Votre question

Satan est en moi... enfin dans mon PC...

Tags :
  • Windows
  • Microsoft
  • Sécurité
  • Dll
Dernière réponse : dans Sécurité et virus
26 Mars 2013 21:33:00

Bonsoir,
Je me suis rendue compte que mon PC devait être infecté par satan car ce virus a été détecté sur l'une de mes clés USB par un ordinateur plus sécurisé que le mien.

J'ai fait l'analyse via OTL :

"OTL logfile created on: 26/03/2013 20:42:48 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 24,71% Memory free
8,21 Gb Paging File | 4,80 Gb Available in Paging File | 58,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,87 Gb Total Space | 17,00 Gb Free Space | 3,75% Space Free | Partition Type: NTFS
Drive D: | 11,89 Gb Total Space | 1,59 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 0,15 Gb Free Space | 4,00% Space Free | Partition Type: FAT32

Computer Name: PC-DE-USER | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\user\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
PRC - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
PRC - C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
PRC - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
PRC - C:\Windows\SysWOW64\OSDForm.exe ()
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8837c17e16a1ebba04a1f625977bc907\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1342e13a5f5613678d438405bed08ddd\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f280cfb373553c7b3ca0581a89944b91\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LUZHP\2.0.0.0__5b744bac3e20de8f\LUZHP.dll ()
MOD - C:\Windows\assembly\GAC_32\HPTSEnUsr\1.0.0.0__661cda25fd3dfad3\HPTSEnUsr.dll ()
MOD - C:\Windows\assembly\GAC_32\HPTSEnCmn\1.0.0.0__9384b804f3886685\HPTSEnCmn.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsBase.resources.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\_PyMediaLib.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\_PyPCMAgentInfo.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\_PyLiveCenterInfo.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\zlib.pyd ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\_bsddb.pyd ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\_ssl.pyd ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\pyexpat.pyd ()
MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\_socket.pyd ()
MOD - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
MOD - C:\Windows\SysWOW64\OSDForm.exe ()
MOD - c:\Program Files (x86)\CyberLink\Shared Files\richvideops.dll ()
MOD - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\BRIGHTNESS.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe ()
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
SRV - (HP Touch Screen Enhance) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys ()
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys ()
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys ()
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys ()
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys ()
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys ()
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys ()
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
DRV:64bit: - (AVerBDA6x_x64) -- C:\Windows\SysNative\DRIVERS\AVerBDA716x_x64.sys ()
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\ckldrv.sys ()
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&sys...{searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{CEB8E987-913C-47BE-8300-496AA482AAEB}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE:64bit: - HKLM\..\SearchScopes\{DD61E333-3E01-4A66-AE71-9D8A59DF42C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcndtie7-fr-fr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE - HKLM\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - SOFTWARE\Classes\CLSID\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&sys...{searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3128284
IE - HKLM\..\SearchScopes\{CEB8E987-913C-47BE-8300-496AA482AAEB}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKLM\..\SearchScopes\{DD61E333-3E01-4A66-AE71-9D8A59DF42C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcndtie7-fr-fr

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\URLSearchHook: {8e5025c2-8ea3-430d-80b8-a14151068a6d} - SOFTWARE\Classes\CLSID\{8e5025c2-8ea3-430d-80b8-a14151068a6d}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=108988&babsrc=SP_ss&mntrId=dec63c4e00000000000000218691bc92
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH6&o=2...{searchTerms}&locale=fr_US&apn_ptnrs=^A45&apn_dtid=^YYYYYY^YY^MC&apn_uid=f5b6e3e5-42f5-493a-b2da-3c42a3483d65&apn_sauid=26BC775B-4AEF-4E0A-A11B-242ACFE67B6D&atb=sysid%3D406%3Aappid%3D102%3Auc
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&sys...{searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3128284
IE - HKCU\..\SearchScopes\{CEB8E987-913C-47BE-8300-496AA482AAEB}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
IE - HKCU\..\SearchScopes\{DD61E333-3E01-4A66-AE71-9D8A59DF42C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcndtie7-fr-fr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3128284.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "01NET.com Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: %7B8e5025c2-8ea3-430d-80b8-a14151068a6d%7D:10.15.0.562
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT312828..."
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/10/02 02:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/23 14:22:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 07:20:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/24 18:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/03/26 17:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o30xw3dd.default\extensions
[2013/03/26 17:05:07 | 000,000,000 | ---D | M] (01NET.com) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o30xw3dd.default\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}
[2012/12/27 20:57:23 | 000,001,048 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\o30xw3dd.default\searchplugins\01netcom-customized-web-search.xml
[2011/10/28 10:57:29 | 000,002,438 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\o30xw3dd.default\searchplugins\askcom.xml
[2012/02/24 18:32:37 | 000,002,517 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\o30xw3dd.default\searchplugins\Search_Results.xml
[2013/03/08 07:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/08 07:20:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/08 07:20:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2013/03/08 07:20:24 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2013/02/23 14:22:57 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2013/03/08 07:20:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/13 19:03:11 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
[2013/02/23 14:22:59 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/24 18:04:00 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/11/29 10:08:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 10:08:14 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2013/03/02 23:36:08 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
[2013/01/13 19:03:11 | 000,002,669 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012/02/24 18:32:37 | 000,002,517 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/01/13 19:03:11 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/11/29 10:08:14 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (01NET.com Toolbar) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} - C:\Program Files (x86)\01NET.com\prxtb01NE.dll File not found
O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Wincore Mediabar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll File not found
O3 - HKLM\..\Toolbar: (01NET.com Toolbar) - {8e5025c2-8ea3-430d-80b8-a14151068a6d} - C:\Program Files (x86)\01NET.com\prxtb01NE.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" File not found
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALUAlert] "c:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HPSmartCenterBoot] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
O4 - HKCU..\Run: [Kujytuo] C:\Users\user\AppData\Roaming\kujytuo.exe ()
O4 - HKCU..\Run: [SearchProtect] C:\Users\user\AppData\Roaming\SearchProtect\cltmng.exe File not found
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Windows\SysNative\wshbth.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: 01net.com ([www] http in Sites de confiance)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Intranet local)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-wind... (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-wind... (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-wind... (Java Plug-in 1.6.0_38)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34B3B90-917F-4E8C-AEBE-A13989914013}: DhcpNameServer = 192.168.0.5
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ahp.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ahp.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/25 21:03:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
[2013/03/25 21:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/25 21:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/25 21:03:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/03/25 21:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/03/08 16:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/08 07:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/26 20:24:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/26 18:56:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 18:56:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 16:56:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 07:49:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/03/25 21:03:13 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/03/19 00:06:53 | 001,495,774 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/19 00:06:53 | 000,678,804 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/03/19 00:06:53 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/19 00:06:53 | 000,126,420 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/03/19 00:06:53 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/19 00:02:59 | 000,153,600 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/13 06:24:46 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/13 06:24:46 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/08 16:58:48 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/25 21:03:13 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/05 20:15:41 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2012/10/29 19:43:05 | 000,000,732 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
[2012/04/17 10:33:22 | 000,292,864 | ---- | C] () -- C:\Users\user\AppData\Roaming\Setup_WebGameAR.exe
[2012/02/24 18:03:50 | 000,391,520 | ---- | C] () -- C:\Users\user\AppData\Roaming\kujytuo.exe
[2011/10/27 20:32:47 | 000,000,068 | ---- | C] () -- C:\Windows\spwdr.INI
[2011/10/27 20:32:38 | 000,000,077 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/10/27 20:32:29 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/10/27 20:32:29 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/10/27 20:32:29 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/10/03 16:34:50 | 000,000,218 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2011/10/01 03:44:13 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011/10/01 03:44:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011/09/30 22:21:46 | 000,153,600 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 16:56:31 | 012,898,304 | ---- | M] ()
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 03:50:58 | 000,513,024 | ---- | M] ()
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/10/13 21:12:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ancestrologie
[2012/12/27 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013
[2012/02/24 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2013/03/26 16:58:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2012/03/31 22:25:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eMule
[2012/02/24 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
[2012/12/27 21:07:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2012/01/27 19:05:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoScape
[2013/03/23 15:58:18 | 000,000,000 | RHSD | M] -- C:\Users\user\AppData\Roaming\QASCXDE
[2011/10/23 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Research In Motion
[2012/12/27 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SearchProtect
[2011/10/11 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SMART Technologies
[2011/10/11 07:58:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SMART Technologies Inc
[2012/10/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
[2012/12/27 21:23:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2012/12/03 18:32:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >"

Que dois-je faire maintenant ?

Par ailleurs, je n'arrive plus à activer le pare-feu Windows ni à installer les MàJ que ce soit manuellement ou via la programmation qui ne s'exécute jamais...

Merci d'avance pour votre aide.

Cordialement.


Autres pages sur : satan

27 Mars 2013 03:04:13

Bonjour,

Avant de produire des logs d'analyses très chargés, exécutez une phase de pré-décontamination standard, exécutable par tous, tout le temps, sans log et sans assistance. Ceci va considérablement alléger la charge de travail des helpers qui ne vont intervenir que sur du " lourd ".

La Manip - Procédure standard de décontamination

Cordialement
m
0
l
Contenus similaires
27 Mars 2013 09:58:46

terdef@IDN a dit :
Bonjour,

Avant de produire des logs d'analyses très chargés, exécutez une phase de pré-décontamination standard, exécutable par tous, tout le temps, sans log et sans assistance. Ceci va considérablement alléger la charge de travail des helpers qui ne vont intervenir que sur du " lourd ".

La Manip - Procédure standard de décontamination

Cordialement


Bonjour
Pierre :) 
Tout comme sur Assiste, à l'époque ou nickW faisait des désinfections, nous avons nos propres règles.
Seuls les Helpers interviennent sur les topics afin de ne pas multiplier les outils et les manipulations hasardeuses.
D'autre part, le lien que tu postes pourrait s'apparenter à de la publicité...


+++++++++++

Audrey, [:bienvenue]


étape 1


  • Télécharge RogueKiller de Tigzy et enregistre-le sur ton Bureau
  • /!\ Important -> Quitte tous les programmes en cours
  • Double-clique sur RogueKiller.exe sur ton Bureau
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sélectionne l'option Recherche
  • Copie-colle le contenu du rapport RKreport.txt dans ta prochaine réponse

  • Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois. Au besoin le renommer en Winlogon.exe

    • Si des éléments infectieux ont été trouvés, relance RogueKiller et pour lance la Suppression et valide
    • Copie-colle le contenu du 2nd rapport RKreport.txt dans ta prochaine réponse




  • étape 2


  • Rends-toi sur cette page AdwCleaner de Xplode , clique sur Télécharger et enregistre le fichier sur ton Bureau
  • Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Sur le menu principal, clique sur Supression et patiente le temps de l'analyse
  • A la fin du scan, un rapport AdwCleaner(S).txt s'ouvre. Poste le rapport dans ta prochaine réponse
    Le rapport se trouve sous C:\AdwCleaner(S).txt


    Tutoriel: AdwCleaner (Xplode)


    étape 3

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.

  • Poste ce rapport.

    ~~REMARQUE: Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.


