\Users\Cindy\AppData\Roaming\OfferBox
Dossier Supprimé : C:\Users\Cindy\AppData\Roaming\widestream
Dossier Supprimé : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\534sg3tj.default\extensions\@FissaPlugin
Dossier Supprimé : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\534sg3tj.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Dossier Supprimé : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\534sg3tj.default\extensions\cacaoweb@cacaoweb.org
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Dossier Supprimé : C:\Program Files\OfferBox
Dossier Supprimé : C:\Program Files\PriceGong
Dossier Supprimé : C:\Program Files\Widestream6
Fichier Supprimé : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\534sg3tj.default\searchplugins\Fissa.xml
Fichier Supprimé : C:\Program Files\Mozilla Firefox\.autoreg

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\PriceGong
Clé Supprimée : HKCU\Software\cacaoweb
Clé Supprimée : HKCU\Software\FissaSearch
Clé Supprimée : HKCU\Software\JavaSoft\Prefs\crazyloader
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\pricegong
Clé Supprimée : HKCU\Software\Offerbox
Clé Supprimée : HKCU\Software\Spointer
Clé Supprimée : HKCU\Software\WideStream
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Clé Supprimée : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Clé Supprimée : HKLM\SOFTWARE\Offerbox

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v3.6.6 (fr)

Nom du profil : default
Fichier : C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\534sg3tj.default\prefs.js

C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\534sg3tj.default\user.js ... Supprimé !

Supprimée : user_pref("extensions.Fissa.lastRunTime", "Mon, 02 May 2011 13:03:41 GMT");

Nom du profil : default
Fichier : C:\Users\Cindy_2\AppData\Roaming\Mozilla\Firefox\Profiles\8w4rcq7h.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [4562 octets] - [28/07/2012 23:21:34]

########## EOF - C:\AdwCleaner[S1].txt - [4690 octets] ##########

Je n'suis pas experte en langage informatique, mais il semblerait ne plus y avoir de problème, sauf que mon anti-virus sfr me trouve toujours des virus: Trojan.Patched.Sirefef.C

Si quelqu'un avait quelques minutes à consacrer à mon problème, merci d'avance


A voir également:

9 réponses

Réponse 1 / 9
Utilisateur anonyme
29 juil. 2012 à 00:02
Bonsoir


Pour vérification

Télécharge TDSSKiller

*Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
* Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.


Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau

Sinon il est enregistré ici : C:\TDSSKiller_N°Version_Date_Heure.txt

Poste moi son rapport à l'issue; merci

@+
0
arno49800
31 juil. 2012 à 11:32
salut, meme probleme sauf que live security platinium me bloc l'ouverture de tdsskiller.... koi faire ?
0
Utilisateur anonyme
31 juil. 2012 à 12:48
salut ouvrir un nouveau sujet
0
Réponse 2 / 9
Utilisateur anonyme
29 juil. 2012 à 00:03
salut

Attention : cet outil peut etre détecté à tort comme virus

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.

Désactive toutes tes protections si possible , antivirus , sandbox , etc....

telecharge et enregistre Pre_Scan sur ton bureau :

http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

http://forums-fec.be/gen-hackman/Pre_Scan.pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan

Il est possible que l'outil fasse redemarrer ton pc plusieurs fois , laisse-le faire

NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider
0
Réponse 3 / 9
cindy07 Messages postés 6 Date d'inscription samedi 28 juillet 2012 Statut Membre Dernière intervention 29 juillet 2012
29 juil. 2012 à 00:12
Merci Guillaume5188, TDSS n'a rien donné apparemment, voici le rapport:

