Virus AntiMalware Doctor
informaticologue
Messages postés
353
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai choppé un virus qu'avira me signale depuis hier et qui a déja fait planté mon PC deux fois . Un antiMalwareDoctor qui s'est installé comme ça ! Aidez moi je poste ci joint le log Hijackthis
C:\Program Files\WinApplication\WinApplication.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jules\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - Global Startup: Application.lnk = C:\Program Files\WinApplication\WinApplication.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
J'ai choppé un virus qu'avira me signale depuis hier et qui a déja fait planté mon PC deux fois . Un antiMalwareDoctor qui s'est installé comme ça ! Aidez moi je poste ci joint le log Hijackthis
C:\Program Files\WinApplication\WinApplication.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BywifiBHO - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jules\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files\Glary Utilities\memdefrag.exe" /autostart
O4 - Global Startup: Application.lnk = C:\Program Files\WinApplication\WinApplication.exe
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing)
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (file missing) (HKCU)
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/fr/scan8/oscan8.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
A voir également:
- Virus AntiMalware Doctor
- Pc doctor - Télécharger - Optimisation
- Virus mcafee - Accueil - Piratage
- Spyware doctor - Télécharger - Antivirus & Antimalwares
- Disk doctor - Télécharger - Récupération de données
- Car doctor - Télécharger - Vie quotidienne
25 réponses
salut supprime cca :
C:\Program Files\WinApplication\WinApplication.exe
ensuite :
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Killem
mirroirs :
List_Kill'em
List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau : List'em.txt et More.txt
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
C:\Program Files\WinApplication\WinApplication.exe
ensuite :
DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!! (car l'outil est detecté a tort comme infection contenant un module qui sert à arrêter des processus , et un autre servant à prendre des droits dans le registre pour effectuer des suppressions)
▶ Télécharge ici :List_Killem
mirroirs :
List_Kill'em
List_Kill'em
et enregistre le sur ton bureau
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur le raccourci sur ton bureau pour lancer l'installation
Laisse coché :
♦ Executer List_Kill'em
une fois terminée , clic sur "terminer"
choisis l'option Search
▶ laisse travailler l'outil
à l'apparition de la fenetre blanche , c'est un peu long , c'est normal ,c'est une recherche supplementaire de fichiers cachés , le programme n'est pas bloqué.
Attention : il se peut que l'outil bloque anormalement longtemps arrivé à 95% à l'affichage "2nd Check", relance-le avec le raccourci sur le bureau sans l'arreter , puis clique sur le tout petit "X" en bas de la fenetre d'accueil du programme, ca le debloquera pour finir son scan
▶ Poste les rapports qui apparaitront sur ton bureau : List'em.txt et More.txt
▶▶▶ NE LES POSTE PAS SUR LE FORUM
Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et selectionne , un par un , les fichiers concernés apparus sur ton bureau
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=265368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Fais de même avec more.txt qui se trouve sur ton bureau
List'em
http://www.cijoint.fr/cjlink.php?file=cj201102/cija2PD5EA.txt
More
http://www.cijoint.fr/cjlink.php?file=cj201102/cijK7ytvK6.txt
http://www.cijoint.fr/cjlink.php?file=cj201102/cija2PD5EA.txt
More
http://www.cijoint.fr/cjlink.php?file=cj201102/cijK7ytvK6.txt
1/....
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
==================================
2/....
▶ Télécharge ici : Ad-remover sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
==============================================
3/......
▶ Télécharge ici : USBFIX sur ton bureau
branche tous tes periphériques sans les ouvrir
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :
▶ choisi l option Suppression
▶ UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
============================================
4/...............
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
FILE:C:\Users\Jules\AppData\Local\WNlole.dll
FILE:C:\Users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425
REM:"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Aseke"
REM:"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "hmod70twindl.exe"
ADD:"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "PowerdownAfterShutdown" /t REG_SZ /d 1
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0C2DCB3A-77CF-D1B4-0977-D13C057BA619}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F9D1F24B-9EA2-E4AE-DD7F-07DF75EDD778}"
REM:HKEY_LOCAL_MACHINE\software\ImInstaller
FILE:C:\Users\Jules\AppData\Roaming\Adobe\plugs\KB18213522.exe
FILE:C:\ProgramData\Soluto\Installer\SolutoInstaller.exe
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
===================================
5/.....
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
==================================
2/....
▶ Télécharge ici : Ad-remover sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
▶ sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ clique le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis "option Nettoyer" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
==============================================
3/......
▶ Télécharge ici : USBFIX sur ton bureau
branche tous tes periphériques sans les ouvrir
/!\ Désactive provisoirement et seulement le temps de l'utilisation d'USBFIX, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur l'icône Usbfix située sur ton Bureau.
Sur la page, clique sur le bouton :
▶ choisi l option Suppression
▶ UsbFix scannera ton pc , laisse travailler l outil.
▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
▶ Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
============================================
4/...............
ATTENTION !! ce script est réservé uniquement à cette machine , ne pas reproduire !!!!!
▶ Relance List&Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'option Tools puis Script
une fenêtre noire va s'ouvrir brievement , et List_Kill'em va se fermer
un nouveau document texte s'ouvre , copie/colle ce en gras si dessous :
FILE:C:\Users\Jules\AppData\Local\WNlole.dll
FILE:C:\Users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425
REM:"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Aseke"
REM:"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "hmod70twindl.exe"
ADD:"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "PowerdownAfterShutdown" /t REG_SZ /d 1
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\D27CDB6E-AE6D-11CF-96B8-444553540000"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0C2DCB3A-77CF-D1B4-0977-D13C057BA619}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2A3320D6-C805-4280-B423-B665BDE33D8F}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2F6EFCE6-10DF-49F9-9E64-9AE3775B2588}"
KLOOK:"HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F9D1F24B-9EA2-E4AE-DD7F-07DF75EDD778}"
REM:HKEY_LOCAL_MACHINE\software\ImInstaller
FILE:C:\Users\Jules\AppData\Roaming\Adobe\plugs\KB18213522.exe
FILE:C:\ProgramData\Soluto\Installer\SolutoInstaller.exe
▶ enregistre le document texte avec l'onglet fichier (enregistrer) de ce dernier , puis ferme-le
laisse travailler l'outil
▶ poste le resultat
▶ Ferme List_Kill'em
Note : le rapport est sur ton bureau : Script_(4 chiffres).txt
===================================
5/.....
▶ Relance List_Kill'em,avec le raccourci sur ton bureau.
mais cette fois-ci :
▶ choisis l'Option Clean
▶▶▶ Ne clique qu'une seule fois sur le bouton !!
laisse travailler l'outil.
en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau ,
▶ colle le contenu dans ta reponse
▶ envoie le zip Upload_ta-session_List_Kill'em.zip via cijoint.fr
====== RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 16/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 19:00:10 le 21/02/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
Jules@PC-DE-COLIN (Packard Bell BV OEM)
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Clé supprimée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{36D6A89E-C39F-4EE8-9181-C13E9BC739A5}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Everest Poker
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform|AskTB5.5
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [3.6.12 (fr)] ****
Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
HKLM_MozillaPlugins\@nvidia.com/3DVision (x)
HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Jules\Program Files\DNA
HKCU_Extensions|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\SPFireFox (x)
-- C:\Users\Jules\AppData\Roaming\Mozilla\FireFox\Profiles\3b3eh5kn.default --
Extensions\cfxe@Triton (?)
Extensions\firefox@ghostery.com (Ghostery)
Extensions\fr-FR@dictionaries.addons.mozilla.org (Dictionnaire HunSpell en Français)
Extensions\locationbar2@design-noir.de (Locationbar²)
Extensions\redshift_V2@shift-themes.com (RedShift V3)
Extensions\timetrack@usablehack.com (TimeTracker)
Extensions\translator@dontfollowme.net (translator)
Extensions\{11f123f0-8b67-11db-b606-0800200c9a66} (X-Mas (Light))
Extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} (Black Steel)
Searchplugins\daemon-search.xml (hxxp://www.daemon-search.com/search/web?q={searchTerms}/)
Searchplugins\hoolight.xml (?)
Searchplugins\kiwee-live-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Jules\\Downloads
Prefs.js - browser.download.lastDir, C:\\Users\\Jules\\Pictures
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12
-- C:\Users\Colin\AppData\Roaming\Mozilla\FireFox\Profiles\t88vnip8.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} (Aero Fox)
Searchplugins\kiwee-live-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Colin\\Desktop
Prefs.js - browser.download.lastDir, C:\\Users\\Colin\\Pictures\\Her & Me
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.startup.homepage, hxxp://lo.st
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.6
Prefs.js - keyword.URL, hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01b...
-- C:\Users\Echange de Maison\AppData\Roaming\Mozilla\FireFox\Profiles\misc76tu.default --
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.6
========================================
**** Google Chrome Version [9.0.597.98] ****
Google Chrome\Shell\Open\Command - C:\Users\Echange de Maison\AppData\Local\Google\Chrome\Application\chrome.exe
-- C:\Users\Jules\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Plugin - NVIDIA 3D Vision (Activé: true) (C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll)
Plugin - NVIDIA 3D VISION (Activé: true) (C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll)
Plugin - Pando Web Plugin (Activé: true) (C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll)
Plugin - "DivX Player" (Activé: true)
Plugin - "DivX Player Netscape Plugin" (Activé: true)
Plugin - "Pando Web Plugin" (Activé: true)
Plugin - "BitTorrent" (Activé: true)
Plugin - "DNA Plug-in" (Activé: true)
Plugin - "NVIDIA 3D Vision" (Activé: true)
Plugin - "NVIDIA 3D VISION" (Activé: true)
========================================
**** Internet Explorer Version [8.0.6001.19019] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{53B313AC-2B00-4c50-81EF-9DF29CA7F178} - "Ask.com" (hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms})
HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
HKCU_SearchScopes\{ED246ADC-1A96-4B58-AA65-22CA4ED21A08} - "hoolight" (hxxp://www.hoolight.com//?q={searchTerms})
HKCU_Toolbar\WebBrowser|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (x)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (x)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKCU_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x)