    ~~Aide :

  • Tutoriel MalwareByte's Anti-Malware

    m
    0
    l
    29 Mars 2013 03:15:00

    Merci pour les éléments de réponse.
    Etape 1 ok
    Rapport :
    RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueK...
    Site Web : http://www.sur-la-toile.com/RogueKiller/
    Blog : http://tigzyrk.blogspot.com/

    Systeme d'exploitation : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
    Demarrage : Mode normal
    Utilisateur : user [Droits d'admin]
    Mode : Suppression -- Date : 29/03/2013 03:12:30
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrees de registre : 6 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\n.) [x] -> REMPLACÉ (C:\Windows\system32\shell32.dll)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\n.) [x] -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\@ [-] --> SUPPRIMÉ
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\@ [-] --> SUPPRIMÉ
    [Del.Parent][FILE] 00000001.@ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U\00000001.@ [-] --> SUPPRIMÉ
    [Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U\80000000.@ [-] --> SUPPRIMÉ
    [Del.Parent][FILE] 800000cb.@ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U\800000cb.@ [-] --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\U --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\L --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\L --> SUPPRIMÉ

    ¤¤¤ Driver : [NON CHARGE] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000AAKS-00E4A0 +++++
    --- User ---
    [MBR] 5a102904d052a9d52ae3dbbdbdd84477
    [BSP] 60a3236c511a515182d1a22e8fe9c9af : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 464763 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951835185 | Size: 12174 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Termine : << RKreport[2]_D_29032013_031230.txt >>
    RKreport[1]_S_29032013_031032.txt ; RKreport[2]_D_29032013_031230.txt



    m
    0
    l
    29 Mars 2013 03:19:59

    Etape 2 ok

    # AdwCleaner v2.115 - Rapport créé le 29/03/2013 à 03:14:09
    # Mis à jour le 17/03/2013 par Xplode
    # Système d'exploitation : Windows (TM) Vista Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : user - PC-DE-USER
    # Mode de démarrage : Normal
    # Exécuté depuis : C:\Users\user\Downloads\adwcleaner.exe
    # Option [Suppression]


    ***** [Services] *****


    ***** [Fichiers / Dossiers] *****

    Supprimé au redémarrage : C:\Program Files (x86)\AVG Secure Search
    Supprimé au redémarrage : C:\Program Files (x86)\Common Files\AVG Secure Search
    Supprimé au redémarrage : C:\Program Files (x86)\Conduit
    Supprimé au redémarrage : C:\Program Files (x86)\SearchProtect
    Supprimé au redémarrage : C:\ProgramData\AVG Secure Search
    Supprimé au redémarrage : C:\ProgramData\Babylon

    ***** [Registre] *****

    Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
    Clé Supprimée : HKCU\Software\AVG Secure Search
    Clé Supprimée : HKCU\Software\Conduit

    ***** [Navigateurs] *****

    -\\ Internet Explorer v7.0.6001.18639

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v19.0.2 (fr)

    -\\ Google Chrome v [Impossible d'obtenir la version]

    *************************

    AdwCleaner[R1].txt - [17450 octets] - [29/03/2013 02:52:11]
    AdwCleaner[S1].txt - [400 octets] - [29/03/2013 02:51:20]
    AdwCleaner[S2].txt - [15334 octets] - [29/03/2013 02:55:02]
    AdwCleaner[S3].txt - [1398 octets] - [29/03/2013 03:14:09]

    ########## EOF - C:\AdwCleaner[S3].txt - [1458 octets] ##########

    Site Web : http://www.sur-la-toile.com/RogueKiller/
    Blog : http://tigzyrk.blogspot.com/

    Systeme d'exploitation : Windows Vista (6.0.6001 Service Pack 1) 64 bits version
    Demarrage : Mode normal
    Utilisateur : user [Droits d'admin]
    Mode : Suppression -- Date : 29/03/2013 03:12:30
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrees de registre : 6 ¤¤¤
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REMPLACÉ (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\n.) [x] -> REMPLACÉ (C:\Windows\system32\shell32.dll)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\n.) [x] -> REMPLACÉ (C:\Windows\system32\wbem\fastprox.dll)

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\@ [-] --> SUPPRIMÉ
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\@ [-] --> SUPPRIMÉ
    [Del.Parent][FILE] 00000001.@ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U\00000001.@ [-] --> SUPPRIMÉ
    [Del.Parent][FILE] 80000000.@ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U\80000000.@ [-] --> SUPPRIMÉ
    [Del.Parent][FILE] 800000cb.@ : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U\800000cb.@ [-] --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\U --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\U --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$a1a341b198055cb039d9e37eaaa34ca8\L --> SUPPRIMÉ
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3655525233-1435244198-3391848185-1000\$a1a341b198055cb039d9e37eaaa34ca8\L --> SUPPRIMÉ

    ¤¤¤ Driver : [NON CHARGE] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: WDC WD5000AAKS-00E4A0 +++++
    --- User ---
    [MBR] 5a102904d052a9d52ae3dbbdbdd84477
    [BSP] 60a3236c511a515182d1a22e8fe9c9af : MBR Code unknown
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 464763 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 951835185 | Size: 12174 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Termine : << RKreport[2]_D_29032013_031230.txt >>
    RKreport[1]_S_29032013_031032.txt ; RKreport[2]_D_29032013_031230.txt



    m
    0
    l
    29 Mars 2013 03:29:19

    Etape 3 : j'ai bien mbam dans mes téléchargements, je clique dessus et l'installation dit se faire mais je ne le trouve pas installé sur mon PC ??? :( 
    m
    0
    l
    30 Mars 2013 16:21:15

    Bonjour :) 
    Normalement, à la fin de l'installation, Mbam te propose de faire une mise à jour puis un scan....
    Tu es sûre d'aller au bout de installation?

    Poste un nouveau rapport OTL pour voir ce qu'il en est stp
    m
    0
    l
    30 Mars 2013 23:25:48

    Bonsoir,

    Je suis sûre d'avoir téléchargé mbam-rules.exe, lorsque je double-clique dessus depuis mes téléchargements, j'accepte l'installation, en français, puis tout est très rapide et ça me dit que mbam est installé et les fenêtres se ferment... Donc je ne suis pas sûre d'avoir téléchargé ce qu'il faut même si je l'ai trouvé sur le site indiqué.
    Analyse OTL nouvelle version :
    "OTL logfile created on: 30/03/2013 22:43:05 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\user\Downloads
    64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6001.18000)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    4,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 24,46% Memory free
    8,21 Gb Paging File | 4,00 Gb Available in Paging File | 48,68% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453,87 Gb Total Space | 11,48 Gb Free Space | 2,53% Space Free | Partition Type: NTFS
    Drive D: | 11,89 Gb Total Space | 1,59 Gb Free Space | 13,37% Space Free | Partition Type: NTFS
    Drive E: | 4,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive F: | 7,39 Gb Total Space | 4,63 Gb Free Space | 62,67% Space Free | Partition Type: FAT32

    Computer Name: PC-DE-USER | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found
    PRC - c:\Users\user\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    PRC - C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe (Hewlett-Packard)
    PRC - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe (Hewlett-Packard)
    PRC - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe (CyberLink Corp.)
    PRC - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
    PRC - C:\Windows\SysWOW64\OSDForm.exe ()
    PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
    PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
    PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\f280cfb373553c7b3ca0581a89944b91\System.Deployment.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LUZHP\2.0.0.0__5b744bac3e20de8f\LUZHP.dll ()
    MOD - C:\Windows\assembly\GAC_32\HPTSEnUsr\1.0.0.0__661cda25fd3dfad3\HPTSEnUsr.dll ()
    MOD - C:\Windows\assembly\GAC_32\HPTSEnCmn\1.0.0.0__9384b804f3886685\HPTSEnCmn.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_fr_b03f5f7f11d50a3a\System.Deployment.resources.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fr_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationFramework.resources.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_fr_31bf3856ad364e35\PresentationCore.resources.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase.resources\3.0.0.0_fr_31bf3856ad364e35\WindowsBase.resources.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.XmlSerializers.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\_PyMediaLib.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\_PyPCMAgentInfo.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\System\_PyLiveCenterInfo.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
    MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvcPS.dll ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\zlib.pyd ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\_bsddb.pyd ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\_ssl.pyd ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\pyexpat.pyd ()
    MOD - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Koan\_socket.pyd ()
    MOD - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
    MOD - C:\Windows\SysWOW64\OSDForm.exe ()
    MOD - c:\Program Files (x86)\CyberLink\Shared Files\richvideops.dll ()
    MOD - C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\BRIGHTNESS.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (Crypkey License) -- C:\Windows\SysNative\Crypserv.exe ()
    SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (vToolbarUpdater14.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe ()
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
    SRV - (CalendarSynchService) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard)
    SRV - (HP Touch Screen Enhance) -- c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE (Hewlett-Packard)
    SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
    SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys ()
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys ()
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys ()
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys ()
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys ()
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys ()
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\DRIVERS\avgloga.sys ()
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys ()
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys ()
    DRV:64bit: - (AVerBDA6x_x64) -- C:\Windows\SysNative\DRIVERS\AVerBDA716x_x64.sys ()
    DRV:64bit: - (netr28x) -- C:\Windows\SysNative\DRIVERS\netr28x.sys ()
    DRV:64bit: - (ACPIService) -- C:\Windows\SysNative\DRIVERS\OSDACPI.SYS ()
    DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\ckldrv.sys ()
    DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys ()
    DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
    DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys ()
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys ()

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{CEB8E987-913C-47BE-8300-496AA482AAEB}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
    IE:64bit: - HKLM\..\SearchScopes\{DD61E333-3E01-4A66-AE71-9D8A59DF42C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcndtie7-fr-fr
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{CEB8E987-913C-47BE-8300-496AA482AAEB}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
    IE - HKLM\..\SearchScopes\{DD61E333-3E01-4A66-AE71-9D8A59DF42C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcndtie7-fr-fr

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKCU\..\SearchScopes\{CEB8E987-913C-47BE-8300-496AA482AAEB}: "URL" = http://fr.kelkoopartners.net/ctl/do/search?siteSearchQu...{searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913932
    IE - HKCU\..\SearchScopes\{DD61E333-3E01-4A66-AE71-9D8A59DF42C3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?s...{searchTerms}&invocationType=tb50hpcndtie7-fr-fr
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..CT3128284.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.selectedEngine: "01NET.com Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
    FF - prefs.js..extensions.enabledAddons: %7B8e5025c2-8ea3-430d-80b8-a14151068a6d%7D:10.15.0.562
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT312828..."
    FF - prefs.js..network.proxy.type: 0


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 07:20:47 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/08 07:20:47 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/02/24 18:46:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
    [2013/03/26 17:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o30xw3dd.default\extensions
    [2013/03/26 17:05:07 | 000,000,000 | ---D | M] (01NET.com) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\o30xw3dd.default\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}
    [2012/12/27 20:57:23 | 000,001,048 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\o30xw3dd.default\searchplugins\01netcom-customized-web-search.xml
    [2011/10/28 10:57:29 | 000,002,438 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\o30xw3dd.default\searchplugins\askcom.xml
    [2012/02/24 18:32:37 | 000,002,517 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\o30xw3dd.default\searchplugins\Search_Results.xml
    [2013/03/08 07:20:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/03/08 07:20:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
    [2013/03/08 07:20:24 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
    [2013/03/08 07:20:47 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2013/01/13 19:03:11 | 000,001,609 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-france.xml
    [2012/11/29 10:08:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/11/29 10:08:14 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2013/03/02 23:36:08 | 000,001,472 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-france.xml
    [2013/01/13 19:03:11 | 000,001,399 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2012/11/29 10:08:14 | 000,001,169 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-france.xml