00:07:45.0426 5904 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:07:45.0645 5904 ============================================================
00:07:45.0645 5904 Current date / time: 2012/07/29 00:07:45.0645
00:07:45.0645 5904 SystemInfo:
00:07:45.0645 5904
00:07:45.0646 5904 OS Version: 6.0.6002 ServicePack: 2.0
00:07:45.0646 5904 Product type: Workstation
00:07:45.0646 5904 ComputerName: PC-DE-CINDY
00:07:45.0646 5904 UserName: Cindy
00:07:45.0646 5904 Windows directory: C:\Windows
00:07:45.0646 5904 System windows directory: C:\Windows
00:07:45.0646 5904 Processor architecture: Intel x86
00:07:45.0646 5904 Number of processors: 2
00:07:45.0646 5904 Page size: 0x1000
00:07:45.0646 5904 Boot type: Normal boot
00:07:45.0646 5904 ============================================================
00:07:46.0635 5904 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:07:46.0636 5904 ============================================================
00:07:46.0637 5904 \Device\Harddisk0\DR0:
00:07:46.0637 5904 MBR partitions:
00:07:46.0637 5904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x38985000
00:07:46.0637 5904 ============================================================
00:07:46.0659 5904 C: <-> \Device\Harddisk0\DR0\Partition0
00:07:46.0659 5904 ============================================================
00:07:46.0659 5904 Initialize success
00:07:46.0659 5904 ============================================================
00:07:57.0954 3200 ============================================================
00:07:57.0954 3200 Scan started
00:07:57.0954 3200 Mode: Manual; SigCheck; TDLFS;
00:07:57.0954 3200 ============================================================
00:07:58.0430 3200 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:07:58.0683 3200 ACPI - ok
00:07:58.0825 3200 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
00:07:58.0968 3200 AdobeActiveFileMonitor6.0 - ok
00:07:59.0029 3200 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
00:07:59.0144 3200 adp94xx - ok
00:07:59.0198 3200 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
00:07:59.0240 3200 adpahci - ok
00:07:59.0275 3200 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
00:07:59.0310 3200 adpu160m - ok
00:07:59.0349 3200 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
00:07:59.0407 3200 adpu320 - ok
00:07:59.0482 3200 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:07:59.0599 3200 AeLookupSvc - ok
00:07:59.0667 3200 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:07:59.0744 3200 AFD - ok
00:07:59.0790 3200 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
00:07:59.0825 3200 agp440 - ok
00:07:59.0877 3200 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:07:59.0943 3200 aic78xx - ok
00:07:59.0970 3200 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:08:00.0124 3200 ALG - ok
00:08:00.0144 3200 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
00:08:00.0175 3200 aliide - ok
00:08:00.0222 3200 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
00:08:00.0257 3200 amdagp - ok
00:08:00.0277 3200 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
00:08:00.0308 3200 amdide - ok
00:08:00.0362 3200 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
00:08:00.0432 3200 AmdK7 - ok
00:08:00.0458 3200 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
00:08:00.0521 3200 AmdK8 - ok
00:08:00.0567 3200 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:08:00.0620 3200 Appinfo - ok
00:08:00.0663 3200 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
00:08:00.0725 3200 arc - ok
00:08:00.0766 3200 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
00:08:00.0800 3200 arcsas - ok
00:08:00.0835 3200 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:08:00.0887 3200 AsyncMac - ok
00:08:00.0919 3200 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:08:00.0952 3200 atapi - ok
00:08:01.0025 3200 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:08:01.0076 3200 AudioEndpointBuilder - ok
00:08:01.0081 3200 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:08:01.0155 3200 Audiosrv - ok
00:08:01.0231 3200 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:08:01.0302 3200 Beep - ok
00:08:01.0327 3200 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
00:08:01.0429 3200 blbdrive - ok
00:08:01.0462 3200 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:08:01.0520 3200 bowser - ok
00:08:01.0557 3200 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:08:01.0628 3200 BrFiltLo - ok
00:08:01.0660 3200 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:08:01.0769 3200 BrFiltUp - ok
00:08:01.0808 3200 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:08:01.0907 3200 Browser - ok
00:08:01.0933 3200 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:08:02.0014 3200 Brserid - ok
00:08:02.0027 3200 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:08:02.0109 3200 BrSerWdm - ok
00:08:02.0127 3200 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:08:02.0219 3200 BrUsbMdm - ok
00:08:02.0239 3200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:08:02.0315 3200 BrUsbSer - ok
00:08:02.0345 3200 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:08:02.0436 3200 BTHMODEM - ok
00:08:02.0480 3200 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:08:02.0549 3200 cdfs - ok
00:08:02.0577 3200 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:08:02.0645 3200 cdrom - ok
00:08:02.0692 3200 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:08:02.0825 3200 CertPropSvc - ok
00:08:02.0868 3200 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
00:08:02.0913 3200 circlass - ok
00:08:02.0954 3200 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:08:03.0005 3200 CLFS - ok
00:08:03.0046 3200 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:08:03.0157 3200 clr_optimization_v2.0.50727_32 - ok
00:08:03.0227 3200 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
00:08:03.0296 3200 CmBatt - ok
00:08:03.0329 3200 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
00:08:03.0408 3200 cmdide - ok
00:08:03.0437 3200 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
00:08:03.0474 3200 Compbatt - ok
00:08:03.0492 3200 COMSysApp - ok
00:08:03.0498 3200 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
00:08:03.0539 3200 crcdisk - ok
00:08:03.0586 3200 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
00:08:03.0676 3200 Crusoe - ok
00:08:03.0753 3200 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
00:08:03.0934 3200 CryptSvc - ok
00:08:04.0117 3200 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:08:04.0226 3200 DcomLaunch - ok
00:08:04.0271 3200 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:08:04.0323 3200 DfsC - ok
00:08:04.0454 3200 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:08:04.0681 3200 DFSR - ok
00:08:04.0823 3200 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:08:04.0925 3200 Dhcp - ok
00:08:05.0016 3200 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:08:05.0053 3200 disk - ok
