Vbs:downloader-ep
Fermé
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
-
23 juin 2013 à 08:47
Utilisateur anonyme - 30 juin 2013 à 17:15
Utilisateur anonyme - 30 juin 2013 à 17:15
A voir également:
- Vbs:downloader-ep
- Vbs windows - Guide
- Vbs pause ✓ - Forum Autoit / batch
- Vbs runauto - Forum Virus
- Scripts VBS ✓ - Forum VB / VBA
- Vbs edit - Télécharger - Édition & Programmation
39 réponses
Utilisateur anonyme
23 juin 2013 à 20:47
23 juin 2013 à 20:47
relance Roguekiller,
clique sur Supprimer,
poste son rapport
clique sur Supprimer,
poste son rapport
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
23 juin 2013 à 20:50
23 juin 2013 à 20:50
RogueKiller V8.6.1 [Jun 19 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Andriatsiafa [Droits d'admin]
Mode : Suppression -- Date : 06/23/2013 21:48:17
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] svchost .exe -- C:\WINDOWS\svchost .exe [7] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Updates ("C:\WINDOWS\svchost .exe" /e:VBScript.Encode "C:\Documents and Settings\Andriatsiafa\Application Data\Microsoft\SYSTEM\cste" [7][x][-]) -> SUPPRIMÉ
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Wincert\WIN32C~1.DLL [-]) -> REMPLACÉ ()
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: MAXTOR STM3160215AS +++++
--- User ---
[MBR] aa308d335c208d1d7d8ec1f298289b3a
[BSP] 9b98446b3e810e552e9bc243d73ea4b0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_06232013_214817.txt >>
RKreport[0]_S_06232013_213647.txt
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur : Andriatsiafa [Droits d'admin]
Mode : Suppression -- Date : 06/23/2013 21:48:17
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] svchost .exe -- C:\WINDOWS\svchost .exe [7] -> TUÉ [TermProc]
¤¤¤ Entrees de registre : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Updates ("C:\WINDOWS\svchost .exe" /e:VBScript.Encode "C:\Documents and Settings\Andriatsiafa\Application Data\Microsoft\SYSTEM\cste" [7][x][-]) -> SUPPRIMÉ
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
[APPINIT][SUSP PATH] HKLM\[...]\Windows : AppInit_DLLs (C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\Wincert\WIN32C~1.DLL [-]) -> REMPLACÉ ()
¤¤¤ Tâches planifiées : 0 ¤¤¤
¤¤¤ Entrées Startup : 0 ¤¤¤
¤¤¤ Navigateurs web : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Ruches Externes: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: MAXTOR STM3160215AS +++++
--- User ---
[MBR] aa308d335c208d1d7d8ec1f298289b3a
[BSP] 9b98446b3e810e552e9bc243d73ea4b0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 60000 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 122881185 | Size: 92616 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[0]_D_06232013_214817.txt >>
RKreport[0]_S_06232013_213647.txt
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
23 juin 2013 à 21:13
23 juin 2013 à 21:13
Aprs démarrage, même problme mais ce n'est plus svchost mais WScript.exe! Est-ce un autre virus?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
23 juin 2013 à 21:17
23 juin 2013 à 21:17
Aprs démarrage, même problme mais ce n'est plus svchost mais WScript.exe! Est-ce un autre virus?
explique un peu plus !
c'est ton antivirus qui le choppe ou une autre fenêtre ?
explique un peu plus !
c'est ton antivirus qui le choppe ou une autre fenêtre ?
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
23 juin 2013 à 21:19
23 juin 2013 à 21:19
c Avast qui l'affiche
Utilisateur anonyme
23 juin 2013 à 21:20
23 juin 2013 à 21:20
* Télécharge TDSSKiller sur ton bureau :
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
* Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant qu'administrateur " )
* Clique sur [Start Scan] pour démarrer l'analyse.
* Si des élements sont trouvés, cliques sur [Continue] puis sur [Reboot Now]
* Un rapport s'ouvrira au redémarrage du PC.
* Copie/Colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt.
note :
Conserve l'action proposée par défaut par l'outil :
- Si TDSS.tdl2 : l'option Delete sera cochée.
- Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
- Si "Suspicious object" ou Sptd ou ForgedFile.Multi.Generic : laisse l'option cochée sur Skip
- Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas:D
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
* Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant qu'administrateur " )
* Clique sur [Start Scan] pour démarrer l'analyse.
* Si des élements sont trouvés, cliques sur [Continue] puis sur [Reboot Now]
* Un rapport s'ouvrira au redémarrage du PC.
* Copie/Colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt.
note :
Conserve l'action proposée par défaut par l'outil :
- Si TDSS.tdl2 : l'option Delete sera cochée.
- Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
- Si "Suspicious object" ou Sptd ou ForgedFile.Multi.Generic : laisse l'option cochée sur Skip
- Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas:D
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
23 juin 2013 à 21:36
23 juin 2013 à 21:36
Il n'y a pas de [Reboot Now] sur la fenêtre >> pas de redémarrage. Donc, j'ai pris tout de suite le rapport après avoir fait [Continue]
22:26:21.0250 2160 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:26:22.0578 2160 ============================================================
22:26:22.0578 2160 Current date / time: 2013/06/23 22:26:22.0578
22:26:22.0578 2160 SystemInfo:
22:26:22.0578 2160
22:26:22.0578 2160 OS Version: 5.1.2600 ServicePack: 2.0
22:26:22.0578 2160 Product type: Workstation
22:26:22.0578 2160 ComputerName: VENTO
22:26:22.0578 2160 UserName: Andriatsiafa
22:26:22.0578 2160 Windows directory: C:\WINDOWS
22:26:22.0578 2160 System windows directory: C:\WINDOWS
22:26:22.0578 2160 Processor architecture: Intel x86
22:26:22.0578 2160 Number of processors: 2
22:26:22.0578 2160 Page size: 0x1000
22:26:22.0578 2160 Boot type: Normal boot
22:26:22.0578 2160 ============================================================
22:26:23.0843 2160 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:26:23.0843 2160 ============================================================
22:26:23.0843 2160 \Device\Harddisk0\DR0:
22:26:23.0843 2160 MBR partitions:
22:26:23.0843 2160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
22:26:23.0859 2160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720
22:26:23.0859 2160 ============================================================
22:26:23.0906 2160 C: <-> \Device\Harddisk0\DR0\Partition1
22:26:24.0062 2160 D: <-> \Device\Harddisk0\DR0\Partition2
22:26:24.0078 2160 ============================================================
22:26:24.0078 2160 Initialize success
22:26:24.0078 2160 ============================================================
22:26:35.0171 2508 ============================================================
22:26:35.0171 2508 Scan started
22:26:35.0171 2508 Mode: Manual;
22:26:35.0171 2508 ============================================================
22:26:36.0078 2508 ================ Scan system memory ========================
22:26:36.0078 2508 System memory - ok
22:26:36.0078 2508 ================ Scan services =============================
22:26:36.0187 2508 Abiosdsk - ok
22:26:36.0187 2508 abp480n5 - ok
22:26:36.0234 2508 [ 0BD94FBFC14EA3606CD6CA4C0255BAA3 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:36.0234 2508 ACPI - ok
22:26:36.0265 2508 [ E4ABC1212B70BB03D35E60681C447210 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:26:36.0265 2508 ACPIEC - ok
22:26:36.0265 2508 adpu160m - ok
22:26:36.0296 2508 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:26:36.0296 2508 aec - ok
22:26:36.0328 2508 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:26:36.0343 2508 AFD - ok
22:26:36.0343 2508 Aha154x - ok
22:26:36.0343 2508 aic78u2 - ok
22:26:36.0359 2508 aic78xx - ok
22:26:36.0390 2508 [ CB0067EB22B6BDD9E978934C5B951D8B ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:26:36.0406 2508 Alerter - ok
22:26:36.0437 2508 [ B43CC0F07752D456038CD0268E4D84E9 ] ALG C:\WINDOWS\System32\alg.exe
22:26:36.0453 2508 ALG - ok
22:26:36.0453 2508 AliIde - ok
22:26:36.0453 2508 amsint - ok
22:26:36.0468 2508 [ 7E9D138DC991BCCE6E6026CD74E69CC4 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:26:36.0484 2508 AppMgmt - ok
22:26:36.0484 2508 asc - ok
22:26:36.0500 2508 asc3350p - ok
22:26:36.0500 2508 asc3550 - ok
22:26:36.0578 2508 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:26:36.0578 2508 aspnet_state - ok
22:26:36.0609 2508 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:26:36.0609 2508 aswFsBlk - ok
22:26:36.0656 2508 [ 3FCA5C1A8F33CF9857220CC3A3076A3E ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
22:26:36.0656 2508 aswKbd - ok
22:26:36.0687 2508 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:26:36.0687 2508 aswMonFlt - ok
22:26:36.0734 2508 [ 7B43265F92257A21CBFD88E7A651044C ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
22:26:36.0734 2508 aswRdr - ok
22:26:36.0781 2508 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
22:26:36.0781 2508 aswRvrt - ok
22:26:36.0812 2508 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
22:26:36.0843 2508 aswSnx - ok
22:26:36.0859 2508 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
22:26:36.0859 2508 aswSP - ok
22:26:36.0875 2508 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
22:26:36.0875 2508 aswTdi - ok
22:26:36.0906 2508 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
22:26:36.0921 2508 aswVmm - ok
22:26:36.0953 2508 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:36.0953 2508 AsyncMac - ok
22:26:36.0984 2508 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:36.0984 2508 atapi - ok
22:26:37.0000 2508 [ 2610034ECD11A675ED2E2601C87961AF ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys
22:26:37.0015 2508 AtcL002 - ok
22:26:37.0015 2508 Atdisk - ok
22:26:37.0046 2508 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:26:37.0046 2508 Atmarpc - ok
22:26:37.0078 2508 [ 21620DF34B0ACF0A37F72396F855820C ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:26:37.0078 2508 AudioSrv - ok
22:26:37.0109 2508 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:26:37.0109 2508 audstub - ok
22:26:37.0187 2508 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:26:37.0187 2508 avast! Antivirus - ok
22:26:37.0234 2508 [ C1B486A7658353D33A10CC15211A873B ] AVPsys C:\WINDOWS\system32\drivers\cdaudio.sys
22:26:37.0234 2508 AVPsys - ok
22:26:37.0265 2508 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:26:37.0265 2508 Beep - ok
22:26:37.0312 2508 [ 659F7B6C502051BFA37910614B225548 ] BITS C:\WINDOWS\system32\qmgr.dll
22:26:37.0359 2508 BITS - ok
22:26:37.0390 2508 [ 75AC49029966BFFEA09F96C1C194F684 ] Browser C:\WINDOWS\System32\browser.dll
22:26:37.0390 2508 Browser - ok
22:26:37.0531 2508 catchme - ok
22:26:37.0609 2508 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:26:37.0609 2508 cbidf2k - ok
22:26:37.0671 2508 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:26:37.0671 2508 CCDECODE - ok
22:26:37.0671 2508 cd20xrnt - ok
22:26:37.0718 2508 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:26:37.0718 2508 Cdaudio - ok
22:26:37.0765 2508 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:26:37.0765 2508 Cdfs - ok
22:26:37.0812 2508 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:26:37.0812 2508 Cdrom - ok
22:26:37.0812 2508 Changer - ok
22:26:37.0843 2508 [ ABFAC5D58218C0A655DFCAE2D8A535F3 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:26:37.0843 2508 CiSvc - ok
22:26:37.0859 2508 [ E42101918C50F754FC15367814FEC11C ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:26:37.0859 2508 ClipSrv - ok
22:26:37.0937 2508 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:37.0953 2508 clr_optimization_v2.0.50727_32 - ok
22:26:37.0953 2508 CmdIde - ok
22:26:37.0953 2508 COMSysApp - ok
22:26:37.0968 2508 Cpqarray - ok
22:26:38.0000 2508 [ CD73133EB24C572019944001FAD1B8D9 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:26:38.0000 2508 CryptSvc - ok
22:26:38.0000 2508 dac2w2k - ok
22:26:38.0015 2508 dac960nt - ok
22:26:38.0046 2508 [ C6FE0B727A5D13419D480150631ADC09 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:26:38.0062 2508 DcomLaunch - ok
22:26:38.0093 2508 [ A44C9220F460E38FC7EC0B4BE4716077 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:26:38.0093 2508 Dhcp - ok
22:26:38.0125 2508 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:26:38.0125 2508 Disk - ok
22:26:38.0140 2508 dmadmin - ok
22:26:38.0187 2508 [ E2D3B7620310FE56685F9B15A6B404B3 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:26:38.0203 2508 dmboot - ok
22:26:38.0218 2508 [ C77F5C20AA70197A69AA84BAA9DE43C8 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:26:38.0218 2508 dmio - ok
22:26:38.0250 2508 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:26:38.0250 2508 dmload - ok