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
    O4:64bit: - HKLM..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" File not found
    O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [ALUAlert] "c:\Program Files (x86)\Symantec\LiveUpdate\ALuNotify.exe" "/LOWDISKSPACE C" File not found
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Buttons & OSDs control application gen2] C:\Program Files (x86)\HP\Buttons & OSDs control application gen2\MediaButtons.exe ()
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [HP KEYBOARD] C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe (OsdMaestro)
    O4 - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [HPSmartCenterBoot] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe (Hewlett-Packard)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O8:64bit: - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8:64bit: - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Envoyer à Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Envoyer au périphérique &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: 01net.com ([www] http in Sites de confiance)
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Intranet local)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-wind... (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-wind... (Java Plug-in 1.6.0_38)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_38-wind... (Java Plug-in 1.6.0_38)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.5
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B34B3B90-917F-4E8C-AEBE-A13989914013}: DhcpNameServer = 192.168.0.5
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\ahp.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\ahp.jpg
    O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
    O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/29 03:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/29 03:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/03/25 21:03:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Skype
    [2013/03/25 21:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/03/25 21:03:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/03/25 21:03:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2013/03/25 21:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2013/03/08 16:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/03/08 07:20:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/30 23:00:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/30 23:00:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/30 22:24:04 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/30 19:54:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/29 08:06:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2013/03/29 03:15:03 | 000,000,890 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/03/25 21:03:13 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/03/19 00:06:53 | 001,495,774 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/19 00:06:53 | 000,678,804 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2013/03/19 00:06:53 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/19 00:06:53 | 000,126,420 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2013/03/19 00:06:53 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/19 00:02:59 | 000,153,600 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/03/08 16:58:48 | 000,000,888 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/29 02:55:08 | 000,000,890 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/03/25 21:03:13 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/05 20:15:41 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
    [2012/10/29 19:43:05 | 000,000,732 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps64.dat
    [2012/04/17 10:33:22 | 000,292,864 | ---- | C] () -- C:\Users\user\AppData\Roaming\Setup_WebGameAR.exe
    [2012/02/24 18:03:50 | 000,391,520 | ---- | C] () -- C:\Users\user\AppData\Roaming\kujytuo.exe
    [2011/10/27 20:32:47 | 000,000,068 | ---- | C] () -- C:\Windows\spwdr.INI
    [2011/10/27 20:32:38 | 000,000,077 | ---- | C] () -- C:\Windows\Crypkey.ini
    [2011/10/27 20:32:29 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
    [2011/10/27 20:32:29 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
    [2011/10/27 20:32:29 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
    [2011/10/03 16:34:50 | 000,000,218 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
    [2011/10/01 03:44:13 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
    [2011/10/01 03:44:13 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
    [2011/09/30 22:21:46 | 000,153,600 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
    "ThreadingModel" = Both
    "" = C:\Windows\SysWOW64\shell32.dll -- [2011/01/21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
    "ThreadingModel" = Both
    "" = C:\Windows\SysWOW64\shell32.dll -- [2011/01/21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2011/01/21 16:56:31 | 012,898,304 | ---- | M] ()
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysWOW64\wbem\fastprox.dll -- [2009/03/03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 03:50:58 | 000,513,024 | ---- | M] ()
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/10/13 21:12:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ancestrologie
    [2012/12/27 21:26:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013
    [2012/02/24 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
    [2013/03/29 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
    [2012/03/31 22:25:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eMule
    [2012/02/24 18:32:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MusicNet
    [2012/12/27 21:07:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
    [2012/01/27 19:05:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoScape
    [2013/03/23 15:58:18 | 000,000,000 | RHSD | M] -- C:\Users\user\AppData\Roaming\QASCXDE
    [2011/10/23 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Research In Motion
    [2012/12/27 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SearchProtect
    [2011/10/11 11:18:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SMART Technologies
    [2011/10/11 07:58:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SMART Technologies Inc
    [2012/10/17 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template
    [2012/12/27 21:23:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
    [2012/12/03 18:32:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

    ========== Purity Check ==========



    < End of report >"
    m
    0
    l
    31 Mars 2013 17:29:13

    Bonjour
    L'infection bloque le lancement de MBAM...

    étape 1



  • Télécharge TDSSKiller de Kaspersky et enregistre-le sur ton Bureau
  • Double-clique sur TDSSKiller.exe
    /!\ Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Clique sur Change parameters et coche la case Loaded modules. Le message Reboot is required s'affiche.
    Il faut le valider en cliquant sur Reboot now.
  • Au redémarrage, valider la demande Voulez-vous exécuter ce fichier (Editeur Kasperky.Labs).
    L'outil TDSSKiller se relance.
  • Clique de nouveau sur Change parameters et coche dans Additionnal options les cases Verify driver digital signatures et Detect TDLFS file system. Valide par OK
  • Clique sur Start scan pour lancer l'analyse. Laisse travailler l'outil sans l'interrompre.
  • En fin d'analyse, si l'outil a trouvé des éléments suspects ou malicieux, laisse les options indiquées par l'outil pour l'action à effectuer :
    • Si TDSS.tdl2 est détecté, l'option delete soit cochée par défaut
    • Si TDSS.tdl3 est détecté, l'option Cure soit bien cochée
    • Si TDSS.tdl4 (mbr) est détecté, l'option Cure soit bien cochée
    • Si Suspicious object est indiqué, l'option Skip soit cochée

  • Clique ensuite sur Continue, puis clique sur Reboot computer
  • Au redémarrage, poste le rapport TDSSKiller.Version_Date_Heure_log.txt dans ta réponse sur le forum
    Le rapport TDSSKiller.Version_Date_Heure_log.txt est enregistré sous C:\TDSSKiller.Version_Date_Heure_log.txt

    Tutoriel d'utilisation TDSSKiller en images





    étape 2


    Tu va déplacer OTL et le mettre sur ton bureau, puis tu vas faire un scan personnalisé car il me manque des éléments. Le rapports sera trop long pour le poster en direct sur le forum donc déroule la procédure ci dessous:
  • Double-clique sur OTL pour le lancer.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
  • Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
  • Coche également les cases à côté de Recherche Lop et Recherche Purity.
  • sous Personnalisation (dans le cadre blanc), copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    drivers32
    /md5start
    explorer.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    nslookup http://www.google.fr /c
    SAVEMBR:0
    CREATERESTOREPOINT



  • Enfin, clique sur le bouton Analyse. Laisse travailler l'outil.

  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).

    Pour me transmettre les rapports :
    Merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu dans ta réponse. En cas de problème, voir cette aide à l'utilisation ici.
    m
    0
    l
    14 Avril 2013 23:47:52

    Bonsoir,
    Je n'ai vu votre réponse que ce soir.

