Hp probook 4520 lent, impossible de détécter le problème

Réponse 1 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

Nan,

Relance Pre_Scan clique sur Diag
Héberge le rapport (il serait trop long pour le poster en réponse)

Réponse 2 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

salut,

3 go de ram c'est peu pour un 64 bits ....

▶ Télécharge sur cette page: AdwCleaner (de Xplode)

▶ Lance-le

clique sur Suppression et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.

Réponse 3 / 25

Imad

Salut juju merci pour ton intervention, j'ai suivi tes instructions seulement, impossible d'installer ce adwcleaner et voila pourquoi :

Windows ne parvient pas à acceder au peripherique, au chemin d'accés, ou au fichier spécifié, vous ne disposez peut etre pas des autorisations appropriées pour avoir accés à l'élément..

(Pourtant j'ai essayé avec l'option administrateur

Réponse 4 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

Re,

▶ Télécharge et lance TDSSKiller.

▶ Choisis : Start Scan (clique pour l'aide en image) .

▶ Si TDSS.tdl2 est détecté, l'option Delete sera cochée par défaut.
▶ Si TDSS.tdl3 est détecté, assure-toi que Cure soit bien cochée.
▶ Si TDSS.tdl4(HardDisk0MBR) est détecté, assure-toi que Cure soit bien cochée.
▶ Si Suspicious file est indiqué, laisse l'option cochée sur Skip.
▶ Si Rootkit.Win32.ZAccess.* est détecté, règle l'outil sur Cure en haut , et Delete en bas.

▶ Si l'outil te le demande, redémarre pour finir le nettoyage.

▶ Sinon ferme le logiciel, un rapport se trouvera sous C:\TDSSKiller_N°DeVersion_Date_Heure_Log.txt.

▶ Héberge le rapport sur FEC Upload et donne le lien obtenu en retour.

Réponse 5 / 25

Imad

Salut Juju,

Faut croire que l'opération de nettoyage a vraiment été brève, seulement le redémarrage a pris du temps, en passant par l'assistant de récupération des données et de résolution des problèmes survenus...

Aucun des éléments cités ci dessous n'est apparu sur le rapport de scan a part " locked file",

Il faut noter aussi qu'aprés le redémarrage du pc, Tdsskiller a complétement disparu ne laissant aucune trace....

Voila le rapport de scan :

