Bonjour à tous les dieux de la désinfect du site, Une fois de plus je m'en remet à votre grande expertise et bonté pour m'aider dans la désinfection de cette machine. voici un zhpdiag https://www.cjoint.com/?BBkpOHst1Ai bonne journée à vous.merci Configuration: Windows Vista / Firefox 9.0.1

Encore une infection!

Réponse 21 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
13 févr. 2012 à 14:54

pre scan bloqué depuis 1heure sur "proxy"

Réponse 22 / 89

Utilisateur anonyme
13 févr. 2012 à 15:08

bah t'as une fenetre qui te demande supprimer ou pas non ?

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
13 févr. 2012 à 15:19

oui,

ça avance

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
13 févr. 2012 à 17:03

u esr le rapport? ça a redemarré

Réponse 23 / 89

Utilisateur anonyme
13 févr. 2012 à 17:10

sur le bureau dans tes icones

Réponse 24 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
13 févr. 2012 à 17:12

https://www.cjoint.com/?BBnriNIZTRE

Réponse 25 / 89

Utilisateur anonyme
13 févr. 2012 à 19:41

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

c:\windows\system32\drivers\cdrom.sys
c:\windows\system32\drivers\netnnusb.sys

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée colle le lien de(s)( la) page(s) dans ta prochaine réponse.

=========================

desinstalle adobe reader 8

=============================

fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre

Lance Pre_script , une page vierge va s'ouvrir.

selectionne tout le texte en gras ci-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
[HKEY_USERS\S-1-5-21-1209201674-4029264647-1254799989-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Regggx"=-
"Regedit32"=-
"Windows Init"=-
"douke"=-
"gfjeej"=-
"engel"=-
"wuuebah"=-
"knmiag"=-
"000.exe"=-
[-HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\000.exe]
[-HKCU\Software\2ec1184d]
[-HKCU\Software\AGProtect]
[HKLM\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=DWORD:00000000

txt::
C:\Windows\System32\Tasks\{7C31AB16-B32A-4C9B-AF06-08211FEFF722}

file::
C:\Users\KAM Apollinaire M\AppData\Roaming\Regggx.exe
C:\Users\KAM Apollinaire M\gfjeej.exe
C:\Users\KAMAPO~1\AppData\Local\Temp\058b0bcf.tmp.exe
C:\Users\KAM Apollinaire M\wuuebah.exe
C:\Users\KAM Apollinaire M\xvlof.exe
C:\Users\KAM Apollinaire M\douke.exe
C:\Users\KAM Apollinaire M\7631.tmp
C:\Users\KAM Apollinaire M\bialog.com
C:\Users\KAM Apollinaire M\biedib.com
C:\Users\KAM Apollinaire M\boeqam.com
C:\Users\KAM Apollinaire M\dako.com
C:\Users\KAM Apollinaire M\dbeb.com
C:\Users\KAM Apollinaire M\geafez.com
C:\Users\KAM Apollinaire M\geijj.com
C:\Users\KAM Apollinaire M\onur.com
C:\Users\KAM Apollinaire M\qiioz.com
C:\Users\KAM Apollinaire M\rcog.com
C:\Users\KAM Apollinaire M\realuq.com
C:\Users\KAM Apollinaire M\roefim.com
C:\Users\KAM Apollinaire M\rvid.com
C:\Users\KAM Apollinaire M\waabet.com
C:\Users\KAM Apollinaire M\xeevus.com
C:\Users\KAM Apollinaire M\xey.com
C:\Users\KAM Apollinaire M\xougov.com
C:\Users\KAM Apollinaire M\tiqel.com
C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR(2).exe
C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR(3).exe
C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR(3).exe.part
C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR.exe
C:\Users\Public\Documents\Windows\winhelp.exe
C:\Users\KAM Apollinaire M\AppData\Roaming\X
C:\Windows\System32\Tasks\task4839915
C:\Windows\System32\Tasks\task88122203

folder::
C:\Users\KAM Apollinaire M\AppData\Roaming\Microsoft\000F
C:\Users\KAM Apollinaire M\AppData\Roaming\Microsoft\000C
C:\Users\KAM Apollinaire M\AppData\Roaming\xoffscgi2y1hulzssmvuskjxhkxahbju2
C:\Program Files\LP
C:\Users\KAM Apollinaire M\AppData\Roaming\F0208
C:\Users\KAM Apollinaire M\AppData\Local\2ec1184d
C:\Users\KAM Apollinaire M\AppData\Roaming\08558
C:\Users\KAM Apollinaire M\AppData\Roaming\298DB
C:\Users\KAM Apollinaire M\AppData\Roaming\C8F29
C:\Users\KAM Apollinaire M\AppData\Roaming\wiaservg.log
C:\Users\KAM Apollinaire M\AppData\Roaming\X
C:\Users\KAM Apollinaire M\AppData\Roaming\x2jidmpaalxuhumudjkmdiiipphuseil2
C:\Users\KAM Apollinaire M\AppData\Roaming\xm2eedd3aeshladisw3bxtvzuwbjrkdm2
C:\Users\KAM Apollinaire M\AppData\Roaming\xph3zpsvxpspmi1zmor2vpwntnrsuixf2
C:\Users\KAM Apollinaire M\AppData\Roaming\xtmmhhhuwtwy3ztnboyfrzqecsxfcuqe2
C:\Program Files\08558

Mbr::

clean::

Reboot::
___________________________________________________

colle-le ensuite (clic droit/coller ou ctrl+V) dans la page vierge.

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail

si ton bureau ne reapparait pas => ctrl+alt+supp , gestionnaire des taches => onglet fichier => nouvelle tache puis tape explorer

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
13 févr. 2012 à 23:30

Je le fais demain.

Mon Dieu, j'ai l'impression que c'est vraiment lourd la désinfect. et cet outil de pre_scan, il a l'air super bon! (j'y comprends pas grand chose, mais avec ce rapport, c'est très évocateur)

Utilisateur anonyme
14 févr. 2012 à 00:07

je fais du mieux que je peux :)

Réponse 26 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
17 févr. 2012 à 15:35

il y'a deux cdrom.sys qui sont présents dans ce repertoire là j'ai choisi l'un d'eux.

https://www.virustotal.com/gui/file/bf400ab3e6a9906308ead40282217b83d18e2e00a0faabb5ddf2ae84bcf5c582

https://www.virustotal.com/gui/file/276836390cc68d485a2ca8e59334a7f9ecbc2b9ca95352db0fddb25c4efc4c1c

Réponse 27 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
17 févr. 2012 à 15:46

j'ai ce message au démarrage

impossible de charger ou d'exécuter c:\users\kamapo~1\locals~1\temp\msuash.cmd spécifié dans le registre. vérifiez que le fichier existe sur votre ordinateur ou supprimez la référence dans le registre

la machine a rebooté après pre_script et je sais pas où il est son rapport.

merci

Réponse 28 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
17 févr. 2012 à 15:46

le voila

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.212 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | Seven - 32/64 bits ¤¤¤¤¤

Mis à jour : 13/02/2012 | 00.00 Par g3n-h@ckm@n
Utilisateur : KAM Apollinaire M (Administrateurs)
Ordinateur : PC-DE-KAM
Système d'exploitation : Windows Vista (TM) Home Basic (32 bits)
Internet Explorer : 7.0.6000.16982
Mozilla Firefox : 9.0.1 (fr)

Switchs possibles :

processes:: | file:: | folder:: | Registry::
Driver:: | replace:: | DNS:: | Command::
txt:: | Host:: | NsLook:: | DLL::
list:: | IP:: | Kill:: | clean::
Reboot:: | MBR:: | Fixmbr:: | 40:: | Zip::
Tray::

Script : 15:35:55

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Modification du registre effectuée

¤

Absent : C:\Users\KAM Apollinaire M\AppData\Roaming\Regggx.exe
Absent : C:\Users\KAM Apollinaire M\gfjeej.exe
Absent : C:\Users\KAMAPO~1\AppData\Local\Temp\058b0bcf.tmp.exe
Absent : C:\Users\KAM Apollinaire M\wuuebah.exe
Absent : C:\Users\KAM Apollinaire M\xvlof.exe
Absent : C:\Users\KAM Apollinaire M\douke.exe
Supprimé : C:\Users\KAM Apollinaire M\7631.tmp
Supprimé : C:\Users\KAM Apollinaire M\bialog.com
Supprimé : C:\Users\KAM Apollinaire M\biedib.com
Supprimé : C:\Users\KAM Apollinaire M\boeqam.com
Supprimé : C:\Users\KAM Apollinaire M\dako.com
Supprimé : C:\Users\KAM Apollinaire M\dbeb.com
Supprimé : C:\Users\KAM Apollinaire M\geafez.com
Supprimé : C:\Users\KAM Apollinaire M\geijj.com
Supprimé : C:\Users\KAM Apollinaire M\onur.com
Supprimé : C:\Users\KAM Apollinaire M\qiioz.com
Supprimé : C:\Users\KAM Apollinaire M\rcog.com
Supprimé : C:\Users\KAM Apollinaire M\realuq.com
Supprimé : C:\Users\KAM Apollinaire M\roefim.com
Supprimé : C:\Users\KAM Apollinaire M\rvid.com
Supprimé : C:\Users\KAM Apollinaire M\waabet.com
Supprimé : C:\Users\KAM Apollinaire M\xeevus.com
Supprimé : C:\Users\KAM Apollinaire M\xey.com
Supprimé : C:\Users\KAM Apollinaire M\xougov.com
Supprimé : C:\Users\KAM Apollinaire M\tiqel.com
Supprimé : C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR(2).exe
Supprimé : C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR(3).exe
Supprimé : C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR(3).exe.part
Supprimé : C:\Users\KAM Apollinaire M\Downloads\AdbeRdr933_fr_FR.exe
Supprimé : C:\Users\Public\Documents\Windows\winhelp.exe
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\X
Supprimé : C:\Windows\System32\Tasks\task4839915
Supprimé : C:\Windows\System32\Tasks\task88122203