00:08:05.0087 3200 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:08:05.0183 3200 Dnscache - ok
00:08:05.0230 3200 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:08:05.0297 3200 dot3svc - ok
00:08:05.0351 3200 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
00:08:05.0458 3200 Dot4 - ok
00:08:05.0522 3200 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:08:05.0591 3200 Dot4Print - ok
00:08:05.0647 3200 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
00:08:05.0732 3200 dot4usb - ok
00:08:05.0784 3200 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:08:05.0867 3200 DPS - ok
00:08:05.0926 3200 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:08:05.0989 3200 drmkaud - ok
00:08:06.0065 3200 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:08:06.0126 3200 DXGKrnl - ok
00:08:06.0175 3200 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:08:06.0272 3200 E1G60 - ok
00:08:06.0327 3200 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:08:06.0388 3200 EapHost - ok
00:08:06.0447 3200 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:08:06.0489 3200 Ecache - ok
00:08:06.0542 3200 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:08:06.0653 3200 ehRecvr - ok
00:08:06.0688 3200 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:08:06.0826 3200 ehSched - ok
00:08:06.0853 3200 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:08:06.0897 3200 ehstart - ok
00:08:06.0960 3200 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
00:08:07.0077 3200 elxstor - ok
00:08:07.0132 3200 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:08:07.0300 3200 EMDMgmt - ok
00:08:07.0323 3200 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
00:08:07.0387 3200 ErrDev - ok
00:08:07.0443 3200 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:08:07.0508 3200 EventSystem - ok
00:08:07.0549 3200 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:08:07.0613 3200 exfat - ok
00:08:07.0659 3200 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
00:08:07.0815 3200 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
00:08:07.0815 3200 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
00:08:07.0946 3200 F-Secure Gatekeeper (66422dc3faa1de433371816056d28270) C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsgk.sys
00:08:07.0995 3200 F-Secure Gatekeeper - ok
00:08:08.0039 3200 F-Secure Gatekeeper Handler Starter (2346842f07e2ab64d1dc83a67fccdfa1) C:\Program Files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
00:08:08.0208 3200 F-Secure Gatekeeper Handler Starter - ok
00:08:08.0259 3200 F-Secure HIPS (dc0720248dc4d1f303df94ccc3adff96) C:\Program Files\SFR\Pack Sécurité\HIPS\drivers\fshs.sys
00:08:08.0293 3200 F-Secure HIPS - ok
00:08:08.0330 3200 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:08:08.0418 3200 fastfat - ok
00:08:08.0466 3200 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
00:08:08.0538 3200 fdc - ok
00:08:08.0569 3200 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:08:08.0617 3200 fdPHost - ok
00:08:08.0622 3200 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:08:08.0701 3200 FDResPub - ok
00:08:08.0740 3200 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:08:08.0776 3200 FileInfo - ok
00:08:08.0790 3200 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:08:08.0852 3200 Filetrace - ok
00:08:08.0950 3200 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:08:09.0196 3200 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
00:08:09.0196 3200 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
00:08:09.0226 3200 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:08:09.0281 3200 flpydisk - ok
00:08:09.0325 3200 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:08:09.0390 3200 FltMgr - ok
00:08:09.0525 3200 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:08:09.0583 3200 FontCache - ok
00:08:09.0652 3200 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:08:09.0741 3200 FontCache3.0.0.0 - ok
00:08:09.0784 3200 fsbts (1d2de58a837e6909f98ca35103d10739) C:\Windows\system32\Drivers\fsbts.sys
00:08:09.0820 3200 fsbts - ok
00:08:09.0933 3200 FSDFWD (7cd27e80dfd22f02fbda47b706aba0f2) C:\Program Files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
00:08:10.0066 3200 FSDFWD - ok
00:08:10.0120 3200 FSES (45d83eb65fc09acfffa5d27053eb9ff3) C:\Windows\system32\drivers\fses.sys
00:08:10.0154 3200 FSES - ok
00:08:10.0206 3200 FSFW (4873e90a180e1585f9b6c6d52aebf52c) C:\Windows\system32\drivers\fsdfw.sys
00:08:10.0241 3200 FSFW - ok
00:08:10.0297 3200 FSMA (8a556a81e9ff95bd9eb7207783e8fcf4) C:\Program Files\SFR\Pack Sécurité\Common\FSMA32.EXE
00:08:10.0367 3200 FSMA - ok
00:08:10.0417 3200 FSORSPClient (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
00:08:10.0456 3200 FSORSPClient - ok
00:08:10.0501 3200 fssfltr (b0082808a6856a252f7cdd939892ce50) C:\Windows\system32\DRIVERS\fssfltr.sys
00:08:10.0554 3200 fssfltr - ok
00:08:10.0726 3200 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:08:11.0148 3200 fsssvc - ok
00:08:11.0431 3200 fsvista (d8b300c1c744460dae837db72bc2ccbd) C:\Program Files\SFR\Pack Sécurité\Anti-Virus\minifilter\fsvista.sys
00:08:11.0470 3200 fsvista - ok
00:08:11.0718 3200 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:08:11.0774 3200 Fs_Rec - ok
00:08:11.0832 3200 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
00:08:11.0869 3200 gagp30kx - ok
00:08:12.0029 3200 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:08:12.0269 3200 gpsvc - ok
00:08:12.0327 3200 gupdate (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:08:12.0455 3200 gupdate - ok
00:08:12.0480 3200 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:08:12.0526 3200 gupdatem - ok
00:08:12.0574 3200 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
00:08:12.0700 3200 HdAudAddService - ok
00:08:12.0767 3200 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:08:12.0903 3200 HDAudBus - ok
00:08:12.0924 3200 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:08:13.0007 3200 HidBth - ok
00:08:13.0022 3200 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:08:13.0086 3200 HidIr - ok
00:08:13.0103 3200 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
00:08:13.0160 3200 hidserv - ok
00:08:13.0187 3200 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:08:13.0242 3200 HidUsb - ok
00:08:13.0273 3200 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:08:13.0371 3200 hkmsvc - ok
00:08:13.0404 3200 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
00:08:13.0440 3200 HpCISSs - ok
00:08:13.0494 3200 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:08:13.0580 3200 HTTP - ok
00:08:13.0602 3200 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
00:08:13.0635 3200 i2omp - ok
00:08:13.0674 3200 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:08:13.0761 3200 i8042prt - ok
00:08:13.0812 3200 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
00:08:13.0894 3200 iaStorV - ok