22:26:38.0281 2508 [ 893CC650E9E7AA8C9EE14D61E7C150CE ] dmserver C:\WINDOWS\System32\dmserver.dll
22:26:38.0281 2508 dmserver - ok
22:26:38.0312 2508 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:26:38.0328 2508 DMusic - ok
22:26:38.0343 2508 [ 3B352C41F5087E637B60745BAC262D94 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:26:38.0343 2508 Dnscache - ok
22:26:38.0359 2508 dpti2o - ok
22:26:38.0375 2508 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:26:38.0390 2508 drmkaud - ok
22:26:38.0406 2508 [ A4661552CAEAF05A7CAE43431987910C ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:26:38.0406 2508 ERSvc - ok
22:26:38.0437 2508 [ 63DCDE1A0D86EEB8924D6738FF616EAD ] Eventlog C:\WINDOWS\system32\services.exe
22:26:38.0453 2508 Eventlog - ok
22:26:38.0484 2508 [ FDE7FBE9CC9DD9484DF3E0241737C091 ] EventSystem C:\WINDOWS\system32\es.dll
22:26:38.0531 2508 EventSystem - ok
22:26:38.0531 2508 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:26:38.0546 2508 Fastfat - ok
22:26:38.0578 2508 [ ABA25E49F6589FD73F1143FDC39A6B46 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:26:38.0593 2508 FastUserSwitchingCompatibility - ok
22:26:38.0625 2508 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:26:38.0625 2508 Fdc - ok
22:26:38.0671 2508 [ 8B121FF880683607AB2AEF0340721718 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:26:38.0671 2508 Fips - ok
22:26:38.0703 2508 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:26:38.0703 2508 Flpydisk - ok
22:26:38.0750 2508 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:26:38.0750 2508 FltMgr - ok
22:26:38.0796 2508 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:26:38.0796 2508 FontCache3.0.0.0 - ok
22:26:38.0828 2508 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:26:38.0828 2508 Fs_Rec - ok
22:26:38.0859 2508 [ A86859B77B908C18C2657F284AA29FE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:26:38.0859 2508 Ftdisk - ok
22:26:38.0890 2508 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:26:38.0906 2508 Gpc - ok
22:26:38.0984 2508 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:26:39.0000 2508 gupdate - ok
22:26:39.0000 2508 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:26:39.0015 2508 gupdatem - ok
22:26:39.0046 2508 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:26:39.0046 2508 HDAudBus - ok
22:26:39.0109 2508 [ 3A18F1FE2E70E736014710EF85857EF8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:26:39.0109 2508 helpsvc - ok
22:26:39.0140 2508 [ BBA013D455C7CD9D8C42E8C7CC7418F9 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:26:39.0140 2508 HidServ - ok
22:26:39.0171 2508 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:26:39.0171 2508 HidUsb - ok
22:26:39.0171 2508 hpn - ok
22:26:39.0203 2508 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:26:39.0218 2508 HPZid412 - ok
22:26:39.0218 2508 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:26:39.0234 2508 HPZipr12 - ok
22:26:39.0250 2508 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:26:39.0250 2508 HPZius12 - ok
22:26:39.0296 2508 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:26:39.0296 2508 HTTP - ok
22:26:39.0328 2508 [ FDCD442CF729D30B5D9C07ADE37901AB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:26:39.0328 2508 HTTPFilter - ok
22:26:39.0343 2508 i2omgmt - ok
22:26:39.0343 2508 i2omp - ok
22:26:39.0375 2508 [ D1EFCBD693B5BA21314D06368C471070 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:26:39.0375 2508 i8042prt - ok
22:26:39.0437 2508 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:26:39.0453 2508 ialm - ok
22:26:39.0546 2508 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:26:39.0578 2508 idsvc - ok
22:26:39.0609 2508 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:26:39.0625 2508 Imapi - ok
22:26:39.0671 2508 [ 17B7A4375868B8C38F2DFC98B3B420C6 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:26:39.0671 2508 ImapiService - ok
22:26:39.0687 2508 ini910u - ok
22:26:39.0812 2508 [ CDFD5A68A2E1CAA89C5C0E0B3CB98731 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:26:39.0921 2508 IntcAzAudAddService - ok
22:26:39.0921 2508 IntelIde - ok
22:26:39.0968 2508 [ DD5AD1E79AC26D3F8D8828AD4627F160 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:26:39.0968 2508 intelppm - ok
22:26:40.0000 2508 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:26:40.0000 2508 Ip6Fw - ok
22:26:40.0031 2508 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:26:40.0031 2508 IpFilterDriver - ok
22:26:40.0046 2508 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:26:40.0046 2508 IpInIp - ok
22:26:40.0078 2508 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:26:40.0078 2508 IpNat - ok
22:26:40.0109 2508 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:26:40.0109 2508 IPSec - ok
22:26:40.0140 2508 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:26:40.0156 2508 IRENUM - ok
22:26:40.0171 2508 [ 54632F1A7DE61DC3615D756F2A90FA72 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:26:40.0187 2508 isapnp - ok
22:26:40.0203 2508 [ E798705E8DC7FAB596EF6BFDF167E007 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:26:40.0218 2508 Kbdclass - ok
22:26:40.0250 2508 [ 62DD5EEFCEC4EF4163F1168D4262A9E4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:26:40.0250 2508 kbdhid - ok
22:26:40.0281 2508 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:26:40.0281 2508 kmixer - ok
22:26:40.0328 2508 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:26:40.0328 2508 KSecDD - ok
22:26:40.0359 2508 [ EF009A39AE1D3EB6E154BA06A331579C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:26:40.0375 2508 lanmanserver - ok
22:26:40.0406 2508 [ 22F8CBA5164AE37734FDCF5FB9B7D9B3 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:26:40.0421 2508 lanmanworkstation - ok
22:26:40.0421 2508 lbrtfdc - ok
22:26:40.0500 2508 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
22:26:40.0500 2508 LightScribeService - ok
22:26:40.0531 2508 [ 2C6D3047910B70CCD571BA2698B0C98B ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:26:40.0546 2508 LmHosts - ok
22:26:40.0578 2508 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:26:40.0578 2508 MBAMProtector - ok
22:26:40.0656 2508 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:26:40.0671 2508 MBAMScheduler - ok
22:26:40.0734 2508 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:26:40.0765 2508 MBAMService - ok
22:26:40.0843 2508 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
22:26:40.0843 2508 MDM - ok
22:26:40.0875 2508 [ DE71362123E81D268088E78543752576 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:26:40.0875 2508 Messenger - ok
22:26:40.0906 2508 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:26:40.0906 2508 mnmdd - ok
22:26:40.0953 2508 [ 5B219F99CF6D5BE05A6C6E86C38CB7CE ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:26:40.0968 2508 mnmsrvc - ok
22:26:40.0984 2508 [ 5AC7E16F5B40A6DA14B5F2B3ADA4693E ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:26:40.0984 2508 Modem - ok
22:26:41.0000 2508 [ 7D4F19411BD941E1D432A99E24230386 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:26:41.0000 2508 Mouclass - ok
22:26:41.0031 2508 [ 124D6846040C79B9C997F78EF4B2A4E5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:26:41.0031 2508 mouhid - ok
22:26:41.0046 2508 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:26:41.0046 2508 MountMgr - ok
22:26:41.0093 2508 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:26:41.0093 2508 MozillaMaintenance - ok
22:26:41.0125 2508 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
22:26:41.0125 2508 MPE - ok
22:26:41.0125 2508 mraid35x - ok
22:26:41.0140 2508 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:26:41.0140 2508 MRxDAV - ok
22:26:41.0187 2508 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:26:41.0203 2508 MRxSmb - ok
22:26:41.0234 2508 [ 11CA338B8765DB8E2D1B459F2CFAD147 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:26:41.0234 2508 MSDTC - ok
22:26:41.0265 2508 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:26:41.0265 2508 Msfs - ok
22:26:41.0281 2508 MSIServer - ok
22:26:41.0312 2508 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:26:41.0312 2508 MSKSSRV - ok
22:26:41.0343 2508 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:26:41.0343 2508 MSPCLOCK - ok
22:26:41.0375 2508 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:26:41.0375 2508 MSPQM - ok
22:26:41.0406 2508 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:26:41.0406 2508 mssmbios - ok
22:26:41.0421 2508 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:26:41.0421 2508 MSTEE - ok
22:26:41.0453 2508 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:26:41.0453 2508 MTsensor - ok
22:26:41.0468 2508 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:26:41.0484 2508 Mup - ok
22:26:41.0500 2508 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:26:41.0515 2508 NABTSFEC - ok
22:26:41.0593 2508 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:26:41.0640 2508 NBService - ok
22:26:41.0656 2508 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:26:41.0671 2508 NDIS - ok
22:26:41.0703 2508 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:26:41.0703 2508 NdisIP - ok
22:26:41.0734 2508 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:26:41.0750 2508 NdisTapi - ok
22:26:41.0765 2508 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:26:41.0781 2508 Ndisuio - ok
22:26:41.0796 2508 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:26:41.0796 2508 NdisWan - ok
22:26:41.0812 2508 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:26:41.0812 2508 NDProxy - ok
22:26:41.0828 2508 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:26:41.0828 2508 NetBIOS - ok
22:26:41.0843 2508 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:26:41.0843 2508 NetBT - ok
22:26:41.0875 2508 [ D40598FD7B7DCCBFB22D777E0DFB1CF0 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:26:41.0906 2508 NetDDE - ok
22:26:41.0937 2508 [ D40598FD7B7DCCBFB22D777E0DFB1CF0 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:26:41.0937 2508 NetDDEdsdm - ok
22:26:41.0953 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:26:41.0953 2508 Netlogon - ok
22:26:42.0000 2508 [ 237F77C91B70469E3AF9F7FD0A524954 ] Netman C:\WINDOWS\System32\netman.dll
22:26:42.0000 2508 Netman - ok
22:26:42.0046 2508 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:42.0078 2508 NetTcpPortSharing - ok
22:26:42.0093 2508 [ 6FA2DDF70DC9B762EBF8920F89B6BEA3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:26:42.0109 2508 Nla - ok
22:26:42.0171 2508 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
22:26:42.0187 2508 NMIndexingService - ok
22:26:42.0218 2508 [ 9A908A9BB857C2CCEB2907EB9DCAEB8B ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
22:26:42.0218 2508 nmwcd - ok
22:26:42.0265 2508 [ 68EC3EE2348E475EA62C66E6AAFCFC9B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:26:42.0265 2508 nmwcdc - ok
22:26:42.0296 2508 [ BE7FD9CA07E7D39F77C78BA5756930D9 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
22:26:42.0296 2508 nmwcdnsu - ok
22:26:42.0328 2508 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:26:42.0328 2508 Npfs - ok
22:26:42.0375 2508 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:26:42.0390 2508 Ntfs - ok
22:26:42.0406 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:26:42.0406 2508 NtLmSsp - ok
22:26:42.0437 2508 [ 951543FFB84012D13F4CB09DA2EACE96 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:26:42.0453 2508 NtmsSvc - ok
22:26:42.0484 2508 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:26:42.0484 2508 Null - ok
22:26:42.0515 2508 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:26:42.0515 2508 NwlnkFlt - ok
22:26:42.0546 2508 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:26:42.0546 2508 NwlnkFwd - ok
22:26:42.0609 2508 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
22:26:42.0625 2508 odserv - ok
22:26:42.0687 2508 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
22:26:42.0703 2508 ose - ok
22:26:42.0734 2508 [ 318696359AC7DF48D1E51974EC527DD2 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:26:42.0734 2508 Parport - ok
22:26:42.0750 2508 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:26:42.0750 2508 PartMgr - ok
22:26:42.0781 2508 [ 9575C5630DB8FB804649A6959737154C ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:26:42.0781 2508 ParVdm - ok
22:26:42.0828 2508 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:26:42.0828 2508 pccsmcfd - ok
22:26:42.0875 2508 [ 7C5DA5C1ED801AD8B0309D5514F0B75E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:26:42.0875 2508 PCI - ok
22:26:42.0875 2508 PCIDump - ok
22:26:42.0906 2508 [ F4BFDE7209C14A07AAA61E4D6AE69EAC ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:26:42.0906 2508 PCIIde - ok