¤

<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo />
<Triggers>
<RegistrationTrigger>
<Enabled>true</Enabled>
</RegistrationTrigger>
</Triggers>
<Settings>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>C:\Windows\system32\pcalua.exe</Command>
<Arguments>-a E:\setup.exe -d E:\</Arguments>
</Exec>
</Actions>
<Principals>
<Principal id="Author">
<UserId>PC-de-KAMApolli\KAM Apollinaire M</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
</Task>

¤

Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\Microsoft\000F
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\Microsoft\000C
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\xoffscgi2y1hulzssmvuskjxhkxahbju2
Absent : C:\Program Files\LP
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\F0208
Absent : C:\Users\KAM Apollinaire M\AppData\Local\2ec1184d
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\08558
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\298DB
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\C8F29
non Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\wiaservg.log
Absent : C:\Users\KAM Apollinaire M\AppData\Roaming\X
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\x2jidmpaalxuhumudjkmdiiipphuseil2
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\xm2eedd3aeshladisw3bxtvzuwbjrkdm2
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\xph3zpsvxpspmi1zmor2vpwntnrsuixf2
Supprimé : C:\Users\KAM Apollinaire M\AppData\Roaming\xtmmhhhuwtwy3ztnboyfrzqecsxfcuqe2
Supprimé : C:\Program Files\08558

¤

¤¤¤¤¤¤¤¤¤¤ | MBR

Windows Version: Windows Vista Home Basic Edition
Windows Information: (build 6000), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Extensa 5220
Logical Drives Mask: 0x0000001c

Analysis of file "C:\Kill'em\MBR.bin":
Unknown MBR code

¤

¤¤¤¤¤¤¤¤¤¤ | Nettoyage disque

Nettoyage du disque effectué

¤

explorer.exe -> Processus redémarré

Fin : 15:37:56

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

Réponse 29 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
17 févr. 2012 à 15:52

A propos de l'antivirus, je n'ai toujours pas eu ton avis sur un qui pourra remplacer AVG que j'ai.

merci

Réponse 30 / 89

Utilisateur anonyme
18 févr. 2012 à 09:11

hello

relance pre_scan , choisis "Tools" puis "TDSSKiller

l'outil va telecharger tdsskiller

l'outil va telecharger la derniere version

L'écran de TDSSKiller s'affiche:

Illustration

- Laisser cochées les 2 options par défaut -Visible via l'onglet "change parameter".

Illustration

▶ Et coche les 2 options supplémentaires:

Illustration

▶ Clique sur Start scan pour lancer l'analyse.

- Si une menace est détectée (Threats detected) vérifie que, suivant le cas:

En général, laisse les options proposées par défaut par l'outil

l'option "delete" (effacer) est bien cochée pour la famille TDL2
l'option "delete" (effacer) est bien cochée pour tout objet de la forme chiffre_aléatoire:chiffre_aléatoire.exe
l'option "delete" (effacer) est bien cochée pour tout service de la forme chiffre et/ou lettre aléatoire (hidden file)
l'option "cure" (réparer ) pour la famille TDL3.
l'option "cure" (réparer ) pour la famille tdl4(\HardDisk0\MBR).
l'option "cure" (réparer) pour la famille Rootkit.Win32.ZAccess

▶ puis clique sur Continue.

- laisse l'action par défaut "skip" (sauter) pour les "suspicious objects. low risks", avant de savoir ce que c'est, puis clique sur Continue.

Illustration

En fin d'analyse il peut être demandé de relancer la machine:

▶ clique sur Reboot Now.

▶ Si aucun reboot n'est demandé, clique sur le bouton Report et poste le contenu du fichier qui s'affiche.
▶ Si un reboot est demandé, aprés redémarrage tu trouveras le contenu du rapport de TDSSKiller ici:
SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)

[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Réponse 31 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
22 févr. 2012 à 18:32