    21:23:31.0668 4000 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    21:23:32.0916 4000 ============================================================
    21:23:32.0916 4000 Current date / time: 2013/04/14 21:23:32.0916
    21:23:32.0916 4000 SystemInfo:
    21:23:32.0916 4000
    21:23:32.0916 4000 OS Version: 6.0.6001 ServicePack: 1.0
    21:23:32.0916 4000 Product type: Workstation
    21:23:32.0916 4000 ComputerName: PC-DE-USER
    21:23:32.0931 4000 UserName: user
    21:23:32.0931 4000 Windows directory: C:\Windows
    21:23:32.0931 4000 System windows directory: C:\Windows
    21:23:32.0931 4000 Running under WOW64
    21:23:32.0931 4000 Processor architecture: Intel x64
    21:23:32.0931 4000 Number of processors: 2
    21:23:32.0931 4000 Page size: 0x1000
    21:23:32.0931 4000 Boot type: Normal boot
    21:23:32.0931 4000 ============================================================
    21:23:33.0508 4000 BG loaded
    21:23:34.0429 4000 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:23:34.0460 4000 ============================================================
    21:23:34.0460 4000 \Device\Harddisk0\DR0:
    21:23:34.0522 4000 MBR partitions:
    21:23:34.0522 4000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x38BBD9F2
    21:23:34.0522 4000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38BBDA31, BlocksNum 0x17C7210
    21:23:34.0522 4000 ============================================================
    21:23:34.0694 4000 C: <-> \Device\Harddisk0\DR0\Partition1
    21:23:35.0169 4000 D: <-> \Device\Harddisk0\DR0\Partition2
    21:23:35.0272 4000 ============================================================
    21:23:35.0272 4000 Initialize success
    21:23:35.0273 4000 ============================================================
    21:45:09.0282 0300 ============================================================
    21:45:09.0282 0300 Scan started
    21:45:09.0282 0300 Mode: Manual;
    21:45:09.0282 0300 ============================================================
    21:45:09.0526 0300 ================ Scan system memory ========================
    21:45:09.0526 0300 System memory - ok
    21:45:09.0527 0300 ================ Scan services =============================
    21:45:09.0664 0300 [ 8C99ED256A889D647935A97C543B7B85 ] ACPI C:\Windows\system32\drivers\acpi.sys
    21:45:09.0666 0300 ACPI - ok
    21:45:09.0688 0300 [ B0C2CEA708685E8AD10F028211A2D973 ] ACPIService C:\Windows\system32\DRIVERS\OSDACPI.SYS
    21:45:09.0689 0300 ACPIService - ok
    21:45:09.0701 0300 [ 3AD4B78ECBAB5673515F0B466D126348 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
    21:45:09.0704 0300 ADIHdAudAddService - ok
    21:45:09.0758 0300 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:45:09.0760 0300 AdobeARMservice - ok
    21:45:09.0814 0300 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:45:09.0816 0300 AdobeFlashPlayerUpdateSvc - ok
    21:45:09.0839 0300 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:45:09.0846 0300 adp94xx - ok
    21:45:09.0864 0300 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:45:09.0870 0300 adpahci - ok
    21:45:09.0892 0300 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    21:45:09.0895 0300 adpu160m - ok
    21:45:09.0919 0300 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:45:09.0923 0300 adpu320 - ok
    21:45:09.0956 0300 [ 28C0B0A6CB61BDD1FEF877D4D0F69FBF ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
    21:45:09.0958 0300 AEADIFilters - ok
    21:45:09.0978 0300 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:45:09.0979 0300 AeLookupSvc - ok
    21:45:10.0014 0300 [ 9BB97042FA331A0FB4BDD98B9280A50A ] AFD C:\Windows\system32\drivers\afd.sys
    21:45:10.0019 0300 AFD - ok
    21:45:10.0035 0300 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:45:10.0037 0300 agp440 - ok
    21:45:10.0058 0300 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    21:45:10.0060 0300 aic78xx - ok
    21:45:10.0083 0300 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
    21:45:10.0084 0300 ALG - ok
    21:45:10.0105 0300 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:45:10.0106 0300 aliide - ok
    21:45:10.0114 0300 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
    21:45:10.0116 0300 amdide - ok
    21:45:10.0143 0300 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:45:10.0146 0300 AmdK8 - ok
    21:45:10.0180 0300 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
    21:45:10.0182 0300 Appinfo - ok
    21:45:10.0202 0300 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
    21:45:10.0205 0300 arc - ok
    21:45:10.0219 0300 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:45:10.0224 0300 arcsas - ok
    21:45:10.0250 0300 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:45:10.0252 0300 AsyncMac - ok
    21:45:10.0271 0300 [ 1898FAE8E07D97F2F6C2D5326C633FAC ] atapi C:\Windows\system32\drivers\atapi.sys
    21:45:10.0272 0300 atapi - ok
    21:45:10.0296 0300 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:45:10.0299 0300 AudioEndpointBuilder - ok
    21:45:10.0320 0300 [ 2A54B6A48AB6D2166271B05E9469326E ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:45:10.0323 0300 AudioSrv - ok
    21:45:10.0372 0300 [ F23EFEFF6389034EC70430B8CB7684B3 ] AVerBDA6x_x64 C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys
    21:45:10.0381 0300 AVerBDA6x_x64 - ok
    21:45:10.0510 0300 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    21:45:10.0551 0300 AVGIDSAgent - ok
    21:45:10.0610 0300 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
    21:45:10.0612 0300 AVGIDSDriver - ok
    21:45:10.0642 0300 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
    21:45:10.0643 0300 AVGIDSHA - ok
    21:45:10.0668 0300 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
    21:45:10.0669 0300 Avgldx64 - ok
    21:45:10.0697 0300 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
    21:45:10.0699 0300 Avgloga - ok
    21:45:10.0732 0300 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
    21:45:10.0733 0300 Avgmfx64 - ok
    21:45:10.0750 0300 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
    21:45:10.0751 0300 Avgrkx64 - ok
    21:45:10.0768 0300 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
    21:45:10.0770 0300 Avgtdia - ok
    21:45:10.0793 0300 [ 4C05242DC361A217223E9B8EC2B3A76B ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
    21:45:10.0794 0300 avgtp - ok
    21:45:10.0819 0300 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    21:45:10.0821 0300 avgwd - ok
    21:45:10.0848 0300 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    21:45:10.0850 0300 blbdrive - ok
    21:45:10.0908 0300 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:45:10.0913 0300 Bonjour Service - ok
    21:45:10.0938 0300 [ F0F035FCEC3554CC1B70C5611BD87951 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:45:10.0940 0300 bowser - ok
    21:45:10.0958 0300 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    21:45:10.0960 0300 BrFiltLo - ok
    21:45:10.0974 0300 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    21:45:10.0975 0300 BrFiltUp - ok
    21:45:10.0995 0300 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
    21:45:10.0997 0300 Browser - ok
    21:45:11.0017 0300 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
    21:45:11.0020 0300 Brserid - ok
    21:45:11.0039 0300 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    21:45:11.0041 0300 BrSerWdm - ok
    21:45:11.0057 0300 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    21:45:11.0058 0300 BrUsbMdm - ok
    21:45:11.0073 0300 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    21:45:11.0075 0300 BrUsbSer - ok
    21:45:11.0106 0300 [ 86F46C41F773DA5A4A1D221C9201E3B8 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    21:45:11.0107 0300 BthEnum - ok
    21:45:11.0123 0300 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:45:11.0125 0300 BTHMODEM - ok
    21:45:11.0150 0300 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    21:45:11.0151 0300 BthPan - ok
    21:45:11.0197 0300 [ E76F40C8DFFD33B6F142DE90D3CABB73 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    21:45:11.0199 0300 BTHPORT - ok
    21:45:11.0232 0300 [ E53AA49695B7BD95808B7C6DA170A40E ] BthServ C:\Windows\System32\bthserv.dll
    21:45:11.0232 0300 BthServ - ok
    21:45:11.0263 0300 [ CD52602D1884C6867269BABCB67849C5 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    21:45:11.0264 0300 BTHUSB - ok
    21:45:11.0287 0300 [ 52833836D889E1E36F79F4CE975AE8DE ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    21:45:11.0288 0300 btwaudio - ok
    21:45:11.0294 0300 [ 124F5E01803D89332E956C25681395B9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
    21:45:11.0297 0300 btwavdt - ok
    21:45:11.0314 0300 [ 398F9EFFE659BB79E73259153A884261 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    21:45:11.0315 0300 btwl2cap - ok
    21:45:11.0340 0300 [ FF7717CF84333CBA4287AC6FE423B385 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    21:45:11.0341 0300 btwrchid - ok
    21:45:11.0412 0300 [ C62A0F5AF002DDBE54085E77A86DC238 ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    21:45:11.0413 0300 CalendarSynchService - ok
    21:45:11.0422 0300 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:45:11.0424 0300 cdfs - ok
    21:45:11.0447 0300 [ 3B2FB35363423ED60C8FBF15FC8680BD ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:45:11.0448 0300 cdrom - ok
    21:45:11.0459 0300 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] CertPropSvc C:\Windows\System32\certprop.dll
    21:45:11.0461 0300 CertPropSvc - ok
    21:45:11.0482 0300 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    21:45:11.0484 0300 circlass - ok
    21:45:11.0498 0300 [ CAEDA2572B7042B11062F327F099251D ] CLFS C:\Windows\system32\CLFS.sys
    21:45:11.0501 0300 CLFS - ok
    21:45:11.0550 0300 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:45:11.0553 0300 clr_optimization_v2.0.50727_32 - ok
    21:45:11.0588 0300 [ FA58B51ED71C9133E141164EAA7C54EB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:45:11.0590 0300 clr_optimization_v2.0.50727_64 - ok
    21:45:11.0647 0300 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:45:11.0650 0300 clr_optimization_v4.0.30319_32 - ok
    21:45:11.0699 0300 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:45:11.0701 0300 clr_optimization_v4.0.30319_64 - ok
    21:45:11.0715 0300 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:45:11.0718 0300 cmdide - ok
    21:45:11.0736 0300 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    21:45:11.0747 0300 Compbatt - ok
    21:45:11.0755 0300 COMSysApp - ok
    21:45:11.0773 0300 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:45:11.0774 0300 crcdisk - ok
    21:45:11.0791 0300 Crypkey License - ok
    21:45:11.0822 0300 [ 4374F784121D8B3BB466B03F5E5EBD33 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:45:11.0824 0300 CryptSvc - ok
    21:45:11.0860 0300 [ 52CDADE8289FF21F1F2215FF51A5F36C ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:45:11.0866 0300 DcomLaunch - ok
    21:45:11.0915 0300 [ 3725C43C9E90731ECA651D506CC599A3 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:45:11.0916 0300 DfsC - ok
    21:45:12.0000 0300 [ 1781F99840979EE7B126C9073C377FD0 ] DFSR C:\Windows\system32\DFSR.exe
    21:45:12.0066 0300 DFSR - ok
    21:45:12.0101 0300 [ FDAA0EDFCFB70CD529589AD654651B40 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    21:45:12.0104 0300 Dhcp - ok
    21:45:12.0122 0300 [ 2DC415FC05FB8A079F896CBBACB19324 ] disk C:\Windows\system32\drivers\disk.sys
    21:45:12.0124 0300 disk - ok
    21:45:12.0155 0300 [ DAF05293C1264E251D3A25E7E24B2DDF ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:45:12.0157 0300 Dnscache - ok
    21:45:12.0173 0300 [ CC661867677627F2911C2A4970DEE0F1 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:45:12.0176 0300 dot3svc - ok
    21:45:12.0193 0300 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
    21:45:12.0195 0300 DPS - ok
    21:45:12.0225 0300 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:45:12.0227 0300 drmkaud - ok
    21:45:12.0266 0300 [ 412964040CE920FF83AFF6B5B551BF99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:45:12.0275 0300 DXGKrnl - ok
    21:45:12.0308 0300 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
    21:45:12.0312 0300 E1G60 - ok
    21:45:12.0342 0300 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
    21:45:12.0344 0300 EapHost - ok
    21:45:12.0359 0300 [ 7343D950A34A95DCB7441642E3E6BEEF ] Ecache C:\Windows\system32\drivers\ecache.sys
    21:45:12.0361 0300 Ecache - ok
    21:45:12.0398 0300 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:45:12.0402 0300 ehRecvr - ok
    21:45:12.0421 0300 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
    21:45:12.0424 0300 ehSched - ok
    21:45:12.0440 0300 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
    21:45:12.0441 0300 ehstart - ok
    21:45:12.0463 0300 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:45:12.0470 0300 elxstor - ok
    21:45:12.0501 0300 [ E4EB76D0A8FC43DB7F36302E1F33791F ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    21:45:12.0506 0300 EMDMgmt - ok
    21:45:12.0525 0300 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:45:12.0526 0300 ErrDev - ok
    21:45:12.0566 0300 [ 6B1A97BF9FEFBDC83F3C7C7D0F826C66 ] EventSystem C:\Windows\system32\es.dll
    21:45:12.0570 0300 EventSystem - ok
    21:45:12.0592 0300 [ 2A546B9A84658B0554B1EC35CD9ADAF5 ] exfat C:\Windows\system32\drivers\exfat.sys
    21:45:12.0597 0300 exfat - ok
    21:45:12.0617 0300 [ FE731D345ED9EEABBC72A59B35941834 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:45:12.0621 0300 fastfat - ok
