> Tous les forums > Forum Les mains dans le cambouis
 Trojan.bootkit.dropper
Ajouter un message à la discussion
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]
black_bass
  Posté le 19/07/2012 @ 20:13 
Aller en bas de la page 
Petit astucien

Bonjour,

Face à un problème de lecture de vidéos sur Youtube et ne trouvant pas de solutions après avoir installé la denrière mouture de Adobe flash player, j'ai balancé un scan avec MalwaresBytes et j'ai trouvé ça :


Fichier(s) détecté(s): 1
C:\WINDOWS\system32\dllcache\explorer.exe (Trojan.Bootkit.Dropper) -> Mis en quarantaine et supprimé avec succès.

Après l'avoir supprimer, j'ai relancé un scan et il l'a encore retrouvé. Je l'ai supprimé et il n'est plus réapparu lors des prochains scans.

Mais j'ai décidé de suivre votre procédure par précaution.

Scan avec AdwCleaner :

# AdwCleaner v1.702 - Rapport créé le 19/07/2012 à 19:44:05
# Mis à jour le 13/07/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Yo - PACKARD-ED6BE61
# Exécuté depuis : D:\Téléchargements\adwcleaner.exe
# Option [Suppression]


***** [Services] *****

Arrêté & Supprimé : Updater Service for StartNow Toolbar

***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\Yo\Local Settings\Application Data\Linkury
Dossier Supprimé : C:\Documents and Settings\Yo\Application Data\OpenCandy
Dossier Supprimé : C:\Documents and Settings\Yo\Application Data\Mozilla\Firefox\Profiles\d10cwj7a.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Dossier Supprimé : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Dossier Supprimé : C:\Program Files\StartNow Toolbar
Dossier Supprimé : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
Fichier Supprimé : C:\Documents and Settings\Yo\Application Data\Mozilla\Firefox\Profiles\d10cwj7a.default\searchplugins\Linkury Smartbar Search.xml
Fichier Supprimé : C:\Documents and Settings\Yo\Application Data\Mozilla\Firefox\Profiles\d10cwj7a.default\searchplugins\yahoo-zugo.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\Iminent
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\StartNow Toolbar
Clé Supprimée : HKCU\Software\Zugo
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Clé Supprimée : HKLM\SOFTWARE\Classes\ZGClnt.Mngr
Clé Supprimée : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1
Clé Supprimée : HKLM\SOFTWARE\Iminent
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Clé Supprimée : HKLM\SOFTWARE\StartNow Toolbar

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://klit.startnow.com/?src=startpage&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=FR&install_date=20120622&user_guid=A88DF6FEE45C480481F5AF4ECF9133C8&machine_id=144d8d13c17c276e4efa8293cfe362d7&browser=IE&os=win&os_version=5.1-x86-SP3 --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (fr)

Nom du profil : default
Fichier : C:\Documents and Settings\Yo\Application Data\Mozilla\Firefox\Profiles\d10cwj7a.default\prefs.js

Supprimée : user_pref("keyword.URL", "hxxp://klit.startnow.com/s/?src=addrbar&provider=&provider_name=yahoo&prov[...]
Supprimée : user_pref("quickstores.toolbar.affid", "2017");
Supprimée : user_pref("quickstores.toolbar.guid", "{50BAB7B6-BD47-C362-B767-73976675AEF2}");

*************************

AdwCleaner[R1].txt - [6533 octets] - [19/07/2012 19:43:03]
AdwCleaner[S1].txt - [6712 octets] - [19/07/2012 19:44:05]

########## EOF - C:\AdwCleaner[S1].txt - [6840 octets] ##########

Puis j'ai passé ZHP Diag

Publicité
black_bass
 Posté le 19/07/2012 à 20:14 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Fichier joint : ZHPDiag.txt que je ne sais pas interpréter

Merci.



Modifié par black_bass le 19/07/2012 20:15
Fill
 Posté le 19/07/2012 à 20:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Salut,

1/

  • Télécharger TDSSkiller de Kaspersky,
  • Extraire de l'archive téléchargée le fichier TDSSKiller.exe et le placer sur le Bureau,
  • Faire un double clic sur TDSSKiller.exe pour le lancer.

  • Cliquer sur Start scan pour lancer l'analyse,
  • Lorsque l'outil a terminé son travail d'inspection, si des nuisibles Image IPB ("Malicious objects") ont été trouvés, vérifier que l'option Image IPB (Cure) est sélectionnée,
  • Si des objects suspects ("Suspicious objects") ont été détectés, sur l'écran de demande de confirmation, modifier l'action à entreprendre et indiquer Quarantine (au lieu de Skip),
  • Puis cliquer sur le bouton Image IPB (Continue),
  • Attendre l'affichage du fichier rapport.
  • Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton Image IPB (Reboot computer).
  • Envoyer en réponse : le rapport de TDSSKiller (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)
    [SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

2/

  • Télécharge Roguekiller de Tigzy sur ton Bureau,
  • Exécute le programme (par double-clic ou clic droit>Exécuter en tant qu'administrateur pour les versions pls récente que XP),
  • Une pré-analyse se lance et cette fenêtre s'ouvre (Si ton antivirus se manifeste, autorise la modification) :


  • Clique sur le bouton "Scan" pour lancer l'analyse,
  • Un rapport nommé RKreport[1] doit être créé sur ton Bureau. Copie son contenu dans ta prochaine réponse.

Fill

black_bass
 Posté le 19/07/2012 à 21:18 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonsoir,

Voici le fichier joint : TDSSKiller.2.7.46.0_19.07.2012_21.08.33_log.txt

Quant à RogueKiller, il fait planter mon PC :

Crash RogueKiller

Voici les infos techniques du rapport d'erreurs :

C:\DOCUME~1\Admin\LOCALS~1\Temp\WERaa24.dir00\Mini071912-01.dmp
C:\DOCUME~1\Admin\LOCALS~1\Temp\WERaa24.dir00\sysdata.xml

Ça sent le caca ?



Modifié par black_bass le 19/07/2012 21:22
black_bass
 Posté le 19/07/2012 à 21:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Malgré tout RK a créé ça sur mon bureau (désolé je n'ai pas pu insérer ce rapport) :