18:22:28.0253 3680 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:22:29.0266 3680 ============================================================
18:22:29.0266 3680 Current date / time: 2012/02/22 18:22:29.0266
18:22:29.0266 3680 SystemInfo:
18:22:29.0266 3680
18:22:29.0266 3680 OS Version: 6.0.6000 ServicePack: 0.0
18:22:29.0266 3680 Product type: Workstation
18:22:29.0266 3680 ComputerName: PC-DE-KAM
18:22:29.0266 3680 UserName: KAM Apollinaire M
18:22:29.0266 3680 Windows directory: C:\Windows
18:22:29.0266 3680 System windows directory: C:\Windows
18:22:29.0266 3680 Processor architecture: Intel x86
18:22:29.0266 3680 Number of processors: 1
18:22:29.0266 3680 Page size: 0x1000
18:22:29.0266 3680 Boot type: Normal boot
18:22:29.0266 3680 ============================================================
18:22:29.0944 3680 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:22:29.0946 3680 \Device\Harddisk0\DR0:
18:22:29.0946 3680 MBR used
18:22:29.0946 3680 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x40C4800
18:22:29.0946 3680 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x544D000, BlocksNum 0x40C2000
18:22:30.0114 3680 Initialize success
18:22:30.0114 3680 ============================================================
18:22:59.0519 1272 ============================================================
18:22:59.0519 1272 Scan started
18:22:59.0519 1272 Mode: Manual; SigCheck; TDLFS;
18:22:59.0519 1272 ============================================================
18:22:59.0823 1272 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
18:22:59.0926 1272 ACPI - ok
18:23:00.0019 1272 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
18:23:00.0045 1272 adp94xx - ok
18:23:00.0214 1272 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
18:23:00.0245 1272 adpahci - ok
18:23:00.0451 1272 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
18:23:00.0466 1272 adpu160m - ok
18:23:00.0620 1272 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
18:23:00.0632 1272 adpu320 - ok
18:23:00.0707 1272 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
18:23:00.0788 1272 AFD - ok
18:23:00.0936 1272 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
18:23:00.0946 1272 agp440 - ok
18:23:01.0102 1272 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:23:01.0112 1272 aic78xx - ok
18:23:01.0251 1272 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
18:23:01.0260 1272 aliide - ok
18:23:01.0425 1272 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
18:23:01.0435 1272 amdagp - ok
18:23:01.0470 1272 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
18:23:01.0479 1272 amdide - ok
18:23:01.0533 1272 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
18:23:01.0675 1272 AmdK7 - ok
18:23:01.0786 1272 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
18:23:01.0855 1272 AmdK8 - ok
18:23:02.0021 1272 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
18:23:02.0031 1272 arc - ok
18:23:02.0188 1272 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
18:23:02.0199 1272 arcsas - ok
18:23:02.0260 1272 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:02.0320 1272 AsyncMac - ok
18:23:02.0365 1272 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
18:23:02.0376 1272 atapi - ok
18:23:02.0552 1272 athr (d9583d3c896f0c608d8a484906650b2c) C:\Windows\system32\DRIVERS\athr.sys
18:23:02.0622 1272 athr - ok
18:23:02.0803 1272 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:23:02.0882 1272 b57nd60x - ok
18:23:02.0948 1272 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:23:03.0047 1272 BCM43XV - ok
18:23:03.0187 1272 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
18:23:03.0420 1272 Beep - ok
18:23:03.0614 1272 blbdrive - ok
18:23:03.0647 1272 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
18:23:03.0708 1272 bowser - ok
18:23:03.0781 1272 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:23:03.0920 1272 BrFiltLo - ok
18:23:04.0047 1272 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:23:04.0089 1272 BrFiltUp - ok
18:23:04.0179 1272 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:23:04.0249 1272 Brserid - ok
18:23:04.0289 1272 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:23:04.0354 1272 BrSerWdm - ok
18:23:04.0484 1272 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:23:04.0556 1272 BrUsbMdm - ok
18:23:04.0591 1272 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:23:04.0652 1272 BrUsbSer - ok
18:23:04.0694 1272 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:23:04.0742 1272 BTHMODEM - ok
18:23:04.0863 1272 catchme - ok
18:23:04.0993 1272 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
18:23:05.0041 1272 cdfs - ok
18:23:05.0088 1272 cdrom (519875394dab1c84a323d459929d5f61) C:\Windows\system32\DRIVERS\cdrom.sys
18:23:05.0090 1272 cdrom ( Virus.Win32.ZAccess.c ) - infected
18:23:05.0090 1272 cdrom - detected Virus.Win32.ZAccess.c (0)
18:23:05.0125 1272 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
18:23:05.0204 1272 circlass - ok
18:23:05.0257 1272 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
18:23:05.0278 1272 CLFS - ok
18:23:05.0451 1272 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:05.0512 1272 CmBatt - ok
18:23:05.0552 1272 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
18:23:05.0561 1272 cmdide - ok
18:23:05.0602 1272 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
18:23:05.0612 1272 Compbatt - ok
18:23:05.0645 1272 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
18:23:05.0656 1272 crcdisk - ok
18:23:05.0689 1272 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
18:23:05.0766 1272 Crusoe - ok
18:23:05.0949 1272 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
18:23:06.0016 1272 DfsC - ok
18:23:06.0102 1272 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
18:23:06.0112 1272 disk - ok
18:23:06.0343 1272 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
18:23:06.0415 1272 drmkaud - ok
18:23:06.0489 1272 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
18:23:06.0541 1272 DXGKrnl - ok
18:23:06.0693 1272 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:23:06.0759 1272 E1G60 - ok
18:23:06.0812 1272 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
18:23:06.0824 1272 Ecache - ok
18:23:07.0011 1272 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
18:23:07.0028 1272 elxstor - ok
18:23:07.0230 1272 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
18:23:07.0252 1272 enodpl ( UnsignedFile.Multi.Generic ) - warning
18:23:07.0252 1272 enodpl - detected UnsignedFile.Multi.Generic (1)
18:23:07.0298 1272 EpfwLWF (9cefd59c8e5ebfb48165aef54617f539) C:\Windows\system32\DRIVERS\EpfwLWF.sys
18:23:07.0350 1272 EpfwLWF - ok
18:23:07.0437 1272 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
18:23:07.0506 1272 fastfat - ok
18:23:07.0630 1272 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
18:23:07.0690 1272 fdc - ok
18:23:07.0738 1272 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
18:23:07.0747 1272 FileInfo - ok
18:23:07.0791 1272 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
18:23:07.0839 1272 Filetrace - ok
18:23:07.0868 1272 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
18:23:07.0933 1272 flpydisk - ok
18:23:07.0964 1272 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
18:23:07.0979 1272 FltMgr - ok
18:23:08.0028 1272 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
18:23:08.0072 1272 Fs_Rec - ok
18:23:08.0231 1272 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
18:23:08.0241 1272 gagp30kx - ok
18:23:08.0307 1272 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:23:08.0361 1272 HdAudAddService - ok
18:23:08.0400 1272 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:23:08.0412 1272 HDAudBus - ok
18:23:08.0544 1272 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:23:08.0608 1272 HidBth - ok
18:23:08.0644 1272 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:23:08.0715 1272 HidIr - ok
18:23:08.0780 1272 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
18:23:08.0792 1272 HidUsb - ok
18:23:08.0941 1272 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
18:23:08.0951 1272 HpCISSs - ok
18:23:09.0021 1272 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:23:09.0056 1272 HSFHWAZL - ok
18:23:09.0126 1272 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:23:09.0200 1272 HSF_DPV - ok
18:23:09.0370 1272 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:23:09.0384 1272 HSXHWAZL - ok
18:23:09.0436 1272 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
18:23:09.0487 1272 HTTP - ok
18:23:09.0606 1272 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
18:23:09.0615 1272 i2omp - ok
18:23:09.0724 1272 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
18:23:09.0755 1272 i8042prt - ok
18:23:09.0937 1272 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
18:23:09.0950 1272 iaStor - ok
18:23:10.0050 1272 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
18:23:10.0066 1272 iaStorV - ok
18:23:10.0279 1272 igfx (04e385059da704ec6659ddb1526c4193) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:23:10.0375 1272 igfx - ok
18:23:10.0573 1272 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:23:10.0585 1272 iirsp - ok
18:23:10.0669 1272 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys
18:23:10.0679 1272 int15 - ok
18:23:10.0788 1272 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys
18:23:10.0869 1272 IntcAzAudAddService - ok
18:23:11.0051 1272 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
18:23:11.0060 1272 intelide - ok
18:23:11.0110 1272 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
18:23:11.0160 1272 intelppm - ok
18:23:11.0217 1272 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:11.0297 1272 IpFilterDriver - ok
18:23:11.0318 1272 IpInIp - ok
18:23:11.0357 1272 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
18:23:11.0426 1272 IPMIDRV - ok
18:23:11.0561 1272 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
18:23:11.0613 1272 IPNAT - ok
