Securitysphere help !
Fermé
jeanremi
-
3 nov. 2011 à 16:43
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 3 nov. 2011 à 19:11
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 3 nov. 2011 à 19:11
4 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 651
3 nov. 2011 à 16:47
3 nov. 2011 à 16:47
Salut,
Télécharge RogueKiller : https://www.luanagames.com/index.fr.html
Lances en option 2 (Suppression).
Poste le rapport ici.
Si RogueKiller est bloqué - tente de le renommer en iexplore ou winlogon
Si tjrs pas - affiche les extensions de fichiers : https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/
Renomme RogueKiller.exe en RogueKiller.com
Télécharge RogueKiller : https://www.luanagames.com/index.fr.html
Lances en option 2 (Suppression).
Poste le rapport ici.
Si RogueKiller est bloqué - tente de le renommer en iexplore ou winlogon
Si tjrs pas - affiche les extensions de fichiers : https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/
Renomme RogueKiller.exe en RogueKiller.com
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 651
3 nov. 2011 à 18:27
3 nov. 2011 à 18:27
Trojan.Karagany.....
Ca veux dire que tu as été infecté suite à la visite d'un site web hacé et que tu as des programmes non à jour (Java etc) sur ton PC qui permettent l'infection sur ton PC : Exploits sur site WEB
~~
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Lire ce qui est écrit au niveau des suppressions/réparation (delete et cure), ne pas supprimer n'importe quoi.
Poste le rapport ici.
puis :
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
* Lance OTL
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
consrv.dll
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
Ca veux dire que tu as été infecté suite à la visite d'un site web hacé et que tu as des programmes non à jour (Java etc) sur ton PC qui permettent l'infection sur ton PC : Exploits sur site WEB
~~
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Lire ce qui est écrit au niveau des suppressions/réparation (delete et cure), ne pas supprimer n'importe quoi.
Poste le rapport ici.
puis :
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
* Lance OTL
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
consrv.dll
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
déjà, le rapport Kapersky TDSSKiller
18:38:36.0953 1040 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
18:38:37.0062 1040 ============================================================
18:38:37.0062 1040 Current date / time: 2011/11/03 18:38:37.0062
18:38:37.0062 1040 SystemInfo:
18:38:37.0062 1040
18:38:37.0062 1040 OS Version: 5.1.2600 ServicePack: 3.0
18:38:37.0062 1040 Product type: Workstation
18:38:37.0062 1040 ComputerName: LOVE
18:38:37.0062 1040 UserName: Jr
18:38:37.0062 1040 Windows directory: C:\WINDOWS
18:38:37.0062 1040 System windows directory: C:\WINDOWS
18:38:37.0062 1040 Processor architecture: Intel x86
18:38:37.0062 1040 Number of processors: 1
18:38:37.0062 1040 Page size: 0x1000
18:38:37.0062 1040 Boot type: Normal boot
18:38:37.0062 1040 ============================================================
18:38:37.0937 1040 Initialize success
18:38:40.0031 2288 ============================================================
18:38:40.0031 2288 Scan started
18:38:40.0031 2288 Mode: Manual;
18:38:40.0031 2288 ============================================================
18:38:41.0343 2288 Abiosdsk - ok
18:38:41.0406 2288 abp480n5 - ok
18:38:41.0484 2288 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:38:41.0500 2288 ACPI - ok
18:38:41.0562 2288 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:38:41.0562 2288 ACPIEC - ok
18:38:41.0609 2288 adpu160m - ok
18:38:41.0687 2288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:38:41.0687 2288 aec - ok
18:38:41.0796 2288 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:38:41.0796 2288 AegisP - ok
18:38:41.0875 2288 AFD (29ada7574b433632b71264a207dbffde) C:\WINDOWS\System32\drivers\afd.sys
18:38:41.0875 2288 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 29ada7574b433632b71264a207dbffde, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
18:38:41.0875 2288 AFD ( Rootkit.Win32.ZAccess.h ) - infected
18:38:41.0875 2288 AFD - detected Rootkit.Win32.ZAccess.h (0)
18:38:41.0921 2288 Aha154x - ok
18:38:41.0953 2288 aic78u2 - ok
18:38:41.0984 2288 aic78xx - ok
18:38:42.0031 2288 AliIde - ok
18:38:42.0062 2288 amsint - ok
18:38:42.0125 2288 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:38:42.0125 2288 Arp1394 - ok
18:38:42.0171 2288 asc - ok
18:38:42.0250 2288 asc3350p - ok
18:38:42.0296 2288 asc3550 - ok
18:38:42.0375 2288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:38:42.0375 2288 AsyncMac - ok
18:38:42.0421 2288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:38:42.0437 2288 atapi - ok
18:38:42.0515 2288 Atdisk - ok
18:38:42.0625 2288 ati2mtag (c8dc21751c5684a14ec075fdd2473719) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:38:42.0640 2288 ati2mtag - ok
18:38:42.0750 2288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:38:42.0750 2288 Atmarpc - ok
18:38:42.0890 2288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:38:42.0890 2288 audstub - ok
18:38:43.0031 2288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:38:43.0031 2288 Beep - ok