[00:00:0000] Has crashed before : Yes
[00:00:0000] ***** Global Init *****
[00:00:0000] Create mutex : RogueKiller
[00:00:0000] Mutex Created : 0xf8
[00:00:0000] Fill lists
[00:00:0016] OS Language : French
[00:00:0016] Take Privileges
[00:00:0032] Modify Token
[00:00:0032] Set priority to HIGH
[00:00:0032] Getting Operating System
[00:00:0032] Os Getted : Windows XP (5.1.2600 Service Pack 3) 32 bits version
[00:00:0032] ***** Global Init OK *****
[00:00:0047] ***** GUI Init *****
[00:00:0063] Get build number
[00:00:0063] build number : RogueKiller (par Tigzy) -- v7.6.4
[00:00:0157] ***** GUI Init OK *****
[00:00:0157] ***** PreScan *****
[00:00:0172] Clear ListViews
[00:00:0172] Clear Objects
[00:00:0188] [Check Window] Eula - Please read
[00:00:0188] [Check Window] Debug log sending
[00:00:0188] [Check Window] Menu Démarrer
[00:00:0203] [Check Window] CiceroUIWndFrame
[00:00:0203] [Check Window] CiceroUIWndFrame
[00:00:0203] [Check Window] TF_FloatingLangBar_WndTitle
[00:00:0203] [Check Window] RogueKiller (par Tigzy) -- v7.6.4
[00:00:0203] [Check Window] ZClientTrayWnd
[00:00:0203] [Check Window] Cobian Backup Boletus Class Name
[00:00:0219] [Check Window] Connections Tray
[00:00:0219] [Check Window] MCI command handling window
[00:00:0219] [Check Window] {99ED12FA-BBE4-4914-8C2E-2206A86174DE}
[00:00:0219] [Check Window] Jauge d'énergie
[00:00:0219] [Check Window] Avira AntiVir Personal - Free Antivirus - SysTray
[00:00:0219] [Check Window] BlueSoleil_Hidden_Device_Message_Window
[00:00:0219] [Check Window] ISWHotKeyWindowClass_209f0000
[00:00:0235] [Check Window] Cobian Backup Boletus
[00:00:0235] [Check Window] Cobian Backup 10
[00:00:0235] [Check Window] MS_WebcheckMonitor
[00:00:0235] [Check Window] GDI+ Window
[00:00:0235] [Check Window] SysFader
[00:00:0235] [Check Window] Program Manager
[00:00:0250] [Check Window] M
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] M
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] Default IME
[00:00:0250] [Check Window] M
[00:00:0250] [Check Window] Default IME
[00:00:0266] [Check Window] M
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0266] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0282] [Check Window] Default IME
[00:00:0297] [Check Window] Default IME
[00:00:0297] [Check Window] M
[00:00:0297] [Check Window] Default IME
[00:00:0313] [Check Processes] Service PID : 868
[00:00:0313] [Check Processes] [0] [System Process]
[00:00:0328] [Check Processes] [4] System
[00:02:0391] [Check Processes] [600] smss.exe
[00:02:0391] [Check Processes] [800] csrss.exe
[00:02:0391] [Check Processes] [824] winlogon.exe
[00:02:0391] [Check Processes] [868] services.exe
[00:02:0407] [Check Processes] [888] lsass.exe
[00:02:0407] [Check Processes] [1060] svchost.exe
[00:02:0407] [Check Processes] [1128] svchost.exe
[00:02:0422] [Check Processes] [1192] agent.exe
[00:02:0422] Get sections OK ; Section table : 0x218 -- 0x1000
[00:02:0422] Nb sections : 4
[00:02:0422] Parsing section : [6] .text
[00:02:0422] Parsing section at 0x1000
[00:02:0438] Parsing section : [7] .rdata
[00:02:0438] Parsing section at 0x63000
[00:02:0438] Parsing section : [6] .data
[00:02:0438] Parsing section at 0x74000
[00:02:0438] Parsing section : [6] .rsrc
[00:02:0438] Parsing section at 0x7e000
[00:02:0453] [Check Processes] [1232] svchost.exe
[00:02:0469] [Check Processes] [1348] svchost.exe
[00:02:0469] [Check Processes] [1440] svchost.exe
[00:02:0469] [Check Processes] [1576] vsmon.exe
[00:02:0485] Get sections OK ; Section table : 0x208 -- 0x400
[00:02:0485] Nb sections : 6
[00:02:0485] Parsing section : [6] .text
[00:02:0485] Parsing section at 0x400
[00:02:0516] Parsing section : [7] .rdata
[00:02:0516] Parsing section at 0x197000
[00:02:0532] Parsing section : [6] .data
[00:02:0532] Parsing section at 0x201e00
[00:02:0532] Parsing section : [7] .sdata
[00:02:0532] Parsing section at 0x218c00
[00:02:0532] Parsing section : [6] .rsrc
[00:02:0532] Parsing section at 0x218e00
[00:02:0532] Parsing section : [7] .reloc
[00:02:0532] Parsing section at 0x222400
[00:02:0547] [Check Processes] [1740] explorer.exe
[00:02:0547] [Check DLLs] Explorer.EXE
[00:02:0547] [Check DLLs] ntdll.dll
[00:02:0563] [Check DLLs] kernel32.dll
[00:02:0563] [Check DLLs] ADVAPI32.dll
[00:02:0563] [Check DLLs] RPCRT4.dll
[00:02:0563] [Check DLLs] Secur32.dll
[00:02:0563] [Check DLLs] BROWSEUI.dll
[00:02:0563] [Check DLLs] GDI32.dll
[00:02:0578] [Check DLLs] USER32.dll
[00:02:0578] [Check DLLs] msvcrt.dll
[00:02:0578] [Check DLLs] ole32.dll
[00:02:0578] [Check DLLs] SHLWAPI.dll
[00:02:0578] [Check DLLs] OLEAUT32.dll
[00:02:0578] [Check DLLs] SHDOCVW.dll
[00:02:0594] [Check DLLs] CRYPT32.dll
[00:02:0594] [Check DLLs] MSASN1.dll
[00:02:0594] [Check DLLs] CRYPTUI.dll
[00:02:0594] [Check DLLs] NETAPI32.dll
[00:02:0594] [Check DLLs] VERSION.dll
[00:02:0594] [Check DLLs] WININET.dll
[00:02:0610] [Check DLLs] Normaliz.dll
[00:02:0610] [Check DLLs] urlmon.dll
[00:02:0610] [Check DLLs] iertutil.dll
[00:02:0610] [Check DLLs] WINTRUST.dll
[00:02:0610] [Check DLLs] IMAGEHLP.dll
[00:02:0610] [Check DLLs] WLDAP32.dll
[00:02:0625] [Check DLLs] SHELL32.dll
[00:02:0625] [Check DLLs] UxTheme.dll
[00:02:0625] [Check DLLs] ShimEng.dll
[00:02:0625] [Check DLLs] AcGenral.DLL
[00:02:0625] [Check DLLs] WINMM.dll
[00:02:0625] [Check DLLs] MSACM32.dll
[00:02:0641] [Check DLLs] USERENV.dll
[00:02:0641] [Check DLLs] IMM32.DLL
[00:02:0641] [Check DLLs] comctl32.dll
[00:02:0641] [Check DLLs] comctl32.dll
[00:02:0641] [Check DLLs] serwvdrv.dll
[00:02:0657] [Check DLLs] umdmxfrm.dll
[00:02:0657] [Check DLLs] msctfime.ime
[00:02:0657] [Check DLLs] appHelp.dll
[00:02:0657] [Check DLLs] CLBCATQ.DLL
[00:02:0657] [Check DLLs] COMRes.dll
[00:02:0657] [Check DLLs] cscui.dll
[00:02:0657] [Check DLLs] CSCDLL.dll
[00:02:0672] [Check DLLs] themeui.dll
[00:02:0672] [Check DLLs] MSIMG32.dll
[00:02:0672] [Check DLLs] xpsp2res.dll
[00:02:0672] [Check DLLs] ACTXPRXY.DLL
[00:02:0672] [Check DLLs] msutb.dll
[00:02:0672] [Check DLLs] MSCTF.dll
[00:02:0688] [Check DLLs] wmpband.dll
[00:02:0688] [Check DLLs] MPR.dll
[00:02:0688] [Check DLLs] LINKINFO.dll
[00:02:0688] [Check DLLs] ntshrui.dll
[00:02:0688] [Check DLLs] ATL.DLL
[00:02:0688] [Check DLLs] SAMLIB.dll
[00:02:0703] [Check DLLs] ieframe.dll
[00:02:0703] [Check DLLs] ISWSHEX.dll
[00:02:0703] [Check DLLs] MSVCR80.dll
[00:02:0703] [Check DLLs] MSVCP80.dll
[00:02:0703] [Check DLLs] NTMARTA.DLL
[00:02:0719] [Check DLLs] SETUPAPI.dll
[00:02:0719] [Check DLLs] WINSTA.dll
[00:02:0719] [Check DLLs] webcheck.dll
[00:02:0719] [Check DLLs] MLANG.dll
[00:02:0719] [Check DLLs] stobject.dll
[00:02:0719] [Check DLLs] BatMeter.dll
[00:02:0735] [Check DLLs] POWRPROF.dll
[00:02:0735] [Check DLLs] WTSAPI32.dll
[00:02:0735] [Check DLLs] NETSHELL.dll
[00:02:0735] [Check DLLs] credui.dll
[00:02:0735] [Check DLLs] dot3api.dll
[00:02:0735] [Check DLLs] rtutils.dll
[00:02:0750] [Check DLLs] dot3dlg.dll
[00:02:0750] [Check DLLs] OneX.DLL
[00:02:0750] [Check DLLs] eappcfg.dll
[00:02:0750] [Check DLLs] MSVCP60.dll
[00:02:0750] [Check DLLs] eappprxy.dll
[00:02:0750] [Check DLLs] iphlpapi.dll
[00:02:0766] [Check DLLs] WS2_32.dll
[00:02:0766] [Check DLLs] WS2HELP.dll
[00:02:0766] [Check DLLs] msi.dll
[00:02:0766] [Check DLLs] WPDShServiceObj.dll
[00:02:0766] [Check DLLs] WINHTTP.dll
[00:02:0766] [Check DLLs] wdmaud.drv
[00:02:0782] [Check DLLs] msacm32.drv
[00:02:0782] [Check DLLs] BsShell.dll
[00:02:0782] [Check DLLs] BsSDK.dll
[00:02:0782] [Check DLLs] BsTrace.dll
[00:02:0782] [Check DLLs] BsCommon.dll
[00:02:0782] [Check DLLs] WINSPOOL.DRV
[00:02:0797] [Check DLLs] gdiplus.dll
[00:02:0797] [Check DLLs] BsMobileSDK.dll
[00:02:0797] [Check DLLs] PSAPI.DLL
[00:02:0797] [Check DLLs] BsLangInDepRes.dll
[00:02:0797] [Check DLLs] Bs2Res.dll
[00:02:0797] [Check DLLs] midimap.dll
[00:02:0813] [Check DLLs] mydocs.dll
[00:02:0813] [Check DLLs] drprov.dll
[00:02:0813] [Check DLLs] ntlanman.dll
[00:02:0813] [Check DLLs] NETUI0.dll
[00:02:0813] [Check DLLs] NETUI1.dll
[00:02:0813] [Check DLLs] NETRAP.dll
[00:02:0828] [Check DLLs] davclnt.dll
[00:02:0828] [Check DLLs] PortableDeviceTypes.dll
[00:02:0828] [Check DLLs] PortableDeviceApi.dll
[00:02:0828] [Check DLLs] shlxthdl.dll
[00:02:0828] [Check DLLs] MSVCP90.dll
[00:02:0828] [Check DLLs] MSVCR90.dll
[00:02:0844] [Check DLLs] browselc.dll
[00:02:0844] [Check DLLs] PDFShell.dll
[00:02:0844] [Check DLLs] PDFShell.FRA
[00:02:0844] [Check DLLs] TrustCheckerIEPlugin.dll
[00:02:0844] [Check DLLs] DUSER.dll
[00:02:0844] [Check DLLs] rsaenh.dll
[00:02:0860] [Check DLLs] cryptnet.dll
[00:02:0860] [Check DLLs] SensApi.dll
[00:02:0860] [Check DLLs] Cabinet.dll
[00:02:0860] [Check Processes] [364] ISWSVC.exe
[00:02:0875] Get sections OK ; Section table : 0x1f8 -- 0x1000
[00:02:0875] Nb sections : 4
[00:02:0875] Parsing section : [6] .text
[00:02:0875] Parsing section at 0x1000
[00:02:0875] Parsing section : [7] .rdata
[00:02:0891] Parsing section at 0x5c000
[00:02:0891] Parsing section : [6] .data
[00:02:0891] Parsing section at 0x76000
[00:02:0891] Parsing section : [6] .rsrc
[00:02:0891] Parsing section at 0x77000
[00:02:0891] [Check Processes] [452] spoolsv.exe
[00:02:0907] [Check Processes] [496] sched.exe
[00:02:0907] Get sections OK ; Section table : 0x200 -- 0x400
[00:02:0907] Nb sections : 4
[00:02:0907] Parsing section : [6] .text
[00:02:0907] Parsing section at 0x400
[00:02:0907] Parsing section : [7] .rdata
[00:02:0922] Parsing section at 0x19200
[00:02:0922] Parsing section : [6] .data
[00:02:0922] Parsing section at 0x1de00
[00:02:0922] Parsing section : [6] .rsrc
[00:02:0922] Parsing section at 0x1f000
[00:02:0922] [Check Processes] [1008] svchost.exe
[00:02:0922] [Check Processes] [1588] ForceField.exe
[00:02:0938] Get sections OK ; Section table : 0x208 -- 0x1000
[00:02:0938] Nb sections : 4
[00:02:0938] Parsing section : [6] .text
[00:02:0938] Parsing section at 0x1000
[00:02:0953] Parsing section : [7] .rdata
[00:02:0953] Parsing section at 0x69000
[00:02:0953] Parsing section : [6] .data
[00:02:0953] Parsing section at 0x89000
[00:02:0953] Parsing section : [6] .rsrc
[00:02:0953] Parsing section at 0x8a000
[00:02:0969] [Check Processes] [1260] avguard.exe
[00:02:0969] Get sections OK ; Section table : 0x210 -- 0x400
[00:02:0969] Nb sections : 5
[00:02:0969] Parsing section : [6] .text
[00:02:0969] Parsing section at 0x400
[00:02:0985] Parsing section : [7] .rdata
[00:02:0985] Parsing section at 0x2fc00
[00:02:0985] Parsing section : [6] .data
[00:02:0985] Parsing section at 0x39400
[00:02:0985] Parsing section : [6] .rsrc
[00:02:0985] Parsing section at 0x3b600
[00:02:0985] Parsing section : [7] .reloc
[00:02:0985] Parsing section at 0x3c400
[00:02:0985] [Check Processes] [1316] BlueSoleilCS.exe
[00:03:0000] Get sections OK ; Section table : 0x228 -- 0x1000
[00:03:0000] Nb sections : 7
[00:03:0000] Parsing section : [1]
[00:03:0000] Parsing section at 0x1000
[00:03:0016] Parsing section : [1]
