Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Wilocks

[Résolu] Svchost ralentit mon PC

Messages recommandés

Bonjour,

 

J'ai le processus SVCHOST.exe qui me bouffe toutes les ressources de mon PC.

Voici le rapport HijackThis, si quelqu'un peux me filer un coup de main.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58:04, on 22/10/2011

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

 

Running processes:

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\taskhost.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Users\pierre\Downloads\HiJackThis.exe

C:\windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe

 

--

End of file - 4187 bytes

 

Et voici les deux rapport d'OTL.

 

OTL logfile created on: 10/22/2011 3:55:38 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\pierre\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2.93 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.81% Memory free

5.86 Gb Paging File | 4.77 Gb Available in Paging File | 81.35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 130.17 Gb Total Space | 107.19 Gb Free Space | 82.34% Space Free | Partition Type: NTFS

Drive D: | 152.82 Gb Total Space | 55.18 Gb Free Space | 36.11% Space Free | Partition Type: NTFS

 

Computer Name: LAFONTAINE | User Name: pierre | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\pierre\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

 

 

========== Modules (No Company Name) ==========

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (KL1) -- C:\windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)

DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)

DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/'>http://fr.msn.com/

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:11.0.2.579

FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.579

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.579

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011/05/31 19:21:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011/05/31 19:21:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011/05/31 19:21:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 15:02:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/01 15:02:27 | 000,000,000 | ---D | M]

 

[2010/12/29 13:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pierre\AppData\Roaming\mozilla\Extensions

[2011/10/22 15:01:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pierre\AppData\Roaming\mozilla\Firefox\Profiles\vbgdy7sm.default\extensions

[2011/10/02 15:17:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\pierre\AppData\Roaming\mozilla\Firefox\Profiles\vbgdy7sm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/06/01 22:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2011/03/04 20:07:32 | 000,000,000 | ---D | M] (Anti-bannière) -- C:\Program Files\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak

[2011/03/04 20:06:56 | 000,000,000 | ---D | M] (Analyse des liens (URL Advisor)) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak

[2011/05/31 19:21:26 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\KAVANTIBANNER@KASPERSKY.RU

[2011/05/31 19:21:26 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\LINKFILTER@KASPERSKY.RU

[2011/05/31 19:21:27 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2011\FFEXT\VIRTUALKEYBOARD@KASPERSKY.RU

[2011/03/24 21:09:27 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml

[2011/03/24 21:09:27 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml

[2011/03/24 21:09:27 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml

[2011/03/24 21:09:27 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml

[2011/03/24 21:09:27 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.224\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll

CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2011/10/22 11:32:09 | 000,438,080 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 123fporn.info

O1 - Hosts: 15065 more lines...

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)

O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Ajouter à l'Anti-bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95DE52F9-5E06-47C9-BE22-4B7FE2603F77}: DhcpNameServer = 212.27.40.240 212.27.40.241

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab ZAO)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 0

O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\Shell - "" = AutoRun

O33 - MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\Shell\AutoRun\command - "" = F:\LaunchU3.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

MsConfig - StartUpFolder: C:^Users^pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk - - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: APLangApp - hkey= - key= - File not found

MsConfig - StartUpReg: ccleaner - hkey= - key= - C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

MsConfig - StartUpReg: CLMLServer - hkey= - key= - File not found

MsConfig - StartUpReg: EA Core - hkey= - key= - File not found

MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found

MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found

MsConfig - StartUpReg: NCInstallQueue - hkey= - key= - File not found

MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - File not found

MsConfig - StartUpReg: Persistence - hkey= - key= - File not found

MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - File not found

MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found

MsConfig - StartUpReg: UCam_Menu - hkey= - key= - File not found

MsConfig - StartUpReg: UpdateLBPShortCut - hkey= - key= - File not found

MsConfig - StartUpReg: UpdateP2GoShortCut - hkey= - key= - File not found

MsConfig - StartUpReg: UpdatePDRShortCut - hkey= - key= - File not found

MsConfig - StartUpReg: UpdatePPShortCut - hkey= - key= - File not found

MsConfig - StartUpReg: UpdatePSTShortCut - hkey= - key= - File not found

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - Service

SafeBootMin: MCODS - Service

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - Service

SafeBootNet: MCODS - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/10/22 11:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011/10/22 11:26:07 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Roaming\Malwarebytes

[2011/10/22 11:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/10/22 11:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/10/22 11:26:00 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2011/10/22 11:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/10/12 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{082ED945-4858-4200-8684-E4F970536BF0}

[2011/10/12 17:03:23 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{C90A5194-2C38-4D70-8C7C-CE83EED993E2}

[2011/10/11 22:22:01 | 000,000,000 | ---D | C] -- C:\windows\fr

[2011/10/11 18:59:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011/10/11 18:57:59 | 002,983,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbon.dll

[2011/10/11 18:57:58 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\UIRibbonRes.dll

[2011/10/11 18:51:26 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{871D48D2-25E8-486D-BFB0-F8F063B1C25F}

[2011/10/10 15:32:12 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{7B77F209-EBF9-423E-AD01-C6C720723AAB}

[2011/10/09 12:46:54 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{0813245A-5BFF-405F-9AB3-C497434875D3}

[2011/10/02 16:41:42 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{D7F3EBD6-9336-4816-BB91-B62A6CCC07C5}

[2011/09/26 22:39:34 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{6053D551-02F1-489B-ACB7-93C2292424DC}

[2011/09/23 06:44:28 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{74E01251-8380-4BF0-981D-B980994274CF}

 

========== Files - Modified Within 30 Days ==========

 

[2011/10/22 15:59:00 | 000,001,078 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003UA.job

[2011/10/22 14:13:01 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/10/22 14:13:01 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/10/22 14:00:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2011/10/22 14:00:40 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys

[2011/10/22 12:12:41 | 000,013,472 | ---- | M] () -- C:\Users\pierre\Desktop\cc_20111022_121234.reg

[2011/10/22 11:56:15 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/10/22 11:32:09 | 000,438,080 | R--- | M] () -- C:\windows\System32\drivers\etc\hosts

[2011/10/22 11:26:04 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/10/17 17:59:06 | 000,001,026 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003Core.job

[2011/10/03 18:20:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

 

========== Files Created - No Company Name ==========

 

[2011/10/22 12:12:38 | 000,013,472 | ---- | C] () -- C:\Users\pierre\Desktop\cc_20111022_121234.reg

[2011/10/22 11:56:14 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/10/22 11:26:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/04 20:06:49 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat

[2011/03/04 20:06:49 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat

[2010/12/29 13:07:11 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat

[2010/12/28 15:24:53 | 000,000,036 | ---- | C] () -- C:\Users\pierre\AppData\Local\housecall.guid.cache

[2010/03/11 02:22:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/03/11 02:06:48 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009/12/05 22:16:46 | 000,744,806 | ---- | C] () -- C:\windows\System32\perfh00C.dat

[2009/12/05 22:16:46 | 000,344,522 | ---- | C] () -- C:\windows\System32\perfi00C.dat

[2009/12/05 22:16:46 | 000,148,292 | ---- | C] () -- C:\windows\System32\perfc00C.dat

[2009/12/05 22:16:46 | 000,038,160 | ---- | C] () -- C:\windows\System32\perfd00C.dat

[2009/12/05 22:01:49 | 000,004,608 | ---- | C] () -- C:\windows\System32\HdmiCoin.dll

[2009/12/05 22:01:48 | 000,982,220 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/12/05 22:01:47 | 000,439,300 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/12/05 22:01:47 | 000,134,592 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/12/05 22:01:47 | 000,092,216 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/12/05 05:17:31 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2009/09/09 19:01:40 | 000,027,675 | ---- | C] () -- C:\windows\System32\drivers\klopp.dat

[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 06:33:53 | 000,342,600 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 04:05:48 | 000,651,648 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 04:05:48 | 000,120,580 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 02:55:09 | 001,332,736 | ---- | C] () -- C:\windows\System32\hpotiop1.dll

[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

 

========== LOP Check ==========

 

[2011/08/14 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Boris\AppData\Roaming\Windows Live Writer

[2010/12/29 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\GrabPro

[2010/12/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Orbit

[2010/12/29 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\ProgSense

[2010/12/12 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Windows Live Writer

[2011/10/16 14:29:05 | 000,032,482 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

[2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl1.sys

[2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\kl2.sys

[2011/03/04 20:00:35 | 000,488,536 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klif.sys

[2010/04/22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\drivers\klim6.sys

[2009/11/02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\windows\system32\drivers\klmouflt.sys

 

< %ALLUSERSPROFILE%\Application Data\*. >

 

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

 

< %APPDATA%\*. >

[2010/04/17 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Adobe

[2010/03/11 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Google

[2010/12/29 22:17:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\GrabPro

[2010/03/11 02:24:48 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Identities

[2010/03/11 19:56:49 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Macromedia

[2011/10/22 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Malwarebytes

[2009/12/05 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Media Center Programs

[2010/12/29 15:04:40 | 000,000,000 | --SD | M] -- C:\Users\pierre\AppData\Roaming\Microsoft

[2010/12/29 13:07:21 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Mozilla

[2010/10/09 17:30:48 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\MozillaControl