00:08:13.0981 3200 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:08:14.0340 3200 idsvc - ok
00:08:14.0528 3200 igfx (0627fc0c422cd6e0f23e1b0d1d9f0899) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:08:14.0791 3200 igfx - ok
00:08:14.0931 3200 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:08:15.0009 3200 iirsp - ok
00:08:15.0074 3200 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:08:15.0156 3200 IKEEXT - ok
00:08:15.0308 3200 IntcAzAudAddService (9b89f2e3d705651dec1f01033b9d6b24) C:\Windows\system32\drivers\RTKVHDA.sys
00:08:15.0535 3200 IntcAzAudAddService - ok
00:08:15.0684 3200 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:08:15.0720 3200 intelide - ok
00:08:15.0753 3200 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:08:15.0826 3200 intelppm - ok
00:08:15.0857 3200 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:08:15.0938 3200 IPBusEnum - ok
00:08:15.0968 3200 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:08:16.0037 3200 IpFilterDriver - ok
00:08:16.0041 3200 IpInIp - ok
00:08:16.0110 3200 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
00:08:16.0157 3200 IPMIDRV - ok
00:08:16.0175 3200 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:08:16.0274 3200 IPNAT - ok
00:08:16.0305 3200 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:08:16.0350 3200 IRENUM - ok
00:08:16.0378 3200 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
00:08:16.0411 3200 isapnp - ok
00:08:16.0456 3200 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:08:16.0497 3200 iScsiPrt - ok
00:08:16.0525 3200 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:08:16.0556 3200 iteatapi - ok
00:08:16.0593 3200 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:08:16.0624 3200 iteraid - ok
00:08:16.0642 3200 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:08:16.0677 3200 kbdclass - ok
00:08:16.0703 3200 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
00:08:16.0759 3200 kbdhid - ok
00:08:16.0787 3200 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:08:16.0825 3200 KeyIso - ok
00:08:16.0875 3200 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
00:08:16.0931 3200 KSecDD - ok
00:08:17.0009 3200 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:08:17.0085 3200 KtmRm - ok
00:08:17.0536 3200 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
00:08:17.0580 3200 LanmanServer - ok
00:08:17.0611 3200 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:08:17.0675 3200 LanmanWorkstation - ok
00:08:17.0708 3200 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:08:17.0756 3200 lltdio - ok
00:08:17.0790 3200 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:08:17.0848 3200 lltdsvc - ok
00:08:17.0864 3200 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:08:17.0929 3200 lmhosts - ok
00:08:17.0952 3200 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
00:08:17.0986 3200 LSI_FC - ok
00:08:18.0010 3200 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
00:08:18.0044 3200 LSI_SAS - ok
00:08:18.0092 3200 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
00:08:18.0125 3200 LSI_SCSI - ok
00:08:18.0153 3200 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:08:18.0227 3200 luafv - ok
00:08:18.0261 3200 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
00:08:18.0331 3200 MBAMProtector - ok
00:08:18.0439 3200 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
00:08:18.0537 3200 MBAMService - ok
00:08:18.0580 3200 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:08:18.0615 3200 Mcx2Svc - ok
00:08:18.0659 3200 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
00:08:18.0691 3200 megasas - ok
00:08:18.0751 3200 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
00:08:18.0852 3200 MegaSR - ok
00:08:18.0882 3200 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:08:18.0940 3200 MMCSS - ok
00:08:18.0985 3200 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:08:19.0047 3200 Modem - ok
00:08:19.0097 3200 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:08:19.0184 3200 monitor - ok
00:08:19.0214 3200 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:08:19.0248 3200 mouclass - ok
00:08:19.0257 3200 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:08:19.0324 3200 mouhid - ok
00:08:19.0351 3200 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:08:19.0385 3200 MountMgr - ok
00:08:19.0410 3200 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
00:08:19.0446 3200 mpio - ok
00:08:19.0475 3200 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:08:19.0516 3200 mpsdrv - ok
00:08:19.0535 3200 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:08:19.0588 3200 Mraid35x - ok
00:08:19.0608 3200 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:08:19.0668 3200 MRxDAV - ok
00:08:19.0693 3200 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:08:19.0735 3200 mrxsmb - ok
00:08:19.0767 3200 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:08:19.0836 3200 mrxsmb10 - ok
00:08:19.0856 3200 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:08:19.0917 3200 mrxsmb20 - ok
00:08:19.0956 3200 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
00:08:19.0988 3200 msahci - ok
00:08:20.0011 3200 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
00:08:20.0074 3200 msdsm - ok
00:08:20.0110 3200 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:08:20.0161 3200 MSDTC - ok
00:08:20.0191 3200 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:08:20.0279 3200 Msfs - ok
00:08:20.0309 3200 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:08:20.0339 3200 msisadrv - ok
00:08:20.0367 3200 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:08:20.0452 3200 MSiSCSI - ok
00:08:20.0456 3200 msiserver - ok
00:08:20.0532 3200 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:08:20.0596 3200 MSKSSRV - ok
00:08:20.0628 3200 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:08:20.0673 3200 MSPCLOCK - ok
00:08:20.0688 3200 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:08:20.0730 3200 MSPQM - ok
00:08:20.0770 3200 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:08:20.0811 3200 MsRPC - ok
00:08:20.0824 3200 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:08:20.0857 3200 mssmbios - ok
00:08:20.0876 3200 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:08:20.0918 3200 MSTEE - ok
00:08:20.0936 3200 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:08:20.0971 3200 Mup - ok
00:08:21.0010 3200 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:08:21.0086 3200 napagent - ok
00:08:21.0148 3200 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:08:21.0233 3200 NativeWifiP - ok
00:08:21.0291 3200 NAVENG - ok
00:08:21.0299 3200 NAVEX15 - ok
00:08:21.0340 3200 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:08:21.0405 3200 NDIS - ok
00:08:21.0423 3200 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:08:21.0478 3200 NdisTapi - ok
00:08:21.0491 3200 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:08:21.0543 3200 Ndisuio - ok