[00:03:0016] Parsing section at 0x76600
[00:03:0016] Parsing section : [1]
[00:03:0016] Parsing section at 0x85c00
[00:03:0016] Parsing section : [6] .rsrc
[00:03:0016] Parsing section at 0x8d200
[00:03:0032] Parsing section : [1]
[00:03:0032] Parsing section at 0xa6c00
[00:03:0032] Parsing section : [6] .data
[00:03:0032] Parsing section at 0xa6e00
[00:03:0032] Parsing section : [7] .adata
[00:03:0032] Parsing section at 0xe1800
[00:03:0047] [Check Processes] [1816] avshadow.exe
[00:03:0047] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:03:0047] Nb sections : 4
[00:03:0047] Parsing section : [6] .text
[00:03:0047] Parsing section at 0x400
[00:03:0047] Parsing section : [7] .rdata
[00:03:0047] Parsing section at 0xba00
[00:03:0063] Parsing section : [6] .data
[00:03:0063] Parsing section at 0xf400
[00:03:0063] Parsing section : [6] .rsrc
[00:03:0063] Parsing section at 0x10800
[00:03:0063] [Check Processes] [280] cbVSCService.exe
[00:03:0063] Get sections OK ; Section table : 0x178 -- 0x200
[00:03:0063] Nb sections : 3
[00:03:0078] Parsing section : [6] .text
[00:03:0078] Parsing section at 0x200
[00:03:0078] Parsing section : [6] .rsrc
[00:03:0078] Parsing section at 0x2c00
[00:03:0078] Parsing section : [7] .reloc
[00:03:0078] Parsing section at 0x10600
[00:03:0078] [Check Processes] [2052] NMSAccessU.exe
[00:03:0094] Get sections OK ; Section table : 0x1d0 -- 0x1000
[00:03:0094] Nb sections : 4
[00:03:0094] Parsing section : [6] .text
[00:03:0094] Parsing section at 0x1000
[00:03:0094] Parsing section : [7] .rdata
[00:03:0094] Parsing section at 0xb000
[00:03:0094] Parsing section : [6] .data
[00:03:0094] Parsing section at 0xe000
[00:03:0094] Parsing section : [6] .rsrc
[00:03:0110] Parsing section at 0xf000
[00:03:0110] [Check Processes] [2068] IoctlSvc.exe
[00:03:0110] Get sections OK ; Section table : 0x1e0 -- 0x1000
[00:03:0110] Nb sections : 4
[00:03:0110] Parsing section : [6] .text
[00:03:0110] Parsing section at 0x1000
[00:03:0110] Parsing section : [7] .rdata
[00:03:0125] Parsing section at 0x9000
[00:03:0125] Parsing section : [6] .data
[00:03:0125] Parsing section at 0xb000
[00:03:0125] Parsing section : [6] .rsrc
[00:03:0125] Parsing section at 0xc000
[00:03:0125] [Check Processes] [2176] schedul2.exe
[00:03:0125] Get sections OK ; Section table : 0x1f8 -- 0x1000
[00:03:0141] Nb sections : 5
[00:03:0141] Parsing section : [6] .text
[00:03:0141] Parsing section at 0x1000
[00:03:0141] Parsing section : [7] .rdata
[00:03:0141] Parsing section at 0x50000
[00:03:0141] Parsing section : [6] .data
[00:03:0141] Parsing section at 0x5e000
[00:03:0157] Parsing section : [6] .rsrc
[00:03:0157] Parsing section at 0x60000
[00:03:0157] Parsing section : [7] .reloc
[00:03:0157] Parsing section at 0x61000
[00:03:0157] [Check Processes] [2288] slserv.exe
[00:03:0157] Get sections OK ; Section table : 0x1d0 -- 0x1000
[00:03:0157] Nb sections : 4
[00:03:0172] Parsing section : [6] .text
[00:03:0172] Parsing section at 0x1000
[00:03:0172] Parsing section : [7] .rdata
[00:03:0172] Parsing section at 0xd000
[00:03:0172] Parsing section : [6] .data
[00:03:0172] Parsing section at 0xf000
[00:03:0172] Parsing section : [6] .rsrc
[00:03:0172] Parsing section at 0x11000
[00:03:0188] [Check Processes] [2320] svchost.exe
[00:03:0188] [Check Processes] [2416] wuauclt.exe
[00:03:0188] [Check Processes] [2520] wscntfy.exe
[00:03:0188] [Check Processes] [2904] CALMAIN.exe
[00:03:0203] Get sections OK ; Section table : 0x1f0 -- 0x400
[00:03:0203] Nb sections : 3
[00:03:0203] Parsing section : [6] .text
[00:03:0203] Parsing section at 0x400
[00:03:0203] Parsing section : [6] .data
[00:03:0203] Parsing section at 0xec00
[00:03:0203] Parsing section : [6] .rsrc
[00:03:0203] Parsing section at 0x11c00
[00:03:0219] [Check Processes] [2972] BsHelpCS.exe
[00:03:0219] Get sections OK ; Section table : 0x1f8 -- 0x1000
[00:03:0219] Nb sections : 4
[00:03:0219] Parsing section : [6] .text
[00:03:0219] Parsing section at 0x1000
[00:03:0219] Parsing section : [7] .rdata
[00:03:0219] Parsing section at 0xd000
[00:03:0235] Parsing section : [6] .data
[00:03:0235] Parsing section at 0x14000
[00:03:0235] Parsing section : [6] .rsrc
[00:03:0235] Parsing section at 0x15000
[00:03:0235] [Check Processes] [3068] alg.exe
[00:03:0235] [Check Processes] [3812] avgnt.exe
[00:03:0250] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:03:0250] Nb sections : 4
[00:03:0250] Parsing section : [6] .text
[00:03:0250] Parsing section at 0x400
[00:03:0250] Parsing section : [7] .rdata
[00:03:0250] Parsing section at 0x29c00
[00:03:0250] Parsing section : [6] .data
[00:03:0266] Parsing section at 0x3aa00
[00:03:0266] Parsing section : [6] .rsrc
[00:03:0266] Parsing section at 0x3c600
[00:03:0266] [Check Processes] [3888] HotFixQ0306270.exe
[00:03:0266] Get sections OK ; Section table : 0x1e0 -- 0x1000
[00:03:0266] Nb sections : 4
[00:03:0282] Parsing section : [6] .text
[00:03:0282] Parsing section at 0x1000
[00:03:0282] Parsing section : [7] .rdata
[00:03:0282] Parsing section at 0x6000
[00:03:0282] Parsing section : [6] .data
[00:03:0282] Parsing section at 0x7000
[00:03:0282] Parsing section : [6] .rsrc
[00:03:0282] Parsing section at 0xa000
[00:03:0297] [Check Processes] [504] Cobian.exe
[00:03:0297] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:03:0297] Nb sections : 9
[00:03:0297] Parsing section : [6] .text
[00:03:0297] Parsing section at 0x400
[00:03:0297] Parsing section : [7] .itext
[00:03:0313] Parsing section at 0x3ae00
[00:03:0313] Parsing section : [6] .data
[00:03:0313] Parsing section at 0x3ba00
[00:03:0313] Parsing section : [5] .bss
[00:03:0313] Parsing section at 0x3ce00
[00:03:0313] Parsing section : [7] .idata
[00:03:0313] Parsing section at 0x3ce00
[00:03:0313] Parsing section : [5] .tls
[00:03:0313] Parsing section at 0x3de00
[00:03:0313] Parsing section : [7] .rdata
[00:03:0328] Parsing section at 0x3de00
[00:03:0328] Parsing section : [7] .reloc
[00:03:0328] Parsing section at 0x3e000
[00:03:0328] Parsing section : [6] .rsrc
[00:03:0328] Parsing section at 0x44000
[00:03:0328] [Check Processes] [1380] zatray.exe
[00:03:0344] Get sections OK ; Section table : 0x1f0 -- 0x400
[00:03:0344] Nb sections : 5
[00:03:0344] Parsing section : [6] .text
[00:03:0344] Parsing section at 0x400
[00:03:0344] Parsing section : [7] .rdata
[00:03:0344] Parsing section at 0x5a00
[00:03:0344] Parsing section : [6] .data
[00:03:0344] Parsing section at 0x8600
[00:03:0344] Parsing section : [6] .rsrc
[00:03:0344] Parsing section at 0x8c00
[00:03:0360] Parsing section : [7] .reloc
[00:03:0360] Parsing section at 0xf400
[00:03:0360] [Check Processes] [1692] ctfmon.exe
[00:03:0360] [Check Processes] [1672] cbInterface.exe
[00:03:0360] Get sections OK ; Section table : 0x1f8 -- 0x400
[00:03:0360] Nb sections : 10
[00:03:0375] Parsing section : [6] .text
[00:03:0375] Parsing section at 0x400
[00:03:0407] Parsing section : [7] .itext
[00:03:0407] Parsing section at 0x199400
[00:03:0407] Parsing section : [6] .data
[00:03:0407] Parsing section at 0x19a400
[00:03:0407] Parsing section : [5] .bss
[00:03:0407] Parsing section at 0x19ee00
[00:03:0407] Parsing section : [7] .idata
[00:03:0407] Parsing section at 0x19ee00
[00:03:0407] Parsing section : [8] .didata
[00:03:0422] Parsing section at 0x1a2c00
[00:03:0422] Parsing section : [5] .tls
[00:03:0422] Parsing section at 0x1a3000
[00:03:0422] Parsing section : [7] .rdata
[00:03:0422] Parsing section at 0x1a3000
[00:03:0422] Parsing section : [7] .reloc
[00:03:0422] Parsing section at 0x1a3200
[00:03:0422] Parsing section : [6] .rsrc
[00:03:0422] Parsing section at 0x1c3200
[00:03:0453] [Check Processes] [2912] svchost.exe
[00:03:0453] [Check Processes] [2516] RogueKiller.exe
[00:03:0469] [Check Hidden Processes] 4
[00:03:0469] [Check Hidden Processes] 280
[00:03:0485] [Check Hidden Processes] 364
[00:03:0485] [Check Hidden Processes] 452
[00:03:0485] [Check Hidden Processes] 496
[00:03:0485] [Check Hidden Processes] 504
[00:03:0500] [Check Hidden Processes] 600
[00:03:0500] [Check Hidden Processes] 800
[00:03:0500] [Check Hidden Processes] 824
[00:03:0500] [Check Hidden Processes] 868
[00:03:0516] [Check Hidden Processes] 888
[00:03:0516] [Check Hidden Processes] 1008
[00:03:0516] [Check Hidden Processes] 1060
[00:03:0516] [Check Hidden Processes] 1128
[00:03:0532] [Check Hidden Processes] 1192
[00:03:0532] [Check Hidden Processes] 1232
[00:03:0532] [Check Hidden Processes] 1260
[00:03:0532] [Check Hidden Processes] 1316
[00:03:0532] [Check Hidden Processes] 1348
[00:03:0547] [Check Hidden Processes] 1380
[00:03:0547] [Check Hidden Processes] 1440
[00:03:0547] [Check Hidden Processes] 1576
[00:03:0547] [Check Hidden Processes] 1588
[00:03:0563] [Check Hidden Processes] 1672
[00:03:0563] [Check Hidden Processes] 1692
[00:03:0563] [Check Hidden Processes] 1740
[00:03:0563] [Check Hidden Processes] 1816
[00:03:0578] [Check Hidden Processes] 2052
[00:03:0578] [Check Hidden Processes] 2068
[00:03:0578] [Check Hidden Processes] 2176
[00:03:0594] [Check Hidden Processes] 2288
[00:03:0594] [Check Hidden Processes] 2320
[00:03:0594] [Check Hidden Processes] 2416
[00:03:0594] [Check Hidden Processes] 2516
[00:03:0594] [Check Hidden Processes] 2520
[00:03:0610] [Check Hidden Processes] 2848
[00:03:0610] [Check Hidden Processes] 2904
[00:03:0610] [Check Hidden Processes] 2912
[00:03:0625] [Check Hidden Processes] 2972
[00:03:0625] [Check Hidden Processes] 3068
[00:03:0641] [Check Hidden Processes] 3812
[00:03:0641] [Check Hidden Processes] 3888
[00:04:0407] [Check Services] [0/317] Abiosdsk
[00:04:0469] [Check Services] Path not found
[00:04:0532] [Check Services] [1/317] abp480n5
[00:04:0563] [Check Services] Path not found
[00:04:0563] [Check Services] [2/317] ACPI
[00:04:0563] [Check Services] \SystemRoot\system32\DRIVERS\ACPI.sys
[00:04:0563] [Check Services] [3/317] ACPIEC
[00:04:0563] [Check Services] Path not found
[00:04:0578] [Check Services] [4/317] AdobeFlashPlayerUpdateSvc
[00:04:0578] [Check Services] C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[00:04:0578] [Check Services] [5/317] adpu160m
[00:04:0578] [Check Services] Path not found
[00:04:0578] [Check Services] [6/317] aec
[00:04:0578] [Check Services] system32\drivers\aec.sys
[00:04:0594] [Check Services] [7/317] AFD
[00:04:0594] [Check Services] \SystemRoot\System32\drivers\afd.sys
[00:04:0594] [Check Services] [8/317] AFS2K
[00:04:0594] [Check Services] Path not found
[00:04:0594] [Check Services] [9/317] Aha154x
[00:04:0594] [Check Services] Path not found
[00:04:0594] [Check Services] [10/317] aic78u2
[00:04:0610] [Check Services] Path not found
[00:04:0610] [Check Services] [11/317] aic78xx
[00:04:0610] [Check Services] Path not found
[00:04:0610] [Check Services] [12/317] ALCXWDM
[00:04:0610] [Check Services] system32\drivers\ALCXWDM.SYS
[00:04:0610] [Check Services] [13/317] Alerter
[00:04:0625] [Check Services] C:\WINDOWS\system32\svchost.exe -k LocalService
