Virus AntiMalware Doctor

informaticologue Messages postés 353 Statut Membre -  
 gen-hackman -
Bonjour,
J'ai choppé un virus qu'avira me signale depuis hier et qui a déja fait planté mon PC deux fois . Un antiMalwareDoctor qui s'est installé comme ça ! Aidez moi je poste ci joint le log Hijackthis

C:\Program Files\WinApplication\WinApplication.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jules\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - Global Startup: Application.lnk = C:\Program Files\WinApplication\WinApplication.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 7897 bytes

25 réponses

  • 1
  • 2
  1. gen-hackman
     
    salut supprime cca :

    C:\Program Files\WinApplication\WinApplication.exe

    ensuite :

    DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)

    ▶ Télécharge ici :List_Killem

    mirroirs :

    List_Kill'em
    List_Kill'em

    et enregistre le sur ton bureau

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur le raccourci sur ton bureau pour lancer l'installation

    Laisse coché :

    ♦ Executer List_Kill'em

    une fois terminée , clic sur "terminer"

    choisis l'option Search

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.

    Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan

    ▶ Poste les rapports qui apparaitront sur ton bureau : List'em.txt et More.txt

    ▶▶▶ NE LES POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶ Fais de même avec more.txt qui se trouve sur ton bureau
    0
  2. informaticologue Messages postés 353 Statut Membre 10
     
    List'em
    http://www.cijoint.fr/cjlink.php?file=cj201102/cija2PD5EA.txt

    More
    http://www.cijoint.fr/cjlink.php?file=cj201102/cijK7ytvK6.txt
    0
  3. gen-hackman
     
    1/....

    ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

    ▶ Lance le

    Une fenêtre apparait : clique sur "Disable"

    ▶ Fais redémarrer l'ordinateur si l'outil te le demande

    Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    ==================================

    2/....

    ▶ Télécharge ici : Ad-remover sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    ▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ==============================================

    3/......

    ▶ Télécharge ici : USBFIX sur ton bureau

    branche tous tes periphériques sans les ouvrir

    /!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur l'icône Usbfix située sur ton Bureau.
    Sur la page, clique sur le bouton :

    ▶ choisi l option Suppression

    ▶ UsbFix scannera ton pc , laisse travailler l outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    ▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    ============================================

    4/...............

    ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!

    ▶ Relance List&Kill'em,avec le raccourci sur ton bureau.

    mais cette fois-ci :

    ▶ choisis l'option Tools puis Script

    une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer

    un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :


    FILE:C:\Users\Jules\AppData\Local\WNlole.dll
    FILE:C:\Users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425
    REM:"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Aseke"
    REM:"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "hmod70twindl.exe"
    ADD:"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "PowerdownAfterShutdown" /t REG_SZ /d 1
    KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000"
    KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0C2DCB3A-77CF-D1B4-0977-D13C057BA619}"
    KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}"
    KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}"
    KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F9D1F24B-9EA2-E4AE-DD7F-07DF75EDD778}"
    REM:HKEY_LOCAL_MACHINE\software\ImInstaller
    FILE:C:\Users\Jules\AppData\Roaming\Adobe\plugs\KB18213522.exe
    FILE:C:\ProgramData\Soluto\Installer\SolutoInstaller.exe


    ▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le

    laisse travailler l'outil

    poste le resultat

    ▶ Ferme List_Kill'em

    Note : le rapport est sur ton bureau : Script_(4 chiffres).txt

    ===================================

    5/.....

    ▶ Relance List_Kill'em,avec le raccourci sur ton bureau.

    mais cette fois-ci :

    ▶ choisis l'Option Clean

    ▶▶▶ Ne clique qu'une seule fois sur le bouton !!

    laisse travailler l'outil.

    en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,

    ▶ colle le contenu dans ta reponse

    ▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
    0
  4. informaticologue Messages postés 353 Statut Membre 10
     
    ====== RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 16/02/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 19:00:10 le 21/02/2011, Mode normal

    Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
    Jules@PC-DE-COLIN (Packard Bell BV OEM)

    ============== ACTION(S) ==============

    (!) -- Fichiers temporaires supprimés.

    Clé supprimée: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
    Clé supprimée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{36D6A89E-C39F-4EE8-9181-C13E9BC739A5}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Everest Poker
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
    Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
    Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform|AskTB5.5

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [3.6.12 (fr)] ****

    Plugins\npdivx32.dll (DivX,Inc.)
    Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
    HKLM_MozillaPlugins\@nvidia.com/3DVision (x)
    HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x)
    HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
    HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
    Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
    HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Jules\Program Files\DNA
    HKCU_Extensions|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\SPFireFox (x)

    -- C:\Users\Jules\AppData\Roaming\Mozilla\FireFox\Profiles\3b3eh5kn.default --
    Extensions\cfxe@Triton (?)
    Extensions\firefox@ghostery.com (Ghostery)
    Extensions\fr-FR@dictionaries.addons.mozilla.org (Dictionnaire HunSpell en Français)
    Extensions\locationbar2@design-noir.de (Locationbar²)
    Extensions\redshift_V2@shift-themes.com (RedShift V3)
    Extensions\timetrack@usablehack.com (TimeTracker)
    Extensions\translator@dontfollowme.net (translator)
    Extensions\{11f123f0-8b67-11db-b606-0800200c9a66} (X-Mas (Light))
    Extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} (Black Steel)
    Searchplugins\daemon-search.xml (hxxp://www.daemon-search.com/search/web?q={searchTerms}/)
    Searchplugins\hoolight.xml (?)
    Searchplugins\kiwee-live-search.xml (?)
    Prefs.js - browser.download.dir, C:\\Users\\Jules\\Downloads
    Prefs.js - browser.download.lastDir, C:\\Users\\Jules\\Pictures
    Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12

    -- C:\Users\Colin\AppData\Roaming\Mozilla\FireFox\Profiles\t88vnip8.default --
    Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
    Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} (Aero Fox)
    Searchplugins\kiwee-live-search.xml (?)
    Prefs.js - browser.download.dir, C:\\Users\\Colin\\Desktop
    Prefs.js - browser.download.lastDir, C:\\Users\\Colin\\Pictures\\Her & Me
    Prefs.js - browser.search.defaultenginename, Google
    Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    Prefs.js - browser.startup.homepage, hxxp://lo.st
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.6
    Prefs.js - keyword.URL, hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01b...

    -- C:\Users\Echange de Maison\AppData\Roaming\Mozilla\FireFox\Profiles\misc76tu.default --
    Prefs.js - browser.startup.homepage, hxxp://portail.free.fr/
    Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.6

    ========================================

    **** Google Chrome Version [9.0.597.98] ****

    Google Chrome\Shell\Open\Command - C:\Users\Echange de Maison\AppData\Local\Google\Chrome\Application\chrome.exe

    -- C:\Users\Jules\AppData\Local\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "Google" (Activé: true) (?)
    Plugin - NVIDIA 3D Vision (Activé: true) (C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll)
    Plugin - NVIDIA 3D VISION (Activé: true) (C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll)
    Plugin - Pando Web Plugin (Activé: true) (C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll)
    Plugin - "DivX Player" (Activé: true)
    Plugin - "DivX Player Netscape Plugin" (Activé: true)
    Plugin - "Pando Web Plugin" (Activé: true)
    Plugin - "BitTorrent" (Activé: true)
    Plugin - "DNA Plug-in" (Activé: true)
    Plugin - "NVIDIA 3D Vision" (Activé: true)
    Plugin - "NVIDIA 3D VISION" (Activé: true)