    21:45:12.0645 0300 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    21:45:12.0647 0300 fdc - ok
    21:45:12.0686 0300 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
    21:45:12.0687 0300 fdPHost - ok
    21:45:12.0702 0300 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
    21:45:12.0703 0300 FDResPub - ok
    21:45:12.0715 0300 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:45:12.0717 0300 FileInfo - ok
    21:45:12.0733 0300 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:45:12.0735 0300 Filetrace - ok
    21:45:12.0752 0300 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    21:45:12.0754 0300 flpydisk - ok
    21:45:12.0767 0300 [ 7DACF1A3A4219575070C6DC7C957428A ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:45:12.0771 0300 FltMgr - ok
    21:45:12.0817 0300 [ 73D0F1D32EDAE3DCC4E84468BF910ADD ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:45:12.0819 0300 FontCache3.0.0.0 - ok
    21:45:12.0836 0300 [ 29D99E860A1CA0A03C6A733FDD0DA703 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:45:12.0838 0300 Fs_Rec - ok
    21:45:12.0858 0300 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:45:12.0861 0300 gagp30kx - ok
    21:45:12.0934 0300 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    21:45:12.0940 0300 GameConsoleService - ok
    21:45:12.0978 0300 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:45:12.0980 0300 GEARAspiWDM - ok
    21:45:13.0023 0300 [ 9E5B254D58232EC8921EC3C5A94C81ED ] gpsvc C:\Windows\System32\gpsvc.dll
    21:45:13.0062 0300 gpsvc - ok
    21:45:13.0088 0300 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:45:13.0089 0300 HDAudBus - ok
    21:45:13.0108 0300 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:45:13.0110 0300 HidBth - ok
    21:45:13.0144 0300 [ 5F47839455D01FF6403B008D481A6F5B ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    21:45:13.0145 0300 HidIr - ok
    21:45:13.0155 0300 [ 0AA154538544E988429DA2D5AA803A6C ] hidserv C:\Windows\system32\hidserv.dll
    21:45:13.0156 0300 hidserv - ok
    21:45:13.0181 0300 [ 128E2DA8483FDD4DD0C7B3F9ABD6F323 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:45:13.0182 0300 HidUsb - ok
    21:45:13.0195 0300 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:45:13.0197 0300 hkmsvc - ok
    21:45:13.0250 0300 [ CB383AB0B8BA871D893B86D3C9A3ED9F ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    21:45:13.0251 0300 HP Health Check Service - ok
    21:45:13.0280 0300 [ F3FE67A7FD038DD0BE6BA41E1A6973E9 ] HP Touch Screen Enhance c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
    21:45:13.0281 0300 HP Touch Screen Enhance - ok
    21:45:13.0304 0300 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    21:45:13.0306 0300 HpCISSs - ok
    21:45:13.0340 0300 [ E690736DA6C543F5D99C8FA27BEA31DB ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:45:13.0345 0300 HTTP - ok
    21:45:13.0365 0300 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    21:45:13.0367 0300 i2omp - ok
    21:45:13.0392 0300 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    21:45:13.0394 0300 i8042prt - ok
    21:45:13.0430 0300 [ 170CE3F0190702EA9EFDD2DD77130EF8 ] iaStor C:\Windows\system32\drivers\iastor.sys
    21:45:13.0433 0300 iaStor - ok
    21:45:13.0458 0300 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    21:45:13.0463 0300 iaStorV - ok
    21:45:13.0524 0300 [ 76EA63CDB2D88DAE7209691D089BEF1D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:45:13.0538 0300 idsvc - ok
    21:45:13.0558 0300 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:45:13.0560 0300 iirsp - ok
    21:45:13.0614 0300 [ 3A3B232140C33376E134E7B61A0EAA44 ] IKEEXT C:\Windows\System32\ikeext.dll
    21:45:13.0619 0300 IKEEXT - ok
    21:45:13.0643 0300 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
    21:45:13.0644 0300 intelide - ok
    21:45:13.0661 0300 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    21:45:13.0662 0300 intelppm - ok
    21:45:13.0678 0300 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:45:13.0680 0300 IPBusEnum - ok
    21:45:13.0695 0300 [ 99B821F5BEBD6A3CC3FE564F802AE0FD ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:45:13.0697 0300 IpFilterDriver - ok
    21:45:13.0704 0300 IpInIp - ok
    21:45:13.0721 0300 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    21:45:13.0723 0300 IPMIDRV - ok
    21:45:13.0743 0300 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    21:45:13.0746 0300 IPNAT - ok
    21:45:13.0761 0300 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:45:13.0763 0300 IRENUM - ok
    21:45:13.0793 0300 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:45:13.0794 0300 isapnp - ok
    21:45:13.0816 0300 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    21:45:13.0818 0300 iScsiPrt - ok
    21:45:13.0839 0300 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    21:45:13.0841 0300 iteatapi - ok
    21:45:13.0875 0300 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    21:45:13.0877 0300 iteraid - ok
    21:45:13.0883 0300 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:45:13.0886 0300 kbdclass - ok
    21:45:13.0903 0300 [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:45:13.0904 0300 kbdhid - ok
    21:45:13.0936 0300 [ 80F4593E92FF960E4763380D3168E498 ] KeyIso C:\Windows\system32\lsass.exe
    21:45:13.0938 0300 KeyIso - ok
    21:45:13.0958 0300 [ CCDCCE6224E1E207E953AF826B98A9D9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:45:13.0962 0300 KSecDD - ok
    21:45:13.0970 0300 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:45:13.0972 0300 ksthunk - ok
    21:45:14.0003 0300 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:45:14.0007 0300 KtmRm - ok
    21:45:14.0042 0300 [ 3F27C9CDAE606D74431E3AB39571A7F3 ] LanmanServer C:\Windows\system32\srvsvc.dll
    21:45:14.0044 0300 LanmanServer - ok
    21:45:14.0076 0300 [ 6E25FFC6FEAD6544C6E9F1D23329570C ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:45:14.0078 0300 LanmanWorkstation - ok
    21:45:14.0104 0300 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:45:14.0105 0300 lltdio - ok
    21:45:14.0126 0300 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:45:14.0131 0300 lltdsvc - ok
    21:45:14.0147 0300 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:45:14.0148 0300 lmhosts - ok
    21:45:14.0196 0300 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:45:14.0198 0300 LSI_FC - ok
    21:45:14.0218 0300 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:45:14.0221 0300 LSI_SAS - ok
    21:45:14.0242 0300 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:45:14.0245 0300 LSI_SCSI - ok
    21:45:14.0253 0300 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:45:14.0255 0300 luafv - ok
    21:45:14.0270 0300 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:45:14.0274 0300 Mcx2Svc - ok
    21:45:14.0296 0300 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
    21:45:14.0299 0300 megasas - ok
    21:45:14.0329 0300 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    21:45:14.0336 0300 MegaSR - ok
    21:45:14.0355 0300 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
    21:45:14.0357 0300 MMCSS - ok
    21:45:14.0378 0300 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    21:45:14.0379 0300 Modem - ok
    21:45:14.0401 0300 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:45:14.0402 0300 monitor - ok
    21:45:14.0414 0300 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:45:14.0415 0300 mouclass - ok
    21:45:14.0430 0300 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:45:14.0431 0300 mouhid - ok
    21:45:14.0440 0300 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    21:45:14.0442 0300 MountMgr - ok
    21:45:14.0480 0300 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    21:45:14.0483 0300 MozillaMaintenance - ok
    21:45:14.0500 0300 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:45:14.0503 0300 mpio - ok
    21:45:14.0518 0300 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:45:14.0521 0300 mpsdrv - ok
    21:45:14.0533 0300 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    21:45:14.0535 0300 Mraid35x - ok
    21:45:14.0543 0300 [ FE2706C15F8345C342820E4E4583FEA0 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:45:14.0545 0300 MRxDAV - ok
    21:45:14.0570 0300 [ B698EB9ACC7ECD4927D99D268918F912 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:45:14.0572 0300 mrxsmb - ok
    21:45:14.0582 0300 [ 9A797E27FD28500EE13D43000C931435 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:45:14.0585 0300 mrxsmb10 - ok
    21:45:14.0603 0300 [ F9425D610712533107A264E2D5B2154B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:45:14.0604 0300 mrxsmb20 - ok
    21:45:14.0625 0300 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
    21:45:14.0627 0300 msahci - ok
    21:45:14.0648 0300 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:45:14.0651 0300 msdsm - ok
    21:45:14.0668 0300 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    21:45:14.0671 0300 MSDTC - ok
    21:45:14.0684 0300 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:45:14.0686 0300 Msfs - ok
    21:45:14.0694 0300 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:45:14.0695 0300 msisadrv - ok
    21:45:14.0761 0300 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:45:14.0765 0300 MSiSCSI - ok
    21:45:14.0770 0300 msiserver - ok
    21:45:14.0802 0300 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:45:14.0804 0300 MSKSSRV - ok
    21:45:14.0819 0300 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:45:14.0821 0300 MSPCLOCK - ok
    21:45:14.0835 0300 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:45:14.0837 0300 MSPQM - ok
    21:45:14.0854 0300 [ B8E32E6103FBBA9FBB1D0C11FF0D13B5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:45:14.0857 0300 MsRPC - ok
    21:45:14.0874 0300 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    21:45:14.0875 0300 mssmbios - ok
    21:45:14.0890 0300 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:45:14.0892 0300 MSTEE - ok
    21:45:14.0907 0300 [ DDF133501F68D6988A0F55DFA88637B4 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:45:14.0909 0300 Mup - ok
    21:45:14.0954 0300 [ C25022CDD18980846973B598900915F8 ] napagent C:\Windows\system32\qagentRT.dll
    21:45:14.0959 0300 napagent - ok
    21:45:14.0987 0300 [ 73B99C98FA3A2ED1566E02D6FE1913A5 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:45:14.0989 0300 NativeWifiP - ok
    21:45:15.0007 0300 [ 2A2EE457AF36C5C9A6808C768BD3A12B ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:45:15.0014 0300 NDIS - ok
    21:45:15.0042 0300 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    21:45:15.0043 0300 NdisTapi - ok
    21:45:15.0050 0300 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:45:15.0051 0300 Ndisuio - ok
    21:45:15.0063 0300 [ 52E3E8E35101399BE9B2938C992AA087 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:45:15.0065 0300 NdisWan - ok
    21:45:15.0075 0300 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:45:15.0079 0300 NDProxy - ok
    21:45:15.0087 0300 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:45:15.0090 0300 NetBIOS - ok
    21:45:15.0125 0300 [ 7A29CA243A629230799754162D80120F ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    21:45:15.0131 0300 netbt - ok
    21:45:15.0147 0300 [ 80F4593E92FF960E4763380D3168E498 ] Netlogon C:\Windows\system32\lsass.exe
    21:45:15.0149 0300 Netlogon - ok
    21:45:15.0189 0300 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    21:45:15.0192 0300 Netman - ok
    21:45:15.0206 0300 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    21:45:15.0210 0300 netprofm - ok
    21:45:15.0331 0300 [ EF39E62B2213C019D9F9B5E272401CE6 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    21:45:15.0335 0300 netr28x - ok
    21:45:15.0452 0300 [ B84613B469B98E09F50A748C1D02E132 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    21:45:15.0455 0300 NetTcpPortSharing - ok
    21:45:15.0533 0300 [ 2263727032E9B19231A706046B8C82D3 ] NetworkX C:\Windows\system32\ckldrv.sys
    21:45:15.0534 0300 NetworkX - ok
    21:45:15.0564 0300 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:45:15.0567 0300 nfrd960 - ok
    21:45:15.0623 0300 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:45:15.0626 0300 NlaSvc - ok
    21:45:15.0641 0300 [ B06154E2A2C91E9BE5599FCA53BC4CD0 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:45:15.0643 0300 Npfs - ok
    21:45:15.0662 0300 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    21:45:15.0663 0300 nsi - ok
    21:45:15.0702 0300 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:45:15.0703 0300 nsiproxy - ok
    21:45:15.0742 0300 [ FE86BA5AC3B50E2CA911E9C60C07B638 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:45:15.0754 0300 Ntfs - ok
    21:45:15.0769 0300 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    21:45:15.0770 0300 Null - ok
    21:45:15.0983 0300 [ 093DCD56DA1B3801AA9689F0628BAB7D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    21:45:16.0055 0300 nvlddmkm - ok
    21:45:16.0098 0300 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:45:16.0109 0300 nvraid - ok
    21:45:16.0132 0300 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:45:16.0134 0300 nvstor - ok
    21:45:16.0156 0300 [ 7213878ECC10E4DF424670273349D835 ] nvsvc C:\Windows\system32\nvvsvc.exe
    21:45:16.0158 0300 nvsvc - ok
    21:45:16.0171 0300 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:45:16.0173 0300 nv_agp - ok
    21:45:16.0184 0300 NwlnkFlt - ok
    21:45:16.0192 0300 NwlnkFwd - ok
    21:45:16.0291 0300 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:45:16.0298 0300 odserv - ok
