Infection Zaccess
Résolu/Fermé
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
-
16 janv. 2012 à 18:19
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 16 janv. 2012 à 20:13
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 - 16 janv. 2012 à 20:13
A voir également:
- Infection Zaccess
- Infection cvtres.exe ✓ - Forum Virus
- Infection ad.doubleclick.net ✓ - Forum Virus
- Infection FileRepMetagen - Forum Virus
- Infection SIM ✓ - Forum Virus
- Infection WonderShare ✓ - Forum Virus
16 réponses
Utilisateur anonyme
16 janv. 2012 à 18:25
16 janv. 2012 à 18:25
salut
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan"
Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
Si Rootkit.Win32.ZAccess.* est détecté règle sur "cure" en haut , et "delete" en bas
une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer
sinon , ferme tdssKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
▶ Télécharge Reload_TDSSKiller
▶ Lance le
choisis : lancer le nettoyage
l'outil va automatiquement télécharger la derniere version puis
TDSSKiller va s'ouvrir , clique sur "Start Scan"
Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
Si Rootkit.Win32.ZAccess.* est détecté règle sur "cure" en haut , et "delete" en bas
une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer
sinon , ferme tdssKiller et le rapport s'affichera sur le bureau
▶ Copie/Colle son contenu dans ta prochaine réponse.
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
16 janv. 2012 à 18:30
16 janv. 2012 à 18:30
il n'a rien détecté pourtant les autres me le trouve mais le souci c'est que les autre détecte svchost.exe comme étant zeroacess c'est bizarre... voila le rapport
18:27:35.0921 2012 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
18:27:36.0125 2012 ============================================================
18:27:36.0125 2012 Current date / time: 2012/01/16 18:27:36.0125
18:27:36.0125 2012 SystemInfo:
18:27:36.0125 2012
18:27:36.0125 2012 OS Version: 5.1.2600 ServicePack: 3.0
18:27:36.0125 2012 Product type: Workstation
18:27:36.0125 2012 ComputerName: COMPAQ-B32EACD7
18:27:36.0125 2012 UserName: Administrateur
18:27:36.0125 2012 Windows directory: C:\WINDOWS
18:27:36.0125 2012 System windows directory: C:\WINDOWS
18:27:36.0125 2012 Processor architecture: Intel x86
18:27:36.0125 2012 Number of processors: 2
18:27:36.0125 2012 Page size: 0x1000
18:27:36.0125 2012 Boot type: Safe boot with network
18:27:36.0125 2012 ============================================================
18:27:39.0171 2012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
18:27:39.0281 2012 Initialize success
18:27:41.0015 1960 ============================================================
18:27:41.0015 1960 Scan started
18:27:41.0015 1960 Mode: Manual;
18:27:41.0015 1960 ============================================================
18:27:42.0078 1960 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
18:27:42.0093 1960 a2acc - ok
18:27:42.0156 1960 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
18:27:42.0156 1960 A2DDA - ok
18:27:42.0187 1960 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
18:27:42.0203 1960 a2injectiondriver - ok
18:27:42.0250 1960 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
18:27:42.0250 1960 a2util - ok
18:27:42.0375 1960 Abiosdsk - ok
18:27:42.0406 1960 abp480n5 - ok
18:27:42.0484 1960 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:27:42.0500 1960 ACPI - ok
18:27:42.0515 1960 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:27:42.0515 1960 ACPIEC - ok
18:27:42.0546 1960 adpu160m - ok
18:27:42.0625 1960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:27:42.0625 1960 aec - ok
18:27:42.0703 1960 AESTAud (f0f8212d86ef2bfdd5ad01f6ab7b017c) C:\WINDOWS\system32\drivers\AESTAud.sys
18:27:42.0703 1960 AESTAud - ok
18:27:42.0765 1960 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:27:42.0765 1960 AFD - ok
18:27:42.0796 1960 Aha154x - ok
18:27:42.0828 1960 aic78u2 - ok
18:27:42.0859 1960 aic78xx - ok
18:27:42.0906 1960 AliIde - ok
18:27:42.0937 1960 amsint - ok
18:27:42.0984 1960 asc - ok
18:27:43.0015 1960 asc3350p - ok
18:27:43.0046 1960 asc3550 - ok
18:27:43.0203 1960 ASFWHide - ok
18:27:43.0328 1960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:27:43.0328 1960 AsyncMac - ok
18:27:43.0375 1960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:27:43.0375 1960 atapi - ok
18:27:43.0406 1960 Atdisk - ok
18:27:43.0437 1960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:27:43.0437 1960 Atmarpc - ok
18:27:43.0515 1960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:27:43.0515 1960 audstub - ok
18:27:43.0593 1960 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:27:43.0593 1960 AVGIDSDriver - ok
18:27:43.0656 1960 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:27:43.0656 1960 AVGIDSEH - ok
18:27:43.0687 1960 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:27:43.0687 1960 AVGIDSFilter - ok
18:27:43.0718 1960 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:27:43.0718 1960 AVGIDSShim - ok
18:27:43.0812 1960 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:27:43.0812 1960 Avgldx86 - ok
18:27:43.0859 1960 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:27:43.0859 1960 Avgmfx86 - ok
18:27:43.0890 1960 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:27:43.0906 1960 Avgrkx86 - ok
18:27:43.0937 1960 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:27:43.0953 1960 Avgtdix - ok
18:27:44.0078 1960 BCM43XX (10cf810cbc0b7090c436bb15496b3328) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:27:44.0140 1960 BCM43XX - ok
18:27:44.0187 1960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:27:44.0203 1960 Beep - ok
18:27:44.0281 1960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:27:44.0281 1960 cbidf2k - ok
18:27:44.0296 1960 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:27:44.0312 1960 CCDECODE - ok
18:27:44.0328 1960 cd20xrnt - ok
18:27:44.0375 1960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:27:44.0375 1960 Cdaudio - ok
18:27:44.0406 1960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:27:44.0421 1960 Cdfs - ok
18:27:44.0453 1960 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:27:44.0453 1960 Cdrom - ok
18:27:44.0468 1960 Changer - ok
18:27:44.0546 1960 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:27:44.0546 1960 CmBatt - ok
18:27:44.0578 1960 CmdIde - ok
18:27:44.0609 1960 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:27:44.0625 1960 Compbatt - ok
18:27:44.0687 1960 Cpqarray - ok
18:27:44.0734 1960 dac2w2k - ok
18:27:44.0765 1960 dac960nt - ok
18:27:44.0828 1960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:27:44.0828 1960 Disk - ok
18:27:44.0937 1960 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
18:27:44.0968 1960 dmboot - ok
18:27:45.0000 1960 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
18:27:45.0000 1960 dmio - ok
18:27:45.0031 1960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:27:45.0031 1960 dmload - ok
18:27:45.0078 1960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:27:45.0078 1960 DMusic - ok
18:27:45.0125 1960 dpti2o - ok
18:27:45.0250 1960 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
18:27:45.0265 1960 driverhardwarev2 - ok
18:27:45.0281 1960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:27:45.0281 1960 drmkaud - ok
18:27:45.0421 1960 F-Secure Filter - ok
18:27:45.0453 1960 F-Secure Gatekeeper - ok
18:27:45.0484 1960 F-Secure HIPS - ok
18:27:45.0515 1960 F-Secure Recognizer - ok
18:27:45.0546 1960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:27:45.0546 1960 Fastfat - ok