    ========================================

    **** Internet Explorer Version [8.0.6001.19019] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_SearchScopes\{53B313AC-2B00-4c50-81EF-9DF29CA7F178} - "Ask.com" (hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms})
    HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
    HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
    HKCU_SearchScopes\{ED246ADC-1A96-4B58-AA65-22CA4ED21A08} - "hoolight" (hxxp://www.hoolight.com//?q={searchTerms})
    HKCU_Toolbar\WebBrowser|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (x)
    HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
    HKLM_Toolbar|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (x)
    HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
    HKCU_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x)
    HKCU_ElevationPolicy\{ED6B6125-501C-42F2-BD29-414534B7D146} - C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (x)
    HKLM_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 21/03/2010 13:39:57 (16611 Octet(s))
    C:\Ad-Report-CLEAN[2].txt - 21/02/2011 19:01:08 (8376 Octet(s))

    Fin à: 19:02:02, 21/02/2011

    ============== E.O.F ==============

    ############################## | UsbFix 7.040 | [Suppression]

    Utilisateur: Jules (Administrateur) # PC-DE-COLIN [Packard Bell BV OEM]
    Mis à jour le 18/02/2011 par El Desaparecido / C_XX
    Lancé à 19:17:16 | 21/02/2011
    Site Web: http://www.teamxscript.org
    Contact: eldesaparecido@teamxscript.org

    CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
    Internet Explorer 8.0.6001.19019

    Pare-feu Windows: Activé
    RAM -> 2046 Mo
    C:\ (%systemdrive%) -> Disque fixe # 458 Go (127 Go libre(s) - 28%) [HDD] # NTFS
    H:\ -> CD-ROM

    ################## | Éléments infectieux |

    Supprimé! C:\Users\Jules\Documents - Raccourci.lnk
    Supprimé! C:\$RECYCLE.BIN\S-1-5-20
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1002
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1003
    Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1004
    Supprimé! C:\temp.txt
    Non supprimé ! H:\autorun.inf
    Non supprimé ! H:\autorun.exe

    ################## | Registre |

    ################## | Mountpoints2 |

    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{45f6e413-b2bc-11dc-88e4-806e6f6e6963}
    Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{81d6db59-6cd4-11df-861a-001c252f6b0c}

    ################## | Listing |

    [01/03/2009 - 13:19:07 | D ] C:\$AVG8.VAULT$
    [21/02/2011 - 19:25:35 | SHD ] C:\$Recycle.Bin
    [23/03/2010 - 18:03:40 | D ] C:\493442f49224f848d867
    [09/07/2010 - 20:40:10 | D ] C:\Acc
    [01/03/2009 - 19:12:23 | N | 9019] C:\Ad-Report-Clean-01.03.2009.log
    [21/03/2010 - 13:53:21 | N | 16611] C:\Ad-Report-CLEAN[1].txt
    [21/02/2011 - 19:02:03 | N | 8515] C:\Ad-Report-CLEAN[2].txt
    [01/03/2009 - 19:01:08 | N | 9170] C:\Ad-Report-Scan-01.03.2009.log
    [18/09/2006 - 22:43:36 | N | 24] C:\autoexec.bat
    [21/03/2010 - 16:46:50 | RASHD ] C:\autorun.inf
    [20/06/2010 - 18:44:21 | D ] C:\boot
    [10/04/2009 - 23:36:38 | RASH | 333257] C:\bootmgr
    [13/09/2007 - 16:46:31 | N | 8192] C:\BOOTSECT.BAK
    [09/01/2010 - 11:04:32 | D ] C:\BywifiSave
    [20/02/2011 - 21:46:37 | D ] C:\Config.Msi
    [18/09/2006 - 22:43:37 | N | 10] C:\config.sys
    [02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
    [28/11/2010 - 21:49:14 | D ] C:\Downloads
    [13/09/2007 - 16:41:44 | D ] C:\drivers
    [08/01/2011 - 11:19:40 | D ] C:\FM Genie Scout 11
    [10/10/2010 - 18:00:15 | D ] C:\Fraps
    [21/12/2010 - 10:37:59 | D ] C:\Games
    [12/01/2011 - 21:00:26 | D ] C:\gPotato.eu
    [08/02/2009 - 09:39:16 | N | 530] C:\INSTALL.LOG
    [10/12/2008 - 11:23:16 | N | 0] C:\IO.SYS
    [22/03/2010 - 22:19:52 | N | 303] C:\JavaRa.log
    [21/02/2011 - 17:42:25 | D ] C:\Kill'em
    [10/12/2008 - 11:23:16 | N | 0] C:\MSDOS.SYS
    [10/12/2008 - 13:56:15 | D ] C:\MSNCleaner
    [13/09/2007 - 07:37:27 | RHD ] C:\MSOCache
    [24/07/2010 - 16:08:59 | D ] C:\NVIDIA
    [21/02/2011 - 19:14:15 | ASH | 2459709440] C:\pagefile.sys
    [27/02/2009 - 23:24:21 | D ] C:\perflogs
    [21/02/2011 - 18:59:56 | D ] C:\Program Files
    [21/01/2011 - 22:01:18 | D ] C:\ProgramData
    [22/10/2010 - 18:28:37 | D ] C:\PunkBuster
    [02/03/2009 - 20:40:48 | D ] C:\RECYCLER
    [16/01/2008 - 16:58:42 | N | 159] C:\Setup.log
    [23/03/2010 - 18:07:06 | D ] C:\SIERRA
    [18/02/2011 - 17:26:24 | SHD ] C:\System Volume Information
    [23/03/2010 - 18:02:26 | N | 4759] C:\TCleaner.txt
    [21/02/2011 - 19:25:36 | D ] C:\UsbFix
    [21/02/2011 - 19:17:26 | A | 3457] C:\UsbFix.txt
    [18/02/2010 - 11:42:06 | D ] C:\Users
    [13/09/2007 - 18:15:59 | D ] C:\WAUUPGRD
    [21/02/2011 - 19:14:14 | D ] C:\Windows
    [26/09/2008 - 11:47:58 | RA | 4096] H:\._
    [11/10/2008 - 19:22:20 | RA | 6148] H:\.DS_Store
    [26/11/2008 - 18:48:26 | RA | 560] H:\.hidden
    [16/09/2008 - 14:30:33 | RA | 53379] H:\.VolumeIcon.icns
    [16/08/2010 - 13:57:50 | RA | 154] H:\autorun.cfg
    [05/10/2010 - 15:53:16 | RA | 214344] H:\autorun.exe
    [11/09/2006 - 14:26:42 | RA | 27] H:\autorun.inf
    [21/09/2009 - 18:46:25 | RA | 106601] H:\background.png
    [27/11/2008 - 13:03:35 | RA | 1030144] H:\dbghelp.dll
    [09/10/2010 - 04:32:45 | RAD ] H:\Disk1
    [16/09/2010 - 17:16:00 | RA | 7876] H:\FM_readme_English.txt
    [04/10/2010 - 11:46:36 | RA | 8292] H:\FM_readme_French.txt
    [03/10/2008 - 12:17:57 | RAD ] H:\Launch Installer.app
    [27/11/2008 - 13:03:39 | RA | 1893640] H:\setup.exe
    [23/07/2008 - 14:45:42 | RA | 672] H:\special folders.xml
    [12/05/2009 - 10:53:55 | RAD ] H:\thirdparty

    ################## | Vaccin |

    C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
    H:\Autorun.inf -> Dossier créé par Panda USB Vaccine

    ¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤

    User : Jules (Utilisateurs)
    Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
    Start at: 20:18:17 | 21/02/2011

    Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.19019

    WebSite : Soon
    Thx to MPuissanceIV for the icon
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 457,76 Go (122,3 Go free) [HDD] | NTFS
    D:\ -> Disque amovible
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF

    Running Process Killed : PID 1712 'explorer.exe'

    ¤¤¤¤¤¤¤¤¤¤ Processes :

    ¤¤¤¤¤¤¤¤¤¤ Added Keys :

    ¤¤¤¤¤¤¤¤¤¤ Removed Keys :

    ¤¤¤¤¤¤¤¤¤¤ Ports closed :

    ¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :

    ¤¤¤¤¤¤¤¤¤¤ Drivers deleted :

    ¤¤¤¤¤¤¤¤¤¤ Object Restored :

    ¤¤¤¤¤¤¤¤¤¤ Folder List :

    ¤¤¤¤¤¤¤¤¤¤ Read File :

    ¤¤¤¤¤¤¤¤¤¤ Sign control :

    ¤¤¤¤¤¤¤¤¤¤ Key Look :

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d27cdb6e-ae6d-11cf-96b8-444553540000
    <NO NAME> REG_SZ Adobe Flash Player 9 ActiveX
    ComponentID REG_SZ Flash
    Version REG_SZ 9.0.0.0
    Locale REG_SZ EN
    IsInstalled REG_BINARY 01000000

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0c2dcb3a-77cf-d1b4-0977-d13c057ba619}
    <NO NAME> REG_SZ
    ComponentID REG_SZ
    IsInstalled REG_DWORD 1 (0x1)
    Local REG_SZ EN
    Version REG_SZ 11,0,6000,6324

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2a3320d6-c805-4280-b423-b665bde33d8f}
    ComponentID REG_SZ M979906
    <NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB979906)
    Version REG_SZ 1,1,4322
    Locale REG_SZ *
    IsInstalled REG_DWORD 1 (0x1)

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2f6efce6-10df-49f9-9e64-9ae3775b2588}
    IsInstalled REG_DWORD 1 (0x1)
    Locale REG_SZ *
    Version REG_SZ 1,1,4322
    ComponentID REG_SZ M2416447
    <NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB2416447)

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f9d1f24b-9ea2-e4ae-dd7f-07df75edd778}
    <NO NAME> REG_SZ Adobe Shockwave Director 10.1
    ComponentID REG_SZ Director
    IsInstalled REG_DWORD 1 (0x1)
    Local REG_SZ EN
    Version REG_SZ 10,1,4,20

    End at 20:18:48

    ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤

    User : Jules (Utilisateurs)
    Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
    Start at: 20:37:08 | 21/02/2011

    Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.19019

    WebSite : Soon
    Thx to MPuissanceIV for the icon
    Windows Firewall Status : Enabled

    C:\ -> Disque fixe local | 457,76 Go (122,4 Go free) [HDD] | NTFS
    D:\ -> Disque amovible
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF

    Boot: Safeboot
    Killed : PID 1684 'explorer.exe'
    Killed : PID 1684 'explorer.exe'
    Killed : PID 1684 'explorer.exe'
    Killed : PID 1684 'explorer.exe'
    Killed : PID 1684 'explorer.exe'

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
    Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
    Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425\enemies-names.txt
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20090911_222027.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20091231_114617.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163007.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163037.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163106.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100615_213110.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100620_192339.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100625_223705.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100706_163910.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100710_174645.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100728_112225.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100821_173545.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100917_172028.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20101008_183527.reg
    Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20101221_104130.reg
    Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\d3d8caps.dat
    Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\d3d9caps.dat
    Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\fusioncache.dat
    Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\GDIPFONTCACHEV1.DAT
    Quarantined & Deleted !! : C:\Windows\System32\ealregsnapshot1.reg

    ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

    127.0.0.1 localhost

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = C:\Windows\System32\blank.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.google.com/?gws_rd=ssl
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)
    AntiVirusOverride = 1 (0x1)
    FirewallDisableNotify = 0 (0x0)
    FirewallOverride = 1 (0x1)
    AntiVirusDisableNotify = 0 (0x0)
    UpdatesDisableNotify = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

    Ndisuio -> Start = 3
    EapHost -> Start = 2
    Wlansvc -> Start = 2
    SharedAccess -> Start = 2
    windefend -> Start = 2
    wuauserv -> Start = 2
    wscsvc -> Start = 2

    ¤¤¤¤¤¤¤¤¤¤ Winlogon

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell = 0 (0x0)
    Shell = Explorer.exe
    Userinit = C:\Windows\system32\Userinit.exe,
    VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
    System =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Disk Cleaned
    Prefetch cleaned
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST3500830AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85F5B439]<<
    1 ntkrnlpa!IofCallDriver[0x82E8A912] -> \Device\Harddisk0\DR0[0x85F39780]
    3 CLASSPNP[0x88DBC8B3] -> ntkrnlpa!IofCallDriver[0x82E8A912] -> [0x85C8D898]
    5 acpi[0x8349E6BC] -> ntkrnlpa!IofCallDriver[0x82E8A912] -> [0x85C6BB98]
    \Driver\atapi[0x85F3EBA0] -> IRP_MJ_CREATE -> 0x85F5B439
    kernel: MBR read successfully
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3500830AS_____________________________3.AAD___#5&315ecc10&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 976773166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    End of Scan : 20:40:38

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    http://www.cijoint.fr/cjlink.php?file=cj201102/cijK52BOiA.zip
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    t'as pas desactivé tes protections !!!!!!!!!!
    0
  7. informaticologue Messages postés 353 Statut Membre 10
     
    Je refait tout ??
    0
  8. gen-hackman
     
    non que les deux dernieres avec list_kill'em
    0
  9. informaticologue Messages postés 353 Statut Membre 10
     
    User : Jules (Utilisateurs)
    Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
    Start at: 18:18:12 | 22/02/2011

    Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.19019

    WebSite : Soon
    Thx to MPuissanceIV for the icon
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local | 457,76 Go (122,09 Go free) [HDD] | NTFS
    D:\ -> Disque amovible
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF

    Boot: Safeboot
    Killed : PID 1984 'explorer.exe'

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    ¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

    127.0.0.1 localhost

    ¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.msn.com/fr-fr
    Local Page = C:\Windows\System32\blank.htm
    Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page = https://www.google.com/?gws_rd=ssl
    Local Page = C:\WINDOWS\system32\blank.htm
    Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    ¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    cval = 1 (0x1)
    AntiVirusOverride = 1 (0x1)
    FirewallDisableNotify = 0 (0x0)
    FirewallOverride = 1 (0x1)
    AntiVirusDisableNotify = 0 (0x0)
    ¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤

    User : Jules (Utilisateurs)
    Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
    Start at: 18:13:18 | 22/02/2011

    Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
    Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
    Internet Explorer 8.0.6001.19019

    WebSite : Soon
    Thx to MPuissanceIV for the icon
    Windows Firewall Status : Disabled

    C:\ -> Disque fixe local | 457,76 Go (122,12 Go free) [HDD] | NTFS
    D:\ -> Disque amovible
    E:\ -> Disque amovible
    F:\ -> Disque amovible
    G:\ -> Disque amovible
    H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF

    Running Process Killed : PID 1740 'explorer.exe'

    ¤¤¤¤¤¤¤¤¤¤ Processes :

    ¤¤¤¤¤¤¤¤¤¤ Added Keys :

    ¤¤¤¤¤¤¤¤¤¤ Removed Keys :

    ¤¤¤¤¤¤¤¤¤¤ Ports closed :

    ¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :

    ¤¤¤¤¤¤¤¤¤¤ Drivers deleted :

    ¤¤¤¤¤¤¤¤¤¤ Object Restored :

    ¤¤¤¤¤¤¤¤¤¤ Folder List :

    ¤¤¤¤¤¤¤¤¤¤ Read File :

    ¤¤¤¤¤¤¤¤¤¤ Sign control :

    ¤¤¤¤¤¤¤¤¤¤ Key Look :

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d27cdb6e-ae6d-11cf-96b8-444553540000
    <NO NAME> REG_SZ Adobe Flash Player 9 ActiveX
    ComponentID REG_SZ Flash
    Version REG_SZ 9.0.0.0
    Locale REG_SZ EN
    IsInstalled REG_BINARY 01000000

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0c2dcb3a-77cf-d1b4-0977-d13c057ba619}
    <NO NAME> REG_SZ
    ComponentID REG_SZ
    IsInstalled REG_DWORD 1 (0x1)
    Local REG_SZ EN
    Version REG_SZ 11,0,6000,6324

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2a3320d6-c805-4280-b423-b665bde33d8f}
    ComponentID REG_SZ M979906
    <NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB979906)
    Version REG_SZ 1,1,4322
    Locale REG_SZ *
    IsInstalled REG_DWORD 1 (0x1)

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2f6efce6-10df-49f9-9e64-9ae3775b2588}
    IsInstalled REG_DWORD 1 (0x1)
    Locale REG_SZ *
    Version REG_SZ 1,1,4322
    ComponentID REG_SZ M2416447
    <NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB2416447)

    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f9d1f24b-9ea2-e4ae-dd7f-07df75edd778}
    <NO NAME> REG_SZ Adobe Shockwave Director 10.1
    ComponentID REG_SZ Director
    IsInstalled REG_DWORD 1 (0x1)
    Local REG_SZ EN
    Version REG_SZ 10,1,4,20

    End at 18:13:55

    ¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

    UpdatesDisableNotify = 0 (0x0)

    ¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

    Ndisuio -> Start = 3
    EapHost -> Start = 2
    Wlansvc -> Start = 2
    SharedAccess -> Start = 2
    windefend -> Start = 2
    wuauserv -> Start = 2
    wscsvc -> Start = 2

    ¤¤¤¤¤¤¤¤¤¤ Winlogon

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    AutoRestartShell = 0 (0x0)
    Shell = Explorer.exe
    Userinit = C:\Windows\system32\Userinit.exe,
    VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
    System =

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    Disk Cleaned
    Prefetch cleaned
    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    FEATURE_BROWSER_EMULATION | svchost :
    ====================================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6002 Disk: ST3500830AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85F5F439]<<
    1 ntkrnlpa!IofCallDriver[0x82E80912] -> \Device\Harddisk0\DR0[0x85F3E030]
    3 CLASSPNP[0x88DB48B3] -> ntkrnlpa!IofCallDriver[0x82E80912] -> [0x85CB8898]
    5 acpi[0x834946BC] -> ntkrnlpa!IofCallDriver[0x82E80912] -> [0x85C8AB98]
    \Driver\atapi[0x85F4BAB8] -> IRP_MJ_CREATE -> 0x85F5F439
    kernel: MBR read successfully
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3500830AS_____________________________3.AAD___#5&315ecc10&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 976773166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    End of Scan : 18:18:46

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    http://www.cijoint.fr/cjlink.php?file=cj201102/cijw7gahB4.zip
    0
  10. gen-hackman
     
    ▶ Télécharge TDSSKiller

    ▶ Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant que........... " )

    L'outil va télécharger automatiquement la dernière version de TDSSKiller puis lancera une analyse.

    Patiente pendant le scan. A la fin de l'analyse, appuies sur une touche. Un rapport va s'ouvrir.

    ▶ Copie/Colle son contenu dans ta prochaine réponse.

    Note : Le rapport se trouve également sous C:\tdsskiller.txt.
    0
  11. informaticologue Messages postés 353 Statut Membre 10
     