[00:04:0625] [Check Services] [14/317] ALG
[00:04:0625] [Check Services] C:\WINDOWS\System32\alg.exe
[00:04:0625] [Check Services] [15/317] AliIde
[00:04:0625] [Check Services] Path not found
[00:04:0625] [Check Services] [16/317] amsint
[00:04:0641] [Check Services] Path not found
[00:04:0641] [Check Services] [17/317] AntiVirSchedulerService
[00:04:0641] [Check Services] "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
[00:04:0641] [Check Services] [18/317] AntiVirService
[00:04:0641] [Check Services] "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
[00:04:0641] [Check Services] [19/317] AppMgmt
[00:04:0657] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:04:0657] [Check Services] [20/317] Arp1394
[00:04:0657] [Check Services] system32\DRIVERS\arp1394.sys
[00:04:0657] [Check Services] [21/317] asc
[00:04:0657] [Check Services] Path not found
[00:04:0657] [Check Services] [22/317] asc3350p
[00:04:0672] [Check Services] Path not found
[00:04:0672] [Check Services] [23/317] asc3550
[00:04:0672] [Check Services] Path not found
[00:04:0672] [Check Services] [24/317] aspnet_state
[00:04:0672] [Check Services] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
[00:04:0672] [Check Services] [25/317] AsyncMac
[00:04:0672] [Check Services] system32\DRIVERS\asyncmac.sys
[00:04:0688] [Check Services] [26/317] atapi
[00:04:0688] [Check Services] \SystemRoot\system32\DRIVERS\atapi.sys
[00:04:0688] [Check Services] [27/317] Atdisk
[00:04:0688] [Check Services] Path not found
[00:04:0688] [Check Services] [28/317] Atmarpc
[00:04:0688] [Check Services] system32\DRIVERS\atmarpc.sys
[00:04:0703] [Check Services] [29/317] AudioSrv
[00:04:0703] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:04:0703] [Check Services] [30/317] audstub
[00:04:0703] [Check Services] system32\DRIVERS\audstub.sys
[00:04:0703] [Check Services] [31/317] avgio
[00:04:0703] [Check Services] \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
[00:04:0703] [Check Services] [32/317] avgntflt
[00:04:0719] [Check Services] system32\DRIVERS\avgntflt.sys
[00:04:0719] [Check Services] [33/317] avipbb
[00:04:0719] [Check Services] system32\DRIVERS\avipbb.sys
[00:04:0719] [Check Services] [34/317] Beep
[00:04:0719] [Check Services] Path not found
[00:04:0719] [Check Services] [35/317] BITS
[00:04:0735] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:04:0735] [Check Services] [36/317] BlueSoleilCS
[00:04:0735] [Check Services] C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
[00:04:0735] [Check Services] [37/317] Browser
[00:04:0735] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:04:0735] [Check Services] [38/317] BsHelpCS
[00:04:0750] [Check Services] C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
[00:04:0750] [Check Services] [39/317] BT
[00:04:0750] [Check Services] system32\DRIVERS\btnetdrv.sys
[00:04:0750] [Check Services] [40/317] Btcsrusb
[00:04:0750] [Check Services] System32\Drivers\btcusb.sys
[00:04:0750] [Check Services] [41/317] BtHidBus
[00:04:0766] [Check Services] \SystemRoot\System32\Drivers\BtHidBus.sys
[00:04:0766] [Check Services] [42/317] btnetBUs
[00:04:0766] [Check Services] System32\Drivers\btnetBus.sys
[00:04:0766] [Check Services] [43/317] BTNetFilter
[00:04:0766] [Check Services] \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
[00:04:0766] [Check Services] [44/317] cbidf2k
[00:04:0782] [Check Services] Path not found
[00:04:0782] [Check Services] [45/317] cbVSCService
[00:04:0782] [Check Services] C:\Program Files\Cobian Backup 10\cbVSCService.exe
[00:04:0782] [Check Services] [46/317] CCALib8
[00:04:0782] [Check Services] C:\Program Files\Canon\CAL\CALMAIN.exe
[00:04:0782] [Check Services] [47/317] cd20xrnt
[00:04:0782] [Check Services] Path not found
[00:04:0797] [Check Services] [48/317] Cdaudio
[00:04:0797] [Check Services] Path not found
[00:04:0797] [Check Services] [49/317] Cdfs
[00:04:0797] [Check Services] Path not found
[00:04:0797] [Check Services] [50/317] Cdrom
[00:04:0797] [Check Services] system32\DRIVERS\cdrom.sys
[00:04:0813] [Check Services] [51/317] Changer
[00:04:0813] [Check Services] Path not found
[00:04:0813] [Check Services] [52/317] CiSvc
[00:04:0813] [Check Services] C:\WINDOWS\system32\cisvc.exe
[00:04:0813] [Check Services] [53/317] ClipSrv
[00:04:0813] [Check Services] C:\WINDOWS\system32\clipsrv.exe
[00:04:0813] [Check Services] [54/317] clr_optimization_v2.0.50727_32
[00:04:0828] [Check Services] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00:04:0828] [Check Services] [55/317] clr_optimization_v4.0.30319_32
[00:04:0828] [Check Services] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[00:04:0828] [Check Services] [56/317] CmdIde
[00:04:0828] [Check Services] Path not found
[00:04:0828] [Check Services] [57/317] COMSysApp
[00:04:0844] [Check Services] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[00:04:0844] [Check Services] [58/317] Cpqarray
[00:04:0844] [Check Services] Path not found
[00:04:0844] [Check Services] [59/317] CryptSvc
[00:04:0844] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:04:0844] [Check Services] [60/317] dac960nt
[00:04:0860] [Check Services] Path not found
[00:04:0860] [Check Services] [61/317] DcomLaunch
[00:04:0860] [Check Services] C:\WINDOWS\system32\svchost -k DcomLaunch
[00:04:0860] [Check Services] [62/317] Dhcp
[00:04:0860] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:04:0860] [Check Services] [63/317] Disk
[00:04:0875] [Check Services] \SystemRoot\system32\DRIVERS\disk.sys
[00:04:0875] [Check Services] [64/317] dmadmin
[00:04:0875] [Check Services] C:\WINDOWS\System32\dmadmin.exe /com
[00:04:0875] [Check Services] [65/317] dmboot
[00:04:0875] [Check Services] System32\drivers\dmboot.sys
[00:04:0875] [Check Services] [66/317] dmio
[00:04:0891] [Check Services] System32\drivers\dmio.sys
[00:04:0891] [Check Services] [67/317] dmload
[00:04:0891] [Check Services] System32\drivers\dmload.sys
[00:04:0891] [Check Services] [68/317] dmserver
[00:04:0891] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:04:0891] [Check Services] [69/317] DMusic
[00:04:0907] [Check Services] system32\drivers\DMusic.sys
[00:04:0907] [Check Services] [70/317] Dnscache
[00:04:0907] [Check Services] C:\WINDOWS\system32\svchost.exe -k NetworkService
[00:04:0907] [Check Services] [71/317] Dot3svc
[00:04:0907] [Check Services] C:\WINDOWS\System32\svchost.exe -k dot3svc
[00:04:0907] [Check Services] [72/317] Dot4 HPH11
[00:04:0907] [Check Services] system32\DRIVERS\hphid411.sys
[00:04:0922] [Check Services] [73/317] Dot4Print HPH11
[00:04:0922] [Check Services] system32\DRIVERS\hphipr11.sys
[00:04:0922] [Check Services] [74/317] Dot4Usb HPH11
[00:04:0922] [Check Services] System32\drivers\hphius11.sys
[00:04:0922] [Check Services] [75/317] dpti2o
[00:04:0922] [Check Services] Path not found
[00:04:0938] [Check Services] [76/317] drmkaud
[00:04:0938] [Check Services] system32\drivers\drmkaud.sys
[00:04:0938] [Check Services] [77/317] EapHost
[00:04:0938] [Check Services] C:\WINDOWS\System32\svchost.exe -k eapsvcs
[00:04:0938] [Check Services] [78/317] epmntdrv
[00:04:0938] [Check Services] \??\C:\WINDOWS\system32\epmntdrv.sys
[00:04:0938] [Check Services] [79/317] ERSvc
[00:04:0953] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:04:0953] [Check Services] [80/317] EuGdiDrv
[00:04:0953] [Check Services] \??\C:\WINDOWS\system32\EuGdiDrv.sys
[00:04:0953] [Check Services] [81/317] Eventlog
[00:04:0953] [Check Services] C:\WINDOWS\system32\services.exe
[00:04:0953] [Check Services] [82/317] EventSystem
[00:04:0969] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:04:0969] [Check Services] [83/317] Fastfat
[00:04:0969] [Check Services] Path not found
[00:04:0969] [Check Services] [84/317] FastUserSwitchingCompatibility
[00:04:0969] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:04:0969] [Check Services] [85/317] Fdc
[00:04:0985] [Check Services] system32\DRIVERS\fdc.sys
[00:04:0985] [Check Services] [86/317] Fips
[00:04:0985] [Check Services] Path not found
[00:04:0985] [Check Services] [87/317] Flpydisk
[00:04:0985] [Check Services] system32\DRIVERS\flpydisk.sys
[00:04:0985] [Check Services] [88/317] FltMgr
[00:05:0000] [Check Services] \SystemRoot\system32\DRIVERS\fltMgr.sys
[00:05:0000] [Check Services] [89/317] FontCache3.0.0.0
[00:05:0000] [Check Services] c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[00:05:0000] [Check Services] [90/317] Ftdisk
[00:05:0000] [Check Services] \SystemRoot\system32\DRIVERS\ftdisk.sys
[00:05:0016] [Check Services] [91/317] Gpc
[00:05:0016] [Check Services] system32\DRIVERS\msgpc.sys
[00:05:0016] [Check Services] [92/317] grmnusb
[00:05:0016] [Check Services] system32\drivers\grmnusb.sys
[00:05:0016] [Check Services] [93/317] gupdate
[00:05:0016] [Check Services] "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
[00:05:0032] [Check Services] [94/317] gupdatem
[00:05:0032] [Check Services] "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
[00:05:0032] [Check Services] [95/317] helpsvc
[00:05:0032] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0032] [Check Services] [96/317] HidServ
[00:05:0032] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0032] [Check Services] [97/317] HidUsb
[00:05:0047] [Check Services] system32\DRIVERS\hidusb.sys
[00:05:0047] [Check Services] [98/317] hkmsvc
[00:05:0047] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0047] [Check Services] [99/317] hpn
[00:05:0047] [Check Services] Path not found
[00:05:0047] [Check Services] [100/317] HTTP
[00:05:0063] [Check Services] System32\Drivers\HTTP.sys
[00:05:0063] [Check Services] [101/317] HTTPFilter
[00:05:0063] [Check Services] C:\WINDOWS\System32\svchost.exe -k HTTPFilter
[00:05:0063] [Check Services] [102/317] i2omgmt
[00:05:0063] [Check Services] Path not found
[00:05:0063] [Check Services] [103/317] i2omp
[00:05:0078] [Check Services] Path not found
[00:05:0078] [Check Services] [104/317] i8042prt
[00:05:0078] [Check Services] system32\DRIVERS\i8042prt.sys
[00:05:0078] [Check Services] [105/317] idsvc
[00:05:0078] [Check Services] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[00:05:0078] [Check Services] [106/317] Imapi
[00:05:0094] [Check Services] system32\DRIVERS\imapi.sys
[00:05:0094] [Check Services] [107/317] ImapiService
[00:05:0094] [Check Services] C:\WINDOWS\system32\imapi.exe
[00:05:0094] [Check Services] [108/317] ini910u
[00:05:0094] [Check Services] Path not found
[00:05:0094] [Check Services] [109/317] IntelIde
[00:05:0110] [Check Services] Path not found
[00:05:0110] [Check Services] [110/317] intelppm
[00:05:0110] [Check Services] system32\DRIVERS\intelppm.sys
[00:05:0110] [Check Services] [111/317] Ip6Fw
[00:05:0110] [Check Services] system32\DRIVERS\Ip6Fw.sys
[00:05:0110] [Check Services] [112/317] IpFilterDriver
[00:05:0125] [Check Services] system32\DRIVERS\ipfltdrv.sys
[00:05:0125] [Check Services] [113/317] IpInIp