03:36:56.0327 5080 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
03:36:56.0859 5080 ============================================================
03:36:56.0859 5080 Current date / time: 2012/12/24 03:36:56.0859
03:36:56.0859 5080 SystemInfo:
03:36:56.0859 5080
03:36:56.0859 5080 OS Version: 6.1.7601 ServicePack: 1.0
03:36:56.0859 5080 Product type: Workstation
03:36:56.0859 5080 ComputerName: USER-HP
03:36:56.0859 5080 UserName: USER
03:36:56.0859 5080 Windows directory: C:\windows
03:36:56.0859 5080 System windows directory: C:\windows
03:36:56.0859 5080 Running under WOW64
03:36:56.0859 5080 Processor architecture: Intel x64
03:36:56.0859 5080 Number of processors: 2
03:36:56.0859 5080 Page size: 0x1000
03:36:56.0859 5080 Boot type: Normal boot
03:36:56.0859 5080 ============================================================
03:36:57.0627 5080 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:36:57.0627 5080 ============================================================
03:36:57.0627 5080 \Device\Harddisk0\DR0:
03:36:57.0627 5080 MBR partitions:
03:36:57.0627 5080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
03:36:57.0627 5080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x2319A000
03:36:57.0627 5080 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23230800, BlocksNum 0x1E00000
03:36:57.0627 5080 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x25030800, BlocksNum 0x3FDAB0
03:36:57.0627 5080 ============================================================
03:36:57.0657 5080 C: <-> \Device\Harddisk0\DR0\Partition2
03:36:57.0687 5080 F: <-> \Device\Harddisk0\DR0\Partition4
03:36:57.0687 5080 ============================================================
03:36:57.0687 5080 Initialize success
03:36:57.0687 5080 ============================================================
03:37:41.0916 5240 ============================================================
03:37:41.0916 5240 Scan started
03:37:41.0916 5240 Mode: Manual;
03:37:41.0916 5240 ============================================================
03:37:43.0046 5240 ================ Scan system memory ========================
03:37:43.0046 5240 System memory - ok
03:37:43.0046 5240 ================ Scan services =============================
03:37:43.0206 5240 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
03:37:43.0226 5240 1394ohci - ok
03:37:43.0266 5240 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
03:37:43.0316 5240 Accelerometer - ok
03:37:43.0386 5240 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
03:37:43.0416 5240 ACDaemon - ok
03:37:43.0446 5240 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
03:37:43.0476 5240 ACPI - ok
03:37:43.0496 5240 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
03:37:43.0516 5240 AcpiPmi - ok
03:37:43.0576 5240 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:37:43.0586 5240 AdobeARMservice - ok
03:37:43.0726 5240 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:37:43.0736 5240 AdobeFlashPlayerUpdateSvc - ok
03:37:43.0776 5240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
03:37:43.0826 5240 adp94xx - ok
03:37:43.0866 5240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
03:37:43.0886 5240 adpahci - ok
03:37:43.0906 5240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
03:37:43.0936 5240 adpu320 - ok
03:37:43.0966 5240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
03:37:43.0966 5240 AeLookupSvc - ok
03:37:44.0036 5240 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
03:37:44.0056 5240 AESTFilters - ok
03:37:44.0086 5240 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
03:37:44.0086 5240 Afc - ok
03:37:44.0146 5240 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
03:37:44.0166 5240 AFD - ok
03:37:44.0196 5240 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
03:37:44.0196 5240 AgereModemAudio - ok
03:37:44.0246 5240 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
03:37:44.0286 5240 AgereSoftModem - ok
03:37:44.0316 5240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
03:37:44.0326 5240 agp440 - ok
03:37:44.0346 5240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
03:37:44.0366 5240 ALG - ok
03:37:44.0386 5240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
03:37:44.0396 5240 aliide - ok
03:37:44.0396 5240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
03:37:44.0416 5240 amdide - ok
03:37:44.0446 5240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
03:37:44.0466 5240 AmdK8 - ok
03:37:44.0496 5240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
03:37:44.0526 5240 AmdPPM - ok
03:37:44.0536 5240 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
03:37:44.0546 5240 amdsata - ok
03:37:44.0566 5240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
03:37:44.0596 5240 amdsbs - ok
03:37:44.0606 5240 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
03:37:44.0616 5240 amdxata - ok
03:37:44.0676 5240 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
03:37:44.0676 5240 AppID - ok
03:37:44.0706 5240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
03:37:44.0726 5240 AppIDSvc - ok
03:37:44.0766 5240 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
03:37:44.0766 5240 Appinfo - ok
03:37:44.0786 5240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
03:37:44.0816 5240 arc - ok
03:37:44.0826 5240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
03:37:44.0856 5240 arcsas - ok
03:37:44.0896 5240 [ CE2168C926927BA926301BAF172BC693 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
03:37:44.0896 5240 ARCVCAM - ok
03:37:44.0926 5240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
03:37:44.0946 5240 AsyncMac - ok
03:37:44.0976 5240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
03:37:44.0986 5240 atapi - ok
03:37:45.0046 5240 [ E083E85426BA8C02F2FBF166B814583F ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
03:37:45.0066 5240 atksgt - ok
03:37:45.0126 5240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
03:37:45.0136 5240 AudioEndpointBuilder - ok
03:37:45.0166 5240 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
03:37:45.0166 5240 AudioSrv - ok
03:37:45.0236 5240 [ 946D70667B0119F2BEEAE0849E1D46A2 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
03:37:45.0246 5240 AVP - ok
03:37:45.0316 5240 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
03:37:45.0326 5240 AxInstSV - ok
03:37:45.0366 5240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
03:37:45.0406 5240 b06bdrv - ok
03:37:45.0446 5240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
03:37:45.0476 5240 b57nd60a - ok
03:37:45.0556 5240 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
03:37:45.0656 5240 BCM43XX - ok
03:37:45.0696 5240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
03:37:45.0716 5240 BDESVC - ok
03:37:45.0736 5240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
03:37:45.0756 5240 Beep - ok
03:37:45.0826 5240 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
03:37:45.0846 5240 BFE - ok
03:37:45.0876 5240 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
03:37:45.0926 5240 BITS - ok
03:37:45.0946 5240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
03:37:45.0966 5240 blbdrive - ok
03:37:45.0996 5240 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
03:37:46.0006 5240 bowser - ok
03:37:46.0036 5240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
03:37:46.0056 5240 BrFiltLo - ok
03:37:46.0066 5240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
03:37:46.0096 5240 BrFiltUp - ok
03:37:46.0096 5240 Scan interrupted by user!
03:37:46.0096 5240 ================ Scan global ===============================
03:37:46.0096 5240 Scan interrupted by user!
03:37:46.0096 5240 ================ Scan MBR ==================================
03:37:46.0096 5240 Scan interrupted by user!
03:37:46.0096 5240 ================ Scan VBR ==================================
03:37:46.0096 5240 Scan interrupted by user!
03:37:46.0096 5240 ============================================================
03:37:46.0096 5240 Scan finished
03:37:46.0096 5240 ============================================================
03:37:46.0106 0184 Detected object count: 0
03:37:46.0106 0184 Actual detected object count: 0
03:38:10.0486 1564 ============================================================
03:38:10.0486 1564 Scan started
03:38:10.0486 1564 Mode: Manual;
03:38:10.0486 1564 ============================================================
03:38:10.0586 1564 ================ Scan system memory ========================
03:38:10.0586 1564 System memory - ok
03:38:10.0586 1564 ================ Scan services =============================
03:38:10.0696 1564 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
03:38:10.0696 1564 1394ohci - ok
03:38:10.0736 1564 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
03:38:10.0736 1564 Accelerometer - ok
03:38:10.0806 1564 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
03:38:10.0806 1564 ACDaemon - ok
03:38:10.0826 1564 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
03:38:10.0836 1564 ACPI - ok
03:38:10.0846 1564 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
03:38:10.0846 1564 AcpiPmi - ok
03:38:10.0896 1564 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:38:10.0896 1564 AdobeARMservice - ok
03:38:10.0996 1564 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:38:11.0006 1564 AdobeFlashPlayerUpdateSvc - ok
03:38:11.0036 1564 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
03:38:11.0036 1564 adp94xx - ok
03:38:11.0066 1564 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
03:38:11.0066 1564 adpahci - ok
03:38:11.0086 1564 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
03:38:11.0086 1564 adpu320 - ok
03:38:11.0116 1564 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
03:38:11.0116 1564 AeLookupSvc - ok
03:38:11.0176 1564 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
03:38:11.0176 1564 AESTFilters - ok
03:38:11.0196 1564 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
03:38:11.0196 1564 Afc - ok
03:38:11.0246 1564 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
03:38:11.0246 1564 AFD - ok
03:38:11.0266 1564 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
03:38:11.0266 1564 AgereModemAudio - ok
03:38:11.0296 1564 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
03:38:11.0306 1564 AgereSoftModem - ok
03:38:11.0336 1564 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
03:38:11.0336 1564 agp440 - ok
03:38:11.0356 1564 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
03:38:11.0356 1564 ALG - ok
03:38:11.0366 1564 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
03:38:11.0366 1564 aliide - ok
03:38:11.0386 1564 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
03:38:11.0386 1564 amdide - ok
03:38:11.0416 1564 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
03:38:11.0416 1564 AmdK8 - ok
03:38:11.0436 1564 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
03:38:11.0436 1564 AmdPPM - ok
03:38:11.0456 1564 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
03:38:11.0456 1564 amdsata - ok
03:38:11.0486 1564 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
03:38:11.0486 1564 amdsbs - ok
03:38:11.0496 1564 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
03:38:11.0496 1564 amdxata - ok
03:38:11.0546 1564 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
03:38:11.0546 1564 AppID - ok
03:38:11.0556 1564 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
03:38:11.0556 1564 AppIDSvc - ok
03:38:11.0596 1564 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
03:38:11.0596 1564 Appinfo - ok
03:38:11.0616 1564 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
03:38:11.0616 1564 arc - ok
03:38:11.0636 1564 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
03:38:11.0636 1564 arcsas - ok
03:38:11.0656 1564 [ CE2168C926927BA926301BAF172BC693 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
03:38:11.0666 1564 ARCVCAM - ok
03:38:11.0676 1564 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
03:38:11.0676 1564 AsyncMac - ok
03:38:11.0696 1564 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
03:38:11.0696 1564 atapi - ok
03:38:11.0726 1564 [ E083E85426BA8C02F2FBF166B814583F ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
03:38:11.0726 1564 atksgt - ok
03:38:11.0776 1564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
03:38:11.0776 1564 AudioEndpointBuilder - ok
03:38:11.0806 1564 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
03:38:11.0806 1564 AudioSrv - ok
03:38:11.0866 1564 [ 946D70667B0119F2BEEAE0849E1D46A2 ] AVP C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
03:38:11.0866 1564 AVP - ok
03:38:11.0886 1564 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
03:38:11.0886 1564 AxInstSV - ok
03:38:11.0916 1564 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
03:38:11.0916 1564 b06bdrv - ok
03:38:11.0936 1564 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
03:38:11.0936 1564 b57nd60a - ok
03:38:12.0006 1564 [ 810BE94A9E42309B3F74217AC28BC6AC ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
03:38:12.0026 1564 BCM43XX - ok
03:38:12.0066 1564 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
03:38:12.0066 1564 BDESVC - ok
03:38:12.0076 1564 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
03:38:12.0076 1564 Beep - ok
03:38:12.0096 1564 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
03:38:12.0106 1564 BFE - ok
03:38:12.0126 1564 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
03:38:12.0136 1564 BITS - ok
03:38:12.0146 1564 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
03:38:12.0146 1564 blbdrive - ok
03:38:12.0166 1564 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
03:38:12.0166 1564 bowser - ok
03:38:12.0196 1564 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
03:38:12.0196 1564 BrFiltLo - ok
03:38:12.0226 1564 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
03:38:12.0226 1564 BrFiltUp - ok
03:38:12.0256 1564 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
03:38:12.0256 1564 Browser - ok
03:38:12.0286 1564 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
03:38:12.0306 1564 Brserid - ok
03:38:12.0326 1564 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
03:38:12.0346 1564 BrSerWdm - ok
03:38:12.0376 1564 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
03:38:12.0396 1564 BrUsbMdm - ok
03:38:12.0406 1564 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
03:38:12.0426 1564 BrUsbSer - ok
03:38:12.0476 1564 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
03:38:12.0496 1564 BthEnum - ok
03:38:12.0526 1564 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
03:38:12.0546 1564 BTHMODEM - ok
03:38:12.0576 1564 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
03:38:12.0596 1564 BthPan - ok
03:38:12.0636 1564 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