18:27:45.0625 1960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:27:45.0625 1960 Fdc - ok
18:27:45.0671 1960 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
18:27:45.0671 1960 Fips - ok
18:27:45.0703 1960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:27:45.0703 1960 Flpydisk - ok
18:27:45.0765 1960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:27:45.0765 1960 FltMgr - ok
18:27:45.0828 1960 fsbts (f87fbe8b104df9c35cd52909b8d28a4a) C:\WINDOWS\system32\Drivers\fsbts.sys
18:27:45.0828 1960 fsbts - ok
18:27:45.0859 1960 FSFW (b7feb06217a421ffd9eee6604e60f903) C:\WINDOWS\system32\drivers\fsdfw.sys
18:27:45.0859 1960 FSFW - ok
18:27:45.0921 1960 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:27:45.0921 1960 fssfltr - ok
18:27:45.0968 1960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:27:45.0968 1960 Fs_Rec - ok
18:27:46.0000 1960 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:27:46.0000 1960 Ftdisk - ok
18:27:46.0062 1960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:27:46.0062 1960 Gpc - ok
18:27:46.0078 1960 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:27:46.0078 1960 HDAudBus - ok
18:27:46.0203 1960 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:27:46.0218 1960 HidUsb - ok
18:27:46.0296 1960 hitmanpro2 (cc2cfaf74dc5b144a2c2f56b3134c8ac) C:\Program Files\Hitman Pro\hitmanpro2.sys
18:27:46.0312 1960 hitmanpro2 - ok
18:27:46.0343 1960 hpn - ok
18:27:46.0421 1960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:27:46.0421 1960 HTTP - ok
18:27:46.0453 1960 i2omgmt - ok
18:27:46.0484 1960 i2omp - ok
18:27:46.0562 1960 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:27:46.0562 1960 i8042prt - ok
18:27:46.0781 1960 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:27:46.0984 1960 ialm - ok
18:27:47.0078 1960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:27:47.0078 1960 Imapi - ok
18:27:47.0125 1960 ini910u - ok
18:27:47.0171 1960 IntelIde - ok
18:27:47.0218 1960 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:27:47.0218 1960 intelppm - ok
18:27:47.0265 1960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:27:47.0281 1960 Ip6Fw - ok
18:27:47.0296 1960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:27:47.0312 1960 IpFilterDriver - ok
18:27:47.0328 1960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:27:47.0343 1960 IpInIp - ok
18:27:47.0390 1960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:27:47.0390 1960 IpNat - ok
18:27:47.0406 1960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:27:47.0421 1960 IPSec - ok
18:27:47.0453 1960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:27:47.0453 1960 IRENUM - ok
18:27:47.0515 1960 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:27:47.0515 1960 isapnp - ok
18:27:47.0562 1960 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:27:47.0562 1960 Kbdclass - ok
18:27:47.0593 1960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:27:47.0609 1960 kmixer - ok
18:27:47.0640 1960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:27:47.0640 1960 KSecDD - ok
18:27:47.0687 1960 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
18:27:47.0703 1960 L1c - ok
18:27:47.0750 1960 lbrtfdc - ok
18:27:47.0859 1960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:27:47.0859 1960 mnmdd - ok
18:27:47.0921 1960 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
18:27:47.0921 1960 Modem - ok
18:27:48.0000 1960 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:27:48.0000 1960 Mouclass - ok
18:27:48.0031 1960 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:27:48.0031 1960 mouhid - ok
18:27:48.0046 1960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:27:48.0046 1960 MountMgr - ok
18:27:48.0078 1960 mraid35x - ok
18:27:48.0109 1960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:27:48.0125 1960 MRxDAV - ok
18:27:48.0187 1960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:27:48.0187 1960 Msfs - ok
18:27:48.0250 1960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:27:48.0250 1960 MSKSSRV - ok
18:27:48.0265 1960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:27:48.0265 1960 MSPCLOCK - ok
18:27:48.0296 1960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:27:48.0296 1960 MSPQM - ok
18:27:48.0343 1960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:27:48.0343 1960 mssmbios - ok
18:27:48.0390 1960 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:27:48.0390 1960 MSTEE - ok
18:27:48.0437 1960 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:27:48.0437 1960 Mup - ok
18:27:48.0500 1960 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:27:48.0515 1960 NABTSFEC - ok
18:27:48.0562 1960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:27:48.0562 1960 NDIS - ok
18:27:48.0609 1960 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:27:48.0609 1960 NdisIP - ok
18:27:48.0656 1960 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:27:48.0656 1960 NdisTapi - ok
18:27:48.0687 1960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:27:48.0703 1960 Ndisuio - ok
18:27:48.0718 1960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:27:48.0718 1960 NdisWan - ok
18:27:48.0796 1960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:27:48.0796 1960 NDProxy - ok
18:27:48.0812 1960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:27:48.0828 1960 NetBIOS - ok
18:27:48.0859 1960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:27:48.0859 1960 NetBT - ok
18:27:49.0015 1960 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
18:27:49.0015 1960 NPF - ok
18:27:49.0031 1960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:27:49.0031 1960 Npfs - ok
18:27:49.0109 1960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:27:49.0125 1960 Ntfs - ok
18:27:49.0203 1960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:27:49.0203 1960 Null - ok
18:27:49.0234 1960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:27:49.0234 1960 NwlnkFlt - ok
18:27:49.0265 1960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:27:49.0265 1960 NwlnkFwd - ok
18:27:49.0359 1960 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
18:27:49.0359 1960 Parport - ok
18:27:49.0375 1960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:27:49.0375 1960 PartMgr - ok
18:27:49.0421 1960 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
18:27:49.0421 1960 ParVdm - ok
18:27:49.0468 1960 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
18:27:49.0468 1960 PCI - ok
18:27:49.0500 1960 PCIDump - ok
18:27:49.0546 1960 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:27:49.0546 1960 PCIIde - ok
18:27:49.0609 1960 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:27:49.0609 1960 Pcmcia - ok
18:27:49.0625 1960 PDCOMP - ok
18:27:49.0656 1960 PDFRAME - ok
18:27:49.0687 1960 PDRELI - ok
18:27:49.0703 1960 PDRFRAME - ok
18:27:49.0734 1960 perc2 - ok
18:27:49.0765 1960 perc2hib - ok
18:27:49.0906 1960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:27:49.0906 1960 PptpMiniport - ok
18:27:49.0968 1960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:27:49.0968 1960 Ptilink - ok
18:27:50.0015 1960 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:27:50.0015 1960 PxHelp20 - ok
18:27:50.0046 1960 qcusbser (59b96dbe2acb872cc1c9f4c14dbb7690) C:\WINDOWS\system32\DRIVERS\qcusbser.sys
18:27:50.0046 1960 qcusbser - ok
18:27:50.0078 1960 ql1080 - ok
18:27:50.0109 1960 Ql10wnt - ok
18:27:50.0140 1960 ql12160 - ok
18:27:50.0171 1960 ql1240 - ok
18:27:50.0187 1960 ql1280 - ok
18:27:50.0250 1960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:27:50.0250 1960 RasAcd - ok