22:26:42.0937 2508 [ 641DA274E163617EA7A33506BC6DA8E3 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:26:42.0937 2508 Pcmcia - ok
22:26:42.0953 2508 PDCOMP - ok
22:26:42.0953 2508 PDFRAME - ok
22:26:42.0953 2508 PDRELI - ok
22:26:42.0968 2508 PDRFRAME - ok
22:26:42.0968 2508 perc2 - ok
22:26:42.0968 2508 perc2hib - ok
22:26:43.0000 2508 [ 63DCDE1A0D86EEB8924D6738FF616EAD ] PlugPlay C:\WINDOWS\system32\services.exe
22:26:43.0000 2508 PlugPlay - ok
22:26:43.0031 2508 [ A38B3CE68E7F126190CDE4AA3FDF050F ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
22:26:43.0031 2508 Pml Driver HPZ12 - ok
22:26:43.0046 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:26:43.0046 2508 PolicyAgent - ok
22:26:43.0062 2508 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:26:43.0062 2508 PptpMiniport - ok
22:26:43.0062 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:26:43.0078 2508 ProtectedStorage - ok
22:26:43.0078 2508 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:26:43.0093 2508 PSched - ok
22:26:43.0109 2508 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:26:43.0109 2508 Ptilink - ok
22:26:43.0109 2508 ql1080 - ok
22:26:43.0109 2508 Ql10wnt - ok
22:26:43.0125 2508 ql12160 - ok
22:26:43.0125 2508 ql1240 - ok
22:26:43.0125 2508 ql1280 - ok
22:26:43.0140 2508 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:26:43.0140 2508 RasAcd - ok
22:26:43.0171 2508 [ 03D5509F513EAC463D1C5B3601EBC62C ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:26:43.0203 2508 RasAuto - ok
22:26:43.0218 2508 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:26:43.0218 2508 Rasl2tp - ok
22:26:43.0250 2508 [ 846E0536290C0488BF3D797F2CABBCCF ] RasMan C:\WINDOWS\System32\rasmans.dll
22:26:43.0265 2508 RasMan - ok
22:26:43.0281 2508 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:26:43.0281 2508 RasPppoe - ok
22:26:43.0281 2508 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:26:43.0296 2508 Raspti - ok
22:26:43.0312 2508 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:26:43.0312 2508 Rdbss - ok
22:26:43.0312 2508 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:26:43.0312 2508 RDPCDD - ok
22:26:43.0359 2508 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:26:43.0375 2508 rdpdr - ok
22:26:43.0406 2508 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:26:43.0406 2508 RDPWD - ok
22:26:43.0437 2508 [ F35A23E5B6413F93CCCA0D05D00183FB ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:26:43.0437 2508 RDSessMgr - ok
22:26:43.0515 2508 [ 2CC30B68DD62B73D444A41322CD7FC4C ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:26:43.0515 2508 redbook - ok
22:26:43.0546 2508 [ 6E2CBBD6956A605EF98FFD4843928FED ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:26:43.0546 2508 RemoteAccess - ok
22:26:43.0562 2508 [ B6F76CE10953A141545A0D01F1776885 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:26:43.0562 2508 RemoteRegistry - ok
22:26:43.0609 2508 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
22:26:43.0609 2508 ROOTMODEM - ok
22:26:43.0640 2508 [ DAB8E0B2F07DC4D44F8F72BF3994630B ] RpcLocator C:\WINDOWS\system32\locator.exe
22:26:43.0640 2508 RpcLocator - ok
22:26:43.0671 2508 [ C6FE0B727A5D13419D480150631ADC09 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:26:43.0671 2508 RpcSs - ok
22:26:43.0703 2508 [ 414964844F4793ACB868D057E8ED997E ] RSVP C:\WINDOWS\system32\rsvp.exe
22:26:43.0750 2508 RSVP - ok
22:26:43.0765 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] SamSs C:\WINDOWS\system32\lsass.exe
22:26:43.0765 2508 SamSs - ok
22:26:43.0796 2508 [ 8866078139C403A28CB4CB460CA6DC90 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:26:43.0828 2508 SCardSvr - ok
22:26:43.0859 2508 [ A65E74CC5831CED5762AA16033ED20EE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:26:43.0875 2508 Schedule - ok
22:26:43.0890 2508 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:26:43.0906 2508 Secdrv - ok
22:26:43.0921 2508 [ 27ADC5543DBDFFF3FCB8D14D36395072 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:26:43.0921 2508 seclogon - ok
22:26:43.0953 2508 [ 3C6BE06A5E464056F7A10E4D66EF92C0 ] SENS C:\WINDOWS\system32\sens.dll
22:26:43.0968 2508 SENS - ok
22:26:43.0968 2508 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:26:43.0968 2508 serenum - ok
22:26:43.0984 2508 [ 653201755CA96AB4AAA4131DAF6DA356 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:26:43.0984 2508 Serial - ok
22:26:44.0000 2508 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:26:44.0000 2508 Sfloppy - ok
22:26:44.0015 2508 [ BC919495F27AEEDAC71C123E859413D0 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:26:44.0031 2508 SharedAccess - ok
22:26:44.0046 2508 [ ABA25E49F6589FD73F1143FDC39A6B46 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:26:44.0062 2508 ShellHWDetection - ok
22:26:44.0062 2508 Simbad - ok
22:26:44.0093 2508 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:26:44.0093 2508 SkypeUpdate - ok
22:26:44.0125 2508 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:26:44.0125 2508 SLIP - ok
22:26:44.0140 2508 Sparrow - ok
22:26:44.0171 2508 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:26:44.0171 2508 splitter - ok
22:26:44.0187 2508 [ DF9FC62AD51CB082B0AE371919A232CB ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:26:44.0203 2508 Spooler - ok
22:26:44.0234 2508 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
22:26:44.0234 2508 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
22:26:44.0250 2508 sptd ( LockedFile.Multi.Generic ) - warning
22:26:44.0250 2508 sptd - detected LockedFile.Multi.Generic (1)
22:26:44.0265 2508 [ B52181023B827ACDA36C1B76751EBFFD ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:26:44.0265 2508 sr - ok
22:26:44.0281 2508 [ CE978404558CE2D82896AC2032F06DBF ] srservice C:\WINDOWS\system32\srsvc.dll
22:26:44.0296 2508 srservice - ok
22:26:44.0312 2508 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:26:44.0312 2508 Srv - ok
22:26:44.0343 2508 [ DCB185C829538971E47AFFE77BA138C3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:26:44.0359 2508 SSDPSRV - ok
22:26:44.0406 2508 [ 3180D308BA44C96F18E6A83AD2BEF13A ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:26:44.0406 2508 stisvc - ok
22:26:44.0421 2508 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:26:44.0421 2508 streamip - ok
22:26:44.0437 2508 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:26:44.0437 2508 swenum - ok
22:26:44.0484 2508 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:26:44.0484 2508 swmidi - ok
22:26:44.0484 2508 SwPrv - ok
22:26:44.0500 2508 symc810 - ok
22:26:44.0500 2508 symc8xx - ok
22:26:44.0500 2508 sym_hi - ok
22:26:44.0515 2508 sym_u3 - ok
22:26:44.0515 2508 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:26:44.0515 2508 sysaudio - ok
22:26:44.0531 2508 [ 0FAAD412D36E668260A6D5699875D534 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:26:44.0546 2508 SysmonLog - ok
22:26:44.0578 2508 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
22:26:44.0578 2508 taphss - ok
22:26:44.0609 2508 [ 5CC2A233DAC03CAF99D20B87598675CD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:26:44.0625 2508 TapiSrv - ok
22:26:44.0640 2508 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:26:44.0671 2508 Tcpip - ok
22:26:44.0703 2508 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:26:44.0718 2508 TDPIPE - ok
22:26:44.0734 2508 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:26:44.0734 2508 TDTCP - ok
22:26:44.0750 2508 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:26:44.0750 2508 TermDD - ok
22:26:44.0796 2508 [ 78F90C3E230AD122BCB116ABAD5FEFE9 ] TermService C:\WINDOWS\System32\termsrv.dll
22:26:44.0812 2508 TermService - ok
22:26:44.0812 2508 [ ABA25E49F6589FD73F1143FDC39A6B46 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:26:44.0828 2508 Themes - ok
22:26:44.0859 2508 [ D244322BE1A7C8AD252EC5397EA6D296 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:26:44.0875 2508 TlntSvr - ok
22:26:44.0875 2508 TosIde - ok
22:26:44.0890 2508 [ 215E18CA64CEA34540AD2984F4A06FAE ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:26:44.0906 2508 TrkWks - ok
22:26:44.0937 2508 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:26:44.0937 2508 Udfs - ok
22:26:44.0937 2508 ultra - ok
22:26:44.0984 2508 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:26:44.0984 2508 Update - ok
22:26:45.0015 2508 [ 0B6A726C2DE9BBB80A48459F0C318F44 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:26:45.0031 2508 upnphost - ok
22:26:45.0062 2508 [ A34560A5D516A2F5240180370866B99D ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:26:45.0062 2508 upperdev - ok
22:26:45.0078 2508 [ 394C9B28C1A97E1AE0421BE88DDAC102 ] UPS C:\WINDOWS\System32\ups.exe
22:26:45.0078 2508 UPS - ok
22:26:45.0109 2508 [ 2CC6A4081C0E3B18D048541DFA096142 ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
22:26:45.0125 2508 USB28xxBGA - ok
22:26:45.0140 2508 [ D3C6E97154E5E32E3E093C9D0421A12D ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
22:26:45.0140 2508 USB28xxOEM - ok
22:26:45.0140 2508 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:26:45.0140 2508 usbaudio - ok
22:26:45.0171 2508 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:26:45.0171 2508 usbccgp - ok
22:26:45.0203 2508 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:26:45.0218 2508 usbehci - ok
22:26:45.0218 2508 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:26:45.0218 2508 usbhub - ok
22:26:45.0250 2508 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:26:45.0265 2508 usbprint - ok
22:26:45.0281 2508 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:26:45.0281 2508 usbscan - ok
22:26:45.0312 2508 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
22:26:45.0312 2508 usbser - ok
22:26:45.0328 2508 [ 6410EEBD6E0427466812858EE84C8467 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:26:45.0328 2508 UsbserFilt - ok
22:26:45.0359 2508 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:26:45.0359 2508 usbstor - ok
22:26:45.0390 2508 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:26:45.0390 2508 usbuhci - ok
22:26:45.0421 2508 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:26:45.0421 2508 usbvideo - ok
22:26:45.0453 2508 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:26:45.0453 2508 VgaSave - ok
22:26:45.0453 2508 ViaIde - ok
22:26:45.0484 2508 [ 313B1A0D5DB26DFE1C34A6C13B2CE0A7 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:26:45.0484 2508 VolSnap - ok
22:26:45.0515 2508 [ CE38755FF8C161A66E45FC0C10CDEE87 ] VSS C:\WINDOWS\System32\vssvc.exe
22:26:45.0531 2508 VSS - ok
22:26:45.0562 2508 [ B46F3ABAC633B2CFD34DE56FE5130735 ] W32Time C:\WINDOWS\system32\w32time.dll
22:26:45.0562 2508 W32Time - ok
22:26:45.0609 2508 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:26:45.0609 2508 Wanarp - ok
22:26:45.0656 2508 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:26:45.0687 2508 Wdf01000 - ok
22:26:45.0687 2508 WDICA - ok
22:26:45.0718 2508 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:26:45.0734 2508 wdmaud - ok
22:26:45.0750 2508 [ BDDA07933F4CAC14A7E35D1084649AF5 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:26:45.0765 2508 WebClient - ok
22:26:45.0828 2508 [ D62DD45D691350A7029A554831B42BBA ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:26:45.0828 2508 winmgmt - ok
22:26:45.0859 2508 [ CCAEC5175F1EBC6EB0DBD607EEA791C1 ] wirelessusbser C:\WINDOWS\system32\DRIVERS\3GDatausbser.sys
22:26:45.0859 2508 wirelessusbser - ok
22:26:45.0890 2508 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:26:45.0906 2508 WmdmPmSN - ok
22:26:45.0921 2508 [ 8788AC79968A829A0B385E3B2F12D23E ] Wmi C:\WINDOWS\System32\advapi32.dll
22:26:45.0937 2508 Wmi - ok
22:26:45.0968 2508 [ 93A3FC4CF42587A7AB54788F19B9259C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:26:45.0968 2508 WmiApSrv - ok
22:26:46.0000 2508 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
22:26:46.0000 2508 WpdUsb - ok
22:26:46.0031 2508 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:26:46.0031 2508 WS2IFSL - ok
22:26:46.0078 2508 [ 53760D195988739A9945E5F738B85723 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:26:46.0093 2508 wscsvc - ok
22:26:46.0109 2508 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:26:46.0109 2508 WSTCODEC - ok
22:26:46.0140 2508 [ A01A65BEA57E71DE6AFB80940D3E1F77 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:26:46.0187 2508 wuauserv - ok
22:26:46.0234 2508 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:26:46.0234 2508 WudfPf - ok
22:26:46.0250 2508 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:26:46.0250 2508 WudfRd - ok
22:26:46.0281 2508 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:26:46.0296 2508 WudfSvc - ok