03:38:12.0666 1564 BTHPORT - ok
03:38:12.0696 1564 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
03:38:12.0696 1564 bthserv - ok
03:38:12.0716 1564 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
03:38:12.0746 1564 BTHUSB - ok
03:38:12.0776 1564 [ 59E3510784548C6939C1B3B985C232E3 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
03:38:12.0796 1564 btwampfl - ok
03:38:12.0836 1564 [ 1872074ED0A3FB22E3F1E3197B984BFA ] btwaudio C:\windows\system32\drivers\btwaudio.sys
03:38:12.0856 1564 btwaudio - ok
03:38:12.0876 1564 [ 691CF076C33AB1C3A5B2FD5450300733 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
03:38:12.0896 1564 btwavdt - ok
03:38:12.0966 1564 [ 8BA6E93A182126781952A7895EC1E4B2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
03:38:12.0996 1564 btwdins - ok
03:38:13.0006 1564 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
03:38:13.0036 1564 btwl2cap - ok
03:38:13.0046 1564 [ C9273B20DEC8CE38DBCE5D29DE63C907 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
03:38:13.0076 1564 btwrchid - ok
03:38:13.0106 1564 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
03:38:13.0126 1564 cdfs - ok
03:38:13.0146 1564 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
03:38:13.0156 1564 cdrom - ok
03:38:13.0216 1564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
03:38:13.0216 1564 CertPropSvc - ok
03:38:13.0236 1564 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
03:38:13.0276 1564 circlass - ok
03:38:13.0306 1564 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
03:38:13.0326 1564 CLFS - ok
03:38:13.0376 1564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:38:13.0426 1564 clr_optimization_v2.0.50727_32 - ok
03:38:13.0466 1564 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:38:13.0486 1564 clr_optimization_v2.0.50727_64 - ok
03:38:13.0566 1564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:38:13.0576 1564 clr_optimization_v4.0.30319_32 - ok
03:38:13.0616 1564 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:38:13.0626 1564 clr_optimization_v4.0.30319_64 - ok
03:38:13.0656 1564 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
03:38:13.0686 1564 CmBatt - ok
03:38:13.0696 1564 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
03:38:13.0706 1564 cmdide - ok
03:38:13.0736 1564 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
03:38:13.0766 1564 CNG - ok
03:38:13.0776 1564 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
03:38:13.0806 1564 Compbatt - ok
03:38:13.0816 1564 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
03:38:13.0826 1564 CompositeBus - ok
03:38:13.0826 1564 COMSysApp - ok
03:38:13.0856 1564 CpqDfw - ok
03:38:13.0866 1564 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
03:38:13.0886 1564 crcdisk - ok
03:38:13.0916 1564 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
03:38:13.0926 1564 CryptSvc - ok
03:38:13.0956 1564 [ A8BA4DA23AC20BDA23CA15234D42A3FA ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
03:38:13.0966 1564 DAMDrv - ok
03:38:14.0016 1564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
03:38:14.0036 1564 DcomLaunch - ok
03:38:14.0116 1564 [ E6E9610D76418357A7EC725989687CB4 ] DEBridge C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
03:38:14.0136 1564 DEBridge - ok
03:38:14.0166 1564 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
03:38:14.0176 1564 defragsvc - ok
03:38:14.0216 1564 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
03:38:14.0216 1564 DfsC - ok
03:38:14.0246 1564 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
03:38:14.0256 1564 Dhcp - ok
03:38:14.0276 1564 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
03:38:14.0296 1564 discache - ok
03:38:14.0326 1564 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
03:38:14.0336 1564 Disk - ok
03:38:14.0366 1564 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
03:38:14.0366 1564 Dnscache - ok
03:38:14.0406 1564 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
03:38:14.0416 1564 dot3svc - ok
03:38:14.0456 1564 [ EF8004B4A9552C77FD0E99AB08841D13 ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
03:38:14.0476 1564 DpHost - ok
03:38:14.0536 1564 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
03:38:14.0536 1564 DPS - ok
03:38:14.0556 1564 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
03:38:14.0576 1564 drmkaud - ok
03:38:14.0626 1564 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
03:38:14.0646 1564 DXGKrnl - ok
03:38:14.0676 1564 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
03:38:14.0676 1564 EapHost - ok
03:38:14.0756 1564 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
03:38:14.0846 1564 ebdrv - ok
03:38:14.0876 1564 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
03:38:14.0876 1564 EFS - ok
03:38:14.0926 1564 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
03:38:14.0936 1564 ehRecvr - ok
03:38:14.0966 1564 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
03:38:14.0986 1564 ehSched - ok
03:38:15.0016 1564 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
03:38:15.0046 1564 elxstor - ok
03:38:15.0066 1564 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
03:38:15.0076 1564 ErrDev - ok
03:38:15.0116 1564 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
03:38:15.0126 1564 EventSystem - ok
03:38:15.0146 1564 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
03:38:15.0166 1564 exfat - ok
03:38:15.0186 1564 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
03:38:15.0216 1564 fastfat - ok
03:38:15.0266 1564 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
03:38:15.0286 1564 Fax - ok
03:38:15.0306 1564 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
03:38:15.0326 1564 fdc - ok
03:38:15.0336 1564 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
03:38:15.0356 1564 fdPHost - ok
03:38:15.0366 1564 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
03:38:15.0376 1564 FDResPub - ok
03:38:15.0396 1564 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
03:38:15.0406 1564 FileInfo - ok
03:38:15.0426 1564 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
03:38:15.0436 1564 Filetrace - ok
03:38:15.0496 1564 [ 7E728680AA428506A82351D859C32C95 ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
03:38:15.0526 1564 FLCDLOCK - ok
03:38:15.0556 1564 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
03:38:15.0576 1564 flpydisk - ok
03:38:15.0646 1564 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
03:38:15.0656 1564 FltMgr - ok
03:38:15.0696 1564 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
03:38:15.0726 1564 FontCache - ok
03:38:15.0776 1564 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:38:15.0776 1564 FontCache3.0.0.0 - ok
03:38:15.0786 1564 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
03:38:15.0816 1564 FsDepends - ok
03:38:15.0846 1564 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
03:38:15.0866 1564 fssfltr - ok
03:38:15.0956 1564 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
03:38:15.0996 1564 fsssvc - ok
03:38:16.0026 1564 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
03:38:16.0036 1564 Fs_Rec - ok
03:38:16.0086 1564 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
03:38:16.0086 1564 fvevol - ok
03:38:16.0116 1564 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
03:38:16.0146 1564 gagp30kx - ok
03:38:16.0196 1564 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
03:38:16.0226 1564 gpsvc - ok
03:38:16.0246 1564 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
03:38:16.0276 1564 hcw85cir - ok
03:38:16.0306 1564 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
03:38:16.0326 1564 HdAudAddService - ok
03:38:16.0356 1564 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
03:38:16.0356 1564 HDAudBus - ok
03:38:16.0396 1564 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
03:38:16.0406 1564 HECIx64 - ok
03:38:16.0416 1564 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
03:38:16.0436 1564 HidBatt - ok
03:38:16.0466 1564 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
03:38:16.0486 1564 HidBth - ok
03:38:16.0506 1564 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
03:38:16.0526 1564 HidIr - ok
03:38:16.0546 1564 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
03:38:16.0546 1564 hidserv - ok
03:38:16.0576 1564 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
03:38:16.0586 1564 HidUsb - ok
03:38:16.0626 1564 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
03:38:16.0626 1564 hkmsvc - ok
03:38:16.0666 1564 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
03:38:16.0686 1564 HomeGroupListener - ok
03:38:16.0726 1564 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
03:38:16.0736 1564 HomeGroupProvider - ok
03:38:16.0796 1564 [ A094A4096AD7A90E2D790B590D3CBFD4 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
03:38:16.0796 1564 HP Power Assistant Service - ok
03:38:16.0856 1564 [ AE2A8C80205F06BE5EDC63BE0AE9A756 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
03:38:16.0866 1564 HP ProtectTools Service - ok
03:38:16.0926 1564 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
03:38:16.0946 1564 HP Support Assistant Service - ok
03:38:16.0976 1564 [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
03:38:16.0976 1564 HP Wireless Assistant Service - ok
03:38:17.0056 1564 [ 94C74D758E0F7B1D962DA452B4D28C91 ] HPDayStarterService c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
03:38:17.0056 1564 HPDayStarterService - ok
03:38:17.0126 1564 [ B7382BEC806B7B00FC84B3E2061FF48E ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
03:38:17.0166 1564 HPDrvMntSvc.exe - ok
03:38:17.0196 1564 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
03:38:17.0226 1564 hpdskflt - ok
03:38:17.0246 1564 [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
03:38:17.0246 1564 HpFkCryptService - ok
03:38:17.0296 1564 [ C9D858E20AE696E7A0D9A05B595F850A ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
03:38:17.0306 1564 HPFSService - ok
03:38:17.0366 1564 [ 4D94F4D7782657E79EB1352570B563DB ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
03:38:17.0366 1564 hpHotkeyMonitor - ok
03:38:17.0396 1564 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
03:38:17.0426 1564 HpqKbFiltr - ok
03:38:17.0466 1564 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
03:38:17.0486 1564 hpqwmiex - ok
03:38:17.0516 1564 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
03:38:17.0526 1564 HpSAMD - ok
03:38:17.0546 1564 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\windows\system32\Hpservice.exe
03:38:17.0556 1564 hpsrv - ok
03:38:17.0606 1564 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
03:38:17.0626 1564 HTTP - ok
03:38:17.0666 1564 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
03:38:17.0666 1564 hwpolicy - ok
03:38:17.0686 1564 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
03:38:17.0696 1564 i8042prt - ok
03:38:17.0736 1564 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
03:38:17.0736 1564 iaStor - ok
03:38:17.0816 1564 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
03:38:17.0816 1564 IAStorDataMgrSvc - ok
03:38:17.0856 1564 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
03:38:17.0886 1564 iaStorV - ok
03:38:17.0946 1564 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:38:17.0966 1564 idsvc - ok
03:38:18.0186 1564 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
03:38:18.0396 1564 igfx - ok
03:38:18.0436 1564 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
03:38:18.0456 1564 iirsp - ok
03:38:18.0506 1564 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
03:38:18.0536 1564 IKEEXT - ok
03:38:18.0556 1564 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
03:38:18.0586 1564 Impcd - ok
03:38:18.0626 1564 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
03:38:18.0666 1564 IntcDAud - ok
03:38:18.0686 1564 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
03:38:18.0696 1564 intelide - ok
03:38:18.0726 1564 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
03:38:18.0756 1564 intelppm - ok
03:38:18.0786 1564 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
03:38:18.0806 1564 IPBusEnum - ok
03:38:18.0856 1564 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
03:38:18.0866 1564 IpFilterDriver - ok
03:38:18.0896 1564 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
03:38:18.0916 1564 iphlpsvc - ok
03:38:18.0936 1564 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
03:38:18.0946 1564 IPMIDRV - ok
03:38:18.0956 1564 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
03:38:18.0986 1564 IPNAT - ok
03:38:19.0006 1564 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
03:38:19.0026 1564 IRENUM - ok
03:38:19.0046 1564 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
03:38:19.0056 1564 isapnp - ok
03:38:19.0066 1564 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
03:38:19.0096 1564 iScsiPrt - ok
03:38:19.0106 1564 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
03:38:19.0116 1564 kbdclass - ok
03:38:19.0136 1564 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
03:38:19.0146 1564 kbdhid - ok
03:38:19.0166 1564 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
03:38:19.0166 1564 KeyIso - ok
03:38:19.0246 1564 [ 8D7120743A0973CEAB548B475C9D4289 ] KL1 C:\windows\system32\DRIVERS\kl1.sys
03:38:19.0266 1564 KL1 - ok
03:38:19.0276 1564 [ CD146D8E525D6EEBDCAF24120A8AB9CE ] kl2 C:\windows\system32\DRIVERS\kl2.sys
03:38:19.0286 1564 kl2 - ok
03:38:19.0356 1564 [ 177505577604C94C4BE7B9316A90ADA1 ] KLIF C:\windows\system32\DRIVERS\klif.sys
03:38:19.0376 1564 KLIF - ok
03:38:19.0386 1564 [ 2A64B3A9EED93A2E96537B67C079FC96 ] KLIM6 C:\windows\system32\DRIVERS\klim6.sys
03:38:19.0396 1564 KLIM6 - ok
03:38:19.0436 1564 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\windows\system32\DRIVERS\klmouflt.sys
03:38:19.0436 1564 klmouflt - ok
03:38:19.0466 1564 KMService - ok
03:38:19.0486 1564 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
03:38:19.0506 1564 KSecDD - ok
03:38:19.0536 1564 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
03:38:19.0556 1564 KSecPkg - ok
03:38:19.0576 1564 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
03:38:19.0606 1564 ksthunk - ok
03:38:19.0636 1564 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
03:38:19.0656 1564 KtmRm - ok
03:38:19.0716 1564 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
03:38:19.0726 1564 LanmanServer - ok
03:38:19.0776 1564 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
03:38:19.0776 1564 LanmanWorkstation - ok
03:38:19.0866 1564 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
03:38:19.0866 1564 LightScribeService - ok
03:38:19.0916 1564 [ B658B7076B1ACAA5876524595630F183 ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
03:38:19.0936 1564 lirsgt - ok