00:08:21.0602 3200 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:08:21.0670 3200 NdisWan - ok
00:08:21.0676 3200 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:08:21.0720 3200 NDProxy - ok
00:08:21.0774 3200 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
00:08:21.0802 3200 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:08:21.0803 3200 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:08:21.0813 3200 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:08:21.0858 3200 NetBIOS - ok
00:08:21.0954 3200 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:08:22.0027 3200 netbt - ok
00:08:22.0054 3200 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:08:22.0089 3200 Netlogon - ok
00:08:22.0130 3200 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:08:22.0236 3200 Netman - ok
00:08:22.0273 3200 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:08:22.0358 3200 netprofm - ok
00:08:22.0426 3200 netr28 (ebbd48d3f4361773b812ca67a9cfc69b) C:\Windows\system32\DRIVERS\netr28.sys
00:08:22.0522 3200 netr28 - ok
00:08:22.0579 3200 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:08:22.0611 3200 NetTcpPortSharing - ok
00:08:22.0851 3200 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
00:08:23.0211 3200 NETw5v32 - ok
00:08:23.0361 3200 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:08:23.0396 3200 nfrd960 - ok
00:08:23.0483 3200 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:08:23.0604 3200 NlaSvc - ok
00:08:23.0670 3200 Norton Internet Security - ok
00:08:23.0692 3200 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:08:23.0747 3200 Npfs - ok
00:08:23.0781 3200 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:08:23.0843 3200 nsi - ok
00:08:23.0862 3200 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:08:23.0905 3200 nsiproxy - ok
00:08:23.0993 3200 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:08:24.0088 3200 Ntfs - ok
00:08:24.0103 3200 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:08:24.0167 3200 ntrigdigi - ok
00:08:24.0181 3200 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:08:24.0247 3200 Null - ok
00:08:24.0278 3200 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
00:08:24.0346 3200 nvraid - ok
00:08:24.0369 3200 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
00:08:24.0402 3200 nvstor - ok
00:08:24.0429 3200 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
00:08:24.0466 3200 nv_agp - ok
00:08:24.0470 3200 NwlnkFlt - ok
00:08:24.0476 3200 NwlnkFwd - ok
00:08:24.0578 3200 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:08:24.0767 3200 odserv - ok
00:08:24.0799 3200 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
00:08:24.0865 3200 ohci1394 - ok
00:08:24.0910 3200 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:08:24.0953 3200 ose - ok
00:08:25.0024 3200 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:08:25.0114 3200 p2pimsvc - ok
00:08:25.0122 3200 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:08:25.0209 3200 p2psvc - ok
00:08:25.0249 3200 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
00:08:25.0340 3200 Parport - ok
00:08:25.0375 3200 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:08:25.0413 3200 partmgr - ok
00:08:25.0422 3200 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
00:08:25.0503 3200 Parvdm - ok
00:08:25.0530 3200 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:08:25.0585 3200 PcaSvc - ok
00:08:25.0627 3200 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:08:25.0668 3200 pci - ok
00:08:25.0709 3200 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
00:08:25.0740 3200 pciide - ok
00:08:25.0776 3200 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:08:25.0832 3200 pcmcia - ok
00:08:25.0939 3200 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:08:26.0099 3200 PEAUTH - ok
00:08:26.0222 3200 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:08:26.0447 3200 pla - ok
00:08:26.0563 3200 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:08:26.0612 3200 PlugPlay - ok
00:08:26.0659 3200 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
00:08:26.0684 3200 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:08:26.0684 3200 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:08:26.0734 3200 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:08:26.0806 3200 PNRPAutoReg - ok
00:08:26.0815 3200 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:08:26.0882 3200 PNRPsvc - ok
00:08:26.0930 3200 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:08:27.0028 3200 PolicyAgent - ok
00:08:27.0123 3200 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:08:27.0188 3200 PptpMiniport - ok
00:08:27.0219 3200 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
00:08:27.0275 3200 Processor - ok
00:08:27.0308 3200 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:08:27.0354 3200 ProfSvc - ok
00:08:27.0375 3200 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:08:27.0408 3200 ProtectedStorage - ok
00:08:27.0437 3200 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:08:27.0504 3200 PSched - ok
00:08:27.0525 3200 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
00:08:27.0559 3200 PxHelp20 - ok
00:08:27.0662 3200 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
00:08:27.0792 3200 ql2300 - ok
00:08:27.0831 3200 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:08:27.0865 3200 ql40xx - ok
00:08:27.0919 3200 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:08:27.0984 3200 QWAVE - ok
00:08:28.0016 3200 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:08:28.0068 3200 QWAVEdrv - ok
00:08:28.0094 3200 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:08:28.0154 3200 RasAcd - ok
00:08:28.0174 3200 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:08:28.0278 3200 RasAuto - ok
00:08:28.0309 3200 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:08:28.0363 3200 Rasl2tp - ok
00:08:28.0391 3200 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:08:28.0494 3200 RasMan - ok
00:08:28.0528 3200 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:08:28.0610 3200 RasPppoe - ok
00:08:28.0650 3200 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:08:28.0687 3200 RasSstp - ok
00:08:28.0725 3200 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:08:28.0798 3200 rdbss - ok
00:08:28.0812 3200 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:08:28.0870 3200 RDPCDD - ok
00:08:28.0906 3200 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
00:08:28.0966 3200 rdpdr - ok
00:08:28.0970 3200 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:08:29.0015 3200 RDPENCDD - ok
00:08:29.0051 3200 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
00:08:29.0123 3200 RDPWD - ok
00:08:29.0206 3200 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:08:29.0271 3200 RemoteAccess - ok
00:08:29.0318 3200 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:08:29.0378 3200 RemoteRegistry - ok