[00:05:0125] [Check Services] system32\DRIVERS\ipinip.sys
[00:05:0125] [Check Services] [114/317] IpNat
[00:05:0125] [Check Services] system32\DRIVERS\ipnat.sys
[00:05:0125] [Check Services] [115/317] IPSec
[00:05:0141] [Check Services] system32\DRIVERS\ipsec.sys
[00:05:0141] [Check Services] [116/317] irda
[00:05:0141] [Check Services] system32\DRIVERS\irda.sys
[00:05:0141] [Check Services] [117/317] IRENUM
[00:05:0141] [Check Services] system32\DRIVERS\irenum.sys
[00:05:0141] [Check Services] [118/317] Irmon
[00:05:0141] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0157] [Check Services] [119/317] isapnp
[00:05:0157] [Check Services] \SystemRoot\system32\DRIVERS\isapnp.sys
[00:05:0157] [Check Services] [120/317] ISWKL
[00:05:0157] [Check Services] \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
[00:05:0157] [Check Services] [121/317] IswSvc
[00:05:0157] [Check Services] "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe"
[00:05:0172] [Check Services] [122/317] IvtBtBUs
[00:05:0172] [Check Services] System32\Drivers\IvtBtBus.sys
[00:05:0172] [Check Services] [123/317] Kbdclass
[00:05:0172] [Check Services] system32\DRIVERS\kbdclass.sys
[00:05:0172] [Check Services] [124/317] KC180
[00:05:0172] [Check Services] System32\Drivers\kcirusb.sys
[00:05:0172] [Check Services] [125/317] KCIRDA
[00:05:0188] [Check Services] system32\DRIVERS\KCIrNet.sys
[00:05:0188] [Check Services] [126/317] kmixer
[00:05:0188] [Check Services] system32\drivers\kmixer.sys
[00:05:0188] [Check Services] [127/317] KSecDD
[00:05:0188] [Check Services] Path not found
[00:05:0188] [Check Services] [128/317] LanmanServer
[00:05:0203] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0203] [Check Services] [129/317] lanmanworkstation
[00:05:0203] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0203] [Check Services] [130/317] lbrtfdc
[00:05:0203] [Check Services] Path not found
[00:05:0203] [Check Services] [131/317] LmHosts
[00:05:0219] [Check Services] C:\WINDOWS\system32\svchost.exe -k LocalService
[00:05:0219] [Check Services] [132/317] Messenger
[00:05:0219] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0219] [Check Services] [133/317] mnmdd
[00:05:0219] [Check Services] Path not found
[00:05:0219] [Check Services] [134/317] mnmsrvc
[00:05:0235] [Check Services] C:\WINDOWS\system32\mnmsrvc.exe
[00:05:0235] [Check Services] [135/317] Modem
[00:05:0235] [Check Services] Path not found
[00:05:0235] [Check Services] [136/317] MODEMCSA
[00:05:0235] [Check Services] system32\drivers\MODEMCSA.sys
[00:05:0235] [Check Services] [137/317] Mouclass
[00:05:0250] [Check Services] system32\DRIVERS\mouclass.sys
[00:05:0250] [Check Services] [138/317] MountMgr
[00:05:0250] [Check Services] Path not found
[00:05:0250] [Check Services] [139/317] MozillaMaintenance
[00:05:0250] [Check Services] C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
[00:05:0250] [Check Services] [140/317] mraid35x
[00:05:0266] [Check Services] Path not found
[00:05:0266] [Check Services] [141/317] MRxDAV
[00:05:0266] [Check Services] system32\DRIVERS\mrxdav.sys
[00:05:0266] [Check Services] [142/317] MRxSmb
[00:05:0266] [Check Services] system32\DRIVERS\mrxsmb.sys
[00:05:0266] [Check Services] [143/317] MSDTC
[00:05:0266] [Check Services] C:\WINDOWS\system32\msdtc.exe
[00:05:0282] [Check Services] [144/317] Msfs
[00:05:0282] [Check Services] Path not found
[00:05:0282] [Check Services] [145/317] MSIServer
[00:05:0282] [Check Services] C:\WINDOWS\system32\msiexec.exe /V
[00:05:0282] [Check Services] [146/317] MSKSSRV
[00:05:0297] [Check Services] system32\drivers\MSKSSRV.sys
[00:05:0297] [Check Services] [147/317] MSPCLOCK
[00:05:0297] [Check Services] system32\drivers\MSPCLOCK.sys
[00:05:0297] [Check Services] [148/317] MSPQM
[00:05:0297] [Check Services] system32\drivers\MSPQM.sys
[00:05:0297] [Check Services] [149/317] mssmbios
[00:05:0313] [Check Services] system32\DRIVERS\mssmbios.sys
[00:05:0313] [Check Services] [150/317] Mtlmnt5
[00:05:0313] [Check Services] system32\DRIVERS\Mtlmnt5.sys
[00:05:0313] [Check Services] [151/317] Mtlstrm
[00:05:0313] [Check Services] system32\DRIVERS\Mtlstrm.sys
[00:05:0313] [Check Services] [152/317] Mup
[00:05:0328] [Check Services] Path not found
[00:05:0328] [Check Services] [153/317] napagent
[00:05:0328] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0328] [Check Services] [154/317] NDIS
[00:05:0328] [Check Services] Path not found
[00:05:0328] [Check Services] [155/317] NdisTapi
[00:05:0328] [Check Services] system32\DRIVERS\ndistapi.sys
[00:05:0344] [Check Services] [156/317] Ndisuio
[00:05:0344] [Check Services] system32\DRIVERS\ndisuio.sys
[00:05:0344] [Check Services] [157/317] NdisWan
[00:05:0344] [Check Services] system32\DRIVERS\ndiswan.sys
[00:05:0344] [Check Services] [158/317] NDProxy
[00:05:0344] [Check Services] Path not found
[00:05:0360] [Check Services] [159/317] NetBIOS
[00:05:0360] [Check Services] system32\DRIVERS\netbios.sys
[00:05:0360] [Check Services] [160/317] NetBT
[00:05:0360] [Check Services] system32\DRIVERS\netbt.sys
[00:05:0360] [Check Services] [161/317] NetDDE
[00:05:0360] [Check Services] C:\WINDOWS\system32\netdde.exe
[00:05:0360] [Check Services] [162/317] NetDDEdsdm
[00:05:0375] [Check Services] C:\WINDOWS\system32\netdde.exe
[00:05:0375] [Check Services] [163/317] Netlogon
[00:05:0375] [Check Services] C:\WINDOWS\system32\lsass.exe
[00:05:0375] [Check Services] [164/317] Netman
[00:05:0375] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0375] [Check Services] [165/317] NetTcpPortSharing
[00:05:0391] [Check Services] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[00:05:0391] [Check Services] [166/317] NIC1394
[00:05:0391] [Check Services] system32\DRIVERS\nic1394.sys
[00:05:0391] [Check Services] [167/317] Nla
[00:05:0391] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0391] [Check Services] [168/317] NMSAccess
[00:05:0407] [Check Services] C:\Program Files\CDBurnerXP\NMSAccessU.exe
[00:05:0407] [Check Services] [169/317] Npfs
[00:05:0407] [Check Services] Path not found
[00:05:0407] [Check Services] [170/317] Ntfs
[00:05:0407] [Check Services] Path not found
[00:05:0407] [Check Services] [171/317] NtLmSsp
[00:05:0422] [Check Services] C:\WINDOWS\system32\lsass.exe
[00:05:0422] [Check Services] [172/317] NtmsSvc
[00:05:0422] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0422] [Check Services] [173/317] NtMtlFax
[00:05:0422] [Check Services] system32\DRIVERS\NtMtlFax.sys
[00:05:0422] [Check Services] [174/317] Null
[00:05:0438] [Check Services] Path not found
[00:05:0438] [Check Services] [175/317] nv
[00:05:0438] [Check Services] system32\DRIVERS\nv4_mini.sys
[00:05:0438] [Check Services] [176/317] NwlnkFlt
[00:05:0438] [Check Services] system32\DRIVERS\nwlnkflt.sys
[00:05:0438] [Check Services] [177/317] NwlnkFwd
[00:05:0453] [Check Services] system32\DRIVERS\nwlnkfwd.sys
[00:05:0453] [Check Services] [178/317] odserv
[00:05:0453] [Check Services] "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
[00:05:0453] [Check Services] [179/317] ohci1394
[00:05:0453] [Check Services] \SystemRoot\system32\DRIVERS\ohci1394.sys
[00:05:0453] [Check Services] [180/317] ose
[00:05:0469] [Check Services] "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
[00:05:0469] [Check Services] [181/317] PalmUSBD
[00:05:0469] [Check Services] system32\drivers\PalmUSBD.sys
[00:05:0469] [Check Services] [182/317] Parport
[00:05:0469] [Check Services] system32\DRIVERS\parport.sys
[00:05:0469] [Check Services] [183/317] PartMgr
[00:05:0485] [Check Services] Path not found
[00:05:0485] [Check Services] [184/317] ParVdm
[00:05:0485] [Check Services] Path not found
[00:05:0485] [Check Services] [185/317] PCI
[00:05:0485] [Check Services] \SystemRoot\system32\DRIVERS\pci.sys
[00:05:0485] [Check Services] [186/317] PCIDump
[00:05:0485] [Check Services] Path not found
[00:05:0500] [Check Services] [187/317] PCIIde
[00:05:0500] [Check Services] \SystemRoot\system32\DRIVERS\pciide.sys
[00:05:0500] [Check Services] [188/317] Pcmcia
[00:05:0500] [Check Services] Path not found
[00:05:0500] [Check Services] [189/317] PDCOMP
[00:05:0500] [Check Services] Path not found
[00:05:0516] [Check Services] [190/317] PDFRAME
[00:05:0516] [Check Services] Path not found
[00:05:0516] [Check Services] [191/317] PDRELI
[00:05:0516] [Check Services] Path not found
[00:05:0516] [Check Services] [192/317] PDRFRAME
[00:05:0516] [Check Services] Path not found
[00:05:0532] [Check Services] [193/317] perc2
[00:05:0532] [Check Services] Path not found
[00:05:0532] [Check Services] [194/317] perc2hib
[00:05:0532] [Check Services] Path not found
[00:05:0532] [Check Services] [195/317] PLFF
[00:05:0532] [Check Services] \SystemRoot\System32\Drivers\PLFF.sys
[00:05:0547] [Check Services] [196/317] PLFlash DeviceIoControl Service
[00:05:0547] [Check Services] C:\WINDOWS\system32\IoctlSvc.exe
[00:05:0547] [Check Services] [197/317] PlugPlay
[00:05:0547] [Check Services] C:\WINDOWS\system32\services.exe
[00:05:0547] [Check Services] [198/317] Pml Driver HPH11
[00:05:0547] [Check Services] C:\WINDOWS\system32\HPHipm11.exe
[00:05:0563] [Check Services] [199/317] PolicyAgent
[00:05:0563] [Check Services] C:\WINDOWS\system32\lsass.exe
[00:05:0563] [Check Services] [200/317] PptpMiniport
[00:05:0563] [Check Services] system32\DRIVERS\raspptp.sys
[00:05:0563] [Check Services] [201/317] ProtectedStorage
[00:05:0563] [Check Services] C:\WINDOWS\system32\lsass.exe
[00:05:0563] [Check Services] [202/317] PSched
[00:05:0578] [Check Services] system32\DRIVERS\psched.sys
[00:05:0578] [Check Services] [203/317] Ptilink
[00:05:0578] [Check Services] system32\DRIVERS\ptilink.sys
[00:05:0578] [Check Services] [204/317] ql1080
[00:05:0578] [Check Services] Path not found
[00:05:0578] [Check Services] [205/317] Ql10wnt
[00:05:0594] [Check Services] Path not found
[00:05:0594] [Check Services] [206/317] ql12160
[00:05:0594] [Check Services] Path not found
[00:05:0594] [Check Services] [207/317] ql1240
[00:05:0594] [Check Services] Path not found
[00:05:0594] [Check Services] [208/317] ql1280
[00:05:0610] [Check Services] Path not found
[00:05:0610] [Check Services] [209/317] RasAcd
[00:05:0610] [Check Services] system32\DRIVERS\rasacd.sys
[00:05:0610] [Check Services] [210/317] RasAuto
[00:05:0610] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0610] [Check Services] [211/317] Rasirda
[00:05:0625] [Check Services] system32\DRIVERS\rasirda.sys
[00:05:0625] [Check Services] [212/317] Rasl2tp
[00:05:0625] [Check Services] system32\DRIVERS\rasl2tp.sys
[00:05:0625] [Check Services] [213/317] RasMan
[00:05:0625] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0625] [Check Services] [214/317] RasPppoe
[00:05:0641] [Check Services] system32\DRIVERS\raspppoe.sys
[00:05:0641] [Check Services] [215/317] Raspti
[00:05:0641] [Check Services] system32\DRIVERS\raspti.sys
[00:05:0641] [Check Services] [216/317] Rdbss
[00:05:0641] [Check Services] system32\DRIVERS\rdbss.sys