18:38:43.0125 2288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:38:43.0125 2288 cbidf2k - ok
18:38:43.0171 2288 cd20xrnt - ok
18:38:43.0250 2288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:38:43.0265 2288 Cdaudio - ok
18:38:43.0343 2288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:38:43.0343 2288 Cdfs - ok
18:38:43.0437 2288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:38:43.0437 2288 Cdrom - ok
18:38:43.0515 2288 Changer - ok
18:38:43.0562 2288 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:38:43.0562 2288 CmBatt - ok
18:38:43.0593 2288 CmdIde - ok
18:38:43.0625 2288 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:38:43.0625 2288 Compbatt - ok
18:38:43.0656 2288 Cpqarray - ok
18:38:43.0687 2288 dac2w2k - ok
18:38:43.0703 2288 dac960nt - ok
18:38:43.0734 2288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:38:43.0734 2288 Disk - ok
18:38:43.0828 2288 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
18:38:43.0875 2288 dmboot - ok
18:38:43.0921 2288 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
18:38:43.0937 2288 dmio - ok
18:38:44.0000 2288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:38:44.0000 2288 dmload - ok
18:38:44.0062 2288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:38:44.0062 2288 DMusic - ok
18:38:44.0093 2288 dpti2o - ok
18:38:44.0109 2288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:38:44.0125 2288 drmkaud - ok
18:38:44.0187 2288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:38:44.0187 2288 Fastfat - ok
18:38:44.0265 2288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:38:44.0265 2288 Fdc - ok
18:38:44.0343 2288 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
18:38:44.0343 2288 Fips - ok
18:38:44.0406 2288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:38:44.0406 2288 Flpydisk - ok
18:38:44.0453 2288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:38:44.0453 2288 FltMgr - ok
18:38:44.0531 2288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:38:44.0531 2288 Fs_Rec - ok
18:38:44.0562 2288 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:38:44.0562 2288 Ftdisk - ok
18:38:44.0609 2288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:38:44.0609 2288 Gpc - ok
18:38:44.0656 2288 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
18:38:44.0671 2288 HdAudAddService - ok
18:38:44.0718 2288 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:38:44.0734 2288 HDAudBus - ok
18:38:44.0828 2288 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:38:44.0828 2288 HidUsb - ok
18:38:44.0859 2288 hpn - ok
18:38:44.0921 2288 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:38:44.0921 2288 HPZid412 - ok
18:38:44.0953 2288 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:38:44.0953 2288 HPZipr12 - ok
18:38:45.0000 2288 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:38:45.0000 2288 HPZius12 - ok
18:38:45.0078 2288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:38:45.0093 2288 HTTP - ok
18:38:45.0140 2288 i2omgmt - ok
18:38:45.0171 2288 i2omp - ok
18:38:45.0234 2288 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:38:45.0250 2288 i8042prt - ok
18:38:45.0312 2288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:38:45.0312 2288 Imapi - ok
18:38:45.0359 2288 ini910u - ok
18:38:45.0578 2288 IntcAzAudAddService (e7d8f417a4cfe7f1eaca6ae6256347e8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:38:45.0703 2288 IntcAzAudAddService - ok
18:38:45.0734 2288 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:38:45.0734 2288 IntelIde - ok
18:38:45.0781 2288 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:38:45.0781 2288 intelppm - ok
18:38:45.0812 2288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:38:45.0828 2288 Ip6Fw - ok
18:38:45.0906 2288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:38:45.0906 2288 IpFilterDriver - ok
18:38:46.0015 2288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:38:46.0031 2288 IpInIp - ok
18:38:46.0109 2288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:38:46.0109 2288 IpNat - ok
18:38:46.0187 2288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:38:46.0187 2288 IPSec - ok
18:38:46.0281 2288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:38:46.0296 2288 IRENUM - ok
18:38:46.0359 2288 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:38:46.0359 2288 isapnp - ok
18:38:46.0437 2288 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:38:46.0437 2288 Kbdclass - ok
18:38:46.0515 2288 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:38:46.0515 2288 kbdhid - ok
18:38:46.0609 2288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:38:46.0625 2288 kmixer - ok
18:38:46.0671 2288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:38:46.0671 2288 KSecDD - ok
18:38:46.0703 2288 lbrtfdc - ok
18:38:46.0781 2288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:38:46.0781 2288 mnmdd - ok
18:38:46.0859 2288 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
18:38:46.0859 2288 Modem - ok
18:38:46.0921 2288 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:38:46.0921 2288 MODEMCSA - ok
18:38:46.0968 2288 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:38:46.0968 2288 Mouclass - ok