03:38:19.0956 1564 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
03:38:19.0986 1564 lltdio - ok
03:38:20.0016 1564 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
03:38:20.0036 1564 lltdsvc - ok
03:38:20.0066 1564 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
03:38:20.0066 1564 lmhosts - ok
03:38:20.0116 1564 [ BB4E55778D8DE3885E1CDAC795DE7BCE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
03:38:20.0126 1564 LMS - ok
03:38:20.0156 1564 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
03:38:20.0186 1564 LSI_FC - ok
03:38:20.0226 1564 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
03:38:20.0246 1564 LSI_SAS - ok
03:38:20.0326 1564 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
03:38:20.0366 1564 LSI_SAS2 - ok
03:38:20.0386 1564 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
03:38:20.0416 1564 LSI_SCSI - ok
03:38:20.0436 1564 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
03:38:20.0456 1564 luafv - ok
03:38:20.0496 1564 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
03:38:20.0496 1564 Mcx2Svc - ok
03:38:20.0506 1564 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
03:38:20.0536 1564 megasas - ok
03:38:20.0566 1564 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
03:38:20.0596 1564 MegaSR - ok
03:38:20.0716 1564 Microsoft SharePoint Workspace Audit Service - ok
03:38:20.0756 1564 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
03:38:20.0766 1564 MMCSS - ok
03:38:20.0776 1564 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
03:38:20.0796 1564 Modem - ok
03:38:20.0816 1564 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
03:38:20.0826 1564 monitor - ok
03:38:20.0856 1564 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
03:38:20.0866 1564 mouclass - ok
03:38:20.0886 1564 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
03:38:20.0886 1564 mouhid - ok
03:38:20.0936 1564 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
03:38:20.0936 1564 mountmgr - ok
03:38:21.0006 1564 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:38:21.0026 1564 MozillaMaintenance - ok
03:38:21.0046 1564 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
03:38:21.0066 1564 mpio - ok
03:38:21.0086 1564 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
03:38:21.0106 1564 mpsdrv - ok
03:38:21.0156 1564 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
03:38:21.0186 1564 MpsSvc - ok
03:38:21.0226 1564 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
03:38:21.0226 1564 MRxDAV - ok
03:38:21.0246 1564 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
03:38:21.0276 1564 mrxsmb - ok
03:38:21.0296 1564 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
03:38:21.0306 1564 mrxsmb10 - ok
03:38:21.0336 1564 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
03:38:21.0346 1564 mrxsmb20 - ok
03:38:21.0356 1564 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
03:38:21.0366 1564 msahci - ok
03:38:21.0396 1564 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
03:38:21.0406 1564 msdsm - ok
03:38:21.0436 1564 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
03:38:21.0456 1564 MSDTC - ok
03:38:21.0486 1564 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
03:38:21.0496 1564 Msfs - ok
03:38:21.0526 1564 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
03:38:21.0546 1564 mshidkmdf - ok
03:38:21.0556 1564 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
03:38:21.0566 1564 msisadrv - ok
03:38:21.0586 1564 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
03:38:21.0606 1564 MSiSCSI - ok
03:38:21.0616 1564 msiserver - ok
03:38:21.0646 1564 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
03:38:21.0666 1564 MSKSSRV - ok
03:38:21.0676 1564 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
03:38:21.0696 1564 MSPCLOCK - ok
03:38:21.0706 1564 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
03:38:21.0726 1564 MSPQM - ok
03:38:21.0776 1564 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
03:38:21.0776 1564 MsRPC - ok
03:38:21.0796 1564 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
03:38:21.0806 1564 mssmbios - ok
03:38:21.0816 1564 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
03:38:21.0826 1564 MSTEE - ok
03:38:21.0836 1564 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
03:38:21.0866 1564 MTConfig - ok
03:38:21.0886 1564 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
03:38:21.0896 1564 Mup - ok
03:38:21.0946 1564 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
03:38:21.0956 1564 napagent - ok
03:38:21.0976 1564 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
03:38:22.0006 1564 NativeWifiP - ok
03:38:22.0116 1564 [ 6D8FCDD5BB3B676EF58FA234073492C6 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
03:38:22.0186 1564 NBService - ok
03:38:22.0236 1564 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
03:38:22.0286 1564 NDIS - ok
03:38:22.0316 1564 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
03:38:22.0326 1564 NdisCap - ok
03:38:22.0356 1564 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
03:38:22.0376 1564 NdisTapi - ok
03:38:22.0416 1564 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
03:38:22.0426 1564 Ndisuio - ok
03:38:22.0466 1564 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
03:38:22.0476 1564 NdisWan - ok
03:38:22.0516 1564 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
03:38:22.0526 1564 NDProxy - ok
03:38:22.0536 1564 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
03:38:22.0566 1564 NetBIOS - ok
03:38:22.0606 1564 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
03:38:22.0616 1564 NetBT - ok
03:38:22.0626 1564 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
03:38:22.0626 1564 Netlogon - ok
03:38:22.0656 1564 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
03:38:22.0666 1564 Netman - ok
03:38:22.0686 1564 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
03:38:22.0686 1564 netprofm - ok
03:38:22.0716 1564 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:38:22.0746 1564 NetTcpPortSharing - ok
03:38:22.0766 1564 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
03:38:22.0786 1564 nfrd960 - ok
03:38:22.0816 1564 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
03:38:22.0826 1564 NlaSvc - ok
03:38:22.0916 1564 [ E32686B4E27D11F83E3F2844E104C66C ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
03:38:22.0916 1564 NMIndexingService - ok
03:38:22.0946 1564 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
03:38:22.0976 1564 Npfs - ok
03:38:22.0996 1564 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
03:38:22.0996 1564 nsi - ok
03:38:23.0016 1564 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
03:38:23.0036 1564 nsiproxy - ok
03:38:23.0076 1564 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
03:38:23.0126 1564 Ntfs - ok
03:38:23.0136 1564 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
03:38:23.0156 1564 Null - ok
03:38:23.0176 1564 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
03:38:23.0186 1564 nvraid - ok
03:38:23.0206 1564 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
03:38:23.0216 1564 nvstor - ok
03:38:23.0226 1564 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
03:38:23.0236 1564 nv_agp - ok
03:38:23.0266 1564 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
03:38:23.0276 1564 ohci1394 - ok
03:38:23.0336 1564 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:38:23.0346 1564 ose - ok
03:38:23.0546 1564 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:38:23.0586 1564 osppsvc - ok
03:38:23.0626 1564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
03:38:23.0656 1564 p2pimsvc - ok
03:38:23.0666 1564 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
03:38:23.0696 1564 p2psvc - ok
03:38:23.0716 1564 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
03:38:23.0746 1564 Parport - ok
03:38:23.0766 1564 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
03:38:23.0796 1564 partmgr - ok
03:38:23.0806 1564 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
03:38:23.0806 1564 PcaSvc - ok
03:38:23.0836 1564 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
03:38:23.0856 1564 pci - ok
03:38:23.0866 1564 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
03:38:23.0876 1564 pciide - ok
03:38:23.0896 1564 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
03:38:23.0926 1564 pcmcia - ok
03:38:23.0946 1564 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
03:38:23.0966 1564 pcw - ok
03:38:23.0986 1564 pdfcDispatcher - ok
03:38:24.0006 1564 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
03:38:24.0036 1564 PEAUTH - ok
03:38:24.0116 1564 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
03:38:24.0136 1564 PerfHost - ok
03:38:24.0216 1564 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
03:38:24.0266 1564 pla - ok
03:38:24.0306 1564 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
03:38:24.0316 1564 PlugPlay - ok
03:38:24.0346 1564 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
03:38:24.0376 1564 PNRPAutoReg - ok
03:38:24.0386 1564 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
03:38:24.0396 1564 PNRPsvc - ok
03:38:24.0416 1564 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
03:38:24.0436 1564 PolicyAgent - ok
03:38:24.0466 1564 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
03:38:24.0466 1564 Power - ok
03:38:24.0516 1564 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
03:38:24.0526 1564 PptpMiniport - ok
03:38:24.0546 1564 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
03:38:24.0566 1564 Processor - ok
03:38:24.0606 1564 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
03:38:24.0606 1564 ProfSvc - ok
03:38:24.0626 1564 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
03:38:24.0626 1564 ProtectedStorage - ok
03:38:24.0666 1564 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
03:38:24.0676 1564 Psched - ok
03:38:24.0726 1564 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
03:38:24.0786 1564 ql2300 - ok
03:38:24.0796 1564 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
03:38:24.0826 1564 ql40xx - ok
03:38:24.0856 1564 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
03:38:24.0876 1564 QWAVE - ok
03:38:24.0896 1564 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
03:38:24.0916 1564 QWAVEdrv - ok
03:38:24.0926 1564 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
03:38:24.0956 1564 RasAcd - ok
03:38:24.0976 1564 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
03:38:24.0996 1564 RasAgileVpn - ok
03:38:25.0016 1564 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
03:38:25.0046 1564 RasAuto - ok
03:38:25.0086 1564 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
03:38:25.0086 1564 Rasl2tp - ok
03:38:25.0116 1564 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
03:38:25.0126 1564 RasMan - ok
03:38:25.0136 1564 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
03:38:25.0156 1564 RasPppoe - ok
03:38:25.0166 1564 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
03:38:25.0186 1564 RasSstp - ok
03:38:25.0236 1564 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
03:38:25.0236 1564 rdbss - ok
03:38:25.0246 1564 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
03:38:25.0276 1564 rdpbus - ok
03:38:25.0286 1564 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
03:38:25.0306 1564 RDPCDD - ok
03:38:25.0326 1564 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
03:38:25.0336 1564 RDPENCDD - ok
03:38:25.0356 1564 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
03:38:25.0366 1564 RDPREFMP - ok
03:38:25.0386 1564 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
03:38:25.0416 1564 RDPWD - ok
03:38:25.0456 1564 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
03:38:25.0456 1564 rdyboost - ok
03:38:25.0476 1564 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
03:38:25.0496 1564 RemoteAccess - ok
03:38:25.0526 1564 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
03:38:25.0546 1564 RemoteRegistry - ok
03:38:25.0586 1564 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
03:38:25.0606 1564 RFCOMM - ok
03:38:25.0626 1564 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
03:38:25.0626 1564 RpcEptMapper - ok
03:38:25.0656 1564 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
03:38:25.0666 1564 RpcLocator - ok
03:38:25.0766 1564 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
03:38:25.0766 1564 RpcSs - ok
03:38:25.0796 1564 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
03:38:25.0816 1564 rspndr - ok
03:38:25.0846 1564 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
03:38:25.0876 1564 RSUSBSTOR - ok
03:38:25.0896 1564 [ 26E0D15FB1835F7ED638F157CCD2E04D ] RsvLock C:\windows\system32\drivers\RsvLock.sys
03:38:25.0926 1564 RsvLock - ok
03:38:25.0966 1564 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
03:38:26.0016 1564 RTL8167 - ok
03:38:26.0046 1564 [ AFF453E04F8ACF26449D9B56FFB96BB1 ] rtsuvc C:\windows\system32\DRIVERS\rtsuvc.sys
03:38:26.0056 1564 rtsuvc - ok
03:38:26.0086 1564 [ 6EF8E5E3A079C97C70915CF740E89977 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
03:38:26.0086 1564 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977
03:38:26.0086 1564 SafeBoot ( LockedFile.Multi.Generic ) - warning
03:38:26.0086 1564 SafeBoot - detected LockedFile.Multi.Generic (1)
03:38:26.0106 1564 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
03:38:26.0106 1564 SamSs - ok
03:38:26.0126 1564 [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg C:\windows\system32\drivers\SbAlg.sys
03:38:26.0156 1564 SbAlg - ok
03:38:26.0176 1564 [ 43027F1996F3AC6BD54B8A871996B7B3 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
03:38:26.0196 1564 SbFsLock - ok
03:38:26.0236 1564 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
03:38:26.0236 1564 sbp2port - ok
03:38:26.0266 1564 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
03:38:26.0296 1564 SCardSvr - ok
03:38:26.0336 1564 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
03:38:26.0336 1564 scfilter - ok
03:38:26.0416 1564 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
03:38:26.0446 1564 Schedule - ok
03:38:26.0486 1564 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
03:38:26.0486 1564 SCPolicySvc - ok
03:38:26.0526 1564 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
03:38:26.0526 1564 sdbus - ok
03:38:26.0546 1564 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
03:38:26.0546 1564 SDRSVC - ok
03:38:26.0576 1564 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
03:38:26.0596 1564 secdrv - ok
03:38:26.0636 1564 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
03:38:26.0646 1564 seclogon - ok
03:38:26.0656 1564 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
03:38:26.0656 1564 SENS - ok
03:38:26.0686 1564 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
03:38:26.0696 156