[2010/12/30 00:21:45 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Orbit

[2010/12/29 22:09:16 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\ProgSense

[2010/12/29 15:07:30 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\U3

[2011/04/24 10:49:38 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\vlc

[2010/12/12 12:06:36 | 000,000,000 | ---D | M] -- C:\Users\pierre\AppData\Roaming\Windows Live Writer

 

< %APPDATA%\*.exe /s >

[2010/04/15 20:52:56 | 000,010,134 | R--- | M] () -- C:\Users\pierre\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2005/06/06 11:29:14 | 000,110,592 | ---- | M] () -- C:\Users\pierre\AppData\Roaming\U3\0DA0C76172F09934\cleanup.exe

[2006/02/21 12:31:16 | 002,592,768 | ---- | M] () -- C:\Users\pierre\AppData\Roaming\U3\0DA0C76172F09934\LaunchPad.exe

 

< %SYSTEMDRIVE%\*.exe >

 

< %SYSTEMDRIVE%\*.exe >

 

 

< MD5 for: AGP440.SYS >

[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 

< MD5 for: ATAPI.SYS >

[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 

< MD5 for: CDROM.SYS >

[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys

[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys

[2009/07/14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

 

< MD5 for: CNGAUDIT.DLL >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 

< MD5 for: DISK.SYS >

[2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys

[2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys

[2009/07/14 03:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

 

< MD5 for: EXPLORER.EXE >

[2009/10/06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe

[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe

[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

[2009/10/06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

 

< MD5 for: IASTOR.SYS >

[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys

[2009/10/13 04:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys

[2009/10/13 04:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

 

< MD5 for: IASTORV.SYS >

[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

 

< MD5 for: NDIS.SYS >

[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys

[2009/07/14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

 

< MD5 for: NETLOGON.DLL >

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 

< MD5 for: RASACD.SYS >

[2009/07/14 01:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\System32\drivers\rasacd.sys

[2009/07/14 01:54:40 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=30A81B53C766D0133BB86D234E5556AB -- C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys

 

< MD5 for: RDPWD.SYS >

[2009/07/14 02:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=801371BA9782282892D00AADB08EE367 -- C:\Windows\System32\drivers\rdpwd.sys

[2009/07/14 02:01:55 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=801371BA9782282892D00AADB08EE367 -- C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16385_none_4b4bde6b36561dcb\rdpwd.sys

 

< MD5 for: SCECLI.DLL >

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 

< MD5 for: SFLOPPY.SYS >

[2009/07/14 01:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=DB96666CC8312EBC45032F30B007A547 -- C:\Windows\System32\drivers\sfloppy.sys

[2009/07/14 01:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=DB96666CC8312EBC45032F30B007A547 -- C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_x86_neutral_2102f5344367a352\sfloppy.sys

[2009/07/14 01:45:52 | 000,013,824 | ---- | M] (Microsoft Corporation) MD5=DB96666CC8312EBC45032F30B007A547 -- C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_e6e06650dbcf54b4\sfloppy.sys

 

< MD5 for: TCPIP.SYS >

[2009/07/14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

[2010/06/14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys

[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys

[2010/06/14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

 

< MD5 for: TDPIPE.SYS >

[2009/07/14 02:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1875C1490D99E70E449E3AFAE9FCBADF -- C:\Windows\System32\drivers\tdpipe.sys

[2009/07/14 02:01:37 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1875C1490D99E70E449E3AFAE9FCBADF -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_db828d8fa60ad848\tdpipe.sys

 

< MD5 for: TDTCP.SYS >

[2009/07/14 02:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=7551E91EA999EE9A8E9C331D5A9C31F3 -- C:\Windows\System32\drivers\tdtcp.sys

[2009/07/14 02:01:37 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=7551E91EA999EE9A8E9C331D5A9C31F3 -- C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16385_none_db828d8fa60ad848\tdtcp.sys

 

< MD5 for: USBPRINT.SYS >

[2009/07/14 02:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=797D862FE0875E75C7CC4C1AD7B30252 -- C:\Windows\System32\drivers\usbprint.sys

[2009/07/14 02:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=797D862FE0875E75C7CC4C1AD7B30252 -- C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_x86_neutral_203e16627752a160\usbprint.sys

[2009/07/14 02:17:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=797D862FE0875E75C7CC4C1AD7B30252 -- C:\Windows\winsxs\x86_usbprint.inf_31bf3856ad364e35_6.1.7600.16385_none_32d0188e22bd908f\usbprint.sys

 

< MD5 for: USBSCAN.SYS >

[2009/07/14 02:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=576096CCBC07E7C4EA4F5E6686D6888F -- C:\Windows\System32\drivers\usbscan.sys

[2009/07/14 02:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=576096CCBC07E7C4EA4F5E6686D6888F -- C:\Windows\System32\DriverStore\FileRepository\sti.inf_x86_neutral_6a74c91c1f723826\usbscan.sys

[2009/07/14 02:14:44 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=576096CCBC07E7C4EA4F5E6686D6888F -- C:\Windows\winsxs\x86_sti.inf_31bf3856ad364e35_6.1.7600.16385_none_59b5278c421a3644\usbscan.sys

 

< MD5 for: USERINIT.EXE >

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 

< MD5 for: WININIT.EXE >

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 

< MD5 for: WINLOGON.EXE >

[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\expsrv.dll

[2010/10/05 21:27:04 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\windows\system32\klogon.dll

[2009/07/14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\system32\msvbvm60.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A42A9F39

 

< End of report >

 

 

 

----------------------------------------------------------------------------

 

 

OTL Extras logfile created on: 10/22/2011 3:55:38 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\pierre\Downloads

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: France | Language: FRA | Date Format: dd/MM/yyyy

 

2.93 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 65.81% Memory free

5.86 Gb Paging File | 4.77 Gb Available in Paging File | 81.35% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 130.17 Gb Total Space | 107.19 Gb Free Space | 82.34% Space Free | Partition Type: NTFS

Drive D: | 152.82 Gb Total Space | 55.18 Gb Free Space | 36.11% Space Free | Partition Type: NTFS

 

Computer Name: LAFONTAINE | User Name: pierre | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2075CB0A-D26F-4DAA-B424-5079296B43BA}" = Windows Live FolderShare

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{3B160861-7250-451E-B5EE-8B92BF30A710}" = Microsoft Works

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00AF-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (French)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AC76BA86-7AD7-1036-7B44-A94000000001}" = Adobe Reader 9.4.6 - Français

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C861504E-2F57-4F95-AB0A-C7C7D8E46A4E}" = Windows Live Family Safety

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CCleaner" = CCleaner

"Defraggler" = Defraggler

"ExpressBurn" = Express Burn Disc Burning Software

"HDMI" = Intel® Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Marvell Miniport Driver" = Marvell Miniport Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)

"VLC media player" = VLC media player 1.0.1

"WinLiveSuite" = Windows Live

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

 

 

Merci d'avance

Modifié par Wilocks

Partager ce message


Lien à poster
Partager sur d’autres sites

Bonjour Wilocks,

 


Très Important!

 

exclam.gif>>> A faire immédiatement:

- En haut de ce message cliquer sur le bouton "Suivre ce sujet", en choisissant "Notification immédiate" => "Soumettre" tu seras avisé en temps réel pour les réponses apportées à ton sujet et de ce fait, ta machine sera nettoyée dans les meilleurs délais.

Si à la place du bouton "Suivre ce sujet" tu as "Arrêter de suivre ce sujet", c'est que les réglages ont déjà été faits.

- Sauvegarder (en copiant) tous les documents personnels sur un support autre que la partition système: Clé USB, CD/DVD, Disque Dur externe etc.

- TeaTimer de Spybot-S&D peut interférer avec nos utilitaires et causer certains problèmes. Le désactiver dès maintenant s'il installé sur la machine à traiter: Lancer Spybot-S&D => "Mode Advancé". Outils (à gauche) => "Résident" et Décocher "Résident TeaTimer (...)" => OK.

 

exclam.gif>>> Que faire durant ce nettoyage: Merci de NE PAS utiliser, installer et/ou désinstaller aucun programme à part ceux qui sont proposés à chaque étape ce qui a pour but d'éviter tout problème d'incompatibilité entre les outils.

 

exclam.gif>>> Que faire à la réception de nouvelles instructions:

  • Lire la totalité du message.
  • Certains programmes peuvent créer des problèmes s'ils ne sont pas lancés depuis le Bureau. Aussi, il est demandé de les télécharger et enregistrer DIRECTEMENT sur le Bureau (ou les déplacer avant utilisation par un clic-droit dessus => "Couper" puis clic-droit sur le Bureau => "Coller").
  • Procéder toujours dans l'ordre donné et demander des clarifications si nécessaire AVANT de commencer.
  • NE PAS hésiter à commenter et signaler tout changement (en bien ou en mal) dans le comportement de la machine ou par rapport au problème initial.

exclam.gif>>> Comment répondre:

- Cliquer sur le bouton zeb_bouton.png (et non sur zeb-bouton2.png car je n'ai pas besoin de relire mes messages précédents).

- Coller le contenu des rapports SANS y ajouter AUCUN formatage de texte (en citation, code, couleur etc...), le but étant pour nous faciliter leur interprétation.