00:08:29.0404 3200 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:08:29.0456 3200 RpcLocator - ok
00:08:29.0519 3200 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:08:29.0579 3200 RpcSs - ok
00:08:29.0617 3200 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:08:29.0681 3200 rspndr - ok
00:08:29.0732 3200 RTL8169 (174b9514cd1a0c33ce4bbc02a3c81a62) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:08:29.0779 3200 RTL8169 - ok
00:08:29.0799 3200 RTSTOR (01c64783db1f40e1e3df67dd36199b35) C:\Windows\system32\drivers\RTSTOR.SYS
00:08:29.0856 3200 RTSTOR - ok
00:08:29.0886 3200 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:08:29.0919 3200 SamSs - ok
00:08:29.0948 3200 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:08:30.0009 3200 sbp2port - ok
00:08:30.0168 3200 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
00:08:30.0672 3200 SBSDWSCService - ok
00:08:30.0716 3200 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:08:30.0758 3200 SCardSvr - ok
00:08:30.0812 3200 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:08:30.0890 3200 Schedule - ok
00:08:30.0923 3200 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:08:30.0962 3200 SCPolicySvc - ok
00:08:30.0992 3200 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:08:31.0059 3200 SDRSVC - ok
00:08:31.0114 3200 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:08:31.0195 3200 secdrv - ok
00:08:31.0220 3200 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:08:31.0263 3200 seclogon - ok
00:08:31.0289 3200 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
00:08:31.0353 3200 SENS - ok
00:08:31.0374 3200 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
00:08:31.0458 3200 Serenum - ok
00:08:31.0470 3200 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
00:08:31.0555 3200 Serial - ok
00:08:31.0580 3200 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:08:31.0626 3200 sermouse - ok
00:08:31.0652 3200 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:08:31.0699 3200 SessionEnv - ok
00:08:31.0730 3200 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
00:08:31.0767 3200 sffdisk - ok
00:08:31.0788 3200 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
00:08:31.0833 3200 sffp_mmc - ok
00:08:31.0843 3200 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
00:08:31.0890 3200 sffp_sd - ok
00:08:31.0918 3200 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:08:31.0992 3200 sfloppy - ok
00:08:32.0035 3200 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:08:32.0115 3200 ShellHWDetection - ok
00:08:32.0155 3200 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
00:08:32.0191 3200 sisagp - ok
00:08:32.0219 3200 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
00:08:32.0252 3200 SiSRaid2 - ok
00:08:32.0270 3200 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
00:08:32.0302 3200 SiSRaid4 - ok
00:08:32.0524 3200 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:08:32.0857 3200 slsvc - ok
00:08:32.0973 3200 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:08:33.0028 3200 SLUINotify - ok
00:08:33.0084 3200 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:08:33.0141 3200 Smb - ok
00:08:33.0169 3200 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:08:33.0221 3200 SNMPTRAP - ok
00:08:33.0257 3200 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:08:33.0291 3200 spldr - ok
00:08:33.0328 3200 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:08:33.0395 3200 Spooler - ok
00:08:33.0405 3200 SRTSP - ok
00:08:33.0416 3200 SRTSPX - ok
00:08:33.0459 3200 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:08:33.0534 3200 srv - ok
00:08:33.0556 3200 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:08:33.0631 3200 srv2 - ok
00:08:33.0664 3200 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:08:33.0705 3200 srvnet - ok
00:08:33.0739 3200 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:08:33.0789 3200 SSDPSRV - ok
00:08:33.0804 3200 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:08:33.0841 3200 SstpSvc - ok
00:08:33.0880 3200 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:08:33.0991 3200 stisvc - ok
00:08:34.0016 3200 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:08:34.0048 3200 swenum - ok
00:08:34.0090 3200 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:08:34.0169 3200 swprv - ok
00:08:34.0196 3200 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:08:34.0227 3200 Symc8xx - ok
00:08:34.0262 3200 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:08:34.0292 3200 Sym_hi - ok
00:08:34.0323 3200 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:08:34.0354 3200 Sym_u3 - ok
00:08:34.0408 3200 SynTP (d2aa5d5fdb821eb5f9366c5e3bc2d9ea) C:\Windows\system32\DRIVERS\SynTP.sys
00:08:34.0446 3200 SynTP - ok
00:08:34.0493 3200 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:08:34.0578 3200 SysMain - ok
00:08:34.0614 3200 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:08:34.0706 3200 TabletInputService - ok
00:08:34.0753 3200 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:08:34.0838 3200 TapiSrv - ok
00:08:34.0876 3200 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:08:34.0921 3200 TBS - ok
00:08:35.0005 3200 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
00:08:35.0160 3200 Tcpip - ok
00:08:35.0172 3200 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
00:08:35.0333 3200 Tcpip6 - ok
00:08:35.0375 3200 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:08:35.0410 3200 tcpipreg - ok
00:08:35.0446 3200 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:08:35.0489 3200 TDPIPE - ok
00:08:35.0510 3200 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:08:35.0571 3200 TDTCP - ok
00:08:35.0610 3200 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:08:35.0652 3200 tdx - ok
00:08:35.0679 3200 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:08:35.0714 3200 TermDD - ok
00:08:35.0758 3200 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:08:35.0832 3200 TermService - ok
00:08:35.0869 3200 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:08:35.0930 3200 Themes - ok
00:08:35.0981 3200 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:08:36.0025 3200 THREADORDER - ok
00:08:36.0049 3200 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:08:36.0129 3200 TrkWks - ok
00:08:36.0169 3200 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:08:36.0209 3200 TrustedInstaller - ok
00:08:36.0249 3200 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:08:36.0301 3200 tssecsrv - ok
00:08:36.0331 3200 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:08:36.0389 3200 tunmp - ok
00:08:36.0420 3200 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:08:36.0470 3200 tunnel - ok
00:08:36.0495 3200 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
00:08:36.0532 3200 uagp35 - ok
00:08:36.0559 3200 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:08:36.0611 3200 udfs - ok