Réponse 6 / 25

Imad

Suite du rapport.....

03:38:26.0726 1564 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
03:38:26.0746 1564 Serenum - ok
03:38:26.0756 1564 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
03:38:26.0786 1564 Serial - ok
03:38:26.0796 1564 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
03:38:26.0806 1564 sermouse - ok
03:38:26.0856 1564 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
03:38:26.0856 1564 SessionEnv - ok
03:38:26.0886 1564 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
03:38:26.0896 1564 sffdisk - ok
03:38:26.0906 1564 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
03:38:26.0906 1564 sffp_mmc - ok
03:38:26.0926 1564 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
03:38:26.0926 1564 sffp_sd - ok
03:38:26.0956 1564 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
03:38:26.0976 1564 sfloppy - ok
03:38:26.0996 1564 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
03:38:27.0026 1564 SharedAccess - ok
03:38:27.0066 1564 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
03:38:27.0076 1564 ShellHWDetection - ok
03:38:27.0106 1564 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
03:38:27.0126 1564 SiSRaid2 - ok
03:38:27.0136 1564 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
03:38:27.0166 1564 SiSRaid4 - ok
03:38:27.0296 1564 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
03:38:27.0356 1564 Skype C2C Service - ok
03:38:27.0396 1564 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:38:27.0426 1564 SkypeUpdate - ok
03:38:27.0456 1564 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
03:38:27.0476 1564 Smb - ok
03:38:27.0516 1564 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
03:38:27.0536 1564 SNMPTRAP - ok
03:38:27.0546 1564 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
03:38:27.0566 1564 spldr - ok
03:38:27.0586 1564 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
03:38:27.0606 1564 Spooler - ok
03:38:27.0696 1564 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
03:38:27.0766 1564 sppsvc - ok
03:38:27.0796 1564 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
03:38:27.0826 1564 sppuinotify - ok
03:38:27.0906 1564 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\windows\System32\Drivers\sptd.sys
03:38:27.0936 1564 sptd - ok
03:38:27.0956 1564 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
03:38:27.0986 1564 srv - ok
03:38:27.0996 1564 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
03:38:28.0026 1564 srv2 - ok
03:38:28.0036 1564 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
03:38:28.0046 1564 srvnet - ok
03:38:28.0056 1564 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
03:38:28.0066 1564 SSDPSRV - ok
03:38:28.0076 1564 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
03:38:28.0106 1564 SstpSvc - ok
03:38:28.0196 1564 [ F8807AAF697E1D20C9D7716A4941E574 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
03:38:28.0226 1564 STacSV - ok
03:38:28.0246 1564 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
03:38:28.0276 1564 stexstor - ok
03:38:28.0306 1564 [ 96DF19A03D37F8568141612D31F0D035 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
03:38:28.0326 1564 STHDA - ok
03:38:28.0386 1564 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
03:38:28.0406 1564 stisvc - ok
03:38:28.0426 1564 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
03:38:28.0436 1564 swenum - ok
03:38:28.0476 1564 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
03:38:28.0506 1564 swprv - ok
03:38:28.0556 1564 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
03:38:28.0586 1564 SynTP - ok
03:38:28.0666 1564 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
03:38:28.0696 1564 SysMain - ok
03:38:28.0746 1564 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
03:38:28.0746 1564 TabletInputService - ok
03:38:28.0766 1564 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
03:38:28.0776 1564 TapiSrv - ok
03:38:28.0796 1564 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
03:38:28.0816 1564 TBS - ok
03:38:28.0866 1564 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
03:38:28.0906 1564 Tcpip - ok
03:38:28.0966 1564 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
03:38:28.0976 1564 TCPIP6 - ok
03:38:28.0996 1564 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
03:38:29.0006 1564 tcpipreg - ok
03:38:29.0036 1564 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
03:38:29.0056 1564 TDPIPE - ok
03:38:29.0076 1564 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
03:38:29.0086 1564 TDTCP - ok
03:38:29.0136 1564 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
03:38:29.0136 1564 tdx - ok
03:38:29.0166 1564 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
03:38:29.0166 1564 TermDD - ok
03:38:29.0186 1564 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
03:38:29.0206 1564 TermService - ok
03:38:29.0216 1564 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
03:38:29.0226 1564 Themes - ok
03:38:29.0246 1564 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
03:38:29.0246 1564 THREADORDER - ok
03:38:29.0286 1564 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
03:38:29.0296 1564 TPM - ok
03:38:29.0316 1564 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
03:38:29.0316 1564 TrkWks - ok
03:38:29.0386 1564 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
03:38:29.0386 1564 TrustedInstaller - ok
03:38:29.0426 1564 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
03:38:29.0426 1564 tssecsrv - ok
03:38:29.0466 1564 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
03:38:29.0476 1564 TsUsbFlt - ok
03:38:29.0526 1564 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
03:38:29.0526 1564 tunnel - ok
03:38:29.0546 1564 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
03:38:29.0576 1564 uagp35 - ok
03:38:29.0616 1564 [ 9EEA84226ED2A028BC3FDFDDE03FE95C ] uArcCapture C:\windows\system\uArcCapture.exe
03:38:29.0626 1564 uArcCapture - ok
03:38:29.0666 1564 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
03:38:29.0676 1564 udfs - ok
03:38:29.0696 1564 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
03:38:29.0716 1564 UI0Detect - ok
03:38:29.0726 1564 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
03:38:29.0736 1564 uliagpkx - ok
03:38:29.0766 1564 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
03:38:29.0776 1564 umbus - ok
03:38:29.0796 1564 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
03:38:29.0826 1564 UmPass - ok
03:38:29.0936 1564 [ 44AA8D5D3B3B5610FEF46CA8A9C52D8C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
03:38:29.0956 1564 UNS - ok
03:38:29.0986 1564 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
03:38:29.0996 1564 upnphost - ok
03:38:30.0016 1564 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
03:38:30.0016 1564 usbccgp - ok
03:38:30.0036 1564 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
03:38:30.0046 1564 usbcir - ok
03:38:30.0066 1564 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
03:38:30.0076 1564 usbehci - ok
03:38:30.0106 1564 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
03:38:30.0126 1564 usbhub - ok
03:38:30.0146 1564 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
03:38:30.0146 1564 usbohci - ok
03:38:30.0176 1564 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
03:38:30.0206 1564 usbprint - ok
03:38:30.0226 1564 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
03:38:30.0236 1564 usbscan - ok
03:38:30.0266 1564 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
03:38:30.0276 1564 USBSTOR - ok
03:38:30.0286 1564 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
03:38:30.0296 1564 usbuhci - ok
03:38:30.0326 1564 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
03:38:30.0336 1564 usbvideo - ok
03:38:30.0366 1564 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
03:38:30.0366 1564 UxSms - ok
03:38:30.0376 1564 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
03:38:30.0376 1564 VaultSvc - ok
03:38:30.0426 1564 [ F81A2648BFF893C8EFD9897811B14263 ] vcsFPService C:\windows\system32\vcsFPService.exe
03:38:30.0486 1564 vcsFPService - ok
03:38:30.0526 1564 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
03:38:30.0526 1564 vdrvroot - ok
03:38:30.0576 1564 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
03:38:30.0596 1564 vds - ok
03:38:30.0616 1564 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
03:38:30.0636 1564 vga - ok
03:38:30.0656 1564 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
03:38:30.0666 1564 VgaSave - ok
03:38:30.0696 1564 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
03:38:30.0716 1564 vhdmp - ok
03:38:30.0726 1564 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
03:38:30.0736 1564 viaide - ok
03:38:30.0746 1564 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
03:38:30.0766 1564 volmgr - ok
03:38:30.0806 1564 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
03:38:30.0826 1564 volmgrx - ok
03:38:30.0856 1564 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
03:38:30.0876 1564 volsnap - ok
03:38:30.0906 1564 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
03:38:30.0926 1564 vsmraid - ok
03:38:30.0996 1564 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
03:38:31.0026 1564 VSS - ok
03:38:31.0046 1564 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
03:38:31.0056 1564 vwifibus - ok
03:38:31.0076 1564 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
03:38:31.0106 1564 vwififlt - ok
03:38:31.0126 1564 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
03:38:31.0146 1564 vwifimp - ok
03:38:31.0176 1564 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
03:38:31.0186 1564 W32Time - ok
03:38:31.0206 1564 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
03:38:31.0226 1564 WacomPen - ok
03:38:31.0266 1564 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
03:38:31.0276 1564 WANARP - ok
03:38:31.0276 1564 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
03:38:31.0276 1564 Wanarpv6 - ok
03:38:31.0346 1564 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
03:38:31.0376 1564 WatAdminSvc - ok
03:38:31.0446 1564 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
03:38:31.0486 1564 wbengine - ok
03:38:31.0506 1564 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
03:38:31.0526 1564 WbioSrvc - ok
03:38:31.0576 1564 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
03:38:31.0576 1564 wcncsvc - ok
03:38:31.0596 1564 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
03:38:31.0616 1564 WcsPlugInService - ok
03:38:31.0626 1564 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
03:38:31.0656 1564 Wd - ok
03:38:31.0686 1564 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
03:38:31.0716 1564 Wdf01000 - ok
03:38:31.0726 1564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
03:38:31.0736 1564 WdiServiceHost - ok
03:38:31.0736 1564 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
03:38:31.0736 1564 WdiSystemHost - ok
03:38:31.0756 1564 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
03:38:31.0766 1564 WebClient - ok
03:38:31.0776 1564 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
03:38:31.0806 1564 Wecsvc - ok
03:38:31.0816 1564 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
03:38:31.0816 1564 wercplsupport - ok
03:38:31.0846 1564 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
03:38:31.0856 1564 WerSvc - ok
03:38:31.0896 1564 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
03:38:31.0916 1564 WfpLwf - ok
03:38:31.0926 1564 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
03:38:31.0946 1564 WIMMount - ok
03:38:31.0976 1564 WinDefend - ok
03:38:31.0976 1564 WinHttpAutoProxySvc - ok
03:38:32.0026 1564 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
03:38:32.0026 1564 Winmgmt - ok
03:38:32.0076 1564 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
03:38:32.0146 1564 WinRM - ok
03:38:32.0196 1564 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
03:38:32.0206 1564 WinUsb - ok
03:38:32.0236 1564 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
03:38:32.0256 1564 Wlansvc - ok
03:38:32.0306 1564 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
03:38:32.0316 1564 wlcrasvc - ok
03:38:32.0426 1564 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:38:32.0486 1564 wlidsvc - ok
03:38:32.0496 1564 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
03:38:32.0506 1564 WmiAcpi - ok
03:38:32.0526 1564 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
03:38:32.0556 1564 wmiApSrv - ok
03:38:32.0576 1564 WMPNetworkSvc - ok
03:38:32.0586 1564 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
03:38:32.0606 1564 WPCSvc - ok
03:38:32.0646 1564 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
03:38:32.0646 1564 WPDBusEnum - ok
03:38:32.0666 1564 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
03:38:32.0686 1564 ws2ifsl - ok
03:38:32.0696 1564 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
03:38:32.0706 1564 wscsvc - ok
03:38:32.0706 1564 WSearch - ok
03:38:32.0776 1564 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
03:38:32.0836 1564 wuauserv - ok
03:38:32.0866 1564 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
03:38:32.0876 1564 WudfPf - ok
03:38:32.0896 1564 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
03:38:32.0916 1564 WUDFRd - ok
03:38:32.0946 1564 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
03:38:32.0946 1564 wudfsvc - ok
03:38:32.0966 1564 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
03:38:32.0996 1564 WwanSvc - ok
03:38:33.0006 1564 ================ Scan global ===============================
03:38:33.0026 1564 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
03:38:33.0076 1564 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
03:38:33.0086 1564 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
03:38:33.0106 1564 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
03:38:33.0136 1564 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
03:38:33.0136 1564 [Global] - ok
03:38:33.0136 1564 ================ Scan MBR ==================================
03:38:33.0156 1564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:38:33.0450 1564 \Device\Harddisk0\DR0 - ok
03:38:33.0450 1564 ================ Scan VBR ==================================
03:38:33.0460 1564 [ 4DB08B6E9F490247FA59C00F98C438A2 ] \Device\Harddisk0\DR0\Partition1
03:38:33.0460 1564 \Device\Harddisk0\DR0\Partition1 - ok
03:38:33.0510 1564 [ 8741A430846B837615DEA83692695922 ] \Device\Harddisk0\DR0\Partition2
03:38:33.0510 1564 \Device\Harddisk0\DR0\Partition2 - ok
03:38:33.0540 1564 [ 20958E1456C2D74061322B565F93F2E0 ] \Device\Harddisk0\DR0\Partition3
03:38:33.0540 1564 \Device\Harddisk0\DR0\Partition3 - ok
03:38:33.0580 1564 [ 092C9C0BB0007D91A89F02AC582DC1CA ] \Device\Harddisk0\DR0\Partition4
03:38:33.0590 1564 \Device\Harddisk0\DR0\Partition4 - ok
03:38:33.0590 1564 ============================================================
03:38:33.0590 1564 Scan finished
03:38:33.0590 1564 ============================================================
03:38:33.0600 2092 Detected object count: 1
03:38:33.0600 2092 Actual detected object count: 1
03:40:01.0619 2092 C:\windows\system32\drivers\SafeBoot.sys - copied to quarantine
03:40:01.0629 2092 HKLM\SYSTEM\ControlSet001\services\SafeBoot - will be deleted on reboot
03:40:01.0649 2092 HKLM\SYSTEM\ControlSet002\services\SafeBoot - will be deleted on reboot
03:40:01.0799 2092 C:\windows\system32\drivers\SafeBoot.sys - will be deleted on reboot
03:40:01.0799 2092 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Delete
03:40:16.0069 2024 Deinitialize success