De mon côté, j'utilise certains formatages de texte et/ ou certaines couleurs NON PAS pour faire joli mais juste pour attirer l'attention sur certains points afin d'éviter toute mauvaise manipulation risquant de créer des problèmes.

 

exclam.gif>>> Ne pas abandonner son sujet avant d'être informé(e) que tout est OK.


 

Pas de signes d'infection visibles dans tes rapports.

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

 

>>> Déplacer OTL: Les utilitaires doivent être lancés depuis le Bureau sauf indication contraire pour un outil spécifique.

Ouvrir ce dossier (en gras): C:\Users\pierre\Downloads et cliquer-droit sur OTL.exe => "Couper".

Cliquer-droit sur le Bureau => "Coller".

 

 

>>> Correction OTL: Désactiver les programmes de protection (antivirus etc...) et lancer OTL.

Copier et coller la liste suivante (commençant par :OTL) dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très importants, merci de vérifier).

 

:OTL

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKU\S-1-5-21-1871111397-3539990770-1974983793-1001..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found

O33 - MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\Shell - "" = AutoRun

O33 - MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\Shell\AutoRun\command - "" = F:\LaunchU3.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe

[2011/10/12 17:11:51 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{082ED945-4858-4200-8684-E4F970536BF0}

[2011/10/12 17:03:23 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{C90A5194-2C38-4D70-8C7C-CE83EED993E2}

[2011/10/11 18:51:26 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{871D48D2-25E8-486D-BFB0-F8F063B1C25F}

[2011/10/10 15:32:12 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{7B77F209-EBF9-423E-AD01-C6C720723AAB}

[2011/10/09 12:46:54 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{0813245A-5BFF-405F-9AB3-C497434875D3}

[2011/10/02 16:41:42 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{D7F3EBD6-9336-4816-BB91-B62A6CCC07C5}

[2011/09/26 22:39:34 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{6053D551-02F1-489B-ACB7-93C2292424DC}

[2011/09/23 06:44:28 | 000,000,000 | ---D | C] -- C:\Users\pierre\AppData\Local\{74E01251-8380-4BF0-981D-B980994274CF}

 

:Services

 

:Reg

 

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

 

:Commands

[EMPTYTEMP]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur "Oui".

A la fin un rapport s'ouvre dans le bloc-note. Copier et le coller son contenu dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

>>> Télécharger sur le Bureau:

  • ComboFix© (par sUBs) depuis ici ou ici
  • Malware Bytes Anti-Malware depuis ici.

 

>>> Utiliser Malwarebytes' Anti-Malware (MBAM): Fermer toutes les applications et fenêtres ouvertes et double-cliquer/cliquer-droit sur mbam-setup.exe => "Exécuter en tant qu'administrateur". Suivre les indications en laissant tout par défaut. Cliquer sur "Terminer" sans rien changer.

- Lancer le programme depuis son icône sur le bureau ou depuis "Démarrer" => "Tous les programmes" => "Malwarebytes' Anti-Malware".

- Faire les Mises à jour depuis l'onglet du même nom. Si problème avec les mises à jour automatiques, cliquer ICI pour les télécharger et les installer manuellement.

- Dans l'onglet "Recherche" laisser la case "Exécuter un examen rapide" cochée et cliquer sur "Rechercher". Patienter jusqu'à la fin (affichage de "L'examen s'est terminé normalement...") et cliquer sur "OK", pour fermer ce message.

- Cliquer sur "Afficher les résultats" puis s'assurer que tout est coché et cliquer sur "Supprimer la sélection".

Le programme procède alors au nettoyage. S'il vous demande de redémarrer le PC, ACCEPTER (c'est pour supprimer certains fichiers spécifiques).

A la fin un rapport s'affiche (accessible à tout moment depuis l'onglet "Rapport/Logs" de la fenêtre principale de "MBAM". Copier /coller son contenu dans la prochaine réponse.

 

 

>>> ComboFix/Analyse: Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et double-cliquer/cliquer-droit sur ComboFix.exe => "Exécuter en tant qu'administrateur". Suivre les instructions.

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\). Copier /coller son contenu dans la prochaine réponse.

 

 

>>> Rapports demandés:

  • OTL
  • Malwarebytes Anti-Malware log
  • ComboFix.txt

Un changement quelconque?

Modifié par lance_yien

Partager ce message


Lien à poster
Partager sur d’autres sites

Et voila les trois autres rapports. OTL,MBAM et Combofix

 

 

------------------------

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1871111397-3539990770-1974983793-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ccleaner deleted successfully.

C:\Program Files\CCleaner\CCleaner.exe moved successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xporter vers Microsoft Excel\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26a913e3-1346-11e0-8c69-b9bdaa1f6764}\ not found.

File F:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\LaunchU3.exe not found.

C:\Users\pierre\AppData\Local\{082ED945-4858-4200-8684-E4F970536BF0} folder moved successfully.

C:\Users\pierre\AppData\Local\{C90A5194-2C38-4D70-8C7C-CE83EED993E2} folder moved successfully.

C:\Users\pierre\AppData\Local\{871D48D2-25E8-486D-BFB0-F8F063B1C25F} folder moved successfully.

C:\Users\pierre\AppData\Local\{7B77F209-EBF9-423E-AD01-C6C720723AAB} folder moved successfully.

C:\Users\pierre\AppData\Local\{0813245A-5BFF-405F-9AB3-C497434875D3} folder moved successfully.

C:\Users\pierre\AppData\Local\{D7F3EBD6-9336-4816-BB91-B62A6CCC07C5} folder moved successfully.

C:\Users\pierre\AppData\Local\{6053D551-02F1-489B-ACB7-93C2292424DC} folder moved successfully.

C:\Users\pierre\AppData\Local\{74E01251-8380-4BF0-981D-B980994274CF} folder moved successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Configuration IP de Windows

Impossible de vider le cache de r‚solution DNS : La fonction a ‚chou‚ lors de l'ex‚cution.

C:\Users\pierre\Desktop\cmd.bat deleted successfully.

C:\Users\pierre\Desktop\cmd.txt deleted successfully.

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003Core.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1003UA.job moved successfully.

File\Folder C:\*.sqm not found.

File\Folder C:\WINDOWS\System32\*.tmp not found.

File\Folder C:\WINDOWS\*.tmp not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Boris

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: pierre

->Temp folder emptied: 13471744 bytes

->Temporary Internet Files folder emptied: 230180 bytes

->FireFox cache emptied: 25877890 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 470 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 526092 bytes

RecycleBin emptied: 1030 bytes

 

Total Files Cleaned = 38.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 10222011_184422

 

Files\Folders moved on Reboot...

File\Folder C:\windows\temp\TMP00000007525EA54AD875FC05 not found!

 

Registry entries deleted on Reboot...

 

 

------------------------------------

 

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Version de la base de données: 7998

 

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

 

22/10/2011 19:04:43

mbam-log-2011-10-22 (19-04-43).txt

 

Type d'examen: Examen rapide

Elément(s) analysé(s): 169650

Temps écoulé: 2 minute(s), 38 seconde(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

---------------------------------------------------

 

ComboFix 11-10-21.06 - pierre 22/10/2011 19:12:54.1.2 - x86 MINIMAL

Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3005.2405 [GMT 2:00]

Lancé depuis: c:\users\pierre\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-09-22 au 2011-10-22 ))))))))))))))))))))))))))))))))))))

.

.

2011-10-22 16:46 . 2011-10-22 17:01 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\offreg.dll

2011-10-22 16:44 . 2011-10-22 16:44 -------- d-----w- C:\_OTL

2011-10-22 16:07 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Local\ArcSoft

2011-10-22 16:07 . 2011-10-22 16:10 -------- d-----w- c:\programdata\ArcSoft

2011-10-22 16:06 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-10-22 16:05 . 2011-10-22 16:05 -------- d-----w- c:\program files\Kodak

2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Roaming\ArcSoft

2011-10-22 16:05 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-10-22 16:05 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2011-10-22 16:05 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-10-22 16:05 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-10-22 14:47 . 2011-10-22 14:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-22 14:42 . 2011-04-29 10:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-10-22 14:41 . 2011-10-22 14:41 -------- d-----w- c:\programdata\Lavasoft

2011-10-22 14:41 . 2011-10-22 14:41 -------- d-----w- c:\program files\Lavasoft

2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\users\pierre\AppData\Roaming\Malwarebytes

2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\programdata\Malwarebytes

2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-22 09:26 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-11 20:22 . 2011-10-11 20:22 -------- d-----w- c:\windows\fr

2011-10-11 17:01 . 2011-10-11 17:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-10-11 16:57 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-10-11 16:57 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-10-02 13:29 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 16:20 . 2011-05-22 07:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression SE\ArcMonitor.exe" [2010-04-21 73728]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCInstallQueue"="netman.dll" [2009-07-14 280576]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]

path=c:\users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk

backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-14 02:01 174104 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-14 02:01 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCInstallQueue]

2009-07-14 01:16 280576 ----a-w- c:\windows\System32\netman.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-11-14 02:01 151064 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-02 2152152]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]

.

.

Contenu du dossier 'Tâches planifiées'

.