[00:05:0641] [Check Services] [217/317] RDPCDD
[00:05:0657] [Check Services] System32\DRIVERS\RDPCDD.sys
[00:05:0657] [Check Services] [218/317] RDPWD
[00:05:0657] [Check Services] Path not found
[00:05:0657] [Check Services] [219/317] RDSessMgr
[00:05:0657] [Check Services] C:\WINDOWS\system32\sessmgr.exe
[00:05:0657] [Check Services] [220/317] RecAgent
[00:05:0657] [Check Services] \SystemRoot\system32\DRIVERS\RecAgent.sys
[00:05:0672] [Check Services] [221/317] redbook
[00:05:0672] [Check Services] system32\DRIVERS\redbook.sys
[00:05:0672] [Check Services] [222/317] RemoteAccess
[00:05:0672] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0672] [Check Services] [223/317] RHDISK
[00:05:0672] [Check Services] \??\C:\Program Files\Rohos\RHDISK.SYS
[00:05:0688] [Check Services] [224/317] Rohos Disk
[00:05:0688] [Check Services] "C:\Program Files\Rohos\agent.exe" /service
[00:05:0688] [Check Services] [225/317] ROOTMODEM
[00:05:0688] [Check Services] System32\Drivers\RootMdm.sys
[00:05:0688] [Check Services] [226/317] RpcLocator
[00:05:0688] [Check Services] C:\WINDOWS\system32\locator.exe
[00:05:0703] [Check Services] [227/317] RpcSs
[00:05:0703] [Check Services] C:\WINDOWS\system32\svchost -k rpcss
[00:05:0703] [Check Services] [228/317] RSVP
[00:05:0703] [Check Services] C:\WINDOWS\system32\rsvp.exe
[00:05:0703] [Check Services] [229/317] rtl8139
[00:05:0703] [Check Services] system32\DRIVERS\RTL8139.SYS
[00:05:0719] [Check Services] [230/317] SamSs
[00:05:0719] [Check Services] C:\WINDOWS\system32\lsass.exe
[00:05:0719] [Check Services] [231/317] SCardSvr
[00:05:0719] [Check Services] C:\WINDOWS\System32\SCardSvr.exe
[00:05:0719] [Check Services] [232/317] Schedule
[00:05:0719] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0719] [Check Services] [233/317] Secdrv
[00:05:0735] [Check Services] system32\DRIVERS\secdrv.sys
[00:05:0735] [Check Services] [234/317] seclogon
[00:05:0735] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0735] [Check Services] [235/317] SENS
[00:05:0735] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0735] [Check Services] [236/317] serenum
[00:05:0750] [Check Services] system32\DRIVERS\serenum.sys
[00:05:0750] [Check Services] [237/317] Serial
[00:05:0750] [Check Services] system32\DRIVERS\serial.sys
[00:05:0750] [Check Services] [238/317] Sfloppy
[00:05:0750] [Check Services] Path not found
[00:05:0750] [Check Services] [239/317] SgtSch2Svc
[00:05:0766] [Check Services] "C:\Program Files\Fichiers communs\Seagate\Schedule2\schedul2.exe"
[00:05:0766] [Check Services] [240/317] SharedAccess
[00:05:0766] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0766] [Check Services] [241/317] ShellHWDetection
[00:05:0766] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0766] [Check Services] [242/317] Simbad
[00:05:0782] [Check Services] Path not found
[00:05:0782] [Check Services] [243/317] sisagp
[00:05:0782] [Check Services] \SystemRoot\system32\DRIVERS\sisagp.sys
[00:05:0782] [Check Services] [244/317] Slntamr
[00:05:0782] [Check Services] system32\DRIVERS\slntamr.sys
[00:05:0782] [Check Services] [245/317] SlNtHal
[00:05:0797] [Check Services] system32\DRIVERS\Slnthal.sys
[00:05:0797] [Check Services] [246/317] SLService
[00:05:0797] [Check Services] slserv.exe
[00:05:0797] [Check Services] [247/317] SlWdmSup
[00:05:0797] [Check Services] system32\DRIVERS\SlWdmSup.sys
[00:05:0797] [Check Services] [248/317] snapman
[00:05:0813] [Check Services] \SystemRoot\system32\DRIVERS\snapman.sys
[00:05:0813] [Check Services] [249/317] Sparrow
[00:05:0813] [Check Services] Path not found
[00:05:0813] [Check Services] [250/317] splitter
[00:05:0813] [Check Services] system32\drivers\splitter.sys
[00:05:0813] [Check Services] [251/317] Spooler
[00:05:0828] [Check Services] C:\WINDOWS\system32\spoolsv.exe
[00:05:0828] [Check Services] [252/317] sr
[00:05:0828] [Check Services] \SystemRoot\system32\DRIVERS\sr.sys
[00:05:0828] [Check Services] [253/317] srservice
[00:05:0828] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0828] [Check Services] [254/317] Srv
[00:05:0844] [Check Services] system32\DRIVERS\srv.sys
[00:05:0844] [Check Services] [255/317] SSDPSRV
[00:05:0844] [Check Services] C:\WINDOWS\system32\svchost.exe -k LocalService
[00:05:0844] [Check Services] [256/317] ssmdrv
[00:05:0844] [Check Services] system32\DRIVERS\ssmdrv.sys
[00:05:0860] [Check Services] [257/317] StarOpen
[00:05:0860] [Check Services] Path not found
[00:05:0860] [Check Services] [258/317] stisvc
[00:05:0860] [Check Services] C:\WINDOWS\system32\svchost.exe -k imgsvc
[00:05:0860] [Check Services] [259/317] swenum
[00:05:0860] [Check Services] system32\DRIVERS\swenum.sys
[00:05:0860] [Check Services] [260/317] swmidi
[00:05:0875] [Check Services] system32\drivers\swmidi.sys
[00:05:0875] [Check Services] [261/317] SwPrv
[00:05:0875] [Check Services] C:\WINDOWS\system32\dllhost.exe /Processid:{E2224C60-2E24-460E-B61D-89E810532B3E}
[00:05:0875] [Check Services] [262/317] symc810
[00:05:0875] [Check Services] Path not found
[00:05:0875] [Check Services] [263/317] symc8xx
[00:05:0891] [Check Services] Path not found
[00:05:0891] [Check Services] [264/317] sym_hi
[00:05:0891] [Check Services] Path not found
[00:05:0891] [Check Services] [265/317] sym_u3
[00:05:0891] [Check Services] Path not found
[00:05:0891] [Check Services] [266/317] sysaudio
[00:05:0907] [Check Services] system32\drivers\sysaudio.sys
[00:05:0907] [Check Services] [267/317] SysmonLog
[00:05:0907] [Check Services] C:\WINDOWS\system32\smlogsvc.exe
[00:05:0907] [Check Services] [268/317] TapiSrv
[00:05:0907] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0907] [Check Services] [269/317] Tcpip
[00:05:0922] [Check Services] system32\DRIVERS\tcpip.sys
[00:05:0922] [Check Services] [270/317] TDPIPE
[00:05:0922] [Check Services] Path not found
[00:05:0922] [Check Services] [271/317] tdrpman
[00:05:0922] [Check Services] \SystemRoot\system32\DRIVERS\tdrpman.sys
[00:05:0922] [Check Services] [272/317] TDTCP
[00:05:0922] [Check Services] Path not found
[00:05:0938] [Check Services] [273/317] TermDD
[00:05:0938] [Check Services] system32\DRIVERS\termdd.sys
[00:05:0938] [Check Services] [274/317] TermService
[00:05:0938] [Check Services] C:\WINDOWS\System32\svchost -k DComLaunch
[00:05:0938] [Check Services] [275/317] Themes
[00:05:0938] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:05:0953] [Check Services] [276/317] tifsfilter
[00:05:0953] [Check Services] system32\DRIVERS\tifsfilt.sys
[00:05:0953] [Check Services] [277/317] timounter
[00:05:0953] [Check Services] \SystemRoot\system32\DRIVERS\timntr.sys
[00:05:0953] [Check Services] [278/317] TosIde
[00:05:0953] [Check Services] Path not found
[00:05:0953] [Check Services] [279/317] TrkWks
[00:05:0969] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:05:0969] [Check Services] [280/317] Udfs
[00:05:0969] [Check Services] Path not found
[00:05:0969] [Check Services] [281/317] ultra
[00:05:0969] [Check Services] Path not found
[00:05:0969] [Check Services] [282/317] Update
[00:05:0985] [Check Services] system32\DRIVERS\update.sys
[00:05:0985] [Check Services] [283/317] upnphost
[00:05:0985] [Check Services] C:\WINDOWS\system32\svchost.exe -k LocalService
[00:05:0985] [Check Services] [284/317] UPS
[00:05:0985] [Check Services] C:\WINDOWS\System32\ups.exe
[00:05:0985] [Check Services] [285/317] usbccgp
[00:06:0000] [Check Services] system32\DRIVERS\usbccgp.sys
[00:06:0000] [Check Services] [286/317] usbehci
[00:06:0000] [Check Services] system32\DRIVERS\usbehci.sys
[00:06:0000] [Check Services] [287/317] usbhub
[00:06:0000] [Check Services] system32\DRIVERS\usbhub.sys
[00:06:0016] [Check Services] [288/317] usbohci
[00:06:0016] [Check Services] system32\DRIVERS\usbohci.sys
[00:06:0016] [Check Services] [289/317] usbscan
[00:06:0016] [Check Services] system32\DRIVERS\usbscan.sys
[00:06:0016] [Check Services] [290/317] USBSTOR
[00:06:0016] [Check Services] system32\DRIVERS\USBSTOR.SYS
[00:06:0016] [Check Services] [291/317] VComm
[00:06:0032] [Check Services] system32\DRIVERS\VComm.sys
[00:06:0032] [Check Services] [292/317] VcommMgr
[00:06:0032] [Check Services] System32\Drivers\VcommMgr.sys
[00:06:0032] [Check Services] [293/317] VgaSave
[00:06:0032] [Check Services] \SystemRoot\System32\drivers\vga.sys
[00:06:0032] [Check Services] [294/317] ViaIde
[00:06:0047] [Check Services] Path not found
[00:06:0047] [Check Services] [295/317] VIAudio
[00:06:0047] [Check Services] system32\drivers\vinyl97.sys
[00:06:0047] [Check Services] [296/317] VolSnap
[00:06:0047] [Check Services] Path not found
[00:06:0047] [Check Services] [297/317] Vsdatant
[00:06:0063] [Check Services] System32\vsdatant.sys
[00:06:0063] [Check Services] [298/317] vsmon
[00:06:0063] [Check Services] C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service
[00:06:0063] [Check Services] [299/317] VSS
[00:06:0063] [Check Services] C:\WINDOWS\System32\vssvc.exe
[00:06:0063] [Check Services] [300/317] W32Time
[00:06:0078] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:06:0078] [Check Services] [301/317] Wanarp
[00:06:0078] [Check Services] system32\DRIVERS\wanarp.sys
[00:06:0078] [Check Services] [302/317] WDICA
[00:06:0078] [Check Services] Path not found
[00:06:0078] [Check Services] [303/317] wdmaud
[00:06:0094] [Check Services] system32\drivers\wdmaud.sys
[00:06:0094] [Check Services] [304/317] WebClient
[00:06:0094] [Check Services] C:\WINDOWS\system32\svchost.exe -k LocalService
[00:06:0094] [Check Services] [305/317] winmgmt
[00:06:0094] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:06:0094] [Check Services] [306/317] WmdmPmSN
[00:06:0110] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:06:0110] [Check Services] [307/317] WmiApSrv
[00:06:0110] [Check Services] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[00:06:0110] [Check Services] [308/317] WMPNetworkSvc
[00:06:0110] [Check Services] "C:\Program Files\Windows Media Player\WMPNetwk.exe"
[00:06:0110] [Check Services] [309/317] WPFFontCache_v0400
[00:06:0110] [Check Services] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[00:06:0125] [Check Services] [310/317] wscsvc
[00:06:0125] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:06:0125] [Check Services] [311/317] wuauserv
[00:06:0125] [Check Services] C:\WINDOWS\system32\svchost.exe -k netsvcs
[00:06:0125] [Check Services] [312/317] WudfPf
[00:06:0125] [Check Services] system32\DRIVERS\WudfPf.sys
[00:06:0141] [Check Services] [313/317] WudfRd
[00:06:0141] [Check Services] system32\DRIVERS\wudfrd.sys
[00:06:0141] [Check Services] [314/317] WudfSvc
[00:06:0141] [Check Services] C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
[00:06:0141] [Check Services] [315/317] WZCSVC
[00:06:0141] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:06:0141] [Check Services] [316/317] xmlprov
[00:06:0157] [Check Services] C:\WINDOWS\System32\svchost.exe -k netsvcs
[00:06:0157] Loading Driver