Réponse 7 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

Pourquoi il a supprimé safeboot.sys ?!?
ça pue.

▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

▶ Ferme les fenêtres de tous les programmes en cours.
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur combofix renommé

Si tu es sur Windows XP, laisse-le installer la console de récupération.

▶ Ne touche à rien durant le scan

ComboFix devrait redémarrer ton PC.

▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur

Réponse 8 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Re Juju,

Alors je suis désolé de ne te l'avoir pas dis plutôt.. en ce qui concerne TDSSkiller, j'ai coché sur delete pour safeboot, ce qui fait donc que j'ai donné l'ordre de suppression...

Pour combofix j'ai appliqué ce que tu m'a dis, le scan a parfaitement fait son travail juste avant la fin j'ai eu ceci " Pv.3XE a cessé de fonctionner" m'invitant à fermer le programme.

Je n'ai eu aucun souci après le scan combofix, seulement j'ai quand meme redémarré la machine sans avoir de problème...

Voila le rapport de scan:

ComboFix 12-12-23.01 - USER 24/12/2012 12:22:49.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.2927.1564 [GMT 1:00]
Lancé depuis: c:\users\USER\Desktop\Imad.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Funmoods
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
c:\programdata\233288F1E5.sys
c:\users\USER\inetc3.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCont32.dll.mui
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-11-24 au 2012-12-24 ))))))))))))))))))))))))))))))))))))
.
.
2012-12-24 11:37 . 2012-12-24 11:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-24 11:37 . 2012-12-24 11:37 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2012-12-24 02:40 . 2012-12-24 02:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-23 13:21 . 2012-12-23 13:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7496F08E-DED3-411E-98BF-0710913044A5}\offreg.dll
2012-12-21 22:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 22:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 22:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 22:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 12:11 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7496F08E-DED3-411E-98BF-0710913044A5}\mpengine.dll
2012-12-19 00:58 . 2012-12-19 00:58 -------- d-----w- c:\program files (x86)\Focus
2012-12-13 16:18 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 16:18 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 16:18 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 16:14 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 16:14 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-05 22:57 . 2012-12-05 22:57 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2012-11-27 15:54 . 2012-11-27 15:54 -------- d-----w- c:\users\USER\AppData\Local\SwvUpdater
2012-11-27 15:53 . 2012-11-27 16:06 -------- d-----w- c:\users\USER\AppData\Roaming\iPumper
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 09:22 . 2011-09-21 13:14 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 10:43 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 10:43 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 10:43 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 15:07 . 2012-10-13 15:07 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-10-11 16:10 . 2012-10-11 16:10 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 16:10 . 2011-09-27 16:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 02:11 . 2011-08-14 09:53 18760 ----a-w- c:\windows\SysWow64\QQVistaHelper.dll
2012-10-11 02:10 . 2012-10-11 02:10 106496 ----a-r- c:\users\USER\AppData\Roaming\Microsoft\Installer\{3CA54984-A14B-42FE-9FF1-7EA90151D725}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
2012-10-09 18:17 . 2012-11-15 16:50 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 16:50 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 16:50 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 16:50 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 00:30 . 2012-10-09 00:30 411368 ----a-w- c:\windows\SysWow64\deploytk.dll
2012-10-04 16:40 . 2012-12-13 16:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-04 12:18 . 2012-03-15 17:50 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-10-04 09:10 . 2012-10-04 09:10 770384 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-10-04 09:10 . 2012-10-04 09:10 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-10-03 17:56 . 2012-11-15 16:55 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-15 16:55 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-15 16:55 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-15 16:55 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-15 16:55 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-15 16:55 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-15 16:55 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-15 16:55 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-15 16:55 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-15 16:55 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-15 16:55 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-15 15:36 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-15 15:36 95744 ----a-w- c:\windows\system32\synceng.dll
2010-09-22 20:16 . 2012-04-07 13:40 456664 ----a-w- c:\program files (x86)\Common Files\AutoCompleteInstaller-VD.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2012-03-25 352976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hyperappel du Petit Larousse 2009.lnk - c:\program files (x86)\Larousse\Petit Larousse 2009\bin\Hyperappel.exe [2012-6-4 237568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 2019120]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-11-17 362040]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 232480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-29 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]
S1 RsvLock;RsvLock; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-01-22 89600]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2009-11-18 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-01 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-23 635416]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-10 342056]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-01 704512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:41 89216]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'
.
2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 16:10]
.
2012-12-24 c:\windows\Tasks\AmiUpdXp.job
- c:\users\USER\AppData\Local\SwvUpdater\Updater.exe [2012-11-27 16:11]
.
2012-12-08 c:\windows\Tasks\HPCeeScheduleForUSER.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-19 1691192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.alnaddy.com/?t=dz&babsrc=HP_ss&mntrId=c04184c3000000000000e02a82a73dab
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztB0AyBtA0D0A0BzzyE0CtAtN0D0Tzu0StBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775067632
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Envoyer à OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: ??? Adobe PDF
IE: ??? Microsoft Excel(&X)
IE: ?????? PDF
IE: ???????? Adobe PDF
IE: ???????? Adobe PDF
IE: ????????? Adobe PDF
IE: ??????????? PDF
IE: ???????????? PDF
IE: Ajouter à l'Anti-bannière - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: E&xporter vers Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Tout télécharger avec Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: ??? Microsoft Excel(&X) - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: ???????? Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ????????? Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ???????????? PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????????? PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: ??????????? PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ??? Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: ?????? PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: ???????? Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FA571F49-A2E9-45C7-B121-1B72D48B52FE}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\628lupfw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-20 14:48; 50ab8d0f99a6a@50ab8d0f99aa3.com; c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\628lupfw.default\extensions\50ab8d0f99a6a@50ab8d0f99aa3.com.xpi
FF - ExtSQL: 2012-11-24 00:27; 50b00972588b5@50b00972588ee.com; c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\628lupfw.default\extensions\50b00972588b5@50b00972588ee.com.xpi
FF - ExtSQL: 2012-11-27 16:54; ntfdsaftsfdfdxx@mozilla.org; c:\users\USER\AppData\Roaming\iPumper\extension_firefox.xpi
FF - user.js: extensions.BabylonToolbar_i.id - c04184c3000000000000e02a82a73dab
FF - user.js: extensions.BabylonToolbar_i.hardId - c04184c3000000000000e02a82a73dab
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15404
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101365
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=
FF - user.js: extensions.funmoods_i.id - c04184c3000000000000e02a82a73dab
FF - user.js: extensions.funmoods_i.instlDay - 15424
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2217:56
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztB0AyBtA0D0A0BzzyE0CtAtN0D0Tzu0StBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775067632
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztB0AyBtA0D0A0BzzyE0CtAtN0D0Tzu0StBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775067632
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0EtDtB0AzztB0AyBtA0D0A0BzzyE0CtAtN0D0Tzu0StBtCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1775067632&q=
FF - user.js: extensions.funmoods.id - E02A82A73DAB84C3
FF - user.js: extensions.funmoods.instlDay - 15552
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=c04184c3000000000000e02a82a73dab&q=
FF - user.js: extensions.BabylonToolbar.id - c04184c3000000000000e02a82a73dab
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15671
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.817:06
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\progra~2\Funmoods\1.5.23.22\bh\escort.dll
BHO-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-{99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
Toolbar-10 - (no file)
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\progra~2\Funmoods\1.5.23.22\escorTlbr.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
AddRemove-funmoods - c:\progra~2\Funmoods\1.5.23.22\uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-31095384-131839435-230612908-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-31095384-131839435-230612908-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-31095384-131839435-230612908-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b9,e5,19,69,1c,1d,6e,77,aa,d7,0c,98,6a,45,03,89,f7,9f,af,d6,65,
17,c9,17,eb,e6,e5,3b,1c,05,8f,4f,ba,73,42,53,22,b3,fd,5d,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-31095384-131839435-230612908-1001_Classes\Wow6432Node\CLSID\{82705d03-2f1a-456e-82b6-bf32702f818e}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000003e
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,26,0b,1e,af,ea,56,10,8e,b6,89,e5,4a,80,ec,56,ef,04,98,d8,8c,45,96,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2012-12-24 12:41:17
ComboFix-quarantined-files.txt 2012-12-24 11:41
.
Avant-CF: 76 262 481 920 octets libres
Après-CF: 80 332 832 768 octets libres
.
- - End Of File - - ECDAE3043D18F880959F52FC62CA64F0