18:27:50.0312 1960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:27:50.0312 1960 Rasl2tp - ok
18:27:50.0343 1960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:27:50.0343 1960 RasPppoe - ok
18:27:50.0375 1960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:27:50.0375 1960 Raspti - ok
18:27:50.0453 1960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:27:50.0453 1960 Rdbss - ok
18:27:50.0484 1960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:27:50.0484 1960 RDPCDD - ok
18:27:50.0578 1960 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:27:50.0578 1960 RDPWD - ok
18:27:50.0640 1960 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:27:50.0640 1960 redbook - ok
18:27:50.0703 1960 RSUSBSTOR - ok
18:27:50.0750 1960 Rts516xIR - ok
18:27:50.0796 1960 SBRE - ok
18:27:50.0859 1960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:27:50.0875 1960 Secdrv - ok
18:27:50.0968 1960 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
18:27:50.0968 1960 Serial - ok
18:27:51.0046 1960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:27:51.0062 1960 Sfloppy - ok
18:27:51.0109 1960 Simbad - ok
18:27:51.0171 1960 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:27:51.0171 1960 SLIP - ok
18:27:51.0203 1960 Sparrow - ok
18:27:51.0250 1960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:27:51.0250 1960 splitter - ok
18:27:51.0312 1960 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:27:51.0312 1960 sr - ok
18:27:51.0359 1960 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:27:51.0375 1960 Srv - ok
18:27:51.0500 1960 STHDA (dc3489f1ef71ad75b34740d0e6979187) C:\WINDOWS\system32\drivers\sthda.sys
18:27:51.0546 1960 STHDA - ok
18:27:51.0578 1960 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:27:51.0578 1960 streamip - ok
18:27:51.0625 1960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:27:51.0625 1960 swenum - ok
18:27:51.0640 1960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:27:51.0656 1960 swmidi - ok
18:27:51.0687 1960 symc810 - ok
18:27:51.0718 1960 symc8xx - ok
18:27:51.0750 1960 sym_hi - ok
18:27:51.0765 1960 sym_u3 - ok
18:27:51.0843 1960 SynTP (8da49473f997d4c5d821f1e358f94f2d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:27:51.0843 1960 SynTP - ok
18:27:51.0875 1960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:27:51.0875 1960 sysaudio - ok
18:27:51.0921 1960 tap0901 (ab2ea3a7a0653ec63efac25acb9f719a) C:\WINDOWS\system32\DRIVERS\tap0901.sys
18:27:51.0921 1960 tap0901 - ok
18:27:52.0046 1960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:27:52.0062 1960 Tcpip - ok
18:27:52.0093 1960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:27:52.0093 1960 TDPIPE - ok
18:27:52.0125 1960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:27:52.0125 1960 TDTCP - ok
18:27:52.0156 1960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:27:52.0156 1960 TermDD - ok
18:27:52.0203 1960 TfFsMon - ok
18:27:52.0234 1960 TfNetMon - ok
18:27:52.0265 1960 TFSysMon - ok
18:27:52.0296 1960 TosIde - ok
18:27:52.0406 1960 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
18:27:52.0406 1960 TrueSight - ok
18:27:52.0453 1960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:27:52.0453 1960 Udfs - ok
18:27:52.0468 1960 ultra - ok
18:27:52.0531 1960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:27:52.0546 1960 Update - ok
18:27:52.0625 1960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:27:52.0625 1960 usbccgp - ok
18:27:52.0640 1960 USBCCID - ok
18:27:52.0718 1960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:27:52.0718 1960 usbehci - ok
18:27:52.0750 1960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:27:52.0750 1960 usbhub - ok
18:27:52.0812 1960 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:27:52.0828 1960 usbprint - ok
18:27:52.0843 1960 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:27:52.0843 1960 usbstor - ok
18:27:52.0906 1960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:27:52.0906 1960 usbuhci - ok
18:27:52.0937 1960 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:27:52.0937 1960 usbvideo - ok
18:27:52.0984 1960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:27:52.0984 1960 VgaSave - ok
18:27:53.0015 1960 ViaIde - ok
18:27:53.0046 1960 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
18:27:53.0046 1960 VolSnap - ok
18:27:53.0171 1960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:27:53.0171 1960 Wanarp - ok
18:27:53.0250 1960 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:27:53.0250 1960 Wdf01000 - ok
18:27:53.0265 1960 WDICA - ok
18:27:53.0312 1960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:27:53.0312 1960 wdmaud - ok
18:27:53.0437 1960 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:27:53.0437 1960 WmiAcpi - ok
18:27:53.0531 1960 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:27:53.0531 1960 WS2IFSL - ok
18:27:53.0593 1960 WSIMD (9e91c8e27bb339f805fbf5a1b5f2b4f7) C:\WINDOWS\system32\DRIVERS\wsimd.sys
18:27:53.0593 1960 WSIMD - ok
18:27:53.0609 1960 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:27:53.0609 1960 WSTCODEC - ok
18:27:53.0640 1960 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:27:53.0640 1960 WudfPf - ok
18:27:53.0671 1960 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:27:53.0687 1960 WudfRd - ok
18:27:53.0828 1960 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:27:53.0890 1960 \Device\Harddisk0\DR0 - ok
18:27:53.0906 1960 Boot (0x1200) (a073fc8f43da7091b9fcbac931ee7881) \Device\Harddisk0\DR0\Partition0
18:27:53.0906 1960 \Device\Harddisk0\DR0\Partition0 - ok
18:27:53.0921 1960 ============================================================
18:27:53.0921 1960 Scan finished
18:27:53.0921 1960 ============================================================
18:27:53.0968 2032 Detected object count: 0
18:27:53.0968 2032 Actual detected object count: 0
18:28:07.0859 2008 Deinitialize success
18:27:35.0921 2012 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
18:27:36.0125 2012 ============================================================
18:27:36.0125 2012 Current date / time: 2012/01/16 18:27:36.0125
18:27:36.0125 2012 SystemInfo:
18:27:36.0125 2012
18:27:36.0125 2012 OS Version: 5.1.2600 ServicePack: 3.0
18:27:36.0125 2012 Product type: Workstation
18:27:36.0125 2012 ComputerName: COMPAQ-B32EACD7
18:27:36.0125 2012 UserName: Administrateur
18:27:36.0125 2012 Windows directory: C:\WINDOWS
18:27:36.0125 2012 System windows directory: C:\WINDOWS
18:27:36.0125 2012 Processor architecture: Intel x86
18:27:36.0125 2012 Number of processors: 2
18:27:36.0125 2012 Page size: 0x1000
18:27:36.0125 2012 Boot type: Safe boot with network
18:27:36.0125 2012 ============================================================
18:27:39.0171 2012 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
18:27:39.0281 2012 Initialize success
18:27:41.0015 1960 ============================================================
18:27:41.0015 1960 Scan started
18:27:41.0015 1960 Mode: Manual;
18:27:41.0015 1960 ============================================================
18:27:42.0078 1960 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
18:27:42.0093 1960 a2acc - ok
18:27:42.0156 1960 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
18:27:42.0156 1960 A2DDA - ok
18:27:42.0187 1960 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
18:27:42.0203 1960 a2injectiondriver - ok
18:27:42.0250 1960 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
18:27:42.0250 1960 a2util - ok
18:27:42.0375 1960 Abiosdsk - ok
18:27:42.0406 1960 abp480n5 - ok
18:27:42.0484 1960 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:27:42.0500 1960 ACPI - ok
18:27:42.0515 1960 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
18:27:42.0515 1960 ACPIEC - ok
18:27:42.0546 1960 adpu160m - ok
18:27:42.0625 1960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:27:42.0625 1960 aec - ok
18:27:42.0703 1960 AESTAud (f0f8212d86ef2bfdd5ad01f6ab7b017c) C:\WINDOWS\system32\drivers\AESTAud.sys
18:27:42.0703 1960 AESTAud - ok
18:27:42.0765 1960 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:27:42.0765 1960 AFD - ok
18:27:42.0796 1960 Aha154x - ok
18:27:42.0828 1960 aic78u2 - ok
18:27:42.0859 1960 aic78xx - ok
18:27:42.0906 1960 AliIde - ok
18:27:42.0937 1960 amsint - ok
18:27:42.0984 1960 asc - ok
18:27:43.0015 1960 asc3350p - ok
18:27:43.0046 1960 asc3550 - ok
18:27:43.0203 1960 ASFWHide - ok
18:27:43.0328 1960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:27:43.0328 1960 AsyncMac - ok
18:27:43.0375 1960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:27:43.0375 1960 atapi - ok
18:27:43.0406 1960 Atdisk - ok
18:27:43.0437 1960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:27:43.0437 1960 Atmarpc - ok
18:27:43.0515 1960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:27:43.0515 1960 audstub - ok
18:27:43.0593 1960 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:27:43.0593 1960 AVGIDSDriver - ok
18:27:43.0656 1960 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:27:43.0656 1960 AVGIDSEH - ok
18:27:43.0687 1960 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:27:43.0687 1960 AVGIDSFilter - ok
18:27:43.0718 1960 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:27:43.0718 1960 AVGIDSShim - ok
18:27:43.0812 1960 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:27:43.0812 1960 Avgldx86 - ok
18:27:43.0859 1960 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:27:43.0859 1960 Avgmfx86 - ok
18:27:43.0890 1960 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:27:43.0906 1960 Avgrkx86 - ok
18:27:43.0937 1960 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:27:43.0953 1960 Avgtdix - ok
18:27:44.0078 1960 BCM43XX (10cf810cbc0b7090c436bb15496b3328) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
18:27:44.0140 1960 BCM43XX - ok
18:27:44.0187 1960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:27:44.0203 1960 Beep - ok
18:27:44.0281 1960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:27:44.0281 1960 cbidf2k - ok
18:27:44.0296 1960 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:27:44.0312 1960 CCDECODE - ok
18:27:44.0328 1960 cd20xrnt - ok
18:27:44.0375 1960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:27:44.0375 1960 Cdaudio - ok
18:27:44.0406 1960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:27:44.0421 1960 Cdfs - ok
18:27:44.0453 1960 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:27:44.0453 1960 Cdrom - ok
18:27:44.0468 1960 Changer - ok
18:27:44.0546 1960 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
18:27:44.0546 1960 CmBatt - ok
18:27:44.0578 1960 CmdIde - ok
18:27:44.0609 1960 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
18:27:44.0625 1960 Compbatt - ok
18:27:44.0687 1960 Cpqarray - ok
18:27:44.0734 1960 dac2w2k - ok
18:27:44.0765 1960 dac960nt - ok
18:27:44.0828 1960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:27:44.0828 1960 Disk - ok
18:27:44.0937 1960 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
18:27:44.0968 1960 dmboot - ok
18:27:45.0000 1960 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
18:27:45.0000 1960 dmio - ok
18:27:45.0031 1960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:27:45.0031 1960 dmload - ok
18:27:45.0078 1960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:27:45.0078 1960 DMusic - ok
18:27:45.0125 1960 dpti2o - ok
18:27:45.0250 1960 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
18:27:45.0265 1960 driverhardwarev2 - ok
18:27:45.0281 1960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:27:45.0281 1960 drmkaud - ok
18:27:45.0421 1960 F-Secure Filter - ok
18:27:45.0453 1960 F-Secure Gatekeeper - ok
18:27:45.0484 1960 F-Secure HIPS - ok
18:27:45.0515 1960 F-Secure Recognizer - ok
18:27:45.0546 1960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:27:45.0546 1960 Fastfat - ok
18:27:45.0625 1960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:27:45.0625 1960 Fdc - ok
18:27:45.0671 1960 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
18:27:45.0671 1960 Fips - ok
18:27:45.0703 1960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:27:45.0703 1960 Flpydisk - ok
18:27:45.0765 1960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:27:45.0765 1960 FltMgr - ok
18:27:45.0828 1960 fsbts (f87fbe8b104df9c35cd52909b8d28a4a) C:\WINDOWS\system32\Drivers\fsbts.sys
18:27:45.0828 1960 fsbts - ok
18:27:45.0859 1960 FSFW (b7feb06217a421ffd9eee6604e60f903) C:\WINDOWS\system32\drivers\fsdfw.sys
18:27:45.0859 1960 FSFW - ok
18:27:45.0921 1960 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
18:27:45.0921 1960 fssfltr - ok
18:27:45.0968 1960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:27:45.0968 1960 Fs_Rec - ok
18:27:46.0000 1960 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:27:46.0000 1960 Ftdisk - ok
18:27:46.0062 1960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:27:46.0062 1960 Gpc - ok
18:27:46.0078 1960 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:27:46.0078 1960 HDAudBus - ok
18:27:46.0203 1960 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:27:46.0218 1960 HidUsb - ok
18:27:46.0296 1960 hitmanpro2 (cc2cfaf74dc5b144a2c2f56b3134c8ac) C:\Program Files\Hitman Pro\hitmanpro2.sys
18:27:46.0312 1960 hitmanpro2 - ok
18:27:46.0343 1960 hpn - ok
18:27:46.0421 1960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:27:46.0421 1960 HTTP - ok
18:27:46.0453 1960 i2omgmt - ok
18:27:46.0484 1960 i2omp - ok
18:27:46.0562 1960 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:27:46.0562 1960 i8042prt - ok
18:27:46.0781 1960 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
18:27:46.0984 1960 ialm - ok
18:27:47.0078 1960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:27:47.0078 1960 Imapi - ok
18:27:47.0125 1960 ini910u - ok
18:27:47.0171 1960 IntelIde - ok
18:27:47.0218 1960 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:27:47.0218 1960 intelppm - ok
18:27:47.0265 1960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:27:47.0281 1960 Ip6Fw - ok
18:27:47.0296 1960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:27:47.0312 1960 IpFilterDriver - ok
18:27:47.0328 1960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:27:47.0343 1960 IpInIp - ok
18:27:47.0390 1960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:27:47.0390 1960 IpNat - ok
18:27:47.0406 1960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:27:47.0421 1960 IPSec - ok
18:27:47.0453 1960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:27:47.0453 1960 IRENUM - ok
18:27:47.0515 1960 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:27:47.0515 1960 isapnp - ok
18:27:47.0562 1960 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:27:47.0562 1960 Kbdclass - ok
18:27:47.0593 1960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:27:47.0609 1960 kmixer - ok
18:27:47.0640 1960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:27:47.0640 1960 KSecDD - ok
18:27:47.0687 1960 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
18:27:47.0703 1960 L1c - ok
18:27:47.0750 1960 lbrtfdc - ok
18:27:47.0859 1960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:27:47.0859 1960 mnmdd - ok
18:27:47.0921 1960 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
18:27:47.0921 1960 Modem - ok
18:27:48.0000 1960 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:27:48.0000 1960 Mouclass - ok
18:27:48.0031 1960 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:27:48.0031 1960 mouhid - ok
18:27:48.0046 1960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:27:48.0046 1960 MountMgr - ok
18:27:48.0078 1960 mraid35x - ok
18:27:48.0109 1960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:27:48.0125 1960 MRxDAV - ok
18:27:48.0187 1960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:27:48.0187 1960 Msfs - ok
18:27:48.0250 1960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:27:48.0250 1960 MSKSSRV - ok
18:27:48.0265 1960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:27:48.0265 1960 MSPCLOCK - ok
18:27:48.0296 1960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:27:48.0296 1960 MSPQM - ok
18:27:48.0343 1960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:27:48.0343 1960 mssmbios - ok
18:27:48.0390 1960 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:27:48.0390 1960 MSTEE - ok
18:27:48.0437 1960 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:27:48.0437 1960 Mup - ok
18:27:48.0500 1960 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:27:48.0515 1960 NABTSFEC - ok
18:27:48.0562 1960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:27:48.0562 1960 NDIS - ok
18:27:48.0609 1960 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:27:48.0609 1960 NdisIP - ok
18:27:48.0656 1960 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:27:48.0656 1960 NdisTapi - ok
18:27:48.0687 1960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:27:48.0703 1960 Ndisuio - ok
18:27:48.0718 1960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:27:48.0718 1960 NdisWan - ok
18:27:48.0796 1960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:27:48.0796 1960 NDProxy - ok
18:27:48.0812 1960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:27:48.0828 1960 NetBIOS - ok
18:27:48.0859 1960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:27:48.0859 1960 NetBT - ok
18:27:49.0015 1960 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
18:27:49.0015 1960 NPF - ok
18:27:49.0031 1960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:27:49.0031 1960 Npfs - ok
18:27:49.0109 1960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:27:49.0125 1960 Ntfs - ok
18:27:49.0203 1960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:27:49.0203 1960 Null - ok
18:27:49.0234 1960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:27:49.0234 1960 NwlnkFlt - ok
18:27:49.0265 1960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:27:49.0265 1960 NwlnkFwd - ok
18:27:49.0359 1960 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
18:27:49.0359 1960 Parport - ok
18:27:49.0375 1960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:27:49.0375 1960 PartMgr - ok
18:27:49.0421 1960 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
18:27:49.0421 1960 ParVdm - ok
18:27:49.0468 1960 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
18:27:49.0468 1960 PCI - ok
18:27:49.0500 1960 PCIDump - ok
18:27:49.0546 1960 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:27:49.0546 1960 PCIIde - ok
18:27:49.0609 1960 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:27:49.0609 1960 Pcmcia - ok
18:27:49.0625 1960 PDCOMP - ok
18:27:49.0656 1960 PDFRAME - ok
18:27:49.0687 1960 PDRELI - ok
18:27:49.0703 1960 PDRFRAME - ok
18:27:49.0734 1960 perc2 - ok
18:27:49.0765 1960 perc2hib - ok
18:27:49.0906 1960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:27:49.0906 1960 PptpMiniport - ok
18:27:49.0968 1960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:27:49.0968 1960 Ptilink - ok
18:27:50.0015 1960 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:27:50.0015 1960 PxHelp20 - ok
18:27:50.0046 1960 qcusbser (59b96dbe2acb872cc1c9f4c14dbb7690) C:\WINDOWS\system32\DRIVERS\qcusbser.sys
18:27:50.0046 1960 qcusbser - ok
18:27:50.0078 1960 ql1080 - ok
18:27:50.0109 1960 Ql10wnt - ok
18:27:50.0140 1960 ql12160 - ok
18:27:50.0171 1960 ql1240 - ok
18:27:50.0187 1960 ql1280 - ok
18:27:50.0250 1960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:27:50.0250 1960 RasAcd - ok
18:27:50.0312 1960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:27:50.0312 1960 Rasl2tp - ok
18:27:50.0343 1960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:27:50.0343 1960 RasPppoe - ok
18:27:50.0375 1960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:27:50.0375 1960 Raspti - ok
18:27:50.0453 1960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:27:50.0453 1960 Rdbss - ok
18:27:50.0484 1960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:27:50.0484 1960 RDPCDD - ok
18:27:50.0578 1960 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:27:50.0578 1960 RDPWD - ok
18:27:50.0640 1960 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:27:50.0640 1960 redbook - ok
18:27:50.0703 1960 RSUSBSTOR - ok
18:27:50.0750 1960 Rts516xIR - ok
18:27:50.0796 1960 SBRE - ok
18:27:50.0859 1960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:27:50.0875 1960 Secdrv - ok
18:27:50.0968 1960 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
18:27:50.0968 1960 Serial - ok
18:27:51.0046 1960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:27:51.0062 1960 Sfloppy - ok
18:27:51.0109 1960 Simbad - ok
18:27:51.0171 1960 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:27:51.0171 1960 SLIP - ok
18:27:51.0203 1960 Sparrow - ok
18:27:51.0250 1960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:27:51.0250 1960 splitter - ok
18:27:51.0312 1960 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
18:27:51.0312 1960 sr - ok
18:27:51.0359 1960 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:27:51.0375 1960 Srv - ok
18:27:51.0500 1960 STHDA (dc3489f1ef71ad75b34740d0e6979187) C:\WINDOWS\system32\drivers\sthda.sys
18:27:51.0546 1960 STHDA - ok
18:27:51.0578 1960 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:27:51.0578 1960 streamip - ok
18:27:51.0625 1960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:27:51.0625 1960 swenum - ok
18:27:51.0640 1960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:27:51.0656 1960 swmidi - ok
18:27:51.0687 1960 symc810 - ok
18:27:51.0718 1960 symc8xx - ok
18:27:51.0750 1960 sym_hi - ok
18:27:51.0765 1960 sym_u3 - ok
18:27:51.0843 1960 SynTP (8da49473f997d4c5d821f1e358f94f2d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
18:27:51.0843 1960 SynTP - ok
18:27:51.0875 1960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:27:51.0875 1960 sysaudio - ok
18:27:51.0921 1960 tap0901 (ab2ea3a7a0653ec63efac25acb9f719a) C:\WINDOWS\system32\DRIVERS\tap0901.sys
18:27:51.0921 1960 tap0901 - ok
18:27:52.0046 1960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:27:52.0062 1960 Tcpip - ok
18:27:52.0093 1960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:27:52.0093 1960 TDPIPE - ok
18:27:52.0125 1960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:27:52.0125 1960 TDTCP - ok
18:27:52.0156 1960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:27:52.0156 1960 TermDD - ok
18:27:52.0203 1960 TfFsMon - ok
18:27:52.0234 1960 TfNetMon - ok
18:27:52.0265 1960 TFSysMon - ok
18:27:52.0296 1960 TosIde - ok
18:27:52.0406 1960 TrueSight (f69641efdb19acb4753b0155f7fdeed5) c:\windows\system32\drivers\TrueSight.sys
18:27:52.0406 1960 TrueSight - ok
18:27:52.0453 1960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:27:52.0453 1960 Udfs - ok
18:27:52.0468 1960 ultra - ok
18:27:52.0531 1960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:27:52.0546 1960 Update - ok
18:27:52.0625 1960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:27:52.0625 1960 usbccgp - ok
18:27:52.0640 1960 USBCCID - ok
18:27:52.0718 1960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:27:52.0718 1960 usbehci - ok
18:27:52.0750 1960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:27:52.0750 1960 usbhub - ok
18:27:52.0812 1960 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:27:52.0828 1960 usbprint - ok
18:27:52.0843 1960 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:27:52.0843 1960 usbstor - ok
18:27:52.0906 1960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:27:52.0906 1960 usbuhci - ok
18:27:52.0937 1960 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
18:27:52.0937 1960 usbvideo - ok
18:27:52.0984 1960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:27:52.0984 1960 VgaSave - ok
18:27:53.0015 1960 ViaIde - ok
18:27:53.0046 1960 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
18:27:53.0046 1960 VolSnap - ok
18:27:53.0171 1960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:27:53.0171 1960 Wanarp - ok
18:27:53.0250 1960 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:27:53.0250 1960 Wdf01000 - ok
18:27:53.0265 1960 WDICA - ok
18:27:53.0312 1960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:27:53.0312 1960 wdmaud - ok
18:27:53.0437 1960 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
18:27:53.0437 1960 WmiAcpi - ok
18:27:53.0531 1960 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:27:53.0531 1960 WS2IFSL - ok
18:27:53.0593 1960 WSIMD (9e91c8e27bb339f805fbf5a1b5f2b4f7) C:\WINDOWS\system32\DRIVERS\wsimd.sys
18:27:53.0593 1960 WSIMD - ok
18:27:53.0609 1960 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:27:53.0609 1960 WSTCODEC - ok
18:27:53.0640 1960 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:27:53.0640 1960 WudfPf - ok
18:27:53.0671 1960 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:27:53.0687 1960 WudfRd - ok
18:27:53.0828 1960 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:27:53.0890 1960 \Device\Harddisk0\DR0 - ok
18:27:53.0906 1960 Boot (0x1200) (a073fc8f43da7091b9fcbac931ee7881) \Device\Harddisk0\DR0\Partition0
18:27:53.0906 1960 \Device\Harddisk0\DR0\Partition0 - ok
18:27:53.0921 1960 ============================================================
18:27:53.0921 1960 Scan finished
18:27:53.0921 1960 ============================================================
18:27:53.0968 2032 Detected object count: 0
18:27:53.0968 2032 Actual detected object count: 0
18:28:07.0859 2008 Deinitialize success
Utilisateur anonyme
16 janv. 2012 à 18:32
16 janv. 2012 à 18:32
alors on va frapper fort
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
/!\ ATTENTION SUIVRE A LA LETTRE CES INDICATIONS/!\
__________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
Telecharge ici : Combofix
Avant d'utiliser ComboFix :
Si tu utilises AVG, IL FAUT IMPERATIVEMENT LE DESINSTALLER avant d'utiliser Combofix car il peut causer des dégâts en interaction avec l'outil pouvant mener à la réinstallation totale du système.
La simple désactivation du résident n'est pas suffisante.
Télécharge le désinstalleur d'AVG sur ce lien : https://www.avg.com/fr-fr/avg-remover
Choisis la version adéquate (32 ou 64 bits)/!\
Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :
▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l'ordinateur si l'outil te le demande
Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
¤¤¤¤¤¤¤¤¤¤ LAISSE-LE INSTALLER LA CONSOLE DE RECUPERATION S'IL TE LE DEMANDE ¤¤¤¤¤¤¤¤¤¤
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
16 janv. 2012 à 18:33
16 janv. 2012 à 18:33
petite précision je suis en mode sans échec avec prise en charge réseau car en mode normal le CPU tourne à 100% en permanence merci pour votre aide en tout cas, que dois je faire ensuite ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
16 janv. 2012 à 18:34
16 janv. 2012 à 18:34
ok c'est parti pour un combofix :)
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
16 janv. 2012 à 18:43
16 janv. 2012 à 18:43
je suis en train de le désinstaller mais il est super long à cause du fait que tout l'ordi rame à fond
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
Modifié par romanais26 le 16/01/2012 à 18:56
Modifié par romanais26 le 16/01/2012 à 18:56
donc il m'a proposé d'installer la commande de récuperation de windows j'ai accepté
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
16 janv. 2012 à 19:35
16 janv. 2012 à 19:35
voila le rapport le moins que on puisse dire c'est que ça fait du bien ça rame beaucoup moins j'attaque defoger desuite
ComboFix 12-01-16.02 - Propriétaire 16/01/2012 19:06:06.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1015.557 [GMT 1:00]
Lancé depuis: c:\documents and settings\PropriÚtaire\Bureau\tristan.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
[i] ADS - drivers: deleted 0 bytes in 1 streams. /i
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1326670007.bdinstall.bin
c:\documents and settings\All Users\Application Data\D673815B-9B9A-6141-5C0D-DA4A39EB0021.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\NetworkService\Application Data\D673815B-9B9A-6141-5C0D-DA4A39EB0021.avi
c:\documents and settings\NetworkService\Local Settings\Application Data\D673815B-9B9A-6141-5C0D-DA4A39EB0021.avi
c:\windows\$NtUninstallKB53368$
c:\windows\$NtUninstallKB53368$\2621024004
c:\windows\$NtUninstallKB53368$\3646359855\@
c:\windows\$NtUninstallKB53368$\3646359855\bckfg.tmp
c:\windows\$NtUninstallKB53368$\3646359855\cfg.ini
c:\windows\$NtUninstallKB53368$\3646359855\Desktop.ini
c:\windows\$NtUninstallKB53368$\3646359855\keywords
c:\windows\$NtUninstallKB53368$\3646359855\kwrd.dll
c:\windows\$NtUninstallKB53368$\3646359855\L\nbdxoiqa
c:\windows\$NtUninstallKB53368$\3646359855\U\00000001.@
c:\windows\$NtUninstallKB53368$\3646359855\U\00000002.@
c:\windows\$NtUninstallKB53368$\3646359855\U\00000004.@
c:\windows\$NtUninstallKB53368$\3646359855\U\80000000.@
c:\windows\$NtUninstallKB53368$\3646359855\U\80000004.@
c:\windows\$NtUninstallKB53368$\3646359855\U\80000032.@
c:\windows\system32\Packet.dll
c:\windows\system32\VIRepair
c:\windows\system32\VIRepair\vi.sif
c:\windows\system32\windows
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-16 au 2012-01-16 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-16 17:47 . 2012-01-16 17:47 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\AVG Secure Search
2012-01-16 16:53 . 2012-01-16 16:53 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2012-01-16 10:32 . 2012-01-16 18:23 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-01-16 10:17 . 2012-01-16 10:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-01-16 10:01 . 2012-01-16 10:01 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-16 10:00 . 2012-01-16 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-16 08:54 . 2012-01-16 17:47 -------- d-----w- c:\program files\AVG Secure Search
2012-01-15 23:28 . 2012-01-15 23:28 60533 ----a-w- c:\documents and settings\All Users\Application Data\1326670015.bdinstall.bin
2012-01-15 23:08 . 2012-01-15 23:08 142867 ----a-w- c:\documents and settings\All Users\Application Data\1326668670.bdinstall.bin
2012-01-15 21:35 . 2012-01-15 21:36 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-15 20:42 . 2012-01-15 20:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\App
2012-01-15 20:40 . 2012-01-15 20:40 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-01-15 20:18 . 2012-01-15 20:18 -------- d-----w- c:\documents and settings\Propriétaire\Local Settings\Application Data\SanctionedMedia
2012-01-10 20:33 . 2012-01-10 20:33 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\Foxit Software
2011-12-31 01:34 . 2011-12-31 01:34 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-31 01:34 . 2011-12-31 01:34 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-31 01:34 . 2011-12-31 01:34 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-31 01:34 . 2011-12-31 01:34 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 21:48 . 2011-12-30 21:48 -------- d-----w- c:\program files\Foxit Software
2011-12-23 13:45 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-12-23 13:45 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-12-23 13:44 . 2011-12-27 21:51 -------- d-----w- c:\windows\Logs
2011-12-23 13:44 . 2011-12-23 13:44 -------- d-----w- c:\program files\Winamp Detect
2011-12-23 13:43 . 2011-12-23 13:43 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\Todae
2011-12-23 13:43 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-12-23 13:42 . 2012-01-15 20:20 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\Winamp
2011-12-23 13:42 . 2011-12-23 13:47 -------- d-----w- c:\program files\Winamp
2011-12-22 21:14 . 2011-12-22 21:21 -------- d-----w- c:\program files\MSECache
2011-12-20 11:37 . 2011-12-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 17:54 . 2011-05-15 07:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2010-12-17 18:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 12:59 . 2011-07-15 14:11 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-23 14:40 . 2008-04-14 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:28 . 2008-04-14 12:00 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1298432 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2008-04-13 19:07 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-23 10:29 . 2011-10-23 10:29 300032 ----a-r- c:\documents and settings\Propriétaire\Application Data\Microsoft\Installer\{D1C414B7-649B-4392-9CB2-001B34CAC13C}\StartMenuIcon.exe
2011-10-23 10:29 . 2011-10-23 10:29 300032 ----a-r- c:\documents and settings\Propriétaire\Application Data\Microsoft\Installer\{D1C414B7-649B-4392-9CB2-001B34CAC13C}\DesktopIcon.exe
2011-12-31 01:34 . 2011-06-26 14:50 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\documents and settings\Propriétaire\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-15 1418536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-01 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-12-22 3322768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Propriétaire\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [19/02/2011 09:34 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [19/02/2011 10:41 82824]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [16/01/2012 11:32 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [16/01/2012 11:32 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [16/01/2012 11:32 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [16/01/2012 11:32 2998832]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [16/01/2012 11:32 51632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [20/10/2009 08:18 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/10/2009 08:21 38912]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\F-Secure\HIPS\drivers\fshs.sys --> c:\program files\F-Secure\HIPS\drivers\fshs.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 eEyeUpdateSvc;eEye Update Service;c:\program files\Fichiers communs\eEye Digital Security\SyncIt\eEyeUpdateSvc.exe [22/07/2010 15:15 90480]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys --> c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [?]
S3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [24/01/2007 15:04 10336]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [14/11/2011 09:48 311928]
S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [17/04/2011 19:00 105984]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [?]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys --> c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvcs_Untrusted_BZ REG_MULTI_SZ winmgmt_Untrusted_BZ
BullGuard_Backup REG_MULTI_SZ BsBackup
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.ask.com/?l=dis&o=APN10023&gct=hp
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Propriétaire\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\osxu7bdf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc73d7e8d-ffe6-4676-98e0-d1890bf8532c%7D&mid=a6dcc08758643ce349a8ca9ef8ea1574-5336c0e5c18d88100a65586b66fee5aab6adfcad&ds=AVG&v=9.0.0.23&lang=fr&pr=fr&d=2012-01-16%2009%3A54%3A54&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-BsScanner
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-F-Secure Manager - c:\program files\F-Secure\Common\FSM32.EXE
MSConfigStartUp-HKCU - c:\windows\system32\windows\crvss.exe
MSConfigStartUp-HKLM - c:\windows\system32\windows\crvss.exe
MSConfigStartUp-Panda Security Toolbar Antiphishing - c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\documents and settings\Propriétaire\Application Data\Skype\shared_dynco\dc.db:BDU 16 bytes hidden from API
c:\documents and settings\Propriétaire\Application Data\Skype\shared_httpfe\queue.db:BDU 16 bytes hidden from API
.
Scan terminé avec succès
Fichiers cachés: 2
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2812)
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
c:\windows\system32\comdlg32.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\syncables\syncables desktop\jre\bin\javaw.exe
c:\program files\syncables\syncables desktop\MigoMapi.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Heure de fin: 2012-01-16 19:29:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-01-16 18:29
.
Avant-CF: 135 410 380 800 octets libres
Après-CF: 135 968 333 824 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 8183F8E1C244E90B3B50D4A64315FE67
ComboFix 12-01-16.02 - Propriétaire 16/01/2012 19:06:06.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1015.557 [GMT 1:00]
Lancé depuis: c:\documents and settings\PropriÚtaire\Bureau\tristan.exe
AV: Emsisoft Anti-Malware *Enabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
[i] ADS - drivers: deleted 0 bytes in 1 streams. /i
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1326670007.bdinstall.bin
c:\documents and settings\All Users\Application Data\D673815B-9B9A-6141-5C0D-DA4A39EB0021.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP
c:\documents and settings\NetworkService\Application Data\D673815B-9B9A-6141-5C0D-DA4A39EB0021.avi
c:\documents and settings\NetworkService\Local Settings\Application Data\D673815B-9B9A-6141-5C0D-DA4A39EB0021.avi
c:\windows\$NtUninstallKB53368$
c:\windows\$NtUninstallKB53368$\2621024004
c:\windows\$NtUninstallKB53368$\3646359855\@
c:\windows\$NtUninstallKB53368$\3646359855\bckfg.tmp
c:\windows\$NtUninstallKB53368$\3646359855\cfg.ini
c:\windows\$NtUninstallKB53368$\3646359855\Desktop.ini
c:\windows\$NtUninstallKB53368$\3646359855\keywords
c:\windows\$NtUninstallKB53368$\3646359855\kwrd.dll
c:\windows\$NtUninstallKB53368$\3646359855\L\nbdxoiqa
c:\windows\$NtUninstallKB53368$\3646359855\U\00000001.@
c:\windows\$NtUninstallKB53368$\3646359855\U\00000002.@
c:\windows\$NtUninstallKB53368$\3646359855\U\00000004.@
c:\windows\$NtUninstallKB53368$\3646359855\U\80000000.@
c:\windows\$NtUninstallKB53368$\3646359855\U\80000004.@
c:\windows\$NtUninstallKB53368$\3646359855\U\80000032.@
c:\windows\system32\Packet.dll
c:\windows\system32\VIRepair
c:\windows\system32\VIRepair\vi.sif
c:\windows\system32\windows
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-12-16 au 2012-01-16 ))))))))))))))))))))))))))))))))))))
.
.
2012-01-16 17:47 . 2012-01-16 17:47 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\AVG Secure Search
2012-01-16 16:53 . 2012-01-16 16:53 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla
2012-01-16 10:32 . 2012-01-16 18:23 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-01-16 10:17 . 2012-01-16 10:17 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-01-16 10:01 . 2012-01-16 10:01 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-01-16 10:00 . 2012-01-16 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-01-16 08:54 . 2012-01-16 17:47 -------- d-----w- c:\program files\AVG Secure Search
2012-01-15 23:28 . 2012-01-15 23:28 60533 ----a-w- c:\documents and settings\All Users\Application Data\1326670015.bdinstall.bin
2012-01-15 23:08 . 2012-01-15 23:08 142867 ----a-w- c:\documents and settings\All Users\Application Data\1326668670.bdinstall.bin
2012-01-15 21:35 . 2012-01-15 21:36 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-01-15 20:42 . 2012-01-15 20:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\App
2012-01-15 20:40 . 2012-01-15 20:40 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2012-01-15 20:18 . 2012-01-15 20:18 -------- d-----w- c:\documents and settings\Propriétaire\Local Settings\Application Data\SanctionedMedia
2012-01-10 20:33 . 2012-01-10 20:33 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\Foxit Software
2011-12-31 01:34 . 2011-12-31 01:34 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2011-12-31 01:34 . 2011-12-31 01:34 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2011-12-31 01:34 . 2011-12-31 01:34 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2011-12-31 01:34 . 2011-12-31 01:34 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2011-12-30 21:48 . 2011-12-30 21:48 -------- d-----w- c:\program files\Foxit Software
2011-12-23 13:45 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-12-23 13:45 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-12-23 13:44 . 2011-12-27 21:51 -------- d-----w- c:\windows\Logs
2011-12-23 13:44 . 2011-12-23 13:44 -------- d-----w- c:\program files\Winamp Detect
2011-12-23 13:43 . 2011-12-23 13:43 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\Todae
2011-12-23 13:43 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-12-23 13:42 . 2012-01-15 20:20 -------- d-----w- c:\documents and settings\Propriétaire\Application Data\Winamp
2011-12-23 13:42 . 2011-12-23 13:47 -------- d-----w- c:\program files\Winamp
2011-12-22 21:14 . 2011-12-22 21:21 -------- d-----w- c:\program files\MSECache
2011-12-20 11:37 . 2011-12-20 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 17:54 . 2011-05-15 07:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-10 14:24 . 2010-12-17 18:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2008-04-14 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2011-11-25 12:59 . 2011-07-15 14:11 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-23 14:40 . 2008-04-14 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\packager.exe
2011-11-03 15:28 . 2008-04-14 12:00 387072 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2008-04-14 12:00 1298432 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2008-04-14 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2008-04-14 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2008-04-14 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2008-04-13 19:07 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-23 10:29 . 2011-10-23 10:29 300032 ----a-r- c:\documents and settings\Propriétaire\Application Data\Microsoft\Installer\{D1C414B7-649B-4392-9CB2-001B34CAC13C}\StartMenuIcon.exe
2011-10-23 10:29 . 2011-10-23 10:29 300032 ----a-r- c:\documents and settings\Propriétaire\Application Data\Microsoft\Installer\{D1C414B7-649B-4392-9CB2-001B34CAC13C}\DesktopIcon.exe
2011-12-31 01:34 . 2011-06-26 14:50 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"Facebook Update"="c:\documents and settings\Propriétaire\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-10-19 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-15 1418536]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-01 173360]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752]
"emsisoft anti-malware"="c:\program files\Emsisoft Anti-Malware\a2guard.exe" [2011-12-22 3322768]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Propriétaire\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [19/02/2011 09:34 33408]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [19/02/2011 10:41 82824]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [16/01/2012 11:32 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [16/01/2012 11:32 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [16/01/2012 11:32 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [16/01/2012 11:32 2998832]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [16/01/2012 11:32 51632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [20/10/2009 08:18 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [20/10/2009 08:21 38912]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 F-Secure HIPS;F-Secure HIPS Driver;\??\c:\program files\F-Secure\HIPS\drivers\fshs.sys --> c:\program files\F-Secure\HIPS\drivers\fshs.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 eEyeUpdateSvc;eEye Update Service;c:\program files\Fichiers communs\eEye Digital Security\SyncIt\eEyeUpdateSvc.exe [22/07/2010 15:15 90480]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys --> c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [?]
S3 hitmanpro2;Hitman Pro 2 Driver;c:\program files\Hitman Pro\hitmanpro2.sys [24/01/2007 15:04 10336]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [14/11/2011 09:48 311928]
S3 qcusbser;ACER Android USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [17/04/2011 19:00 105984]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys --> c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [?]
S4 F-Secure Recognizer;F-Secure File System Recognizer;\??\c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys --> c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
netsvcs_Untrusted_BZ REG_MULTI_SZ winmgmt_Untrusted_BZ
BullGuard_Backup REG_MULTI_SZ BsBackup
.
Contenu du dossier 'Tâches planifiées'
.
2012-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.ask.com/?l=dis&o=APN10023&gct=hp
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Propriétaire\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\osxu7bdf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc73d7e8d-ffe6-4676-98e0-d1890bf8532c%7D&mid=a6dcc08758643ce349a8ca9ef8ea1574-5336c0e5c18d88100a65586b66fee5aab6adfcad&ds=AVG&v=9.0.0.23&lang=fr&pr=fr&d=2012-01-16%2009%3A54%3A54&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
SafeBoot-BsScanner
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-F-Secure Manager - c:\program files\F-Secure\Common\FSM32.EXE
MSConfigStartUp-HKCU - c:\windows\system32\windows\crvss.exe
MSConfigStartUp-HKLM - c:\windows\system32\windows\crvss.exe
MSConfigStartUp-Panda Security Toolbar Antiphishing - c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe
AddRemove-AVG - c:\program files\AVG\AVG2012\avgmfapx.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-16 19:23
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\documents and settings\Propriétaire\Application Data\Skype\shared_dynco\dc.db:BDU 16 bytes hidden from API
c:\documents and settings\Propriétaire\Application Data\Skype\shared_httpfe\queue.db:BDU 16 bytes hidden from API
.
Scan terminé avec succès
Fichiers cachés: 2
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\ASFWHide"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(2812)
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\MPR.dll
c:\windows\system32\comdlg32.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\idt\wdm\STacSV.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\syncables\syncables desktop\jre\bin\javaw.exe
c:\program files\syncables\syncables desktop\MigoMapi.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Heure de fin: 2012-01-16 19:29:54 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-01-16 18:29
.
Avant-CF: 135 410 380 800 octets libres
Après-CF: 135 968 333 824 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
.
- - End Of File - - 8183F8E1C244E90B3B50D4A64315FE67
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
16 janv. 2012 à 19:37
16 janv. 2012 à 19:37
et un 0access au cimetière ^^
bonne chasse jedi :)
bonne chasse jedi :)
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
16 janv. 2012 à 19:39
16 janv. 2012 à 19:39
donc je viens de me rendre compte que ça servais à désactiver les antivirus mais je l'avais fait préalablement, dois je faire quelque chose d'autre ou le problème est résolu ? car ça rame plus du tout la l'UC oscille entre 1 et 15% maxi
romanais26
Messages postés
9
Date d'inscription
lundi 16 janvier 2012
Statut
Membre
Dernière intervention
16 janvier 2012
16 janv. 2012 à 19:46
16 janv. 2012 à 19:46
hihihii oui j'ai remarqué zero access n'est pas passé par la case départ et a pas toucher les 20 000€ ^^ donc je mets résolu merciiiiiiiiiiiiiiiiiiiiiiiiiii :D
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
16 janv. 2012 à 20:03
16 janv. 2012 à 20:03
c est juste le début en effet ^^
mais bon s'il tiens à son 0access on le retient pas :p
mais bon s'il tiens à son 0access on le retient pas :p
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
16 janv. 2012 à 20:08
16 janv. 2012 à 20:08
ptdrrr
juju666
Messages postés
35446
Date d'inscription
jeudi 18 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
21 avril 2024
4 795
16 janv. 2012 à 20:13
16 janv. 2012 à 20:13
lol j'imagine bien