00:08:36.0647 3200 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:08:36.0710 3200 UI0Detect - ok
00:08:36.0727 3200 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
00:08:36.0762 3200 uliagpkx - ok
00:08:36.0809 3200 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
00:08:36.0849 3200 uliahci - ok
00:08:36.0882 3200 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:08:36.0918 3200 UlSata - ok
00:08:36.0945 3200 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:08:36.0979 3200 ulsata2 - ok
00:08:36.0995 3200 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:08:37.0040 3200 umbus - ok
00:08:37.0068 3200 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:08:37.0121 3200 upnphost - ok
00:08:37.0160 3200 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:08:37.0217 3200 usbccgp - ok
00:08:37.0246 3200 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:08:37.0310 3200 usbcir - ok
00:08:37.0327 3200 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:08:37.0387 3200 usbehci - ok
00:08:37.0421 3200 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:08:37.0486 3200 usbhub - ok
00:08:37.0510 3200 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:08:37.0585 3200 usbohci - ok
00:08:37.0607 3200 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:08:37.0671 3200 usbprint - ok
00:08:37.0708 3200 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:08:37.0748 3200 usbscan - ok
00:08:37.0777 3200 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:08:37.0819 3200 USBSTOR - ok
00:08:37.0831 3200 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:08:37.0886 3200 usbuhci - ok
00:08:37.0928 3200 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
00:08:38.0004 3200 usbvideo - ok
00:08:38.0026 3200 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:08:38.0086 3200 UxSms - ok
00:08:38.0125 3200 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:08:38.0213 3200 vds - ok
00:08:38.0243 3200 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:08:38.0327 3200 vga - ok
00:08:38.0351 3200 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:08:38.0429 3200 VgaSave - ok
00:08:38.0450 3200 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
00:08:38.0492 3200 viaagp - ok
00:08:38.0510 3200 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
00:08:38.0561 3200 ViaC7 - ok
00:08:38.0590 3200 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
00:08:38.0627 3200 viaide - ok
00:08:38.0649 3200 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:08:38.0684 3200 volmgr - ok
00:08:38.0725 3200 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:08:38.0770 3200 volmgrx - ok
00:08:38.0791 3200 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:08:38.0837 3200 volsnap - ok
00:08:38.0869 3200 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
00:08:38.0907 3200 vsmraid - ok
00:08:38.0999 3200 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:08:39.0231 3200 VSS - ok
00:08:39.0294 3200 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:08:39.0367 3200 W32Time - ok
00:08:39.0439 3200 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:08:39.0502 3200 WacomPen - ok
00:08:39.0525 3200 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:08:39.0569 3200 Wanarp - ok
00:08:39.0573 3200 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:08:39.0618 3200 Wanarpv6 - ok
00:08:39.0655 3200 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:08:39.0756 3200 wcncsvc - ok
00:08:39.0798 3200 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:08:39.0842 3200 WcsPlugInService - ok
00:08:39.0864 3200 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
00:08:39.0900 3200 Wd - ok
00:08:39.0954 3200 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:08:40.0019 3200 Wdf01000 - ok
00:08:40.0048 3200 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:08:40.0118 3200 WdiServiceHost - ok
00:08:40.0125 3200 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:08:40.0178 3200 WdiSystemHost - ok
00:08:40.0214 3200 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:08:40.0281 3200 WebClient - ok
00:08:40.0316 3200 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:08:40.0356 3200 Wecsvc - ok
00:08:40.0367 3200 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:08:40.0436 3200 wercplsupport - ok
00:08:40.0461 3200 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:08:40.0507 3200 WerSvc - ok
00:08:40.0513 3200 WinHttpAutoProxySvc - ok
00:08:40.0572 3200 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:08:40.0619 3200 Winmgmt - ok
00:08:40.0723 3200 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:08:40.0842 3200 WinRM - ok
00:08:40.0912 3200 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:08:41.0056 3200 Wlansvc - ok
00:08:41.0158 3200 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:08:41.0194 3200 wlcrasvc - ok
00:08:41.0360 3200 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:08:41.0688 3200 wlidsvc - ok
00:08:41.0833 3200 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
00:08:41.0894 3200 WmiAcpi - ok
00:08:41.0952 3200 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:08:42.0087 3200 wmiApSrv - ok
00:08:42.0211 3200 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:08:42.0360 3200 WMPNetworkSvc - ok
00:08:42.0412 3200 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:08:42.0465 3200 WPCSvc - ok
00:08:42.0534 3200 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:08:42.0570 3200 WPDBusEnum - ok
00:08:42.0641 3200 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:08:42.0705 3200 ws2ifsl - ok
00:08:42.0710 3200 WSearch - ok
00:08:42.0754 3200 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:08:42.0806 3200 WUDFRd - ok
00:08:42.0827 3200 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:08:42.0872 3200 wudfsvc - ok
00:08:42.0897 3200 MBR (0x1B8) (32a32adbc7112bd07d2546d035932152) \Device\Harddisk0\DR0
00:08:45.0718 3200 \Device\Harddisk0\DR0 - ok
00:08:45.0722 3200 Boot (0x1200) (9483522406c535821c051db078e57717) \Device\Harddisk0\DR0\Partition0
00:08:45.0724 3200 \Device\Harddisk0\DR0\Partition0 - ok
00:08:45.0725 3200 ============================================================
00:08:45.0725 3200 Scan finished
00:08:45.0725 3200 ============================================================
00:08:45.0738 5308 Detected object count: 4
00:08:45.0738 5308 Actual detected object count: 4
00:09:57.0380 5308 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:57.0380 5308 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:57.0381 5308 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:57.0381 5308 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:57.0381 5308 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:57.0381 5308 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:09:57.0381 5308 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:09:57.0382 5308 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
0
Réponse 4 / 9
Utilisateur anonyme
29 juil. 2012 à 00:14
Re