Réponse 9 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

OK y'a encore du travail sur ton PC ...

Commence par ça :

Attention !!! : Seuls ces liens sont officiels ne pas telecharger l'outil sur d'autres liens !!
Attention !!! : cet outil peut etre détecté à tort comme virus
Attention !!! : cet outil est puissant suivre scrupuleusement les instructions ci-dessous

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail. Il y aura une extinction du bureau pendant le scan --> pas de panique.

Désactive toutes tes protections si possible , antivirus , sandbox , pare-feux , etc....: https://forum.pcastuces.com/default.asp

telecharge et enregistre Pre_Scan sur ton bureau :

https://forums-fec.be/gen-hackman/Pre_Scan.exe

si le lien ne fonctionne pas :

http://www.archive-host.com

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Scan|Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

https://forums-fec.be/gen-hackman/Pre_Scan.pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut que des fenêtres noires clignotent , laisse-le travailler.

Laisse l'outil redemarrer ton pc.

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra à la racine de ton disque système ( généralement C:\ )

NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur https://forums-fec.be/upload puis donne le lien obtenu en echange sur le forum où tu te fais aider

Ne transmets pas le lien de suppression !!!

afin de faire une étude sur l'amelioration du deuxieme module de l'outil heberge aussi :

C:\Pre_Scan\Process\Close.log

Réponse 10 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Resalut,

<gras>bon voila ce que j'ai eu en applicant l'opération...

ça a pris énormément de temps ( le scan), subitement j'ai eu ce message :

" Lecteur virtuel detecté:

Pour continuer son scan pre_scan le désactiver ( allusion faite peut etre à deamon tools)
Deffoger va etre lancé..
veuillez cliquer sur "disable"
Cliquez sur Ok à l'appartition de finished
Fermez Deffoger, l'ordinateur doit redemarrer.

Le pc a en effet redemarré ensuite j'ai eu encore ceci:

Windows ne trouve pas C:\Pre_Scan\Process\Pre_scan_Protect.exe Verifiez que vous avez entré le nom correct, puis réessayez..

Note: le scan ny va pas plus loin il continue à rechercher "hidden files" ( searching hidden files) ensuite j'ai une fenêtre qui m'invite à faire un don ensuite bye bye..

Mon bureau est de retour sauf que j'ai un tas de fichier on dirait des vieilles archives de toutes les extentions (word, un raccourcis User, raccourci du panneau de configuration, meme internet explorer que j'ai supprimé y a longtemps...

Je pige rien...

Réponse 11 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

Relance Pre_Scan clique sur Kill|Scan il va recommencer et ne sera pas gêné par Daemon TOols :)

Réponse 12 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Re juju

j'ai recommencé la procédure, en cliquant sur kill Scan, et c'est toujours la meme chose...

Que faire ?

Réponse 13 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

Coucou

T'as même pas un morceau de rapport à me transmettre ?

Joyeux Noel :)

Réponse 14 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Salut Juju,

Joyeux noel à toi aussi man ainsi qu'à toute ta famille, dsl je suis tellement préoccupé par ce laptop donc, on oublie certaines choses...lol

Vu que juju etait absent, je n'ai touché à rien, j'ai remarqué que l'explorateur n'est pas lent, tout parait normal quand je navigais, seulement lorsque je me connecte sur Youtube (par exemple la ou y a des videos Flash), ça redevient chiant, les j'ai du mal à ouvrir de nouvelles fenetres etc, bref ça devient extremement lent, c pourquoi je redemarre le pc à chaque fois....

Voila un morceau de rapport :

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | 2.1223 | g3n-h@ckm@n & Saachaa ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤

~ Update on 23/12/2012 | 23.30 by g3n-h@ckm@n
~ Evolution : https://gen-hackman.kanak.fr/
~ Pre_Script Infos : https://gen-hackman.kanak.fr/
~ Pre_scan Feedbacks : https://gen-hackman.kanak.fr/#505

~ [USER (Administrator)] - [USER-HP]
~ SID = S-1-5-21-31095384-131839435-230612908-1001

~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
~ ProcessorNameString : Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
~ Identifier : Intel64 Family 6 Model 37 Stepping 5

~ Mémory RAM = Total (KB) : 2997690 | Used (%) : 37 | Free (KB) : 1866300
~ Pagefile = Total (KB) : 5993520 | Free (KB) : 4614820
~ Virtual = Total (KB) : 4194180 | Free (KB) : 4003150

¤¤¤¤¤¤¤¤¤¤ | Boot's scripts

C:\windows\Setup\Scripts\Setupcomplete.cmd

¤¤¤¤¤¤¤¤¤¤ | Drives

c:\ -> [Fixed] | [] | Total : 287540 Mo | Free : 76870 Mo -> NTFS
f:\ -> [Fixed] | [HP_TOOLS] | Total : 2040 Mo | Free : 10 Mo -> FAT32

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

¤¤¤¤¤¤¤¤¤¤ | Sessions

~ C:\windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\USER

Impossible to create restorepoint !!!

18:26:59

¤¤¤¤¤¤¤¤¤¤ | stopped Processes

(800) -- HPFSService.exe
(844) -- HpFkCrypt.exe
(636) -- stacsv64.exe
(1344) -- hpservice.exe
(1568) -- wlanext.exe
(1576) -- conhost.exe
(1636) -- spoolsv.exe
(1692) -- DpHostW.exe
(1956) -- armsvc.exe
(2028) -- AESTSr64.exe
(1188) -- agr64svc.exe
(1964) -- taskhost.exe
(2064) -- explorer.exe
(2324) -- HPPA_Main.exe
(2436) -- sidebar.exe
(2496) -- Hyperappel.exe
(2632) -- btwdins.exe
(2672) -- PTChangeFilterService.exe
(2936) -- HPDayStarterService.exe
(2976) -- HPDrvMntSvc.exe
(3060) -- hpHotkeyMonitor.exe
(812) -- LSSrvc.exe
(2468) -- LMS.exe
(2368) -- pdfsvc.exe
(1104) -- c2c_service.exe
(3124) -- uArcCapture.exe
(3208) -- WLIDSVC.EXE
(3296) -- WLIDSVCM.EXE
(4000) -- SearchIndexer.exe
(4032) -- SbHpAuthenticatorService.exe
(4068) -- hpqWmiEx.exe
(4744) -- HPPA_Service.exe
(4924) -- HPSA_Service.exe
(864) -- HPWA_Service.exe
(1840) -- IAStorDataMgrSvc.exe
(4408) -- UNS.exe
(2704) -- PresentationFontCache.exe
(1324) -- OSPPSVC.EXE
(2652) -- taskeng.exe