2011-10-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 07:40]

.

.

------- Examen supplémentaire -------

.

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

FF - ProfilePath - c:\users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\vbgdy7sm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Anti-bannière: KavAntiBanner@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak

FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

.

- - - - ORPHELINS SUPPRIMES - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

MSConfigStartUp-APLangApp - c:\program files\AnyPC Client\APLangApp.exe

MSConfigStartUp-ccleaner - c:\program files\CCleaner\CCleaner.exe

MSConfigStartUp-CLMLServer - c:\program files\CyberLink\Power2Go\CLMLSvc.exe

MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

MSConfigStartUp-PDVD8LanguageShortcut - c:\program files\CyberLink\PowerDVD8\Language\Language.exe

MSConfigStartUp-RemoteControl8 - c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe

MSConfigStartUp-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

MSConfigStartUp-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

MSConfigStartUp-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

MSConfigStartUp-UpdatePDRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe

MSConfigStartUp-UpdatePPShortCut - c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

MSConfigStartUp-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

.

.

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Heure de fin: 2011-10-22 19:19:52

ComboFix-quarantined-files.txt 2011-10-22 17:19

.

Avant-CF: 113 868 218 368 octets libres

Après-CF: 113 683 058 688 octets libres

.

- - End Of File - - B0C18FA957237202DC614C50804A0D78

 

 

Merci encore

 

Pour l'intant il n'y à eu aucun changement.

Partager ce message


Lien à poster
Partager sur d’autres sites

Bonjour,

 

Ton Kaspersky inclut toutes les protections dont tu as besoin (antivirus, pare-feu, antvirus).

Pour gagner des ressource pour ton système; de l'espace dans ton disque dur et éviter tout problème d'interférence ebtre programmes, désactiver Windows Defender depuis le Panneau de configuration et désinstaller Lavasoft (Ad-Aware...) depuis "Ajout/suppression de programmes".

--

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment.

 

>>> ComboFix/ Correction: Cliquer sur "Démarrer" => "Exécuter". Saisir Notepad et cliquer sur "OK".

Copier et coller ces lignes:

 

Folder::

c:\programdata\Lavasoft

c:\program files\Lavasoft

 

File::

c:\windows\Tasks\\Ad-Aware Update (Weekly).job

 

Registry::

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

 

RegLock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Cliquer sur "Fichier" => "Enregistrer". Dans "Nom du fichier", saisir ou coller CFScript.txt, cliquer sur Bureau à gauche puis sur "Enregistrer" en bas à droite.

Fermer toutes les fenêtres et applications ouvertes et désactiver antivirus, pare-feu et antispyware pour éviter qu'ils interfèrent avec ComboFix.

Glisser le fichier CFScript.txt et le déposer sur ComboFix.exe CFScriptB-4.gif

Ceci a pour effet de lancer ComboFix. Patienter!

A la fin, redémarrer le PC (s'il ne redémarre pas automatiquement).

 

 

>>> TDSSKiller: Télécharger, sur le Bureau TDSSKiller.zip depuis ici et le dézipper TDSSKiller.zip (clic-droit dessus => "Extraire ici"). Glisser TDSSKiller.zip dans la corbeille pour le supprimer.

Fermer toutes les fenêtres et applications en cours et désactiver antivirus et tout autre programme de protection.

Cliquer-droit sur TDSSKiller.exe => "Exécuter en tant qu'administrateur" pour lancer le programme et cliquer sur le bouton "Start Scan". Patienter jusqu'à la fin de l'analyse.

Si un fichier infecté est détecté, l'action par défaut sera "Cure" et si un fichier suspect est détecté, l'action par défaut sera "Skip".

Sans rien changer, cliquer sur le bouton "Continue".

Si vous êtes invité à redémarre la machine pour finir le processus (reboot the computer to complete the process), cliquez sur le bouton "Reboot Now". Le rapport sera sauvegardé à la racine de la partition système, là où Windows est installé (généralement C:\); son format est du type "TDSSKiller.[Version]_[Date]_[Heure]_log.txt" (par exemple, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

Si aucun redémarrage n'est requis, cliquer sur "Report". Un fichier texte s'ouvre et sera sauvegardé de la même manière.

Copier/ coller le contenu du rapport dans une prochaine réponse.

 

 

>>> aswMBR/ Analyse: Télécharger sur le Bureau, aswMBR.exe et désactiver tous les programmes de protection (antivirus, pare-feu et antispyware).

Fermer toutes les fenêtres ouvertes et cliquer-droit sur aswMBR.exe => "Exécuter en tant qu'administrateur" puis cliquer sur le bouton "[scan]".

Patienter jusqu'à la fin et cliquer sur le bouton "Save log". L'enregistrer sur le Bureau comme "aswmbr.txt" et poster son contenu dans une prochaine réponse. (NE rien fixer sans y être invité).

 

 

>>> Rapports demandés:

  • ComboFix.txt
  • TDSSKiller_log.txt
  • aswmbr.txt

Partager ce message


Lien à poster
Partager sur d’autres sites

Bonjour lance_yien,

 

Merci de ton aide.

 

Voici les trois rapport.

 

J'ai effectué toutes les analyse en mode sans échec. Le PC rame beaucoup moins.

 

ComboFix 11-10-21.06 - pierre 23/10/2011 11:23:59.2.2 - x86 NETWORK

Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.3005.2326 [GMT 2:00]

Lancé depuis: c:\users\pierre\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\pierre\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Un nouveau point de restauration a été créé

.

FILE ::

"c:\windows\Tasks\\Ad-Aware Update (Weekly).job"

.

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Lavasoft

c:\programdata\Lavasoft\License\adaware.da2

c:\programdata\Lavasoft\License\guid.dat

c:\windows\Tasks\Ad-Aware Update (Weekly).job

.

.

((((((((((((((((((((((((((((( Fichiers créés du 2011-09-23 au 2011-10-23 ))))))))))))))))))))))))))))))))))))

.

.

2011-10-23 09:29 . 2011-10-23 09:30 -------- d-----w- c:\users\pierre\AppData\Local\temp

2011-10-23 09:29 . 2011-10-23 09:29 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-23 09:29 . 2011-10-23 09:29 -------- d-----w- c:\users\Boris\AppData\Local\temp

2011-10-22 19:19 . 2011-10-23 08:59 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\offreg.dll

2011-10-22 16:44 . 2011-10-22 16:44 -------- d-----w- C:\_OTL

2011-10-22 16:07 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Local\ArcSoft

2011-10-22 16:07 . 2011-10-22 16:10 -------- d-----w- c:\programdata\ArcSoft

2011-10-22 16:06 . 2006-11-10 13:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys

2011-10-22 16:05 . 2011-10-22 16:05 -------- d-----w- c:\program files\Kodak

2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\program files\Common Files\ArcSoft

2011-10-22 16:05 . 2011-10-22 16:07 -------- d-----w- c:\users\pierre\AppData\Roaming\ArcSoft

2011-10-22 16:05 . 2001-09-05 02:18 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll

2011-10-22 16:05 . 2001-09-05 02:18 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll

2011-10-22 16:05 . 2001-09-05 02:14 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll

2011-10-22 16:05 . 2001-09-05 02:13 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll

2011-10-22 14:47 . 2011-10-22 14:47 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\users\pierre\AppData\Roaming\Malwarebytes

2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\programdata\Malwarebytes

2011-10-22 09:26 . 2011-10-22 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-22 09:26 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-10-11 20:22 . 2011-10-11 20:22 -------- d-----w- c:\windows\fr

2011-10-11 17:01 . 2011-10-11 17:01 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-10-11 16:57 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll

2011-10-11 16:57 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-10-02 13:29 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7097977B-50B8-4D55-88EB-37DA96833F40}\mpengine.dll

.

.

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-03 16:20 . 2011-05-22 07:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-22_17.17.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-05 04:03 . 2011-10-22 19:24 44556 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-10-23 08:45 51318 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-03-11 00:06 . 2011-10-23 08:45 11756 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1871111397-3539990770-1974983793-1001_UserData.bin

- 2010-03-11 15:22 . 2011-10-22 16:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-11 15:22 . 2011-10-23 08:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-11 15:22 . 2011-10-22 16:45 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-11 15:22 . 2011-10-23 08:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2011-10-23 08:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2011-10-22 16:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-11 00:26 . 2011-10-23 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-11 00:26 . 2011-10-22 16:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:34 . 2011-10-23 08:29 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-03-11 00:26 . 2011-10-22 16:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-11 00:26 . 2011-10-23 08:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-11 00:26 . 2011-10-22 16:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-11 00:26 . 2011-10-23 08:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-03-11 00:26 . 2011-10-22 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-11 00:26 . 2011-10-23 08:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-11 00:26 . 2011-10-23 08:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-03-11 00:26 . 2011-10-22 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-10-22 16:45 . 2011-10-22 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-10-22 19:17 . 2011-10-23 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-10-22 16:45 . 2011-10-22 17:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-22 19:17 . 2011-10-23 08:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-12-05 20:16 . 2011-10-22 19:09 744568 c:\windows\System32\perfh00C.dat