HKCU_ElevationPolicy\{ED6B6125-501C-42F2-BD29-414534B7D146} - C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (x)
HKLM_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 21/03/2010 13:39:57 (16611 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 21/02/2011 19:01:08 (8376 Octet(s))
Fin à: 19:02:02, 21/02/2011
============== E.O.F ==============
############################## | UsbFix 7.040 | [Suppression]
Utilisateur: Jules (Administrateur) # PC-DE-COLIN [Packard Bell BV OEM]
Mis à jour le 18/02/2011 par El Desaparecido / C_XX
Lancé à 19:17:16 | 21/02/2011
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
Pare-feu Windows: Activé
RAM -> 2046 Mo
C:\ (%systemdrive%) -> Disque fixe # 458 Go (127 Go libre(s) - 28%) [HDD] # NTFS
H:\ -> CD-ROM
################## | Éléments infectieux |
Supprimé! C:\Users\Jules\Documents - Raccourci.lnk
Supprimé! C:\$RECYCLE.BIN\S-1-5-20
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1002
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1003
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1004
Supprimé! C:\temp.txt
Non supprimé ! H:\autorun.inf
Non supprimé ! H:\autorun.exe
################## | Registre |
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{45f6e413-b2bc-11dc-88e4-806e6f6e6963}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{81d6db59-6cd4-11df-861a-001c252f6b0c}
################## | Listing |
[01/03/2009 - 13:19:07 | D ] C:\$AVG8.VAULT$
[21/02/2011 - 19:25:35 | SHD ] C:\$Recycle.Bin
[23/03/2010 - 18:03:40 | D ] C:\493442f49224f848d867
[09/07/2010 - 20:40:10 | D ] C:\Acc
[01/03/2009 - 19:12:23 | N | 9019] C:\Ad-Report-Clean-01.03.2009.log
[21/03/2010 - 13:53:21 | N | 16611] C:\Ad-Report-CLEAN[1].txt
[21/02/2011 - 19:02:03 | N | 8515] C:\Ad-Report-CLEAN[2].txt
[01/03/2009 - 19:01:08 | N | 9170] C:\Ad-Report-Scan-01.03.2009.log
[18/09/2006 - 22:43:36 | N | 24] C:\autoexec.bat
[21/03/2010 - 16:46:50 | RASHD ] C:\autorun.inf
[20/06/2010 - 18:44:21 | D ] C:\boot
[10/04/2009 - 23:36:38 | RASH | 333257] C:\bootmgr
[13/09/2007 - 16:46:31 | N | 8192] C:\BOOTSECT.BAK
[09/01/2010 - 11:04:32 | D ] C:\BywifiSave
[20/02/2011 - 21:46:37 | D ] C:\Config.Msi
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[28/11/2010 - 21:49:14 | D ] C:\Downloads
[13/09/2007 - 16:41:44 | D ] C:\drivers
[08/01/2011 - 11:19:40 | D ] C:\FM Genie Scout 11
[10/10/2010 - 18:00:15 | D ] C:\Fraps
[21/12/2010 - 10:37:59 | D ] C:\Games
[12/01/2011 - 21:00:26 | D ] C:\gPotato.eu
[08/02/2009 - 09:39:16 | N | 530] C:\INSTALL.LOG
[10/12/2008 - 11:23:16 | N | 0] C:\IO.SYS
[22/03/2010 - 22:19:52 | N | 303] C:\JavaRa.log
[21/02/2011 - 17:42:25 | D ] C:\Kill'em
[10/12/2008 - 11:23:16 | N | 0] C:\MSDOS.SYS
[10/12/2008 - 13:56:15 | D ] C:\MSNCleaner
[13/09/2007 - 07:37:27 | RHD ] C:\MSOCache
[24/07/2010 - 16:08:59 | D ] C:\NVIDIA
[21/02/2011 - 19:14:15 | ASH | 2459709440] C:\pagefile.sys
[27/02/2009 - 23:24:21 | D ] C:\perflogs
[21/02/2011 - 18:59:56 | D ] C:\Program Files
[21/01/2011 - 22:01:18 | D ] C:\ProgramData
[22/10/2010 - 18:28:37 | D ] C:\PunkBuster
[02/03/2009 - 20:40:48 | D ] C:\RECYCLER
[16/01/2008 - 16:58:42 | N | 159] C:\Setup.log
[23/03/2010 - 18:07:06 | D ] C:\SIERRA
[18/02/2011 - 17:26:24 | SHD ] C:\System Volume Information
[23/03/2010 - 18:02:26 | N | 4759] C:\TCleaner.txt
[21/02/2011 - 19:25:36 | D ] C:\UsbFix
[21/02/2011 - 19:17:26 | A | 3457] C:\UsbFix.txt
[18/02/2010 - 11:42:06 | D ] C:\Users
[13/09/2007 - 18:15:59 | D ] C:\WAUUPGRD
[21/02/2011 - 19:14:14 | D ] C:\Windows
[26/09/2008 - 11:47:58 | RA | 4096] H:\._
[11/10/2008 - 19:22:20 | RA | 6148] H:\.DS_Store
[26/11/2008 - 18:48:26 | RA | 560] H:\.hidden
[16/09/2008 - 14:30:33 | RA | 53379] H:\.VolumeIcon.icns
[16/08/2010 - 13:57:50 | RA | 154] H:\autorun.cfg
[05/10/2010 - 15:53:16 | RA | 214344] H:\autorun.exe
[11/09/2006 - 14:26:42 | RA | 27] H:\autorun.inf
[21/09/2009 - 18:46:25 | RA | 106601] H:\background.png
[27/11/2008 - 13:03:35 | RA | 1030144] H:\dbghelp.dll
[09/10/2010 - 04:32:45 | RAD ] H:\Disk1
[16/09/2010 - 17:16:00 | RA | 7876] H:\FM_readme_English.txt
[04/10/2010 - 11:46:36 | RA | 8292] H:\FM_readme_French.txt
[03/10/2008 - 12:17:57 | RAD ] H:\Launch Installer.app
[27/11/2008 - 13:03:39 | RA | 1893640] H:\setup.exe
[23/07/2008 - 14:45:42 | RA | 672] H:\special folders.xml
[12/05/2009 - 10:53:55 | RAD ] H:\thirdparty
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Dossier créé par Panda USB Vaccine
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Jules (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 20:18:17 | 21/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 457,76 Go (122,3 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Running Process Killed : PID 1712 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d27cdb6e-ae6d-11cf-96b8-444553540000
<NO NAME> REG_SZ Adobe Flash Player 9 ActiveX
ComponentID REG_SZ Flash
Version REG_SZ 9.0.0.0
Locale REG_SZ EN
IsInstalled REG_BINARY 01000000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0c2dcb3a-77cf-d1b4-0977-d13c057ba619}
<NO NAME> REG_SZ
ComponentID REG_SZ
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 11,0,6000,6324
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2a3320d6-c805-4280-b423-b665bde33d8f}
ComponentID REG_SZ M979906
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB979906)
Version REG_SZ 1,1,4322
Locale REG_SZ *
IsInstalled REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2f6efce6-10df-49f9-9e64-9ae3775b2588}
IsInstalled REG_DWORD 1 (0x1)
Locale REG_SZ *
Version REG_SZ 1,1,4322
ComponentID REG_SZ M2416447
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB2416447)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f9d1f24b-9ea2-e4ae-dd7f-07df75edd778}
<NO NAME> REG_SZ Adobe Shockwave Director 10.1
ComponentID REG_SZ Director
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 10,1,4,20
End at 20:18:48
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
User : Jules (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 20:37:08 | 21/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 457,76 Go (122,4 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Boot: Safeboot
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425\enemies-names.txt
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20090911_222027.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20091231_114617.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163007.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163037.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163106.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100615_213110.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100620_192339.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100625_223705.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100706_163910.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100710_174645.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100728_112225.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100821_173545.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100917_172028.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20101008_183527.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20101221_104130.reg
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\d3d8caps.dat
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\fusioncache.dat
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Windows\System32\ealregsnapshot1.reg
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
AntiVirusOverride = 1 (0x1)
FirewallDisableNotify = 0 (0x0)
FirewallOverride = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 0 (0x0)
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3500830AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85F5B439]<<
1 ntkrnlpa!IofCallDriver[0x82E8A912] -> \Device\Harddisk0\DR0[0x85F39780]
3 CLASSPNP[0x88DBC8B3] -> ntkrnlpa!IofCallDriver[0x82E8A912] -> [0x85C8D898]
5 acpi[0x8349E6BC] -> ntkrnlpa!IofCallDriver[0x82E8A912] -> [0x85C6BB98]
\Driver\atapi[0x85F3EBA0] -> IRP_MJ_CREATE -> 0x85F5B439
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3500830AS_____________________________3.AAD___#5&315ecc10&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
End of Scan : 20:40:38
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201102/cijK52BOiA.zip
Mis à jour par TeamXscript le 16/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [2]) -> Lancé à 19:00:10 le 21/02/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X86)
Jules@PC-DE-COLIN (Packard Bell BV OEM)
============== ACTION(S) ==============
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\Interface\{DB885111-F39F-4D88-9EE5-C88460B6DF7B}
Clé supprimée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_installer.exe
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{36D6A89E-C39F-4EE8-9181-C13E9BC739A5}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Everest Poker
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyWebSearch bar Uninstall
Erreur suppression clé: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo jimddp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo hpfanicgkffmccehnpkikogcffaepkfp
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0|goicfboogidikkejccmclpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhglgc
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform|AskTB5.5
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [3.6.12 (fr)] ****
Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
HKLM_MozillaPlugins\@nvidia.com/3DVision (x)
HKLM_MozillaPlugins\@nvidia.com/3DVisionStreaming (x)
HKLM_MozillaPlugins\@pandonetworks.com/PandoWebPlugin (x)
HKCU_MozillaPlugins\pandonetworks.com/PandoWebPlugin (x)
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
HKCU_Extensions|{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a} - C:\Users\Jules\Program Files\DNA
HKCU_Extensions|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\SPFireFox (x)
-- C:\Users\Jules\AppData\Roaming\Mozilla\FireFox\Profiles\3b3eh5kn.default --
Extensions\cfxe@Triton (?)
Extensions\firefox@ghostery.com (Ghostery)
Extensions\fr-FR@dictionaries.addons.mozilla.org (Dictionnaire HunSpell en Français)
Extensions\locationbar2@design-noir.de (Locationbar²)
Extensions\redshift_V2@shift-themes.com (RedShift V3)
Extensions\timetrack@usablehack.com (TimeTracker)
Extensions\translator@dontfollowme.net (translator)
Extensions\{11f123f0-8b67-11db-b606-0800200c9a66} (X-Mas (Light))
Extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66} (Black Steel)
Searchplugins\daemon-search.xml (hxxp://www.daemon-search.com/search/web?q={searchTerms}/)
Searchplugins\hoolight.xml (?)
Searchplugins\kiwee-live-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Jules\\Downloads
Prefs.js - browser.download.lastDir, C:\\Users\\Jules\\Pictures
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.12
-- C:\Users\Colin\AppData\Roaming\Mozilla\FireFox\Profiles\t88vnip8.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} (Aero Fox)
Searchplugins\kiwee-live-search.xml (?)
Prefs.js - browser.download.dir, C:\\Users\\Colin\\Desktop
Prefs.js - browser.download.lastDir, C:\\Users\\Colin\\Pictures\\Her & Me
Prefs.js - browser.search.defaultenginename, Google
Prefs.js - browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
Prefs.js - browser.startup.homepage, hxxp://lo.st
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.6
Prefs.js - keyword.URL, hxxp://kwtb.search.imgag.com/?c=GNKIW29193&sbs=1&sc=2&f=web&vernum=1.0&uid=&did=f8d4a70c-98e2-4081-901d-01b...
-- C:\Users\Echange de Maison\AppData\Roaming\Mozilla\FireFox\Profiles\misc76tu.default --
Prefs.js - browser.startup.homepage, hxxp://portail.free.fr/
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.6
========================================
**** Google Chrome Version [9.0.597.98] ****
Google Chrome\Shell\Open\Command - C:\Users\Echange de Maison\AppData\Local\Google\Chrome\Application\chrome.exe
-- C:\Users\Jules\AppData\Local\Google\Chrome\User Data\Default --
Preferences - default_search_provider: "Google" (Activé: true) (?)