¤¤¤¤¤¤¤¤¤¤ | Running processes

Boot : Normal

[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 00:19:50] - 372 | C:\windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7600.16385) -> \SystemRoot\System32\smss.exe [112640 Ko]
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 00:19:49] - 496 | C:\windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 00:52:37] - 552 | C:\windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko]
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 00:19:49] - 572 | C:\windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko]
[MD5.3EE6C4A17173C0B6822585296E9AB209] - [14/07/2009 00:19:46] - 616 | C:\windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\windows\system32\services.exe [328704 Ko]
[MD5.C118A82CD78818C29AB228366EBF81C3] - [20/01/2012 15:54:46] - 632 | C:\windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\windows\system32\lsass.exe [31232 Ko]
[MD5.F2BF82316E93E590FF081B95F68443B7] - [09/09/2011 00:59:19] - 640 | C:\windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\windows\system32\lsm.exe [343040 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 740 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k DcomLaunch [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 900 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k RPCSS [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 956 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko]
[MD5.8ACDF26E44D108653FE638ABDF5BB043] - [09/09/2011 00:59:20] - 984 | C:\windows\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe [390656 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 468 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 492 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k netsvcs [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 1256 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k GPSvcGroup [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 1288 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k LocalService [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 1480 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k NetworkService [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 1868 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko]
[MD5.F162D5F5E845B9DC352DD1BAD8CEF1BC] - [14/07/2009 00:37:38] - 1364 | C:\windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\windows\system32\Dwm.exe" [120320 Ko]
[MD5.AC4A8BD6A8FF6808C390C28022855DAB] - [01/07/2010 21:39:08] - 2564 | C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (11.0.1.419) -> "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" -r [352976 Ko]
[MD5.AC4A8BD6A8FF6808C390C28022855DAB] - [01/07/2010 21:39:08] - 2572 | C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (11.0.1.419) -> "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [352976 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 3180 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\System32\svchost.exe -k secsvcs [27136 Ko]
[MD5.521202AA6F2B74FCCC6BC7E162109D71] - [14/07/2009 00:47:12] - 3692 | C:\windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) -> C:\windows\system32\wbem\unsecapp.exe -Embedding [47104 Ko]
[MD5.34D4C852C7EAAD794C5932D7B894CBA8] - [09/09/2011 00:59:29] - 3864 | C:\windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\windows\system32\wbem\wmiprvse.exe [372736 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 3492 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 3956 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k bthsvcs [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 4108 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [27136 Ko]
[MD5.34D4C852C7EAAD794C5932D7B894CBA8] - [09/09/2011 00:59:29] - 2780 | C:\windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\windows\system32\wbem\wmiprvse.exe [372736 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 5044 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\windows\system32\svchost.exe -k SDRSVC [27136 Ko]
[MD5.015DB2E02A55F66C6324F51087518977] - [24/12/2012 15:11:34] - 1376 | C:\Users\USER\Downloads\winlogon(1).exe (. - g3n-h@ckm@n.) - (2.1.2.23) -> "C:\Users\USER\Downloads\winlogon(1).exe" [1691111 Ko]
[MD5.A8B7F3818AB65695E3A0BB3279F6DCE6] - [09/09/2011 00:58:21] - 5428 | C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) -> C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 Ko]
[MD5.AE2A8C80205F06BE5EDC63BE0AE9A756] - [19/11/2009 00:17:36] - 2388 | c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (.Hewlett-Packard Development Company, L.P - PTChangeFilterService.) - (5.0.15.1) -> "c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe" [36864 Ko]
[MD5.F766BF35F87FC3CEDAD7F303F8B7EA18] - [10/08/2012 15:46:12] - 5320 | C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (.Hewlett-Packard Company - HP Software Framework WMI Service.) - (4.6.8.1) -> "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [1001376 Ko]
[MD5.C7C634DBFCAB5E0F13AFC6ABDA6886D5] - [23/01/2011 00:05:39] - 2540 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.Intel Corporation - Local Manageability Service.) - (6.0.0.1189) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [268824 Ko]
[MD5.5D63FBE874CEE3C61C68536A1CD7282B] - [28/03/2011 20:11:06] - 4716 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2292096 Ko]
[MD5.DA564DA7ED156AD4B3FC76853A6D2978] - [28/03/2011 20:11:06] - 3824 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 4716 [223104 Ko]

¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !

¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK !

Changed : [HKLM | Winlogon]|[AutoRestartShell] : 1 -> 0
Changed : [HKLM64 | Winlogon]|[AutoRestartShell] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ | Associations : OK !

¤

Navigators settings associations are OK !

¤¤¤¤¤¤¤¤¤¤ | Registry : OK !

¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

¤

Safeboot Minimal Subkeys : O.K !

¤

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ | IFEO : OK !

¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK !

¤¤¤¤¤¤¤¤¤¤ | Windows

Winsrv : OK !

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1
[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

¤¤¤¤¤¤¤¤¤¤ | Security Center

[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]|[DisableMonitoring] : 1

¤¤¤¤¤¤¤¤¤¤ | Services Corrections

Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\Bits] : 3 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2
Repaired : [HKLM | Services\WerSvc] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Browsers settings are OK for : Users

Browsers settings are OK for : Machine

¤

Hijack.Internet : OK

¤¤¤¤¤¤¤¤¤¤ | Hosts

Impossible to Clean : "hosts" !!

¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry

Impossible to move : C:\Users\USER\AppData\Local\Temp\~DFB5ED79D12E2CD94F.TMP
Moved to quarantine successfully : C:\Users\USER\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll

19:04:11

Impossible to move : C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
Impossible to move : C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

Prefetch -> Emptied

¤¤¤¤¤¤¤¤¤¤ | quarantined at reboot

Moved to quarantine successfully at Reboot : C:\Users\USER\AppData\Local\Temp\~DFB5ED79D12E2CD94F.TMP
Not quarantined at Reboot : C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
Not quarantined at Reboot : C:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

¤¤¤¤¤

19:07:18

¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s)

Disk: 0 Size=305G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 299M Yes No 2,048 614,400
1 1 07-NTFS 288G No No 616,448 588,881,920
2 2 07-NTFS 15G No No 589,498,368 31,457,280
3 3 0C-FAT32X 2.0G No No 620,955,648 4,184,752

¤¤¤¤¤¤¤¤¤¤ | MBR Control

64 bits Not supported by MBR.exe , Dump : C:\Pre_Scan\MBR.Bin

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Windows] : Hidden : 5 | Restored : 3
~ [AppData] : Hidden : 1 | Restored : 1

¤¤¤¤¤¤¤¤¤¤

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1
[HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1

End : 19:14:00

¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped

~ Thx to C_XX , Slyk for their help for the evolution of the tool

¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 270

Réponse 15 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Je me demandais aussi, s'il y a lieu de recommencer l'experience avec Pre_scan,

cette fois ci, j'ai complétement désinstalé Deamon TOols :)

!!!

Réponse 16 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Re Juju,

j'avais un ptit souci de connexion pendant l'après midi..., il aurait fallu du temps pour retélécharger winlogon...

le scan avec Diag n'interrompt pas le bureau. il a pas mis bcp de temps...

Y a pas eu de redémarrage de la machine... voici le lien du rapport

https://forums-fec.be/upload/www/?action=d&id=5347825737

https://forums-fec.be/upload/www/?action=d&id=7036930478
(C:\Pre_Scan\Process)

j'espère que j'aurais fais un bon boulot...

Réponse 17 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

▶ Télécharge sur cette page: AdwCleaner (de Xplode)

▶ Lance-le

clique sur Suppression et patiente le temps du nettoyage.

▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.

Réponse 18 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Bonjour Juju,

J'ai réussi à scanner avec Adwcleaner,

Voici son rapport :

# AdwCleaner v2.103 - Rapport créé le 26/12/2012 à 09:59:26
# Mis à jour le 25/12/2012 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : USER - USER-HP
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\USER\Downloads\AdwCleaner.exe
# Option [Suppression]

***** [Services] *****

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Program Files (x86)\ICQ6Toolbar
Dossier Supprimé : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\ICQ\ICQToolbar
Dossier Supprimé : C:\ProgramData\InstallMate
Dossier Supprimé : C:\ProgramData\Trymedia
Dossier Supprimé : C:\windows\assembly\GAC_MSIL\QuickStoresToolbar
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Fichier Supprimé : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
Fichier Supprimé : C:\user.js
Fichier Supprimé : C:\windows\Tasks\AmiUpdXp.job

***** [Registre] *****

Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKCU\Software\DSNR Labs
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\SweetIM
Clé Supprimée : HKCU\Software\TENCENT
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\f
Clé Supprimée : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Clé Supprimée : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Clé Supprimée : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Clé Supprimée : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\Iminent
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Clé Supprimée : HKLM\Software\SweetIM
Clé Supprimée : HKLM\Software\TENCENT
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Clé Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Valeur Supprimée : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16457

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (fr)

*************************

AdwCleaner[S1].txt - [17042 octets] - [26/12/2012 09:59:26]

########## EOF - C:\AdwCleaner[S1].txt - [17103 octets] ##########

Réponse 19 / 25

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

la suite

▶ Télécharge et installe Malwarebytes' Anti-Malware (MBAM).

▶ Exécute-le. Accepte la mise à jour.

● Uniquement en cas de problème de mise à jour:

● Télécharger mises à jour manuelles MBAM

● Exécute le fichier après l'installation de MBAM

▶ Sélectionne "Exécuter un examen complet"
▶ Clique sur "Rechercher"
▶ L'analyse démarre, le scan est relativement long, c'est normal.

A la fin de l'analyse, un message s'affiche :

Citation :

L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

▶ Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
▶ Ferme tes navigateurs.
▶ Si des malwares ont été détectés, clique sur Afficher les résultats.
▶ Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse : ferme le.

Si MBAM demande à redémarrer le pc : ▶ fais-le.

Au redémarrage, relance MBAM, onglet "Rapport/Logs", copie/colle celui qui correspond à l'analyse effectuée.

Utilisateur anonyme

salut faut penser à desactiver Kaspersky pour l utilisation des outils :)

juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention 4 796

aussi ...

Réponse 20 / 25

Imad87 Messages postés 126 Date d'inscription Statut Membre Dernière intervention 14

Re les amis,

Voici le feed-back aprés analyse du Malwarebytes :

Malwarebytes Anti-Malware (Essai) 1.65.1.1000
www.malwarebytes.org

Version de la base de données: v2012.12.26.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
USER :: USER-HP [administrateur]

Protection: Activé

26/12/2012 20:48:19
mbam-log-2012-12-26 (20-48-19).txt

Type d'examen: Examen complet (C:\|F:\|G:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 395192
Temps écoulé: 54 minute(s), 26 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 4
C:\Users\USER\AppData\LocalLow\Funmoods (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\AppData\LocalLow\Funmoods\Funmoods (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\AppData\LocalLow\Funmoods\Funmoods\us (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\AppData\LocalLow\Funmoods\Funmoods\us\20101003 (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 15
C:\Pre_Scan\Quarantine\C'_Users_USER_AppData_Roaming_iPumper_ipumperinst.exe.P_S (PUP.BundleInstaller.FFD) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll.vir (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll.vir (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll.vir (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe.vir (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe.vir (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Qoobox\Quarantine\C\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll.vir (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\AppData\Local\funmoods.crx (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\AppData\LocalLow\Funmoods\Funmoods\us\20101003\kywrds.ttr (PUP.FunMoods) -> Mis en quarantaine et supprimé avec succès.
C:\Users\USER\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Mis en quarantaine et supprimé avec succès.

(fin)

Hp probook 4520 lent, impossible de détécter le problème

25 réponses

Votre réponse

Discussions similaires