- 2009-12-05 20:16 . 2011-10-22 17:04 744568 c:\windows\System32\perfh00C.dat

- 2009-07-14 02:05 . 2011-10-22 17:04 651450 c:\windows\System32\perfh009.dat

+ 2009-07-14 02:05 . 2011-10-22 19:09 651450 c:\windows\System32\perfh009.dat

+ 2009-12-05 20:16 . 2011-10-22 19:09 148086 c:\windows\System32\perfc00C.dat

- 2009-12-05 20:16 . 2011-10-22 17:04 148086 c:\windows\System32\perfc00C.dat

+ 2009-07-14 02:05 . 2011-10-22 19:09 120382 c:\windows\System32\perfc009.dat

- 2009-07-14 02:05 . 2011-10-22 17:04 120382 c:\windows\System32\perfc009.dat

- 2009-07-26 20:04 . 2011-10-22 16:45 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-26 20:04 . 2011-10-22 19:18 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 02:03 . 2011-10-23 08:34 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:03 . 2011-10-22 17:10 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat

- 2009-07-14 04:34 . 2011-10-22 15:17 3800162 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:34 . 2011-10-23 08:28 3800162 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^pierre^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 - Capture d'écran et lancement.lnk]

path=c:\users\pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk

backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]

2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft MediaImpression Monitor]

2010-04-21 12:00 73728 ----a-w- c:\program files\Kodak\MediaImpression SE\ArcMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2009-11-14 02:01 174104 ----a-w- c:\windows\System32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-11-14 02:01 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCInstallQueue]

2009-07-14 01:16 280576 ----a-w- c:\windows\System32\netman.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-11-14 02:01 151064 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-26 1343400]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

.

.

.

------- Examen supplémentaire -------

.

TCP: DhcpNameServer = 212.27.40.240 212.27.40.241

FF - ProfilePath - c:\users\pierre\AppData\Roaming\Mozilla\Firefox\Profiles\vbgdy7sm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Anti-bannière: KavAntiBanner@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak

FF - Ext: Analyse des liens (URL Advisor): linkfilter@kaspersky.ru_bak - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Kaspersky Virtual Keyboard: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru

FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru

.

.

Heure de fin: 2011-10-23 11:33:11

ComboFix-quarantined-files.txt 2011-10-23 09:33

ComboFix2.txt 2011-10-22 17:19

.

Avant-CF: 113 716 387 840 octets libres

Après-CF: 113 451 073 536 octets libres

.

- - End Of File - - D66BAEE85D41F9132BAC5B804178F435

 

--------------------------------------------------------------------------

 

11:36:46.0703 1928 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48

11:36:47.0061 1928 ============================================================

11:36:47.0061 1928 Current date / time: 2011/10/23 11:36:47.0061

11:36:47.0061 1928 SystemInfo:

11:36:47.0061 1928

11:36:47.0061 1928 OS Version: 6.1.7600 ServicePack: 0.0

11:36:47.0061 1928 Product type: Workstation

11:36:47.0061 1928 ComputerName: LAFONTAINE

11:36:47.0061 1928 UserName: pierre

11:36:47.0061 1928 Windows directory: C:\windows

11:36:47.0061 1928 System windows directory: C:\windows

11:36:47.0061 1928 Processor architecture: Intel x86

11:36:47.0061 1928 Number of processors: 2

11:36:47.0061 1928 Page size: 0x1000

11:36:47.0061 1928 Boot type: Safe boot with network

11:36:47.0061 1928 ============================================================

11:36:47.0451 1928 Initialize success

11:37:16.0421 1168 ============================================================

11:37:16.0421 1168 Scan started

11:37:16.0421 1168 Mode: Manual;

11:37:16.0421 1168 ============================================================

11:37:16.0795 1168 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

11:37:16.0795 1168 1394ohci - ok

11:37:16.0889 1168 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

11:37:16.0889 1168 ACPI - ok

11:37:16.0920 1168 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

11:37:16.0920 1168 AcpiPmi - ok

11:37:16.0982 1168 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

11:37:16.0982 1168 adp94xx - ok

11:37:17.0014 1168 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

11:37:17.0014 1168 adpahci - ok

11:37:17.0029 1168 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

11:37:17.0029 1168 adpu320 - ok

11:37:17.0076 1168 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys

11:37:17.0076 1168 Afc - ok

11:37:17.0107 1168 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys

11:37:17.0107 1168 AFD - ok

11:37:17.0123 1168 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

11:37:17.0123 1168 agp440 - ok

11:37:17.0170 1168 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

11:37:17.0170 1168 aic78xx - ok

11:37:17.0185 1168 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

11:37:17.0185 1168 aliide - ok

11:37:17.0201 1168 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

11:37:17.0216 1168 amdagp - ok

11:37:17.0232 1168 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

11:37:17.0232 1168 amdide - ok

11:37:17.0294 1168 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

11:37:17.0294 1168 AmdK8 - ok

11:37:17.0310 1168 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

11:37:17.0310 1168 AmdPPM - ok

11:37:17.0326 1168 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys

11:37:17.0341 1168 amdsata - ok

11:37:17.0357 1168 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

11:37:17.0357 1168 amdsbs - ok

11:37:17.0388 1168 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys

11:37:17.0388 1168 amdxata - ok

11:37:17.0435 1168 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

11:37:17.0435 1168 AppID - ok

11:37:17.0482 1168 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

11:37:17.0497 1168 arc - ok

11:37:17.0513 1168 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

11:37:17.0513 1168 arcsas - ok

11:37:17.0560 1168 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

11:37:17.0560 1168 AsyncMac - ok

11:37:17.0591 1168 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

11:37:17.0591 1168 atapi - ok

11:37:17.0669 1168 athr (f8cfe8471bd445f2b437281f2af01780) C:\windows\system32\DRIVERS\athr.sys

11:37:17.0684 1168 athr - ok

11:37:17.0762 1168 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

11:37:17.0762 1168 b06bdrv - ok

11:37:17.0794 1168 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

11:37:17.0794 1168 b57nd60x - ok

11:37:17.0825 1168 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

11:37:17.0825 1168 Beep - ok

11:37:17.0856 1168 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

11:37:17.0872 1168 blbdrive - ok

11:37:17.0887 1168 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys

11:37:17.0887 1168 bowser - ok

11:37:17.0887 1168 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

11:37:17.0887 1168 BrFiltLo - ok

11:37:17.0903 1168 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

11:37:17.0903 1168 BrFiltUp - ok

11:37:17.0950 1168 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

11:37:17.0950 1168 Brserid - ok

11:37:17.0950 1168 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

11:37:17.0965 1168 BrSerWdm - ok

11:37:17.0965 1168 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

11:37:17.0965 1168 BrUsbMdm - ok

11:37:17.0981 1168 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

11:37:17.0981 1168 BrUsbSer - ok

11:37:17.0981 1168 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

11:37:17.0981 1168 BTHMODEM - ok

11:37:18.0121 1168 catchme - ok

11:37:18.0152 1168 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

11:37:18.0152 1168 cdfs - ok

11:37:18.0215 1168 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

11:37:18.0215 1168 cdrom - ok

11:37:18.0262 1168 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

11:37:18.0262 1168 circlass - ok

11:37:18.0308 1168 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

11:37:18.0308 1168 CLFS - ok

11:37:18.0402 1168 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

11:37:18.0402 1168 CmBatt - ok

11:37:18.0402 1168 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

11:37:18.0402 1168 cmdide - ok

11:37:18.0433 1168 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

11:37:18.0449 1168 CNG - ok

11:37:18.0480 1168 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

11:37:18.0480 1168 Compbatt - ok

11:37:18.0527 1168 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

11:37:18.0527 1168 CompositeBus - ok

11:37:18.0574 1168 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

11:37:18.0574 1168 crcdisk - ok

11:37:18.0620 1168 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys

11:37:18.0620 1168 DfsC - ok

11:37:18.0652 1168 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

11:37:18.0652 1168 discache - ok

11:37:18.0698 1168 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

11:37:18.0698 1168 Disk - ok

11:37:18.0745 1168 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

11:37:18.0745 1168 drmkaud - ok

11:37:18.0808 1168 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys

11:37:18.0808 1168 DXGKrnl - ok

11:37:18.0901 1168 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

11:37:18.0917 1168 ebdrv - ok

11:37:19.0088 1168 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

11:37:19.0088 1168 elxstor - ok

11:37:19.0104 1168 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

11:37:19.0104 1168 ErrDev - ok

11:37:19.0151 1168 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

11:37:19.0151 1168 exfat - ok

11:37:19.0166 1168 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

11:37:19.0166 1168 fastfat - ok

11:37:19.0182 1168 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

11:37:19.0182 1168 fdc - ok

11:37:19.0213 1168 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

11:37:19.0213 1168 FileInfo - ok

11:37:19.0229 1168 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

11:37:19.0229 1168 Filetrace - ok

11:37:19.0260 1168 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

11:37:19.0260 1168 flpydisk - ok

11:37:19.0291 1168 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

11:37:19.0291 1168 FltMgr - ok

11:37:19.0307 1168 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

11:37:19.0307 1168 FsDepends - ok

11:37:19.0369 1168 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys

11:37:19.0369 1168 fssfltr - ok

11:37:19.0416 1168 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

11:37:19.0416 1168 Fs_Rec - ok

11:37:19.0463 1168 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

11:37:19.0463 1168 fvevol - ok

11:37:19.0510 1168 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

11:37:19.0510 1168 gagp30kx - ok

11:37:19.0525 1168 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

11:37:19.0525 1168 hcw85cir - ok

11:37:19.0556 1168 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

11:37:19.0556 1168 HdAudAddService - ok

11:37:19.0619 1168 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

11:37:19.0619 1168 HDAudBus - ok

11:37:19.0619 1168 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

11:37:19.0619 1168 HidBatt - ok

11:37:19.0634 1168 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

11:37:19.0650 1168 HidBth - ok

11:37:19.0666 1168 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

11:37:19.0666 1168 HidIr - ok

11:37:19.0681 1168 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

11:37:19.0681 1168 HidUsb - ok

11:37:19.0712 1168 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

11:37:19.0712 1168 HpSAMD - ok

11:37:19.0759 1168 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

11:37:19.0775 1168 HTTP - ok

11:37:19.0790 1168 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

11:37:19.0790 1168 hwpolicy - ok

11:37:19.0837 1168 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

11:37:19.0837 1168 i8042prt - ok

11:37:19.0884 1168 iaStor (0baa4115dfffd6a6d809a89d65e1281a) C:\windows\system32\DRIVERS\iaStor.sys