Plugin - NVIDIA 3D Vision (Activé: true) (C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll)
Plugin - NVIDIA 3D VISION (Activé: true) (C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll)
Plugin - Pando Web Plugin (Activé: true) (C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll)
Plugin - "DivX Player" (Activé: true)
Plugin - "DivX Player Netscape Plugin" (Activé: true)
Plugin - "Pando Web Plugin" (Activé: true)
Plugin - "BitTorrent" (Activé: true)
Plugin - "DNA Plug-in" (Activé: true)
Plugin - "NVIDIA 3D Vision" (Activé: true)
Plugin - "NVIDIA 3D VISION" (Activé: true)
========================================
**** Internet Explorer Version [8.0.6001.19019] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{53B313AC-2B00-4c50-81EF-9DF29CA7F178} - "Ask.com" (hxxp://www.ask.com/web?&o=13795&l=dis&q={searchTerms})
HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
HKCU_SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9} - "DAEMON Search" (hxxp://www.daemon-search.com/search/web?q={searchTerms})
HKCU_SearchScopes\{ED246ADC-1A96-4B58-AA65-22CA4ED21A08} - "hoolight" (hxxp://www.hoolight.com//?q={searchTerms})
HKCU_Toolbar\WebBrowser|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (x)
HKCU_Toolbar\WebBrowser|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKLM_Toolbar|{0329E7D6-6F54-462D-93F6-F5C3118BADF2} (x)
HKLM_Toolbar|{32099AAC-C132-4136-9E9A-4E364A424E17} (C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll)
HKCU_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x)
HKCU_ElevationPolicy\{ED6B6125-501C-42F2-BD29-414534B7D146} - C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe (x)
HKLM_ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953} - C:\Program Files\SpeedBit Video Downloader\Converter.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
HKLM_Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66} - "?" (?)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 21/03/2010 13:39:57 (16611 Octet(s))
C:\Ad-Report-CLEAN[2].txt - 21/02/2011 19:01:08 (8376 Octet(s))
Fin à: 19:02:02, 21/02/2011
============== E.O.F ==============
############################## | UsbFix 7.040 | [Suppression]
Utilisateur: Jules (Administrateur) # PC-DE-COLIN [Packard Bell BV OEM]
Mis à jour le 18/02/2011 par El Desaparecido / C_XX
Lancé à 19:17:16 | 21/02/2011
Site Web: http://www.teamxscript.org
Contact: eldesaparecido@teamxscript.org
CPU: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-Bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
Pare-feu Windows: Activé
RAM -> 2046 Mo
C:\ (%systemdrive%) -> Disque fixe # 458 Go (127 Go libre(s) - 28%) [HDD] # NTFS
H:\ -> CD-ROM
################## | Éléments infectieux |
Supprimé! C:\Users\Jules\Documents - Raccourci.lnk
Supprimé! C:\$RECYCLE.BIN\S-1-5-20
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1002
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1003
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-829625975-2554254917-1831524914-1004
Supprimé! C:\temp.txt
Non supprimé ! H:\autorun.inf
Non supprimé ! H:\autorun.exe
################## | Registre |
################## | Mountpoints2 |
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{45f6e413-b2bc-11dc-88e4-806e6f6e6963}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{81d6db59-6cd4-11df-861a-001c252f6b0c}
################## | Listing |
[01/03/2009 - 13:19:07 | D ] C:\$AVG8.VAULT$
[21/02/2011 - 19:25:35 | SHD ] C:\$Recycle.Bin
[23/03/2010 - 18:03:40 | D ] C:\493442f49224f848d867
[09/07/2010 - 20:40:10 | D ] C:\Acc
[01/03/2009 - 19:12:23 | N | 9019] C:\Ad-Report-Clean-01.03.2009.log
[21/03/2010 - 13:53:21 | N | 16611] C:\Ad-Report-CLEAN[1].txt
[21/02/2011 - 19:02:03 | N | 8515] C:\Ad-Report-CLEAN[2].txt
[01/03/2009 - 19:01:08 | N | 9170] C:\Ad-Report-Scan-01.03.2009.log
[18/09/2006 - 22:43:36 | N | 24] C:\autoexec.bat
[21/03/2010 - 16:46:50 | RASHD ] C:\autorun.inf
[20/06/2010 - 18:44:21 | D ] C:\boot
[10/04/2009 - 23:36:38 | RASH | 333257] C:\bootmgr
[13/09/2007 - 16:46:31 | N | 8192] C:\BOOTSECT.BAK
[09/01/2010 - 11:04:32 | D ] C:\BywifiSave
[20/02/2011 - 21:46:37 | D ] C:\Config.Msi
[18/09/2006 - 22:43:37 | N | 10] C:\config.sys
[02/11/2006 - 14:02:03 | SHD ] C:\Documents and Settings
[28/11/2010 - 21:49:14 | D ] C:\Downloads
[13/09/2007 - 16:41:44 | D ] C:\drivers
[08/01/2011 - 11:19:40 | D ] C:\FM Genie Scout 11
[10/10/2010 - 18:00:15 | D ] C:\Fraps
[21/12/2010 - 10:37:59 | D ] C:\Games
[12/01/2011 - 21:00:26 | D ] C:\gPotato.eu
[08/02/2009 - 09:39:16 | N | 530] C:\INSTALL.LOG
[10/12/2008 - 11:23:16 | N | 0] C:\IO.SYS
[22/03/2010 - 22:19:52 | N | 303] C:\JavaRa.log
[21/02/2011 - 17:42:25 | D ] C:\Kill'em
[10/12/2008 - 11:23:16 | N | 0] C:\MSDOS.SYS
[10/12/2008 - 13:56:15 | D ] C:\MSNCleaner
[13/09/2007 - 07:37:27 | RHD ] C:\MSOCache
[24/07/2010 - 16:08:59 | D ] C:\NVIDIA
[21/02/2011 - 19:14:15 | ASH | 2459709440] C:\pagefile.sys
[27/02/2009 - 23:24:21 | D ] C:\perflogs
[21/02/2011 - 18:59:56 | D ] C:\Program Files
[21/01/2011 - 22:01:18 | D ] C:\ProgramData
[22/10/2010 - 18:28:37 | D ] C:\PunkBuster
[02/03/2009 - 20:40:48 | D ] C:\RECYCLER
[16/01/2008 - 16:58:42 | N | 159] C:\Setup.log
[23/03/2010 - 18:07:06 | D ] C:\SIERRA
[18/02/2011 - 17:26:24 | SHD ] C:\System Volume Information
[23/03/2010 - 18:02:26 | N | 4759] C:\TCleaner.txt
[21/02/2011 - 19:25:36 | D ] C:\UsbFix
[21/02/2011 - 19:17:26 | A | 3457] C:\UsbFix.txt
[18/02/2010 - 11:42:06 | D ] C:\Users
[13/09/2007 - 18:15:59 | D ] C:\WAUUPGRD
[21/02/2011 - 19:14:14 | D ] C:\Windows
[26/09/2008 - 11:47:58 | RA | 4096] H:\._
[11/10/2008 - 19:22:20 | RA | 6148] H:\.DS_Store
[26/11/2008 - 18:48:26 | RA | 560] H:\.hidden
[16/09/2008 - 14:30:33 | RA | 53379] H:\.VolumeIcon.icns
[16/08/2010 - 13:57:50 | RA | 154] H:\autorun.cfg
[05/10/2010 - 15:53:16 | RA | 214344] H:\autorun.exe
[11/09/2006 - 14:26:42 | RA | 27] H:\autorun.inf
[21/09/2009 - 18:46:25 | RA | 106601] H:\background.png
[27/11/2008 - 13:03:35 | RA | 1030144] H:\dbghelp.dll
[09/10/2010 - 04:32:45 | RAD ] H:\Disk1
[16/09/2010 - 17:16:00 | RA | 7876] H:\FM_readme_English.txt
[04/10/2010 - 11:46:36 | RA | 8292] H:\FM_readme_French.txt
[03/10/2008 - 12:17:57 | RAD ] H:\Launch Installer.app
[27/11/2008 - 13:03:39 | RA | 1893640] H:\setup.exe
[23/07/2008 - 14:45:42 | RA | 672] H:\special folders.xml
[12/05/2009 - 10:53:55 | RAD ] H:\thirdparty
################## | Vaccin |
C:\Autorun.inf -> Dossier créé par UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Dossier créé par Panda USB Vaccine
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Jules (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 20:18:17 | 21/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 457,76 Go (122,3 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Running Process Killed : PID 1712 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d27cdb6e-ae6d-11cf-96b8-444553540000
<NO NAME> REG_SZ Adobe Flash Player 9 ActiveX
ComponentID REG_SZ Flash
Version REG_SZ 9.0.0.0
Locale REG_SZ EN
IsInstalled REG_BINARY 01000000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0c2dcb3a-77cf-d1b4-0977-d13c057ba619}
<NO NAME> REG_SZ
ComponentID REG_SZ
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 11,0,6000,6324
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2a3320d6-c805-4280-b423-b665bde33d8f}
ComponentID REG_SZ M979906
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB979906)
Version REG_SZ 1,1,4322
Locale REG_SZ *
IsInstalled REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2f6efce6-10df-49f9-9e64-9ae3775b2588}
IsInstalled REG_DWORD 1 (0x1)
Locale REG_SZ *
Version REG_SZ 1,1,4322
ComponentID REG_SZ M2416447
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB2416447)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f9d1f24b-9ea2-e4ae-dd7f-07df75edd778}
<NO NAME> REG_SZ Adobe Shockwave Director 10.1
ComponentID REG_SZ Director
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 10,1,4,20
End at 20:18:48
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.3.5 ¤¤¤¤¤¤¤¤¤¤
User : Jules (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 20:37:08 | 21/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Enabled
C:\ -> Disque fixe local | 457,76 Go (122,4 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Boot: Safeboot
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
Killed : PID 1684 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
Quarantined & Deleted !! : C:\Users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425\enemies-names.txt
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20090911_222027.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20091231_114617.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163007.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163037.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100324_163106.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100615_213110.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100620_192339.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100625_223705.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100706_163910.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100710_174645.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100728_112225.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100821_173545.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20100917_172028.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20101008_183527.reg
Quarantined & Deleted !! : C:\Users\Jules\Documents\cc_20101221_104130.reg
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\d3d8caps.dat
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\d3d9caps.dat
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\fusioncache.dat
Quarantined & Deleted !! : C:\Users\Jules\AppData\Local\GDIPFONTCACHEV1.DAT
Quarantined & Deleted !! : C:\Windows\System32\ealregsnapshot1.reg
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
AntiVirusOverride = 1 (0x1)
FirewallDisableNotify = 0 (0x0)
FirewallOverride = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 0 (0x0)
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3500830AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85F5B439]<<
1 ntkrnlpa!IofCallDriver[0x82E8A912] -> \Device\Harddisk0\DR0[0x85F39780]
3 CLASSPNP[0x88DBC8B3] -> ntkrnlpa!IofCallDriver[0x82E8A912] -> [0x85C8D898]
5 acpi[0x8349E6BC] -> ntkrnlpa!IofCallDriver[0x82E8A912] -> [0x85C6BB98]
\Driver\atapi[0x85F3EBA0] -> IRP_MJ_CREATE -> 0x85F5B439
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3500830AS_____________________________3.AAD___#5&315ecc10&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
End of Scan : 20:40:38
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201102/cijK52BOiA.zip
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
User : Jules (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 18:18:12 | 22/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (122,09 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Boot: Safeboot
Killed : PID 1984 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
AntiVirusOverride = 1 (0x1)
FirewallDisableNotify = 0 (0x0)
FirewallOverride = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Jules (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 18:13:18 | 22/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (122,12 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Running Process Killed : PID 1740 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d27cdb6e-ae6d-11cf-96b8-444553540000
<NO NAME> REG_SZ Adobe Flash Player 9 ActiveX
ComponentID REG_SZ Flash
Version REG_SZ 9.0.0.0
Locale REG_SZ EN
IsInstalled REG_BINARY 01000000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0c2dcb3a-77cf-d1b4-0977-d13c057ba619}
<NO NAME> REG_SZ
ComponentID REG_SZ
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 11,0,6000,6324
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2a3320d6-c805-4280-b423-b665bde33d8f}
ComponentID REG_SZ M979906
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB979906)
Version REG_SZ 1,1,4322
Locale REG_SZ *
IsInstalled REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2f6efce6-10df-49f9-9e64-9ae3775b2588}
IsInstalled REG_DWORD 1 (0x1)
Locale REG_SZ *
Version REG_SZ 1,1,4322
ComponentID REG_SZ M2416447
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB2416447)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f9d1f24b-9ea2-e4ae-dd7f-07df75edd778}
<NO NAME> REG_SZ Adobe Shockwave Director 10.1
ComponentID REG_SZ Director
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 10,1,4,20
End at 18:13:55
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 0 (0x0)
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3500830AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85F5F439]<<
1 ntkrnlpa!IofCallDriver[0x82E80912] -> \Device\Harddisk0\DR0[0x85F3E030]
3 CLASSPNP[0x88DB48B3] -> ntkrnlpa!IofCallDriver[0x82E80912] -> [0x85CB8898]
5 acpi[0x834946BC] -> ntkrnlpa!IofCallDriver[0x82E80912] -> [0x85C8AB98]
\Driver\atapi[0x85F4BAB8] -> IRP_MJ_CREATE -> 0x85F5F439
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3500830AS_____________________________3.AAD___#5&315ecc10&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
End of Scan : 18:18:46
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201102/cijw7gahB4.zip
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 18:18:12 | 22/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (122,09 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Boot: Safeboot
Killed : PID 1984 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Files/folders :
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤
127.0.0.1 localhost
¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤
¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.msn.com/fr-fr
Local Page = C:\Windows\System32\blank.htm
Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page = https://www.google.com/?gws_rd=ssl
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1 (0x1)
AntiVirusOverride = 1 (0x1)
FirewallDisableNotify = 0 (0x0)
FirewallOverride = 1 (0x1)
AntiVirusDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Script of List_Kill'em by gen-hackman ¤¤¤¤¤¤¤¤¤¤
User : Jules (Utilisateurs)
Update on 21/02/2011 by g3n-h@ckm@n ::::: 11.30
Start at: 18:13:18 | 22/02/2011
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
Microsoft® Windows Vista(TM) Édition Familiale Premium (6.0.6002 32-bit) # Service Pack 2
Internet Explorer 8.0.6001.19019
WebSite : Soon
Thx to MPuissanceIV for the icon
Windows Firewall Status : Disabled
C:\ -> Disque fixe local | 457,76 Go (122,12 Go free) [HDD] | NTFS
D:\ -> Disque amovible
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque CD-ROM | 2,52 Go (0 Mo free) [FM2011] | UDF
Running Process Killed : PID 1740 'explorer.exe'
¤¤¤¤¤¤¤¤¤¤ Processes :
¤¤¤¤¤¤¤¤¤¤ Added Keys :
¤¤¤¤¤¤¤¤¤¤ Removed Keys :
¤¤¤¤¤¤¤¤¤¤ Ports closed :
¤¤¤¤¤¤¤¤¤¤ File|Folder deleted :
¤¤¤¤¤¤¤¤¤¤ Drivers deleted :
¤¤¤¤¤¤¤¤¤¤ Object Restored :
¤¤¤¤¤¤¤¤¤¤ Folder List :
¤¤¤¤¤¤¤¤¤¤ Read File :
¤¤¤¤¤¤¤¤¤¤ Sign control :
¤¤¤¤¤¤¤¤¤¤ Key Look :
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\d27cdb6e-ae6d-11cf-96b8-444553540000
<NO NAME> REG_SZ Adobe Flash Player 9 ActiveX
ComponentID REG_SZ Flash
Version REG_SZ 9.0.0.0
Locale REG_SZ EN
IsInstalled REG_BINARY 01000000
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0c2dcb3a-77cf-d1b4-0977-d13c057ba619}
<NO NAME> REG_SZ
ComponentID REG_SZ
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 11,0,6000,6324
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2a3320d6-c805-4280-b423-b665bde33d8f}
ComponentID REG_SZ M979906
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB979906)
Version REG_SZ 1,1,4322
Locale REG_SZ *
IsInstalled REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2f6efce6-10df-49f9-9e64-9ae3775b2588}
IsInstalled REG_DWORD 1 (0x1)
Locale REG_SZ *
Version REG_SZ 1,1,4322
ComponentID REG_SZ M2416447
<NO NAME> REG_SZ Microsoft .NET Framework 1.1 Security Update (KB2416447)
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{f9d1f24b-9ea2-e4ae-dd7f-07df75edd778}
<NO NAME> REG_SZ Adobe Shockwave Director 10.1
ComponentID REG_SZ Director
IsInstalled REG_DWORD 1 (0x1)
Local REG_SZ EN
Version REG_SZ 10,1,4,20
End at 18:13:55
¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤
UpdatesDisableNotify = 0 (0x0)
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤
Ndisuio -> Start = 3
EapHost -> Start = 2
Wlansvc -> Start = 2
SharedAccess -> Start = 2
windefend -> Start = 2
wuauserv -> Start = 2
wscsvc -> Start = 2
¤¤¤¤¤¤¤¤¤¤ Winlogon
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
AutoRestartShell = 0 (0x0)
Shell = Explorer.exe
Userinit = C:\Windows\system32\Userinit.exe,
VMapplet = rundll32 shell32,Control_RunDLL sysdm.cpl
System =
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
Prefetch cleaned
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
FEATURE_BROWSER_EMULATION | svchost :
====================================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3500830AS rev.3.AAD -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x85F5F439]<<
1 ntkrnlpa!IofCallDriver[0x82E80912] -> \Device\Harddisk0\DR0[0x85F3E030]
3 CLASSPNP[0x88DB48B3] -> ntkrnlpa!IofCallDriver[0x82E80912] -> [0x85CB8898]
5 acpi[0x834946BC] -> ntkrnlpa!IofCallDriver[0x82E80912] -> [0x85C8AB98]
\Driver\atapi[0x85F4BAB8] -> IRP_MJ_CREATE -> 0x85F5F439
kernel: MBR read successfully
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3500830AS_____________________________3.AAD___#5&315ecc10&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 976773166 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
End of Scan : 18:18:46
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
http://www.cijoint.fr/cjlink.php?file=cj201102/cijw7gahB4.zip
▶ Télécharge TDSSKiller
▶ Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant que........... " )
L'outil va télécharger automatiquement la dernière version de TDSSKiller puis lancera une analyse.
Patiente pendant le scan. A la fin de l'analyse, appuies sur une touche. Un rapport va s'ouvrir.
▶ Copie/Colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\tdsskiller.txt.
▶ Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant que........... " )
L'outil va télécharger automatiquement la dernière version de TDSSKiller puis lancera une analyse.
Patiente pendant le scan. A la fin de l'analyse, appuies sur une touche. Un rapport va s'ouvrir.
▶ Copie/Colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\tdsskiller.txt.
2011/02/22 21:10:27.0045 1644 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/22 21:10:29.0438 1644 ================================================================================
2011/02/22 21:10:29.0438 1644 SystemInfo:
2011/02/22 21:10:29.0438 1644
2011/02/22 21:10:29.0439 1644 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/22 21:10:29.0439 1644 Product type: Workstation
2011/02/22 21:10:29.0439 1644 ComputerName: PC-DE-COLIN
2011/02/22 21:10:29.0439 1644 UserName: Jules
2011/02/22 21:10:29.0439 1644 Windows directory: C:\Windows
2011/02/22 21:10:29.0439 1644 System windows directory: C:\Windows
2011/02/22 21:10:29.0439 1644 Processor architecture: Intel x86
2011/02/22 21:10:29.0439 1644 Number of processors: 4
2011/02/22 21:10:29.0439 1644 Page size: 0x1000
2011/02/22 21:10:29.0439 1644 Boot type: Safe boot with network
2011/02/22 21:10:29.0439 1644 ================================================================================
2011/02/22 21:10:29.0766 1644 Initialize success
2011/02/22 21:11:50.0345 1920 ================================================================================
2011/02/22 21:11:50.0345 1920 Scan started
2011/02/22 21:11:50.0345 1920 Mode: Manual;
2011/02/22 21:11:50.0345 1920 ================================================================================
2011/02/22 21:11:50.0658 1920 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/22 21:11:50.0716 1920 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/02/22 21:11:51.0013 1920 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/22 21:11:51.0157 1920 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/22 21:11:51.0252 1920 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/22 21:11:51.0277 1920 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/22 21:11:51.0389 1920 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
2011/02/22 21:11:51.0587 1920 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/22 21:11:51.0687 1920 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/22 21:11:51.0732 1920 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/22 21:11:51.0865 1920 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/22 21:11:51.0943 1920 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/22 21:11:52.0021 1920 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/22 21:11:52.0114 1920 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/22 21:11:52.0422 1920 appdrv01 (f951c27fe54e1b2b5ada9719289b4756) C:\Windows\system32\Drivers\appdrv01.sys
2011/02/22 21:11:52.0570 1920 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/22 21:11:52.0668 1920 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/22 21:11:52.0931 1920 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/22 21:11:53.0015 1920 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/22 21:11:53.0199 1920 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/22 21:11:53.0352 1920 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/22 21:11:53.0499 1920 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/22 21:11:53.0587 1920 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/22 21:11:53.0925 1920 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/22 21:11:54.0040 1920 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/22 21:11:54.0231 1920 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/22 21:11:54.0341 1920 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/22 21:11:54.0426 1920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/22 21:11:54.0564 1920 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/22 21:11:54.0679 1920 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/22 21:11:54.0760 1920 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/22 21:11:54.0967 1920 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/22 21:11:55.0046 1920 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/22 21:11:55.0102 1920 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/22 21:11:55.0206 1920 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/22 21:11:55.0394 1920 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/22 21:11:55.0506 1920 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/02/22 21:11:55.0616 1920 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/22 21:11:55.0658 1920 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/22 21:11:55.0863 1920 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/22 21:11:55.0975 1920 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/22 21:11:56.0035 1920 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/22 21:11:56.0181 1920 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/22 21:11:56.0644 1920 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/22 21:11:57.0120 1920 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/02/22 21:11:57.0767 1920 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/22 21:11:58.0429 1920 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/22 21:11:58.0523 1920 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/22 21:11:58.0648 1920 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/22 21:11:58.0866 1920 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/22 21:11:59.0053 1920 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/22 21:11:59.0194 1920 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/22 21:11:59.0334 1920 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/22 21:11:59.0584 1920 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/22 21:11:59.0755 1920 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/22 21:11:59.0911 1920 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/22 21:12:00.0099 1920 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/22 21:12:00.0426 1920 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/22 21:12:00.0629 1920 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/22 21:12:00.0707 1920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/22 21:12:00.0847 1920 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/02/22 21:12:01.0081 1920 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/02/22 21:12:01.0191 1920 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/02/22 21:12:01.0362 1920 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/22 21:12:01.0487 1920 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/22 21:12:01.0721 1920 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/22 21:12:01.0908 1920 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/22 21:12:02.0127 1920 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/22 21:12:02.0361 1920 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/22 21:12:02.0470 1920 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/22 21:12:02.0595 1920 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/22 21:12:02.0719 1920 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/22 21:12:02.0829 1920 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/22 21:12:02.0969 1920 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/22 21:12:03.0094 1920 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/22 21:12:03.0156 1920 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/22 21:12:03.0265 1920 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/22 21:12:03.0468 1920 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/22 21:12:03.0593 1920 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/22 21:12:03.0718 1920 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/22 21:12:03.0780 1920 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/22 21:12:03.0905 1920 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/22 21:12:04.0045 1920 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/22 21:12:04.0123 1920 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/22 21:12:04.0217 1920 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/22 21:12:04.0264 1920 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/22 21:12:04.0357 1920 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/22 21:12:04.0467 1920 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/22 21:12:04.0607 1920 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/22 21:12:04.0716 1920 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/22 21:12:04.0841 1920 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/22 21:12:04.0997 1920 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/22 21:12:05.0059 1920 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/22 21:12:05.0169 1920 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/22 21:12:05.0247 1920 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/22 21:12:05.0371 1920 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/22 21:12:05.0496 1920 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/22 21:12:05.0543 1920 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/22 21:12:05.0621 1920 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/22 21:12:05.0824 1920 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/22 21:12:05.0949 1920 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/22 21:12:06.0073 1920 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/22 21:12:06.0136 1920 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/22 21:12:06.0339 1920 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/22 21:12:06.0417 1920 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/22 21:12:06.0479 1920 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/22 21:12:06.0573 1920 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/22 21:12:06.0775 1920 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/22 21:12:06.0916 1920 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
2011/02/22 21:12:07.0025 1920 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/22 21:12:07.0134 1920 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/22 21:12:07.0197 1920 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/22 21:12:07.0353 1920 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/22 21:12:07.0415 1920 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/22 21:12:07.0540 1920 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/22 21:12:07.0665 1920 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/22 21:12:07.0774 1920 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/22 21:12:07.0945 1920 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/22 21:12:07.0992 1920 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/22 21:12:08.0101 1920 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/22 21:12:08.0179 1920 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/22 21:12:08.0226 1920 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/22 21:12:08.0335 1920 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/22 21:12:08.0429 1920 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/22 21:12:08.0507 1920 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/22 21:12:08.0632 1920 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/22 21:12:08.0757 1920 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
2011/02/22 21:12:08.0881 1920 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
2011/02/22 21:12:09.0006 1920 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
2011/02/22 21:12:09.0147 1920 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/22 21:12:09.0193 1920 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/02/22 21:12:09.0349 1920 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/22 21:12:09.0505 1920 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/22 21:12:09.0708 1920 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/22 21:12:09.0833 1920 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/22 21:12:09.0973 1920 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2011/02/22 21:12:10.0254 1920 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/22 21:12:10.0410 1920 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/22 21:12:10.0457 1920 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/22 21:12:10.0597 1920 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/22 21:12:10.0925 1920 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/22 21:12:11.0112 1920 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/22 21:12:11.0175 1920 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/22 21:12:11.0299 1920 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/22 21:12:11.0377 1920 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2011/02/22 21:12:11.0440 1920 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/02/22 21:12:11.0611 1920 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/22 21:12:11.0705 1920 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/22 21:12:11.0830 1920 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/22 21:12:11.0970 1920 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/22 21:12:12.0204 1920 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/22 21:12:12.0298 1920 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/22 21:12:12.0407 1920 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/22 21:12:12.0469 1920 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/22 21:12:12.0594 1920 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/22 21:12:12.0703 1920 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/22 21:12:12.0781 1920 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/22 21:12:12.0891 1920 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/22 21:12:12.0984 1920 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/22 21:12:13.0031 1920 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/22 21:12:13.0125 1920 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/22 21:12:13.0234 1920 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/22 21:12:13.0359 1920 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/22 21:12:13.0483 1920 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/22 21:12:13.0686 1920 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/22 21:12:13.0827 1920 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/22 21:12:13.0951 1920 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/22 21:12:14.0061 1920 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/02/22 21:12:14.0201 1920 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/22 21:12:14.0388 1920 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/22 21:12:14.0451 1920 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/22 21:12:14.0560 1920 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/22 21:12:14.0638 1920 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/22 21:12:14.0841 1920 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/02/22 21:12:14.0965 1920 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/22 21:12:15.0090 1920 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/22 21:12:15.0153 1920 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/22 21:12:15.0418 1920 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/22 21:12:15.0465 1920 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/22 21:12:15.0558 1920 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/22 21:12:15.0667 1920 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/02/22 21:12:15.0792 1920 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/22 21:12:15.0933 1920 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/02/22 21:12:16.0057 1920 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/22 21:12:16.0167 1920 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/22 21:12:16.0229 1920 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/22 21:12:16.0369 1920 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/22 21:12:16.0510 1920 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/02/22 21:12:16.0635 1920 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/22 21:12:16.0744 1920 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/22 21:12:16.0775 1920 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/22 21:12:16.0869 1920 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/22 21:12:17.0103 1920 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/22 21:12:17.0227 1920 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/22 21:12:17.0321 1920 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/22 21:12:17.0368 1920 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/22 21:12:17.0446 1920 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/22 21:12:17.0571 1920 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/22 21:12:17.0680 1920 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/22 21:12:17.0898 1920 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/22 21:12:17.0945 1920 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/22 21:12:18.0023 1920 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/22 21:12:18.0226 1920 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/22 21:12:18.0351 1920 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/22 21:12:18.0413 1920 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/22 21:12:18.0522 1920 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/22 21:12:18.0616 1920 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/22 21:12:18.0694 1920 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/22 21:12:18.0756 1920 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/22 21:12:18.0865 1920 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/22 21:12:18.0943 1920 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/22 21:12:18.0990 1920 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/22 21:12:19.0177 1920 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/22 21:12:19.0302 1920 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/22 21:12:19.0411 1920 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
2011/02/22 21:12:19.0536 1920 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/22 21:12:19.0661 1920 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/22 21:12:19.0755 1920 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/22 21:12:19.0801 1920 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/22 21:12:19.0879 1920 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/22 21:12:20.0004 1920 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/22 21:12:20.0129 1920 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/22 21:12:20.0191 1920 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/22 21:12:20.0332 1920 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/22 21:12:20.0363 1920 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/22 21:12:20.0457 1920 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/22 21:12:20.0519 1920 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/22 21:12:20.0706 1920 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/22 21:12:20.0753 1920 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/22 21:12:20.0878 1920 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/22 21:12:21.0049 1920 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/22 21:12:21.0174 1920 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:12:21.0205 1920 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:12:21.0299 1920 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/22 21:12:21.0424 1920 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/22 21:12:21.0642 1920 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/22 21:12:21.0767 1920 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/22 21:12:21.0892 1920 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/22 21:12:21.0985 1920 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/22 21:12:22.0048 1920 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/02/22 21:12:22.0157 1920 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/02/22 21:12:22.0251 1920 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/22 21:12:22.0251 1920 ================================================================================
2011/02/22 21:12:22.0251 1920 Scan finished
2011/02/22 21:12:22.0251 1920 ================================================================================
2011/02/22 21:12:22.0329 0344 Detected object count: 1
2011/02/22 21:12:29.0676 0344 \HardDisk0 - will be cured after reboot
2011/02/22 21:12:29.0676 0344 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/22 21:10:29.0438 1644 ================================================================================
2011/02/22 21:10:29.0438 1644 SystemInfo:
2011/02/22 21:10:29.0438 1644
2011/02/22 21:10:29.0439 1644 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/22 21:10:29.0439 1644 Product type: Workstation
2011/02/22 21:10:29.0439 1644 ComputerName: PC-DE-COLIN
2011/02/22 21:10:29.0439 1644 UserName: Jules
2011/02/22 21:10:29.0439 1644 Windows directory: C:\Windows
2011/02/22 21:10:29.0439 1644 System windows directory: C:\Windows
2011/02/22 21:10:29.0439 1644 Processor architecture: Intel x86
2011/02/22 21:10:29.0439 1644 Number of processors: 4
2011/02/22 21:10:29.0439 1644 Page size: 0x1000
2011/02/22 21:10:29.0439 1644 Boot type: Safe boot with network
2011/02/22 21:10:29.0439 1644 ================================================================================
2011/02/22 21:10:29.0766 1644 Initialize success
2011/02/22 21:11:50.0345 1920 ================================================================================
2011/02/22 21:11:50.0345 1920 Scan started
2011/02/22 21:11:50.0345 1920 Mode: Manual;
2011/02/22 21:11:50.0345 1920 ================================================================================
2011/02/22 21:11:50.0658 1920 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/22 21:11:50.0716 1920 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/02/22 21:11:51.0013 1920 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/22 21:11:51.0157 1920 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/22 21:11:51.0252 1920 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/22 21:11:51.0277 1920 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/22 21:11:51.0389 1920 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
2011/02/22 21:11:51.0587 1920 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/22 21:11:51.0687 1920 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/22 21:11:51.0732 1920 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/22 21:11:51.0865 1920 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/22 21:11:51.0943 1920 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/22 21:11:52.0021 1920 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/22 21:11:52.0114 1920 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/22 21:11:52.0422 1920 appdrv01 (f951c27fe54e1b2b5ada9719289b4756) C:\Windows\system32\Drivers\appdrv01.sys
2011/02/22 21:11:52.0570 1920 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/22 21:11:52.0668 1920 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/22 21:11:52.0931 1920 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/22 21:11:53.0015 1920 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/22 21:11:53.0199 1920 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/22 21:11:53.0352 1920 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/22 21:11:53.0499 1920 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/22 21:11:53.0587 1920 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/22 21:11:53.0925 1920 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/22 21:11:54.0040 1920 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/22 21:11:54.0231 1920 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/22 21:11:54.0341 1920 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/22 21:11:54.0426 1920 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/22 21:11:54.0564 1920 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/22 21:11:54.0679 1920 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/22 21:11:54.0760 1920 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/22 21:11:54.0967 1920 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/22 21:11:55.0046 1920 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/22 21:11:55.0102 1920 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/22 21:11:55.0206 1920 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/22 21:11:55.0394 1920 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/22 21:11:55.0506 1920 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/02/22 21:11:55.0616 1920 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/22 21:11:55.0658 1920 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/22 21:11:55.0863 1920 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/22 21:11:55.0975 1920 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/22 21:11:56.0035 1920 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/22 21:11:56.0181 1920 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/22 21:11:56.0644 1920 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/22 21:11:57.0120 1920 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/02/22 21:11:57.0767 1920 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/22 21:11:58.0429 1920 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/22 21:11:58.0523 1920 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/22 21:11:58.0648 1920 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/22 21:11:58.0866 1920 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/22 21:11:59.0053 1920 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/22 21:11:59.0194 1920 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/22 21:11:59.0334 1920 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/22 21:11:59.0584 1920 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/22 21:11:59.0755 1920 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/22 21:11:59.0911 1920 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/22 21:12:00.0099 1920 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/22 21:12:00.0426 1920 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/22 21:12:00.0629 1920 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/22 21:12:00.0707 1920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/22 21:12:00.0847 1920 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/02/22 21:12:01.0081 1920 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/02/22 21:12:01.0191 1920 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/02/22 21:12:01.0362 1920 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/22 21:12:01.0487 1920 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/22 21:12:01.0721 1920 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/22 21:12:01.0908 1920 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/22 21:12:02.0127 1920 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/22 21:12:02.0361 1920 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/22 21:12:02.0470 1920 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/22 21:12:02.0595 1920 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/22 21:12:02.0719 1920 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/22 21:12:02.0829 1920 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/22 21:12:02.0969 1920 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/22 21:12:03.0094 1920 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/22 21:12:03.0156 1920 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/22 21:12:03.0265 1920 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/22 21:12:03.0468 1920 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/22 21:12:03.0593 1920 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/22 21:12:03.0718 1920 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/22 21:12:03.0780 1920 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/22 21:12:03.0905 1920 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/22 21:12:04.0045 1920 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/22 21:12:04.0123 1920 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/22 21:12:04.0217 1920 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/22 21:12:04.0264 1920 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/22 21:12:04.0357 1920 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/22 21:12:04.0467 1920 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/22 21:12:04.0607 1920 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/22 21:12:04.0716 1920 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/22 21:12:04.0841 1920 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/22 21:12:04.0997 1920 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/22 21:12:05.0059 1920 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/22 21:12:05.0169 1920 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/22 21:12:05.0247 1920 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/22 21:12:05.0371 1920 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/22 21:12:05.0496 1920 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/22 21:12:05.0543 1920 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/22 21:12:05.0621 1920 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/22 21:12:05.0824 1920 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/22 21:12:05.0949 1920 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/22 21:12:06.0073 1920 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/22 21:12:06.0136 1920 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/22 21:12:06.0339 1920 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/22 21:12:06.0417 1920 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/22 21:12:06.0479 1920 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/22 21:12:06.0573 1920 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/22 21:12:06.0775 1920 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/22 21:12:06.0916 1920 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
2011/02/22 21:12:07.0025 1920 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/22 21:12:07.0134 1920 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/22 21:12:07.0197 1920 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/22 21:12:07.0353 1920 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/22 21:12:07.0415 1920 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/22 21:12:07.0540 1920 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/22 21:12:07.0665 1920 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/22 21:12:07.0774 1920 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/22 21:12:07.0945 1920 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/22 21:12:07.0992 1920 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/22 21:12:08.0101 1920 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/22 21:12:08.0179 1920 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/22 21:12:08.0226 1920 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/22 21:12:08.0335 1920 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/22 21:12:08.0429 1920 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/22 21:12:08.0507 1920 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/22 21:12:08.0632 1920 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/22 21:12:08.0757 1920 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
2011/02/22 21:12:08.0881 1920 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
2011/02/22 21:12:09.0006 1920 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
2011/02/22 21:12:09.0147 1920 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/22 21:12:09.0193 1920 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/02/22 21:12:09.0349 1920 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/22 21:12:09.0505 1920 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/22 21:12:09.0708 1920 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/22 21:12:09.0833 1920 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/22 21:12:09.0973 1920 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2011/02/22 21:12:10.0254 1920 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/22 21:12:10.0410 1920 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/22 21:12:10.0457 1920 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/22 21:12:10.0597 1920 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/22 21:12:10.0925 1920 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/22 21:12:11.0112 1920 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/22 21:12:11.0175 1920 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/22 21:12:11.0299 1920 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/22 21:12:11.0377 1920 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2011/02/22 21:12:11.0440 1920 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/02/22 21:12:11.0611 1920 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/22 21:12:11.0705 1920 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/22 21:12:11.0830 1920 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/22 21:12:11.0970 1920 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/22 21:12:12.0204 1920 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/22 21:12:12.0298 1920 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/22 21:12:12.0407 1920 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/22 21:12:12.0469 1920 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/22 21:12:12.0594 1920 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/22 21:12:12.0703 1920 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/22 21:12:12.0781 1920 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/22 21:12:12.0891 1920 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/22 21:12:12.0984 1920 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/22 21:12:13.0031 1920 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/22 21:12:13.0125 1920 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/22 21:12:13.0234 1920 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/22 21:12:13.0359 1920 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/22 21:12:13.0483 1920 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/22 21:12:13.0686 1920 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/22 21:12:13.0827 1920 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/22 21:12:13.0951 1920 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/22 21:12:14.0061 1920 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/02/22 21:12:14.0201 1920 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/22 21:12:14.0388 1920 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/22 21:12:14.0451 1920 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/22 21:12:14.0560 1920 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/22 21:12:14.0638 1920 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/22 21:12:14.0841 1920 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/02/22 21:12:14.0965 1920 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/22 21:12:15.0090 1920 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/22 21:12:15.0153 1920 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/22 21:12:15.0418 1920 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/22 21:12:15.0465 1920 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/22 21:12:15.0558 1920 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/22 21:12:15.0667 1920 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/02/22 21:12:15.0792 1920 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/22 21:12:15.0933 1920 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/02/22 21:12:16.0057 1920 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/22 21:12:16.0167 1920 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/22 21:12:16.0229 1920 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/22 21:12:16.0369 1920 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/22 21:12:16.0510 1920 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/02/22 21:12:16.0635 1920 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/22 21:12:16.0744 1920 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/22 21:12:16.0775 1920 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/22 21:12:16.0869 1920 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/22 21:12:17.0103 1920 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/22 21:12:17.0227 1920 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/22 21:12:17.0321 1920 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/22 21:12:17.0368 1920 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/22 21:12:17.0446 1920 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/22 21:12:17.0571 1920 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/22 21:12:17.0680 1920 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/22 21:12:17.0898 1920 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/22 21:12:17.0945 1920 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/22 21:12:18.0023 1920 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/22 21:12:18.0226 1920 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/22 21:12:18.0351 1920 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/22 21:12:18.0413 1920 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/22 21:12:18.0522 1920 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/22 21:12:18.0616 1920 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/22 21:12:18.0694 1920 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/22 21:12:18.0756 1920 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/22 21:12:18.0865 1920 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/22 21:12:18.0943 1920 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/22 21:12:18.0990 1920 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/22 21:12:19.0177 1920 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/22 21:12:19.0302 1920 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/22 21:12:19.0411 1920 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
2011/02/22 21:12:19.0536 1920 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/22 21:12:19.0661 1920 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/22 21:12:19.0755 1920 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/22 21:12:19.0801 1920 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/22 21:12:19.0879 1920 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/22 21:12:20.0004 1920 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/22 21:12:20.0129 1920 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/22 21:12:20.0191 1920 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/22 21:12:20.0332 1920 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/22 21:12:20.0363 1920 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/22 21:12:20.0457 1920 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/22 21:12:20.0519 1920 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/22 21:12:20.0706 1920 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/22 21:12:20.0753 1920 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/22 21:12:20.0878 1920 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/22 21:12:21.0049 1920 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/22 21:12:21.0174 1920 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:12:21.0205 1920 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:12:21.0299 1920 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/22 21:12:21.0424 1920 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/22 21:12:21.0642 1920 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/22 21:12:21.0767 1920 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/22 21:12:21.0892 1920 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/22 21:12:21.0985 1920 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/22 21:12:22.0048 1920 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/02/22 21:12:22.0157 1920 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/02/22 21:12:22.0251 1920 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/22 21:12:22.0251 1920 ================================================================================
2011/02/22 21:12:22.0251 1920 Scan finished
2011/02/22 21:12:22.0251 1920 ================================================================================
2011/02/22 21:12:22.0329 0344 Detected object count: 1
2011/02/22 21:12:29.0676 0344 \HardDisk0 - will be cured after reboot
2011/02/22 21:12:29.0676 0344 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/02/22 21:37:49.0476 5168 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/22 21:37:49.0995 5168 ================================================================================
2011/02/22 21:37:49.0995 5168 SystemInfo:
2011/02/22 21:37:49.0996 5168
2011/02/22 21:37:49.0996 5168 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/22 21:37:49.0996 5168 Product type: Workstation
2011/02/22 21:37:49.0996 5168 ComputerName: PC-DE-COLIN
2011/02/22 21:37:49.0996 5168 UserName: Jules
2011/02/22 21:37:49.0996 5168 Windows directory: C:\Windows
2011/02/22 21:37:49.0996 5168 System windows directory: C:\Windows
2011/02/22 21:37:49.0996 5168 Processor architecture: Intel x86
2011/02/22 21:37:49.0996 5168 Number of processors: 4
2011/02/22 21:37:49.0996 5168 Page size: 0x1000
2011/02/22 21:37:49.0996 5168 Boot type: Normal boot
2011/02/22 21:37:49.0996 5168 ================================================================================
2011/02/22 21:37:50.0621 5168 Initialize success
2011/02/22 21:37:53.0780 5892 ================================================================================
2011/02/22 21:37:53.0780 5892 Scan started
2011/02/22 21:37:53.0780 5892 Mode: Manual;
2011/02/22 21:37:53.0780 5892 ================================================================================
2011/02/22 21:37:55.0285 5892 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/22 21:37:55.0559 5892 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/02/22 21:37:56.0566 5892 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/22 21:37:56.0873 5892 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/22 21:37:56.0935 5892 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/22 21:37:57.0124 5892 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/22 21:37:57.0464 5892 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
2011/02/22 21:37:57.0793 5892 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/22 21:37:58.0062 5892 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/22 21:37:58.0423 5892 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/22 21:37:59.0187 5892 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/22 21:37:59.0290 5892 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/22 21:37:59.0371 5892 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/22 21:37:59.0477 5892 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/22 21:38:00.0021 5892 appdrv01 (f951c27fe54e1b2b5ada9719289b4756) C:\Windows\system32\Drivers\appdrv01.sys
2011/02/22 21:38:00.0635 5892 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/22 21:38:00.0892 5892 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/22 21:38:01.0271 5892 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/22 21:38:01.0622 5892 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/22 21:38:01.0822 5892 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/22 21:38:02.0183 5892 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/22 21:38:02.0557 5892 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/22 21:38:02.0893 5892 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/22 21:38:03.0856 5892 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/22 21:38:04.0347 5892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/22 21:38:04.0796 5892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/22 21:38:05.0213 5892 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/22 21:38:05.0648 5892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/22 21:38:06.0027 5892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/22 21:38:06.0393 5892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/22 21:38:06.0740 5892 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/22 21:38:07.0272 5892 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/22 21:38:07.0510 5892 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/22 21:38:07.0807 5892 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/22 21:38:08.0069 5892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/22 21:38:08.0390 5892 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/22 21:38:08.0627 5892 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/02/22 21:38:08.0921 5892 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/22 21:38:09.0138 5892 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/22 21:38:09.0376 5892 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/22 21:38:09.0672 5892 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/22 21:38:10.0140 5892 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/22 21:38:10.0993 5892 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/22 21:38:11.0190 5892 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/22 21:38:11.0349 5892 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/02/22 21:38:11.0622 5892 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/22 21:38:12.0018 5892 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/22 21:38:12.0241 5892 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/22 21:38:12.0476 5892 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/22 21:38:12.0803 5892 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/22 21:38:13.0096 5892 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/22 21:38:13.0364 5892 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/22 21:38:13.0513 5892 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/22 21:38:13.0711 5892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/22 21:38:13.0926 5892 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/22 21:38:14.0160 5892 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/22 21:38:14.0363 5892 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/22 21:38:14.0621 5892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/22 21:38:14.0849 5892 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/22 21:38:15.0040 5892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/22 21:38:15.0282 5892 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/02/22 21:38:15.0550 5892 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/02/22 21:38:15.0886 5892 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/02/22 21:38:16.0189 5892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/22 21:38:16.0401 5892 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/22 21:38:16.0648 5892 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/22 21:38:16.0866 5892 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/22 21:38:17.0105 5892 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/22 21:38:17.0412 5892 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/22 21:38:17.0617 5892 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/22 21:38:17.0804 5892 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/22 21:38:18.0166 5892 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/22 21:38:18.0474 5892 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/22 21:38:18.0965 5892 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/22 21:38:19.0222 5892 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/22 21:38:19.0470 5892 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/22 21:38:19.0725 5892 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/22 21:38:20.0159 5892 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/22 21:38:20.0422 5892 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/22 21:38:20.0744 5892 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/22 21:38:21.0017 5892 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/22 21:38:21.0262 5892 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/22 21:38:21.0444 5892 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/22 21:38:21.0594 5892 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/22 21:38:21.0744 5892 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/22 21:38:21.0868 5892 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/22 21:38:22.0113 5892 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/22 21:38:22.0330 5892 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/22 21:38:22.0522 5892 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/22 21:38:22.0674 5892 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/22 21:38:22.0820 5892 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/22 21:38:22.0985 5892 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/22 21:38:23.0168 5892 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/22 21:38:23.0331 5892 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/22 21:38:23.0742 5892 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/22 21:38:23.0819 5892 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/22 21:38:23.0905 5892 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/22 21:38:24.0090 5892 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/22 21:38:24.0248 5892 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/22 21:38:24.0333 5892 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/22 21:38:24.0405 5892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/22 21:38:24.0500 5892 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/22 21:38:24.0628 5892 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/22 21:38:24.0786 5892 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/22 21:38:24.0887 5892 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/22 21:38:25.0027 5892 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/22 21:38:25.0126 5892 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/22 21:38:25.0245 5892 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/22 21:38:25.0331 5892 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
2011/02/22 21:38:25.0453 5892 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/22 21:38:25.0633 5892 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/22 21:38:25.0750 5892 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/22 21:38:25.0863 5892 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/22 21:38:26.0056 5892 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/22 21:38:26.0228 5892 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/22 21:38:26.0403 5892 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/22 21:38:26.0557 5892 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/22 21:38:26.0783 5892 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/22 21:38:27.0008 5892 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/22 21:38:27.0296 5892 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/22 21:38:27.0417 5892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/22 21:38:27.0506 5892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/22 21:38:27.0715 5892 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/22 21:38:27.0970 5892 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/22 21:38:28.0174 5892 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/22 21:38:28.0357 5892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/22 21:38:28.0526 5892 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
2011/02/22 21:38:28.0664 5892 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
2011/02/22 21:38:28.0963 5892 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
2011/02/22 21:38:29.0244 5892 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/22 21:38:29.0407 5892 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/02/22 21:38:29.0624 5892 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/22 21:38:29.0919 5892 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/22 21:38:30.0088 5892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/22 21:38:30.0155 5892 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/22 21:38:30.0254 5892 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2011/02/22 21:38:31.0353 5892 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/22 21:38:31.0520 5892 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/22 21:38:31.0641 5892 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/22 21:38:31.0726 5892 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/22 21:38:32.0019 5892 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/22 21:38:32.0168 5892 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/22 21:38:32.0279 5892 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/22 21:38:32.0381 5892 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/22 21:38:32.0504 5892 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2011/02/22 21:38:32.0601 5892 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/02/22 21:38:32.0724 5892 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/22 21:38:32.0854 5892 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/22 21:38:33.0057 5892 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/22 21:38:33.0203 5892 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/22 21:38:33.0612 5892 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/22 21:38:33.0697 5892 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/22 21:38:33.0813 5892 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/22 21:38:34.0123 5892 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/22 21:38:34.0288 5892 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/22 21:38:34.0511 5892 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/22 21:38:34.0695 5892 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/22 21:38:34.0817 5892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/22 21:38:34.0975 5892 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/22 21:38:35.0185 5892 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/22 21:38:35.0278 5892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/22 21:38:35.0366 5892 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/22 21:38:35.0490 5892 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/22 21:38:35.0642 5892 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/22 21:38:35.0782 5892 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/22 21:38:35.0949 5892 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/22 21:38:36.0110 5892 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/22 21:38:36.0329 5892 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/02/22 21:38:36.0501 5892 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/22 21:38:36.0675 5892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/22 21:38:36.0763 5892 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/22 21:38:36.0947 5892 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/22 21:38:37.0154 5892 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/22 21:38:37.0302 5892 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/02/22 21:38:37.0429 5892 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/22 21:38:37.0605 5892 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/22 21:38:37.0749 5892 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/22 21:38:37.0873 5892 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/22 21:38:38.0012 5892 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/22 21:38:38.0145 5892 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/22 21:38:38.0263 5892 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/02/22 21:38:38.0363 5892 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/22 21:38:38.0599 5892 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/02/22 21:38:38.0755 5892 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/22 21:38:38.0893 5892 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/22 21:38:39.0096 5892 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/22 21:38:39.0286 5892 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/22 21:38:39.0657 5892 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/02/22 21:38:39.0861 5892 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/22 21:38:39.0989 5892 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/22 21:38:40.0049 5892 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/22 21:38:40.0143 5892 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/22 21:38:40.0272 5892 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/22 21:38:40.0572 5892 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/22 21:38:40.0772 5892 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/22 21:38:40.0896 5892 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/22 21:38:40.0946 5892 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/22 21:38:41.0015 5892 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/22 21:38:41.0118 5892 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/22 21:38:41.0255 5892 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/22 21:38:41.0348 5892 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/22 21:38:41.0447 5892 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/22 21:38:41.0501 5892 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/22 21:38:41.0611 5892 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/22 21:38:41.0689 5892 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/22 21:38:41.0779 5892 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/22 21:38:41.0896 5892 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/22 21:38:42.0121 5892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/22 21:38:42.0251 5892 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/22 21:38:42.0326 5892 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/22 21:38:42.0399 5892 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/22 21:38:42.0498 5892 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/22 21:38:42.0681 5892 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/22 21:38:42.0866 5892 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/22 21:38:43.0020 5892 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
2011/02/22 21:38:43.0138 5892 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/22 21:38:43.0230 5892 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/22 21:38:43.0297 5892 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/22 21:38:43.0400 5892 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/22 21:38:43.0534 5892 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/22 21:38:43.0666 5892 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/22 21:38:43.0740 5892 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/22 21:38:43.0850 5892 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/22 21:38:44.0009 5892 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/22 21:38:44.0196 5892 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/22 21:38:44.0290 5892 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/22 21:38:44.0342 5892 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/22 21:38:44.0507 5892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/22 21:38:44.0660 5892 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/22 21:38:44.0801 5892 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/22 21:38:45.0069 5892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/22 21:38:45.0166 5892 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:38:45.0184 5892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:38:45.0371 5892 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/22 21:38:45.0464 5892 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/22 21:38:45.0839 5892 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/22 21:38:46.0213 5892 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/22 21:38:46.0400 5892 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/22 21:38:46.0521 5892 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/22 21:38:46.0739 5892 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/02/22 21:38:46.0861 5892 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/02/22 21:38:46.0946 5892 ================================================================================
2011/02/22 21:38:46.0946 5892 Scan finished
2011/02/22 21:38:46.0946 5892 ================================================================================
2011/02/22 21:39:08.0173 1432 Deinitialize success
2011/02/22 21:37:49.0995 5168 ================================================================================
2011/02/22 21:37:49.0995 5168 SystemInfo:
2011/02/22 21:37:49.0996 5168
2011/02/22 21:37:49.0996 5168 OS Version: 6.0.6002 ServicePack: 2.0
2011/02/22 21:37:49.0996 5168 Product type: Workstation
2011/02/22 21:37:49.0996 5168 ComputerName: PC-DE-COLIN
2011/02/22 21:37:49.0996 5168 UserName: Jules
2011/02/22 21:37:49.0996 5168 Windows directory: C:\Windows
2011/02/22 21:37:49.0996 5168 System windows directory: C:\Windows
2011/02/22 21:37:49.0996 5168 Processor architecture: Intel x86
2011/02/22 21:37:49.0996 5168 Number of processors: 4
2011/02/22 21:37:49.0996 5168 Page size: 0x1000
2011/02/22 21:37:49.0996 5168 Boot type: Normal boot
2011/02/22 21:37:49.0996 5168 ================================================================================
2011/02/22 21:37:50.0621 5168 Initialize success
2011/02/22 21:37:53.0780 5892 ================================================================================
2011/02/22 21:37:53.0780 5892 Scan started
2011/02/22 21:37:53.0780 5892 Mode: Manual;
2011/02/22 21:37:53.0780 5892 ================================================================================
2011/02/22 21:37:55.0285 5892 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/02/22 21:37:55.0559 5892 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/02/22 21:37:56.0566 5892 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/02/22 21:37:56.0873 5892 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/02/22 21:37:56.0935 5892 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/02/22 21:37:57.0124 5892 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/02/22 21:37:57.0464 5892 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\Windows\system32\DRIVERS\AegisP.sys
2011/02/22 21:37:57.0793 5892 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/02/22 21:37:58.0062 5892 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/02/22 21:37:58.0423 5892 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/02/22 21:37:59.0187 5892 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/02/22 21:37:59.0290 5892 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/02/22 21:37:59.0371 5892 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/02/22 21:37:59.0477 5892 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/02/22 21:38:00.0021 5892 appdrv01 (f951c27fe54e1b2b5ada9719289b4756) C:\Windows\system32\Drivers\appdrv01.sys
2011/02/22 21:38:00.0635 5892 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/02/22 21:38:00.0892 5892 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/02/22 21:38:01.0271 5892 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/02/22 21:38:01.0622 5892 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/02/22 21:38:01.0822 5892 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/02/22 21:38:02.0183 5892 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/02/22 21:38:02.0557 5892 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\Windows\system32\DRIVERS\avipbb.sys
2011/02/22 21:38:02.0893 5892 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/02/22 21:38:03.0856 5892 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/02/22 21:38:04.0347 5892 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/02/22 21:38:04.0796 5892 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/02/22 21:38:05.0213 5892 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/02/22 21:38:05.0648 5892 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/02/22 21:38:06.0027 5892 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/02/22 21:38:06.0393 5892 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/02/22 21:38:06.0740 5892 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/02/22 21:38:07.0272 5892 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/02/22 21:38:07.0510 5892 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/02/22 21:38:07.0807 5892 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/02/22 21:38:08.0069 5892 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/02/22 21:38:08.0390 5892 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/02/22 21:38:08.0627 5892 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/02/22 21:38:08.0921 5892 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/02/22 21:38:09.0138 5892 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/02/22 21:38:09.0376 5892 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/02/22 21:38:09.0672 5892 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/02/22 21:38:10.0140 5892 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/02/22 21:38:10.0993 5892 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/02/22 21:38:11.0190 5892 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/02/22 21:38:11.0349 5892 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
2011/02/22 21:38:11.0622 5892 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/02/22 21:38:12.0018 5892 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/02/22 21:38:12.0241 5892 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/02/22 21:38:12.0476 5892 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/02/22 21:38:12.0803 5892 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/02/22 21:38:13.0096 5892 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/02/22 21:38:13.0364 5892 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/02/22 21:38:13.0513 5892 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/02/22 21:38:13.0711 5892 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/02/22 21:38:13.0926 5892 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/02/22 21:38:14.0160 5892 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/02/22 21:38:14.0363 5892 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/02/22 21:38:14.0621 5892 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/02/22 21:38:14.0849 5892 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/02/22 21:38:15.0040 5892 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/02/22 21:38:15.0282 5892 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
2011/02/22 21:38:15.0550 5892 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/02/22 21:38:15.0886 5892 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/02/22 21:38:16.0189 5892 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/02/22 21:38:16.0401 5892 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/02/22 21:38:16.0648 5892 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/02/22 21:38:16.0866 5892 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/02/22 21:38:17.0105 5892 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/02/22 21:38:17.0412 5892 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/02/22 21:38:17.0617 5892 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/02/22 21:38:17.0804 5892 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/02/22 21:38:18.0166 5892 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/02/22 21:38:18.0474 5892 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/02/22 21:38:18.0965 5892 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
2011/02/22 21:38:19.0222 5892 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/02/22 21:38:19.0470 5892 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/02/22 21:38:19.0725 5892 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/02/22 21:38:20.0159 5892 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/02/22 21:38:20.0422 5892 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/02/22 21:38:20.0744 5892 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/02/22 21:38:21.0017 5892 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/02/22 21:38:21.0262 5892 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/02/22 21:38:21.0444 5892 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/02/22 21:38:21.0594 5892 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/02/22 21:38:21.0744 5892 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/02/22 21:38:21.0868 5892 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/02/22 21:38:22.0113 5892 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/02/22 21:38:22.0330 5892 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/02/22 21:38:22.0522 5892 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/02/22 21:38:22.0674 5892 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/02/22 21:38:22.0820 5892 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/02/22 21:38:22.0985 5892 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/02/22 21:38:23.0168 5892 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/02/22 21:38:23.0331 5892 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/02/22 21:38:23.0742 5892 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/02/22 21:38:23.0819 5892 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/02/22 21:38:23.0905 5892 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/02/22 21:38:24.0090 5892 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/02/22 21:38:24.0248 5892 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/02/22 21:38:24.0333 5892 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/02/22 21:38:24.0405 5892 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/02/22 21:38:24.0500 5892 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/02/22 21:38:24.0628 5892 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/02/22 21:38:24.0786 5892 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/02/22 21:38:24.0887 5892 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/02/22 21:38:25.0027 5892 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/02/22 21:38:25.0126 5892 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/02/22 21:38:25.0245 5892 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/02/22 21:38:25.0331 5892 MSHUSBVideo (956741c67abaa78b19aadc5474936842) C:\Windows\system32\Drivers\nx6000.sys
2011/02/22 21:38:25.0453 5892 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/02/22 21:38:25.0633 5892 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/02/22 21:38:25.0750 5892 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/02/22 21:38:25.0863 5892 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/02/22 21:38:26.0056 5892 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/02/22 21:38:26.0228 5892 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/02/22 21:38:26.0403 5892 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/02/22 21:38:26.0557 5892 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/02/22 21:38:26.0783 5892 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/02/22 21:38:27.0008 5892 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/02/22 21:38:27.0296 5892 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/02/22 21:38:27.0417 5892 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/02/22 21:38:27.0506 5892 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/02/22 21:38:27.0715 5892 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/02/22 21:38:27.0970 5892 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/02/22 21:38:28.0174 5892 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/02/22 21:38:28.0357 5892 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/02/22 21:38:28.0526 5892 Nokia USB Generic (5abb6b2461c4eb0afdf1bf7f03963d59) C:\Windows\system32\drivers\nmwcdc.sys
2011/02/22 21:38:28.0664 5892 Nokia USB Modem (353c16d21eec1f11306270040b3713c1) C:\Windows\system32\drivers\nmwcdcm.sys
2011/02/22 21:38:28.0963 5892 Nokia USB Phone Parent (f5b1200c75b160c81e7e48cc0489aa5e) C:\Windows\system32\drivers\nmwcd.sys
2011/02/22 21:38:29.0244 5892 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/02/22 21:38:29.0407 5892 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\Windows\system32\npptNT2.sys
2011/02/22 21:38:29.0624 5892 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/02/22 21:38:29.0919 5892 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/02/22 21:38:30.0088 5892 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/02/22 21:38:30.0155 5892 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/02/22 21:38:30.0254 5892 NVHDA (b4f70fac4ea61cf150823aa063a39ff9) C:\Windows\system32\drivers\nvhda32v.sys
2011/02/22 21:38:31.0353 5892 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/02/22 21:38:31.0520 5892 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/02/22 21:38:31.0641 5892 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/02/22 21:38:31.0726 5892 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/02/22 21:38:32.0019 5892 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/02/22 21:38:32.0168 5892 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/02/22 21:38:32.0279 5892 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/02/22 21:38:32.0381 5892 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/02/22 21:38:32.0504 5892 PCAMp50 (1bf91f352d746ad7469fa71783b5fae8) C:\Windows\system32\Drivers\PCAMp50.sys
2011/02/22 21:38:32.0601 5892 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\Windows\system32\Drivers\PCASp50.sys
2011/02/22 21:38:32.0724 5892 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/02/22 21:38:32.0854 5892 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/02/22 21:38:33.0057 5892 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/02/22 21:38:33.0203 5892 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/02/22 21:38:33.0612 5892 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/02/22 21:38:33.0697 5892 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/02/22 21:38:33.0813 5892 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/02/22 21:38:34.0123 5892 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/02/22 21:38:34.0288 5892 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/02/22 21:38:34.0511 5892 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/02/22 21:38:34.0695 5892 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/02/22 21:38:34.0817 5892 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/02/22 21:38:34.0975 5892 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/02/22 21:38:35.0185 5892 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/02/22 21:38:35.0278 5892 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/02/22 21:38:35.0366 5892 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/02/22 21:38:35.0490 5892 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/02/22 21:38:35.0642 5892 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/02/22 21:38:35.0782 5892 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/02/22 21:38:35.0949 5892 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/02/22 21:38:36.0110 5892 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/02/22 21:38:36.0329 5892 RTL8023xp (5e01ab8ab1acf8850b2d64a6fd068e46) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/02/22 21:38:36.0501 5892 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/02/22 21:38:36.0675 5892 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/02/22 21:38:36.0763 5892 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/02/22 21:38:36.0947 5892 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/02/22 21:38:37.0154 5892 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/02/22 21:38:37.0302 5892 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/02/22 21:38:37.0429 5892 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/02/22 21:38:37.0605 5892 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/02/22 21:38:37.0749 5892 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/02/22 21:38:37.0873 5892 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/02/22 21:38:38.0012 5892 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/02/22 21:38:38.0145 5892 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/02/22 21:38:38.0263 5892 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
2011/02/22 21:38:38.0363 5892 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/02/22 21:38:38.0599 5892 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/02/22 21:38:38.0755 5892 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/02/22 21:38:38.0893 5892 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/02/22 21:38:39.0096 5892 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/02/22 21:38:39.0286 5892 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/02/22 21:38:39.0657 5892 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/02/22 21:38:39.0861 5892 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/02/22 21:38:39.0989 5892 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/02/22 21:38:40.0049 5892 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/02/22 21:38:40.0143 5892 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/02/22 21:38:40.0272 5892 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/02/22 21:38:40.0572 5892 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/02/22 21:38:40.0772 5892 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/02/22 21:38:40.0896 5892 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/02/22 21:38:40.0946 5892 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/02/22 21:38:41.0015 5892 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/02/22 21:38:41.0118 5892 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/02/22 21:38:41.0255 5892 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/02/22 21:38:41.0348 5892 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/02/22 21:38:41.0447 5892 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\DRIVERS\uagp35.sys
2011/02/22 21:38:41.0501 5892 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/02/22 21:38:41.0611 5892 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/02/22 21:38:41.0689 5892 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/02/22 21:38:41.0779 5892 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/02/22 21:38:41.0896 5892 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/02/22 21:38:42.0121 5892 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/02/22 21:38:42.0251 5892 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/02/22 21:38:42.0326 5892 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/02/22 21:38:42.0399 5892 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/02/22 21:38:42.0498 5892 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/02/22 21:38:42.0681 5892 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/02/22 21:38:42.0866 5892 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/02/22 21:38:43.0020 5892 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
2011/02/22 21:38:43.0138 5892 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/02/22 21:38:43.0230 5892 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/02/22 21:38:43.0297 5892 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/02/22 21:38:43.0400 5892 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/02/22 21:38:43.0534 5892 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/02/22 21:38:43.0666 5892 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/02/22 21:38:43.0740 5892 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/02/22 21:38:43.0850 5892 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/02/22 21:38:44.0009 5892 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/02/22 21:38:44.0196 5892 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/02/22 21:38:44.0290 5892 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/02/22 21:38:44.0342 5892 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/02/22 21:38:44.0507 5892 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/02/22 21:38:44.0660 5892 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/02/22 21:38:44.0801 5892 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/02/22 21:38:45.0069 5892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/02/22 21:38:45.0166 5892 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:38:45.0184 5892 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/02/22 21:38:45.0371 5892 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/02/22 21:38:45.0464 5892 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/02/22 21:38:45.0839 5892 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/02/22 21:38:46.0213 5892 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/02/22 21:38:46.0400 5892 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/02/22 21:38:46.0521 5892 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/02/22 21:38:46.0739 5892 xnacc (9eea6d029fef5f3016d089b1a603837d) C:\Windows\system32\DRIVERS\xnacc.sys
2011/02/22 21:38:46.0861 5892 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/02/22 21:38:46.0946 5892 ================================================================================
2011/02/22 21:38:46.0946 5892 Scan finished
2011/02/22 21:38:46.0946 5892 ================================================================================
2011/02/22 21:39:08.0173 1432 Deinitialize success
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
--
G3?-?@¢??@?......Concepteur de List_Kill'em...
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX
▶ Potasses le Tuto pour te familiariser avec le prg :
( cela dit, il est très simple d'utilisation ).
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
--
G3?-?@¢??@?......Concepteur de List_Kill'em...
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5851
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
23/02/2011 16:40:19
mbam-log-2011-02-23 (16-40-19).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 576611
Temps écoulé: 3 heure(s), 15 minute(s), 13 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
c:\Windows\temp\xofq\setup.exe (Trojan.FakeAlert) -> 2256 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Spyware.Zbot) -> Value: userinit -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aseke (Trojan.Agent.U) -> Value: Aseke -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Bad: (C:\Users\Jules\AppData\Roaming\sdra64.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\Userinit.exe,C:\Users\Jules\AppData\Roaming\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Windows\temp\xofq\setup.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\program files\list_kill'em\catchme.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\list_kill'em\dns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Jules\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
c:\Users\Jules\AppData\Local\Temp\0.5195480196333749.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 5851
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019
23/02/2011 16:40:19
mbam-log-2011-02-23 (16-40-19).txt
Type d'examen: Examen complet (C:\|)
Elément(s) analysé(s): 576611
Temps écoulé: 3 heure(s), 15 minute(s), 13 seconde(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5
Processus mémoire infecté(s):
c:\Windows\temp\xofq\setup.exe (Trojan.FakeAlert) -> 2256 -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Spyware.Zbot) -> Value: userinit -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Aseke (Trojan.Agent.U) -> Value: Aseke -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Bad: (C:\Users\Jules\AppData\Roaming\sdra64.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\Windows\system32\Userinit.exe,C:\Users\Jules\AppData\Roaming\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Windows\temp\xofq\setup.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\program files\list_kill'em\catchme.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files\list_kill'em\dns.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Jules\AppData\Roaming\sdra64.exe (Spyware.Zbot) -> Delete on reboot.
c:\Users\Jules\AppData\Local\Temp\0.5195480196333749.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
hello
▶ Télécharge ZHPDiag (de Nicolas Coolman)
ou :ZHPDiag
▶ Enregistre le sur ton Bureau.
Une fois le téléchargement achevé,
▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.
▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.
▶ Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse,
▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
▶ Télécharge ZHPDiag (de Nicolas Coolman)
ou :ZHPDiag
▶ Enregistre le sur ton Bureau.
Une fois le téléchargement achevé,
▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.
▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.
▶ Clique sur la loupe pour lancer l'analyse.
A la fin de l'analyse,
▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.
Pour me le transmettre clique sur ce lien :
http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
bon
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\tdsskiller\tdsskiller.exe
c:\users\Jules\AppData\Roaming\Adobe\plugs
c:\users\Jules\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-23 au 2011-02-23 ))))))))))))))))))))))))))))))))))))
.
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Echange de Maison\AppData\Local\temp
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-02-23 17:14 . 2011-02-23 18:22 -------- d-----w- c:\program files\ZHPDiag
2011-02-22 20:39 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA0B0741-9B57-47C0-B76D-71123E7C16D9}\mpengine.dll
2011-02-22 20:13 . 2011-02-23 15:34 -------- d-sh--w- c:\users\Jules\AppData\Roaming\lowsec
2011-02-22 20:09 . 2011-02-23 19:39 -------- d-----w- C:\tdsskiller
2011-02-22 19:11 . 2011-02-22 19:11 722944 ----a-w- c:\windows\system32\ypgvsaym.dll
2011-02-21 18:09 . 2011-02-21 18:25 -------- d-----w- C:\UsbFix
2011-02-21 17:59 . 2011-02-21 17:59 -------- d-----w- c:\program files\Ad-Remover
2011-02-21 16:42 . 2011-02-21 19:37 -------- d-----w- C:\Kill'em
2011-02-21 16:41 . 2011-02-23 15:40 -------- d-----w- c:\program files\List_Kill'em
2011-02-02 14:09 . 2011-02-09 21:12 -------- d-----w- c:\users\Jules\AppData\Roaming\.minecraft
2011-01-31 20:58 . 2011-01-31 21:24 -------- d-----w- c:\users\Jules\AppData\Roaming\FileZilla
2011-01-30 10:38 . 2011-01-30 10:38 -------- d-----w- c:\users\Colin\AppData\Local\LogMeIn Hamachi
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-14 19:41 . 2007-12-25 08:34 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-14 19:41 . 2010-03-04 22:18 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-14 19:41 . 2007-12-25 08:34 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-14 19:39 . 2007-12-25 08:34 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-09 15:50 . 2007-12-25 08:34 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-28 15:55 . 2011-01-12 14:51 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-26 20:22 . 2010-12-26 20:22 729088 ----a-w- c:\windows\iun6002.exe
2010-12-20 17:09 . 2008-12-29 17:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2008-12-29 17:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 14:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-02 21:30 . 2010-12-02 21:30 74240 ----a-w- c:\windows\system32\nx6000res.dll
2010-12-02 21:30 . 2010-12-02 21:30 631808 ----a-w- c:\windows\system32\LCCoin36.dll
2010-12-02 21:30 . 2010-12-02 21:30 509440 ----a-w- c:\windows\system32\LcProxy2.ax
2010-12-02 21:30 . 2010-12-02 21:30 25600 ----a-w- c:\windows\system32\drivers\nx6000.sys
2007-09-13 06:33 . 2007-09-13 06:33 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
[code]<pre>
c:\program files\iTunes\iTunesHelper .exe
c:\program files\LogMeIn Hamachi\hamachi-2-ui .exe
c:\program files\Microsoft IntelliType Pro\itype .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask .exe
</pre>/code
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73B61547-0D52-FD42-80D3-E1237A63CDD0}]
2011-02-22 19:11 722944 ----a-w- c:\windows\System32\ypgvsaym.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{73B61547-0D52-FD42-80D3-E1237A63CDD0}"
[HKEY_CLASSES_ROOT\CLSID\{73B61547-0D52-FD42-80D3-E1237A63CDD0}]
2011-02-22 19:11 722944 ----a-w- c:\windows\System32\ypgvsaym.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-15 2975640]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-03 328056]
"hmod70twindl.exe"="c:\users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425\hmod70twindl.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [N/A]
c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADownloadManager\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-20 21:07 133104 ----atw- c:\users\Jules\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 12:23 1242448 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-03 17:24 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
c:\tdsskiller\tdsskiller.exe
c:\users\Jules\AppData\Roaming\Adobe\plugs
c:\users\Jules\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-01-23 au 2011-02-23 ))))))))))))))))))))))))))))))))))))
.
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Invité\AppData\Local\temp
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Echange de Maison\AppData\Local\temp
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 19:40 . 2011-02-23 19:40 -------- d-----w- c:\users\Colin\AppData\Local\temp
2011-02-23 17:14 . 2011-02-23 18:22 -------- d-----w- c:\program files\ZHPDiag
2011-02-22 20:39 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA0B0741-9B57-47C0-B76D-71123E7C16D9}\mpengine.dll
2011-02-22 20:13 . 2011-02-23 15:34 -------- d-sh--w- c:\users\Jules\AppData\Roaming\lowsec
2011-02-22 20:09 . 2011-02-23 19:39 -------- d-----w- C:\tdsskiller
2011-02-22 19:11 . 2011-02-22 19:11 722944 ----a-w- c:\windows\system32\ypgvsaym.dll
2011-02-21 18:09 . 2011-02-21 18:25 -------- d-----w- C:\UsbFix
2011-02-21 17:59 . 2011-02-21 17:59 -------- d-----w- c:\program files\Ad-Remover
2011-02-21 16:42 . 2011-02-21 19:37 -------- d-----w- C:\Kill'em
2011-02-21 16:41 . 2011-02-23 15:40 -------- d-----w- c:\program files\List_Kill'em
2011-02-02 14:09 . 2011-02-09 21:12 -------- d-----w- c:\users\Jules\AppData\Roaming\.minecraft
2011-01-31 20:58 . 2011-01-31 21:24 -------- d-----w- c:\users\Jules\AppData\Roaming\FileZilla
2011-01-30 10:38 . 2011-01-30 10:38 -------- d-----w- c:\users\Colin\AppData\Local\LogMeIn Hamachi
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-14 19:41 . 2007-12-25 08:34 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-14 19:41 . 2010-03-04 22:18 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-14 19:41 . 2007-12-25 08:34 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-14 19:39 . 2007-12-25 08:34 215128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-09 15:50 . 2007-12-25 08:34 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-28 15:55 . 2011-01-12 14:51 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-26 20:22 . 2010-12-26 20:22 729088 ----a-w- c:\windows\iun6002.exe
2010-12-20 17:09 . 2008-12-29 17:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2008-12-29 17:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 14:49 . 2011-01-12 14:51 1169408 ----a-w- c:\windows\system32\sdclt.exe
2010-12-02 21:30 . 2010-12-02 21:30 74240 ----a-w- c:\windows\system32\nx6000res.dll
2010-12-02 21:30 . 2010-12-02 21:30 631808 ----a-w- c:\windows\system32\LCCoin36.dll
2010-12-02 21:30 . 2010-12-02 21:30 509440 ----a-w- c:\windows\system32\LcProxy2.ax
2010-12-02 21:30 . 2010-12-02 21:30 25600 ----a-w- c:\windows\system32\drivers\nx6000.sys
2007-09-13 06:33 . 2007-09-13 06:33 157184 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 10:06 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sh--r- c:\windows\System32\nbDX.dll
.
[code]<pre>
c:\program files\iTunes\iTunesHelper .exe
c:\program files\LogMeIn Hamachi\hamachi-2-ui .exe
c:\program files\Microsoft IntelliType Pro\itype .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\QuickTime\QTTask .exe
</pre>/code
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73B61547-0D52-FD42-80D3-E1237A63CDD0}]
2011-02-22 19:11 722944 ----a-w- c:\windows\System32\ypgvsaym.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Enhanced Storage]
@="{73B61547-0D52-FD42-80D3-E1237A63CDD0}"
[HKEY_CLASSES_ROOT\CLSID\{73B61547-0D52-FD42-80D3-E1237A63CDD0}]
2011-02-22 19:11 722944 ----a-w- c:\windows\System32\ypgvsaym.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-11-15 2975640]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-10-03 328056]
"hmod70twindl.exe"="c:\users\Jules\AppData\Roaming\07AF3C89D9C1D170A86CCA7D59E0E425\hmod70twindl.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [N/A]
c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
OneNote 2007 - Capture d''cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADownloadManager\Core.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-03-20 21:07 133104 ----atw- c:\users\Jules\AppData\Local\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\QTTask.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 12:23 1242448 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-10-03 17:24 328056 ----a-w- c:\program files\uTorrent\uTorrent.exe