    2011/02/22 21:10:27.0045 1644 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
    2011/02/22 21:10:29.0438 1644 ================================================================================
    2011/02/22 21:10:29.0438 1644 SystemInfo:
    2011/02/22 21:10:29.0438 1644
    2011/02/22 21:10:29.0439 1644 OS Version: 6.0.6002 ServicePack: 2.0
    2011/02/22 21:10:29.0439 1644 Product type: Workstation
    2011/02/22 21:10:29.0439 1644 ComputerName: PC-DE-COLIN
    2011/02/22 21:10:29.0439 1644 UserName: Jules
    2011/02/22 21:10:29.0439 1644 Windows directory: C:\Windows
    2011/02/22 21:10:29.0439 1644 System windows directory: C:\Windows
    2011/02/22 21:10:29.0439 1644 Processor architecture: Intel x86
    2011/02/22 21:10:29.0439 1644 Number of processors: 4
    2011/02/22 21:10:29.0439 1644 Page size: 0x1000
    2011/02/22 21:10:29.0439 1644 Boot type: Safe boot with network
    2011/02/22 21:10:29.0439 1644 ================================================================================
    2011/02/22 21:10:29.0766 1644 Initialize success
    2011/02/22 21:11:50.0345 1920 ================================================================================
    2011/02/22 21:11:50.0345 1920 Scan started
    2011/02/22 21:11:50.0345 1920 Mode: Manual;
    2011/02/22 21:11:50.0345 1920 ================================================================================
    2011/02/22 21:11:50.0658 1920 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/02/22 21:11:50.0716 1920 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    2011/02/22 21:11:51.0013 1920 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/02/22 21:11:51.0157 1920 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/02/22 21:11:51.0252 1920 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/02/22 21:11:51.0277 1920 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/02/22 21:11:51.0389 1920 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
    2011/02/22 21:11:51.0587 1920 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/02/22 21:11:51.0687 1920 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/02/22 21:11:51.0732 1920 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/02/22 21:11:51.0865 1920 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/02/22 21:11:51.0943 1920 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/02/22 21:11:52.0021 1920 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/02/22 21:11:52.0114 1920 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/02/22 21:11:52.0422 1920 appdrv01 (f951c27fe54e1b2b5ada9719289b4756) C:\Windows\system32\Drivers\appdrv01.sys
    2011/02/22 21:11:52.0570 1920 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/02/22 21:11:52.0668 1920 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/02/22 21:11:52.0931 1920 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/22 21:11:53.0015 1920 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/02/22 21:11:53.0199 1920 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/02/22 21:11:53.0352 1920 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/02/22 21:11:53.0499 1920 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/02/22 21:11:53.0587 1920 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/02/22 21:11:53.0925 1920 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/22 21:11:54.0040 1920 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/02/22 21:11:54.0231 1920 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/02/22 21:11:54.0341 1920 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/02/22 21:11:54.0426 1920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/02/22 21:11:54.0564 1920 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/02/22 21:11:54.0679 1920 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/02/22 21:11:54.0760 1920 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/02/22 21:11:54.0967 1920 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/22 21:11:55.0046 1920 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/22 21:11:55.0102 1920 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/02/22 21:11:55.0206 1920 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/02/22 21:11:55.0394 1920 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/02/22 21:11:55.0506 1920 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2011/02/22 21:11:55.0616 1920 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/02/22 21:11:55.0658 1920 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/02/22 21:11:55.0863 1920 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/22 21:11:55.0975 1920 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/02/22 21:11:56.0035 1920 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/02/22 21:11:56.0181 1920 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/02/22 21:11:56.0644 1920 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/02/22 21:11:57.0120 1920 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    2011/02/22 21:11:57.0767 1920 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/22 21:11:58.0429 1920 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/22 21:11:58.0523 1920 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/02/22 21:11:58.0648 1920 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/02/22 21:11:58.0866 1920 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/02/22 21:11:59.0053 1920 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/02/22 21:11:59.0194 1920 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/02/22 21:11:59.0334 1920 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/22 21:11:59.0584 1920 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/22 21:11:59.0755 1920 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/02/22 21:11:59.0911 1920 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/22 21:12:00.0099 1920 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/22 21:12:00.0426 1920 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/22 21:12:00.0629 1920 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/02/22 21:12:00.0707 1920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/02/22 21:12:00.0847 1920 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    2011/02/22 21:12:01.0081 1920 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/02/22 21:12:01.0191 1920 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/02/22 21:12:01.0362 1920 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/22 21:12:01.0487 1920 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/02/22 21:12:01.0721 1920 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/02/22 21:12:01.0908 1920 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/22 21:12:02.0127 1920 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/02/22 21:12:02.0361 1920 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/02/22 21:12:02.0470 1920 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/02/22 21:12:02.0595 1920 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/22 21:12:02.0719 1920 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/02/22 21:12:02.0829 1920 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/02/22 21:12:02.0969 1920 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/02/22 21:12:03.0094 1920 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/02/22 21:12:03.0156 1920 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/22 21:12:03.0265 1920 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/22 21:12:03.0468 1920 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/02/22 21:12:03.0593 1920 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/02/22 21:12:03.0718 1920 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/02/22 21:12:03.0780 1920 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/02/22 21:12:03.0905 1920 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/22 21:12:04.0045 1920 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/02/22 21:12:04.0123 1920 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/02/22 21:12:04.0217 1920 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/22 21:12:04.0264 1920 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/22 21:12:04.0357 1920 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/22 21:12:04.0467 1920 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/22 21:12:04.0607 1920 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/02/22 21:12:04.0716 1920 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/02/22 21:12:04.0841 1920 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/02/22 21:12:04.0997 1920 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/02/22 21:12:05.0059 1920 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/02/22 21:12:05.0169 1920 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/02/22 21:12:05.0247 1920 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/22 21:12:05.0371 1920 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/22 21:12:05.0496 1920 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/22 21:12:05.0543 1920 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/22 21:12:05.0621 1920 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/02/22 21:12:05.0824 1920 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/22 21:12:05.0949 1920 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/02/22 21:12:06.0073 1920 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/22 21:12:06.0136 1920 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/22 21:12:06.0339 1920 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/22 21:12:06.0417 1920 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/22 21:12:06.0479 1920 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/02/22 21:12:06.0573 1920 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/02/22 21:12:06.0775 1920 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/02/22 21:12:06.0916 1920 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
    2011/02/22 21:12:07.0025 1920 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/02/22 21:12:07.0134 1920 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/22 21:12:07.0197 1920 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/22 21:12:07.0353 1920 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/22 21:12:07.0415 1920 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/22 21:12:07.0540 1920 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/22 21:12:07.0665 1920 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/22 21:12:07.0774 1920 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/02/22 21:12:07.0945 1920 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/22 21:12:07.0992 1920 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/02/22 21:12:08.0101 1920 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/22 21:12:08.0179 1920 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/22 21:12:08.0226 1920 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/22 21:12:08.0335 1920 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/22 21:12:08.0429 1920 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/22 21:12:08.0507 1920 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/22 21:12:08.0632 1920 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/02/22 21:12:08.0757 1920 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
    2011/02/22 21:12:08.0881 1920 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
    2011/02/22 21:12:09.0006 1920 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
    2011/02/22 21:12:09.0147 1920 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/02/22 21:12:09.0193 1920 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
    2011/02/22 21:12:09.0349 1920 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/22 21:12:09.0505 1920 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/22 21:12:09.0708 1920 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/02/22 21:12:09.0833 1920 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/02/22 21:12:09.0973 1920 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
    2011/02/22 21:12:10.0254 1920 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/02/22 21:12:10.0410 1920 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/02/22 21:12:10.0457 1920 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/02/22 21:12:10.0597 1920 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/02/22 21:12:10.0925 1920 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/22 21:12:11.0112 1920 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/02/22 21:12:11.0175 1920 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/02/22 21:12:11.0299 1920 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/02/22 21:12:11.0377 1920 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
    2011/02/22 21:12:11.0440 1920 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
    2011/02/22 21:12:11.0611 1920 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/02/22 21:12:11.0705 1920 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/02/22 21:12:11.0830 1920 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/02/22 21:12:11.0970 1920 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/02/22 21:12:12.0204 1920 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/22 21:12:12.0298 1920 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/02/22 21:12:12.0407 1920 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/22 21:12:12.0469 1920 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/02/22 21:12:12.0594 1920 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/02/22 21:12:12.0703 1920 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/02/22 21:12:12.0781 1920 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/22 21:12:12.0891 1920 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/22 21:12:12.0984 1920 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/22 21:12:13.0031 1920 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/22 21:12:13.0125 1920 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/22 21:12:13.0234 1920 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/22 21:12:13.0359 1920 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/22 21:12:13.0483 1920 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/02/22 21:12:13.0686 1920 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/22 21:12:13.0827 1920 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/22 21:12:13.0951 1920 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/22 21:12:14.0061 1920 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    2011/02/22 21:12:14.0201 1920 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/02/22 21:12:14.0388 1920 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/02/22 21:12:14.0451 1920 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/02/22 21:12:14.0560 1920 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/02/22 21:12:14.0638 1920 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/02/22 21:12:14.0841 1920 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
    2011/02/22 21:12:14.0965 1920 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/02/22 21:12:15.0090 1920 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
    2011/02/22 21:12:15.0153 1920 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/02/22 21:12:15.0418 1920 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/02/22 21:12:15.0465 1920 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/02/22 21:12:15.0558 1920 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/22 21:12:15.0667 1920 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
    2011/02/22 21:12:15.0792 1920 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/02/22 21:12:15.0933 1920 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
    2011/02/22 21:12:16.0057 1920 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/22 21:12:16.0167 1920 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/22 21:12:16.0229 1920 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/22 21:12:16.0369 1920 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/02/22 21:12:16.0510 1920 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
    2011/02/22 21:12:16.0635 1920 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/22 21:12:16.0744 1920 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/02/22 21:12:16.0775 1920 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/02/22 21:12:16.0869 1920 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/02/22 21:12:17.0103 1920 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/02/22 21:12:17.0227 1920 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/22 21:12:17.0321 1920 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/22 21:12:17.0368 1920 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/22 21:12:17.0446 1920 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/22 21:12:17.0571 1920 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/22 21:12:17.0680 1920 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/22 21:12:17.0898 1920 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/22 21:12:17.0945 1920 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/22 21:12:18.0023 1920 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/22 21:12:18.0226 1920 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/22 21:12:18.0351 1920 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/02/22 21:12:18.0413 1920 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/02/22 21:12:18.0522 1920 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/02/22 21:12:18.0616 1920 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/02/22 21:12:18.0694 1920 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/22 21:12:18.0756 1920 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2011/02/22 21:12:18.0865 1920 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/02/22 21:12:18.0943 1920 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/22 21:12:18.0990 1920 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/02/22 21:12:19.0177 1920 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/22 21:12:19.0302 1920 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/22 21:12:19.0411 1920 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
    2011/02/22 21:12:19.0536 1920 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/02/22 21:12:19.0661 1920 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/22 21:12:19.0755 1920 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/02/22 21:12:19.0801 1920 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/22 21:12:19.0879 1920 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/22 21:12:20.0004 1920 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/02/22 21:12:20.0129 1920 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/22 21:12:20.0191 1920 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/02/22 21:12:20.0332 1920 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/02/22 21:12:20.0363 1920 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/02/22 21:12:20.0457 1920 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/02/22 21:12:20.0519 1920 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/02/22 21:12:20.0706 1920 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/22 21:12:20.0753 1920 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/02/22 21:12:20.0878 1920 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/02/22 21:12:21.0049 1920 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/02/22 21:12:21.0174 1920 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/22 21:12:21.0205 1920 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/22 21:12:21.0299 1920 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/02/22 21:12:21.0424 1920 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/22 21:12:21.0642 1920 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/02/22 21:12:21.0767 1920 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/02/22 21:12:21.0892 1920 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/22 21:12:21.0985 1920 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/22 21:12:22.0048 1920 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
    2011/02/22 21:12:22.0157 1920 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/02/22 21:12:22.0251 1920 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/02/22 21:12:22.0251 1920 ================================================================================
    2011/02/22 21:12:22.0251 1920 Scan finished
    2011/02/22 21:12:22.0251 1920 ================================================================================
    2011/02/22 21:12:22.0329 0344 Detected object count: 1
    2011/02/22 21:12:29.0676 0344 \HardDisk0 - will be cured after reboot
    2011/02/22 21:12:29.0676 0344 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    0
  12. informaticologue Messages postés 353 Statut Membre 10
     