11:37:19.0900 1168 iaStor - ok

11:37:19.0931 1168 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys

11:37:19.0931 1168 iaStorV - ok

11:37:20.0102 1168 igfx (36cc40b02ae593d6152ac8bd657720af) C:\windows\system32\DRIVERS\igdkmd32.sys

11:37:20.0134 1168 igfx - ok

11:37:20.0258 1168 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

11:37:20.0258 1168 iirsp - ok

11:37:20.0414 1168 IntcAzAudAddService (3202e26501e5e18c35dc2cc74709a704) C:\windows\system32\drivers\RTKVHDA.sys

11:37:20.0430 1168 IntcAzAudAddService - ok

11:37:20.0570 1168 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\windows\system32\drivers\IntcHdmi.sys

11:37:20.0570 1168 IntcHdmiAddService - ok

11:37:20.0602 1168 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

11:37:20.0602 1168 intelide - ok

11:37:20.0648 1168 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

11:37:20.0648 1168 intelppm - ok

11:37:20.0680 1168 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

11:37:20.0680 1168 IpFilterDriver - ok

11:37:20.0726 1168 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

11:37:20.0726 1168 IPMIDRV - ok

11:37:20.0742 1168 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

11:37:20.0742 1168 IPNAT - ok

11:37:20.0773 1168 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

11:37:20.0773 1168 IRENUM - ok

11:37:20.0789 1168 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

11:37:20.0789 1168 isapnp - ok

11:37:20.0820 1168 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

11:37:20.0820 1168 iScsiPrt - ok

11:37:20.0836 1168 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

11:37:20.0836 1168 kbdclass - ok

11:37:20.0851 1168 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

11:37:20.0851 1168 kbdhid - ok

11:37:20.0914 1168 KL1 (94d67d49bd9503bb1d838405d80f2058) C:\windows\system32\DRIVERS\kl1.sys

11:37:20.0914 1168 KL1 - ok

11:37:20.0960 1168 kl2 (713576569667ac9e0f8556076004a96b) C:\windows\system32\DRIVERS\kl2.sys

11:37:20.0960 1168 kl2 - ok

11:37:21.0007 1168 KLIF (39920d69eaedb51757527aa54fe25216) C:\windows\system32\DRIVERS\klif.sys

11:37:21.0007 1168 KLIF - ok

11:37:21.0054 1168 KLIM6 (cf88b4985d957eee45c9939092e87c92) C:\windows\system32\DRIVERS\klim6.sys

11:37:21.0054 1168 KLIM6 - ok

11:37:21.0070 1168 klmouflt (3de1771c135328420315e21dde229bba) C:\windows\system32\DRIVERS\klmouflt.sys