22:26:46.0328 2508 [ 2536E6BACDD146C5C2398B2D41B372E5 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:26:46.0343 2508 WZCSVC - ok
22:26:46.0390 2508 [ 912591E2055E26566D1CB54092A7E8B0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:26:46.0453 2508 xmlprov - ok
22:26:46.0484 2508 [ 71289A0975B9F69A331D1523E8515DC5 ] zteusbser C:\WINDOWS\system32\DRIVERS\zteusbser.sys
22:26:46.0484 2508 zteusbser - ok
22:26:46.0500 2508 ================ Scan global ===============================
22:26:46.0515 2508 [ FC73E963C354A0427CC17EBC579A485F ] C:\WINDOWS\system32\basesrv.dll
22:26:46.0531 2508 [ A4D0C2375201B13B5971DF54B55156EA ] C:\WINDOWS\system32\winsrv.dll
22:26:46.0546 2508 [ A4D0C2375201B13B5971DF54B55156EA ] C:\WINDOWS\system32\winsrv.dll
22:26:46.0562 2508 [ 63DCDE1A0D86EEB8924D6738FF616EAD ] C:\WINDOWS\system32\services.exe
22:26:46.0578 2508 [Global] - ok
22:26:46.0578 2508 ================ Scan MBR ==================================
22:26:46.0593 2508 [ C99C3199CFAA4CBDCD91493F6D113A50 ] \Device\Harddisk0\DR0
22:26:46.0781 2508 \Device\Harddisk0\DR0 - ok
22:26:46.0781 2508 ================ Scan VBR ==================================
22:26:46.0781 2508 [ 0385AFCC333370F824DD78A2F3F35900 ] \Device\Harddisk0\DR0\Partition1
22:26:46.0781 2508 \Device\Harddisk0\DR0\Partition1 - ok
22:26:46.0812 2508 [ B50343FDE875A8B301665794880EB7DD ] \Device\Harddisk0\DR0\Partition2
22:26:46.0812 2508 \Device\Harddisk0\DR0\Partition2 - ok
22:26:46.0812 2508 ============================================================
22:26:46.0812 2508 Scan finished
22:26:46.0812 2508 ============================================================
22:26:46.0828 3708 Detected object count: 1
22:26:46.0828 3708 Actual detected object count: 1
22:27:25.0812 3708 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:27:25.0812 3708 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:26:21.0250 2160 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:26:22.0578 2160 ============================================================
22:26:22.0578 2160 Current date / time: 2013/06/23 22:26:22.0578
22:26:22.0578 2160 SystemInfo:
22:26:22.0578 2160
22:26:22.0578 2160 OS Version: 5.1.2600 ServicePack: 2.0
22:26:22.0578 2160 Product type: Workstation
22:26:22.0578 2160 ComputerName: VENTO
22:26:22.0578 2160 UserName: Andriatsiafa
22:26:22.0578 2160 Windows directory: C:\WINDOWS
22:26:22.0578 2160 System windows directory: C:\WINDOWS
22:26:22.0578 2160 Processor architecture: Intel x86
22:26:22.0578 2160 Number of processors: 2
22:26:22.0578 2160 Page size: 0x1000
22:26:22.0578 2160 Boot type: Normal boot
22:26:22.0578 2160 ============================================================
22:26:23.0843 2160 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
22:26:23.0843 2160 ============================================================
22:26:23.0843 2160 \Device\Harddisk0\DR0:
22:26:23.0843 2160 MBR partitions:
22:26:23.0843 2160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
22:26:23.0859 2160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0xB4E4720
22:26:23.0859 2160 ============================================================
22:26:23.0906 2160 C: <-> \Device\Harddisk0\DR0\Partition1
22:26:24.0062 2160 D: <-> \Device\Harddisk0\DR0\Partition2
22:26:24.0078 2160 ============================================================
22:26:24.0078 2160 Initialize success
22:26:24.0078 2160 ============================================================
22:26:35.0171 2508 ============================================================
22:26:35.0171 2508 Scan started
22:26:35.0171 2508 Mode: Manual;
22:26:35.0171 2508 ============================================================
22:26:36.0078 2508 ================ Scan system memory ========================
22:26:36.0078 2508 System memory - ok
22:26:36.0078 2508 ================ Scan services =============================
22:26:36.0187 2508 Abiosdsk - ok
22:26:36.0187 2508 abp480n5 - ok
22:26:36.0234 2508 [ 0BD94FBFC14EA3606CD6CA4C0255BAA3 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:26:36.0234 2508 ACPI - ok
22:26:36.0265 2508 [ E4ABC1212B70BB03D35E60681C447210 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
22:26:36.0265 2508 ACPIEC - ok
22:26:36.0265 2508 adpu160m - ok
22:26:36.0296 2508 [ 841F385C6CFAF66B58FBD898722BB4F0 ] aec C:\WINDOWS\system32\drivers\aec.sys
22:26:36.0296 2508 aec - ok
22:26:36.0328 2508 [ 5AC495F4CB807B2B98AD2AD591E6D92E ] AFD C:\WINDOWS\System32\drivers\afd.sys
22:26:36.0343 2508 AFD - ok
22:26:36.0343 2508 Aha154x - ok
22:26:36.0343 2508 aic78u2 - ok
22:26:36.0359 2508 aic78xx - ok
22:26:36.0390 2508 [ CB0067EB22B6BDD9E978934C5B951D8B ] Alerter C:\WINDOWS\system32\alrsvc.dll
22:26:36.0406 2508 Alerter - ok
22:26:36.0437 2508 [ B43CC0F07752D456038CD0268E4D84E9 ] ALG C:\WINDOWS\System32\alg.exe
22:26:36.0453 2508 ALG - ok
22:26:36.0453 2508 AliIde - ok
22:26:36.0453 2508 amsint - ok
22:26:36.0468 2508 [ 7E9D138DC991BCCE6E6026CD74E69CC4 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
22:26:36.0484 2508 AppMgmt - ok
22:26:36.0484 2508 asc - ok
22:26:36.0500 2508 asc3350p - ok
22:26:36.0500 2508 asc3550 - ok
22:26:36.0578 2508 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
22:26:36.0578 2508 aspnet_state - ok
22:26:36.0609 2508 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
22:26:36.0609 2508 aswFsBlk - ok
22:26:36.0656 2508 [ 3FCA5C1A8F33CF9857220CC3A3076A3E ] aswKbd C:\WINDOWS\system32\drivers\aswKbd.sys
22:26:36.0656 2508 aswKbd - ok
22:26:36.0687 2508 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys
22:26:36.0687 2508 aswMonFlt - ok
22:26:36.0734 2508 [ 7B43265F92257A21CBFD88E7A651044C ] aswRdr C:\WINDOWS\system32\drivers\aswRdr.sys
22:26:36.0734 2508 aswRdr - ok
22:26:36.0781 2508 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys
22:26:36.0781 2508 aswRvrt - ok
22:26:36.0812 2508 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
22:26:36.0843 2508 aswSnx - ok
22:26:36.0859 2508 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
22:26:36.0859 2508 aswSP - ok
22:26:36.0875 2508 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
22:26:36.0875 2508 aswTdi - ok
22:26:36.0906 2508 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys
22:26:36.0921 2508 aswVmm - ok
22:26:36.0953 2508 [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:26:36.0953 2508 AsyncMac - ok
22:26:36.0984 2508 [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
22:26:36.0984 2508 atapi - ok
22:26:37.0000 2508 [ 2610034ECD11A675ED2E2601C87961AF ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys
22:26:37.0015 2508 AtcL002 - ok
22:26:37.0015 2508 Atdisk - ok
22:26:37.0046 2508 [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:26:37.0046 2508 Atmarpc - ok
22:26:37.0078 2508 [ 21620DF34B0ACF0A37F72396F855820C ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
22:26:37.0078 2508 AudioSrv - ok
22:26:37.0109 2508 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
22:26:37.0109 2508 audstub - ok
22:26:37.0187 2508 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:26:37.0187 2508 avast! Antivirus - ok
22:26:37.0234 2508 [ C1B486A7658353D33A10CC15211A873B ] AVPsys C:\WINDOWS\system32\drivers\cdaudio.sys
22:26:37.0234 2508 AVPsys - ok
22:26:37.0265 2508 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
22:26:37.0265 2508 Beep - ok
22:26:37.0312 2508 [ 659F7B6C502051BFA37910614B225548 ] BITS C:\WINDOWS\system32\qmgr.dll
22:26:37.0359 2508 BITS - ok
22:26:37.0390 2508 [ 75AC49029966BFFEA09F96C1C194F684 ] Browser C:\WINDOWS\System32\browser.dll
22:26:37.0390 2508 Browser - ok
22:26:37.0531 2508 catchme - ok
22:26:37.0609 2508 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
22:26:37.0609 2508 cbidf2k - ok
22:26:37.0671 2508 [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:26:37.0671 2508 CCDECODE - ok
22:26:37.0671 2508 cd20xrnt - ok
22:26:37.0718 2508 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
22:26:37.0718 2508 Cdaudio - ok
22:26:37.0765 2508 [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
22:26:37.0765 2508 Cdfs - ok
22:26:37.0812 2508 [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:26:37.0812 2508 Cdrom - ok
22:26:37.0812 2508 Changer - ok
22:26:37.0843 2508 [ ABFAC5D58218C0A655DFCAE2D8A535F3 ] CiSvc C:\WINDOWS\system32\cisvc.exe
22:26:37.0843 2508 CiSvc - ok
22:26:37.0859 2508 [ E42101918C50F754FC15367814FEC11C ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
22:26:37.0859 2508 ClipSrv - ok
22:26:37.0937 2508 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:37.0953 2508 clr_optimization_v2.0.50727_32 - ok
22:26:37.0953 2508 CmdIde - ok
22:26:37.0953 2508 COMSysApp - ok
22:26:37.0968 2508 Cpqarray - ok
22:26:38.0000 2508 [ CD73133EB24C572019944001FAD1B8D9 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
22:26:38.0000 2508 CryptSvc - ok
22:26:38.0000 2508 dac2w2k - ok
22:26:38.0015 2508 dac960nt - ok
22:26:38.0046 2508 [ C6FE0B727A5D13419D480150631ADC09 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
22:26:38.0062 2508 DcomLaunch - ok
22:26:38.0093 2508 [ A44C9220F460E38FC7EC0B4BE4716077 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
22:26:38.0093 2508 Dhcp - ok
22:26:38.0125 2508 [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
22:26:38.0125 2508 Disk - ok
22:26:38.0140 2508 dmadmin - ok
22:26:38.0187 2508 [ E2D3B7620310FE56685F9B15A6B404B3 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
22:26:38.0203 2508 dmboot - ok
22:26:38.0218 2508 [ C77F5C20AA70197A69AA84BAA9DE43C8 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
22:26:38.0218 2508 dmio - ok
22:26:38.0250 2508 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
22:26:38.0250 2508 dmload - ok
22:26:38.0281 2508 [ 893CC650E9E7AA8C9EE14D61E7C150CE ] dmserver C:\WINDOWS\System32\dmserver.dll
22:26:38.0281 2508 dmserver - ok
22:26:38.0312 2508 [ A6F881284AC1150E37D9AE47FF601267 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
22:26:38.0328 2508 DMusic - ok
22:26:38.0343 2508 [ 3B352C41F5087E637B60745BAC262D94 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
22:26:38.0343 2508 Dnscache - ok
22:26:38.0359 2508 dpti2o - ok
22:26:38.0375 2508 [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
22:26:38.0390 2508 drmkaud - ok
22:26:38.0406 2508 [ A4661552CAEAF05A7CAE43431987910C ] ERSvc C:\WINDOWS\System32\ersvc.dll
22:26:38.0406 2508 ERSvc - ok
22:26:38.0437 2508 [ 63DCDE1A0D86EEB8924D6738FF616EAD ] Eventlog C:\WINDOWS\system32\services.exe
22:26:38.0453 2508 Eventlog - ok
22:26:38.0484 2508 [ FDE7FBE9CC9DD9484DF3E0241737C091 ] EventSystem C:\WINDOWS\system32\es.dll
22:26:38.0531 2508 EventSystem - ok
22:26:38.0531 2508 [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
22:26:38.0546 2508 Fastfat - ok
22:26:38.0578 2508 [ ABA25E49F6589FD73F1143FDC39A6B46 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
22:26:38.0593 2508 FastUserSwitchingCompatibility - ok
22:26:38.0625 2508 [ CED2E8396A8838E59D8FD529C680E02C ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
22:26:38.0625 2508 Fdc - ok
22:26:38.0671 2508 [ 8B121FF880683607AB2AEF0340721718 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
22:26:38.0671 2508 Fips - ok
22:26:38.0703 2508 [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:26:38.0703 2508 Flpydisk - ok
22:26:38.0750 2508 [ 157754F0DF355A9E0A6F54721914F9C6 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
22:26:38.0750 2508 FltMgr - ok
22:26:38.0796 2508 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
22:26:38.0796 2508 FontCache3.0.0.0 - ok
22:26:38.0828 2508 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:26:38.0828 2508 Fs_Rec - ok
22:26:38.0859 2508 [ A86859B77B908C18C2657F284AA29FE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:26:38.0859 2508 Ftdisk - ok
22:26:38.0890 2508 [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:26:38.0906 2508 Gpc - ok
22:26:38.0984 2508 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:26:39.0000 2508 gupdate - ok
22:26:39.0000 2508 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:26:39.0015 2508 gupdatem - ok
22:26:39.0046 2508 [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:26:39.0046 2508 HDAudBus - ok
22:26:39.0109 2508 [ 3A18F1FE2E70E736014710EF85857EF8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
22:26:39.0109 2508 helpsvc - ok
22:26:39.0140 2508 [ BBA013D455C7CD9D8C42E8C7CC7418F9 ] HidServ C:\WINDOWS\System32\hidserv.dll
22:26:39.0140 2508 HidServ - ok
22:26:39.0171 2508 [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:26:39.0171 2508 HidUsb - ok
22:26:39.0171 2508 hpn - ok
22:26:39.0203 2508 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
22:26:39.0218 2508 HPZid412 - ok
22:26:39.0218 2508 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
22:26:39.0234 2508 HPZipr12 - ok
22:26:39.0250 2508 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
22:26:39.0250 2508 HPZius12 - ok