18:23:11.0658 1272 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys
18:23:11.0725 1272 irda - ok
18:23:11.0759 1272 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
18:23:11.0807 1272 IRENUM - ok
18:23:11.0855 1272 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
18:23:11.0865 1272 isapnp - ok
18:23:12.0010 1272 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
18:23:12.0022 1272 iScsiPrt - ok
18:23:12.0059 1272 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:23:12.0069 1272 iteatapi - ok
18:23:12.0103 1272 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:23:12.0114 1272 iteraid - ok
18:23:12.0166 1272 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
18:23:12.0176 1272 kbdclass - ok
18:23:12.0235 1272 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
18:23:12.0258 1272 kbdhid - ok
18:23:12.0412 1272 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
18:23:12.0436 1272 KSecDD - ok
18:23:12.0631 1272 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
18:23:12.0695 1272 lltdio - ok
18:23:12.0748 1272 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
18:23:12.0757 1272 LSI_FC - ok
18:23:12.0802 1272 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
18:23:12.0812 1272 LSI_SAS - ok
18:23:12.0852 1272 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
18:23:12.0862 1272 LSI_SCSI - ok
18:23:12.0898 1272 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
18:23:12.0946 1272 luafv - ok
18:23:13.0115 1272 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:23:13.0125 1272 mdmxsdk - ok
18:23:13.0176 1272 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
18:23:13.0185 1272 megasas - ok
18:23:13.0236 1272 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
18:23:13.0310 1272 Modem - ok
18:23:13.0446 1272 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
18:23:13.0465 1272 monitor - ok
18:23:13.0583 1272 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
18:23:13.0593 1272 mouclass - ok
18:23:13.0702 1272 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
18:23:13.0806 1272 mouhid - ok
18:23:14.0006 1272 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
18:23:14.0052 1272 MountMgr - ok
18:23:14.0138 1272 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
18:23:14.0148 1272 mpio - ok
18:23:14.0276 1272 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
18:23:14.0313 1272 mpsdrv - ok
18:23:14.0392 1272 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:23:14.0401 1272 Mraid35x - ok
18:23:14.0461 1272 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
18:23:14.0508 1272 MRxDAV - ok
18:23:14.0634 1272 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:14.0684 1272 mrxsmb - ok
18:23:14.0747 1272 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:14.0772 1272 mrxsmb10 - ok
18:23:14.0804 1272 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:14.0833 1272 mrxsmb20 - ok
18:23:14.0940 1272 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
18:23:14.0949 1272 msahci - ok
18:23:14.0996 1272 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
18:23:15.0006 1272 msdsm - ok
18:23:15.0053 1272 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
18:23:15.0100 1272 Msfs - ok
18:23:15.0132 1272 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
18:23:15.0140 1272 msisadrv - ok
18:23:15.0199 1272 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
18:23:15.0256 1272 MSKSSRV - ok
18:23:15.0382 1272 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:15.0443 1272 MSPCLOCK - ok
18:23:15.0501 1272 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
18:23:15.0547 1272 MSPQM - ok
18:23:15.0593 1272 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
18:23:15.0606 1272 MsRPC - ok
18:23:15.0642 1272 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:23:15.0654 1272 mssmbios - ok
18:23:15.0789 1272 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
18:23:15.0859 1272 MSTEE - ok
18:23:15.0900 1272 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
18:23:15.0909 1272 Mup - ok
18:23:15.0974 1272 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\Windows\system32\Drivers\mvusbews.sys
18:23:16.0026 1272 mvusbews - ok
18:23:16.0177 1272 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
18:23:16.0220 1272 NativeWifiP - ok
18:23:16.0289 1272 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
18:23:16.0317 1272 NDIS - ok
18:23:16.0460 1272 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:16.0500 1272 NdisTapi - ok
18:23:16.0566 1272 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:16.0622 1272 Ndisuio - ok
18:23:16.0668 1272 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:16.0735 1272 NdisWan - ok
18:23:16.0870 1272 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
18:23:16.0895 1272 NDProxy - ok
18:23:16.0949 1272 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
18:23:17.0021 1272 NetBIOS - ok
18:23:17.0069 1272 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
18:23:17.0132 1272 netbt - ok
18:23:17.0369 1272 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
18:23:17.0488 1272 NETw3v32 - ok
18:23:17.0644 1272 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:23:17.0653 1272 nfrd960 - ok
18:23:17.0704 1272 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
18:23:17.0758 1272 Npfs - ok
18:23:17.0805 1272 NSCIRDA (c9294e01e45139fd77e16ec07fd86f61) C:\Windows\system32\DRIVERS\nscirda.sys
18:23:17.0863 1272 NSCIRDA - ok
18:23:18.0013 1272 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
18:23:18.0076 1272 nsiproxy - ok
18:23:18.0158 1272 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
18:23:18.0204 1272 Ntfs - ok
18:23:18.0366 1272 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
18:23:18.0379 1272 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
18:23:18.0379 1272 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
18:23:18.0415 1272 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:23:18.0471 1272 ntrigdigi - ok
18:23:18.0493 1272 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
18:23:18.0544 1272 Null - ok
18:23:18.0601 1272 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
18:23:18.0680 1272 NVENETFD - ok
18:23:18.0836 1272 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
18:23:18.0846 1272 nvraid - ok
18:23:18.0895 1272 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
18:23:18.0904 1272 nvstor - ok
18:23:18.0959 1272 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
18:23:18.0970 1272 nv_agp - ok
18:23:19.0019 1272 NwlnkFlt - ok
18:23:19.0040 1272 NwlnkFwd - ok
18:23:19.0083 1272 ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
18:23:19.0097 1272 ohci1394 - ok
18:23:19.0153 1272 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:23:19.0202 1272 Parport - ok
18:23:19.0350 1272 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
18:23:19.0359 1272 partmgr - ok
18:23:19.0405 1272 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:23:19.0460 1272 Parvdm - ok
18:23:19.0506 1272 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
18:23:19.0517 1272 pci - ok
18:23:19.0579 1272 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
18:23:19.0588 1272 pciide - ok
18:23:19.0709 1272 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
18:23:19.0722 1272 pcmcia - ok
18:23:19.0804 1272 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:23:19.0880 1272 PEAUTH - ok
18:23:20.0055 1272 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
18:23:20.0100 1272 PptpMiniport - ok
18:23:20.0155 1272 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
18:23:20.0233 1272 Processor - ok
18:23:20.0368 1272 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
18:23:20.0380 1272 PSched - ok
18:23:20.0444 1272 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
18:23:20.0452 1272 PSDFilter - ok
18:23:20.0474 1272 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
18:23:20.0484 1272 PSDNServ - ok
18:23:20.0538 1272 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
18:23:20.0546 1272 psdvdisk - ok
18:23:20.0615 1272 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
18:23:20.0656 1272 ql2300 - ok
18:23:20.0855 1272 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:23:20.0866 1272 ql40xx - ok
18:23:20.0908 1272 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
18:23:20.0976 1272 QWAVEdrv - ok
18:23:21.0018 1272 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
18:23:21.0073 1272 RasAcd - ok
18:23:21.0220 1272 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:21.0248 1272 Rasl2tp - ok
18:23:21.0292 1272 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
18:23:21.0363 1272 RasPppoe - ok
18:23:21.0404 1272 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
18:23:21.0457 1272 rdbss - ok
18:23:21.0489 1272 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:21.0542 1272 RDPCDD - ok
18:23:21.0696 1272 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
18:23:21.0768 1272 rdpdr - ok
18:23:21.0802 1272 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
18:23:21.0870 1272 RDPENCDD - ok
18:23:22.0005 1272 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
18:23:22.0081 1272 RDPWD - ok
18:23:22.0162 1272 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
18:23:22.0210 1272 ROOTMODEM - ok
18:23:22.0261 1272 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
18:23:22.0308 1272 rspndr - ok
18:23:22.0465 1272 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:23:22.0476 1272 sbp2port - ok
18:23:22.0561 1272 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
18:23:22.0574 1272 sdbus - ok
18:23:22.0621 1272 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:23:22.0668 1272 secdrv - ok
18:23:22.0816 1272 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\Windows\system32\DRIVERS\ser2pl.sys
18:23:22.0835 1272 Ser2pl ( UnsignedFile.Multi.Generic ) - warning
18:23:22.0835 1272 Ser2pl - detected UnsignedFile.Multi.Generic (1)
18:23:22.0894 1272 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
18:23:22.0951 1272 Serenum - ok
18:23:22.0992 1272 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:23:23.0055 1272 Serial - ok
18:23:23.0094 1272 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
18:23:23.0106 1272 sermouse - ok
18:23:23.0276 1272 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
18:23:23.0290 1272 sffdisk - ok
18:23:23.0333 1272 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
18:23:23.0344 1272 sffp_mmc - ok
18:23:23.0382 1272 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
18:23:23.0413 1272 sffp_sd - ok
18:23:23.0452 1272 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
18:23:23.0509 1272 sfloppy - ok
18:23:23.0564 1272 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
18:23:23.0574 1272 sisagp - ok
18:23:23.0710 1272 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
18:23:23.0722 1272 SiSRaid2 - ok
18:23:23.0765 1272 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
18:23:23.0775 1272 SiSRaid4 - ok
18:23:23.0833 1272 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
18:23:23.0900 1272 Smb - ok
18:23:23.0946 1272 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
18:23:23.0957 1272 spldr - ok
18:23:24.0037 1272 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
18:23:24.0084 1272 srv - ok
18:23:24.0244 1272 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
18:23:24.0285 1272 srv2 - ok
18:23:24.0318 1272 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
18:23:24.0345 1272 srvnet - ok
18:23:24.0405 1272 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
18:23:24.0414 1272 swenum - ok
18:23:24.0560 1272 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:23:24.0569 1272 Symc8xx - ok
18:23:24.0607 1272 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:23:24.0616 1272 Sym_hi - ok
18:23:24.0648 1272 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:23:24.0660 1272 Sym_u3 - ok
18:23:24.0713 1272 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
18:23:24.0726 1272 SynTP - ok
18:23:24.0810 1272 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
18:23:24.0814 1272 tandpl ( UnsignedFile.Multi.Generic ) - warning
18:23:24.0814 1272 tandpl - detected UnsignedFile.Multi.Generic (1)
18:23:24.0970 1272 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
18:23:25.0036 1272 Tcpip - ok
18:23:25.0204 1272 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
18:23:25.0233 1272 Tcpip6 - ok
18:23:25.0295 1272 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
18:23:25.0351 1272 tcpipreg - ok
18:23:25.0481 1272 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
18:23:25.0531 1272 TDPIPE - ok
18:23:25.0590 1272 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
18:23:25.0648 1272 TDTCP - ok
18:23:25.0670 1272 tdx - ok
18:23:25.0712 1272 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
18:23:25.0722 1272 TermDD - ok
18:23:25.0870 1272 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
18:23:25.0915 1272 tifm21 - ok
18:23:26.0002 1272 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:26.0060 1272 tssecsrv - ok
18:23:26.0177 1272 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
18:23:26.0200 1272 tunmp - ok
18:23:26.0268 1272 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
18:23:26.0283 1272 tunnel - ok
18:23:26.0323 1272 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
18:23:26.0332 1272 uagp35 - ok
18:23:26.0376 1272 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
18:23:26.0439 1272 udfs - ok
18:23:26.0603 1272 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
18:23:26.0613 1272 uliagpkx - ok
18:23:26.0679 1272 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
18:23:26.0694 1272 uliahci - ok
18:23:26.0733 1272 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:23:26.0744 1272 UlSata - ok
18:23:26.0875 1272 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:23:26.0886 1272 ulsata2 - ok
18:23:27.0036 1272 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
18:23:27.0097 1272 umbus - ok
18:23:27.0164 1272 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:27.0194 1272 usbccgp - ok
18:23:27.0337 1272 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:23:27.0399 1272 usbcir - ok
18:23:27.0465 1272 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
18:23:27.0477 1272 usbehci - ok
18:23:27.0523 1272 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
18:23:27.0538 1272 usbhub - ok
18:23:27.0573 1272 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
18:23:27.0641 1272 usbohci - ok
18:23:27.0766 1272 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
18:23:27.0818 1272 usbprint - ok
18:23:27.0879 1272 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
18:23:27.0948 1272 usbscan - ok
18:23:27.0988 1272 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:28.0036 1272 USBSTOR - ok
18:23:28.0172 1272 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
18:23:28.0194 1272 usbuhci - ok
18:23:28.0269 1272 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
18:23:28.0333 1272 usbvideo - ok
18:23:28.0388 1272 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:28.0457 1272 vga - ok
18:23:28.0599 1272 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
18:23:28.0655 1272 VgaSave - ok
18:23:28.0690 1272 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
18:23:28.0700 1272 viaagp - ok
18:23:28.0741 1272 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
18:23:28.0804 1272 ViaC7 - ok
18:23:28.0840 1272 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
18:23:28.0850 1272 viaide - ok
18:23:28.0886 1272 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
18:23:28.0895 1272 volmgr - ok
18:23:29.0046 1272 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
18:23:29.0062 1272 volmgrx - ok
18:23:29.0136 1272 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
18:23:29.0154 1272 volsnap - ok
18:23:29.0254 1272 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
18:23:29.0266 1272 vsmraid - ok
18:23:29.0333 1272 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:23:29.0381 1272 WacomPen - ok
18:23:29.0439 1272 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:29.0451 1272 Wanarp - ok
18:23:29.0476 1272 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:29.0490 1272 Wanarpv6 - ok
18:23:29.0605 1272 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
18:23:29.0613 1272 Wd - ok
18:23:29.0717 1272 Wdf01000 (a1bd4ad37b361199dc326cccc9c179de) C:\Windows\system32\drivers\Wdf01000.sys
18:23:29.0727 1272 Suspicious file (Forged): C:\Windows\system32\drivers\Wdf01000.sys. Real md5: a1bd4ad37b361199dc326cccc9c179de, Fake md5: b6f0a7ad6d4bd325fbcd8bac96cd8d96
18:23:29.0730 1272 Wdf01000 ( Virus.Win32.Rloader.a ) - infected
18:23:29.0730 1272 Wdf01000 - detected Virus.Win32.Rloader.a (0)
18:23:29.0884 1272 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:23:29.0914 1272 winachsf - ok
18:23:30.0096 1272 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:30.0124 1272 WmiAcpi - ok
18:23:30.0238 1272 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
18:23:30.0297 1272 WpdUsb - ok
18:23:30.0456 1272 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:30.0594 1272 ws2ifsl - ok
18:23:30.0791 1272 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:30.0840 1272 WUDFRd - ok
18:23:30.0904 1272 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
18:23:30.0914 1272 XAudio - ok
18:23:30.0980 1272 XinweiIad (9061abdddda0cb2502a92d89f10f7ca1) C:\Windows\system32\DRIVERS\netnnusb.sys
18:23:30.0995 1272 XinweiIad ( UnsignedFile.Multi.Generic ) - warning
18:23:30.0995 1272 XinweiIad - detected UnsignedFile.Multi.Generic (1)
18:23:31.0187 1272 ztemtusbser (a1809f184d4a897d57bf8c5efebbcf04) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
18:23:31.0213 1272 ztemtusbser - ok
18:23:31.0387 1272 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
18:23:31.0394 1272 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
18:23:31.0434 1272 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
18:23:34.0507 1272 \Device\Harddisk0\DR0 - ok
18:23:34.0543 1272 Boot (0x1200) (0084302fe2448db4138cec82fec1a7ef) \Device\Harddisk0\DR0\Partition0
18:23:34.0544 1272 \Device\Harddisk0\DR0\Partition0 - ok
18:23:34.0573 1272 Boot (0x1200) (09196f04566aed98856b888286853776) \Device\Harddisk0\DR0\Partition1
18:23:34.0574 1272 \Device\Harddisk0\DR0\Partition1 - ok
18:23:34.0578 1272 ============================================================
18:23:34.0578 1272 Scan finished
18:23:34.0578 1272 ============================================================
18:23:34.0603 1052 Detected object count: 7
18:23:34.0604 1052 Actual detected object count: 7
18:27:42.0140 1052 C:\Windows\system32\DRIVERS\cdrom.sys - copied to quarantine
18:27:42.0147 1052 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\cdrom.sys) error 1813
18:27:42.0237 1052 Backup copy found, using it..
18:27:42.0264 1052 C:\Windows\system32\DRIVERS\cdrom.sys - will be cured on reboot
18:27:46.0706 1052 cdrom ( Virus.Win32.ZAccess.c ) - User select action: Cure
18:27:46.0710 1052 enodpl ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:46.0710 1052 enodpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:46.0714 1052 NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:46.0714 1052 NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:46.0720 1052 Ser2pl ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:46.0720 1052 Ser2pl ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:46.0725 1052 tandpl ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:46.0725 1052 tandpl ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:46.0814 1052 C:\Windows\system32\drivers\Wdf01000.sys - copied to quarantine
18:27:46.0866 1052 Backup copy found, using it..
18:27:46.0879 1052 C:\Windows\system32\drivers\Wdf01000.sys - will be cured on reboot
18:27:46.0879 1052 Wdf01000 ( Virus.Win32.Rloader.a ) - User select action: Cure
18:27:46.0883 1052 XinweiIad ( UnsignedFile.Multi.Generic ) - skipped by user
18:27:46.0883 1052 XinweiIad ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:27:54.0845 2184 Deinitialize success

