Ver W32/Blaster.vorm
Résolu
Benchris
-
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
Depuis ce matin, j'ai attrapé un virus dénommé W32/blaster.vorm. Je suis allé sur plusieurs forum afin de tenter de remédier à mon problème mais rien n'y fait. Je ne peux plus accéder à internet. Je ne peux plus exécuter les divers antivirus que je télécharger sur le net. Tout é=est bloqué par sécurité protection. Je suis désespéré, d'autant plus que mes différents fichiers comptables se trouvent sur mon ordi et je ne peux plus les ouvrir. Quelqu'un aurait il une solution ????
Merci et bonne journée
Benoit
Depuis ce matin, j'ai attrapé un virus dénommé W32/blaster.vorm. Je suis allé sur plusieurs forum afin de tenter de remédier à mon problème mais rien n'y fait. Je ne peux plus accéder à internet. Je ne peux plus exécuter les divers antivirus que je télécharger sur le net. Tout é=est bloqué par sécurité protection. Je suis désespéré, d'autant plus que mes différents fichiers comptables se trouvent sur mon ordi et je ne peux plus les ouvrir. Quelqu'un aurait il une solution ????
Merci et bonne journée
Benoit
A voir également:
- Ver W32/Blaster.vorm
- Ver num - Guide
- Comment enlever un ver informatique - Guide
- W32.adware.gen ✓ - Forum Virus
- W32.malware.gen ✓ - Forum Virus
- Win32 malware-gen ✓ - Forum Virus
55 réponses
Bonjour,
Nous allons essayer de régler ton problème ensemble. D'abord, quelques rappels :
▶ N'ouvres pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre)
▶ N'hésites pas à poser des questions en cas de besoin ;)
▶ Sois patient(e) quand tu postes un message, je ne réponds pas instantanément : je suis bénévole et je ne suis pas en permanence devant mon ordinateur. Mais rassure toi, je ne laisse jamais tomber personne ;)
▶ La désinfection va se dérouler en plusieurs étapes. Même si les symptômes de l'infection disparaissent, la désinfection ne sera terminée que quand je te le confirmerai --> Merci de revenir jusqu'au bout, sinon ce qu''on a fait n'aura servi à rien /!\
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ Sous Windows XP, double clic gauche
▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
▶ ▶ 1. Recherche (écrit en vert)
▶ ▶ 2. Suppression(écrit en rouge)
▶ ▶ 3. Hosts RAZ (écrit en rouge)
▶ ▶ 4. Proxy RAZ (écrit en rouge)
▶ ▶ 5. DNS RAZ (écrit en rouge)
▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
▶ ▶ 0. Quitter (écrit en vert)
▶ A ce moment tape 1 et valide
▶ Un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
Nous allons essayer de régler ton problème ensemble. D'abord, quelques rappels :
▶ N'ouvres pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre)
▶ N'hésites pas à poser des questions en cas de besoin ;)
▶ Sois patient(e) quand tu postes un message, je ne réponds pas instantanément : je suis bénévole et je ne suis pas en permanence devant mon ordinateur. Mais rassure toi, je ne laisse jamais tomber personne ;)
▶ La désinfection va se dérouler en plusieurs étapes. Même si les symptômes de l'infection disparaissent, la désinfection ne sera terminée que quand je te le confirmerai --> Merci de revenir jusqu'au bout, sinon ce qu''on a fait n'aura servi à rien /!\
▶ Télécharge sur le bureau RogueKiller (par tigzy)
▶ ▶ Sous Windows XP, double clic gauche
▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur
▶ Quitte tous tes programmes en cours
▶ Lance RogueKiller.exe.
▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
▶ ▶ 1. Recherche (écrit en vert)
▶ ▶ 2. Suppression(écrit en rouge)
▶ ▶ 3. Hosts RAZ (écrit en rouge)
▶ ▶ 4. Proxy RAZ (écrit en rouge)
▶ ▶ 5. DNS RAZ (écrit en rouge)
▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
▶ ▶ 0. Quitter (écrit en vert)
▶ A ce moment tape 1 et valide
▶ Un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
Tout d'abord MERCI pour l'aide.
Le souci c'est que je dois passer par un autre ordinateur car celui infecté ne m'ouvre plus rien même plus la connection internet.
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: Recherche -- Date : 02/09/2011 16:07:49
Processus malicieux: 3
[SUSP PATH] urerfg12.dll -- C:\WINDOWS\urerfg12.dll -> UNLOADED
[SUSP PATH] urerfg12.dll -- C:\WINDOWS\urerfg12.dll -> KILLED [TermProc]
[SUSP PATH] DEFENDER.EXE -- c:\documents and settings\all users\application data\defender.exe -> KILLED [TermProc]
Entrees de registre: 6
[BLACKLIST DLL] HKCU\[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3710026804-835709013-520328069-1009[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3710026804-835709013-520328069-1009[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Fichiers / Dossiers particuliers:
[FOLDER] plugs : c:\documents and settings\duhem aurélie\application data\adobe\plugs --> FOUND
[FOLDER] shed : c:\documents and settings\duhem aurélie\application data\adobe\shed --> FOUND
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Termine : << RKreport[1].txt >>
RKreport[1].txt
Le souci c'est que je dois passer par un autre ordinateur car celui infecté ne m'ouvre plus rien même plus la connection internet.
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: Recherche -- Date : 02/09/2011 16:07:49
Processus malicieux: 3
[SUSP PATH] urerfg12.dll -- C:\WINDOWS\urerfg12.dll -> UNLOADED
[SUSP PATH] urerfg12.dll -- C:\WINDOWS\urerfg12.dll -> KILLED [TermProc]
[SUSP PATH] DEFENDER.EXE -- c:\documents and settings\all users\application data\defender.exe -> KILLED [TermProc]
Entrees de registre: 6
[BLACKLIST DLL] HKCU\[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-3710026804-835709013-520328069-1009[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3710026804-835709013-520328069-1009[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Fichiers / Dossiers particuliers:
[FOLDER] plugs : c:\documents and settings\duhem aurélie\application data\adobe\plugs --> FOUND
[FOLDER] shed : c:\documents and settings\duhem aurélie\application data\adobe\shed --> FOUND
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Termine : << RKreport[1].txt >>
RKreport[1].txt
Eh ben c est du propre ^^
relance RogueKiller options 2 3 et 6 et poste les 3 rapports
désinstalle spybot
puis :
▶ Télécharge MBAM et installe le selon l'emplacement par défaut
https://www.malwarebytes.com/mwb-download/
▶ Effectue la mise à jour et lance Malwarebytes' Anti-Malware
▶ ▶ Si tu n''arrive pas à le mettre à jour, télécharge ce fichier , ferme MBAM, et exécute le
▶ Clique dans l'onglet du haut "Recherche"
▶ Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
▶ Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"
A la fin de l'analyse, si MBAM n'a rien trouvé :
▶ Clique sur OK, le rapport s'ouvre spontanément
Si des menaces ont été détectées :
▶ Clique sur OK puis "Afficher les résultats"
▶ Choisis l'option "Supprimer la sélection"
▶ Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
▶ Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
▶ Sinon le rapport s'ouvre automatiquement après la suppression
Quelque soit le résultat, copie/colle le rapport dans le prochain message
relance RogueKiller options 2 3 et 6 et poste les 3 rapports
désinstalle spybot
puis :
▶ Télécharge MBAM et installe le selon l'emplacement par défaut
https://www.malwarebytes.com/mwb-download/
▶ Effectue la mise à jour et lance Malwarebytes' Anti-Malware
▶ ▶ Si tu n''arrive pas à le mettre à jour, télécharge ce fichier , ferme MBAM, et exécute le
▶ Clique dans l'onglet du haut "Recherche"
▶ Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
▶ Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"
A la fin de l'analyse, si MBAM n'a rien trouvé :
▶ Clique sur OK, le rapport s'ouvre spontanément
Si des menaces ont été détectées :
▶ Clique sur OK puis "Afficher les résultats"
▶ Choisis l'option "Supprimer la sélection"
▶ Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
▶ Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
▶ Sinon le rapport s'ouvre automatiquement après la suppression
Quelque soit le résultat, copie/colle le rapport dans le prochain message
Voilà, qu'entends tu par : c'est du propre ??? Personnellement, je n'y connais rien en informatique. Dois je mieux protéger mon ordinateur ???
Rapport 2
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: Suppression -- Date : 02/09/2011 16:29:27
Processus malicieux: 0
Entrees de registre: 4
[BLACKLIST DLL] HKCU\[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> DELETED
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Fichiers / Dossiers particuliers:
[FILE] KB7791578.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791578.exe --> REMOVED
[FILE] KB7791781.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791781.exe --> REMOVED
[FILE] KB7791578 : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791578 --> REMOVED
[FILE] KB7791640 : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791640 --> REMOVED
[FILE] KB7821718.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7821718.exe --> REMOVED
[FILE] KB7821781.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7821781.exe --> REMOVED
[FILE] KB7823125.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7823125.exe --> REMOVED
[FOLDER] plugs : c:\documents and settings\duhem aurélie\application data\adobe\plugs --> REMOVED
[FOLDER] shed : c:\documents and settings\duhem aurélie\application data\adobe\shed --> REMOVED
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Rapport 3
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: HOSTS RAZ -- Date : 02/09/2011 16:31:12
Processus malicieux: 0
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Nouveau fichier HOSTS:
127.0.0.1 localhost
Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Rapport 6
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 02/09/2011 16:32:57
Processus malicieux: 0
Attributs de fichiers restaures:
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 24 / Fail 0
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 283 / Fail 0
Mes documents: Success 23 / Fail 0
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 1195 / Fail 0
Sauvegarde: [NOT FOUND]
Lecteurs:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume10 -- 0x3 --> Restored
Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Rapport Malwarebytes
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Version de la base de données: 7637
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/09/2011 16:47:01
mbam-log-2011-09-02 (16-47-01).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 205569
Temps écoulé: 5 minute(s), 22 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 117
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ACM.ACMFactory (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Adware.BHO) -> Value: bipro -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\program files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eoweather (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\starware393 (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware393\Setup.exe (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU (Adware.WhenU) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoStats (Adware.EoRezo) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\$xntuninstall643$\wzrel.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$\qpeji.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\defender.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\local settings\Temp\arscomenwx.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\local settings\Temp\msxercwaon.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\local settings\Temp\regincd2.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\E3.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\WINDOWS\urerfg12.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.3959 (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.5544 (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.4529 (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\learn more about whenu save.url (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\learn more about whenu savenow.url (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\whenu.com website.url (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\uninstall instructions.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\customer support.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\cmhost.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\user.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\host.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\confmedia.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\towns.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\eoweatherval_02ec282.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\next.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\nextpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\reflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\txt_14x13.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\about.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\next.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\nextpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\reflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\small_background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\band.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\band_small.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\db\cat.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\eodesktop.html (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\userconfig.xml (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\config.xml (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoStats\eoStats.txt (Adware
MERCI, est terminée ??? Toujours est il quec'est agréable de pouvoir compter sur d'autres personnes pour palier à vos erreurs.
Rapport 2
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: Suppression -- Date : 02/09/2011 16:29:27
Processus malicieux: 0
Entrees de registre: 4
[BLACKLIST DLL] HKCU\[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> DELETED
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Fichiers / Dossiers particuliers:
[FILE] KB7791578.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791578.exe --> REMOVED
[FILE] KB7791781.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791781.exe --> REMOVED
[FILE] KB7791578 : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791578 --> REMOVED
[FILE] KB7791640 : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791640 --> REMOVED
[FILE] KB7821718.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7821718.exe --> REMOVED
[FILE] KB7821781.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7821781.exe --> REMOVED
[FILE] KB7823125.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7823125.exe --> REMOVED
[FOLDER] plugs : c:\documents and settings\duhem aurélie\application data\adobe\plugs --> REMOVED
[FOLDER] shed : c:\documents and settings\duhem aurélie\application data\adobe\shed --> REMOVED
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Rapport 3
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: HOSTS RAZ -- Date : 02/09/2011 16:31:12
Processus malicieux: 0
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Nouveau fichier HOSTS:
127.0.0.1 localhost
Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Rapport 6
RogueKiller V5.3.4 [30/08/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Duhem Aurélie [Droits d'admin]
Mode: Raccourcis RAZ -- Date : 02/09/2011 16:32:57
Processus malicieux: 0
Attributs de fichiers restaures:
Bureau: Success 0 / Fail 0
Lancement rapide: Success 0 / Fail 0
Programmes: Success 24 / Fail 0
Menu demarrer: Success 0 / Fail 0
Dossier utilisateur: Success 283 / Fail 0
Mes documents: Success 23 / Fail 0
Mes favoris: Success 0 / Fail 0
Mes images: Success 0 / Fail 0
Ma musique: Success 0 / Fail 0
Mes videos: Success 0 / Fail 0
Disques locaux: Success 1195 / Fail 0
Sauvegarde: [NOT FOUND]
Lecteurs:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
[G:] \Device\HarddiskVolume10 -- 0x3 --> Restored
Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Rapport Malwarebytes
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Version de la base de données: 7637
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
02/09/2011 16:47:01
mbam-log-2011-09-02 (16-47-01).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 205569
Temps écoulé: 5 minute(s), 22 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 117
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ACM.ACMFactory.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ACM.ACMFactory (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Adware.BHO) -> Value: bipro -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
c:\program files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\eoweather (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\starware393 (Adware.Starware) -> Quarantined and deleted successfully.
c:\program files\starware393\Setup.exe (Adware.Starware) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU (Adware.WhenU) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoStats (Adware.EoRezo) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\$xntuninstall643$\wzrel.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$\qpeji.dll (Adware.BHO) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\defender.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\local settings\Temp\arscomenwx.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\local settings\Temp\msxercwaon.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\local settings\Temp\regincd2.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\E3.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
c:\WINDOWS\urerfg12.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.3959 (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.5544 (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.4529 (Rogue.Eorezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\learn more about whenu save.url (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\learn more about whenu savenow.url (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\whenu.com website.url (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\uninstall instructions.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\customer support.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
c:\WINDOWS\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\cmhost.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\user.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\host.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\confmedia.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\towns.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\eoweatherval_02ec282.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\next.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\nextpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\reflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\txt_14x13.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\about.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\next.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\nextpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\reflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\small_background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\band.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\band_small.png (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\db\cat.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\eodesktop.html (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\userconfig.xml (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\config.xml (Adware.EoRezo) -> Quarantined and deleted successfully.
c:\documents and settings\duhem aurélie\application data\EoRezo\eoStats\eoStats.txt (Adware
MERCI, est terminée ??? Toujours est il quec'est agréable de pouvoir compter sur d'autres personnes pour palier à vos erreurs.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Re,
Non pas terminé :P
Tu as installé des programmes EoRezo ou PCTuto, sais-tu que le service transmet certaines informations ? comme par exemple ton adresse, numéro de télephone qui ont été saisis lors de l'inscription ?
EoRezo modifie aussi ta page de démarrge vers lo.st, il se peux aussi que ce site transmettent certaines informations.
Enfin il ouvre des popups de publicités vers regiedepub.com
Bref ça installe un adware.
Pour plus d'informations se reporter à cette page : https://forum.malekal.com/viewtopic.php?t=18245&start=
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Recherche] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt
Non pas terminé :P
Tu as installé des programmes EoRezo ou PCTuto, sais-tu que le service transmet certaines informations ? comme par exemple ton adresse, numéro de télephone qui ont été saisis lors de l'inscription ?
EoRezo modifie aussi ta page de démarrge vers lo.st, il se peux aussi que ce site transmettent certaines informations.
Enfin il ouvre des popups de publicités vers regiedepub.com
Bref ça installe un adware.
Pour plus d'informations se reporter à cette page : https://forum.malekal.com/viewtopic.php?t=18245&start=
Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Recherche] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt
Hello.
As tu reçu le rapport adwcleaner que je t'ai adressé????
Tiens au fait qu'est qu'un URL malveillant, j'en ai de bloqué par avast...
Merci
As tu reçu le rapport adwcleaner que je t'ai adressé????
Tiens au fait qu'est qu'un URL malveillant, j'en ai de bloqué par avast...
Merci
Hello
Non, je ne l'ai pas recu...
♦ Pour me transmettre le rapport
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\AdwCleaner[Rx].txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
Non, je ne l'ai pas recu...
♦ Pour me transmettre le rapport
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\AdwCleaner[Rx].txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
Re bonjour. Voilà, je pense qu'il s'aagit du lien concerné.
http://www.cijoint.fr/cjlink.php?file=cj201109/cijZrFXN0B.txt
J'ai vraiment du mal.......
http://www.cijoint.fr/cjlink.php?file=cj201109/cijZrFXN0B.txt
J'ai vraiment du mal.......
Prends ton temps, rien ne presse ;)
Si tu ne comprends pas quelque chose, n'hésites pas à demander ;)
AdwCleaner a bien bossé :)
Pour les URL malveillantes détectées par Avast, on va contrôler ça !
Nous allons effectuer un diagnostic de ton PC:
▶ Télécharge ZHPDiag
▶ Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et "Exécuter ZHPDiag"
▶ Clique sur l''icône représentant une loupe (« Lancer le diagnostic »)
▶ Une fois le scan aux 100%, ferme ZHPDiag. Héberge le rapport ZHPDiag.txt présent sur ton bureau :
Voici comment procéder
▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.
A bientôt.
Si tu ne comprends pas quelque chose, n'hésites pas à demander ;)
AdwCleaner a bien bossé :)
Pour les URL malveillantes détectées par Avast, on va contrôler ça !
Nous allons effectuer un diagnostic de ton PC:
▶ Télécharge ZHPDiag
▶ Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et "Exécuter ZHPDiag"
▶ Clique sur l''icône représentant une loupe (« Lancer le diagnostic »)
▶ Une fois le scan aux 100%, ferme ZHPDiag. Héberge le rapport ZHPDiag.txt présent sur ton bureau :
Voici comment procéder
▶ Rends toi sur pjjoint.malekal.com
▶ Clique sur le bouton Parcourir
▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
▶ Clique sur le bouton Envoyer
▶ Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.
A bientôt.
Voilà, j'ai réussi
http://pjjoint.malekal.com/files.php?id=ZHPDiag_e10g5y7h5s12b12t10d10x8h9z5c15s7c6i8k9m9p12x11o14
http://pjjoint.malekal.com/files.php?id=ZHPDiag_e10g5y7h5s12b12t10d10x8h9z5c15s7c6i8k9m9p12x11o14
Voilà, je dois m'absenter un petit quart d'heure.
http://www.cijoint.fr/cjlink.php?file=cj201109/cijKDkjvCT.txt
A toute à l'heure
http://www.cijoint.fr/cjlink.php?file=cj201109/cijKDkjvCT.txt
A toute à l'heure
Ok pas de problèmes ;)
Tu es infecté d'un rootkit. A mon avis il est venu avec ton rogue (celui qui te bloquait tout au début)
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image
Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer
sinon , ferme tdssKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
Tu es infecté d'un rootkit. A mon avis il est venu avec ton rogue (celui qui te bloquait tout au début)
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image
Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer
sinon , ferme tdssKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
Voilà.. Au fait, aurais tu un antivirus à me conseiller ??
2011/09/03 14:53:36.0015 5752 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/03 14:53:36.0156 5752 ================================================================================
2011/09/03 14:53:36.0156 5752 SystemInfo:
2011/09/03 14:53:36.0156 5752
2011/09/03 14:53:36.0156 5752 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/03 14:53:36.0156 5752 Product type: Workstation
2011/09/03 14:53:36.0156 5752 ComputerName: ACER-2201BA61D4
2011/09/03 14:53:36.0156 5752 UserName: Duhem Aurélie
2011/09/03 14:53:36.0156 5752 Windows directory: C:\WINDOWS
2011/09/03 14:53:36.0156 5752 System windows directory: C:\WINDOWS
2011/09/03 14:53:36.0156 5752 Processor architecture: Intel x86
2011/09/03 14:53:36.0156 5752 Number of processors: 1
2011/09/03 14:53:36.0156 5752 Page size: 0x1000
2011/09/03 14:53:36.0156 5752 Boot type: Normal boot
2011/09/03 14:53:36.0156 5752 ================================================================================
2011/09/03 14:53:37.0062 5752 Initialize success
2011/09/03 14:53:48.0093 4352 ================================================================================
2011/09/03 14:53:48.0093 4352 Scan started
2011/09/03 14:53:48.0093 4352 Mode: Manual;
2011/09/03 14:53:48.0093 4352 ================================================================================
2011/09/03 14:53:49.0140 4352 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/09/03 14:53:49.0765 4352 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/03 14:53:49.0968 4352 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/03 14:53:50.0078 4352 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/03 14:53:50.0281 4352 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/03 14:53:50.0531 4352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/03 14:53:50.0718 4352 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/03 14:53:50.0890 4352 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/09/03 14:53:51.0187 4352 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/03 14:53:51.0515 4352 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/03 14:53:51.0781 4352 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/03 14:53:52.0062 4352 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/03 14:53:52.0343 4352 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/03 14:53:52.0546 4352 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/03 14:53:52.0921 4352 alcan5ln (e8a3f72f644c0b57f8ab894d04b289d7) C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
2011/09/03 14:53:53.0265 4352 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/09/03 14:53:53.0531 4352 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/03 14:53:53.0734 4352 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/03 14:53:53.0875 4352 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/03 14:53:54.0109 4352 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/03 14:53:54.0343 4352 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/03 14:53:54.0562 4352 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/03 14:53:54.0781 4352 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/03 14:53:55.0171 4352 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/09/03 14:53:55.0546 4352 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/09/03 14:53:55.0875 4352 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/09/03 14:53:56.0234 4352 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/09/03 14:53:56.0593 4352 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/09/03 14:53:56.0937 4352 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/09/03 14:53:57.0046 4352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/03 14:53:57.0203 4352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/03 14:53:57.0750 4352 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/03 14:53:58.0062 4352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/03 14:53:58.0296 4352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/03 14:53:58.0671 4352 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/03 14:53:59.0031 4352 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/03 14:53:59.0390 4352 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/03 14:53:59.0718 4352 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/03 14:54:00.0078 4352 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/03 14:54:00.0453 4352 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/03 14:54:00.0765 4352 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/03 14:54:01.0109 4352 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/03 14:54:01.0359 4352 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/03 14:54:01.0453 4352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/03 14:54:03.0015 4352 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/09/03 14:54:03.0968 4352 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/09/03 14:54:04.0281 4352 BTHPORT (ef26202fee56f7607c6b794059df347a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/09/03 14:54:04.0625 4352 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/09/03 14:54:04.0984 4352 Cam5603D (18a1c728d04f071b9ec178496542117a) C:\WINDOWS\system32\Drivers\BisonCam.sys
2011/09/03 14:54:05.0328 4352 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/03 14:54:05.0546 4352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/03 14:54:05.0687 4352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/03 14:54:05.0984 4352 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/03 14:54:06.0109 4352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/03 14:54:06.0218 4352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/03 14:54:06.0328 4352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/03 14:54:06.0687 4352 ce6230 (ed49c07c591298e546545ef79b529f41) C:\WINDOWS\system32\DRIVERS\CE6230StandaloneDriver.sys
2011/09/03 14:54:07.0031 4352 ce6230BDACAP (21bcea4a57d7818a252f51674e2605dd) C:\WINDOWS\system32\DRIVERS\CE6230BDA.sys
2011/09/03 14:54:07.0578 4352 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/03 14:54:07.0875 4352 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/03 14:54:08.0000 4352 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/03 14:54:08.0234 4352 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/03 14:54:08.0484 4352 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/03 14:54:08.0718 4352 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/03 14:54:08.0921 4352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/03 14:54:09.0203 4352 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/09/03 14:54:09.0359 4352 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/03 14:54:09.0609 4352 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/03 14:54:09.0671 4352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/03 14:54:09.0906 4352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/03 14:54:10.0156 4352 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/03 14:54:10.0265 4352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/03 14:54:10.0406 4352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/03 14:54:10.0500 4352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/03 14:54:10.0625 4352 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/03 14:54:10.0781 4352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/03 14:54:11.0062 4352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/03 14:54:12.0687 4352 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/09/03 14:54:12.0859 4352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/03 14:54:12.0968 4352 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/03 14:54:13.0187 4352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/03 14:54:13.0421 4352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/03 14:54:13.0625 4352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/03 14:54:13.0875 4352 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/03 14:54:14.0250 4352 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/03 14:54:14.0578 4352 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/03 14:54:14.0953 4352 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/03 14:54:15.0296 4352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/03 14:54:15.0515 4352 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/03 14:54:15.0687 4352 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/03 14:54:15.0828 4352 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/03 14:54:15.0937 4352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/03 14:54:16.0203 4352 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/03 14:54:16.0468 4352 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys
2011/09/03 14:54:16.0828 4352 IntcAzAudAddService (3b63ff522b0ebe4e685860b18ccb8e22) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/03 14:54:17.0312 4352 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/03 14:54:17.0468 4352 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/03 14:54:17.0750 4352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/03 14:54:17.0828 4352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/03 14:54:18.0046 4352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/03 14:54:18.0203 4352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/03 14:54:18.0375 4352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/03 14:54:18.0531 4352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/03 14:54:18.0609 4352 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/03 14:54:18.0828 4352 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/03 14:54:19.0187 4352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/03 14:54:20.0468 4352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/03 14:54:21.0437 4352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/03 14:54:21.0625 4352 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/03 14:54:21.0750 4352 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/03 14:54:22.0062 4352 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/03 14:54:22.0250 4352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/03 14:54:22.0484 4352 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/03 14:54:22.0718 4352 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/03 14:54:22.0906 4352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/03 14:54:23.0093 4352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/03 14:54:23.0234 4352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/03 14:54:23.0375 4352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/03 14:54:23.0531 4352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/03 14:54:23.0750 4352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/03 14:54:24.0031 4352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/03 14:54:24.0156 4352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/03 14:54:24.0328 4352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/03 14:54:24.0453 4352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/03 14:54:24.0546 4352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/03 14:54:24.0750 4352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/03 14:54:24.0890 4352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/03 14:54:25.0000 4352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/03 14:54:25.0062 4352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/03 14:54:25.0375 4352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/03 14:54:25.0515 4352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/03 14:54:25.0671 4352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/03 14:54:25.0828 4352 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/09/03 14:54:26.0000 4352 nmwcd (f526ece21635b47efa6ecb5697abf03c) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/09/03 14:54:26.0328 4352 nmwcdc (f36f557d3804c05479662ee246d4bdd0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/09/03 14:54:26.0609 4352 nmwcdcj (19dbcbf6a00c92ba79564400ab082b61) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/09/03 14:54:26.0984 4352 nmwcdcm (19dbcbf6a00c92ba79564400ab082b61) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/09/03 14:54:27.0125 4352 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/09/03 14:54:27.0328 4352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/03 14:54:27.0515 4352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/03 14:54:27.0734 4352 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/09/03 14:54:27.0828 4352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/03 14:54:27.0921 4352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/03 14:54:27.0984 4352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/03 14:54:28.0078 4352 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/03 14:54:28.0265 4352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/03 14:54:28.0359 4352 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/03 14:54:29.0859 4352 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
2011/09/03 14:54:30.0031 4352 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/09/03 14:54:30.0234 4352 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/03 14:54:30.0609 4352 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/03 14:54:30.0781 4352 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/03 14:54:32.0265 4352 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/03 14:54:32.0484 4352 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/03 14:54:32.0734 4352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/03 14:54:32.0890 4352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/03 14:54:32.0953 4352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/03 14:54:33.0187 4352 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/03 14:54:33.0390 4352 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/03 14:54:33.0625 4352 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/03 14:54:33.0859 4352 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/03 14:54:34.0078 4352 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/03 14:54:34.0156 4352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/03 14:54:34.0281 4352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/03 14:54:34.0406 4352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/03 14:54:34.0468 4352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/03 14:54:34.0625 4352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/03 14:54:34.0718 4352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/03 14:54:34.0921 4352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/03 14:54:35.0093 4352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/03 14:54:35.0265 4352 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/03 14:54:35.0546 4352 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/09/03 14:54:35.0671 4352 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/03 14:54:35.0953 4352 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/03 14:54:36.0312 4352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/03 14:54:36.0468 4352 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/03 14:54:36.0625 4352 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/03 14:54:36.0843 4352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/09/03 14:54:37.0437 4352 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/03 14:54:37.0609 4352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/03 14:54:37.0781 4352 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/03 14:54:38.0296 4352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/03 14:54:38.0484 4352 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/03 14:54:38.0484 4352 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/03 14:54:38.0500 4352 sptd - detected LockedFile.Multi.Generic (1)
2011/09/03 14:54:38.0703 4352 sp_rsdrv2 (ccd6e6c387e3efa3ba5fe0e7883821c1) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/09/03 14:54:38.0921 4352 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/03 14:54:39.0515 4352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/03 14:54:39.0734 4352 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/09/03 14:54:40.0062 4352 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/09/03 14:54:40.0359 4352 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/09/03 14:54:40.0687 4352 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/03 14:54:40.0890 4352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/03 14:54:41.0078 4352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/03 14:54:41.0265 4352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/03 14:54:41.0500 4352 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/03 14:54:41.0734 4352 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/03 14:54:41.0953 4352 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/03 14:54:42.0171 4352 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/03 14:54:42.0375 4352 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/03 14:54:42.0562 4352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/03 14:54:42.0703 4352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/03 14:54:42.0890 4352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/03 14:54:43.0031 4352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/03 14:54:43.0171 4352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/03 14:54:43.0281 4352 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/09/03 14:54:43.0515 4352 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/03 14:54:43.0828 4352 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
2011/09/03 14:54:44.0015 4352 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/09/03 14:54:44.0156 4352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/03 14:54:44.0375 4352 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/03 14:54:44.0625 4352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/03 14:54:44.0828 4352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/03 14:54:45.0078 4352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/03 14:54:45.0187 4352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/03 14:54:45.0296 4352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/03 14:54:45.0421 4352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/03 14:54:45.0750 4352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/03 14:54:45.0859 4352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/03 14:54:45.0953 4352 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/09/03 14:54:46.0000 4352 USB_RNDIS_51 (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/09/03 14:54:46.0687 4352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/03 14:54:46.0937 4352 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/03 14:54:47.0265 4352 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/03 14:54:47.0562 4352 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/03 14:54:47.0968 4352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/03 14:54:48.0281 4352 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/09/03 14:54:48.0984 4352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/03 14:54:49.0375 4352 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/03 14:54:49.0687 4352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/03 14:54:50.0062 4352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/03 14:54:50.0796 4352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/03 14:54:51.0343 4352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/03 14:54:51.0593 4352 yukonwxp (c25bfca4b997859f4857e396507838d9) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/09/03 14:54:51.0890 4352 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
2011/09/03 14:54:52.0031 4352 MBR (0x1B8) (0c523de221afdce53b8be886a6514650) \Device\Harddisk0\DR0
2011/09/03 14:54:52.0046 4352 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/03 14:54:52.0062 4352 Boot (0x1200) (b80be2ce5fa35092dc4470ff5d79927d) \Device\Harddisk0\DR0\Partition0
2011/09/03 14:54:52.0093 4352 Boot (0x1200) (b023885310a42ebd494fef12feed24f5) \Device\Harddisk0\DR0\Partition1
2011/09/03 14:54:52.0093 4352 ================================================================================
2011/09/03 14:54:52.0093 4352 Scan finished
2011/09/03 14:54:52.0093 4352 ================================================================================
2011/09/03 14:54:52.0125 5440 Detected object count: 2
2011/09/03 14:54:52.0125 5440 Actual detected object count: 2
2011/09/03 14:56:54.0187 5440 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/03 14:56:54.0187 5440 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/03 14:56:54.0187 5440 \Device\Harddisk0\DR0 - ok
2011/09/03 14:56:54.0187 5440 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/03 14:57:01.0468 1948 Deinitialize success
2011/09/03 14:53:36.0015 5752 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/09/03 14:53:36.0156 5752 ================================================================================
2011/09/03 14:53:36.0156 5752 SystemInfo:
2011/09/03 14:53:36.0156 5752
2011/09/03 14:53:36.0156 5752 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/03 14:53:36.0156 5752 Product type: Workstation
2011/09/03 14:53:36.0156 5752 ComputerName: ACER-2201BA61D4
2011/09/03 14:53:36.0156 5752 UserName: Duhem Aurélie
2011/09/03 14:53:36.0156 5752 Windows directory: C:\WINDOWS
2011/09/03 14:53:36.0156 5752 System windows directory: C:\WINDOWS
2011/09/03 14:53:36.0156 5752 Processor architecture: Intel x86
2011/09/03 14:53:36.0156 5752 Number of processors: 1
2011/09/03 14:53:36.0156 5752 Page size: 0x1000
2011/09/03 14:53:36.0156 5752 Boot type: Normal boot
2011/09/03 14:53:36.0156 5752 ================================================================================
2011/09/03 14:53:37.0062 5752 Initialize success
2011/09/03 14:53:48.0093 4352 ================================================================================
2011/09/03 14:53:48.0093 4352 Scan started
2011/09/03 14:53:48.0093 4352 Mode: Manual;
2011/09/03 14:53:48.0093 4352 ================================================================================
2011/09/03 14:53:49.0140 4352 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/09/03 14:53:49.0765 4352 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/09/03 14:53:49.0968 4352 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/03 14:53:50.0078 4352 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/03 14:53:50.0281 4352 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/09/03 14:53:50.0531 4352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/03 14:53:50.0718 4352 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/03 14:53:50.0890 4352 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/09/03 14:53:51.0187 4352 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/03 14:53:51.0515 4352 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/09/03 14:53:51.0781 4352 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/09/03 14:53:52.0062 4352 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/09/03 14:53:52.0343 4352 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/09/03 14:53:52.0546 4352 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/09/03 14:53:52.0921 4352 alcan5ln (e8a3f72f644c0b57f8ab894d04b289d7) C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
2011/09/03 14:53:53.0265 4352 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
2011/09/03 14:53:53.0531 4352 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/09/03 14:53:53.0734 4352 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/09/03 14:53:53.0875 4352 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/09/03 14:53:54.0109 4352 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/09/03 14:53:54.0343 4352 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/09/03 14:53:54.0562 4352 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/09/03 14:53:54.0781 4352 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/09/03 14:53:55.0171 4352 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/09/03 14:53:55.0546 4352 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/09/03 14:53:55.0875 4352 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/09/03 14:53:56.0234 4352 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/09/03 14:53:56.0593 4352 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
2011/09/03 14:53:56.0937 4352 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/09/03 14:53:57.0046 4352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/03 14:53:57.0203 4352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/03 14:53:57.0750 4352 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/09/03 14:53:58.0062 4352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/03 14:53:58.0296 4352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/03 14:53:58.0671 4352 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/03 14:53:59.0031 4352 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/03 14:53:59.0390 4352 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/03 14:53:59.0718 4352 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/03 14:54:00.0078 4352 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/03 14:54:00.0453 4352 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/03 14:54:00.0765 4352 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/03 14:54:01.0109 4352 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/03 14:54:01.0359 4352 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/09/03 14:54:01.0453 4352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/03 14:54:03.0015 4352 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/09/03 14:54:03.0968 4352 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/09/03 14:54:04.0281 4352 BTHPORT (ef26202fee56f7607c6b794059df347a) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/09/03 14:54:04.0625 4352 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/09/03 14:54:04.0984 4352 Cam5603D (18a1c728d04f071b9ec178496542117a) C:\WINDOWS\system32\Drivers\BisonCam.sys
2011/09/03 14:54:05.0328 4352 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/09/03 14:54:05.0546 4352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/03 14:54:05.0687 4352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/03 14:54:05.0984 4352 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/09/03 14:54:06.0109 4352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/03 14:54:06.0218 4352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/03 14:54:06.0328 4352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/03 14:54:06.0687 4352 ce6230 (ed49c07c591298e546545ef79b529f41) C:\WINDOWS\system32\DRIVERS\CE6230StandaloneDriver.sys
2011/09/03 14:54:07.0031 4352 ce6230BDACAP (21bcea4a57d7818a252f51674e2605dd) C:\WINDOWS\system32\DRIVERS\CE6230BDA.sys
2011/09/03 14:54:07.0578 4352 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/03 14:54:07.0875 4352 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/09/03 14:54:08.0000 4352 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/03 14:54:08.0234 4352 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/09/03 14:54:08.0484 4352 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/09/03 14:54:08.0718 4352 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/09/03 14:54:08.0921 4352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/03 14:54:09.0203 4352 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/09/03 14:54:09.0359 4352 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/03 14:54:09.0609 4352 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/03 14:54:09.0671 4352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/03 14:54:09.0906 4352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/03 14:54:10.0156 4352 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/09/03 14:54:10.0265 4352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/03 14:54:10.0406 4352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/03 14:54:10.0500 4352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/03 14:54:10.0625 4352 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/03 14:54:10.0781 4352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/03 14:54:11.0062 4352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/03 14:54:12.0687 4352 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/09/03 14:54:12.0859 4352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/03 14:54:12.0968 4352 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/03 14:54:13.0187 4352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/03 14:54:13.0421 4352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/03 14:54:13.0625 4352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/09/03 14:54:13.0875 4352 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/09/03 14:54:14.0250 4352 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/09/03 14:54:14.0578 4352 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/09/03 14:54:14.0953 4352 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/03 14:54:15.0296 4352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/03 14:54:15.0515 4352 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/09/03 14:54:15.0687 4352 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/09/03 14:54:15.0828 4352 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/03 14:54:15.0937 4352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/03 14:54:16.0203 4352 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/09/03 14:54:16.0468 4352 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys
2011/09/03 14:54:16.0828 4352 IntcAzAudAddService (3b63ff522b0ebe4e685860b18ccb8e22) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/03 14:54:17.0312 4352 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/09/03 14:54:17.0468 4352 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/03 14:54:17.0750 4352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/03 14:54:17.0828 4352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/03 14:54:18.0046 4352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/03 14:54:18.0203 4352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/03 14:54:18.0375 4352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/03 14:54:18.0531 4352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/03 14:54:18.0609 4352 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/03 14:54:18.0828 4352 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/03 14:54:19.0187 4352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/03 14:54:20.0468 4352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/03 14:54:21.0437 4352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/03 14:54:21.0625 4352 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/03 14:54:21.0750 4352 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/03 14:54:22.0062 4352 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/09/03 14:54:22.0250 4352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/03 14:54:22.0484 4352 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/03 14:54:22.0718 4352 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/09/03 14:54:22.0906 4352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/03 14:54:23.0093 4352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/03 14:54:23.0234 4352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/03 14:54:23.0375 4352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/03 14:54:23.0531 4352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/03 14:54:23.0750 4352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/03 14:54:24.0031 4352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/03 14:54:24.0156 4352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/03 14:54:24.0328 4352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/03 14:54:24.0453 4352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/03 14:54:24.0546 4352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/03 14:54:24.0750 4352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/03 14:54:24.0890 4352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/03 14:54:25.0000 4352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/03 14:54:25.0062 4352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/03 14:54:25.0375 4352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/03 14:54:25.0515 4352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/03 14:54:25.0671 4352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/03 14:54:25.0828 4352 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/09/03 14:54:26.0000 4352 nmwcd (f526ece21635b47efa6ecb5697abf03c) C:\WINDOWS\system32\drivers\nmwcd.sys
2011/09/03 14:54:26.0328 4352 nmwcdc (f36f557d3804c05479662ee246d4bdd0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2011/09/03 14:54:26.0609 4352 nmwcdcj (19dbcbf6a00c92ba79564400ab082b61) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2011/09/03 14:54:26.0984 4352 nmwcdcm (19dbcbf6a00c92ba79564400ab082b61) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2011/09/03 14:54:27.0125 4352 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
2011/09/03 14:54:27.0328 4352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/03 14:54:27.0515 4352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/03 14:54:27.0734 4352 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/09/03 14:54:27.0828 4352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/03 14:54:27.0921 4352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/03 14:54:27.0984 4352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/03 14:54:28.0078 4352 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/03 14:54:28.0265 4352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/03 14:54:28.0359 4352 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/03 14:54:29.0859 4352 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
2011/09/03 14:54:30.0031 4352 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/09/03 14:54:30.0234 4352 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/03 14:54:30.0609 4352 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/03 14:54:30.0781 4352 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/03 14:54:32.0265 4352 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/09/03 14:54:32.0484 4352 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/09/03 14:54:32.0734 4352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/03 14:54:32.0890 4352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/03 14:54:32.0953 4352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/03 14:54:33.0187 4352 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/09/03 14:54:33.0390 4352 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/09/03 14:54:33.0625 4352 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/09/03 14:54:33.0859 4352 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/09/03 14:54:34.0078 4352 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/09/03 14:54:34.0156 4352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/03 14:54:34.0281 4352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/03 14:54:34.0406 4352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/03 14:54:34.0468 4352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/03 14:54:34.0625 4352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/03 14:54:34.0718 4352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/03 14:54:34.0921 4352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/09/03 14:54:35.0093 4352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/03 14:54:35.0265 4352 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/03 14:54:35.0546 4352 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/09/03 14:54:35.0671 4352 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/09/03 14:54:35.0953 4352 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/03 14:54:36.0312 4352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/03 14:54:36.0468 4352 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/09/03 14:54:36.0625 4352 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/03 14:54:36.0843 4352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/09/03 14:54:37.0437 4352 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/09/03 14:54:37.0609 4352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/03 14:54:37.0781 4352 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/09/03 14:54:38.0296 4352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/03 14:54:38.0484 4352 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/09/03 14:54:38.0484 4352 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/09/03 14:54:38.0500 4352 sptd - detected LockedFile.Multi.Generic (1)
2011/09/03 14:54:38.0703 4352 sp_rsdrv2 (ccd6e6c387e3efa3ba5fe0e7883821c1) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011/09/03 14:54:38.0921 4352 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/03 14:54:39.0515 4352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/03 14:54:39.0734 4352 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2011/09/03 14:54:40.0062 4352 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2011/09/03 14:54:40.0359 4352 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2011/09/03 14:54:40.0687 4352 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/09/03 14:54:40.0890 4352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/03 14:54:41.0078 4352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/03 14:54:41.0265 4352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/03 14:54:41.0500 4352 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/09/03 14:54:41.0734 4352 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/09/03 14:54:41.0953 4352 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/09/03 14:54:42.0171 4352 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/09/03 14:54:42.0375 4352 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/09/03 14:54:42.0562 4352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/03 14:54:42.0703 4352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/03 14:54:42.0890 4352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/03 14:54:43.0031 4352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/03 14:54:43.0171 4352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/03 14:54:43.0281 4352 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
2011/09/03 14:54:43.0515 4352 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/09/03 14:54:43.0828 4352 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
2011/09/03 14:54:44.0015 4352 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/09/03 14:54:44.0156 4352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/03 14:54:44.0375 4352 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/09/03 14:54:44.0625 4352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/03 14:54:44.0828 4352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/03 14:54:45.0078 4352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/03 14:54:45.0187 4352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/03 14:54:45.0296 4352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/09/03 14:54:45.0421 4352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/03 14:54:45.0750 4352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/03 14:54:45.0859 4352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/03 14:54:45.0953 4352 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/09/03 14:54:46.0000 4352 USB_RNDIS_51 (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/09/03 14:54:46.0687 4352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/03 14:54:46.0937 4352 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/09/03 14:54:47.0265 4352 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/09/03 14:54:47.0562 4352 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/03 14:54:47.0968 4352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/03 14:54:48.0281 4352 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/09/03 14:54:48.0984 4352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/03 14:54:49.0375 4352 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/03 14:54:49.0687 4352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/09/03 14:54:50.0062 4352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/03 14:54:50.0796 4352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/09/03 14:54:51.0343 4352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/09/03 14:54:51.0593 4352 yukonwxp (c25bfca4b997859f4857e396507838d9) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/09/03 14:54:51.0890 4352 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
2011/09/03 14:54:52.0031 4352 MBR (0x1B8) (0c523de221afdce53b8be886a6514650) \Device\Harddisk0\DR0
2011/09/03 14:54:52.0046 4352 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/03 14:54:52.0062 4352 Boot (0x1200) (b80be2ce5fa35092dc4470ff5d79927d) \Device\Harddisk0\DR0\Partition0
2011/09/03 14:54:52.0093 4352 Boot (0x1200) (b023885310a42ebd494fef12feed24f5) \Device\Harddisk0\DR0\Partition1
2011/09/03 14:54:52.0093 4352 ================================================================================
2011/09/03 14:54:52.0093 4352 Scan finished
2011/09/03 14:54:52.0093 4352 ================================================================================
2011/09/03 14:54:52.0125 5440 Detected object count: 2
2011/09/03 14:54:52.0125 5440 Actual detected object count: 2
2011/09/03 14:56:54.0187 5440 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/09/03 14:56:54.0187 5440 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/03 14:56:54.0187 5440 \Device\Harddisk0\DR0 - ok
2011/09/03 14:56:54.0187 5440 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/03 14:57:01.0468 1948 Deinitialize success
Bah AVG est très bon ;)
TDSS Killer a bien travaillé, ton système doit être un peu plus stable et rapide non ? :)
Reste encore pas mal de ménage à effectuer !
▶ Télécharge AD-Remover sur ton Bureau : (TeamXScript)
http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
OU
https://www.androidworld.fr/ ( Miroir )
/!\ Ferme toutes applications en cours /!\
▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
▶ Sur la page, clique sur le bouton « Scanner »
▶ Confirme le lancement du scan
▶ Laisse travailler l'outil.
▶ Quand il a fini, un rapport s'ouvrira : ferme le.
♦ Pour me transmettre le rapport
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Ad-Report-SCAN[1].txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
Bonne soirée.
TDSS Killer a bien travaillé, ton système doit être un peu plus stable et rapide non ? :)
Reste encore pas mal de ménage à effectuer !
▶ Télécharge AD-Remover sur ton Bureau : (TeamXScript)
http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
OU
https://www.androidworld.fr/ ( Miroir )
/!\ Ferme toutes applications en cours /!\
▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
▶ Sur la page, clique sur le bouton « Scanner »
▶ Confirme le lancement du scan
▶ Laisse travailler l'outil.
▶ Quand il a fini, un rapport s'ouvrira : ferme le.
♦ Pour me transmettre le rapport
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Ad-Report-SCAN[1].txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
Bonne soirée.
Merci pour tout le temps que tu passes à résoudre mon problème.
Bonne soirée également. Dis moi simplement si c'est fini pour ce soir ou s'il y a encore du boulot.
Bonne soirée
http://www.cijoint.fr/cjlink.php?file=cj201109/cij7YCBPq0.txt
Bonne soirée également. Dis moi simplement si c'est fini pour ce soir ou s'il y a encore du boulot.
Bonne soirée
http://www.cijoint.fr/cjlink.php?file=cj201109/cij7YCBPq0.txt
Non, c'est pas encore fini :P
enfin t'es pas obligé de faire ça ce soir si tu n'as pas envie !
▶ Relance AD-Remover, clique sur [ Nettoyer ]
▶ Laisse le pc redémarrer.
▶ Une fois revenu sur le bureau, le rapport devrait s'ouvrir : ferme-le
♦ Pour me transmettre le rapport
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Ad-Report-CLEAN[1].txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.
enfin t'es pas obligé de faire ça ce soir si tu n'as pas envie !
▶ Relance AD-Remover, clique sur [ Nettoyer ]
▶ Laisse le pc redémarrer.
▶ Une fois revenu sur le bureau, le rapport devrait s'ouvrir : ferme-le
♦ Pour me transmettre le rapport
clique sur ce lien : http://www.cijoint.fr/
▶ Clique sur Parcourir et cherche le fichier C:\Ad-Report-CLEAN[1].txt
▶ Clique sur Ouvrir.
▶ Clique sur "Cliquez ici pour déposer le fichier".
Un lien de cette forme :
http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt
est ajouté dans la page.
▶ Copie ce lien dans ta réponse.