Fill
 Posté le 19/07/2012 à 21:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Re,

OK.

  • Téléchargez Combofix depuis l'un des liens ci-dessous:

    Lien 1
    Lien 2

    * IMPORTANT !!! Enregistrez ComboFix.exe sur votre Bureau

  • Désactivez vos applications antivirus et anti-spyware, en général via un clic droit sur l'icône de la Zone de notification. Sinon, elles risquent d'interférer avec nos outils

  • Faites un double clic sur combofix.exe & suivez les invites.

  • Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur votre PC avant toute suppression de nuisibles. Elle vous permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

  • Suivez les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela vous est demandé, acceptez le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.



**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.


Réduction à 95% de la taille originale [ 536 x 154 ]




Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, vous devriez voir le message suivant:





Cliquez sur Oui/Yes, pour poursuivre avec la recherche de nuisibles.

Lorsque l'outil aura terminé, il vous affichera un rapport. Veuillez copier le contenu de C:\ComboFix.txt dans votre prochaine réponse.

Fill

black_bass
 Posté le 19/07/2012 à 22:09 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Combofix :

ComboFix 12-07-19.02 - Admin 19/07/2012 21:45:02.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1279.868 [GMT 2:00]
Lancé depuis: c:\documents and settings\Admin\Bureau\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
C:\hb_43.tmp
c:\windows\system32\cc32100mt.dll
c:\windows\system32\HotFixQ0306270.exe
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET48.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_npf
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-06-19 au 2012-07-19 ))))))))))))))))))))))))))))))))))))
.
.
2012-07-19 19:05 . 2012-07-19 19:12 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-07-19 18:00 . 2012-07-19 18:00 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2012-07-19 17:53 . 2012-07-19 17:59 -------- d-----w- C:\ZHP
2012-07-19 17:53 . 2012-07-19 17:59 -------- d-----w- c:\program files\ZHPDiag
2012-07-18 19:28 . 2012-07-18 20:00 -------- d-----w- c:\windows\Internet Logs
2012-07-18 19:11 . 2012-07-18 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2012-07-18 18:33 . 2012-07-18 18:33 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2012-07-16 15:58 . 2012-07-16 15:58 -------- d-----w- c:\documents and settings\Yo\Application Data\OpenOffice.org
2012-07-02 18:28 . 2012-07-02 18:29 -------- d-----w- c:\documents and settings\Yo\Local Settings\Application Data\Google
2012-07-02 18:28 . 2012-07-02 18:29 -------- d-----w- c:\program files\Google
2012-07-02 18:04 . 2012-07-02 18:04 -------- d-----w- c:\documents and settings\Yo\Local Settings\Application Data\Help
2012-06-22 15:55 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2012-06-22 15:55 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2012-06-22 15:55 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2012-06-22 15:55 . 2011-12-21 17:14 151552 ----a-w- c:\windows\system32\ac3acm.acm
2012-06-22 15:55 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2012-06-22 15:55 . 2012-05-15 18:00 79872 ----a-w- c:\windows\system32\ff_vfw.dll
2012-06-22 15:55 . 2012-06-22 15:57 -------- d-----w- c:\program files\K-Lite Codec Pack
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 20:47 . 2012-04-01 11:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-13 20:47 . 2011-08-05 22:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-02-14 12:58 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-08 14:44 . 2012-04-07 15:41 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-05-08 14:44 . 2012-04-07 15:41 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-05-08 14:44 . 2012-04-07 15:41 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-07-19 17:22 . 2011-08-04 19:50 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"Cobian Backup 10"="c:\program files\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-06-21 73392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^HotSync Manager.lnk]
path=c:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Admin\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Dataviz Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Dataviz Messenger.lnk
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^fortePivot.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\fortePivot.lnk
backup=c:\windows\pss\fortePivot.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-11-02 21:47 905208 ----a-w- c:\program files\Seagate\DiscWizard\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 13:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2010-01-22 10:35 319574 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CORSAIR_PLUtil]
2006-04-19 15:21 94208 ----a-r- c:\program files\Corsair\Corsair Flash Voyager Utility\PLBkMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2009-11-02 21:43 1349392 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2002-05-24 12:13 188416 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon04]
2002-06-20 18:33 339968 ----a-w- c:\windows\system32\hphmon04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD04]
2002-05-24 12:47 49152 ----a-w- c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 10:41 196608 ----a-w- c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 04:07 69632 ----a-w- c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-02-20 18:01 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rohos]
2011-05-17 11:30 801080 ----a-w- c:\program files\Rohos\agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Scheduler2 Service]
2009-11-02 16:52 136544 ----a-w- c:\program files\Fichiers communs\Seagate\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
2009-08-16 19:36 955392 ----a-w- c:\program files\SuperCopier2\SuperCopier2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [24/09/2009 06:40 19592]
R0 PLFF;USB Flash Disk Driver;c:\windows\system32\drivers\plff.sys [05/08/2011 21:20 7424]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [04/08/2011 21:39 136360]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [13/08/2011 21:16 67584]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [30/04/2012 21:05 27016]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [30/04/2012 21:05 497280]
R2 RHDISK;RHDISK;c:\program files\Rohos\rhdisk.sys [13/08/2011 13:16 33280]
R2 Rohos Disk;Rohos Disk service;c:\program files\Rohos\agent.exe [13/08/2011 13:16 801080]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Fichiers communs\Seagate\Schedule2\schedul2.exe [02/11/2009 18:52 431456]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [24/09/2009 14:38 22528]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 15:01 25480]
R3 KCIRDA;%KCIRDA.ServiceDesc%;c:\windows\system32\drivers\Kcirnet.sys [04/08/2011 20:54 11856]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2012 20:28 116648]
S2 KC180;HOYA Computer Co.,;c:\windows\system32\drivers\Kcirusb.sys [04/08/2011 20:54 17904]
S3 47229529;47229529; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [01/04/2012 13:45 250056]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [06/08/2011 21:03 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [06/08/2011 21:03 8456]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [02/07/2012 20:28 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [25/04/2012 21:51 113120]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:53]
.
2012-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-02 18:28]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-02 18:28]
.
2012-07-19 c:\windows\Tasks\User_Feed_Synchronization-{678C511B-71C0-4A65-A2EA-AE9C9E232B3C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\mg4om9c3.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Run-PLFFAP - c:\windows\system32\HotfixQ0306270.exe
HKLM-Run-ISW - (no file)
MSConfigStartUp-Share-to-Web Namespace Daemon - c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSConfigStartUp-UpdateCP - c:\windows\ClamWin Portable\db\iportable.sup.fr.exe
AddRemove-HOYA IR520UK USB-IrDA Device - c:\program files\HOYA Computer Co.
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-19 21:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\relog_ap.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3272)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\system32\wscntfy.exe
c:\program files\Cobian Backup 10\cbInterface.exe
.
**************************************************************************
.
Heure de fin: 2012-07-19 22:03:15 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-07-19 20:03
.
Avant-CF: 28 974 616 576 octets libres
Après-CF: 29 154 373 632 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 25D8E8F614068BFFD2B647195CD2E796

Tu as vu ce que j'ai mis en gras dans le rapport ?

Fill
 Posté le 19/07/2012 à 22:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Re,

1/ Oui, j'ai vu ça. Pourquoi ?

2/ Peux-tu relancer rogue killer, option recherche et éditer le rapport ?

Fill

black_bass
 Posté le 19/07/2012 à 22:28 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien
1/ je pensais qu'il était toujours là 2/ Non je n'ai pas pu scanner avec RogueKiller car après l'avoir autorisé, le PC se crache violemment.

Modifié par black_bass le 19/07/2012 22:29
Publicité
Fill
 Posté le 19/07/2012 à 22:40 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

black_bass a écrit :
1/ je pensais qu'il était toujours là 2/ Non je n'ai pas pu scanner avec RogueKiller car après l'avoir autorisé, le PC se crache violemment.

Re,

1/ Même après Combofix, rogue killer provoque un plantage ?

2/

  • Télécharge gmer sur le bureau et dézippe-le (clic droit et extraire ici).
  • Double-clique sur gmer.exe sur le bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
  • Clique sur l'onglet "rootkit", puis vérifie que toutes les cases sont bien cochées,
  • Clique sur scan.
  • A la fin du scan, clique sur le bouton copy.
  • Dans démarrer>programmes>accessoires : ouvre le bloc-note et clique sur CTRL+V afin de copier le rapport dans ce même bloc-note.
  • Edite ce rapport dans ta prochaine réponse.

3/

  • Télécharge Ccleaner Slim sur le Bureau,
  • Installe-le,
  • Ouvre ccleaner et clique sur "Lancer le nettoyage".

4/ Fais une analyse en ligne comme indiqué ici et édite le rapport.

5/

Télécharger ZHPDiag de Nicolas Coolman


Double-cliquer sur le fichier ZHPDiag2.exe pour installer l'outil.

Sous Windows Vista et Windows 7, accepter l'exécution du fichier et ne pas modifier les options par défaut.

(Il n'est pas nécessaire de redémarrer.) Sur le bureau seront créées trois icônes

Sous XP, double clic sur celle de droite sur l'image

Sous Vista/7, faire un clic droit et Exécuter en tant qu'administrateur

Cliquez sur le tounevis (1) et choisissez Tous (2)
En cas de blocage, sur O80 par exemple ou 043,045, cliquez sur le tournevis pour les décocher

Cliquer sur la loupe pour lancer un scan (3)

Affichage du rapport à enregistrer

Le rapport sera enregistré sur le bureau

Vu la taille assez importante de ce dernier et pour éviter de le saucissonner et de gêner la lisibilité sur le forum, il sera hébergé comme indiqué ci-dessous. Au bas de la page de création du sujet ou d'une réponse cliquer sur "Insérer un rapport"

Dans la page suivante, cliquer sur "Parcourir" pour pointer vers le rapport ZHPDiag.txt qui devrait être sur votre bureau ou en C:

Cliquer maintenant sur "Envoyer"

Les explications en détails

Remarque : Si le rapport est trop volumineux pour l'héberger de cette façon, passer par un hébergeur comme Cjoint par exemple en cochant 4 jours pour la durée d'hébergement. Communiquer le lien obtenu.

Fill

KrystalEve
 Posté le 19/07/2012 à 22:56 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvel astucien

Bonsoir

Moi aussi j'ai eu deux fois trojan.bootkit.dropper j'ai regardé sur le forum malwarebytes et c'est un faux virus (A False positive)comme ils disent suffit de mettre à jour ton mam et puis voilà mais rien de grave pour ton ordi!!!A +++

black_bass
 Posté le 21/07/2012 à 12:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Salut,

J'ai énormément de mal a faire la procédure ci-dessus, mon PC rame énormément. J'ai été obligé de redémarrer après GMER et il avance à 2 à l'heure (20min pour démarrer et copier le compte rendu sur PCAstuces)

Je vais tenter d'aller jusqu'au bout

black_bass
 Posté le 21/07/2012 à 12:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

1) Même après Combofix, RogueKiller fait planter mon PC ;

2) Rapport Gmer : gmer.txt ;

3) Nettoyage avec Ccleaner sans problème ;

4) Eset commence le scan mais bloque sur C:\documents and settings\Admin\local settings\application data\Mrico...\wsusscn.cab Je n'ai pas pu finir.

5) J'ai continué avec ZHP dont le rapport se trouve en dessous



Modifié par black_bass le 21/07/2012 13:49
black_bass
 Posté le 21/07/2012 à 13:51 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Fichier joint : ZHPDiag.txt

Fill
 Posté le 21/07/2012 à 14:03 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Re,

On se passera d'Eset dans ce cas.

1/ Renomme Combofix en Uninstall et double-clique dessus.

2/

  • Sélectionne et copie ces lignes. Pour les copier, tu cliques sur CTRL+C après les avoir sélectionnées. Elles sont présentées entre quotes comme ceci :

EmptyTemp
EmptyFlash
EmptyCLSID
O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\vinyl97.sys:Zone.Identifier
C:\Documents and Settings\Admin\Local Settings\Application Data\Media Get LLC =>PUP.MediaGet
C:\Documents and Settings\Admin\Local Settings\Application Data\MediaGet2 =>PUP.MediaGet

  • Lance ZHPFix de Nicolas Coolman qui se trouve dans C:\Program Files\ZHPDiag. Pour XP, double-clique sur ZHPFix ; pour Vista, fais un clic droit sur l'icône et exécute en tant qu'administrateur.
  • Le logiciel s'ouvre,
  • Clique sur le bouton H pour importer dans l'outil lesl ignes que tu as sélectionnées.
  • Clique sur OK comme indiqué ci-dessous :

  • Les lignes du rapport apparaissent alors avec des cases à cocher.
  • Clique sur le bouton "Tous" après avoir vérifié une dernière fois que ces lignes sont conformes à celles sélectionnées au-dessus puis clique sur "Go" comme ceci :

  • Ceci va avoir pour effet de réaliser un correctif.
  • Dans la fenêtre du programme, celui-ci t'indique que le script a été effectué.
  • Si un redémarrage est demandé, effectue-le.
  • Copie-colle le contenu du rapport situé dans le dossier C:\ZHP et qui se nomme ZHPFixreport.txt

3/ Comment se comporte le pc ?

Fill



Modifié par Fill le 21/07/2012 14:04
black_bass
 Posté le 21/07/2012 à 17:15 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Re,

J'ai refait la procédure et ESET semble fonctionner. Je devais laisser du temps au temps. Le scan n'est pas encore fini mais il y a déjà quatres fichiers infectés mails ils portent tous le meme nom : win32\toolbar.zugoapplication

Je le laisse tourner jusqu'au bout et j'appliquerai ton dernier post après ?

3/ le pc rame encore et rend les taches pénibles meme après un redémarrage.

Yohan



Modifié par black_bass le 21/07/2012 17:18
black_bass
 Posté le 21/07/2012 à 19:14 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonsoir,

Eset a fini :

C:\System Volume Information\_restore{1F34DC60-0297-4614-BECB-63B01A4DCE10}\RP201\A0052289.exe Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{1F34DC60-0297-4614-BECB-63B01A4DCE10}\RP201\A0052291.dll Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{1F34DC60-0297-4614-BECB-63B01A4DCE10}\RP201\A0052292.exe Win32/Toolbar.Zugo application
C:\System Volume Information\_restore{1F34DC60-0297-4614-BECB-63B01A4DCE10}\RP201\A0052293.exe Win32/Toolbar.Zugo application

Publicité
Fill
 Posté le 21/07/2012 à 19:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Re,

OK. C'est dans la restauration système. On va la purger dans les dernières mesures.

Je vais juste contrôler avec un rapport Hijackthis ce qui se lance au démarrage. Tu peux t'aider de ce tuto :

https://forum.pcastuces.com/tutoriel_hijackthis_v_2002___tutoriel-f31s8.htm

Fill

black_bass
 Posté le 21/07/2012 à 19:33 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

J'attaque avec hijackthis ou par ton post de 14:03 ?

Fill
 Posté le 22/07/2012 à 01:00 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

black_bass a écrit :

J'attaque avec hijackthis ou par ton post de 14:03 ?

Celui de 14:03 d'abord.

Fill

black_bass
 Posté le 22/07/2012 à 10:48 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Slaut,

Copie-colle le contenu du rapport situé dans le dossier C:\ZHP et qui se nomme ZHPFixreport.txt

Je n'ai pas ce fichier la mais j'ai :

  1. ZHPFIX[R1]

Rapport de ZHPFix 1.2.07 par Nicolas Coolman, Update du 20/07/2012
Fichier d'export Registre :
Run by Admin at 22/07/2012 10:41:32
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Dossier(s) ==========
SUPPRIME Folder: c:\documents and settings\admin\local settings\application data\media get llc
SUPPRIME Folder: c:\documents and settings\admin\local settings\application data\mediaget2

========== Fichier(s) ==========
SUPPRIME Temporaires Windows:
SUPPRIME Flash Cookies:
SUPPRIME File: c:\windows\system32\drivers\vinyl97.sys


========== Récapitulatif ==========
2 : Dossier(s)
3 : Fichier(s)


End of clean in 00mn 01s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 22/07/2012 10:41:32 [831]

  1. et ZHPFIXQuarantine :

C:\ZHP\Quarantine\vinyl97.sys.VIR,c:\windows\system32\drivers\vinyl97.sys
C:\ZHP\Quarantine\media get llc.DIR,c:\documents and settings\admin\local settings\application data\media get llc
C:\ZHP\Quarantine\mediaget2.DIR,c:\documents and settings\admin\local settings\application data\mediaget2

J'ai un soucis avec Hijackthis car la nouvelle version 2.0.4 ne correspond pas au tuto :

Voili voilou...



Modifié par black_bass le 22/07/2012 11:00
Fill
 Posté le 22/07/2012 à 11:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Salut,

Il y a eu mise en quarantaine d'un fichier alors que je voulais supprimer son ADS

Dans ZHPfix, tu cliques sur le bouton "Quarantaine". Tu peux t'aider de la souris pour cela.

Restaure ce fichier : c:\windows\system32\drivers\vinyl97.sys

Fill

black_bass
 Posté le 22/07/2012 à 12:42 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

6min 40sec pour démarrer {#}

Fill
 Posté le 22/07/2012 à 19:00 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Salut,

Pour restaurer la quarantaine dans ZHPfix, tu cliques sur Q.

Pour Hijackthis, tu cliques sur "Do a system scan and save a log file".

Fill



Modifié par Fill le 22/07/2012 19:00
black_bass
 Posté le 22/07/2012 à 20:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Je sus dans le néans car j'ai été obligé de redemarrer en mode sans échec avec prise en chargedu réseau

Voici ce que j'ai et il est très difficile de communiquer avec toi. Je crois que c'est la fin.

J'ai essayé mon anciern disque dur sur lequel j'avais cloner C:/ mais ça ne marche pas non plus et en plus mes Master CD sont morts.

Je reprends contacte demain au travail car il m''est très difficle de lire ce qui est afffiché à l'écran.

Black_bass

Fill
 Posté le 22/07/2012 à 21:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grand Maître astucien

Re,

Je ne comprends pas. Que s'est-il passé pour en arriver là ?

Fill

Publicité
Pages : [1] 2 ... Fin
Page 1 sur 2 [Fin]

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
59,99 €Kit de 16 Go (2 x 8 Go) de mémoire DDR4 Corsair Vengeance LPX 3200 MHz à 59,99 €
Valable jusqu'au 26 Septembre

RueDuCommerce fait une promotion sur le kit de 16 Go (2x8 Go) de mémoire DDR4 Corsair Vengeance LPX 3200 MHz C16 qui passe à 59,99 €. On le trouve ailleurs autour de 90 €.


> Voir l'offre
67,46 €Boîtier PC NZXT H510 (ATX, panneau en verre trempé) à 67,46 €
Valable jusqu'au 28 Septembre

Amazon fait une promotion sur le boîtier PC NZXT H510 ATX qui passe à 67,46 € livré gratuitement alors qu'on le trouve ailleurs à plus de 90 €. Ce boîtier comporte un panneau en verre trempé et un cache pour votre alimentation. Fourni avec 2 ventilateurs qui assurent une circulation optimale de l'air, vous pourrez installer 2 unités en plus. Pour préserver l'élégance de votre système, l'admission d'air à l'avant et pour le bloc d’alimentation est entièrement filtrée. Au format moyen tour, le NZXT H510 est capable d'accueillir les configurations les plus puissantes : avec le support des cartes graphiques jusqu'à 380 mm.


> Voir l'offre
178,54 €Casque Audio Sans-fil Bose QuietComfort 35 V2 à 178,54 €
Valable jusqu'au 27 Septembre

Cdiscount fait une promotion sur l'excellent casque Audio Sans-fil Bose QuietComfort 35 V2 proposé à 178,54 € alors qu'on le trouve ailleurs à 250 €. Le QuietComfort 35 de Bose est un casque arceau circum aural sans fil au design léger et confortable offrant un son riche, clair et puissant avec la technologie Bluetooth/NFC. Grâce à sa technologie de réduction de bruit active, profitez pleinement de votre musique avec un silence inégalé pour entendre les moindres vibrations et pour des appels clairs et nets. Ce casque est livré avec un étui de transport, un adaptateur pour avion, un câble audio de secours et d'un câble de charge USB. Cette V2 intègre un assistant Google/Alexa avec un bouton dédié.


> Voir l'offre

Sujets relatifs
trojan.win32.patched.aa!A2
VIRUS DROPPER!!!!!!!!!
pc infecté par trojan
un trojan impossible a supprimer
win32 trojan-gen help me!!!
Trojan Win32.agent [résolu]
problème lecteur DVD suite à nettoyage trojan
virus? trojan? pb de DD
problème de trojan : help me!!!!!!!!
Anti-Trojan 5.5
Plus de sujets relatifs à Trojan.bootkit.dropper
 > Tous les forums > Forum Les mains dans le cambouis