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.


- Installe le console de récupération comme demandé ;utile en cas de plantage

- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)


::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes


@+

0
Utilisateur anonyme
29 juil. 2012 à 00:15
tiens à titre info :

https://gen-hackman.kanak.fr/

c'est pour ca que j'ai envoyé pre_scan
0
Utilisateur anonyme
29 juil. 2012 à 00:21
Aperçu
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
cindy07 Messages postés 6 Date d'inscription samedi 28 juillet 2012 Statut Membre Dernière intervention 29 juillet 2012
29 juil. 2012 à 01:28
Voilà le rapport:

ComboFix 12-07-27.03 - Cindy 29/07/2012 0:43.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2972.1752 [GMT 2:00]
Lancé depuis: c:\users\Cindy\Desktop\asdehi.exe
AV: Pack Sécurité SFR 9.12 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Pack Sécurité SFR 9.12 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Pack Sécurité SFR 9.12 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-28 au 2012-07-28 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-28 22:52 . 2012-07-28 22:52 -------- d-----w- c:\users\Invité\AppData\Local\temp
2012-07-28 22:52 . 2012-07-28 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 22:52 . 2012-07-28 22:52 -------- d-----w- c:\users\Cindy_2\AppData\Local\temp
2012-07-28 18:06 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2012-07-28 18:06 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2012-07-28 18:06 . 1998-07-12 23:08 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-07-28 18:06 . 1998-07-12 23:08 59904 ----a-w- c:\windows\system32\MSCC2FR.DLL
2012-07-28 18:06 . 1998-07-12 23:08 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-07-28 18:06 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2012-07-28 18:06 . 2012-07-28 18:07 -------- d-----w- c:\program files\PDFCreator
2012-07-28 17:12 . 2012-07-28 17:12 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-28 17:09 . 2012-07-28 19:02 -------- d-----w- c:\programdata\036DFF8500483E6786ABFA152F3B707C
2012-07-26 13:02 . 2012-07-26 13:02 -------- d-----w- c:\programdata\TmForever
2012-07-26 12:58 . 2012-07-27 19:05 -------- d-----w- c:\program files\TmNationsForever
2012-07-13 18:19 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 17:25 . 2012-06-02 09:08 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-07-13 17:25 . 2012-06-02 08:22 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-07-13 17:25 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-13 17:25 . 2012-06-02 08:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-13 17:25 . 2012-06-02 08:21 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-13 17:25 . 2012-06-02 08:20 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-13 17:24 . 2012-06-02 09:08 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-13 17:24 . 2012-06-02 08:33 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-13 17:24 . 2012-06-02 08:27 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-07-13 17:24 . 2012-06-02 08:26 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-07-13 17:24 . 2012-06-02 08:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-12 18:13 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 18:12 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 18:12 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 18:11 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 18:11 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 18:11 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-03 19:01 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-07-03 19:01 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-07-03 19:01 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-03 18:59 . 2012-07-03 19:00 -------- d-----w- c:\windows\system32\AGEIA
2012-07-03 18:59 . 2012-07-03 19:00 -------- d-----w- c:\program files\AGEIA Technologies
2012-07-03 18:58 . 2012-07-03 18:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-03 18:57 . 2012-07-21 20:13 -------- d-----w- c:\program files\Agrar Simulator 2011
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 11:46 . 2012-04-07 10:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 08:44 . 2012-07-27 12:49 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{00AD1A72-647A-4A54-A012-E13010F90058}\mpengine.dll
2012-06-02 22:19 . 2012-06-24 09:35 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 09:35 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 09:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 09:34 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 09:35 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 09:35 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 09:34 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-24 09:34 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-24 09:34 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-02-20 13:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-09 15:21 . 2010-10-07 11:43 44184 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-05-01 14:03 . 2012-06-14 15:53 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}]
2011-06-10 06:24 165256 ----a-w- c:\program files\SFR\Kit\SFRNavErrorHelper.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Connexion SFR 9props.exe"="c:\program files\SFR\Kit\9props.exe" [2011-06-10 959880]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Skytel"="Skytel.exe" [2008-08-04 1833504]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"F-Secure Manager"="c:\program files\SFR\Pack Sécurité\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\SFR\Pack Sécurité\FSGUI\TNBUtil.exe" [2011-08-23 1655464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Cindy_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 15:32]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 15:32]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\SFR\Pack Se9,curite9,\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
FF - ProfilePath - c:\users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\534sg3tj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ver-filmes.com/
FF - prefs.js: keyword.URL - hxxp://redirecterror.sfr.fr/?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
**************************************************************************
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsgk32st.exe
c:\program files\SFR\Pack Sécurité\Common\FSMA32.EXE
c:\program files\SFR\Pack Sécurité\Anti-Virus\FSGK32.EXE
c:\program files\SFR\Pack Sécurité\Common\FSHDLL32.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\SFR\Pack Sécurité\FWES\Program\fsdfwd.exe
c:\program files\SFR\Pack Sécurité\ORSP Client\fsorsp.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fssm32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\SFR\Pack Sécurité\Anti-Virus\fsav32.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ehome\ehmsas.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2012-07-29 01:02:45 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-07-28 23:01
.
Avant-CF: 295 047 032 832 octets libres
Après-CF: 296 935 124 992 octets libres
.
- - End Of File - - 971F24AFD744CA37C71ABA0951614565

Ca a l'air bon désormais nan?
0
Réponse 6 / 9
Utilisateur anonyme
29 juil. 2012 à 01:32
Re

Pour vérification, fait ceci stp

Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Ou

https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

Serveur N°2

Ou

http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.

Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »


Clique sur la loupe pour lancer l'analyse.

Laisse l'outil travailler, il peut être assez long.

Ferme ZHPDiag en fin d'analyse.


Pour transmettre le rapport clique sur ce lien :


http://pjjoint.malekal.com/

https://www.cjoint.com/

Regarde sur le bureau

Sélectionne le fichier ZHPDiag.txt.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

Merci

@+
0
Réponse 7 / 9
cindy07 Messages postés 6 Date d'inscription samedi 28 juillet 2012 Statut Membre Dernière intervention 29 juillet 2012
29 juil. 2012 à 01:45
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120729_k6g7x12g5e5
0
Réponse 8 / 9
Utilisateur anonyme
29 juil. 2012 à 01:49
Re

Pour vérifier les mises à jour logiciels à appliquer sur ton PC
https://www.flexera.com/products/operations/software-vulnerability-management.html
Divers liens te seront proposés pour les logiciels non à jour.


@+
0
Réponse 9 / 9
cindy07 Messages postés 6 Date d'inscription samedi 28 juillet 2012 Statut Membre Dernière intervention 29 juillet 2012
29 juil. 2012 à 01:52
J'en prends note. Merci beaucoup pour l'aide!
Bonne soirée
0
cindy07 Messages postés 6 Date d'inscription samedi 28 juillet 2012 Statut Membre Dernière intervention 29 juillet 2012
29 juil. 2012 à 01:54
Et merci à g3n-h@ckm@n aussi quand même
0
Utilisateur anonyme
29 juil. 2012 à 01:54
pas de quoi :D
0

Discussions similaires

Live tiktok
Dialmari -
PouletAffectueux12 -

10 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
comment avoir accès à ma boîte mail live.fr
mag -
Redbart -

1 réponse