Réponse 32 / 89

Utilisateur anonyme
22 févr. 2012 à 19:16

refais un passage avec tdsskiller sans toucher les parametres cette fois-ci

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
23 févr. 2012 à 14:39

IL FAUT telecharger à chaque fois?

Réponse 33 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
23 févr. 2012 à 14:51

14:40:09.0248 2168 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
14:40:10.0293 2168 ============================================================
14:40:10.0293 2168 Current date / time: 2012/02/23 14:40:10.0293
14:40:10.0293 2168 SystemInfo:
14:40:10.0293 2168
14:40:10.0293 2168 OS Version: 6.0.6000 ServicePack: 0.0
14:40:10.0293 2168 Product type: Workstation
14:40:10.0293 2168 ComputerName: PC-DE-KAM
14:40:10.0294 2168 UserName: KAM Apollinaire M
14:40:10.0294 2168 Windows directory: C:\Windows
14:40:10.0294 2168 System windows directory: C:\Windows
14:40:10.0294 2168 Processor architecture: Intel x86
14:40:10.0294 2168 Number of processors: 1
14:40:10.0294 2168 Page size: 0x1000
14:40:10.0294 2168 Boot type: Normal boot
14:40:10.0294 2168 ============================================================
14:40:10.0961 2168 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:40:10.0977 2168 \Device\Harddisk0\DR0:
14:40:10.0977 2168 MBR used
14:40:10.0977 2168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x40C4800
14:40:10.0977 2168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x544D000, BlocksNum 0x40C2000
14:40:11.0054 2168 Initialize success
14:40:11.0054 2168 ============================================================
14:40:16.0793 0568 ============================================================
14:40:16.0793 0568 Scan started
14:40:16.0793 0568 Mode: Manual;
14:40:16.0793 0568 ============================================================
14:40:17.0918 0568 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
14:40:17.0924 0568 ACPI - ok
14:40:18.0037 0568 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:40:18.0047 0568 adp94xx - ok
14:40:18.0221 0568 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:40:18.0228 0568 adpahci - ok
14:40:18.0291 0568 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:40:18.0302 0568 adpu160m - ok
14:40:18.0359 0568 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:40:18.0364 0568 adpu320 - ok
14:40:18.0553 0568 AFD (e6b3b6125d87ce94c1351901e50e10ff) C:\Windows\system32\drivers\afd.sys
14:40:18.0556 0568 Suspicious file (Forged): C:\Windows\system32\drivers\afd.sys. Real md5: e6b3b6125d87ce94c1351901e50e10ff, Fake md5: 5d24caf8efd924a875698ff28384db8b
14:40:18.0558 0568 AFD ( Virus.Win32.ZAccess.c ) - infected
14:40:18.0559 0568 AFD - detected Virus.Win32.ZAccess.c (0)
14:40:18.0753 0568 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:40:18.0755 0568 agp440 - ok
14:40:18.0920 0568 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:40:18.0922 0568 aic78xx - ok
14:40:19.0079 0568 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:40:19.0081 0568 aliide - ok
14:40:19.0275 0568 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:40:19.0277 0568 amdagp - ok
14:40:19.0322 0568 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:40:19.0323 0568 amdide - ok
14:40:19.0372 0568 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:40:19.0374 0568 AmdK7 - ok
14:40:19.0414 0568 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
14:40:19.0416 0568 AmdK8 - ok
14:40:19.0606 0568 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:40:19.0609 0568 arc - ok
14:40:19.0718 0568 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:40:19.0722 0568 arcsas - ok
14:40:19.0779 0568 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
14:40:19.0780 0568 AsyncMac - ok
14:40:20.0106 0568 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
14:40:20.0107 0568 atapi - ok
14:40:20.0206 0568 athr (d9583d3c896f0c608d8a484906650b2c) C:\Windows\system32\DRIVERS\athr.sys
14:40:20.0222 0568 athr - ok
14:40:20.0634 0568 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:40:20.0647 0568 b57nd60x - ok
14:40:21.0124 0568 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
14:40:21.0135 0568 BCM43XV - ok
14:40:21.0573 0568 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
14:40:21.0574 0568 Beep - ok
14:40:21.0949 0568 blbdrive - ok
14:40:22.0023 0568 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
14:40:22.0036 0568 bowser - ok
14:40:22.0445 0568 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:40:22.0465 0568 BrFiltLo - ok
14:40:22.0689 0568 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:40:22.0722 0568 BrFiltUp - ok
14:40:22.0843 0568 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:40:22.0873 0568 Brserid - ok
14:40:23.0165 0568 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:40:23.0184 0568 BrSerWdm - ok
14:40:23.0393 0568 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:40:23.0431 0568 BrUsbMdm - ok
14:40:23.0755 0568 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:40:23.0784 0568 BrUsbSer - ok
14:40:23.0869 0568 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:40:23.0882 0568 BTHMODEM - ok
14:40:24.0096 0568 catchme - ok
14:40:24.0536 0568 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
14:40:24.0568 0568 cdfs - ok
14:40:24.0808 0568 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
14:40:24.0843 0568 cdrom - ok
14:40:24.0901 0568 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:40:24.0918 0568 circlass - ok
14:40:25.0001 0568 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
14:40:25.0049 0568 CLFS - ok
14:40:25.0362 0568 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
14:40:25.0363 0568 CmBatt - ok
14:40:25.0485 0568 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:40:25.0495 0568 cmdide - ok
14:40:25.0689 0568 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
14:40:25.0691 0568 Compbatt - ok
14:40:25.0758 0568 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:40:25.0763 0568 crcdisk - ok
14:40:25.0844 0568 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:40:25.0852 0568 Crusoe - ok
14:40:26.0106 0568 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
14:40:26.0108 0568 DfsC - ok
14:40:26.0343 0568 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
14:40:26.0359 0568 disk - ok
14:40:26.0690 0568 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
14:40:26.0702 0568 drmkaud - ok
14:40:26.0859 0568 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
14:40:26.0930 0568 DXGKrnl - ok
14:40:27.0242 0568 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:40:27.0245 0568 E1G60 - ok
14:40:27.0394 0568 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
14:40:27.0410 0568 Ecache - ok
14:40:27.0982 0568 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:40:28.0011 0568 elxstor - ok
14:40:28.0412 0568 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys
14:40:28.0413 0568 enodpl - ok
14:40:28.0502 0568 EpfwLWF (9cefd59c8e5ebfb48165aef54617f539) C:\Windows\system32\DRIVERS\EpfwLWF.sys
14:40:28.0503 0568 EpfwLWF - ok
14:40:29.0064 0568 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
14:40:29.0138 0568 fastfat - ok
14:40:29.0580 0568 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:40:29.0621 0568 fdc - ok
14:40:29.0966 0568 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
14:40:30.0066 0568 FileInfo - ok
14:40:30.0464 0568 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
14:40:30.0466 0568 Filetrace - ok
14:40:30.0642 0568 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:40:30.0643 0568 flpydisk - ok
14:40:30.0982 0568 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
14:40:30.0986 0568 FltMgr - ok
14:40:31.0411 0568 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
14:40:31.0463 0568 Fs_Rec - ok
14:40:31.0970 0568 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:40:31.0984 0568 gagp30kx - ok
14:40:32.0058 0568 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:40:32.0080 0568 HdAudAddService - ok
14:40:32.0328 0568 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:40:32.0349 0568 HDAudBus - ok
14:40:32.0405 0568 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:40:32.0416 0568 HidBth - ok
14:40:32.0461 0568 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:40:32.0463 0568 HidIr - ok
14:40:32.0753 0568 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
14:40:32.0754 0568 HidUsb - ok
14:40:32.0915 0568 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:40:32.0916 0568 HpCISSs - ok
14:40:33.0287 0568 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:40:33.0310 0568 HSFHWAZL - ok
14:40:33.0581 0568 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:40:33.0603 0568 HSF_DPV - ok
14:40:34.0154 0568 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:40:34.0159 0568 HSXHWAZL - ok
14:40:34.0789 0568 HTTP (3c3cba3ce1a66439a960d4531a167c39) C:\Windows\system32\drivers\HTTP.sys
14:40:34.0821 0568 HTTP - ok
14:40:35.0202 0568 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:40:35.0214 0568 i2omp - ok
14:40:35.0632 0568 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
14:40:35.0654 0568 i8042prt - ok
14:40:36.0200 0568 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
14:40:36.0204 0568 iaStor - ok
14:40:36.0635 0568 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:40:36.0641 0568 iaStorV - ok
14:40:37.0678 0568 igfx (04e385059da704ec6659ddb1526c4193) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:40:37.0745 0568 igfx - ok
14:40:38.0247 0568 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:40:38.0268 0568 iirsp - ok
14:40:38.0752 0568 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys
14:40:38.0768 0568 int15 - ok
14:40:39.0211 0568 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys
14:40:39.0277 0568 IntcAzAudAddService - ok
14:40:39.0703 0568 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
14:40:39.0740 0568 intelide - ok
14:40:39.0963 0568 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
14:40:39.0965 0568 intelppm - ok
14:40:40.0173 0568 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:40:40.0176 0568 IpFilterDriver - ok
14:40:40.0639 0568 IpInIp - ok
14:40:40.0754 0568 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:40:40.0773 0568 IPMIDRV - ok
14:40:40.0913 0568 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
14:40:40.0961 0568 IPNAT - ok
14:40:41.0134 0568 irda (f11a90fb3f44f37ad10a4893bb690065) C:\Windows\system32\DRIVERS\irda.sys
14:40:41.0139 0568 irda - ok
14:40:41.0489 0568 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
14:40:41.0508 0568 IRENUM - ok
14:40:41.0763 0568 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:40:41.0778 0568 isapnp - ok
14:40:41.0897 0568 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
14:40:41.0901 0568 iScsiPrt - ok
14:40:42.0333 0568 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:40:42.0350 0568 iteatapi - ok
14:40:42.0501 0568 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:40:42.0503 0568 iteraid - ok
14:40:42.0641 0568 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
14:40:42.0656 0568 kbdclass - ok
14:40:43.0001 0568 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
14:40:43.0015 0568 kbdhid - ok
14:40:43.0198 0568 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
14:40:43.0211 0568 KSecDD - ok
14:40:43.0750 0568 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
14:40:43.0781 0568 lltdio - ok
14:40:44.0300 0568 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:40:44.0323 0568 LSI_FC - ok
14:40:44.0733 0568 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:40:44.0776 0568 LSI_SAS - ok
14:40:45.0216 0568 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:40:45.0225 0568 LSI_SCSI - ok
14:40:45.0305 0568 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
14:40:45.0327 0568 luafv - ok
14:40:45.0767 0568 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:40:45.0789 0568 mdmxsdk - ok
14:40:46.0251 0568 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:40:46.0253 0568 megasas - ok
14:40:46.0378 0568 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
14:40:46.0400 0568 Modem - ok
14:40:46.0577 0568 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
14:40:46.0579 0568 monitor - ok
14:40:46.0781 0568 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
14:40:46.0842 0568 mouclass - ok
14:40:47.0066 0568 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
14:40:47.0088 0568 mouhid - ok
14:40:47.0170 0568 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
14:40:47.0173 0568 MountMgr - ok
14:40:47.0279 0568 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:40:47.0282 0568 mpio - ok
14:40:47.0362 0568 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
14:40:47.0381 0568 mpsdrv - ok
14:40:47.0478 0568 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:40:47.0488 0568 Mraid35x - ok
14:40:47.0581 0568 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
14:40:47.0584 0568 MRxDAV - ok
14:40:47.0850 0568 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:40:47.0869 0568 mrxsmb - ok
14:40:48.0078 0568 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:40:48.0084 0568 mrxsmb10 - ok
14:40:48.0179 0568 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:40:48.0187 0568 mrxsmb20 - ok
14:40:48.0294 0568 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
14:40:48.0306 0568 msahci - ok
14:40:48.0451 0568 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:40:48.0471 0568 msdsm - ok
14:40:48.0695 0568 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
14:40:48.0740 0568 Msfs - ok
14:40:48.0962 0568 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
14:40:49.0007 0568 msisadrv - ok
14:40:49.0374 0568 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
14:40:49.0423 0568 MSKSSRV - ok
14:40:49.0601 0568 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
14:40:49.0602 0568 MSPCLOCK - ok
14:40:49.0898 0568 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
14:40:49.0916 0568 MSPQM - ok
14:40:50.0347 0568 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
14:40:50.0352 0568 MsRPC - ok
14:40:50.0451 0568 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:40:50.0452 0568 mssmbios - ok
14:40:50.0698 0568 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
14:40:50.0749 0568 MSTEE - ok
14:40:50.0953 0568 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
14:40:50.0969 0568 Mup - ok
14:40:51.0160 0568 mvusbews (b9df137953a5280eddbd4a705ca093a2) C:\Windows\system32\Drivers\mvusbews.sys
14:40:51.0162 0568 mvusbews - ok
14:40:51.0353 0568 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
14:40:51.0374 0568 NativeWifiP - ok
14:40:51.0599 0568 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
14:40:51.0610 0568 NDIS - ok
14:40:52.0146 0568 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
14:40:52.0198 0568 NdisTapi - ok
14:40:52.0374 0568 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
14:40:52.0392 0568 Ndisuio - ok
14:40:52.0455 0568 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
14:40:52.0473 0568 NdisWan - ok
14:40:52.0579 0568 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
14:40:52.0581 0568 NDProxy - ok
14:40:53.0168 0568 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
14:40:53.0170 0568 NetBIOS - ok
14:40:53.0734 0568 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
14:40:53.0776 0568 netbt - ok
14:40:54.0215 0568 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
14:40:54.0255 0568 NETw3v32 - ok
14:40:54.0662 0568 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:40:54.0682 0568 nfrd960 - ok
14:40:54.0801 0568 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
14:40:54.0846 0568 Npfs - ok
14:40:55.0169 0568 NSCIRDA (c9294e01e45139fd77e16ec07fd86f61) C:\Windows\system32\DRIVERS\nscirda.sys
14:40:55.0170 0568 NSCIRDA - ok
14:40:55.0522 0568 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
14:40:55.0542 0568 nsiproxy - ok
14:40:56.0092 0568 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
14:40:56.0132 0568 Ntfs - ok
14:40:56.0407 0568 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:40:56.0417 0568 NTIDrvr - ok
14:40:56.0510 0568 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:40:56.0528 0568 ntrigdigi - ok
14:40:56.0608 0568 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
14:40:56.0612 0568 Null - ok
14:40:56.0907 0568 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
14:40:56.0932 0568 NVENETFD - ok
14:40:56.0978 0568 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:40:57.0001 0568 nvraid - ok
14:40:57.0048 0568 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:40:57.0050 0568 nvstor - ok
14:40:57.0267 0568 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:40:57.0280 0568 nv_agp - ok
14:40:57.0309 0568 NwlnkFlt - ok
14:40:57.0343 0568 NwlnkFwd - ok
14:40:57.0467 0568 ohci1394 (953c1ba621f4da9dc7d268ae839a51fb) C:\Windows\system32\DRIVERS\ohci1394.sys
14:40:57.0482 0568 ohci1394 - ok
14:40:57.0595 0568 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:40:57.0600 0568 Parport - ok
14:40:57.0714 0568 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
14:40:57.0725 0568 partmgr - ok
14:40:57.0836 0568 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:40:57.0854 0568 Parvdm - ok
14:40:58.0090 0568 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
14:40:58.0102 0568 pci - ok
14:40:58.0221 0568 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
14:40:58.0223 0568 pciide - ok
14:40:58.0485 0568 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
14:40:58.0501 0568 pcmcia - ok
14:40:58.0792 0568 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:40:58.0813 0568 PEAUTH - ok
14:40:59.0174 0568 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
14:40:59.0177 0568 PptpMiniport - ok
14:40:59.0241 0568 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:40:59.0253 0568 Processor - ok
14:40:59.0477 0568 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
14:40:59.0486 0568 PSched - ok
14:40:59.0551 0568 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
14:40:59.0560 0568 PSDFilter - ok
14:40:59.0590 0568 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
14:40:59.0592 0568 PSDNServ - ok
14:40:59.0646 0568 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
14:40:59.0649 0568 psdvdisk - ok
14:41:00.0126 0568 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:41:00.0148 0568 ql2300 - ok
14:41:00.0397 0568 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:41:00.0400 0568 ql40xx - ok
14:41:00.0627 0568 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
14:41:00.0629 0568 QWAVEdrv - ok
14:41:00.0705 0568 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
14:41:00.0709 0568 RasAcd - ok
14:41:00.0773 0568 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:41:00.0784 0568 Rasl2tp - ok
14:41:00.0856 0568 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
14:41:00.0858 0568 RasPppoe - ok
14:41:00.0981 0568 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
14:41:00.0988 0568 rdbss - ok
14:41:01.0209 0568 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:41:01.0231 0568 RDPCDD - ok
14:41:01.0427 0568 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:41:01.0447 0568 rdpdr - ok
14:41:01.0634 0568 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
14:41:01.0635 0568 RDPENCDD - ok
14:41:01.0714 0568 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
14:41:01.0718 0568 RDPWD - ok
14:41:01.0870 0568 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys
14:41:01.0872 0568 ROOTMODEM - ok
14:41:02.0025 0568 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
14:41:02.0027 0568 rspndr - ok
14:41:02.0129 0568 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:41:02.0132 0568 sbp2port - ok
14:41:02.0314 0568 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
14:41:02.0320 0568 sdbus - ok
14:41:02.0429 0568 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:41:02.0431 0568 secdrv - ok
14:41:02.0524 0568 Ser2pl (6ce397c482bede91a38e56a8c4a0dc6d) C:\Windows\system32\DRIVERS\ser2pl.sys
14:41:02.0526 0568 Ser2pl - ok
14:41:02.0680 0568 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
14:41:02.0682 0568 Serenum - ok
14:41:02.0778 0568 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:41:02.0782 0568 Serial - ok
14:41:02.0834 0568 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
14:41:02.0836 0568 sermouse - ok
14:41:02.0962 0568 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
14:41:02.0964 0568 sffdisk - ok
14:41:03.0097 0568 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
14:41:03.0098 0568 sffp_mmc - ok
14:41:03.0192 0568 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
14:41:03.0194 0568 sffp_sd - ok
14:41:03.0238 0568 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
14:41:03.0240 0568 sfloppy - ok
14:41:03.0329 0568 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:41:03.0331 0568 sisagp - ok
14:41:03.0478 0568 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:41:03.0555 0568 SiSRaid2 - ok
14:41:04.0684 0568 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:41:04.0708 0568 SiSRaid4 - ok
14:41:04.0953 0568 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
14:41:04.0955 0568 Smb - ok
14:41:05.0010 0568 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
14:41:05.0012 0568 spldr - ok
14:41:05.0124 0568 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
14:41:05.0132 0568 srv - ok
14:41:05.0264 0568 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
14:41:05.0268 0568 srv2 - ok
14:41:05.0327 0568 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
14:41:05.0330 0568 srvnet - ok
14:41:05.0402 0568 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
14:41:05.0404 0568 swenum - ok
14:41:05.0457 0568 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:41:05.0459 0568 Symc8xx - ok
14:41:05.0816 0568 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:41:05.0819 0568 Sym_hi - ok
14:41:05.0885 0568 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:41:05.0887 0568 Sym_u3 - ok
14:41:06.0139 0568 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
14:41:06.0149 0568 SynTP - ok
14:41:06.0340 0568 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys
14:41:06.0342 0568 tandpl - ok
14:41:06.0447 0568 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
14:41:06.0467 0568 Tcpip - ok
14:41:06.0681 0568 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
14:41:06.0691 0568 Tcpip6 - ok
14:41:06.0786 0568 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
14:41:06.0788 0568 tcpipreg - ok
14:41:06.0899 0568 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
14:41:06.0901 0568 TDPIPE - ok
14:41:06.0987 0568 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
14:41:06.0989 0568 TDTCP - ok
14:41:07.0015 0568 tdx - ok
14:41:07.0065 0568 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
14:41:07.0067 0568 TermDD - ok
14:41:07.0190 0568 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
14:41:07.0197 0568 tifm21 - ok
14:41:07.0434 0568 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:41:07.0436 0568 tssecsrv - ok
14:41:07.0519 0568 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
14:41:07.0520 0568 tunmp - ok
14:41:07.0653 0568 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
14:41:07.0655 0568 tunnel - ok
14:41:07.0702 0568 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:41:07.0705 0568 uagp35 - ok
14:41:07.0841 0568 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
14:41:07.0847 0568 udfs - ok
14:41:08.0001 0568 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:41:08.0003 0568 uliagpkx - ok
14:41:08.0055 0568 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:41:08.0061 0568 uliahci - ok
14:41:08.0217 0568 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:41:08.0221 0568 UlSata - ok
14:41:08.0394 0568 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:41:08.0398 0568 ulsata2 - ok
14:41:08.0444 0568 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
14:41:08.0446 0568 umbus - ok
14:41:08.0617 0568 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys
14:41:08.0620 0568 usbccgp - ok
14:41:08.0799 0568 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:41:08.0804 0568 usbcir - ok
14:41:08.0901 0568 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys
14:41:08.0903 0568 usbehci - ok
14:41:09.0093 0568 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys
14:41:09.0195 0568 usbhub - ok
14:41:09.0371 0568 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\DRIVERS\usbohci.sys
14:41:09.0373 0568 usbohci - ok
14:41:09.0431 0568 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
14:41:09.0437 0568 usbprint - ok
14:41:09.0510 0568 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
14:41:09.0514 0568 usbscan - ok
14:41:09.0674 0568 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:41:09.0676 0568 USBSTOR - ok
14:41:09.0769 0568 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys
14:41:09.0771 0568 usbuhci - ok
14:41:09.0866 0568 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
14:41:09.0870 0568 usbvideo - ok
14:41:10.0080 0568 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:41:10.0084 0568 vga - ok
14:41:10.0141 0568 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
14:41:10.0159 0568 VgaSave - ok
14:41:10.0223 0568 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:41:10.0225 0568 viaagp - ok
14:41:10.0405 0568 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:41:10.0407 0568 ViaC7 - ok
14:41:10.0493 0568 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:41:10.0496 0568 viaide - ok
14:41:10.0561 0568 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
14:41:10.0570 0568 volmgr - ok
14:41:10.0689 0568 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
14:41:10.0696 0568 volmgrx - ok
14:41:10.0878 0568 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
14:41:10.0885 0568 volsnap - ok
14:41:11.0052 0568 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:41:11.0065 0568 vsmraid - ok
14:41:11.0140 0568 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:41:11.0142 0568 WacomPen - ok
14:41:11.0227 0568 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
14:41:11.0229 0568 Wanarp - ok
14:41:11.0269 0568 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
14:41:11.0271 0568 Wanarpv6 - ok
14:41:11.0369 0568 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:41:11.0381 0568 Wd - ok
14:41:11.0594 0568 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:41:11.0603 0568 Wdf01000 - ok
14:41:11.0750 0568 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:41:11.0785 0568 winachsf - ok
14:41:12.0104 0568 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:41:12.0106 0568 WmiAcpi - ok
14:41:12.0380 0568 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
14:41:12.0383 0568 WpdUsb - ok
14:41:12.0498 0568 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
14:41:12.0499 0568 ws2ifsl - ok
14:41:12.0809 0568 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:41:12.0822 0568 WUDFRd - ok
14:41:12.0897 0568 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
14:41:12.0898 0568 XAudio - ok
14:41:12.0977 0568 XinweiIad (9061abdddda0cb2502a92d89f10f7ca1) C:\Windows\system32\DRIVERS\netnnusb.sys
14:41:12.0979 0568 XinweiIad - ok
14:41:13.0153 0568 ztemtusbser (a1809f184d4a897d57bf8c5efebbcf04) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
14:41:13.0156 0568 ztemtusbser - ok
14:41:13.0362 0568 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
14:41:13.0363 0568 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
14:41:13.0432 0568 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
14:41:19.0663 0568 \Device\Harddisk0\DR0 - ok
14:41:19.0696 0568 Boot (0x1200) (0084302fe2448db4138cec82fec1a7ef) \Device\Harddisk0\DR0\Partition0
14:41:19.0698 0568 \Device\Harddisk0\DR0\Partition0 - ok
14:41:19.0726 0568 Boot (0x1200) (09196f04566aed98856b888286853776) \Device\Harddisk0\DR0\Partition1
14:41:19.0728 0568 \Device\Harddisk0\DR0\Partition1 - ok
14:41:19.0844 0568 ============================================================
14:41:19.0844 0568 Scan finished
14:41:19.0844 0568 ============================================================
14:41:19.0874 3908 Detected object count: 1
14:41:19.0874 3908 Actual detected object count: 1
14:41:26.0056 3908 C:\Windows\system32\drivers\afd.sys - copied to quarantine
14:41:30.0317 3908 Backup copy not found, trying to cure infected file..
14:41:30.0338 3908 Cure success, using it..
14:41:30.0363 3908 C:\Windows\system32\drivers\afd.sys - will be cured on reboot
14:41:41.0155 3908 AFD ( Virus.Win32.ZAccess.c ) - User select action: Cure
14:43:43.0054 2848 Deinitialize success

Réponse 34 / 89

Utilisateur anonyme
23 févr. 2012 à 20:13

bon supprime combofix , retelecharge-le , renomme-le au telechargement puis lance-le

Réponse 35 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
27 févr. 2012 à 17:13

voila,

après le combofix plus rien ne marche, j'arrive plus a lancer un navigateur. voici néanmoins le rapport que je poste à partir d'ailleurs. merci!!

ComboFix 12-02-27.01 - KAM Apollinaire M 27/02/2012 15:57:16.1.1 - x86
Lancé depuis: c:\users\KAM Apollinaire M\Desktop\XDD.exe
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\KAM Apollinaire M\AppData\Roaming\desktop.ini
c:\users\KAM Apollinaire M\AppData\Roaming\engel
c:\users\KAM Apollinaire M\AppData\Roaming\wiaservg.log
c:\users\KAM Apollinaire M\douke.exe /k
c:\users\KAM Apollinaire M\gfjeej.exe /X
c:\users\KAM Apollinaire M\knmiag.exe /h
c:\users\Public\Documents\Server\admin.txt
c:\users\Public\Documents\Server\server.dat
c:\windows\$NtUninstallKB51571$\2154842969
c:\windows\$NtUninstallKB51571$\784406605\@
c:\windows\$NtUninstallKB51571$\784406605\L\ogejidap
c:\windows\system32\AppnApi.dll
c:\windows\system32\dds_log_trash.cmd
c:\windows\$NtUninstallKB51571$ . . . . impossible à supprimer
.
c:\windows\system32\drivers\tdx.sys était absent
Copie restaurée à partir de - c:\windows\SoftwareDistribution\Download\848c23cf13d83b3e0a6f1da97f3af588\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vclone
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-01-27 au 2012-02-27 ))))))))))))))))))))))))))))))))))))
.
.
2012-02-27 15:12 . 2012-02-27 15:18 -------- d-----w- c:\users\KAM Apollinaire M\AppData\Local\temp
2012-02-27 15:12 . 2012-02-27 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 15:12 . 2008-01-19 05:55 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-23 13:50 . 2012-02-23 13:50 -------- d-----w- c:\program files\TeamViewer
2012-02-22 17:27 . 2012-02-23 13:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-12 18:27 . 2012-02-13 09:06 -------- d-----w- C:\UsbFix
2012-02-10 15:26 . 2012-02-10 15:26 -------- d-----w- c:\programdata\Local Settings
2012-02-10 15:05 . 2012-02-23 13:43 -------- d-----w- C:\Kill'em
2012-02-10 14:17 . 2012-02-10 14:29 -------- d-----w- C:\ZHP
2012-02-10 13:43 . 2012-02-10 14:19 -------- d-----w- c:\program files\ZHPDiag
2012-02-03 10:32 . 2012-02-23 13:36 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-03 10:32 . 2012-02-22 17:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-03 10:32 . 2012-02-22 17:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-03 10:32 . 2012-02-22 17:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-02 13:44 . 2012-02-02 13:44 -------- d-----w- c:\users\KAM Apollinaire M\AppData\Local\ESET
2012-02-02 13:42 . 2012-02-02 13:42 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:44 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-22 17:29 . 2011-07-14 10:53 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-02-22 17:29 . 2006-11-02 08:51 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-13 09:06 . 2012-02-12 21:37 5040 ----a-w- C:\UsbFix_Upload_Me_PC-DE-KAM.zip
2012-01-12 09:58 . 2012-01-12 09:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74D28568-DDB0-493C-B32A-7177C75E0E6B}\offreg.dll
2011-12-06 19:06 . 2009-10-13 10:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 13:36 . 2011-12-27 12:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-21 22528]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"34136"="c:\progra~2\LOCALS~1\Temp\msveeva.pif" [2009-08-07 43528]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2008-5-27 30720]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-6 535336]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-07-21 10:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
vclone
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{43F2A5BF-24AD-45FE-AF7A-54A57BD15DFD}: NameServer = 192.168.1.1
TCP: Interfaces\{5CC00B90-C6F0-47E8-AA76-8517B41B4D72}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\KAM Apollinaire M\AppData\Roaming\Mozilla\Firefox\Profiles\kj1ia2rg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56545
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKCU-Run-Acer Tour Reminder - (no file)
HKCU-Run-MediaDICO9Ut - c:\program files\Micro Application\7 Dictionnaires Utiles\LanceMediaDICO.exe
HKCU-Run-SunJavaUpdateSched - c:\users\KAM Apollinaire M\AppData\Roaming\rundll32.exe
HKCU-Run-Regggx - c:\users\KAM Apollinaire M\AppData\Roaming\Regggx.exe
HKCU-Run-gfjeej - c:\users\KAM Apollinaire M\gfjeej.exe
HKCU-Run-knmiag - c:\users\KAM Apollinaire M\knmiag.exe
HKCU-Run-douke - c:\users\KAM Apollinaire M\douke.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET Smart Security\egui.exe
SafeBoot-05023510.sys
SafeBoot-39139870.sys
MSConfigStartUp-000 - c:\program files\LP\000F\000.exe
AddRemove-CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118 - c:\program files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe
AddRemove-GridVista - c:\windows\UnInst32.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 16:18
Windows 6.0.6000 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(1128)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\TeamViewer\Version7\tv_w32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\HP\HPLaserJetService\HPLaserJetService.exe
c:\windows\system32\HPSIsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\CAP3RSK.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\igfxsrvc.exe
c:\users\KAMAPO~1\AppData\Local\Temp\RtkBtMnt.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
.
**************************************************************************
.
Heure de fin: 2012-02-27 16:25:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-02-27 15:25
.
Avant-CF: 2 120 577 024 octets libres
Après-CF: 2 136 879 104 octets libres
.
- - End Of File - - 6889F7D9E94BBFC7469D561B878F1C6B

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
27 févr. 2012 à 17:27

tentative d'opération non autorisée sur une clé du registre. voila le message quand je veux ouvrir IE ou mozilla

Utilisateur anonyme
27 févr. 2012 à 18:37

ben comme dit en dessous redemarre la pc

Réponse 36 / 89

Utilisateur anonyme
27 févr. 2012 à 17:18

y a quoi ? tentative sur une clé marquée pour suppression ? redemarre le pc

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
2 mars 2012 à 17:58

OK ça relance les navigateurs. en attente pour la suite. merci

Réponse 37 / 89

Utilisateur anonyme
2 mars 2012 à 18:47

__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
KillAll::

ClearJavaCache::

File::
c:\programdata\Local Settings\Temp\msveeva.pif

Folder::
c:\windows\$NtUninstallKB51571$
c:\program files\LP

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"34136"=-

Netsvc::
vclone

Firefox::
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56545

------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix
que tu as renommé

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
3 mars 2012 à 19:13

un rootkit a été détecté

Réponse 38 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
3 mars 2012 à 19:13

ComboFix 12-02-27.01 - KAM Apollinaire M 03/03/2012 13:18:10.2.1 - x86
Microsoft® Windows Vista(TM) Édition Familiale Basique 6.0.6000.0.1252.33.1036.18.1526.808 [GMT 1:00]
Lancé depuis: c:\users\KAM Apollinaire M\Desktop\XDD.exe
Commutateurs utilisés :: c:\users\KAM Apollinaire M\Desktop\CFscript.txt
.
FILE ::
"c:\programdata\Local Settings\Temp\msveeva.pif"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Local Settings\Temp\msveeva.pif
c:\windows\$NtUninstallKB51571$ . . . . impossible à supprimer
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-03 au 2012-03-03 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-03 12:30 . 2012-03-03 12:49 -------- d-----w- c:\users\KAM Apollinaire M\AppData\Local\temp
2012-03-03 12:30 . 2012-03-03 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 15:12 . 2008-01-19 05:55 71680 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-27 14:45 . 2012-02-27 15:25 -------- d-----w- C:\XDD
2012-02-23 13:50 . 2012-02-23 13:50 -------- d-----w- c:\program files\TeamViewer
2012-02-22 17:27 . 2012-02-23 13:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-12 18:27 . 2012-02-13 09:06 -------- d-----w- C:\UsbFix
2012-02-10 15:26 . 2012-02-10 15:26 -------- d-----w- c:\programdata\Local Settings
2012-02-10 15:05 . 2012-02-23 13:43 -------- d-----w- C:\Kill'em
2012-02-10 14:17 . 2012-02-10 14:29 -------- d-----w- C:\ZHP
2012-02-10 13:43 . 2012-02-10 14:19 -------- d-----w- c:\program files\ZHPDiag
2012-02-03 10:32 . 2012-02-23 13:36 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-03 10:32 . 2012-02-22 17:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-03 10:32 . 2012-02-22 17:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-03 10:32 . 2012-02-22 17:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-02 13:44 . 2012-02-02 13:44 -------- d-----w- c:\users\KAM Apollinaire M\AppData\Local\ESET
2012-02-02 13:42 . 2012-02-02 13:42 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 13:44 . 2006-11-02 08:58 270336 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-22 17:29 . 2011-07-14 10:53 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-02-22 17:29 . 2006-11-02 08:51 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-02-13 09:06 . 2012-02-12 21:37 5040 ----a-w- C:\UsbFix_Upload_Me_PC-DE-KAM.zip
2012-01-12 09:58 . 2012-01-12 09:58 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{74D28568-DDB0-493C-B32A-7177C75E0E6B}\offreg.dll
2011-12-06 19:06 . 2009-10-13 10:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 13:36 . 2011-12-27 12:12 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-28 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-28 137752]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-21 22528]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"HPUsageTrackingLEDM"="c:\program files\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Canon LASER SHOT LBP-1120 ª¬ºAµøµ¡.LNK - c:\windows\System32\spool\drivers\w32x86\3\CAP3LAK.EXE [2008-5-27 30720]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-6 535336]
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 14:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
2006-07-21 10:00 98304 ----a-r- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{43F2A5BF-24AD-45FE-AF7A-54A57BD15DFD}: NameServer = 192.168.1.1
TCP: Interfaces\{5CC00B90-C6F0-47E8-AA76-8517B41B4D72}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\KAM Apollinaire M\AppData\Roaming\Mozilla\Firefox\Profiles\kj1ia2rg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fr.search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.startup.homepage - hxxp://fr.yahoo.com
FF - prefs.js: keyword.URL - hxxp://fr.search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 56545
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHELINS SUPPRIMES - - - -
.
HKLM-Explorer_Run-34136 - c:\progra~2\LOCALS~1\Temp\msveeva.pif
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-03 13:49
Windows 6.0.6000 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(4344)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
c:\program files\TeamViewer\Version7\tv_w32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\CAP3RSK.EXE
c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\HP\HPLaserJetService\HPLaserJetService.exe
c:\windows\system32\HPSIsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\TeamViewer\Version7\TeamViewer.exe
c:\program files\TeamViewer\Version7\tv_w32.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\users\KAMAPO~1\AppData\Local\Temp\RtkBtMnt.exe
c:\windows\system32\igfxsrvc.exe
c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
.
**************************************************************************
.
Heure de fin: 2012-03-03 13:56:19 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-03 12:56
ComboFix2.txt 2012-02-27 15:25
.
Avant-CF: 2 298 228 736 octets libres
Après-CF: 2 254 442 496 octets libres
.
- - End Of File - - CABE3CF102815F1A146D561BADBF6985

Réponse 39 / 89

Utilisateur anonyme
4 mars 2012 à 16:37

re

Télécharge ici :OTL

▶ enregistre le sur ton Bureau.

si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."

sur OTL.exe pour le lancer.

▶ => Clique ici pour voir la Configuration

▶ Copie et colle le contenu de ce qui suit en gras dans la partie inférieure d'OTL "Personnalisation"

/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
netsvcs
safebootminimal
safebootnetwork
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\Tasks\*.*
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\config\*.exe /s
%systemroot%\system32\*.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
CREATERESTOREPOINT

▶ Clic sur Analyse.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\<Bureau ou Desktop>\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM (il est trop long)

heberge OTL.txt et extra.txt sur http://pjjoint.malekal.com et donne les liens

Réponse 40 / 89

mika0000 Messages postés 686 Date d'inscription mardi 26 juillet 2011 Statut Membre Dernière intervention 19 avril 2024 48
5 mars 2012 à 11:14

https://pjjoint.malekal.com/files.php?id=20120305_h5j8x12e15z6

Encore une infection!

89 réponses

Discussions similaires

Newsletters