22:26:39.0296 2508 [ C19B522A9AE0BBC3293397F3055E80A1 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
22:26:39.0296 2508 HTTP - ok
22:26:39.0328 2508 [ FDCD442CF729D30B5D9C07ADE37901AB ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
22:26:39.0328 2508 HTTPFilter - ok
22:26:39.0343 2508 i2omgmt - ok
22:26:39.0343 2508 i2omp - ok
22:26:39.0375 2508 [ D1EFCBD693B5BA21314D06368C471070 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:26:39.0375 2508 i8042prt - ok
22:26:39.0437 2508 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
22:26:39.0453 2508 ialm - ok
22:26:39.0546 2508 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:26:39.0578 2508 idsvc - ok
22:26:39.0609 2508 [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
22:26:39.0625 2508 Imapi - ok
22:26:39.0671 2508 [ 17B7A4375868B8C38F2DFC98B3B420C6 ] ImapiService C:\WINDOWS\system32\imapi.exe
22:26:39.0671 2508 ImapiService - ok
22:26:39.0687 2508 ini910u - ok
22:26:39.0812 2508 [ CDFD5A68A2E1CAA89C5C0E0B3CB98731 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
22:26:39.0921 2508 IntcAzAudAddService - ok
22:26:39.0921 2508 IntelIde - ok
22:26:39.0968 2508 [ DD5AD1E79AC26D3F8D8828AD4627F160 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:26:39.0968 2508 intelppm - ok
22:26:40.0000 2508 [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
22:26:40.0000 2508 Ip6Fw - ok
22:26:40.0031 2508 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:26:40.0031 2508 IpFilterDriver - ok
22:26:40.0046 2508 [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:26:40.0046 2508 IpInIp - ok
22:26:40.0078 2508 [ B5A8E215AC29D24D60B4D1250EF05ACE ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:26:40.0078 2508 IpNat - ok
22:26:40.0109 2508 [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:26:40.0109 2508 IPSec - ok
22:26:40.0140 2508 [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
22:26:40.0156 2508 IRENUM - ok
22:26:40.0171 2508 [ 54632F1A7DE61DC3615D756F2A90FA72 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:26:40.0187 2508 isapnp - ok
22:26:40.0203 2508 [ E798705E8DC7FAB596EF6BFDF167E007 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:26:40.0218 2508 Kbdclass - ok
22:26:40.0250 2508 [ 62DD5EEFCEC4EF4163F1168D4262A9E4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:26:40.0250 2508 kbdhid - ok
22:26:40.0281 2508 [ D93CAD07C5683DB066B0B2D2D3790EAD ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
22:26:40.0281 2508 kmixer - ok
22:26:40.0328 2508 [ EB7FFE87FD367EA8FCA0506F74A87FBB ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
22:26:40.0328 2508 KSecDD - ok
22:26:40.0359 2508 [ EF009A39AE1D3EB6E154BA06A331579C ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
22:26:40.0375 2508 lanmanserver - ok
22:26:40.0406 2508 [ 22F8CBA5164AE37734FDCF5FB9B7D9B3 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
22:26:40.0421 2508 lanmanworkstation - ok
22:26:40.0421 2508 lbrtfdc - ok
22:26:40.0500 2508 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
22:26:40.0500 2508 LightScribeService - ok
22:26:40.0531 2508 [ 2C6D3047910B70CCD571BA2698B0C98B ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
22:26:40.0546 2508 LmHosts - ok
22:26:40.0578 2508 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
22:26:40.0578 2508 MBAMProtector - ok
22:26:40.0656 2508 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:26:40.0671 2508 MBAMScheduler - ok
22:26:40.0734 2508 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:26:40.0765 2508 MBAMService - ok
22:26:40.0843 2508 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
22:26:40.0843 2508 MDM - ok
22:26:40.0875 2508 [ DE71362123E81D268088E78543752576 ] Messenger C:\WINDOWS\System32\msgsvc.dll
22:26:40.0875 2508 Messenger - ok
22:26:40.0906 2508 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
22:26:40.0906 2508 mnmdd - ok
22:26:40.0953 2508 [ 5B219F99CF6D5BE05A6C6E86C38CB7CE ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
22:26:40.0968 2508 mnmsrvc - ok
22:26:40.0984 2508 [ 5AC7E16F5B40A6DA14B5F2B3ADA4693E ] Modem C:\WINDOWS\system32\drivers\Modem.sys
22:26:40.0984 2508 Modem - ok
22:26:41.0000 2508 [ 7D4F19411BD941E1D432A99E24230386 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:26:41.0000 2508 Mouclass - ok
22:26:41.0031 2508 [ 124D6846040C79B9C997F78EF4B2A4E5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:26:41.0031 2508 mouhid - ok
22:26:41.0046 2508 [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
22:26:41.0046 2508 MountMgr - ok
22:26:41.0093 2508 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:26:41.0093 2508 MozillaMaintenance - ok
22:26:41.0125 2508 [ 55A9A7E6BB297BF0F5B144029DCB79CC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
22:26:41.0125 2508 MPE - ok
22:26:41.0125 2508 mraid35x - ok
22:26:41.0140 2508 [ 46EDCC8F2DB2F322C24F48785CB46366 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:26:41.0140 2508 MRxDAV - ok
22:26:41.0187 2508 [ 1FD607FC67F7F7C633C3DA65BFC53D18 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:26:41.0203 2508 MRxSmb - ok
22:26:41.0234 2508 [ 11CA338B8765DB8E2D1B459F2CFAD147 ] MSDTC C:\WINDOWS\system32\msdtc.exe
22:26:41.0234 2508 MSDTC - ok
22:26:41.0265 2508 [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
22:26:41.0265 2508 Msfs - ok
22:26:41.0281 2508 MSIServer - ok
22:26:41.0312 2508 [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:26:41.0312 2508 MSKSSRV - ok
22:26:41.0343 2508 [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:26:41.0343 2508 MSPCLOCK - ok
22:26:41.0375 2508 [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
22:26:41.0375 2508 MSPQM - ok
22:26:41.0406 2508 [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:26:41.0406 2508 mssmbios - ok
22:26:41.0421 2508 [ BF13612142995096AB084F2DB7F40F77 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
22:26:41.0421 2508 MSTEE - ok
22:26:41.0453 2508 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
22:26:41.0453 2508 MTsensor - ok
22:26:41.0468 2508 [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
22:26:41.0484 2508 Mup - ok
22:26:41.0500 2508 [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:26:41.0515 2508 NABTSFEC - ok
22:26:41.0593 2508 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
22:26:41.0640 2508 NBService - ok
22:26:41.0656 2508 [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
22:26:41.0671 2508 NDIS - ok
22:26:41.0703 2508 [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:26:41.0703 2508 NdisIP - ok
22:26:41.0734 2508 [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:26:41.0750 2508 NdisTapi - ok
22:26:41.0765 2508 [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:26:41.0781 2508 Ndisuio - ok
22:26:41.0796 2508 [ 0B90E255A9490166AB368CD55A529893 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:26:41.0796 2508 NdisWan - ok
22:26:41.0812 2508 [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
22:26:41.0812 2508 NDProxy - ok
22:26:41.0828 2508 [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
22:26:41.0828 2508 NetBIOS - ok
22:26:41.0843 2508 [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
22:26:41.0843 2508 NetBT - ok
22:26:41.0875 2508 [ D40598FD7B7DCCBFB22D777E0DFB1CF0 ] NetDDE C:\WINDOWS\system32\netdde.exe
22:26:41.0906 2508 NetDDE - ok
22:26:41.0937 2508 [ D40598FD7B7DCCBFB22D777E0DFB1CF0 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
22:26:41.0937 2508 NetDDEdsdm - ok
22:26:41.0953 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] Netlogon C:\WINDOWS\system32\lsass.exe
22:26:41.0953 2508 Netlogon - ok
22:26:42.0000 2508 [ 237F77C91B70469E3AF9F7FD0A524954 ] Netman C:\WINDOWS\System32\netman.dll
22:26:42.0000 2508 Netman - ok
22:26:42.0046 2508 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:26:42.0078 2508 NetTcpPortSharing - ok
22:26:42.0093 2508 [ 6FA2DDF70DC9B762EBF8920F89B6BEA3 ] Nla C:\WINDOWS\System32\mswsock.dll
22:26:42.0109 2508 Nla - ok
22:26:42.0171 2508 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
22:26:42.0187 2508 NMIndexingService - ok
22:26:42.0218 2508 [ 9A908A9BB857C2CCEB2907EB9DCAEB8B ] nmwcd C:\WINDOWS\system32\drivers\ccdcmb.sys
22:26:42.0218 2508 nmwcd - ok
22:26:42.0265 2508 [ 68EC3EE2348E475EA62C66E6AAFCFC9B ] nmwcdc C:\WINDOWS\system32\drivers\ccdcmbo.sys
22:26:42.0265 2508 nmwcdc - ok
22:26:42.0296 2508 [ BE7FD9CA07E7D39F77C78BA5756930D9 ] nmwcdnsu C:\WINDOWS\system32\drivers\nmwcdnsu.sys
22:26:42.0296 2508 nmwcdnsu - ok
22:26:42.0328 2508 [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
22:26:42.0328 2508 Npfs - ok
22:26:42.0375 2508 [ B78BE402C3F63DD55521F73876951CDD ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
22:26:42.0390 2508 Ntfs - ok
22:26:42.0406 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
22:26:42.0406 2508 NtLmSsp - ok
22:26:42.0437 2508 [ 951543FFB84012D13F4CB09DA2EACE96 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
22:26:42.0453 2508 NtmsSvc - ok
22:26:42.0484 2508 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
22:26:42.0484 2508 Null - ok
22:26:42.0515 2508 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:26:42.0515 2508 NwlnkFlt - ok
22:26:42.0546 2508 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:26:42.0546 2508 NwlnkFwd - ok
22:26:42.0609 2508 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
22:26:42.0625 2508 odserv - ok
22:26:42.0687 2508 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
22:26:42.0703 2508 ose - ok
22:26:42.0734 2508 [ 318696359AC7DF48D1E51974EC527DD2 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
22:26:42.0734 2508 Parport - ok
22:26:42.0750 2508 [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
22:26:42.0750 2508 PartMgr - ok
22:26:42.0781 2508 [ 9575C5630DB8FB804649A6959737154C ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
22:26:42.0781 2508 ParVdm - ok
22:26:42.0828 2508 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
22:26:42.0828 2508 pccsmcfd - ok
22:26:42.0875 2508 [ 7C5DA5C1ED801AD8B0309D5514F0B75E ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
22:26:42.0875 2508 PCI - ok
22:26:42.0875 2508 PCIDump - ok
22:26:42.0906 2508 [ F4BFDE7209C14A07AAA61E4D6AE69EAC ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
22:26:42.0906 2508 PCIIde - ok
22:26:42.0937 2508 [ 641DA274E163617EA7A33506BC6DA8E3 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
22:26:42.0937 2508 Pcmcia - ok
22:26:42.0953 2508 PDCOMP - ok
22:26:42.0953 2508 PDFRAME - ok
22:26:42.0953 2508 PDRELI - ok
22:26:42.0968 2508 PDRFRAME - ok
22:26:42.0968 2508 perc2 - ok
22:26:42.0968 2508 perc2hib - ok
22:26:43.0000 2508 [ 63DCDE1A0D86EEB8924D6738FF616EAD ] PlugPlay C:\WINDOWS\system32\services.exe
22:26:43.0000 2508 PlugPlay - ok
22:26:43.0031 2508 [ A38B3CE68E7F126190CDE4AA3FDF050F ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
22:26:43.0031 2508 Pml Driver HPZ12 - ok
22:26:43.0046 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
22:26:43.0046 2508 PolicyAgent - ok
22:26:43.0062 2508 [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:26:43.0062 2508 PptpMiniport - ok
22:26:43.0062 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
22:26:43.0078 2508 ProtectedStorage - ok
22:26:43.0078 2508 [ 48671F327553DCF1D27F6197F622A668 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
22:26:43.0093 2508 PSched - ok
22:26:43.0109 2508 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:26:43.0109 2508 Ptilink - ok
22:26:43.0109 2508 ql1080 - ok
22:26:43.0109 2508 Ql10wnt - ok
22:26:43.0125 2508 ql12160 - ok
22:26:43.0125 2508 ql1240 - ok
22:26:43.0125 2508 ql1280 - ok
22:26:43.0140 2508 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:26:43.0140 2508 RasAcd - ok
22:26:43.0171 2508 [ 03D5509F513EAC463D1C5B3601EBC62C ] RasAuto C:\WINDOWS\System32\rasauto.dll
22:26:43.0203 2508 RasAuto - ok
22:26:43.0218 2508 [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:26:43.0218 2508 Rasl2tp - ok
22:26:43.0250 2508 [ 846E0536290C0488BF3D797F2CABBCCF ] RasMan C:\WINDOWS\System32\rasmans.dll
22:26:43.0265 2508 RasMan - ok
22:26:43.0281 2508 [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:26:43.0281 2508 RasPppoe - ok
22:26:43.0281 2508 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
22:26:43.0296 2508 Raspti - ok
22:26:43.0312 2508 [ 29D66245ADBA878FFF574CD66ABD2884 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:26:43.0312 2508 Rdbss - ok
22:26:43.0312 2508 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:26:43.0312 2508 RDPCDD - ok
22:26:43.0359 2508 [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:26:43.0375 2508 rdpdr - ok
22:26:43.0406 2508 [ D4F5643D7714EF499AE9527FDCD50894 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
22:26:43.0406 2508 RDPWD - ok
22:26:43.0437 2508 [ F35A23E5B6413F93CCCA0D05D00183FB ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
22:26:43.0437 2508 RDSessMgr - ok