    21:45:16.0337 0300 [ 1B30103FDE512915A9214B108B6E7A9C ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    21:45:16.0338 0300 ohci1394 - ok
    21:45:16.0441 0300 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:45:16.0444 0300 ose - ok
    21:45:16.0486 0300 [ 430F35C5592D253F43A26B4F5A523DBF ] p2pimsvc C:\Windows\system32\p2psvc.dll
    21:45:16.0493 0300 p2pimsvc - ok
    21:45:16.0528 0300 [ 430F35C5592D253F43A26B4F5A523DBF ] p2psvc C:\Windows\system32\p2psvc.dll
    21:45:16.0535 0300 p2psvc - ok
    21:45:16.0558 0300 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    21:45:16.0561 0300 Parport - ok
    21:45:16.0598 0300 [ 5AB40C36894F4C06BDAB0C9A2FBA282D ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:45:16.0607 0300 partmgr - ok
    21:45:16.0626 0300 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:45:16.0627 0300 PcaSvc - ok
    21:45:16.0636 0300 [ 2A5B2A51559066EA84742909B5B2CD69 ] pci C:\Windows\system32\drivers\pci.sys
    21:45:16.0642 0300 pci - ok
    21:45:16.0666 0300 [ 8D618C829034479985A9ED56106CC732 ] pciide C:\Windows\system32\drivers\pciide.sys
    21:45:16.0668 0300 pciide - ok
    21:45:16.0692 0300 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    21:45:16.0695 0300 pcmcia - ok
    21:45:16.0721 0300 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:45:16.0726 0300 PEAUTH - ok
    21:45:17.0180 0300 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:45:17.0182 0300 PerfHost - ok
    21:45:17.0482 0300 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    21:45:17.0492 0300 pla - ok
    21:45:17.0566 0300 [ 5AAA0C5534B05ED49919FCD9DBD11A5B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:45:17.0569 0300 PlugPlay - ok
    21:45:17.0612 0300 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    21:45:17.0637 0300 PNRPAutoReg - ok
    21:45:17.0658 0300 [ 430F35C5592D253F43A26B4F5A523DBF ] PNRPsvc C:\Windows\system32\p2psvc.dll
    21:45:17.0665 0300 PNRPsvc - ok
    21:45:17.0696 0300 [ EEF3688D5E9592CBBBED00DE71DDA1EF ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:45:17.0705 0300 PolicyAgent - ok
    21:45:17.0737 0300 [ F5739F2C6DB2534C384AD5150808E8F5 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:45:17.0741 0300 PptpMiniport - ok
    21:45:17.0756 0300 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
    21:45:17.0758 0300 Processor - ok
    21:45:17.0778 0300 [ B21FE10DAD3AB59E78DF7AA3FBF41E70 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:45:17.0781 0300 ProfSvc - ok
    21:45:17.0803 0300 [ 80F4593E92FF960E4763380D3168E498 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:45:17.0804 0300 ProtectedStorage - ok
    21:45:17.0839 0300 [ 0E0E205A296095FE4C631E6A4775AD6C ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    21:45:17.0841 0300 PSched - ok
    21:45:17.0912 0300 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:45:17.0941 0300 ql2300 - ok
    21:45:17.0949 0300 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:45:17.0953 0300 ql40xx - ok
    21:45:17.0982 0300 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    21:45:17.0985 0300 QWAVE - ok
    21:45:18.0000 0300 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:45:18.0001 0300 QWAVEdrv - ok
    21:45:18.0054 0300 [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    21:45:18.0056 0300 RapiMgr - ok
    21:45:18.0078 0300 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:45:18.0080 0300 RasAcd - ok
    21:45:18.0104 0300 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    21:45:18.0106 0300 RasAuto - ok
    21:45:18.0119 0300 [ 3B9085F91EF00ABD15A6F36570E90E12 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:45:18.0120 0300 Rasl2tp - ok
    21:45:18.0138 0300 [ 2A63D46B01685FD4BE9778CA3C231C2D ] RasMan C:\Windows\System32\rasmans.dll
    21:45:18.0142 0300 RasMan - ok
    21:45:18.0151 0300 [ 2CE1703C27196094FB6E4C6E439F2C21 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:45:18.0155 0300 RasPppoe - ok
    21:45:18.0163 0300 [ FCD04FA67E8B40FA0AD361DD38593942 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:45:18.0166 0300 RasSstp - ok
    21:45:18.0182 0300 [ 33FA5B6136D92EE0F53F021C79091300 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:45:18.0187 0300 rdbss - ok
    21:45:18.0198 0300 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:45:18.0199 0300 RDPCDD - ok
    21:45:18.0268 0300 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    21:45:18.0275 0300 rdpdr - ok
    21:45:18.0282 0300 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:45:18.0285 0300 RDPENCDD - ok
    21:45:18.0331 0300 [ 7747082F672AA2846235C9CEA42E2E72 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:45:18.0336 0300 RDPWD - ok
    21:45:18.0362 0300 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:45:18.0364 0300 RemoteAccess - ok
    21:45:18.0373 0300 [ 416C611369CBE49074B89CEE2F83ABEF ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:45:18.0375 0300 RemoteRegistry - ok
    21:45:18.0404 0300 [ F228CE2F778503CECB2B27097B5B3139 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    21:45:18.0405 0300 RFCOMM - ok
    21:45:18.0410 0300 RimUsb - ok
    21:45:18.0443 0300 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    21:45:18.0444 0300 RpcLocator - ok
    21:45:18.0468 0300 [ 52CDADE8289FF21F1F2215FF51A5F36C ] RpcSs C:\Windows\system32\rpcss.dll
    21:45:18.0477 0300 RpcSs - ok
    21:45:18.0501 0300 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:45:18.0502 0300 rspndr - ok
    21:45:18.0528 0300 [ 82B66ABF055611024E5DBB9FA556C11D ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
    21:45:18.0530 0300 RTL8169 - ok
    21:45:18.0584 0300 [ 80F4593E92FF960E4763380D3168E498 ] SamSs C:\Windows\system32\lsass.exe
    21:45:18.0585 0300 SamSs - ok
    21:45:18.0597 0300 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:45:18.0602 0300 sbp2port - ok
    21:45:18.0622 0300 [ F024D560FEA06F8B56D673849EB89AE6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:45:18.0624 0300 SCardSvr - ok
    21:45:18.0667 0300 [ CE75D26E0A1106129F4D156851E298ED ] Schedule C:\Windows\system32\schedsvc.dll
    21:45:18.0675 0300 Schedule - ok
    21:45:18.0687 0300 [ EDFFFC8B6AFB609BF33DBE0A900426B6 ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:45:18.0688 0300 SCPolicySvc - ok
    21:45:18.0705 0300 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:45:18.0708 0300 SDRSVC - ok
    21:45:18.0725 0300 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:45:18.0726 0300 secdrv - ok
    21:45:18.0736 0300 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    21:45:18.0738 0300 seclogon - ok
    21:45:18.0755 0300 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
    21:45:18.0758 0300 SENS - ok
    21:45:18.0767 0300 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:45:18.0768 0300 Serenum - ok
    21:45:18.0775 0300 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    21:45:18.0781 0300 Serial - ok
    21:45:18.0793 0300 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:45:18.0794 0300 sermouse - ok
    21:45:18.0829 0300 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:45:18.0831 0300 SessionEnv - ok
    21:45:18.0838 0300 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:45:18.0845 0300 sffdisk - ok
    21:45:18.0854 0300 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:45:18.0864 0300 sffp_mmc - ok
    21:45:18.0887 0300 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:45:18.0888 0300 sffp_sd - ok
    21:45:18.0895 0300 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    21:45:18.0897 0300 sfloppy - ok
    21:45:18.0988 0300 [ 9235EC680D3DB17464B39C7C7DECB4DD ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:45:18.0991 0300 ShellHWDetection - ok
    21:45:18.0999 0300 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    21:45:19.0001 0300 SiSRaid2 - ok
    21:45:19.0013 0300 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:45:19.0015 0300 SiSRaid4 - ok
    21:45:19.0150 0300 [ 875B04A71869D34A415CC8B4D4673EC4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    21:45:19.0151 0300 SkypeUpdate - ok
    21:45:19.0367 0300 [ A301D2CEFB4747DFE0C24425DCBE0B78 ] slsvc C:\Windows\system32\SLsvc.exe
    21:45:19.0392 0300 slsvc - ok
    21:45:19.0428 0300 [ F5DDF7C0AF85EB72CB295171F8C3CB35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
    21:45:19.0431 0300 SLUINotify - ok
    21:45:19.0444 0300 SMARTMouseFilterx64 - ok
    21:45:19.0493 0300 SMARTVHidMiniVistaAmd64 - ok
    21:45:19.0504 0300 SMARTVTabletPCx64 - ok
    21:45:19.0539 0300 [ 41EB2E8E005FEEDCAFCE301983EFF932 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:45:19.0541 0300 Smb - ok
    21:45:19.0602 0300 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:45:19.0604 0300 SNMPTRAP - ok
    21:45:19.0656 0300 [ F9CB0672162F7F04248E2B82C1FF4617 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:45:19.0658 0300 spldr - ok
    21:45:19.0785 0300 [ 92E6738D25C2123BE9515C0EAC0776CD ] Spooler C:\Windows\System32\spoolsv.exe
    21:45:19.0788 0300 Spooler - ok
    21:45:19.0903 0300 [ A8ABD7D0D907B45CF3831F4DD8644349 ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:45:19.0907 0300 srv - ok
    21:45:20.0006 0300 [ 6C72EEA39E1C37B436A6D1532999F9EC ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:45:20.0008 0300 srv2 - ok
    21:45:20.0106 0300 [ 7F69BCF9E6FA3D93C82EE6B87812666D ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:45:20.0108 0300 srvnet - ok
    21:45:20.0235 0300 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:45:20.0239 0300 SSDPSRV - ok
    21:45:20.0311 0300 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:45:20.0314 0300 SstpSvc - ok
    21:45:20.0361 0300 [ F14F7D7D68A66777FB999D5D0F21138D ] stisvc C:\Windows\System32\wiaservc.dll
    21:45:20.0367 0300 stisvc - ok
    21:45:20.0384 0300 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    21:45:20.0401 0300 swenum - ok
    21:45:20.0452 0300 [ DA34D6EB4A3154C0BEBAEB0A2483EF3E ] swprv C:\Windows\System32\swprv.dll
    21:45:20.0457 0300 swprv - ok
    21:45:20.0476 0300 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    21:45:20.0477 0300 Symc8xx - ok
    21:45:20.0485 0300 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    21:45:20.0492 0300 Sym_hi - ok
    21:45:20.0499 0300 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    21:45:20.0501 0300 Sym_u3 - ok
    21:45:20.0554 0300 [ BEA0D5521ED21DF8F6FFEED86DAEDE7B ] SysMain C:\Windows\system32\sysmain.dll
    21:45:20.0560 0300 SysMain - ok
    21:45:20.0586 0300 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:45:20.0588 0300 TabletInputService - ok
    21:45:20.0695 0300 [ 52091001CAF20AE84CF47023EE21B4BB ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:45:20.0698 0300 TapiSrv - ok
    21:45:20.0744 0300 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    21:45:20.0746 0300 TBS - ok
    21:45:20.0822 0300 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:45:20.0833 0300 Tcpip - ok
    21:45:20.0884 0300 [ 7D86275FB640011B372FD566C0EAFA8D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:45:20.0895 0300 Tcpip6 - ok
    21:45:20.0919 0300 [ C29D4B3B08AD0B7E8564814E4FF6A57B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:45:20.0920 0300 tcpipreg - ok
    21:45:20.0939 0300 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:45:20.0945 0300 TDPIPE - ok
    21:45:20.0956 0300 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:45:20.0960 0300 TDTCP - ok
    21:45:20.0972 0300 [ 8C39C72E0E853DE04748C0337D9B9216 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:45:20.0975 0300 tdx - ok
    21:45:20.0987 0300 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    21:45:20.0991 0300 TermDD - ok
    21:45:21.0025 0300 [ F870A5589D6A94B426EFB13689023946 ] TermService C:\Windows\System32\termsrv.dll
    21:45:21.0031 0300 TermService - ok
    21:45:21.0054 0300 [ 9235EC680D3DB17464B39C7C7DECB4DD ] Themes C:\Windows\system32\shsvcs.dll
    21:45:21.0058 0300 Themes - ok
    21:45:21.0087 0300 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    21:45:21.0089 0300 THREADORDER - ok
    21:45:21.0124 0300 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    21:45:21.0127 0300 TrkWks - ok
    21:45:21.0215 0300 [ AC6FF1DF22ED90BAD6417EE5A4C6E2F0 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:45:21.0215 0300 TrustedInstaller - ok
    21:45:21.0263 0300 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:45:21.0266 0300 tssecsrv - ok
    21:45:21.0360 0300 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    21:45:21.0362 0300 tunmp - ok
    21:45:21.0424 0300 [ 2DC2C423572946E9A3131425BDA73CB6 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:45:21.0426 0300 tunnel - ok
    21:45:21.0488 0300 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:45:21.0490 0300 uagp35 - ok
    21:45:21.0611 0300 [ ECA6629E33F122AFFF18A2AB7C3EB033 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:45:21.0661 0300 udfs - ok
    21:45:21.0740 0300 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:45:21.0742 0300 UI0Detect - ok
    21:45:21.0857 0300 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:45:21.0859 0300 uliagpkx - ok
    21:45:21.0951 0300 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    21:45:21.0956 0300 uliahci - ok
    21:45:22.0034 0300 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    21:45:22.0037 0300 UlSata - ok
    21:45:22.0157 0300 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    21:45:22.0161 0300 ulsata2 - ok
    21:45:22.0190 0300 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:45:22.0192 0300 umbus - ok
    21:45:22.0270 0300 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    21:45:22.0274 0300 upnphost - ok
    21:45:22.0300 0300 USBAAPL64 - ok