    Le PC ?
    0
  13. informaticologue Messages postés 353 Statut Membre 10
     
    2011/02/22 21:37:49.0476 5168 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
    2011/02/22 21:37:49.0995 5168 ================================================================================
    2011/02/22 21:37:49.0995 5168 SystemInfo:
    2011/02/22 21:37:49.0996 5168
    2011/02/22 21:37:49.0996 5168 OS Version: 6.0.6002 ServicePack: 2.0
    2011/02/22 21:37:49.0996 5168 Product type: Workstation
    2011/02/22 21:37:49.0996 5168 ComputerName: PC-DE-COLIN
    2011/02/22 21:37:49.0996 5168 UserName: Jules
    2011/02/22 21:37:49.0996 5168 Windows directory: C:\Windows
    2011/02/22 21:37:49.0996 5168 System windows directory: C:\Windows
    2011/02/22 21:37:49.0996 5168 Processor architecture: Intel x86
    2011/02/22 21:37:49.0996 5168 Number of processors: 4
    2011/02/22 21:37:49.0996 5168 Page size: 0x1000
    2011/02/22 21:37:49.0996 5168 Boot type: Normal boot
    2011/02/22 21:37:49.0996 5168 ================================================================================
    2011/02/22 21:37:50.0621 5168 Initialize success
    2011/02/22 21:37:53.0780 5892 ================================================================================
    2011/02/22 21:37:53.0780 5892 Scan started
    2011/02/22 21:37:53.0780 5892 Mode: Manual;
    2011/02/22 21:37:53.0780 5892 ================================================================================
    2011/02/22 21:37:55.0285 5892 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    2011/02/22 21:37:55.0559 5892 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
    2011/02/22 21:37:56.0566 5892 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    2011/02/22 21:37:56.0873 5892 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    2011/02/22 21:37:56.0935 5892 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    2011/02/22 21:37:57.0124 5892 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    2011/02/22 21:37:57.0464 5892 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
    2011/02/22 21:37:57.0793 5892 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
    2011/02/22 21:37:58.0062 5892 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    2011/02/22 21:37:58.0423 5892 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    2011/02/22 21:37:59.0187 5892 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    2011/02/22 21:37:59.0290 5892 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    2011/02/22 21:37:59.0371 5892 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    2011/02/22 21:37:59.0477 5892 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    2011/02/22 21:38:00.0021 5892 appdrv01 (f951c27fe54e1b2b5ada9719289b4756) C:\Windows\system32\Drivers\appdrv01.sys
    2011/02/22 21:38:00.0635 5892 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    2011/02/22 21:38:00.0892 5892 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    2011/02/22 21:38:01.0271 5892 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/02/22 21:38:01.0622 5892 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    2011/02/22 21:38:01.0822 5892 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/02/22 21:38:02.0183 5892 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/02/22 21:38:02.0557 5892 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/02/22 21:38:02.0893 5892 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    2011/02/22 21:38:03.0856 5892 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
    2011/02/22 21:38:04.0347 5892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    2011/02/22 21:38:04.0796 5892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    2011/02/22 21:38:05.0213 5892 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    2011/02/22 21:38:05.0648 5892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    2011/02/22 21:38:06.0027 5892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    2011/02/22 21:38:06.0393 5892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    2011/02/22 21:38:06.0740 5892 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    2011/02/22 21:38:07.0272 5892 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/02/22 21:38:07.0510 5892 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/02/22 21:38:07.0807 5892 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    2011/02/22 21:38:08.0069 5892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    2011/02/22 21:38:08.0390 5892 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    2011/02/22 21:38:08.0627 5892 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    2011/02/22 21:38:08.0921 5892 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    2011/02/22 21:38:09.0138 5892 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    2011/02/22 21:38:09.0376 5892 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
    2011/02/22 21:38:09.0672 5892 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    2011/02/22 21:38:10.0140 5892 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    2011/02/22 21:38:10.0993 5892 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    2011/02/22 21:38:11.0190 5892 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    2011/02/22 21:38:11.0349 5892 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
    2011/02/22 21:38:11.0622 5892 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    2011/02/22 21:38:12.0018 5892 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/02/22 21:38:12.0241 5892 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    2011/02/22 21:38:12.0476 5892 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    2011/02/22 21:38:12.0803 5892 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    2011/02/22 21:38:13.0096 5892 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    2011/02/22 21:38:13.0364 5892 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    2011/02/22 21:38:13.0513 5892 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    2011/02/22 21:38:13.0711 5892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    2011/02/22 21:38:13.0926 5892 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    2011/02/22 21:38:14.0160 5892 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/02/22 21:38:14.0363 5892 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    2011/02/22 21:38:14.0621 5892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/02/22 21:38:14.0849 5892 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    2011/02/22 21:38:15.0040 5892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2011/02/22 21:38:15.0282 5892 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    2011/02/22 21:38:15.0550 5892 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
    2011/02/22 21:38:15.0886 5892 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
    2011/02/22 21:38:16.0189 5892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/02/22 21:38:16.0401 5892 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    2011/02/22 21:38:16.0648 5892 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    2011/02/22 21:38:16.0866 5892 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/02/22 21:38:17.0105 5892 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    2011/02/22 21:38:17.0412 5892 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    2011/02/22 21:38:17.0617 5892 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    2011/02/22 21:38:17.0804 5892 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/02/22 21:38:18.0166 5892 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    2011/02/22 21:38:18.0474 5892 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    2011/02/22 21:38:18.0965 5892 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
    2011/02/22 21:38:19.0222 5892 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    2011/02/22 21:38:19.0470 5892 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/02/22 21:38:19.0725 5892 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/02/22 21:38:20.0159 5892 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    2011/02/22 21:38:20.0422 5892 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    2011/02/22 21:38:20.0744 5892 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    2011/02/22 21:38:21.0017 5892 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    2011/02/22 21:38:21.0262 5892 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/02/22 21:38:21.0444 5892 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    2011/02/22 21:38:21.0594 5892 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    2011/02/22 21:38:21.0744 5892 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/02/22 21:38:21.0868 5892 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/02/22 21:38:22.0113 5892 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
    2011/02/22 21:38:22.0330 5892 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/02/22 21:38:22.0522 5892 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    2011/02/22 21:38:22.0674 5892 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    2011/02/22 21:38:22.0820 5892 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    2011/02/22 21:38:22.0985 5892 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    2011/02/22 21:38:23.0168 5892 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    2011/02/22 21:38:23.0331 5892 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    2011/02/22 21:38:23.0742 5892 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    2011/02/22 21:38:23.0819 5892 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/02/22 21:38:23.0905 5892 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/02/22 21:38:24.0090 5892 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    2011/02/22 21:38:24.0248 5892 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    2011/02/22 21:38:24.0333 5892 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    2011/02/22 21:38:24.0405 5892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    2011/02/22 21:38:24.0500 5892 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    2011/02/22 21:38:24.0628 5892 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/02/22 21:38:24.0786 5892 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/02/22 21:38:24.0887 5892 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/02/22 21:38:25.0027 5892 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    2011/02/22 21:38:25.0126 5892 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    2011/02/22 21:38:25.0245 5892 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    2011/02/22 21:38:25.0331 5892 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