22:26:43.0515 2508 [ 2CC30B68DD62B73D444A41322CD7FC4C ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
22:26:43.0515 2508 redbook - ok
22:26:43.0546 2508 [ 6E2CBBD6956A605EF98FFD4843928FED ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
22:26:43.0546 2508 RemoteAccess - ok
22:26:43.0562 2508 [ B6F76CE10953A141545A0D01F1776885 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
22:26:43.0562 2508 RemoteRegistry - ok
22:26:43.0609 2508 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
22:26:43.0609 2508 ROOTMODEM - ok
22:26:43.0640 2508 [ DAB8E0B2F07DC4D44F8F72BF3994630B ] RpcLocator C:\WINDOWS\system32\locator.exe
22:26:43.0640 2508 RpcLocator - ok
22:26:43.0671 2508 [ C6FE0B727A5D13419D480150631ADC09 ] RpcSs C:\WINDOWS\system32\rpcss.dll
22:26:43.0671 2508 RpcSs - ok
22:26:43.0703 2508 [ 414964844F4793ACB868D057E8ED997E ] RSVP C:\WINDOWS\system32\rsvp.exe
22:26:43.0750 2508 RSVP - ok
22:26:43.0765 2508 [ 259AF82A0932EEA4F316F92DB94707B6 ] SamSs C:\WINDOWS\system32\lsass.exe
22:26:43.0765 2508 SamSs - ok
22:26:43.0796 2508 [ 8866078139C403A28CB4CB460CA6DC90 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
22:26:43.0828 2508 SCardSvr - ok
22:26:43.0859 2508 [ A65E74CC5831CED5762AA16033ED20EE ] Schedule C:\WINDOWS\system32\schedsvc.dll
22:26:43.0875 2508 Schedule - ok
22:26:43.0890 2508 [ D26E26EA516450AF9D072635C60387F4 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:26:43.0906 2508 Secdrv - ok
22:26:43.0921 2508 [ 27ADC5543DBDFFF3FCB8D14D36395072 ] seclogon C:\WINDOWS\System32\seclogon.dll
22:26:43.0921 2508 seclogon - ok
22:26:43.0953 2508 [ 3C6BE06A5E464056F7A10E4D66EF92C0 ] SENS C:\WINDOWS\system32\sens.dll
22:26:43.0968 2508 SENS - ok
22:26:43.0968 2508 [ A2D868AEEFF612E70E213C451A70CAFB ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
22:26:43.0968 2508 serenum - ok
22:26:43.0984 2508 [ 653201755CA96AB4AAA4131DAF6DA356 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
22:26:43.0984 2508 Serial - ok
22:26:44.0000 2508 [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
22:26:44.0000 2508 Sfloppy - ok
22:26:44.0015 2508 [ BC919495F27AEEDAC71C123E859413D0 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
22:26:44.0031 2508 SharedAccess - ok
22:26:44.0046 2508 [ ABA25E49F6589FD73F1143FDC39A6B46 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
22:26:44.0062 2508 ShellHWDetection - ok
22:26:44.0062 2508 Simbad - ok
22:26:44.0093 2508 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
22:26:44.0093 2508 SkypeUpdate - ok
22:26:44.0125 2508 [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:26:44.0125 2508 SLIP - ok
22:26:44.0140 2508 Sparrow - ok
22:26:44.0171 2508 [ 8E186B8F23295D1E42C573B82B80D548 ] splitter C:\WINDOWS\system32\drivers\splitter.sys
22:26:44.0171 2508 splitter - ok
22:26:44.0187 2508 [ DF9FC62AD51CB082B0AE371919A232CB ] Spooler C:\WINDOWS\system32\spoolsv.exe
22:26:44.0203 2508 Spooler - ok
22:26:44.0234 2508 [ 7F1B7C4D446CD3F926AF45B8C48BD593 ] sptd C:\WINDOWS\system32\Drivers\sptd.sys
22:26:44.0234 2508 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7F1B7C4D446CD3F926AF45B8C48BD593
22:26:44.0250 2508 sptd ( LockedFile.Multi.Generic ) - warning
22:26:44.0250 2508 sptd - detected LockedFile.Multi.Generic (1)
22:26:44.0265 2508 [ B52181023B827ACDA36C1B76751EBFFD ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
22:26:44.0265 2508 sr - ok
22:26:44.0281 2508 [ CE978404558CE2D82896AC2032F06DBF ] srservice C:\WINDOWS\system32\srsvc.dll
22:26:44.0296 2508 srservice - ok
22:26:44.0312 2508 [ 20B7E396720353E4117D64D9DCB926CA ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
22:26:44.0312 2508 Srv - ok
22:26:44.0343 2508 [ DCB185C829538971E47AFFE77BA138C3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
22:26:44.0359 2508 SSDPSRV - ok
22:26:44.0406 2508 [ 3180D308BA44C96F18E6A83AD2BEF13A ] stisvc C:\WINDOWS\system32\wiaservc.dll
22:26:44.0406 2508 stisvc - ok
22:26:44.0421 2508 [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:26:44.0421 2508 streamip - ok
22:26:44.0437 2508 [ 03C1BAE4766E2450219D20B993D6E046 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
22:26:44.0437 2508 swenum - ok
22:26:44.0484 2508 [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
22:26:44.0484 2508 swmidi - ok
22:26:44.0484 2508 SwPrv - ok
22:26:44.0500 2508 symc810 - ok
22:26:44.0500 2508 symc8xx - ok
22:26:44.0500 2508 sym_hi - ok
22:26:44.0515 2508 sym_u3 - ok
22:26:44.0515 2508 [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
22:26:44.0515 2508 sysaudio - ok
22:26:44.0531 2508 [ 0FAAD412D36E668260A6D5699875D534 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
22:26:44.0546 2508 SysmonLog - ok
22:26:44.0578 2508 [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss C:\WINDOWS\system32\DRIVERS\taphss.sys
22:26:44.0578 2508 taphss - ok
22:26:44.0609 2508 [ 5CC2A233DAC03CAF99D20B87598675CD ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
22:26:44.0625 2508 TapiSrv - ok
22:26:44.0640 2508 [ 9F4B36614A0FC234525BA224957DE55C ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:26:44.0671 2508 Tcpip - ok
22:26:44.0703 2508 [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
22:26:44.0718 2508 TDPIPE - ok
22:26:44.0734 2508 [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
22:26:44.0734 2508 TDTCP - ok
22:26:44.0750 2508 [ A540A99C281D933F3D69D55E48727F47 ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
22:26:44.0750 2508 TermDD - ok
22:26:44.0796 2508 [ 78F90C3E230AD122BCB116ABAD5FEFE9 ] TermService C:\WINDOWS\System32\termsrv.dll
22:26:44.0812 2508 TermService - ok
22:26:44.0812 2508 [ ABA25E49F6589FD73F1143FDC39A6B46 ] Themes C:\WINDOWS\System32\shsvcs.dll
22:26:44.0828 2508 Themes - ok
22:26:44.0859 2508 [ D244322BE1A7C8AD252EC5397EA6D296 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
22:26:44.0875 2508 TlntSvr - ok
22:26:44.0875 2508 TosIde - ok
22:26:44.0890 2508 [ 215E18CA64CEA34540AD2984F4A06FAE ] TrkWks C:\WINDOWS\system32\trkwks.dll
22:26:44.0906 2508 TrkWks - ok
22:26:44.0937 2508 [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
22:26:44.0937 2508 Udfs - ok
22:26:44.0937 2508 ultra - ok
22:26:44.0984 2508 [ AFF2E5045961BBC0A602BB6F95EB1345 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
22:26:44.0984 2508 Update - ok
22:26:45.0015 2508 [ 0B6A726C2DE9BBB80A48459F0C318F44 ] upnphost C:\WINDOWS\System32\upnphost.dll
22:26:45.0031 2508 upnphost - ok
22:26:45.0062 2508 [ A34560A5D516A2F5240180370866B99D ] upperdev C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
22:26:45.0062 2508 upperdev - ok
22:26:45.0078 2508 [ 394C9B28C1A97E1AE0421BE88DDAC102 ] UPS C:\WINDOWS\System32\ups.exe
22:26:45.0078 2508 UPS - ok
22:26:45.0109 2508 [ 2CC6A4081C0E3B18D048541DFA096142 ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
22:26:45.0125 2508 USB28xxBGA - ok
22:26:45.0140 2508 [ D3C6E97154E5E32E3E093C9D0421A12D ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
22:26:45.0140 2508 USB28xxOEM - ok
22:26:45.0140 2508 [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
22:26:45.0140 2508 usbaudio - ok
22:26:45.0171 2508 [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
22:26:45.0171 2508 usbccgp - ok
22:26:45.0203 2508 [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:26:45.0218 2508 usbehci - ok
22:26:45.0218 2508 [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:26:45.0218 2508 usbhub - ok
22:26:45.0250 2508 [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
22:26:45.0265 2508 usbprint - ok
22:26:45.0281 2508 [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
22:26:45.0281 2508 usbscan - ok
22:26:45.0312 2508 [ 49106EE29074E6A3D3AC9E24C6D791D8 ] usbser C:\WINDOWS\system32\drivers\usbser.sys
22:26:45.0312 2508 usbser - ok
22:26:45.0328 2508 [ 6410EEBD6E0427466812858EE84C8467 ] UsbserFilt C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
22:26:45.0328 2508 UsbserFilt - ok
22:26:45.0359 2508 [ 6CD7B22193718F1D17A47A1CD6D37E75 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:26:45.0359 2508 usbstor - ok
22:26:45.0390 2508 [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:26:45.0390 2508 usbuhci - ok
22:26:45.0421 2508 [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
22:26:45.0421 2508 usbvideo - ok
22:26:45.0453 2508 [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
22:26:45.0453 2508 VgaSave - ok
22:26:45.0453 2508 ViaIde - ok
22:26:45.0484 2508 [ 313B1A0D5DB26DFE1C34A6C13B2CE0A7 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
22:26:45.0484 2508 VolSnap - ok
22:26:45.0515 2508 [ CE38755FF8C161A66E45FC0C10CDEE87 ] VSS C:\WINDOWS\System32\vssvc.exe
22:26:45.0531 2508 VSS - ok
22:26:45.0562 2508 [ B46F3ABAC633B2CFD34DE56FE5130735 ] W32Time C:\WINDOWS\system32\w32time.dll
22:26:45.0562 2508 W32Time - ok
22:26:45.0609 2508 [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:26:45.0609 2508 Wanarp - ok
22:26:45.0656 2508 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
22:26:45.0687 2508 Wdf01000 - ok
22:26:45.0687 2508 WDICA - ok
22:26:45.0718 2508 [ 2797F33EBF50466020C430EE4F037933 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
22:26:45.0734 2508 wdmaud - ok
22:26:45.0750 2508 [ BDDA07933F4CAC14A7E35D1084649AF5 ] WebClient C:\WINDOWS\System32\webclnt.dll
22:26:45.0765 2508 WebClient - ok
22:26:45.0828 2508 [ D62DD45D691350A7029A554831B42BBA ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
22:26:45.0828 2508 winmgmt - ok
22:26:45.0859 2508 [ CCAEC5175F1EBC6EB0DBD607EEA791C1 ] wirelessusbser C:\WINDOWS\system32\DRIVERS\3GDatausbser.sys
22:26:45.0859 2508 wirelessusbser - ok
22:26:45.0890 2508 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
22:26:45.0906 2508 WmdmPmSN - ok
22:26:45.0921 2508 [ 8788AC79968A829A0B385E3B2F12D23E ] Wmi C:\WINDOWS\System32\advapi32.dll
22:26:45.0937 2508 Wmi - ok
22:26:45.0968 2508 [ 93A3FC4CF42587A7AB54788F19B9259C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
22:26:45.0968 2508 WmiApSrv - ok
22:26:46.0000 2508 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
22:26:46.0000 2508 WpdUsb - ok
22:26:46.0031 2508 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:26:46.0031 2508 WS2IFSL - ok
22:26:46.0078 2508 [ 53760D195988739A9945E5F738B85723 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
22:26:46.0093 2508 wscsvc - ok
22:26:46.0109 2508 [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:26:46.0109 2508 WSTCODEC - ok
22:26:46.0140 2508 [ A01A65BEA57E71DE6AFB80940D3E1F77 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
22:26:46.0187 2508 wuauserv - ok
22:26:46.0234 2508 [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:26:46.0234 2508 WudfPf - ok
22:26:46.0250 2508 [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:26:46.0250 2508 WudfRd - ok
22:26:46.0281 2508 [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
22:26:46.0296 2508 WudfSvc - ok
22:26:46.0328 2508 [ 2536E6BACDD146C5C2398B2D41B372E5 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
22:26:46.0343 2508 WZCSVC - ok
22:26:46.0390 2508 [ 912591E2055E26566D1CB54092A7E8B0 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
22:26:46.0453 2508 xmlprov - ok
22:26:46.0484 2508 [ 71289A0975B9F69A331D1523E8515DC5 ] zteusbser C:\WINDOWS\system32\DRIVERS\zteusbser.sys
22:26:46.0484 2508 zteusbser - ok
22:26:46.0500 2508 ================ Scan global ===============================
22:26:46.0515 2508 [ FC73E963C354A0427CC17EBC579A485F ] C:\WINDOWS\system32\basesrv.dll
22:26:46.0531 2508 [ A4D0C2375201B13B5971DF54B55156EA ] C:\WINDOWS\system32\winsrv.dll
22:26:46.0546 2508 [ A4D0C2375201B13B5971DF54B55156EA ] C:\WINDOWS\system32\winsrv.dll
22:26:46.0562 2508 [ 63DCDE1A0D86EEB8924D6738FF616EAD ] C:\WINDOWS\system32\services.exe
22:26:46.0578 2508 [Global] - ok
22:26:46.0578 2508 ================ Scan MBR ==================================
22:26:46.0593 2508 [ C99C3199CFAA4CBDCD91493F6D113A50 ] \Device\Harddisk0\DR0
22:26:46.0781 2508 \Device\Harddisk0\DR0 - ok
22:26:46.0781 2508 ================ Scan VBR ==================================
22:26:46.0781 2508 [ 0385AFCC333370F824DD78A2F3F35900 ] \Device\Harddisk0\DR0\Partition1
22:26:46.0781 2508 \Device\Harddisk0\DR0\Partition1 - ok
22:26:46.0812 2508 [ B50343FDE875A8B301665794880EB7DD ] \Device\Harddisk0\DR0\Partition2
22:26:46.0812 2508 \Device\Harddisk0\DR0\Partition2 - ok
22:26:46.0812 2508 ============================================================
22:26:46.0812 2508 Scan finished
22:26:46.0812 2508 ============================================================
22:26:46.0828 3708 Detected object count: 1
22:26:46.0828 3708 Actual detected object count: 1
22:27:25.0812 3708 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:27:25.0812 3708 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Utilisateur anonyme
23 juin 2013 à 21:43
23 juin 2013 à 21:43
ok, Sptd n'est autre que le pilote générique de Daemon tool !