11:37:21.0070 1168 klmouflt - ok

11:37:21.0101 1168 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys

11:37:21.0101 1168 KSecDD - ok

11:37:21.0132 1168 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys

11:37:21.0132 1168 KSecPkg - ok

11:37:21.0194 1168 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

11:37:21.0194 1168 lltdio - ok

11:37:21.0241 1168 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

11:37:21.0241 1168 LSI_FC - ok

11:37:21.0241 1168 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

11:37:21.0241 1168 LSI_SAS - ok

11:37:21.0257 1168 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

11:37:21.0257 1168 LSI_SAS2 - ok

11:37:21.0272 1168 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

11:37:21.0272 1168 LSI_SCSI - ok

11:37:21.0304 1168 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

11:37:21.0319 1168 luafv - ok

11:37:21.0350 1168 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

11:37:21.0350 1168 megasas - ok

11:37:21.0366 1168 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

11:37:21.0366 1168 MegaSR - ok

11:37:21.0382 1168 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

11:37:21.0382 1168 Modem - ok

11:37:21.0413 1168 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

11:37:21.0413 1168 monitor - ok

11:37:21.0460 1168 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

11:37:21.0460 1168 mouclass - ok

11:37:21.0491 1168 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

11:37:21.0491 1168 mouhid - ok

11:37:21.0491 1168 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

11:37:21.0491 1168 mountmgr - ok

11:37:21.0522 1168 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

11:37:21.0522 1168 mpio - ok

11:37:21.0538 1168 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

11:37:21.0538 1168 mpsdrv - ok

11:37:21.0553 1168 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

11:37:21.0553 1168 MRxDAV - ok

11:37:21.0584 1168 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys

11:37:21.0584 1168 mrxsmb - ok

11:37:21.0616 1168 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys

11:37:21.0616 1168 mrxsmb10 - ok

11:37:21.0647 1168 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys

11:37:21.0647 1168 mrxsmb20 - ok

11:37:21.0662 1168 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

11:37:21.0662 1168 msahci - ok

11:37:21.0678 1168 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

11:37:21.0678 1168 msdsm - ok

11:37:21.0725 1168 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

11:37:21.0725 1168 Msfs - ok

11:37:21.0740 1168 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

11:37:21.0740 1168 mshidkmdf - ok

11:37:21.0772 1168 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

11:37:21.0772 1168 msisadrv - ok

11:37:21.0818 1168 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

11:37:21.0818 1168 MSKSSRV - ok

11:37:21.0850 1168 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

11:37:21.0850 1168 MSPCLOCK - ok

11:37:21.0865 1168 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

11:37:21.0865 1168 MSPQM - ok

11:37:21.0896 1168 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

11:37:21.0896 1168 MsRPC - ok

11:37:21.0896 1168 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

11:37:21.0896 1168 mssmbios - ok

11:37:21.0912 1168 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

11:37:21.0912 1168 MSTEE - ok

11:37:21.0928 1168 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

11:37:21.0928 1168 MTConfig - ok

11:37:21.0959 1168 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

11:37:21.0959 1168 Mup - ok

11:37:22.0006 1168 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

11:37:22.0006 1168 NativeWifiP - ok

11:37:22.0068 1168 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

11:37:22.0068 1168 NDIS - ok

11:37:22.0099 1168 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

11:37:22.0099 1168 NdisCap - ok

11:37:22.0115 1168 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

11:37:22.0115 1168 NdisTapi - ok

11:37:22.0130 1168 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

11:37:22.0130 1168 Ndisuio - ok

11:37:22.0146 1168 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

11:37:22.0146 1168 NdisWan - ok

11:37:22.0146 1168 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

11:37:22.0146 1168 NDProxy - ok

11:37:22.0162 1168 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

11:37:22.0162 1168 NetBIOS - ok

11:37:22.0177 1168 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys

11:37:22.0177 1168 NetBT - ok

11:37:22.0224 1168 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

11:37:22.0240 1168 nfrd960 - ok

11:37:22.0240 1168 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

11:37:22.0240 1168 Npfs - ok

11:37:22.0271 1168 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

11:37:22.0271 1168 nsiproxy - ok

11:37:22.0333 1168 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys

11:37:22.0349 1168 Ntfs - ok

11:37:22.0364 1168 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

11:37:22.0364 1168 Null - ok

11:37:22.0396 1168 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys

11:37:22.0396 1168 nvraid - ok

11:37:22.0411 1168 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys

11:37:22.0411 1168 nvstor - ok

11:37:22.0427 1168 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

11:37:22.0427 1168 nv_agp - ok

11:37:22.0442 1168 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

11:37:22.0442 1168 ohci1394 - ok

11:37:22.0474 1168 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

11:37:22.0474 1168 Parport - ok

11:37:22.0489 1168 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

11:37:22.0489 1168 partmgr - ok

11:37:22.0520 1168 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

11:37:22.0520 1168 Parvdm - ok

11:37:22.0520 1168 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

11:37:22.0536 1168 pci - ok

11:37:22.0536 1168 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

11:37:22.0536 1168 pciide - ok

11:37:22.0567 1168 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

11:37:22.0567 1168 pcmcia - ok

11:37:22.0567 1168 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

11:37:22.0567 1168 pcw - ok

11:37:22.0614 1168 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

11:37:22.0614 1168 PEAUTH - ok

11:37:22.0692 1168 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

11:37:22.0692 1168 PptpMiniport - ok

11:37:22.0723 1168 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

11:37:22.0723 1168 Processor - ok

11:37:22.0770 1168 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

11:37:22.0770 1168 Psched - ok

11:37:22.0817 1168 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

11:37:22.0817 1168 ql2300 - ok

11:37:22.0832 1168 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

11:37:22.0832 1168 ql40xx - ok

11:37:22.0848 1168 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

11:37:22.0848 1168 QWAVEdrv - ok

11:37:22.0864 1168 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

11:37:22.0864 1168 RasAcd - ok

11:37:22.0895 1168 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

11:37:22.0895 1168 RasAgileVpn - ok

11:37:22.0942 1168 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

11:37:22.0942 1168 Rasl2tp - ok

11:37:22.0973 1168 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

11:37:22.0973 1168 RasPppoe - ok

11:37:23.0020 1168 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

11:37:23.0020 1168 RasSstp - ok

11:37:23.0051 1168 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

11:37:23.0051 1168 rdbss - ok

11:37:23.0082 1168 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

11:37:23.0082 1168 rdpbus - ok

11:37:23.0098 1168 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

11:37:23.0098 1168 RDPCDD - ok

11:37:23.0129 1168 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

11:37:23.0129 1168 RDPENCDD - ok

11:37:23.0144 1168 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

11:37:23.0144 1168 RDPREFMP - ok

11:37:23.0160 1168 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys

11:37:23.0160 1168 RDPWD - ok

11:37:23.0207 1168 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

11:37:23.0207 1168 rdyboost - ok

11:37:23.0269 1168 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

11:37:23.0269 1168 rspndr - ok

11:37:23.0300 1168 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys

11:37:23.0300 1168 RTL8167 - ok

11:37:23.0347 1168 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

11:37:23.0347 1168 SABI - ok

11:37:23.0394 1168 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

11:37:23.0394 1168 sbp2port - ok

11:37:23.0425 1168 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

11:37:23.0425 1168 scfilter - ok

11:37:23.0456 1168 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

11:37:23.0456 1168 secdrv - ok

11:37:23.0503 1168 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

11:37:23.0503 1168 Serenum - ok

11:37:23.0534 1168 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

11:37:23.0534 1168 Serial - ok

11:37:23.0566 1168 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

11:37:23.0566 1168 sermouse - ok

11:37:23.0612 1168 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys

11:37:23.0612 1168 sffdisk - ok

11:37:23.0628 1168 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys

11:37:23.0628 1168 sffp_mmc - ok

11:37:23.0644 1168 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\DRIVERS\sffp_sd.sys

11:37:23.0644 1168 sffp_sd - ok

11:37:23.0659 1168 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

11:37:23.0659 1168 sfloppy - ok

11:37:23.0675 1168 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

11:37:23.0690 1168 sisagp - ok

11:37:23.0706 1168 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

11:37:23.0706 1168 SiSRaid2 - ok

11:37:23.0722 1168 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

11:37:23.0722 1168 SiSRaid4 - ok

11:37:23.0737 1168 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

11:37:23.0737 1168 Smb - ok

11:37:23.0784 1168 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

11:37:23.0784 1168 spldr - ok

11:37:23.0846 1168 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys

11:37:23.0846 1168 srv - ok

11:37:23.0878 1168 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys

11:37:23.0878 1168 srv2 - ok

11:37:23.0893 1168 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys

11:37:23.0893 1168 srvnet - ok

11:37:23.0940 1168 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

11:37:23.0940 1168 stexstor - ok

11:37:23.0971 1168 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

11:37:23.0971 1168 swenum - ok

11:37:24.0034 1168 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers\tcpip.sys

11:37:24.0034 1168 Tcpip - ok

11:37:24.0065 1168 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS\tcpip.sys

11:37:24.0080 1168 TCPIP6 - ok

11:37:24.0112 1168 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

11:37:24.0112 1168 tcpipreg - ok

11:37:24.0143 1168 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

11:37:24.0143 1168 TDPIPE - ok

11:37:24.0143 1168 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys

11:37:24.0143 1168 TDTCP - ok

11:37:24.0174 1168 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

11:37:24.0174 1168 tdx - ok

11:37:24.0190 1168 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

11:37:24.0190 1168 TermDD - ok

11:37:24.0236 1168 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

11:37:24.0236 1168 tssecsrv - ok

11:37:24.0268 1168 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

11:37:24.0268 1168 tunnel - ok

11:37:24.0283 1168 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

11:37:24.0283 1168 uagp35 - ok

11:37:24.0314 1168 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\windows\system32\DRIVERS\udfs.sys

11:37:24.0314 1168 udfs - ok

11:37:24.0361 1168 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

11:37:24.0361 1168 uliagpkx - ok

11:37:24.0408 1168 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

11:37:24.0408 1168 umbus - ok

11:37:24.0439 1168 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

11:37:24.0439 1168 UmPass - ok

11:37:24.0470 1168 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys

11:37:24.0470 1168 usbccgp - ok

11:37:24.0502 1168 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

11:37:24.0502 1168 usbcir - ok

11:37:24.0533 1168 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys

11:37:24.0533 1168 usbehci - ok

11:37:24.0548 1168 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys

11:37:24.0548 1168 usbhub - ok

11:37:24.0580 1168 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys

11:37:24.0580 1168 usbohci - ok

11:37:24.0626 1168 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

11:37:24.0626 1168 usbprint - ok

11:37:24.0658 1168 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

11:37:24.0658 1168 usbscan - ok

11:37:24.0704 1168 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS

11:37:24.0704 1168 USBSTOR - ok

11:37:24.0736 1168 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys

11:37:24.0736 1168 usbuhci - ok

11:37:24.0798 1168 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys

11:37:24.0798 1168 usbvideo - ok

11:37:24.0829 1168 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

11:37:24.0829 1168 vdrvroot - ok

11:37:24.0860 1168 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

11:37:24.0860 1168 vga - ok

11:37:24.0876 1168 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

11:37:24.0876 1168 VgaSave - ok

11:37:24.0923 1168 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

11:37:24.0923 1168 vhdmp - ok

11:37:24.0954 1168 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

11:37:24.0954 1168 viaagp - ok

11:37:24.0970 1168 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

11:37:24.0970 1168 ViaC7 - ok

11:37:24.0985 1168 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

11:37:24.0985 1168 viaide - ok

11:37:25.0032 1168 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

11:37:25.0032 1168 volmgr - ok

11:37:25.0048 1168 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

11:37:25.0063 1168 volmgrx - ok

11:37:25.0094 1168 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

11:37:25.0110 1168 volsnap - ok

11:37:25.0126 1168 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

11:37:25.0141 1168 vsmraid - ok

11:37:25.0157 1168 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

11:37:25.0157 1168 vwifibus - ok

11:37:25.0172 1168 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

11:37:25.0172 1168 vwififlt - ok

11:37:25.0204 1168 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

11:37:25.0204 1168 WacomPen - ok

11:37:25.0235 1168 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

11:37:25.0235 1168 WANARP - ok

11:37:25.0250 1168 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

11:37:25.0250 1168 Wanarpv6 - ok

11:37:25.0313 1168 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

11:37:25.0313 1168 Wd - ok

11:37:25.0344 1168 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

11:37:25.0344 1168 Wdf01000 - ok

11:37:25.0422 1168 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

11:37:25.0422 1168 WfpLwf - ok

11:37:25.0438 1168 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

11:37:25.0438 1168 WIMMount - ok

11:37:25.0531 1168 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys

11:37:25.0531 1168 WinUsb - ok

11:37:25.0578 1168 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

11:37:25.0578 1168 WmiAcpi - ok

11:37:25.0625 1168 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

11:37:25.0625 1168 ws2ifsl - ok

11:37:25.0656 1168 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

11:37:25.0656 1168 WudfPf - ok

11:37:25.0703 1168 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

11:37:25.0703 1168 WUDFRd - ok

11:37:25.0781 1168 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\windows\system32\DRIVERS\yk62x86.sys

11:37:25.0781 1168 yukonw7 - ok

11:37:25.0812 1168 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

11:37:25.0999 1168 \Device\Harddisk0\DR0 - ok

11:37:25.0999 1168 Boot (0x1200) (80f1f6505f4f7557f37c3705680228dc) \Device\Harddisk0\DR0\Partition0

11:37:25.0999 1168 \Device\Harddisk0\DR0\Partition0 - ok

11:37:26.0015 1168 Boot (0x1200) (9d752003adb75fe309237fc971a97107) \Device\Harddisk0\DR0\Partition1

11:37:26.0015 1168 \Device\Harddisk0\DR0\Partition1 - ok

11:37:26.0046 1168 Boot (0x1200) (20f82fc2bf089e69614f0989f2658401) \Device\Harddisk0\DR0\Partition2

11:37:26.0046 1168 \Device\Harddisk0\DR0\Partition2 - ok

11:37:26.0046 1168 ============================================================

11:37:26.0046 1168 Scan finished

11:37:26.0046 1168 ============================================================

11:37:26.0062 1336 Detected object count: 0

11:37:26.0062 1336 Actual detected object count: 0

11:38:20.0069 1976 Deinitialize success

 

-------------------------------------------------------------------------------

 

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-10-23 11:38:45

-----------------------------

11:38:45.481 OS Version: Windows 6.1.7600

11:38:45.481 Number of processors: 2 586 0x170A

11:38:45.497 ComputerName: LAFONTAINE UserName: pierre

11:38:46.059 Initialize success

11:40:02.343 AVAST engine defs: 11102300

11:40:33.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:40:33.137 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 305245MB BusType: 3

11:40:33.168 Disk 0 MBR read successfully

11:40:33.184 Disk 0 MBR scan

11:40:33.184 Disk 0 unknown MBR code

11:40:33.199 Disk 0 scanning sectors +625139712

11:40:33.293 Disk 0 scanning C:\windows\system32\drivers

11:40:40.766 Service scanning

11:40:43.308 Modules scanning

11:40:49.205 Disk 0 trace - called modules:

11:40:49.236 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll

11:40:49.252 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88180848]

11:40:49.252 3 CLASSPNP.SYS[8dd8959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x873b3028]

11:40:50.360 AVAST engine scan C:\windows

11:40:52.746 AVAST engine scan C:\windows\system32

11:42:32.696 AVAST engine scan C:\windows\system32\drivers

11:42:40.621 AVAST engine scan C:\Users\pierre

11:44:20.929 AVAST engine scan C:\ProgramData

11:47:27.380 Scan finished successfully

11:55:16.832 Disk 0 MBR has been saved successfully to "C:\Users\pierre\Desktop\MBR.dat"

11:55:16.832 The log file has been saved successfully to "C:\Users\pierre\Desktop\aswMBR.txt"

 

 

Merci

Partager ce message


Lien à poster
Partager sur d’autres sites

Re,

 

Tes rapports sont OK :super:

 

Quelques suggestions pour t'aider à prendre soin de ta machine (ignore les points déjà traités ou ne s'appliquant pas à ton système).

 

>>> Supprimer les utilitaires:

- Pour supprimer ComboFix, cliquer sur "Démarrer" => "Exécuter" et saisir (ou copier/ coller): ComboFix /Uninstall (espace entre "ComboFix" et "/Uninstall"). Cliquer sur "OK".

Ce qui a pour effet de supprimer ComboFix ainsi que les dossiers/ fichiers qu'il a installés et ré-initialiser les points de restauration.

- Lancer OTL et cliquer sur Purge outils. Laisser faire et redémarrer le PC quand c'est demandé.

- Pour supprimer les autres utilitaires et leur rapports (sur le Bureau et/ou à la racine de la partition système), cliquer-droit dessus => "Supprimer".

 

 

>>> Optimiser Windows:

  • Il y a toujours des programmes qui se lancent inutilement en même temps que Windows.
    Télécharger, sur le Bureau, MBAM' StartUpLite depuis ici.
    Fermer toutes les applications et autres fenêtres en cours et double-cliquer sur StartUpLite.exe Vista W7, cliquer-droit => "Exécuter en tant qu'administrateur") pour lancer le programme qui affichera toutes les entrées inutiles en démarrage automatique. Sélectionner les entrées affichées et cliquer sur "Continue" (à moins que vous vouliez en garder).
    S'il affiche "No unnecessary startups found!", c'est qu'il n'y a rien à faire.
    On peut, aussi, utiliser CCleaner pour gérer l'activité de ces processus:
    Lancer CCleaner => Outils => Démarrage. Dans la liste de droite, sélectionner un processus marqué "Oui" et cliquer sur le bouton "Désactiver".
    Fermer CCleaner et redémarrer pour vérifier s'il n'y a pas d'incidences apparentes (réactiver le processus si nécessaire).
  • Utiliser PureRa pour compléter le nettoyage du DD avec CCleaner.

 

>>> Protéger/ Sécuriser: UN SEUL antivirus + UN SEUL pare-feu + UN SEUL antispyware.

  • Contrôler et configurer les mises à jour Windows: Cliquer sur "Démarrer" => "Tous les programmes" => "Windows update" et installer toutes les Mises à jour critiques après avoir accepté l'installation de l'ActiveX (si proposé).
    - Windows XP: Cliquer sur "Démarrer" => "Panneau de configuration" => "Mises à jour automatiques" et choisir "Installation automatique (recommandé)". Préférer "tous les jours" à une heur où le PC est allumé.
    - Windows Vista/W7: Cliquer sur "Démarrer" => "Tous les programmes" => "Windows Update". Cliquer sur "Modifier les paramètres" => "Installer les mises à jour automatiquement (recommandé)". Préférer "tous les jours" à une heure où le PC est allumé.
  • Installer PSI de Secunia pour surveiller les MAJ logiciels.
  • Utiliser Mes drivers pour les MAJ des pilotes (cliquer sur Lancer la détection
  • Sauvegarder le Registre avec Erunt.
    Pour des raisons évidentes, garder les copies de sauvegarde sur un support autre que le disque système.
  • Immunisez votre machine avec Spyware Blaster, compatible avec Toutes les versions de Windows 32bit et 64bit et peut s'installer en même temps qu'autre antispyware. Tuto.
  • Vaccinez votre machine et vos médias amovibles (clés USB...) contre les "vers" (Autorun worms) avec USBFix ou Autorun Protector. Juste brancher tous les médias amovibles, lancer le programme et cliquer sur le bouton Vaccination (l'action est réversible en cliquant sur "Supprimer la vaccination".
  • Opter pour Firefox ou Opera pour la navigation de tous les jours et réserver Internet Explorer pour les Mises à jour et les cas bien spécifiques.
  • Nettoyer (CCleaner) et dé-fragmenter (Defraggler), régulièrement, les Partitions/ Disques.

 

>>> ÉVITER ABSOLUMENT:

  • Crack et Cie: Un peu de lecture sur tout ce qui tourne autour de ces programmes: Warez ; Crack ; keygen.
    - Elle est finie l'époque où les cracks sont là juste pour aider ceux qui n'ont pas les moyens de se payer un tel ou tel programme et/ou c'était un signe de rébellion contre ces concepteurs trop avides...
    La nouvelle orientation est de se faire de l'agent facile en vendant des programmes qui "font tout" ou des barres d'outil qui "cherchent et trouvent tout".
    En fait, ils installent au mieux un spyware ou un adware qui tracent les habitudes de l'utilisateur pour lui afficher des pubs ciblées et au pire un rogue ou un rootkit qui peut aller jusqu'à bloquer une machine ou la rendre complètement inutilisable.
    - A noter que les "plus bénins" de ces cracks, ceux qui vous permettent d'installer un programme sans créer de problèmes apparents, mettent votre machine en danger parce que tout programme illégal ne reçoit pas de mises à jour et est donc porteur de vulnérabilités facilement exploitables par les pirates pour s'ouvrir des portes dérobées et disposer de tout ce qu'il veulent dans votre machine.
    Parce qu'il existe toujours un programme/logiciel gratuit et légal pour pratiquement tout ce qu'on veut, on peut éviter de courir tout risque inutile en renonçant à l'utilisation de ce type de programmes.
  • Réseaux/Programmes P2P: Tout ce qui est lié aux applications type P2P/ Torrent est devenu de plus en plus dangereux pour les machines et les documents personnels et/ ou confidentiels qui y sont stockés.
    Fini le partage entre des gens honnêtes. Les pirates, aussi, veulent partager avec le maximum d'internautes et mettent à disposition leurs applications partout où ils peuvent sous de faux noms aussi attractifs que possibles.
    C'est OK, les programmes P2P ne sont pas tous dangereux en eux-mêmes ce qui signifie qu'il y en a qui le sont mais,
    - Qui sait avec certitude lequel est bon et lequel est dangereux?
    - Penser au principe même de ce type de réseau qui n'est en rien bénéfique: Vous autoriser tout le monde à utiliser votre bande passante ce qui peut ralentir considérablement votre système et communiquer avec votre machine ce qui peut faciliter la tâche aux intrus pour déposer des bombes à retardement.
    - En adhérant à ce type de réseau, non seulement, vous ouvrez délibérément des portes à tout et n'importe quoi mais aussi, vous forcez votre pare-feu et antivirus à les tolérer (c'est compris dans la procédure d'installation). On s'étonne après de ce qui arrive à sa machine ou on accuse son antivirus.
    Prendre la sage décision de désinstaller et ne plus utiliser tout programme de ce type.

 

>>> Ajouter Résolu: Merci d'éditer ton 1er post pour ajouter [Résolu] à la fin du titre après avoir cliqué sur les boutons "Modifier" => "Utiliser l'éditeur complet".

 

Bonne chance!

Modifié par lance_yien

Partager ce message


Lien à poster
Partager sur d’autres sites

Créer un compte ou se connecter pour commenter

Vous devez être membre afin de pouvoir déposer un commentaire

Créer un compte

Créez un compte sur notre communauté. C’est facile !

Créer un nouveau compte

Se connecter

Vous avez déjà un compte ? Connectez-vous ici.

Connectez-vous maintenant

  • En ligne récemment   0 membre est en ligne

    Aucun utilisateur enregistré regarde cette page.

×