    2011/02/22 21:38:25.0453 5892 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    2011/02/22 21:38:25.0633 5892 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/02/22 21:38:25.0750 5892 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/02/22 21:38:25.0863 5892 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    2011/02/22 21:38:26.0056 5892 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    2011/02/22 21:38:26.0228 5892 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/02/22 21:38:26.0403 5892 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    2011/02/22 21:38:26.0557 5892 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    2011/02/22 21:38:26.0783 5892 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/02/22 21:38:27.0008 5892 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    2011/02/22 21:38:27.0296 5892 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/02/22 21:38:27.0417 5892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/02/22 21:38:27.0506 5892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/02/22 21:38:27.0715 5892 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    2011/02/22 21:38:27.0970 5892 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    2011/02/22 21:38:28.0174 5892 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    2011/02/22 21:38:28.0357 5892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    2011/02/22 21:38:28.0526 5892 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
    2011/02/22 21:38:28.0664 5892 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
    2011/02/22 21:38:28.0963 5892 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
    2011/02/22 21:38:29.0244 5892 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    2011/02/22 21:38:29.0407 5892 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
    2011/02/22 21:38:29.0624 5892 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    2011/02/22 21:38:29.0919 5892 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    2011/02/22 21:38:30.0088 5892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    2011/02/22 21:38:30.0155 5892 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    2011/02/22 21:38:30.0254 5892 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
    2011/02/22 21:38:31.0353 5892 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/02/22 21:38:31.0520 5892 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    2011/02/22 21:38:31.0641 5892 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    2011/02/22 21:38:31.0726 5892 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    2011/02/22 21:38:32.0019 5892 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/02/22 21:38:32.0168 5892 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    2011/02/22 21:38:32.0279 5892 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
    2011/02/22 21:38:32.0381 5892 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    2011/02/22 21:38:32.0504 5892 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
    2011/02/22 21:38:32.0601 5892 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
    2011/02/22 21:38:32.0724 5892 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    2011/02/22 21:38:32.0854 5892 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    2011/02/22 21:38:33.0057 5892 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    2011/02/22 21:38:33.0203 5892 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    2011/02/22 21:38:33.0612 5892 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/02/22 21:38:33.0697 5892 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    2011/02/22 21:38:33.0813 5892 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    2011/02/22 21:38:34.0123 5892 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/02/22 21:38:34.0288 5892 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    2011/02/22 21:38:34.0511 5892 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    2011/02/22 21:38:34.0695 5892 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    2011/02/22 21:38:34.0817 5892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/02/22 21:38:34.0975 5892 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/02/22 21:38:35.0185 5892 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/02/22 21:38:35.0278 5892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/02/22 21:38:35.0366 5892 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/02/22 21:38:35.0490 5892 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/02/22 21:38:35.0642 5892 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    2011/02/22 21:38:35.0782 5892 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    2011/02/22 21:38:35.0949 5892 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
    2011/02/22 21:38:36.0110 5892 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/02/22 21:38:36.0329 5892 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    2011/02/22 21:38:36.0501 5892 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    2011/02/22 21:38:36.0675 5892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/02/22 21:38:36.0763 5892 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    2011/02/22 21:38:36.0947 5892 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    2011/02/22 21:38:37.0154 5892 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    2011/02/22 21:38:37.0302 5892 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
    2011/02/22 21:38:37.0429 5892 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    2011/02/22 21:38:37.0605 5892 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
    2011/02/22 21:38:37.0749 5892 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    2011/02/22 21:38:37.0873 5892 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    2011/02/22 21:38:38.0012 5892 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    2011/02/22 21:38:38.0145 5892 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    2011/02/22 21:38:38.0263 5892 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
    2011/02/22 21:38:38.0363 5892 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    2011/02/22 21:38:38.0599 5892 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
    2011/02/22 21:38:38.0755 5892 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
    2011/02/22 21:38:38.0893 5892 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
    2011/02/22 21:38:39.0096 5892 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/02/22 21:38:39.0286 5892 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/02/22 21:38:39.0657 5892 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
    2011/02/22 21:38:39.0861 5892 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    2011/02/22 21:38:39.0989 5892 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    2011/02/22 21:38:40.0049 5892 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    2011/02/22 21:38:40.0143 5892 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    2011/02/22 21:38:40.0272 5892 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
    2011/02/22 21:38:40.0572 5892 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/02/22 21:38:40.0772 5892 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    2011/02/22 21:38:40.0896 5892 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    2011/02/22 21:38:40.0946 5892 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    2011/02/22 21:38:41.0015 5892 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    2011/02/22 21:38:41.0118 5892 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    2011/02/22 21:38:41.0255 5892 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/02/22 21:38:41.0348 5892 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/02/22 21:38:41.0447 5892 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/02/22 21:38:41.0501 5892 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    2011/02/22 21:38:41.0611 5892 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    2011/02/22 21:38:41.0689 5892 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    2011/02/22 21:38:41.0779 5892 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    2011/02/22 21:38:41.0896 5892 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    2011/02/22 21:38:42.0121 5892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    2011/02/22 21:38:42.0251 5892 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
    2011/02/22 21:38:42.0326 5892 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    2011/02/22 21:38:42.0399 5892 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/02/22 21:38:42.0498 5892 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    2011/02/22 21:38:42.0681 5892 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/02/22 21:38:42.0866 5892 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/02/22 21:38:43.0020 5892 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
    2011/02/22 21:38:43.0138 5892 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    2011/02/22 21:38:43.0230 5892 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/02/22 21:38:43.0297 5892 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/02/22 21:38:43.0400 5892 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/02/22 21:38:43.0534 5892 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/02/22 21:38:43.0666 5892 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    2011/02/22 21:38:43.0740 5892 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/02/22 21:38:43.0850 5892 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    2011/02/22 21:38:44.0009 5892 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    2011/02/22 21:38:44.0196 5892 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    2011/02/22 21:38:44.0290 5892 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    2011/02/22 21:38:44.0342 5892 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    2011/02/22 21:38:44.0507 5892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    2011/02/22 21:38:44.0660 5892 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    2011/02/22 21:38:44.0801 5892 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    2011/02/22 21:38:45.0069 5892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    2011/02/22 21:38:45.0166 5892 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/22 21:38:45.0184 5892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/02/22 21:38:45.0371 5892 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    2011/02/22 21:38:45.0464 5892 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    2011/02/22 21:38:45.0839 5892 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    2011/02/22 21:38:46.0213 5892 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    2011/02/22 21:38:46.0400 5892 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/02/22 21:38:46.0521 5892 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/02/22 21:38:46.0739 5892 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
    2011/02/22 21:38:46.0861 5892 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
    2011/02/22 21:38:46.0946 5892 ================================================================================
    2011/02/22 21:38:46.0946 5892 Scan finished
    2011/02/22 21:38:46.0946 5892 ================================================================================
    2011/02/22 21:39:08.0173 1432 Deinitialize success
    0
  14. gen-hackman
     
    fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge ici :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    ▶ Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    --
    G3?-?@¢??@?......Concepteur de List_Kill'em...
    0
  15. informaticologue Messages postés 353 Statut Membre 10
     
    alwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 5851

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    23/02/2011 16:40:19
    mbam-log-2011-02-23 (16-40-19).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 576611
    Temps écoulé: 3 heure(s), 15 minute(s), 13 seconde(s)