* /!\Avertissement :
Ce logiciel n'est à utiliser que prescrit par un helper qualifié.
Ne pas utiliser en dehors de ce cas de figure : dangereux!
► Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ou ici :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
► ferme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\ComboFix\ComboFix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de Combofix.txt dans ton prochain message.
* /!\Avertissement :
Ce logiciel n'est à utiliser que prescrit par un helper qualifié.
Ne pas utiliser en dehors de ce cas de figure : dangereux!
► Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
ou ici :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
► ferme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
- il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\ComboFix\ComboFix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de Combofix.txt dans ton prochain message.
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
23 juin 2013 à 21:55
23 juin 2013 à 21:55
pourrait-on continuer demain stp car il se fait tard!! Merci.
juste une question: Lorsque ComboFix ait trouvé la mise à jour, est-ce que je me déconnecte d'internet?
juste une question: Lorsque ComboFix ait trouvé la mise à jour, est-ce que je me déconnecte d'internet?
Utilisateur anonyme
23 juin 2013 à 22:02
23 juin 2013 à 22:02
tu ne te déconnectes pas 'internet
par contre, après le passage de Combofix, il se peut que ton pc n'arrive plus à se connecter, donc il suffit de le redémarrer une ou 2 fois normalement :D
on continue là dessus demain soir :D
@ ++
par contre, après le passage de Combofix, il se peut que ton pc n'arrive plus à se connecter, donc il suffit de le redémarrer une ou 2 fois normalement :D
on continue là dessus demain soir :D
@ ++
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
25 juin 2013 à 14:28
25 juin 2013 à 14:28
j'ai déjà envoyé le rapport ici mais cela n'apparait pas
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
25 juin 2013 à 14:29
25 juin 2013 à 14:29
ComboFix 13-06-24.01 - Andriatsiafa 25/06/2013 14:35:40.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.231 [GMT 3:00]
Lancé depuis: c:\documents and settings\Andriatsiafa\Mes documents\TÚlÚchargements\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_ctypes.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_elementtree.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_hashlib.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_multiprocessing.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_socket.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_ssl.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\pyexpat.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\pysqlite2._sqlite.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\python27.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\pythoncom27.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\PyWinTypes27.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\select.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\unicodedata.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32api.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32com.shell.shell.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32crypt.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32event.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32file.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32inet.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32pdh.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32process.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32profile.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32security.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32ts.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\windows._cacheinvalidation.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._controls_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._core_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._gdi_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._html2.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._misc_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._windows_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._wizard.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxbase294u_net_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxbase294u_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_adv_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_core_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_html_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_webview_vc90.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Wincert\WIN32C~1.DLL
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update\bkr.bat
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update\r0k.rk
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update\wxz.exe
c:\documents and settings\Andriatsiafa\Application Data\System
c:\documents and settings\Andriatsiafa\Application Data\System\klpte.drt
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_ctypes.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_elementtree.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_hashlib.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_multiprocessing.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_socket.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_ssl.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\pyexpat.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\pysqlite2._sqlite.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\python27.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\pythoncom27.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\PyWinTypes27.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\select.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\unicodedata.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32api.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32com.shell.shell.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32crypt.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32event.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32file.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32inet.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32pdh.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32process.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32profile.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32security.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32ts.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\windows._cacheinvalidation.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._controls_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._core_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._gdi_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._html2.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._misc_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._windows_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._wizard.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxbase294u_net_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxbase294u_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_adv_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_core_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_html_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_webview_vc90.dll
c:\documents and settings\Andriatsiafa\Mes documents\~WRL1092.tmp
c:\documents and settings\user\Mes documents\~WRL0005.tmp
C:\Documents
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\dllchache
c:\windows\system32\SET515.tmp
c:\windows\system32\SET521.tmp
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AVPsys
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-05-25 au 2013-06-25 ))))))))))))))))))))))))))))))))))))
.
.
2013-06-23 17:15 . 2004-08-19 13:10 114688 ----a-w- c:\windows\svchost .exe
2013-06-23 12:35 . 2013-06-23 14:47 -------- d-----w- C:\ZHP
2013-06-21 17:31 . 2013-06-21 17:31 -------- d-----w- c:\documents and settings\Andriatsiafa\Application Data\Malwarebytes
2013-06-21 17:31 . 2013-06-21 17:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-06-21 17:31 . 2013-06-21 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-21 17:31 . 2013-04-04 11:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-20 19:35 . 2013-06-23 14:15 -------- d-----w- c:\program files\ZHPDiag
2013-05-29 16:14 . 2013-05-09 08:59 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 06:51 . 2012-11-10 06:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-19 06:51 . 2012-11-10 06:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-03-11 18:11 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-11 18:11 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2011-06-05 06:52 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-06-05 06:52 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-06-05 06:52 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-03-11 18:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2011-06-05 06:52 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2011-06-05 06:52 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-06-05 06:52 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-06-05 06:52 229648 ----a-w- c:\windows\system32\aswBoot.exe
.
[code]<pre>
c:\windows\svchost .exe
</pre>/code
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-10 969104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"USB Modem Run"="c:\progra~1\LIFEIN~1\USB Modem Run.exe" [2010-01-29 45056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Updates"="c:\windows\svchost .exe" [2004-08-19 114688]
.
c:\documents and settings\Andriatsiafa\Menu Démarrer\Programmes\Démarrage\
Windows Media Player.vbe [2012-11-5 108167]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Andriatsiafa^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Andriatsiafa\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 13:09 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-05 13:13 114688 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 07:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 12:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2009-02-26 15:04 2376992 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScheduleTV]
2007-11-01 07:23 847872 ----a-w- c:\program files\GADMEI TVHome Media\ScheduleTV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 09:22 1822720 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Andriatsiafa\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Documents and Settings\\Andriatsiafa\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [11/03/2013 21:11 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [11/03/2013 21:11 174664]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/08/2011 09:57 716272]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [29/05/2013 19:14 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/06/2011 09:52 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/06/2011 09:52 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/06/2011 09:52 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/03/2013 21:11 66336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [21/06/2013 20:31 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/06/2013 20:31 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/06/2013 20:31 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 161536]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18/12/2009 21:24 138112]
S3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [25/01/2011 17:47 102656]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [29/05/2009 19:17 99328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 18:48 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
2013-06-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-08 08:58]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 13:53]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 13:53]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Fichiers communs\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Fichiers communs\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Andriatsiafa\Application Data\Mozilla\Firefox\Profiles\437m8n11.default-1359564763406\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe /H
AddRemove-ilividtoolbargaw - c:\progra~1\SEARCH~2\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-MusicManager - c:\program files\ezt\uninstall.exe
AddRemove-VideoPerformer - c:\program files\VideoPerformer\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-25 14:51
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3112)
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2013-06-25 14:58:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-06-25 11:58
.
Avant-CF: 16 120 037 376 octets libres
Après-CF: 16 614 309 888 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 8F1C07FE5AC2E5CF978816D0A4E035E2
C99C3199CFAA4CBDCD91493F6D113A50
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1015.231 [GMT 3:00]
Lancé depuis: c:\documents and settings\Andriatsiafa\Mes documents\TÚlÚchargements\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_ctypes.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_elementtree.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_hashlib.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_multiprocessing.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_socket.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\_ssl.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\pyexpat.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\pysqlite2._sqlite.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\python27.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\pythoncom27.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\PyWinTypes27.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\select.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\unicodedata.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32api.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32com.shell.shell.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32crypt.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32event.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32file.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32inet.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32pdh.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32process.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32profile.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32security.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\win32ts.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\windows._cacheinvalidation.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._controls_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._core_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._gdi_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._html2.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._misc_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._windows_.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wx._wizard.pyd
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxbase294u_net_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxbase294u_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_adv_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_core_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_html_vc90.dll
c:\docume~1\ANDRIA~1\LOCALS~1\Temp\_MEI21162\wxmsw294u_webview_vc90.dll
c:\documents and settings\All Users.WINDOWS\Application Data\Wincert\WIN32C~1.DLL
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update\bkr.bat
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update\r0k.rk
c:\documents and settings\All Users.WINDOWS\Application Data\Windows Update\wxz.exe
c:\documents and settings\Andriatsiafa\Application Data\System
c:\documents and settings\Andriatsiafa\Application Data\System\klpte.drt
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_ctypes.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_elementtree.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_hashlib.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_multiprocessing.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_socket.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\_ssl.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\pyexpat.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\pysqlite2._sqlite.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\python27.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\pythoncom27.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\PyWinTypes27.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\select.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\unicodedata.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32api.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32com.shell.shell.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32crypt.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32event.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32file.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32inet.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32pdh.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32process.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32profile.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32security.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\win32ts.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\windows._cacheinvalidation.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._controls_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._core_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._gdi_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._html2.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._misc_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._windows_.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wx._wizard.pyd
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxbase294u_net_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxbase294u_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_adv_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_core_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_html_vc90.dll
c:\documents and settings\Andriatsiafa\Local Settings\Temp\_MEI21162\wxmsw294u_webview_vc90.dll
c:\documents and settings\Andriatsiafa\Mes documents\~WRL1092.tmp
c:\documents and settings\user\Mes documents\~WRL0005.tmp
C:\Documents
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\dllchache
c:\windows\system32\SET515.tmp
c:\windows\system32\SET521.tmp
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AVPsys
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-05-25 au 2013-06-25 ))))))))))))))))))))))))))))))))))))
.
.
2013-06-23 17:15 . 2004-08-19 13:10 114688 ----a-w- c:\windows\svchost .exe
2013-06-23 12:35 . 2013-06-23 14:47 -------- d-----w- C:\ZHP
2013-06-21 17:31 . 2013-06-21 17:31 -------- d-----w- c:\documents and settings\Andriatsiafa\Application Data\Malwarebytes
2013-06-21 17:31 . 2013-06-21 17:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2013-06-21 17:31 . 2013-06-21 17:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-21 17:31 . 2013-04-04 11:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-20 19:35 . 2013-06-23 14:15 -------- d-----w- c:\program files\ZHPDiag
2013-05-29 16:14 . 2013-05-09 08:59 21576 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-19 06:51 . 2012-11-10 06:42 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-19 06:51 . 2012-11-10 06:42 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-03-11 18:11 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-11 18:11 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2011-06-05 06:52 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2011-06-05 06:52 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2011-06-05 06:52 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-03-11 18:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2011-06-05 06:52 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2011-06-05 06:52 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-06-05 06:52 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-06-05 06:52 229648 ----a-w- c:\windows\system32\aswBoot.exe
.
[code]<pre>
c:\windows\svchost .exe
</pre>/code
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 13:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-10 969104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"USB Modem Run"="c:\progra~1\LIFEIN~1\USB Modem Run.exe" [2010-01-29 45056]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Updates"="c:\windows\svchost .exe" [2004-08-19 114688]
.
c:\documents and settings\Andriatsiafa\Menu Démarrer\Programmes\Démarrage\
Windows Media Player.vbe [2012-11-5 108167]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Andriatsiafa^Menu Démarrer^Programmes^Démarrage^Outil de détection de support Picture Motion Browser.lnk]
path=c:\documents and settings\Andriatsiafa\Menu Démarrer\Programmes\Démarrage\Outil de détection de support Picture Motion Browser.lnk
backup=c:\windows\pss\Outil de détection de support Picture Motion Browser.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Fichiers communs\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-19 13:09 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2006-10-05 13:13 114688 ----a-r- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 07:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 12:40 155648 ----a-w- c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2009-02-26 15:04 2376992 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScheduleTV]
2007-11-01 07:23 847872 ----a-w- c:\program files\GADMEI TVHome Media\ScheduleTV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-04-04 09:22 1822720 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Andriatsiafa\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Documents and Settings\\Andriatsiafa\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [11/03/2013 21:11 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [11/03/2013 21:11 174664]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/08/2011 09:57 716272]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [29/05/2013 19:14 21576]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [05/06/2011 09:52 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/06/2011 09:52 368944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/06/2011 09:52 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [11/03/2013 21:11 66336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [21/06/2013 20:31 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21/06/2013 20:31 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21/06/2013 20:31 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 161536]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [18/12/2009 21:24 138112]
S3 wirelessusbser;Wireless USB Device for Legacy Serial Communication;c:\windows\system32\drivers\3GDatausbser.sys [25/01/2011 17:47 102656]
S3 zteusbser;ZTE USB Device for Legacy Serial Communication;c:\windows\system32\drivers\zteusbser.sys [29/05/2009 19:17 99328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 18:48 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]
.