    21:45:22.0331 0300 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:45:22.0333 0300 usbccgp - ok
    21:45:22.0344 0300 [ 8C39D53E1A343F4C47EE8F3C052126D8 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
    21:45:22.0345 0300 usbcir - ok
    21:45:22.0362 0300 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:45:22.0363 0300 usbehci - ok
    21:45:22.0376 0300 [ 99045369AE3216216573D0775FD7ED56 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:45:22.0379 0300 usbhub - ok
    21:45:22.0405 0300 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    21:45:22.0407 0300 usbohci - ok
    21:45:22.0418 0300 [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    21:45:22.0420 0300 usbprint - ok
    21:45:22.0452 0300 [ 586D9876A4945779C8EEA926C0D16889 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:45:22.0454 0300 USBSTOR - ok
    21:45:22.0476 0300 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    21:45:22.0477 0300 usbuhci - ok
    21:45:22.0511 0300 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    21:45:22.0514 0300 usbvideo - ok
    21:45:22.0548 0300 [ 567D09D1C41809550ECE9ED22D6D612B ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    21:45:22.0549 0300 usb_rndisx - ok
    21:45:22.0588 0300 [ 9190F03C82547AFA87367F1CECA88F3B ] UxSms C:\Windows\System32\uxsms.dll
    21:45:22.0590 0300 UxSms - ok
    21:45:22.0614 0300 [ C15A4A550CBA7B9F1F68B72528E04CE1 ] vds C:\Windows\System32\vds.exe
    21:45:22.0619 0300 vds - ok
    21:45:22.0657 0300 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:45:22.0660 0300 vga - ok
    21:45:22.0693 0300 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:45:22.0694 0300 VgaSave - ok
    21:45:22.0704 0300 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    21:45:22.0710 0300 viaide - ok
    21:45:22.0740 0300 [ 793D9B32A1C462C91F6F70358283AC97 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:45:22.0741 0300 volmgr - ok
    21:45:22.0763 0300 [ 5AA217DA5DC4FF5B9AC9AB86563B3223 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:45:22.0766 0300 volmgrx - ok
    21:45:22.0777 0300 [ DE4307412D98050239026E56A7DFF3C0 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:45:22.0780 0300 volsnap - ok
    21:45:22.0806 0300 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:45:22.0809 0300 vsmraid - ok
    21:45:22.0849 0300 [ 186BD53F8A408AD20F5A056C05678629 ] VSS C:\Windows\system32\vssvc.exe
    21:45:22.0861 0300 VSS - ok
    21:45:22.0932 0300 [ 3AD1E72748978D8B0B3B674741E4C3E2 ] vToolbarUpdater14.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    21:45:22.0940 0300 vToolbarUpdater14.2.0 - ok
    21:45:23.0000 0300 [ BA29F34A61CB55C0DEE29E787542EDF4 ] W32Time C:\Windows\system32\w32time.dll
    21:45:23.0004 0300 W32Time - ok
    21:45:23.0039 0300 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:45:23.0041 0300 WacomPen - ok
    21:45:23.0064 0300 [ AEA75207E443C8623C36B8D03596F84F ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    21:45:23.0066 0300 Wanarp - ok
    21:45:23.0071 0300 [ AEA75207E443C8623C36B8D03596F84F ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:45:23.0072 0300 Wanarpv6 - ok
    21:45:23.0136 0300 [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    21:45:23.0139 0300 WcesComm - ok
    21:45:23.0155 0300 [ 055449247C490E24B968B44FE8A969EB ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:45:23.0161 0300 wcncsvc - ok
    21:45:23.0191 0300 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:45:23.0193 0300 WcsPlugInService - ok
    21:45:23.0202 0300 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    21:45:23.0204 0300 Wd - ok
    21:45:23.0268 0300 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:45:23.0276 0300 Wdf01000 - ok
    21:45:23.0321 0300 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:45:23.0324 0300 WdiServiceHost - ok
    21:45:23.0332 0300 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:45:23.0334 0300 WdiSystemHost - ok
    21:45:23.0375 0300 [ 3D4AB55F8178FD0CD3CA45CD0EC9CF5B ] WebClient C:\Windows\System32\webclnt.dll
    21:45:23.0379 0300 WebClient - ok
    21:45:23.0421 0300 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:45:23.0424 0300 Wecsvc - ok
    21:45:23.0463 0300 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:45:23.0465 0300 wercplsupport - ok
    21:45:23.0504 0300 [ FC25242B3BCAF7E84D9184082274AE08 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:45:23.0507 0300 WerSvc - ok
    21:45:23.0519 0300 WinHttpAutoProxySvc - ok
    21:45:23.0604 0300 [ AC98F38FEAB066A8F983D54FF3F4FD4C ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:45:23.0606 0300 Winmgmt - ok
    21:45:23.0675 0300 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    21:45:23.0707 0300 WinRM - ok
    21:45:23.0787 0300 [ 0A69955261C1B54206ADC9BEB89517DE ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:45:23.0793 0300 Wlansvc - ok
    21:45:23.0823 0300 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:45:23.0825 0300 WmiAcpi - ok
    21:45:23.0856 0300 [ D303322DD577C3DEDA1251ED2E7A496C ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:45:23.0859 0300 wmiApSrv - ok
    21:45:23.0888 0300 WMPNetworkSvc - ok
    21:45:23.0917 0300 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:45:23.0921 0300 WPCSvc - ok
    21:45:23.0944 0300 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:45:23.0946 0300 WPDBusEnum - ok
    21:45:23.0972 0300 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    21:45:23.0974 0300 WpdUsb - ok
    21:45:24.0069 0300 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    21:45:24.0077 0300 WPFFontCache_v0400 - ok
    21:45:24.0088 0300 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:45:24.0091 0300 ws2ifsl - ok
    21:45:24.0101 0300 WSearch - ok
    21:45:24.0143 0300 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:45:24.0144 0300 WUDFRd - ok
    21:45:24.0168 0300 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:45:24.0170 0300 wudfsvc - ok
    21:45:24.0242 0300 ================ Scan global ===============================
    21:45:24.0261 0300 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    21:45:24.0309 0300 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
    21:45:24.0347 0300 [ 2D94E4CE322F12061D3FA7DBE65E9AC5 ] C:\Windows\system32\winsrv.dll
    21:45:24.0421 0300 [ DFAC660F0F139276CC9299812DE42719 ] C:\Windows\system32\services.exe
    21:45:24.0425 0300 [Global] - ok
    21:45:24.0425 0300 ================ Scan MBR ==================================
    21:45:24.0439 0300 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
    21:45:24.0654 0300 \Device\Harddisk0\DR0 - ok
    21:45:24.0662 0300 ================ Scan VBR ==================================
    21:45:24.0666 0300 [ 1B15BF4C70D67E1DC62E7582DB7DE59E ] \Device\Harddisk0\DR0\Partition1
    21:45:24.0667 0300 \Device\Harddisk0\DR0\Partition1 - ok
    21:45:24.0675 0300 [ E440EBB3CEC654FA8066B8DA1B00A7C4 ] \Device\Harddisk0\DR0\Partition2
    21:45:24.0677 0300 \Device\Harddisk0\DR0\Partition2 - ok
    21:45:24.0677 0300 ================ Scan active images ========================
    21:45:24.0684 0300 [ CD29DDA6B9F8DF8F4BD284384B32DF73 ] C:\Windows\System32\drivers\crashdmp.sys
    21:45:24.0684 0300 C:\Windows\System32\drivers\crashdmp.sys - ok
    21:45:24.0695 0300 [ 170CE3F0190702EA9EFDD2DD77130EF8 ] C:\Windows\System32\drivers\iaStor.sys
    21:45:24.0695 0300 C:\Windows\System32\drivers\iaStor.sys - ok
    21:45:24.0705 0300 [ 2DC2C423572946E9A3131425BDA73CB6 ] C:\Windows\System32\drivers\tunnel.sys
    21:45:24.0705 0300 C:\Windows\System32\drivers\tunnel.sys - ok
    21:45:24.0713 0300 [ 89EC74A9E602D16A75A4170511029B3C ] C:\Windows\System32\drivers\TUNMP.SYS
    21:45:24.0713 0300 C:\Windows\System32\drivers\TUNMP.SYS - ok
    21:45:24.0717 0300 [ BFD84AF32FA1BAD6231C4585CB469630 ] C:\Windows\System32\drivers\intelppm.sys
    21:45:24.0717 0300 C:\Windows\System32\drivers\intelppm.sys - ok
    21:45:24.0724 0300 [ 093DCD56DA1B3801AA9689F0628BAB7D ] C:\Windows\System32\drivers\nvlddmkm.sys
    21:45:24.0724 0300 C:\Windows\System32\drivers\nvlddmkm.sys - ok
    21:45:24.0731 0300 [ 412964040CE920FF83AFF6B5B551BF99 ] C:\Windows\System32\drivers\dxgkrnl.sys
    21:45:24.0731 0300 C:\Windows\System32\drivers\dxgkrnl.sys - ok
    21:45:24.0737 0300 [ 88F47B1073EC4D546432E3A02B1D5F6F ] C:\Windows\System32\drivers\watchdog.sys
    21:45:24.0738 0300 C:\Windows\System32\drivers\watchdog.sys - ok
    21:45:24.0745 0300 [ 5A4EA9F99D58B0CF99982744CF3A8786 ] C:\Windows\System32\drivers\usbport.sys
    21:45:24.0745 0300 C:\Windows\System32\drivers\usbport.sys - ok
    21:45:24.0752 0300 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] C:\Windows\System32\drivers\usbuhci.sys
    21:45:24.0752 0300 C:\Windows\System32\drivers\usbuhci.sys - ok
    21:45:24.0759 0300 [ 0C0D0F8A3FF09ECC81963D09EC6A0A84 ] C:\Windows\System32\drivers\hdaudbus.sys
    21:45:24.0759 0300 C:\Windows\System32\drivers\hdaudbus.sys - ok
    21:45:24.0765 0300 [ DA6D8D8ED0A53C63AC6F4BD40FE83FBE ] C:\Windows\System32\drivers\usbehci.sys
    21:45:24.0765 0300 C:\Windows\System32\drivers\usbehci.sys - ok
    21:45:24.0773 0300 [ EF39E62B2213C019D9F9B5E272401CE6 ] C:\Windows\System32\drivers\netr28x.sys
    21:45:24.0773 0300 C:\Windows\System32\drivers\netr28x.sys - ok
    21:45:24.0781 0300 [ F23EFEFF6389034EC70430B8CB7684B3 ] C:\Windows\System32\drivers\AVerBDA716x_x64.sys
    21:45:24.0781 0300 C:\Windows\System32\drivers\AVerBDA716x_x64.sys - ok
    21:45:24.0788 0300 [ 40014A6251A68D1EC48001B1653CCEE0 ] C:\Windows\System32\drivers\bdasup.sys
    21:45:24.0788 0300 C:\Windows\System32\drivers\bdasup.sys - ok
    21:45:24.0796 0300 [ BC717CE0140A5E0A1E21C643693BE001 ] C:\Windows\System32\drivers\ks.sys
    21:45:24.0796 0300 C:\Windows\System32\drivers\ks.sys - ok
    21:45:24.0803 0300 [ 1D419CF43DB29396ECD7113D129D94EB ] C:\Windows\System32\drivers\ksthunk.sys
    21:45:24.0803 0300 C:\Windows\System32\drivers\ksthunk.sys - ok
    21:45:24.0810 0300 [ 82B66ABF055611024E5DBB9FA556C11D ] C:\Windows\System32\drivers\Rtlh64.sys
    21:45:24.0810 0300 C:\Windows\System32\drivers\Rtlh64.sys - ok
    21:45:24.0818 0300 [ 4BA7814D6067E313A8713CAEB7239594 ] C:\Windows\System32\drivers\1394bus.sys
    21:45:24.0818 0300 C:\Windows\System32\drivers\1394bus.sys - ok
    21:45:24.0825 0300 [ 3B2FB35363423ED60C8FBF15FC8680BD ] C:\Windows\System32\drivers\cdrom.sys
    21:45:24.0825 0300 C:\Windows\System32\drivers\cdrom.sys - ok
    21:45:24.0834 0300 [ 1B30103FDE512915A9214B108B6E7A9C ] C:\Windows\System32\drivers\ohci1394.sys
    21:45:24.0834 0300 C:\Windows\System32\drivers\ohci1394.sys - ok
    21:45:24.0839 0300 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys
    21:45:24.0839 0300 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
    21:45:24.0847 0300 [ B0C2CEA708685E8AD10F028211A2D973 ] C:\Windows\System32\drivers\OSDACPI.SYS
    21:45:24.0847 0300 C:\Windows\System32\drivers\OSDACPI.SYS - ok
    21:45:24.0854 0300 [ 49E4CCBF74783FCE5D2CC1FF6480E1F4 ] C:\Windows\System32\drivers\msiscsi.sys
    21:45:24.0854 0300 C:\Windows\System32\drivers\msiscsi.sys - ok
    21:45:24.0862 0300 [ F84691DE2889C1D395526706984076F7 ] C:\Windows\System32\drivers\Storport.sys
    21:45:24.0862 0300 C:\Windows\System32\drivers\Storport.sys - ok
    21:45:24.0869 0300 [ 25D29DB7F630ABFEB943BCAED5F069A0 ] C:\Windows\System32\drivers\tdi.sys
    21:45:24.0869 0300 C:\Windows\System32\drivers\tdi.sys - ok
    21:45:24.0876 0300 [ 64DF698A425478E321981431AC171334 ] C:\Windows\System32\drivers\ndistapi.sys
    21:45:24.0876 0300 C:\Windows\System32\drivers\ndistapi.sys - ok
    21:45:24.0883 0300 [ 3B9085F91EF00ABD15A6F36570E90E12 ] C:\Windows\System32\drivers\rasl2tp.sys
    21:45:24.0883 0300 C:\Windows\System32\drivers\rasl2tp.sys - ok
    21:45:24.0891 0300 [ 52E3E8E35101399BE9B2938C992AA087 ] C:\Windows\System32\drivers\ndiswan.sys
    21:45:24.0891 0300 C:\Windows\System32\drivers\ndiswan.sys - ok
    21:45:24.0899 0300 [ 2CE1703C27196094FB6E4C6E439F2C21 ] C:\Windows\System32\drivers\raspppoe.sys
    21:45:24.0899 0300 C:\Windows\System32\drivers\raspppoe.sys - ok
    21:45:24.0908 0300 [ F5739F2C6DB2534C384AD5150808E8F5 ] C:\Windows\System32\drivers\raspptp.sys
    21:45:24.0908 0300 C:\Windows\System32\drivers\raspptp.sys - ok
    21:45:24.0923 0300 [ FCD04FA67E8B40FA0AD361DD38593942 ] C:\Windows\System32\drivers\rassstp.sys
    21:45:24.0923 0300 C:\Windows\System32\drivers\rassstp.sys - ok
    21:45:24.0935 0300 [ 3F0EBF6EE609F2A276C0D5FAF244EC90 ] C:\Windows\System32\drivers\termdd.sys
    21:45:24.0935 0300 C:\Windows\System32\drivers\termdd.sys - ok
    21:45:24.0958 0300 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] C:\Windows\System32\drivers\circlass.sys
    21:45:24.0958 0300 C:\Windows\System32\drivers\circlass.sys - ok
    21:45:24.0963 0300 [ 423696F3BA6472DD17699209B933BC26 ] C:\Windows\System32\drivers\kbdclass.sys
    21:45:24.0963 0300 C:\Windows\System32\drivers\kbdclass.sys - ok
    21:45:24.0974 0300 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] C:\Windows\System32\drivers\mouclass.sys
    21:45:24.0974 0300 C:\Windows\System32\drivers\mouclass.sys - ok
    21:45:24.0977 0300 [ 8A851CA908B8B974F89C50D2E18D4F0C ] C:\Windows\System32\drivers\swenum.sys
    21:45:24.0978 0300 C:\Windows\System32\drivers\swenum.sys - ok
    21:45:24.0989 0300 [ 855796E59DF77EA93AF46F20155BF55B ] C:\Windows\System32\drivers\mssmbios.sys
    21:45:24.0989 0300 C:\Windows\System32\drivers\mssmbios.sys - ok
    21:45:24.0993 0300 [ 46E9A994C4FED537DD951F60B86AD3F4 ] C:\Windows\System32\drivers\umbus.sys
    21:45:24.0993 0300 C:\Windows\System32\drivers\umbus.sys - ok
    .../...
    m
    0
    l
    15 Avril 2013 21:45:57