    Processus mémoire infecté(s): 1
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 4
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    c:\Windows\temp\xofq\setup.exe (Trojan.FakeAlert) -> 2256 -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Spyware.Zbot) -> Value: userinit -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aseke (Trojan.Agent.U) -> Value: Aseke -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Bad: (C:\Users\Jules\AppData\Roaming\sdra64.exe) Good: () -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\Userinit.exe,C:\Users\Jules\AppData\Roaming\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\Windows\temp\xofq\setup.exe (Trojan.FakeAlert) -> Delete on reboot.
    c:\program files\list_kill'em\catchme.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\program files\list_kill'em\dns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Jules\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
    c:\Users\Jules\AppData\Local\Temp\0.5195480196333749.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    0
  16. gen-hackman
     
    hello

    ▶ Télécharge ZHPDiag (de Nicolas Coolman)

    ou :ZHPDiag

    Enregistre le sur ton Bureau.

    Une fois le téléchargement achevé,

    ▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

    ▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.

    ▶ Clique sur la loupe pour lancer l'analyse.

    A la fin de l'analyse,

    ▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

    Pour me le transmettre clique sur ce lien :

    http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    0
  17. informaticologue Messages postés 353 Statut Membre 10
     
    http://www.cijoint.fr/cjlink.php?file=cj201102/cijfReHs07.txt
    0
  18. gen-hackman
     
    bon


    /!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\

    __________________________________________________________
    >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
    >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
    =====================================================


    ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur

    Telecharge ici : Combofix

    Avant d'utiliser ComboFix :

    Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
    La simple désactivation du résident n'est pas suffisante.
    Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
    Choisis la version adéquate (32 ou 64 bits)/!\

    Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

    ▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau

    ▶ Lance le

    Une fenêtre apparait : clique sur "Disable"

    ▶ Fais redémarrer l'ordinateur si l'outil te le demande

    Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

    _________________________________________________________
    >> referme les fenêtres de tous les programmes en cours.
    >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
    >>la protection en temps réel de ton Antivirus et de tes Antispywares,
    >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    ¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤

    ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

    ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    0
  19. informaticologue Messages postés 353 Statut Membre 10
     
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\tdsskiller\tdsskiller.exe
    c:\users\Jules\AppData\Roaming\Adobe\plugs
    c:\users\Jules\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-23 au 2011-02-23 ))))))))))))))))))))))))))))))))))))
    .

    2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Invité\AppData\Local\temp
    2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Echange de Maison\AppData\Local\temp
    2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Colin\AppData\Local\temp
    2011-02-23 17:14 . 2011-02-23 18:22 -------- d-----w- c:\program files\ZHPDiag
    2011-02-22 20:39 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA0B0741-9B57-47C0-B76D-71123E7C16D9}\mpengine.dll
    2011-02-22 20:13 . 2011-02-23 15:34 -------- d-sh--w- c:\users\Jules\AppData\Roaming\lowsec
    2011-02-22 20:09 . 2011-02-23 19:39 -------- d-----w- C:\tdsskiller
    2011-02-22 19:11 . 2011-02-22 19:11 722944 ----a-w- c:\windows\system32\ypgvsaym.dll
    2011-02-21 18:09 . 2011-02-21 18:25 -------- d-----w- C:\UsbFix
    2011-02-21 17:59 . 2011-02-21 17:59 -------- d-----w- c:\program files\Ad-Remover
    2011-02-21 16:42 . 2011-02-21 19:37 -------- d-----w- C:\Kill'em
    2011-02-21 16:41 . 2011-02-23 15:40 -------- d-----w- c:\program files\List_Kill'em
    2011-02-02 14:09 . 2011-02-09 21:12 -------- d-----w- c:\users\Jules\AppData\Roaming\.minecraft
    2011-01-31 20:58 . 2011-01-31 21:24 -------- d-----w- c:\users\Jules\AppData\Roaming\FileZilla
    2011-01-30 10:38 . 2011-01-30 10:38 -------- d-----w- c:\users\Colin\AppData\Local\LogMeIn Hamachi

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-14 19:41 . 2007-12-25 08:34 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-01-14 19:41 . 2010-03-04 22:18 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-01-14 19:41 . 2007-12-25 08:34 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-01-14 19:39 . 2007-12-25 08:34 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
    2011-01-09 15:50 . 2007-12-25 08:34 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
    2010-12-28 15:55 . 2011-01-12 14:51 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-26 20:22 . 2010-12-26 20:22 729088 ----a-w- c:\windows\iun6002.exe
    2010-12-20 17:09 . 2008-12-29 17:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 17:08 . 2008-12-29 17:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-14 14:49 . 2011-01-12 14:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-02 21:30 . 2010-12-02 21:30 74240 ----a-w- c:\windows\system32\nx6000res.dll
    2010-12-02 21:30 . 2010-12-02 21:30 631808 ----a-w- c:\windows\system32\LCCoin36.dll
    2010-12-02 21:30 . 2010-12-02 21:30 509440 ----a-w- c:\windows\system32\LcProxy2.ax
    2010-12-02 21:30 . 2010-12-02 21:30 25600 ----a-w- c:\windows\system32\drivers\nx6000.sys
    2007-09-13 06:33 . 2007-09-13 06:33 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
    2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
    2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
    .
    [code]<pre>
    c:\program files\iTunes\iTunesHelper .exe
    c:\program files\LogMeIn Hamachi\hamachi-2-ui .exe
    c:\program files\Microsoft IntelliType Pro\itype .exe
    c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
    c:\program files\QuickTime\QTTask .exe
    </pre>/code

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73B61547-0D52-FD42-80D3-E1237A63CDD0}]
    2011-02-22 19:11 722944 ----a-w- c:\windows\System32\ypgvsaym.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
    @="{73B61547-0D52-FD42-80D3-E1237A63CDD0}"
    [HKEY_CLASSES_ROOT\CLSID\{73B61547-0D52-FD42-80D3-E1237A63CDD0}]
    2011-02-22 19:11 722944 ----a-w- c:\windows\System32\ypgvsaym.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-15 2975640]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-03 328056]
    "hmod70twindl.exe"="c:\users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425\hmod70twindl.exe" [N/A]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [N/A]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [N/A]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [N/A]

    c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
    OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
    2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADownloadManager\Core.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-03-20 21:07 133104 ----atw- c:\users\Jules\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    c:\program files\iTunes\iTunesHelper.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    c:\program files\QuickTime\QTTask.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-11-17 12:23 1242448 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-10-03 17:24 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
    0
  • 1
  • 2