2013-06-25 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-08 08:58]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 13:53]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-21 13:53]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\program files\Fichiers communs\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Fichiers communs\DVDVideoSoft\plugins\freeytmp3downloader.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Andriatsiafa\Application Data\Mozilla\Firefox\Profiles\437m8n11.default-1359564763406\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe /H
AddRemove-ilividtoolbargaw - c:\progra~1\SEARCH~2\Datamngr\SRTOOL~1\uninstall.exe
AddRemove-MusicManager - c:\program files\ezt\uninstall.exe
AddRemove-VideoPerformer - c:\program files\VideoPerformer\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-25 14:51
Windows 5.1.2600 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3112)
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2013-06-25 14:58:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-06-25 11:58
.
Avant-CF: 16 120 037 376 octets libres
Après-CF: 16 614 309 888 octets libres
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect
.
- - End Of File - - 8F1C07FE5AC2E5CF978816D0A4E035E2
C99C3199CFAA4CBDCD91493F6D113A50
Utilisateur anonyme
25 juin 2013 à 17:27
25 juin 2013 à 17:27
ok,
µTorrent a pourri ton pc !
redémarre ton pc et donne moi des nouvelles de son fonctionnement !
µTorrent a pourri ton pc !
redémarre ton pc et donne moi des nouvelles de son fonctionnement !
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
26 juin 2013 à 08:35
26 juin 2013 à 08:35
J'ai redémarré le pc mais µTorrent est toujours là et il y a encore le message d'Avast qui apparait: svchost.exe
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
27 juin 2013 à 17:49
27 juin 2013 à 17:49
µTorrent désinstallé
Utilisateur anonyme
27 juin 2013 à 20:24
27 juin 2013 à 20:24
ok
Télécharge GMER sur ton bureau :
http://www.gmer.net/#start ( en bas de la page, cliquer sur "download exe" )
* Dézipper le programme.
* Double cliquer sur Gmer.exe
* Le programme se lance et fait un auto scan
(il s'agit de l'onglet : Rootkit/Malware).
=> Des lignes rouges doivent apparaître en cas d'infection :
* sur ces lignes rouges:
o Services: Clique droit puis delete service
o Process: Clique droit puis kill process
o Adl, file: Clique droit puis delete files
Tuto : https://www.malekal.com/tutorial-gmer/
Télécharge GMER sur ton bureau :
http://www.gmer.net/#start ( en bas de la page, cliquer sur "download exe" )
* Dézipper le programme.
* Double cliquer sur Gmer.exe
* Le programme se lance et fait un auto scan
(il s'agit de l'onglet : Rootkit/Malware).
=> Des lignes rouges doivent apparaître en cas d'infection :
* sur ces lignes rouges:
o Services: Clique droit puis delete service
o Process: Clique droit puis kill process
o Adl, file: Clique droit puis delete files
Tuto : https://www.malekal.com/tutorial-gmer/
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
30 juin 2013 à 12:57
30 juin 2013 à 12:57
le scan n'a rien détecté
Utilisateur anonyme
30 juin 2013 à 13:44
30 juin 2013 à 13:44
ok,
redémarre ton pc pour voir si tu as encore des alertes !
redémarre ton pc pour voir si tu as encore des alertes !
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
30 juin 2013 à 14:39
30 juin 2013 à 14:39
le message d'alerte apparait encore!!
Utilisateur anonyme
30 juin 2013 à 14:46
30 juin 2013 à 14:46
* Télécharge USBFIX sur ton bureau (Merci à El Desaparecido)
http://sosvirus.org/viewtopic.php?f=52&t=192
ou :
http://services.service-webmaster.fr/cpt-clics/clics-30453-6505.html
ou ici :
http://general-changelog-team.fr/fr/downloads/viewdownload/15-outils-de-el-desaparecido/19-usbfix
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Usbfix située sur ton Bureau.
- Sur la page, clique sur le bouton :
« Recherche »
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
- puis clique sur OK
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
le rapport se trouve sur C:\UsbFix [Scan 1] NOM-************.txt
Note : A la fin de l'option nettoyage, il est recommandé de redémarrer le pc
http://sosvirus.org/viewtopic.php?f=52&t=192
ou :
http://services.service-webmaster.fr/cpt-clics/clics-30453-6505.html
ou ici :
http://general-changelog-team.fr/fr/downloads/viewdownload/15-outils-de-el-desaparecido/19-usbfix
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Usbfix située sur ton Bureau.
- Sur la page, clique sur le bouton :
« Recherche »
/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
- puis clique sur OK
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
le rapport se trouve sur C:\UsbFix [Scan 1] NOM-************.txt
Note : A la fin de l'option nettoyage, il est recommandé de redémarrer le pc
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
30 juin 2013 à 16:35
30 juin 2013 à 16:35
j'ai pas vu l'option nettoyage!! Est-ce que je refais la recherche? ou bien redémarre mon pc?
hmada
Messages postés
29
Date d'inscription
dimanche 23 juin 2013
Statut
Membre
Dernière intervention
30 juin 2013
30 juin 2013 à 16:57
30 juin 2013 à 16:57
############################## | UsbFix V 7.129 | [Recherche]
Utilisateur: Andriatsiafa (Administrateur) # VENTO
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 17:25:42 | 30/06/2013
Site Web: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: System manufacturer (System Product Name) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz (2199)
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz (2199)
RAM -> [Total : 1015 | Free : 424]
BIOS: BIOS Date: 12/24/07 14:46:29 Ver: 08.00.10
BOOT: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 59 Go (14 Go libre(s) - 25%) [] # NTFS
D:\ -> Disque fixe # 90 Go (29 Go libre(s) - 32%) [] # NTFS
E:\ -> Disque amovible # 7 Go (3 Go libre(s) - 39%) [] # FAT32
I:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (552)
C:\WINDOWS\system32\winlogon.exe (624)
C:\WINDOWS\system32\services.exe (668)
C:\WINDOWS\system32\lsass.exe (680)
C:\WINDOWS\system32\svchost.exe (856)
C:\WINDOWS\System32\svchost.exe (992)
C:\WINDOWS\system32\svchost.exe (1032)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1320)
C:\WINDOWS\system32\spoolsv.exe (1440)
C:\WINDOWS\system32\svchost.exe (1556)
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (1680)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (1796)
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1812)
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe (1828)
C:\WINDOWS\system32\HPZipm12.exe (1852)
C:\WINDOWS\system32\svchost.exe (1968)
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (1716)
C:\WINDOWS\Explorer.EXE (2356)
C:\WINDOWS\svchost .exe (2308)
C:\WINDOWS\system32\igfxtray.exe (3288)
C:\WINDOWS\system32\igfxpers.exe (3792)
C:\WINDOWS\RTHDCPL.EXE (2920)
C:\Program Files\QuickTime\QTTask.exe (2984)
C:\PROGRA~1\LIFEIN~1\USB Modem Run.exe (3456)
C:\Program Files\AVAST Software\Avast\avastUI.exe (3588)
C:\Program Files\Skype\Phone\Skype.exe (3344)
C:\Program Files\Google\Drive\googledrivesync.exe (2376)
C:\Program Files\Google\Drive\googledrivesync.exe (3348)
C:\Program Files\Mozilla Firefox\firefox.exe (2768)
C:\UsbFix\Go.exe (1904)
C:\WINDOWS\system32\wscntfy.exe (3520)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [IgfxTray] - C:\WINDOWS\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\WINDOWS\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [USB Modem Run] - C:\PROGRA~1\LIFEIN~1\USB Modem Run.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE | Policies\Explorer\run : [Updates] - "C:\WINDOWS\svchost .exe" /e:VBScript.Encode "C:\Documents and Settings\Andriatsiafa\Application Data\Microsoft\SYSTEM\cste"
HKU\S-1-5-21-1482476501-1788223648-725345543-1003\SOFTWARE | Run : [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1482476501-1788223648-725345543-1003\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1482476501-1788223648-725345543-1003\SOFTWARE | Run : [GoogleDriveSync] - "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
################## | Éléments infectieux |
Présent! C:\Documents and Settings\Andriatsiafa\Application Data\Microsoft\SYSTEM\cste
Présent! C:\Documents and Settings\Andriatsiafa\Menu Démarrer\Programmes\Démarrage\Windows Media Player.vbe
Présent! C:\WINDOWS\svchost .exe
Présent! D:\Recycler\S-1-5-21-1482476501-1788223648-725345543-1003
Présent! C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Update\wxz.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP422\A0313860.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP424\A0316160.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP424\A0316294.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP424\A0316344.exe
################## | Registre |
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Updates
################## | Mountpoints2 |
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.sosvirus.net/ |
Utilisateur: Andriatsiafa (Administrateur) # VENTO
Mis à jour le 24/06/2013 par El Desaparecido
Lancé à 17:25:42 | 30/06/2013
Site Web: https://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html
Contact: contact@sosvirus.net
PC: System manufacturer (System Product Name) (X86-based PC)
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz (2199)
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz (2199)
RAM -> [Total : 1015 | Free : 424]
BIOS: BIOS Date: 12/24/07 14:46:29 Ver: 08.00.10
BOOT: Normal boot
OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) # Service Pack 2
WB: Windows Internet Explorer 6.0.2900.2180
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Disque fixe # 59 Go (14 Go libre(s) - 25%) [] # NTFS
D:\ -> Disque fixe # 90 Go (29 Go libre(s) - 32%) [] # NTFS
E:\ -> Disque amovible # 7 Go (3 Go libre(s) - 39%) [] # FAT32
I:\ -> CD-ROM
################## | Processus Actif |
C:\WINDOWS\System32\smss.exe (552)
C:\WINDOWS\system32\winlogon.exe (624)
C:\WINDOWS\system32\services.exe (668)
C:\WINDOWS\system32\lsass.exe (680)
C:\WINDOWS\system32\svchost.exe (856)
C:\WINDOWS\System32\svchost.exe (992)
C:\WINDOWS\system32\svchost.exe (1032)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1320)
C:\WINDOWS\system32\spoolsv.exe (1440)
C:\WINDOWS\system32\svchost.exe (1556)
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (1680)
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (1796)
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1812)
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe (1828)
C:\WINDOWS\system32\HPZipm12.exe (1852)
C:\WINDOWS\system32\svchost.exe (1968)
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (1716)
C:\WINDOWS\Explorer.EXE (2356)
C:\WINDOWS\svchost .exe (2308)
C:\WINDOWS\system32\igfxtray.exe (3288)
C:\WINDOWS\system32\igfxpers.exe (3792)
C:\WINDOWS\RTHDCPL.EXE (2920)
C:\Program Files\QuickTime\QTTask.exe (2984)
C:\PROGRA~1\LIFEIN~1\USB Modem Run.exe (3456)
C:\Program Files\AVAST Software\Avast\avastUI.exe (3588)
C:\Program Files\Skype\Phone\Skype.exe (3344)
C:\Program Files\Google\Drive\googledrivesync.exe (2376)
C:\Program Files\Google\Drive\googledrivesync.exe (3348)
C:\Program Files\Mozilla Firefox\firefox.exe (2768)
C:\UsbFix\Go.exe (1904)
C:\WINDOWS\system32\wscntfy.exe (3520)
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [IgfxTray] - C:\WINDOWS\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\WINDOWS\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [USB Modem Run] - C:\PROGRA~1\LIFEIN~1\USB Modem Run.exe
HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE | Policies\Explorer\run : [Updates] - "C:\WINDOWS\svchost .exe" /e:VBScript.Encode "C:\Documents and Settings\Andriatsiafa\Application Data\Microsoft\SYSTEM\cste"
HKU\S-1-5-21-1482476501-1788223648-725345543-1003\SOFTWARE | Run : [uTorrent] - "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-1482476501-1788223648-725345543-1003\SOFTWARE | Run : [Skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-1482476501-1788223648-725345543-1003\SOFTWARE | Run : [GoogleDriveSync] - "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
################## | Éléments infectieux |
Présent! C:\Documents and Settings\Andriatsiafa\Application Data\Microsoft\SYSTEM\cste
Présent! C:\Documents and Settings\Andriatsiafa\Menu Démarrer\Programmes\Démarrage\Windows Media Player.vbe
Présent! C:\WINDOWS\svchost .exe
Présent! D:\Recycler\S-1-5-21-1482476501-1788223648-725345543-1003
Présent! C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Update\wxz.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP422\A0313860.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP424\A0316160.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP424\A0316294.exe
Présent! C:\System Volume Information\_restore{E98A1AED-0F64-4EBB-B6D5-27778CDB909B}\RP424\A0316344.exe
################## | Registre |
Présent! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Updates
################## | Mountpoints2 |
################## | Vaccin |
(!) Cet ordinateur n'est pas vacciné!
################## | E.O.F | https://www.sosvirus.net/ |
Utilisateur anonyme
30 juin 2013 à 17:15
30 juin 2013 à 17:15
relance Usbfix
clique sur Suppression, poste son rapport après le redémarrage du pc !
clique sur Suppression, poste son rapport après le redémarrage du pc !