18:38:47.0046 2288 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:38:47.0046 2288 mouhid - ok
18:38:47.0125 2288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:38:47.0125 2288 MountMgr - ok
18:38:47.0156 2288 mraid35x - ok
18:38:47.0203 2288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:38:47.0218 2288 MRxDAV - ok
18:38:47.0312 2288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:38:47.0328 2288 MRxSmb - ok
18:38:47.0375 2288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:38:47.0375 2288 Msfs - ok
18:38:47.0406 2288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:38:47.0421 2288 MSKSSRV - ok
18:38:47.0468 2288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:38:47.0468 2288 MSPCLOCK - ok
18:38:47.0531 2288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:38:47.0531 2288 MSPQM - ok
18:38:47.0562 2288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:38:47.0562 2288 mssmbios - ok
18:38:47.0640 2288 Mtlmnt5 (c81a67d4b4c1748aaa496605822f5261) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
18:38:47.0640 2288 Mtlmnt5 - ok
18:38:47.0765 2288 Mtlstrm (6fe3986e727919f7ded38ae00bea954f) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
18:38:47.0843 2288 Mtlstrm - ok
18:38:47.0921 2288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:38:47.0921 2288 Mup - ok
18:38:48.0000 2288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:38:48.0015 2288 NDIS - ok
18:38:48.0078 2288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:38:48.0078 2288 NdisTapi - ok
18:38:48.0140 2288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:38:48.0140 2288 Ndisuio - ok
18:38:48.0187 2288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:38:48.0203 2288 NdisWan - ok
18:38:48.0265 2288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:38:48.0265 2288 NDProxy - ok
18:38:48.0312 2288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:38:48.0312 2288 NetBIOS - ok
18:38:48.0406 2288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:38:48.0421 2288 NetBT - ok
18:38:48.0484 2288 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:38:48.0500 2288 NIC1394 - ok
18:38:48.0562 2288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:38:48.0562 2288 Npfs - ok
18:38:48.0625 2288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:38:48.0656 2288 Ntfs - ok
18:38:48.0750 2288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:38:48.0750 2288 Null - ok
18:38:48.0812 2288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:38:48.0812 2288 NwlnkFlt - ok
18:38:48.0875 2288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:38:48.0875 2288 NwlnkFwd - ok
18:38:48.0921 2288 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:38:48.0937 2288 ohci1394 - ok
18:38:49.0000 2288 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
18:38:49.0000 2288 Parport - ok
18:38:49.0078 2288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:38:49.0078 2288 PartMgr - ok
18:38:49.0140 2288 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
18:38:49.0140 2288 ParVdm - ok
18:38:49.0187 2288 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
18:38:49.0187 2288 PCI - ok
18:38:49.0250 2288 PCIDump - ok
18:38:49.0328 2288 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:38:49.0328 2288 PCIIde - ok
18:38:49.0421 2288 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:38:49.0421 2288 Pcmcia - ok
18:38:49.0515 2288 PDCOMP - ok
18:38:49.0531 2288 PDFRAME - ok
18:38:49.0562 2288 PDRELI - ok
18:38:49.0578 2288 PDRFRAME - ok
18:38:49.0593 2288 perc2 - ok
18:38:49.0625 2288 perc2hib - ok
18:38:49.0718 2288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:38:49.0718 2288 PptpMiniport - ok
18:38:49.0750 2288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:38:49.0750 2288 PSched - ok
18:38:49.0765 2288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:38:49.0781 2288 Ptilink - ok
18:38:49.0796 2288 ql1080 - ok
18:38:49.0812 2288 Ql10wnt - ok
18:38:49.0828 2288 ql12160 - ok
18:38:49.0859 2288 ql1240 - ok
18:38:49.0875 2288 ql1280 - ok
18:38:49.0921 2288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:38:49.0921 2288 RasAcd - ok
18:38:49.0968 2288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:38:49.0968 2288 Rasl2tp - ok
18:38:50.0000 2288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:38:50.0000 2288 RasPppoe - ok
18:38:50.0015 2288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:38:50.0015 2288 Raspti - ok
18:38:50.0062 2288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:38:50.0062 2288 Rdbss - ok
18:38:50.0078 2288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:38:50.0078 2288 RDPCDD - ok
18:38:50.0156 2288 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:38:50.0156 2288 RDPWD - ok
18:38:50.0218 2288 RecAgent (f846aa089b10316d982f24322e15346b) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
18:38:50.0218 2288 RecAgent - ok
18:38:50.0250 2288 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:38:50.0265 2288 redbook - ok
18:38:50.0343 2288 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
18:38:50.0343 2288 RTL8023xp - ok
18:38:50.0437 2288 RTL8192su (7fd98e91896cad23169a84874f145250) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
18:38:50.0453 2288 RTL8192su - ok
18:38:50.0578 2288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:38:50.0578 2288 Secdrv - ok
18:38:50.0640 2288 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
18:38:50.0640 2288 Serial - ok
18:38:50.0687 2288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:38:50.0687 2288 Sfloppy - ok
18:38:50.0718 2288 Simbad - ok
18:38:50.0781 2288 Slazldrv (e1094e4418d01ce6ffce1841340d1eb4) C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys
18:38:50.0781 2288 Slazldrv - ok
18:38:50.0828 2288 SlNtHal (a2b07b03c7964a945a796632817d6b7f) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
18:38:50.0828 2288 SlNtHal - ok
18:38:50.0875 2288 SlWdmSup (92544868d0b8ff6500e90d968ff1caed) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
18:38:50.0875 2288 SlWdmSup - ok
18:38:50.0937 2288 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:38:50.0953 2288 SONYPVU1 - ok
18:38:50.0968 2288 Sparrow - ok
18:38:51.0015 2288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:38:51.0015 2288 splitter - ok
18:38:51.0093 2288 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:38:51.0093 2288 sr - ok
18:38:51.0187 2288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:38:51.0203 2288 Srv - ok
18:38:51.0281 2288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:38:51.0281 2288 swenum - ok
18:38:51.0328 2288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:38:51.0328 2288 swmidi - ok
18:38:51.0359 2288 symc810 - ok
18:38:51.0375 2288 symc8xx - ok
18:38:51.0406 2288 sym_hi - ok
18:38:51.0421 2288 sym_u3 - ok
18:38:51.0468 2288 SynTP (59e9d90d6373f8ad4e3ebd0ecdedd35e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:38:51.0484 2288 SynTP - ok
18:38:51.0515 2288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:38:51.0531 2288 sysaudio - ok
18:38:51.0593 2288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:38:51.0609 2288 Tcpip - ok
18:38:51.0671 2288 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:38:51.0671 2288 Tcpip6 - ok
18:38:51.0750 2288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:38:51.0750 2288 TDPIPE - ok
18:38:51.0796 2288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:38:51.0796 2288 TDTCP - ok
18:38:51.0843 2288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:38:51.0843 2288 TermDD - ok
18:38:51.0859 2288 Suspicious service (NoAccess): tigyl
18:38:51.0890 2288 TosIde - ok
18:38:51.0953 2288 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
18:38:51.0968 2288 TrueSight - ok
18:38:52.0031 2288 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:38:52.0031 2288 tunmp - ok
18:38:52.0093 2288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:38:52.0109 2288 Udfs - ok
18:38:52.0125 2288 ultra - ok
18:38:52.0171 2288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:38:52.0187 2288 Update - ok
18:38:52.0250 2288 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:38:52.0250 2288 usbccgp - ok
18:38:52.0312 2288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:38:52.0312 2288 usbehci - ok
18:38:52.0359 2288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:38:52.0359 2288 usbhub - ok
18:38:52.0390 2288 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:38:52.0390 2288 usbprint - ok
18:38:52.0421 2288 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:38:52.0437 2288 usbscan - ok
18:38:52.0500 2288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:38:52.0500 2288 USBSTOR - ok
18:38:52.0562 2288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:38:52.0562 2288 usbuhci - ok
18:38:52.0609 2288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:38:52.0609 2288 VgaSave - ok
18:38:52.0640 2288 ViaIde - ok
18:38:52.0687 2288 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
18:38:52.0687 2288 viamraid - ok
18:38:52.0718 2288 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
18:38:52.0718 2288 VolSnap - ok
18:38:52.0968 2288 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
18:38:53.0156 2288 w29n51 - ok
18:38:53.0250 2288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:38:53.0250 2288 Wanarp - ok
18:38:53.0281 2288 WDICA - ok
18:38:53.0312 2288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:38:53.0312 2288 wdmaud - ok
18:38:53.0390 2288 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:38:53.0390 2288 WmiAcpi - ok
18:38:53.0468 2288 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0
18:38:53.0468 2288 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
18:38:53.0468 2288 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
18:38:53.0468 2288 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
18:38:54.0000 2288 \Device\Harddisk1\DR2 - ok
18:38:54.0015 2288 Boot (0x1200) (3afef430ac2f276e5ae0dd00e8d2ae13) \Device\Harddisk0\DR0\Partition0
18:38:54.0015 2288 \Device\Harddisk0\DR0\Partition0 - ok
18:38:54.0031 2288 Boot (0x1200) (9c2ad212bae398c8b1f51994c40f59bd) \Device\Harddisk1\DR2\Partition0
18:38:54.0031 2288 \Device\Harddisk1\DR2\Partition0 - ok
18:38:54.0046 2288 ============================================================
18:38:54.0046 2288 Scan finished
18:38:54.0046 2288 ============================================================
18:38:54.0062 0132 Detected object count: 2
18:38:54.0062 0132 Actual detected object count: 2
18:39:30.0437 0132 Backup copy found, using it..
18:39:30.0437 0132 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
18:39:30.0437 0132 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
18:39:30.0500 0132 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
18:39:30.0500 0132 \Device\Harddisk0\DR0 - ok
18:39:30.0500 0132 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
18:38:36.0953 1040 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
18:38:37.0062 1040 ============================================================
18:38:37.0062 1040 Current date / time: 2011/11/03 18:38:37.0062
18:38:37.0062 1040 SystemInfo:
18:38:37.0062 1040
18:38:37.0062 1040 OS Version: 5.1.2600 ServicePack: 3.0
18:38:37.0062 1040 Product type: Workstation
18:38:37.0062 1040 ComputerName: LOVE
18:38:37.0062 1040 UserName: Jr
18:38:37.0062 1040 Windows directory: C:\WINDOWS
18:38:37.0062 1040 System windows directory: C:\WINDOWS
18:38:37.0062 1040 Processor architecture: Intel x86
18:38:37.0062 1040 Number of processors: 1
18:38:37.0062 1040 Page size: 0x1000
18:38:37.0062 1040 Boot type: Normal boot
18:38:37.0062 1040 ============================================================
18:38:37.0937 1040 Initialize success
18:38:40.0031 2288 ============================================================
18:38:40.0031 2288 Scan started
18:38:40.0031 2288 Mode: Manual;
18:38:40.0031 2288 ============================================================
18:38:41.0343 2288 Abiosdsk - ok
18:38:41.0406 2288 abp480n5 - ok
18:38:41.0484 2288 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:38:41.0500 2288 ACPI - ok
18:38:41.0562 2288 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:38:41.0562 2288 ACPIEC - ok
18:38:41.0609 2288 adpu160m - ok
18:38:41.0687 2288 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:38:41.0687 2288 aec - ok
18:38:41.0796 2288 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
18:38:41.0796 2288 AegisP - ok
18:38:41.0875 2288 AFD (29ada7574b433632b71264a207dbffde) C:\WINDOWS\System32\drivers\afd.sys
18:38:41.0875 2288 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 29ada7574b433632b71264a207dbffde, Fake md5: 1e44bc1e83d8fd2305f8d452db109cf9
18:38:41.0875 2288 AFD ( Rootkit.Win32.ZAccess.h ) - infected
18:38:41.0875 2288 AFD - detected Rootkit.Win32.ZAccess.h (0)
18:38:41.0921 2288 Aha154x - ok
18:38:41.0953 2288 aic78u2 - ok
18:38:41.0984 2288 aic78xx - ok
18:38:42.0031 2288 AliIde - ok
18:38:42.0062 2288 amsint - ok
18:38:42.0125 2288 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:38:42.0125 2288 Arp1394 - ok
18:38:42.0171 2288 asc - ok
18:38:42.0250 2288 asc3350p - ok
18:38:42.0296 2288 asc3550 - ok
18:38:42.0375 2288 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:38:42.0375 2288 AsyncMac - ok
18:38:42.0421 2288 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:38:42.0437 2288 atapi - ok
18:38:42.0515 2288 Atdisk - ok
18:38:42.0625 2288 ati2mtag (c8dc21751c5684a14ec075fdd2473719) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:38:42.0640 2288 ati2mtag - ok
18:38:42.0750 2288 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:38:42.0750 2288 Atmarpc - ok
18:38:42.0890 2288 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:38:42.0890 2288 audstub - ok
18:38:43.0031 2288 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:38:43.0031 2288 Beep - ok
18:38:43.0125 2288 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:38:43.0125 2288 cbidf2k - ok
18:38:43.0171 2288 cd20xrnt - ok
18:38:43.0250 2288 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:38:43.0265 2288 Cdaudio - ok
18:38:43.0343 2288 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:38:43.0343 2288 Cdfs - ok
18:38:43.0437 2288 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:38:43.0437 2288 Cdrom - ok
18:38:43.0515 2288 Changer - ok
18:38:43.0562 2288 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:38:43.0562 2288 CmBatt - ok
18:38:43.0593 2288 CmdIde - ok
18:38:43.0625 2288 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:38:43.0625 2288 Compbatt - ok
18:38:43.0656 2288 Cpqarray - ok
18:38:43.0687 2288 dac2w2k - ok
18:38:43.0703 2288 dac960nt - ok
18:38:43.0734 2288 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:38:43.0734 2288 Disk - ok
18:38:43.0828 2288 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
18:38:43.0875 2288 dmboot - ok
18:38:43.0921 2288 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
18:38:43.0937 2288 dmio - ok
18:38:44.0000 2288 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:38:44.0000 2288 dmload - ok
18:38:44.0062 2288 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:38:44.0062 2288 DMusic - ok
18:38:44.0093 2288 dpti2o - ok
18:38:44.0109 2288 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:38:44.0125 2288 drmkaud - ok
18:38:44.0187 2288 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:38:44.0187 2288 Fastfat - ok
18:38:44.0265 2288 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:38:44.0265 2288 Fdc - ok
18:38:44.0343 2288 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
18:38:44.0343 2288 Fips - ok
18:38:44.0406 2288 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:38:44.0406 2288 Flpydisk - ok
18:38:44.0453 2288 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:38:44.0453 2288 FltMgr - ok
18:38:44.0531 2288 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:38:44.0531 2288 Fs_Rec - ok
18:38:44.0562 2288 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:38:44.0562 2288 Ftdisk - ok
18:38:44.0609 2288 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:38:44.0609 2288 Gpc - ok
18:38:44.0656 2288 HdAudAddService (f58d2900c66a1e773e3375098e0e9337) C:\WINDOWS\system32\drivers\HdAudio.sys
18:38:44.0671 2288 HdAudAddService - ok
18:38:44.0718 2288 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:38:44.0734 2288 HDAudBus - ok
18:38:44.0828 2288 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:38:44.0828 2288 HidUsb - ok
18:38:44.0859 2288 hpn - ok
18:38:44.0921 2288 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:38:44.0921 2288 HPZid412 - ok
18:38:44.0953 2288 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:38:44.0953 2288 HPZipr12 - ok
18:38:45.0000 2288 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:38:45.0000 2288 HPZius12 - ok
18:38:45.0078 2288 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:38:45.0093 2288 HTTP - ok
18:38:45.0140 2288 i2omgmt - ok
18:38:45.0171 2288 i2omp - ok
18:38:45.0234 2288 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:38:45.0250 2288 i8042prt - ok
18:38:45.0312 2288 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:38:45.0312 2288 Imapi - ok
18:38:45.0359 2288 ini910u - ok
18:38:45.0578 2288 IntcAzAudAddService (e7d8f417a4cfe7f1eaca6ae6256347e8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:38:45.0703 2288 IntcAzAudAddService - ok
18:38:45.0734 2288 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:38:45.0734 2288 IntelIde - ok
18:38:45.0781 2288 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:38:45.0781 2288 intelppm - ok
18:38:45.0812 2288 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:38:45.0828 2288 Ip6Fw - ok
18:38:45.0906 2288 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:38:45.0906 2288 IpFilterDriver - ok
18:38:46.0015 2288 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:38:46.0031 2288 IpInIp - ok
18:38:46.0109 2288 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:38:46.0109 2288 IpNat - ok
18:38:46.0187 2288 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:38:46.0187 2288 IPSec - ok
18:38:46.0281 2288 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:38:46.0296 2288 IRENUM - ok
18:38:46.0359 2288 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:38:46.0359 2288 isapnp - ok
18:38:46.0437 2288 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:38:46.0437 2288 Kbdclass - ok
18:38:46.0515 2288 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:38:46.0515 2288 kbdhid - ok
18:38:46.0609 2288 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:38:46.0625 2288 kmixer - ok
18:38:46.0671 2288 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:38:46.0671 2288 KSecDD - ok
18:38:46.0703 2288 lbrtfdc - ok
18:38:46.0781 2288 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:38:46.0781 2288 mnmdd - ok
18:38:46.0859 2288 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
18:38:46.0859 2288 Modem - ok
18:38:46.0921 2288 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
18:38:46.0921 2288 MODEMCSA - ok
18:38:46.0968 2288 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:38:46.0968 2288 Mouclass - ok
18:38:47.0046 2288 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:38:47.0046 2288 mouhid - ok
18:38:47.0125 2288 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:38:47.0125 2288 MountMgr - ok
18:38:47.0156 2288 mraid35x - ok
18:38:47.0203 2288 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:38:47.0218 2288 MRxDAV - ok
18:38:47.0312 2288 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:38:47.0328 2288 MRxSmb - ok
18:38:47.0375 2288 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:38:47.0375 2288 Msfs - ok
18:38:47.0406 2288 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:38:47.0421 2288 MSKSSRV - ok
18:38:47.0468 2288 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:38:47.0468 2288 MSPCLOCK - ok
18:38:47.0531 2288 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:38:47.0531 2288 MSPQM - ok
18:38:47.0562 2288 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:38:47.0562 2288 mssmbios - ok
18:38:47.0640 2288 Mtlmnt5 (c81a67d4b4c1748aaa496605822f5261) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys
18:38:47.0640 2288 Mtlmnt5 - ok
18:38:47.0765 2288 Mtlstrm (6fe3986e727919f7ded38ae00bea954f) C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys
18:38:47.0843 2288 Mtlstrm - ok
18:38:47.0921 2288 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:38:47.0921 2288 Mup - ok
18:38:48.0000 2288 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:38:48.0015 2288 NDIS - ok
18:38:48.0078 2288 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:38:48.0078 2288 NdisTapi - ok
18:38:48.0140 2288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:38:48.0140 2288 Ndisuio - ok
18:38:48.0187 2288 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:38:48.0203 2288 NdisWan - ok
18:38:48.0265 2288 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:38:48.0265 2288 NDProxy - ok
18:38:48.0312 2288 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:38:48.0312 2288 NetBIOS - ok
18:38:48.0406 2288 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:38:48.0421 2288 NetBT - ok
18:38:48.0484 2288 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:38:48.0500 2288 NIC1394 - ok
18:38:48.0562 2288 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:38:48.0562 2288 Npfs - ok
18:38:48.0625 2288 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:38:48.0656 2288 Ntfs - ok
18:38:48.0750 2288 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:38:48.0750 2288 Null - ok
18:38:48.0812 2288 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:38:48.0812 2288 NwlnkFlt - ok
18:38:48.0875 2288 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:38:48.0875 2288 NwlnkFwd - ok
18:38:48.0921 2288 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:38:48.0937 2288 ohci1394 - ok
18:38:49.0000 2288 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
18:38:49.0000 2288 Parport - ok
18:38:49.0078 2288 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:38:49.0078 2288 PartMgr - ok
18:38:49.0140 2288 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
18:38:49.0140 2288 ParVdm - ok
18:38:49.0187 2288 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
18:38:49.0187 2288 PCI - ok
18:38:49.0250 2288 PCIDump - ok
18:38:49.0328 2288 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:38:49.0328 2288 PCIIde - ok
18:38:49.0421 2288 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:38:49.0421 2288 Pcmcia - ok
18:38:49.0515 2288 PDCOMP - ok
18:38:49.0531 2288 PDFRAME - ok
18:38:49.0562 2288 PDRELI - ok
18:38:49.0578 2288 PDRFRAME - ok
18:38:49.0593 2288 perc2 - ok
18:38:49.0625 2288 perc2hib - ok
18:38:49.0718 2288 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:38:49.0718 2288 PptpMiniport - ok
18:38:49.0750 2288 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:38:49.0750 2288 PSched - ok
18:38:49.0765 2288 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:38:49.0781 2288 Ptilink - ok
18:38:49.0796 2288 ql1080 - ok
18:38:49.0812 2288 Ql10wnt - ok
18:38:49.0828 2288 ql12160 - ok
18:38:49.0859 2288 ql1240 - ok
18:38:49.0875 2288 ql1280 - ok
18:38:49.0921 2288 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:38:49.0921 2288 RasAcd - ok
18:38:49.0968 2288 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:38:49.0968 2288 Rasl2tp - ok
18:38:50.0000 2288 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:38:50.0000 2288 RasPppoe - ok
18:38:50.0015 2288 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:38:50.0015 2288 Raspti - ok
18:38:50.0062 2288 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:38:50.0062 2288 Rdbss - ok
18:38:50.0078 2288 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:38:50.0078 2288 RDPCDD - ok
18:38:50.0156 2288 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:38:50.0156 2288 RDPWD - ok
18:38:50.0218 2288 RecAgent (f846aa089b10316d982f24322e15346b) C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys
18:38:50.0218 2288 RecAgent - ok
18:38:50.0250 2288 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:38:50.0265 2288 redbook - ok
18:38:50.0343 2288 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
18:38:50.0343 2288 RTL8023xp - ok
18:38:50.0437 2288 RTL8192su (7fd98e91896cad23169a84874f145250) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
18:38:50.0453 2288 RTL8192su - ok
18:38:50.0578 2288 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:38:50.0578 2288 Secdrv - ok
18:38:50.0640 2288 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
18:38:50.0640 2288 Serial - ok
18:38:50.0687 2288 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:38:50.0687 2288 Sfloppy - ok
18:38:50.0718 2288 Simbad - ok
18:38:50.0781 2288 Slazldrv (e1094e4418d01ce6ffce1841340d1eb4) C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys
18:38:50.0781 2288 Slazldrv - ok
18:38:50.0828 2288 SlNtHal (a2b07b03c7964a945a796632817d6b7f) C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys
18:38:50.0828 2288 SlNtHal - ok
18:38:50.0875 2288 SlWdmSup (92544868d0b8ff6500e90d968ff1caed) C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys
18:38:50.0875 2288 SlWdmSup - ok
18:38:50.0937 2288 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:38:50.0953 2288 SONYPVU1 - ok
18:38:50.0968 2288 Sparrow - ok
18:38:51.0015 2288 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:38:51.0015 2288 splitter - ok
18:38:51.0093 2288 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:38:51.0093 2288 sr - ok
18:38:51.0187 2288 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:38:51.0203 2288 Srv - ok
18:38:51.0281 2288 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:38:51.0281 2288 swenum - ok
18:38:51.0328 2288 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:38:51.0328 2288 swmidi - ok
18:38:51.0359 2288 symc810 - ok
18:38:51.0375 2288 symc8xx - ok
18:38:51.0406 2288 sym_hi - ok
18:38:51.0421 2288 sym_u3 - ok
18:38:51.0468 2288 SynTP (59e9d90d6373f8ad4e3ebd0ecdedd35e) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:38:51.0484 2288 SynTP - ok
18:38:51.0515 2288 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:38:51.0531 2288 sysaudio - ok
18:38:51.0593 2288 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:38:51.0609 2288 Tcpip - ok
18:38:51.0671 2288 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
18:38:51.0671 2288 Tcpip6 - ok
18:38:51.0750 2288 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:38:51.0750 2288 TDPIPE - ok
18:38:51.0796 2288 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:38:51.0796 2288 TDTCP - ok
18:38:51.0843 2288 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:38:51.0843 2288 TermDD - ok
18:38:51.0859 2288 Suspicious service (NoAccess): tigyl
18:38:51.0890 2288 TosIde - ok
18:38:51.0953 2288 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
18:38:51.0968 2288 TrueSight - ok
18:38:52.0031 2288 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
18:38:52.0031 2288 tunmp - ok
18:38:52.0093 2288 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:38:52.0109 2288 Udfs - ok
18:38:52.0125 2288 ultra - ok
18:38:52.0171 2288 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:38:52.0187 2288 Update - ok
18:38:52.0250 2288 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:38:52.0250 2288 usbccgp - ok
18:38:52.0312 2288 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:38:52.0312 2288 usbehci - ok
18:38:52.0359 2288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:38:52.0359 2288 usbhub - ok
18:38:52.0390 2288 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:38:52.0390 2288 usbprint - ok
18:38:52.0421 2288 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:38:52.0437 2288 usbscan - ok
18:38:52.0500 2288 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:38:52.0500 2288 USBSTOR - ok
18:38:52.0562 2288 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:38:52.0562 2288 usbuhci - ok
18:38:52.0609 2288 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:38:52.0609 2288 VgaSave - ok
18:38:52.0640 2288 ViaIde - ok
18:38:52.0687 2288 viamraid (0363e216e4eb5052969c96608934dbde) C:\WINDOWS\system32\DRIVERS\viamraid.sys
18:38:52.0687 2288 viamraid - ok
18:38:52.0718 2288 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
18:38:52.0718 2288 VolSnap - ok
18:38:52.0968 2288 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
18:38:53.0156 2288 w29n51 - ok
18:38:53.0250 2288 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:38:53.0250 2288 Wanarp - ok
18:38:53.0281 2288 WDICA - ok
18:38:53.0312 2288 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:38:53.0312 2288 wdmaud - ok
18:38:53.0390 2288 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:38:53.0390 2288 WmiAcpi - ok
18:38:53.0468 2288 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0
18:38:53.0468 2288 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
18:38:53.0468 2288 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
18:38:53.0468 2288 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
18:38:54.0000 2288 \Device\Harddisk1\DR2 - ok
18:38:54.0015 2288 Boot (0x1200) (3afef430ac2f276e5ae0dd00e8d2ae13) \Device\Harddisk0\DR0\Partition0
18:38:54.0015 2288 \Device\Harddisk0\DR0\Partition0 - ok
18:38:54.0031 2288 Boot (0x1200) (9c2ad212bae398c8b1f51994c40f59bd) \Device\Harddisk1\DR2\Partition0
18:38:54.0031 2288 \Device\Harddisk1\DR2\Partition0 - ok
18:38:54.0046 2288 ============================================================
18:38:54.0046 2288 Scan finished
18:38:54.0046 2288 ============================================================
18:38:54.0062 0132 Detected object count: 2
18:38:54.0062 0132 Actual detected object count: 2
18:39:30.0437 0132 Backup copy found, using it..
18:39:30.0437 0132 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
18:39:30.0437 0132 AFD ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
18:39:30.0500 0132 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
18:39:30.0500 0132 \Device\Harddisk0\DR0 - ok
18:39:30.0500 0132 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 651
Modifié par noctambule28 le 3/10/2014 à 10:58
Modifié par noctambule28 le 3/10/2014 à 10:58
Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction, un rapport apparraitra, copie/colle le contenu ici:
:OTL
[2011/10/30 11:33:09 | 000,705,952 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Jr\Bureau\SpyHunter-Installer.exe
[2011/10/29 19:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mB04903PfGnL04903
[2010/03/19 00:19:54 | 000,013,908 | -HS- | C] () -- C:\Documents and Settings\Jr\Local Settings\Application Data\N6B46J
[2010/03/19 00:19:54 | 000,013,908 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N6B46J
* redemarre le pc sous windows et poste le rapport ici
SHUT THE F*C*K UP, WE HAVE OTHER SONGS TOO !!
o sous Personnalisation, copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction, un rapport apparraitra, copie/colle le contenu ici:
:OTL
[2011/10/30 11:33:09 | 000,705,952 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\Jr\Bureau\SpyHunter-Installer.exe
[2011/10/29 19:02:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\mB04903PfGnL04903
[2010/03/19 00:19:54 | 000,013,908 | -HS- | C] () -- C:\Documents and Settings\Jr\Local Settings\Application Data\N6B46J
[2010/03/19 00:19:54 | 000,013,908 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\N6B46J
* redemarre le pc sous windows et poste le rapport ici
SHUT THE F*C*K UP, WE HAVE OTHER SONGS TOO !!
3 nov. 2011 à 18:22
alors à mon grand étonnement en rallumant mon ordinateur j'ai constaté que SecuritySphere n'était plus actif (alors que ça fait plusieurs jours qu'il ne lâchait rien) donc j'ai pu installé et faire la suppression. Le rapport :
RogueKiller V6.1.6 [01/11/2011] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Jr [Droits d'admin]
Mode: Suppression -- Date : 03/11/2011 18:19:18
Processus malicieux: 0
Entrees de registre: 2
[SUSP PATH] HKCU\[...]\RunOnce : mB04903PfGnL04903 (C:\Documents and Settings\All Users\Application Data\mB04903PfGnL04903\mB04903PfGnL04903.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
Fichiers / Dossiers particuliers:
[FILE] KB3796359 : c:\documents and settings\jr\application data\adobe\plugs\KB3796359 --> REMOVED
[FILE] KB3802218.exe : c:\documents and settings\jr\application data\adobe\plugs\KB3802218.exe --> REMOVED
[FILE] KB3806875.exe : c:\documents and settings\jr\application data\adobe\plugs\KB3806875.exe --> REMOVED
[FOLDER] plugs : c:\documents and settings\jr\application data\adobe\plugs --> REMOVED
[FOLDER] shed : c:\documents and settings\jr\application data\adobe\shed --> REMOVED
Driver: [LOADED]
Fichier HOSTS:
Termine : << RKreport[1].txt >>
RKreport[1].txt
?