    Bonsoir
    15 jours après...
    ton rapport est incomplet, en plus, il me manque le rapport otl:
    utilise ce service pour me transmettre les rapports:
    http://security-x.fr/up/
    m
    0
    l
    16 Avril 2013 10:34:57

    Bonjour,

    J'ai tout transmis via security rapports TDSSKiller + OTL déjà envoyé l'autre soir (c'est bien plus pratique et bien moins indigeste qu'en copier-coller mais où cela arrive ?) et je tâche de penser à cocher "m'avertir lors de l'envoi d'une réponse" pour ne pas rester sans regarder le site pendant 15 jours.

    Merci pour vos contributions.
    m
    0
    l
    16 Avril 2013 10:59:00

    Bonjour
    Dans tes rapports, rien n'explique pour Mbam ne se lance pas.
    Désinstalle-le via ajouts/supressions de programmes et recommence la procédure:

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
    Une fois l'installation et la mise à jour effectuées :
  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    ~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    ~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.

  • Poste ce rapport.

    ~~REMARQUE: Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.



    ~~Aide :

  • Tutoriel MalwareByte's Anti-Malware

    +++++++++
    m
    0
    l
    16 Avril 2013 23:09:57

    Bonsoir et merci pour toutes ces indications.
    Cette fois le rapport n'est pas trop long il me semble^^

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Version de la base de données: v2013.04.16.06

    Windows Vista Service Pack 1 x64 NTFS
    Internet Explorer 7.0.6001.18000
    user :: PC-DE-USER [administrateur]

    16/04/2013 15:21:25
    mbam-log-2013-04-16 (15-21-25).txt

    Type d'examen: Examen complet (C:\|D:\|E:\|F:\|H:\|)
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 502980
    Temps écoulé: 2 heure(s), 4 minute(s), 32 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 2
    C:\Users\user\AppData\Roaming\kujytuo.exe (Affiliate.Downloader.AI) -> Mis en quarantaine et supprimé avec succès.
    C:\Users\user\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Mis en quarantaine et supprimé avec succès.

    (fin)
    m
    0
    l
    18 Avril 2013 09:55:19

    Bonjour
    On va vérifier une dernière chose car ton infection peut parfois endommager des fonctionnalités de windows.
    L'infection usb est moins "embêtante" que la zero access que nous avons vu avec OTL puis supprimé.

    Télécharge Farbar Service Scanner (de Farbar) sur ton bureau.

  • Ferme toutes tes fenêtres, puis double clique sur FSS.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

  • Laisse les options cochées par défaut
  • Coche en plus "Windows Update" et "Windows Firewall"
  • Clique sur le bouton "Scan"
  • Laisse travailler l'outil, un rapport va apparaitre.
  • Poste son contenu dans ta prochaine réponse

    (S'il n'apparait pas, tu le trouveras à l'emplacement du fichier FSS.exe, sous le nom FSS.txt )
    m
    0
    l
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS