Desinfection Eksplorasi

RogueKiller V7.3.2 [03/20/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djayls [Droits d'admin]
Mode: Recherche -- Date: 04/01/2012 14:43:48

¤¤¤ Processus malicieux: 3 ¤¤¤
[HJ NAME] winlogon.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\winlogon.exe -> KILLED [TermProc]
[HJ NAME] services.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\services.exe -> KILLED [TermProc]
[HJ NAME] lsass.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\lsass.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 17 ¤¤¤
[HJ NAME] HKCU\[...]\Run : Tok-Cirrhatus ("C:\Documents and Settings\djayls\Local Settings\Application Data\smss.exe") -> FOUND
[HJ NAME] HKUS\S-1-5-21-854245398-838170752-725345543-1003[...]\Run : Tok-Cirrhatus ("C:\Documents and Settings\djayls\Local Settings\Application Data\smss.exe") -> FOUND
[SUSP PATH] HKLM\[...]\Winlogon : Shell (Explorer.exe "C:\WINDOWS\eksplorasi.exe") -> FOUND
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CE8C8F8F-C6C5-4898-9403-ED583FDC067E} : NameServer (62.151.2.8,62.151.8.100) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CE8C8F8F-C6C5-4898-9403-ED583FDC067E} : NameServer (62.151.2.8,62.151.8.100) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> FOUND
[HJPOL] HKCU\[...]\Explorer : NoFolderOptions (1) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hxxp://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
<title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
<link rel="stylesheet" type="text/css" media="all" href="hxxp://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
<link rel="stylesheet" type="text/css" media="all" href="hxxp://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
<style>
h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
.services li { margin-left:1.0em; padding-left:0.5em; background:url("hxxp://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
.services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
.services { font-size:116%; padding-bottom:20px }
.learnmore a {color:#2882DE;font-size:16px}
.image_web {float:right; margin:15px 0 0 15px}
p {margin:20px;font-size:1em;}
h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
li.rule {border-top:solid 1px #DBE1E6;}
</style>
</head>
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3250820AS +++++
--- User ---
[MBR] e1ed140972e11ec1bc663c5138589696
[BSP] 8d716cf925ee276eb27bafb46313e133 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19994 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40949685 | Size: 218477 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.3.2 [03/20/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djayls [Droits d'admin]
Mode: Suppression -- Date: 04/01/2012 14:50:44

¤¤¤ Processus malicieux: 3 ¤¤¤
[HJ NAME] winlogon.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\winlogon.exe -> KILLED [TermProc]
[HJ NAME] services.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\services.exe -> KILLED [TermProc]
[HJ NAME] lsass.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\lsass.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 16 ¤¤¤
[HJ NAME] HKCU\[...]\Run : Tok-Cirrhatus ("C:\Documents and Settings\djayls\Local Settings\Application Data\smss.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Winlogon : Shell (Explorer.exe "C:\WINDOWS\eksplorasi.exe") -> REPLACED (Explorer.exe)
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CE8C8F8F-C6C5-4898-9403-ED583FDC067E} : NameServer (62.151.2.8,62.151.8.100) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CE8C8F8F-C6C5-4898-9403-ED583FDC067E} : NameServer (62.151.2.8,62.151.8.100) -> NOT REMOVED, USE DNSFIX
[HJPOL] HKCU\[...]\System : DisableRegistryTools (1) -> DELETED
[HJPOL] HKCU\[...]\Explorer : NoFolderOptions (1) -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hxxp://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
<title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
<link rel="stylesheet" type="text/css" media="all" href="hxxp://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
<link rel="stylesheet" type="text/css" media="all" href="hxxp://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
<style>
h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
.services li { margin-left:1.0em; padding-left:0.5em; background:url("hxxp://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
.services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
.services { font-size:116%; padding-bottom:20px }
.learnmore a {color:#2882DE;font-size:16px}
.image_web {float:right; margin:15px 0 0 15px}
p {margin:20px;font-size:1em;}
h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
li.rule {border-top:solid 1px #DBE1E6;}
</style>
</head>
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: MAXTOR STM3250820AS +++++
--- User ---
[MBR] e1ed140972e11ec1bc663c5138589696
[BSP] 8d716cf925ee276eb27bafb46313e133 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 19994 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 40949685 | Size: 218477 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.3.2 [03/20/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djayls [Droits d'admin]
Mode: HOSTS RAZ -- Date: 04/01/2012 14:51:37

¤¤¤ Processus malicieux: 3 ¤¤¤
[HJ NAME] winlogon.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\winlogon.exe -> KILLED [TermProc]
[HJ NAME] services.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\services.exe -> KILLED [TermProc]
[HJ NAME] lsass.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\lsass.exe -> KILLED [TermProc]

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hxxp://www.w3.org/TR/html4/strict.dtd">
<html lang='en'>
<head>
<meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
<title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
<link rel="stylesheet" type="text/css" media="all" href="hxxp://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
<link rel="stylesheet" type="text/css" media="all" href="hxxp://l.yimg.com/a/lib/smbiz/css/geocities_84954.css">
<style>
h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
.services li { margin-left:1.0em; padding-left:0.5em; background:url("hxxp://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
.services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
.services { font-size:116%; padding-bottom:20px }
.learnmore a {color:#2882DE;font-size:16px}
.image_web {float:right; margin:15px 0 0 15px}
p {margin:20px;font-size:1em;}
h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
li.rule {border-top:solid 1px #DBE1E6;}
</style>
</head>
[...]


¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V7.3.2 [03/20/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: djayls [Droits d'admin]
Mode: DNS RAZ -- Date: 04/01/2012 14:53:43

¤¤¤ Processus malicieux: 3 ¤¤¤
[HJ NAME] winlogon.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\winlogon.exe -> KILLED [TermProc]
[HJ NAME] services.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\services.exe -> KILLED [TermProc]
[HJ NAME] lsass.exe -- C:\Documents and Settings\djayls\Local Settings\Application Data\lsass.exe -> KILLED [TermProc]

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Entrees de registre: 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{CE8C8F8F-C6C5-4898-9403-ED583FDC067E} : NameServer (62.151.2.8,62.151.8.100) -> REPLACED ()
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{CE8C8F8F-C6C5-4898-9403-ED583FDC067E} : NameServer (62.151.2.8,62.151.8.100) -> REPLACED ()

Termine : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

le lien indiqué http://support.kaspersky.com/viruses/solutions?qid=208280684 ne fonctionne pas non plus. ...?

Peux-tu m'expliquer comment faire ca, s'il te plait?

Tu disposes comme moi d'Internet
Il faut être un peu plus curieux

https://www.commentcamarche.net/informatique/windows/113-demarrer-windows-10-en-mode-sans-echec/

ca a pas ete evident mais c est fait.

17:06:37.0531 0388 hnozygii ( LockedService.Multi.Generic ) - warning
17:06:37.0531 0388 hnozygii - detected LockedService.Multi.Generic (1)

voila le rapport complet

17:06:28.0671 0356 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
17:06:28.0765 0356 ============================================================
17:06:28.0765 0356 Current date / time: 2012/04/01 17:06:28.0765
17:06:28.0765 0356 SystemInfo:
17:06:28.0765 0356
17:06:28.0765 0356 OS Version: 5.1.2600 ServicePack: 3.0
17:06:28.0765 0356 Product type: Workstation
17:06:28.0765 0356 ComputerName: ELKANOPROD
17:06:28.0765 0356 UserName: Administrateur
17:06:28.0765 0356 Windows directory: C:\WINDOWS
17:06:28.0765 0356 System windows directory: C:\WINDOWS
17:06:28.0765 0356 Processor architecture: Intel x86
17:06:28.0765 0356 Number of processors: 2
17:06:28.0765 0356 Page size: 0x1000
17:06:28.0765 0356 Boot type: Safe boot with network
17:06:28.0765 0356 ============================================================
17:06:30.0906 0356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:06:30.0906 0356 \Device\Harddisk0\DR0:
17:06:30.0906 0356 MBR used
17:06:30.0906 0356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x270D776
17:06:30.0921 0356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3A9A1F0, BlocksNum 0x1972A391
17:06:31.0031 0356 Initialize success
17:06:31.0031 0356 ============================================================
17:06:32.0687 0388 ============================================================
17:06:32.0687 0388 Scan started
17:06:32.0687 0388 Mode: Manual;
17:06:32.0687 0388 ============================================================
17:06:33.0281 0388 Aavmker4 (b36c2d3a46078f4a278386f5c974564d) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:06:33.0281 0388 Aavmker4 - ok
17:06:33.0296 0388 Abiosdsk - ok
17:06:33.0328 0388 abp480n5 - ok
17:06:33.0375 0388 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:06:33.0390 0388 ACPI - ok
17:06:33.0406 0388 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:06:33.0406 0388 ACPIEC - ok
17:06:33.0484 0388 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:06:33.0484 0388 AdobeFlashPlayerUpdateSvc - ok
17:06:33.0500 0388 adpu160m - ok
17:06:33.0546 0388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:06:33.0546 0388 aec - ok
17:06:33.0578 0388 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:06:33.0578 0388 AegisP - ok
17:06:33.0609 0388 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
17:06:33.0609 0388 AFD - ok
17:06:33.0625 0388 Aha154x - ok
17:06:33.0656 0388 aic78u2 - ok
17:06:33.0687 0388 aic78xx - ok
17:06:33.0750 0388 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
17:06:33.0750 0388 Alerter - ok
17:06:33.0812 0388 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
17:06:33.0812 0388 ALG - ok
17:06:33.0843 0388 AliIde - ok
17:06:33.0859 0388 amsint - ok
17:06:33.0906 0388 AppMgmt (f36c9f78fc902c8dce4d3b576bb0435a) C:\WINDOWS\System32\appmgmts.dll
17:06:33.0906 0388 AppMgmt - ok
17:06:33.0937 0388 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:06:33.0937 0388 Arp1394 - ok
17:06:33.0953 0388 asc - ok
17:06:33.0968 0388 asc3350p - ok
17:06:34.0000 0388 asc3550 - ok
17:06:34.0078 0388 aspnet_state (4eabf511b1af176a971c3271e48fa3a8) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:06:34.0125 0388 aspnet_state - ok
17:06:34.0187 0388 asuskbnt (f5c2ccdb273a546e9c3a15250f1d9165) C:\WINDOWS\system32\drivers\atkkbnt.sys
17:06:34.0187 0388 asuskbnt - ok
17:06:34.0218 0388 aswFsBlk (976e2ad5a62044629c2de2ca8563722a) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
17:06:34.0234 0388 aswFsBlk - ok
17:06:34.0265 0388 aswMon2 (c298f660fd9a91b0fb24c0aa26ae09ac) C:\WINDOWS\system32\drivers\aswMon2.sys
17:06:34.0265 0388 aswMon2 - ok
17:06:34.0296 0388 aswRdr (d78653e357bfadb9a432aa1f66d50269) C:\WINDOWS\system32\drivers\aswRdr.sys
17:06:34.0296 0388 aswRdr - ok
17:06:34.0343 0388 aswSP (17c4f06944b90944291cf7fb18d630c2) C:\WINDOWS\system32\drivers\aswSP.sys
17:06:34.0359 0388 aswSP - ok
17:06:34.0375 0388 aswTdi (c33510a1866806fd9c17f5d36b4db6a6) C:\WINDOWS\system32\drivers\aswTdi.sys
17:06:34.0375 0388 aswTdi - ok
17:06:34.0421 0388 aswUpdSv (e2323ad197689d607ebc52137b4dfb2e) C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
17:06:34.0421 0388 aswUpdSv - ok
17:06:34.0468 0388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:06:34.0468 0388 AsyncMac - ok
17:06:34.0484 0388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:06:34.0484 0388 atapi - ok
17:06:34.0500 0388 Atdisk - ok
17:06:34.0546 0388 Ati HotKey Poller (eb3ee4de4ebb54256c55ef78d2c0e14c) C:\WINDOWS\system32\Ati2evxx.exe
17:06:34.0546 0388 Ati HotKey Poller - ok
17:06:34.0609 0388 ati2mtag (7f629e438fdaece5de0069b753b3e767) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:06:34.0640 0388 ati2mtag - ok
17:06:34.0687 0388 ATKKeyboardService (ca517080b3808e17019e26855fdd0f5f) C:\WINDOWS\ATKKBService.exe
17:06:34.0687 0388 ATKKeyboardService - ok
17:06:34.0734 0388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:06:34.0734 0388 Atmarpc - ok
17:06:34.0781 0388 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
17:06:34.0796 0388 AudioSrv - ok
17:06:34.0828 0388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:06:34.0828 0388 audstub - ok
17:06:34.0875 0388 avast! Antivirus (58e57d723bd437049f74408016e1735d) C:\Program Files\Alwil Software\Avast4\ashServ.exe
17:06:34.0875 0388 avast! Antivirus - ok
17:06:34.0906 0388 avast! Mail Scanner (bcea9a5eef52351e1632dd417d3e7308) C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
17:06:34.0906 0388 avast! Mail Scanner - ok
17:06:34.0953 0388 avast! Web Scanner (b2203d1a09cac8232780bfcf01a9b853) C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
17:06:34.0968 0388 avast! Web Scanner - ok
17:06:35.0046 0388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:06:35.0046 0388 Beep - ok
17:06:35.0093 0388 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
17:06:35.0109 0388 BITS - ok
17:06:35.0140 0388 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
17:06:35.0140 0388 Browser - ok
17:06:35.0187 0388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:06:35.0187 0388 cbidf2k - ok
17:06:35.0203 0388 cd20xrnt - ok
17:06:35.0250 0388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:06:35.0250 0388 Cdaudio - ok
17:06:35.0281 0388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:06:35.0281 0388 Cdfs - ok
17:06:35.0312 0388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:06:35.0312 0388 Cdrom - ok
17:06:35.0328 0388 Changer - ok
17:06:35.0359 0388 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
17:06:35.0359 0388 CiSvc - ok
17:06:35.0406 0388 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
17:06:35.0406 0388 ClipSrv - ok
17:06:35.0468 0388 clr_optimization_v2.0.50727_32 (234b1bc2796483e1f5c3f26649fb3388) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:06:35.0515 0388 clr_optimization_v2.0.50727_32 - ok
17:06:35.0562 0388 CmdIde - ok
17:06:35.0578 0388 COMSysApp - ok
17:06:35.0640 0388 Cpqarray - ok
17:06:35.0687 0388 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
17:06:35.0687 0388 CryptSvc - ok
17:06:35.0718 0388 dac2w2k - ok
17:06:35.0750 0388 dac960nt - ok
17:06:35.0796 0388 DcomLaunch (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
17:06:35.0812 0388 DcomLaunch - ok
17:06:35.0843 0388 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
17:06:35.0843 0388 Dhcp - ok
17:06:35.0875 0388 DigiFilter (ba912376605b72b1039da461c1fa19c6) C:\WINDOWS\system32\drivers\DigiFilt.sys
17:06:35.0875 0388 DigiFilter - ok
17:06:35.0921 0388 DIGIFW (b27304e3447c5ec46121a6322bc8254e) C:\WINDOWS\system32\DRIVERS\digifw.sys
17:06:35.0921 0388 DIGIFW - ok
17:06:35.0937 0388 DigiNet (224e5710c0ba4e23222db1383062e0d2) C:\WINDOWS\system32\DRIVERS\diginet.sys
17:06:35.0937 0388 DigiNet - ok
17:06:35.0984 0388 DigiRefresh - ok
17:06:36.0031 0388 digiSPTIService (73f7d9f137af435d763e7906ae5366c7) C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
17:06:36.0046 0388 digiSPTIService - ok
17:06:36.0093 0388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:06:36.0093 0388 Disk - ok
17:06:36.0109 0388 dmadmin - ok
17:06:36.0171 0388 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
17:06:36.0187 0388 dmboot - ok
17:06:36.0203 0388 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
17:06:36.0203 0388 dmio - ok
17:06:36.0234 0388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:06:36.0234 0388 dmload - ok
17:06:36.0265 0388 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
17:06:36.0265 0388 dmserver - ok
17:06:36.0281 0388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:06:36.0281 0388 DMusic - ok
17:06:36.0312 0388 Dnscache (8a3ce3e2525e1a341fb25e4bdb648fa9) C:\WINDOWS\System32\dnsrslvr.dll
17:06:36.0312 0388 Dnscache - ok
17:06:36.0359 0388 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
17:06:36.0359 0388 Dot3svc - ok
17:06:36.0390 0388 dpti2o - ok
17:06:36.0453 0388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:06:36.0453 0388 drmkaud - ok
17:06:36.0468 0388 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
17:06:36.0468 0388 EapHost - ok
17:06:36.0531 0388 EIO (6f41da43aa4806a7bdbb2f9a8b05023e) C:\WINDOWS\system32\drivers\EIO.sys
17:06:36.0531 0388 EIO - ok
17:06:36.0562 0388 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
17:06:36.0562 0388 ERSvc - ok
17:06:36.0609 0388 Eventlog (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
17:06:36.0609 0388 Eventlog - ok
17:06:36.0656 0388 EventSystem (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
17:06:36.0656 0388 EventSystem - ok
17:06:36.0718 0388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:06:36.0718 0388 Fastfat - ok
17:06:36.0765 0388 FastUserSwitchingCompatibility (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
17:06:36.0765 0388 FastUserSwitchingCompatibility - ok
17:06:36.0796 0388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:06:36.0796 0388 Fdc - ok
17:06:36.0828 0388 FETND5BV (47d9ee42ae1659b220df7b1bb2720df1) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
17:06:36.0828 0388 FETND5BV - ok
17:06:36.0859 0388 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:06:36.0859 0388 FETNDIS - ok
17:06:36.0890 0388 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
17:06:36.0890 0388 Fips - ok
17:06:36.0921 0388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:06:36.0921 0388 Flpydisk - ok
17:06:36.0953 0388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:06:36.0953 0388 FltMgr - ok
17:06:37.0000 0388 FontCache3.0.0.0 (993883524aa9cf1c90e1545411a9ac9c) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:06:37.0000 0388 FontCache3.0.0.0 - ok
17:06:37.0062 0388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:37.0062 0388 Fs_Rec - ok
17:06:37.0078 0388 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:37.0078 0388 Ftdisk - ok
17:06:37.0125 0388 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
17:06:37.0125 0388 gameenum - ok
17:06:37.0140 0388 GMSIPCI - ok
17:06:37.0203 0388 GoogleDesktopManager-092308-165331 (9e37e0c528e1e3a79e215b6a4eea2143) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:06:37.0203 0388 GoogleDesktopManager-092308-165331 - ok
17:06:37.0281 0388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:37.0281 0388 Gpc - ok
17:06:37.0312 0388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:37.0312 0388 HDAudBus - ok
17:06:37.0359 0388 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:06:37.0359 0388 helpsvc - ok
17:06:37.0390 0388 HidServ (a3b9b4a68bc839ce5a264d5908092261) C:\WINDOWS\System32\hidserv.dll
17:06:37.0390 0388 HidServ - ok
17:06:37.0421 0388 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:37.0421 0388 HidUsb - ok
17:06:37.0453 0388 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
17:06:37.0468 0388 hkmsvc - ok
17:06:37.0468 0388 Suspicious service (NoAccess): hnozygii
17:06:37.0531 0388 hnozygii (998e97b93032e08e7643d83ecd597942) C:\WINDOWS\system32\yqvjvkx.dll
17:06:37.0531 0388 Suspicious file (NoAccess): C:\WINDOWS\system32\yqvjvkx.dll. md5: 998e97b93032e08e7643d83ecd597942
17:06:37.0531 0388 hnozygii ( LockedService.Multi.Generic ) - warning
17:06:37.0531 0388 hnozygii - detected LockedService.Multi.Generic (1)
17:06:37.0562 0388 hpn - ok
17:06:37.0609 0388 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:37.0625 0388 HTTP - ok
17:06:37.0640 0388 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
17:06:37.0640 0388 HTTPFilter - ok
17:06:37.0656 0388 i2omgmt - ok
17:06:37.0703 0388 i2omp - ok
17:06:37.0734 0388 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:37.0750 0388 i8042prt - ok
17:06:37.0828 0388 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:06:37.0828 0388 IDriverT - ok
17:06:37.0921 0388 idsvc (e7cc3aeaed9893a88876744cd439f76c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:06:37.0937 0388 idsvc - ok
17:06:38.0000 0388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:38.0000 0388 Imapi - ok
17:06:38.0031 0388 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
17:06:38.0031 0388 ImapiService - ok
17:06:38.0062 0388 ini910u - ok
17:06:38.0218 0388 IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:38.0312 0388 IntcAzAudAddService - ok
17:06:38.0328 0388 IntelIde - ok
17:06:38.0375 0388 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:38.0375 0388 intelppm - ok
17:06:38.0406 0388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:06:38.0406 0388 Ip6Fw - ok
17:06:38.0437 0388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:38.0437 0388 IpFilterDriver - ok
17:06:38.0468 0388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:38.0468 0388 IpInIp - ok
17:06:38.0500 0388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:38.0500 0388 IpNat - ok
17:06:38.0515 0388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:38.0531 0388 IPSec - ok
17:06:38.0562 0388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:38.0562 0388 IRENUM - ok
17:06:38.0609 0388 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:38.0609 0388 isapnp - ok
17:06:38.0625 0388 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:38.0625 0388 Kbdclass - ok
17:06:38.0671 0388 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:06:38.0671 0388 kbdhid - ok
17:06:38.0703 0388 kbfilter (b5034deaf407ddefc1a452d9bbf1c9b6) C:\WINDOWS\system32\drivers\kbfilter.sys
17:06:38.0703 0388 kbfilter - ok
17:06:38.0750 0388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:06:38.0750 0388 kmixer - ok
17:06:38.0781 0388 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:38.0781 0388 KSecDD - ok
17:06:38.0812 0388 lanmanserver (b206cee1cb4876cc59e2c3721e6034e3) C:\WINDOWS\System32\srvsvc.dll
17:06:38.0812 0388 lanmanserver - ok
17:06:38.0859 0388 lanmanworkstation (1e407456df47b04af13264becf3bc3f4) C:\WINDOWS\System32\wkssvc.dll
17:06:38.0859 0388 lanmanworkstation - ok
17:06:38.0890 0388 lbrtfdc - ok
17:06:38.0953 0388 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
17:06:38.0953 0388 LmHosts - ok
17:06:39.0000 0388 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
17:06:39.0000 0388 Messenger - ok
17:06:39.0062 0388 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
17:06:39.0062 0388 Modem - ok
17:06:39.0093 0388 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:39.0093 0388 Mouclass - ok
17:06:39.0125 0388 moufiltr (a4a897ec59ce8c52d2537da00128ef40) C:\WINDOWS\system32\drivers\moufiltr.sys
17:06:39.0125 0388 moufiltr - ok
17:06:39.0156 0388 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:39.0156 0388 mouhid - ok
17:06:39.0187 0388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:39.0187 0388 MountMgr - ok
17:06:39.0218 0388 mraid35x - ok
17:06:39.0265 0388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:39.0281 0388 MRxDAV - ok
17:06:39.0312 0388 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:39.0328 0388 MRxSmb - ok
17:06:39.0359 0388 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
17:06:39.0359 0388 MSDTC - ok
17:06:39.0421 0388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:06:39.0421 0388 Msfs - ok
17:06:39.0437 0388 MSIServer - ok
17:06:39.0484 0388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:39.0484 0388 MSKSSRV - ok
17:06:39.0515 0388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:39.0515 0388 MSPCLOCK - ok
17:06:39.0531 0388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:39.0531 0388 MSPQM - ok
17:06:39.0562 0388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:39.0562 0388 mssmbios - ok
17:06:39.0593 0388 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:06:39.0593 0388 Mup - ok
17:06:39.0640 0388 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
17:06:39.0640 0388 napagent - ok
17:06:39.0687 0388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:06:39.0687 0388 NDIS - ok
17:06:39.0718 0388 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:39.0718 0388 NdisTapi - ok
17:06:39.0750 0388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:39.0750 0388 Ndisuio - ok
17:06:39.0781 0388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:39.0781 0388 NdisWan - ok
17:06:39.0796 0388 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:39.0812 0388 NDProxy - ok
17:06:39.0828 0388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:39.0828 0388 NetBIOS - ok
17:06:39.0859 0388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:39.0859 0388 NetBT - ok
17:06:39.0890 0388 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
17:06:39.0890 0388 NetDDE - ok
17:06:39.0921 0388 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
17:06:39.0921 0388 NetDDEdsdm - ok
17:06:39.0953 0388 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:06:39.0953 0388 Netlogon - ok
17:06:39.0984 0388 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
17:06:39.0984 0388 Netman - ok
17:06:40.0031 0388 NetTcpPortSharing (f9102685f97f9ba85f4a70afcf722cfe) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:06:40.0031 0388 NetTcpPortSharing - ok
17:06:40.0078 0388 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:06:40.0078 0388 NIC1394 - ok
17:06:40.0125 0388 Nla (58af8498c62e1e1dab5ae59c6e08c180) C:\WINDOWS\System32\mswsock.dll
17:06:40.0125 0388 Nla - ok
17:06:40.0156 0388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:06:40.0156 0388 Npfs - ok
17:06:40.0187 0388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:40.0203 0388 Ntfs - ok
17:06:40.0234 0388 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:06:40.0234 0388 NtLmSsp - ok
17:06:40.0281 0388 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
17:06:40.0281 0388 NtmsSvc - ok
17:06:40.0312 0388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:06:40.0312 0388 Null - ok
17:06:40.0500 0388 nv (15a6306a0b958bf60f09688d0ee70479) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:06:40.0687 0388 nv - ok
17:06:40.0750 0388 NVSvc (986d6666e076afd2b60acafd5b01a00f) C:\WINDOWS\system32\nvsvc32.exe
17:06:40.0765 0388 NVSvc - ok
17:06:40.0796 0388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:40.0796 0388 NwlnkFlt - ok
17:06:40.0828 0388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:40.0828 0388 NwlnkFwd - ok
17:06:40.0859 0388 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:06:40.0875 0388 ohci1394 - ok
17:06:40.0890 0388 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
17:06:40.0890 0388 Parport - ok
17:06:40.0921 0388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:40.0921 0388 PartMgr - ok
17:06:40.0953 0388 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:40.0953 0388 ParVdm - ok
17:06:40.0968 0388 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:40.0984 0388 PCI - ok
17:06:41.0000 0388 PCIDump - ok
17:06:41.0046 0388 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:06:41.0046 0388 PCIIde - ok
17:06:41.0078 0388 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:41.0078 0388 Pcmcia - ok
17:06:41.0093 0388 PDCOMP - ok
17:06:41.0125 0388 PDFRAME - ok
17:06:41.0156 0388 PDRELI - ok
17:06:41.0187 0388 PDRFRAME - ok
17:06:41.0218 0388 perc2 - ok
17:06:41.0234 0388 perc2hib - ok
17:06:41.0312 0388 PlugPlay (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
17:06:41.0328 0388 PlugPlay - ok
17:06:41.0343 0388 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:06:41.0359 0388 PolicyAgent - ok
17:06:41.0406 0388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:41.0406 0388 PptpMiniport - ok
17:06:41.0437 0388 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
17:06:41.0437 0388 PQNTDrv - ok
17:06:41.0453 0388 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:06:41.0453 0388 ProtectedStorage - ok
17:06:41.0500 0388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:41.0500 0388 PSched - ok
17:06:41.0531 0388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:41.0531 0388 Ptilink - ok
17:06:41.0562 0388 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:06:41.0562 0388 PxHelp20 - ok
17:06:41.0578 0388 ql1080 - ok
17:06:41.0609 0388 Ql10wnt - ok
17:06:41.0640 0388 ql12160 - ok
17:06:41.0656 0388 ql1240 - ok
17:06:41.0687 0388 ql1280 - ok
17:06:41.0718 0388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:41.0718 0388 RasAcd - ok
17:06:41.0750 0388 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
17:06:41.0750 0388 RasAuto - ok
17:06:41.0781 0388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:41.0781 0388 Rasl2tp - ok
17:06:41.0812 0388 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
17:06:41.0812 0388 RasMan - ok
17:06:41.0843 0388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:41.0843 0388 RasPppoe - ok
17:06:41.0890 0388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:41.0890 0388 Raspti - ok
17:06:41.0921 0388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:41.0921 0388 Rdbss - ok
17:06:41.0937 0388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:41.0937 0388 RDPCDD - ok
17:06:42.0000 0388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:06:42.0015 0388 rdpdr - ok
17:06:42.0046 0388 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:42.0062 0388 RDPWD - ok
17:06:42.0093 0388 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
17:06:42.0093 0388 RDSessMgr - ok
17:06:42.0140 0388 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:42.0140 0388 redbook - ok
17:06:42.0171 0388 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
17:06:42.0171 0388 RemoteAccess - ok
17:06:42.0203 0388 RemoteRegistry (e598d81197e2e0ec42a0c55772bb00e8) C:\WINDOWS\system32\regsvc.dll
17:06:42.0203 0388 RemoteRegistry - ok
17:06:42.0234 0388 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
17:06:42.0234 0388 RpcLocator - ok
17:06:42.0281 0388 RpcSs (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
17:06:42.0281 0388 RpcSs - ok
17:06:42.0296 0388 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
17:06:42.0312 0388 RSVP - ok
17:06:42.0390 0388 RTL8192cu (f705f7b6e187a7bab9402902b08d8484) C:\WINDOWS\system32\DRIVERS\rtwlanu.sys
17:06:42.0406 0388 RTL8192cu - ok
17:06:42.0437 0388 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:06:42.0437 0388 SamSs - ok
17:06:42.0468 0388 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
17:06:42.0468 0388 SCardSvr - ok
17:06:42.0500 0388 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
17:06:42.0500 0388 Schedule - ok
17:06:42.0546 0388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:42.0546 0388 Secdrv - ok
17:06:42.0578 0388 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
17:06:42.0578 0388 seclogon - ok
17:06:42.0625 0388 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:06:42.0625 0388 serenum - ok
17:06:42.0640 0388 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
17:06:42.0656 0388 Serial - ok
17:06:42.0718 0388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:06:42.0718 0388 Sfloppy - ok
17:06:42.0750 0388 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
17:06:42.0750 0388 SharedAccess - ok
17:06:42.0796 0388 ShellHWDetection (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
17:06:42.0796 0388 ShellHWDetection - ok
17:06:42.0828 0388 Simbad - ok
17:06:42.0906 0388 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
17:06:42.0906 0388 SONYPVU1 - ok
17:06:42.0968 0388 Sparrow - ok
17:06:43.0031 0388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:06:43.0031 0388 splitter - ok
17:06:43.0062 0388 Spooler (460e4ce148bd07218da0b6a3d31885a9) C:\WINDOWS\system32\spoolsv.exe
17:06:43.0062 0388 Spooler - ok
17:06:43.0125 0388 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
17:06:43.0125 0388 sr - ok
17:06:43.0140 0388 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
17:06:43.0156 0388 srservice - ok
17:06:43.0187 0388 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
17:06:43.0203 0388 Srv - ok
17:06:43.0218 0388 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
17:06:43.0234 0388 SSDPSRV - ok
17:06:43.0265 0388 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
17:06:43.0265 0388 stisvc - ok
17:06:43.0296 0388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:06:43.0296 0388 swenum - ok
17:06:43.0328 0388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:06:43.0328 0388 swmidi - ok
17:06:43.0328 0388 SwPrv - ok
17:06:43.0375 0388 symc810 - ok
17:06:43.0406 0388 symc8xx - ok
17:06:43.0437 0388 sym_hi - ok
17:06:43.0484 0388 sym_u3 - ok
17:06:43.0531 0388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:06:43.0531 0388 sysaudio - ok
17:06:43.0546 0388 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
17:06:43.0562 0388 SysmonLog - ok
17:06:43.0593 0388 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
17:06:43.0593 0388 TapiSrv - ok
17:06:43.0625 0388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:06:43.0625 0388 Tcpip - ok
17:06:43.0656 0388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:06:43.0656 0388 TDPIPE - ok
17:06:43.0671 0388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:06:43.0671 0388 TDTCP - ok
17:06:43.0703 0388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:06:43.0703 0388 TermDD - ok
17:06:43.0734 0388 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
17:06:43.0750 0388 TermService - ok
17:06:43.0781 0388 Themes (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
17:06:43.0781 0388 Themes - ok
17:06:43.0812 0388 TlntSvr (d859a9d2f026ce5804485068ffd6eaf2) C:\WINDOWS\system32\tlntsvr.exe
17:06:43.0828 0388 TlntSvr - ok
17:06:43.0859 0388 TosIde - ok
17:06:43.0906 0388 TPkd (15fb67eb022a74b30e278d19b03da3b4) C:\WINDOWS\system32\drivers\TPkd.sys
17:06:43.0906 0388 TPkd - ok
17:06:43.0937 0388 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
17:06:43.0953 0388 TrkWks - ok
17:06:44.0000 0388 TrueSight (1512d11c1e1e37a4ae2e2b62794f0d2e) c:\windows\system32\drivers\TrueSight.sys
17:06:44.0000 0388 TrueSight - ok
17:06:44.0046 0388 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
17:06:44.0046 0388 uagp35 - ok
17:06:44.0078 0388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:06:44.0078 0388 Udfs - ok
17:06:44.0093 0388 ultra - ok
17:06:44.0140 0388 UMWdf (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
17:06:44.0140 0388 UMWdf - ok
17:06:44.0187 0388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:06:44.0203 0388 Update - ok
17:06:44.0265 0388 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
17:06:44.0265 0388 upnphost - ok
17:06:44.0296 0388 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
17:06:44.0296 0388 UPS - ok
17:06:44.0343 0388 USBAAPL - ok
17:06:44.0390 0388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:06:44.0390 0388 usbccgp - ok
17:06:44.0421 0388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:06:44.0421 0388 usbehci - ok
17:06:44.0468 0388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:06:44.0468 0388 usbhub - ok
17:06:44.0500 0388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:06:44.0500 0388 usbscan - ok
17:06:44.0515 0388 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:06:44.0531 0388 usbstor - ok
17:06:44.0562 0388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:06:44.0562 0388 usbuhci - ok
17:06:44.0593 0388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:06:44.0593 0388 VgaSave - ok
17:06:44.0625 0388 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:06:44.0625 0388 ViaIde - ok
17:06:44.0656 0388 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys
17:06:44.0656 0388 videX32 - ok
17:06:44.0703 0388 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
17:06:44.0703 0388 VolSnap - ok
17:06:44.0734 0388 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
17:06:44.0750 0388 VSS - ok
17:06:44.0781 0388 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
17:06:44.0781 0388 W32Time - ok
17:06:44.0828 0388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:06:44.0828 0388 Wanarp - ok
17:06:44.0843 0388 WDICA - ok
17:06:44.0906 0388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:06:44.0921 0388 wdmaud - ok
17:06:44.0953 0388 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
17:06:44.0953 0388 WebClient - ok
17:06:45.0046 0388 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:06:45.0046 0388 winmgmt - ok
17:06:45.0125 0388 WmdmPmSN (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\mspmsnsv.dll
17:06:45.0125 0388 WmdmPmSN - ok
17:06:45.0171 0388 Wmi (31c1fd0bbdc5b81c21edba4331edae55) C:\WINDOWS\System32\advapi32.dll
17:06:45.0187 0388 Wmi - ok
17:06:45.0234 0388 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:06:45.0234 0388 WmiApSrv - ok
17:06:45.0281 0388 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
17:06:45.0281 0388 WpdUsb - ok
17:06:45.0328 0388 wscsvc (c1fd85db4a80a98d60ecb7a828e77fe0) C:\WINDOWS\system32\wscsvc.dll
17:06:45.0328 0388 wscsvc - ok
17:06:45.0359 0388 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
17:06:45.0359 0388 wuauserv - ok
17:06:45.0390 0388 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
17:06:45.0406 0388 WZCSVC - ok
17:06:45.0437 0388 xfilt (fcbc27869092850cdb75139f3818653a) C:\WINDOWS\system32\DRIVERS\xfilt.sys
17:06:45.0437 0388 xfilt - ok
17:06:45.0468 0388 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
17:06:45.0468 0388 xmlprov - ok
17:06:45.0500 0388 XPTWOPORT (c36d1ee1f52e95beedeea275ad8a48f7) C:\WINDOWS\system32\DRIVERS\XPTWOPORT.SYS
17:06:45.0500 0388 XPTWOPORT - ok
17:06:45.0562 0388 MBR (0x1B8) (587f1bf40479d66675a13b610e5e7f9e) \Device\Harddisk0\DR0
17:06:45.0593 0388 \Device\Harddisk0\DR0 - ok
17:06:45.0593 0388 Boot (0x1200) (03bb06e212c6e910da07bafe50057ab0) \Device\Harddisk0\DR0\Partition0
17:06:45.0593 0388 \Device\Harddisk0\DR0\Partition0 - ok
17:06:45.0625 0388 Boot (0x1200) (4fed092f575f2eae04bfba03b22482c3) \Device\Harddisk0\DR0\Partition1
17:06:45.0640 0388 \Device\Harddisk0\DR0\Partition1 - ok
17:06:45.0640 0388 ============================================================
17:06:45.0640 0388 Scan finished
17:06:45.0640 0388 ============================================================
17:06:45.0671 0380 Detected object count: 1
17:06:45.0671 0380 Actual detected object count: 1
17:06:50.0703 0380 hnozygii ( LockedService.Multi.Generic ) - skipped by user
17:06:50.0703 0380 hnozygii ( LockedService.Multi.Generic ) - User select action: Skip

rapport combofix


ComboFix 12-04-01.01 - djayls 01/04/2012 17:31:43.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1652 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\djayls\Bureau\asdehi.exe
AV: avast! antivirus 4.8.1229 [VPS 090427-0] *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}


(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Administrateur\Local Settings\Application Data\Bron.tok-12-1
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Bron.tok.A12.em.bin
C:\Documents and Settings\Administrateur\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Kosong.Bron.Tok.txt
C:\Documents and Settings\Administrateur\Local Settings\Application Data\ListHost12.txt
C:\Documents and Settings\Administrateur\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\services.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok-12-1
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok-12-26
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok-12-27
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok-12-28
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok-12-29
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok-12-30
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok-12-31
C:\Documents and Settings\djayls\Local Settings\Application Data\Bron.tok.A12.em.bin
C:\Documents and Settings\djayls\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\Kosong.Bron.Tok.txt
C:\Documents and Settings\djayls\Local Settings\Application Data\ListHost12.txt
C:\Documents and Settings\djayls\Local Settings\Application Data\LSASS.EXE
C:\Documents and Settings\djayls\Local Settings\Application Data\services.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\smss.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\winlogon.exe
C:\WINDOWS\eksplorasi.exe
C:\WINDOWS\ShellNew\sempalong.exe
C:\WINDOWS\system32\Administrateur's Setting.scr
C:\WINDOWS\system32\djayls's Setting.scr
C:\WINDOWS\system32\drivers\etc\hosts.ics

----- Cloneurs de fichier -----

C:\Documents and Settings\Administrateur\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\services.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\smss.exe
C:\Documents and Settings\Administrateur\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\csrss.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\inetinfo.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\services.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\smss.exe
C:\Documents and Settings\djayls\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\djayls\Mes documents\Cesaria Evora - Cesaria\Cesaria Evora - Cesaria.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\03\11\11.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\03\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\05\11\11.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\06\04\04.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\06\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\08\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\09\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\10\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\10\02\02.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\11\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\12\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\13\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\13\09\09.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\14\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\14\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\00\15\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\04\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\04\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\05\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\06\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\09\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\09\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\10\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\01\12\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\03\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\03\14\14.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\04\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\06\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\06\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\07\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\10\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\14\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\02\15\10\10.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\00\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\01\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\02\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\02\04\04.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\03\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\04\02\02.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\06\03\03.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\06\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\10\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\03\12\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\04\01\07\07.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\04\04\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\04\06\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\04\09\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\04\09\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\04\12\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\04\13\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\03\02\02.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\05\03\03.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\05\14\14.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\06\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\07\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\09\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\12\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\12\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\12\10\10.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\13\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\05\13\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\05\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\05\14\14.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\06\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\07\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\09\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\12\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\12\14\14.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\06\15\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\02\03\03.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\03\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\03\04\04.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\03\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\04\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\06\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\07\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\07\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\09\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\09\03\03.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\12\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\12\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\13\04\04.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\15\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\07\15\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\00\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\02\10\10.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\03\02\02.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\03\03\03.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\03\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\08\10\10.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\12\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\08\13\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\00\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\00\11\11.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\05\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\08\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\08\14\14.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\09\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\10\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\09\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\01\03\03.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\06\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\07\10\10.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\09\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\11\14\14.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\10\15\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\02\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\03\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\03\09\09.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\04\10\10.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\07\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\07\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\10\02\02.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\14\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\11\15\09\09.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\12\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\12\10\06\06.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\12\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\12\11\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\12\13\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\12\14\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\00\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\02\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\04\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\04\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\05\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\05\09\09.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\07\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\09\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\11\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\15\04\04.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\13\15\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\01\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\02\12\12.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\03\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\04\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\05\05\05.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\05\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\09\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\11\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\14\15\09\09.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\01\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\01\15\15.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\02\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\03\03\03.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\04\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\05\08\08.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\09\00\00.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\10\13\13.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\11\01\01.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Album Artwork\Cache\174D0DC1AEAD0000\15\14\07\07.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\iTunes.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\iTunes\Previous iTunes Libraries\Previous iTunes Libraries.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\Ma musique.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\Spotify\Paris Combo\3CD 2003\3CD 2003.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\Spotify\Rage Against The Machine\Rage Against The Machine\Rage Against The Machine.exe
C:\Documents and Settings\djayls\Mes documents\Ma musique\Spotify\ZZ Top\ZZ Top - Hi-Five ZZ Top\ZZ Top - Hi-Five ZZ Top.exe
C:\Documents and Settings\djayls\Mes documents\Mes documents.exe
C:\Documents and Settings\djayls\Mes documents\Mes images\Album Art\Album Art.exe
C:\Documents and Settings\djayls\Mes documents\Mes images\Album Art\mano solo\mano solo.exe
C:\Documents and Settings\djayls\Mes documents\Mes images\Mes images.exe
C:\Documents and Settings\djayls\Mes documents\My Google Gadgets\My Google Gadgets.exe
C:\WINDOWS\eksplorasi.exe
C:\WINDOWS\ShellNew\sempalong.exe

((((((((((((((((((((((((((((( Fichiers créés du 2012-03-01 au 2012-04-01 ))))))))))))))))))))))))))))))))))))


2012-04-01 14:41:45 . 2012-04-01 14:41:46 -------- d-----w- C:\Documents and Settings\Administrateur
2012-04-01 12:42:55 . 2012-04-01 12:42:55 13824 ----a-w- C:\WINDOWS\system32\drivers\TrueSight.sys
2012-03-30 05:57:03 . 2012-03-30 05:57:04 418464 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-03-26 21:04:01 . 2012-03-26 21:04:01 -------- d-----w- C:\Documents and Settings\djayls\Local Settings\Application Data\I Want This
2012-03-26 21:04:00 . 2012-03-26 21:04:10 -------- d-----w- C:\Program Files\I Want This
2012-03-26 21:03:56 . 2012-03-29 21:04:00 -------- d-----w- C:\Program Files\DealPly
2012-03-26 21:03:42 . 2012-03-26 21:03:44 237 ----a-w- C:\user.js
2012-03-26 21:03:41 . 2012-03-26 21:03:41 -------- d-----w- C:\Program Files\BabylonToolbar
2012-03-26 21:03:28 . 2007-08-21 11:32:44 98304 ----a-w- C:\WINDOWS\system32\redmonnt.dll
2012-03-26 21:03:26 . 2012-03-26 21:03:28 -------- d-----w- C:\Program Files\FoxTabPDFConverter
2012-03-26 21:03:26 . 2012-03-26 21:03:26 -------- d-----w- C:\Documents and Settings\djayls\Local Settings\Application Data\Babylon
2012-03-26 21:03:25 . 2012-03-26 21:03:25 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Babylon
2012-03-26 21:03:24 . 2012-03-26 21:03:24 -------- d-----w- C:\Documents and Settings\djayls\Application Data\Babylon
2012-03-26 16:02:21 . 2012-03-26 21:05:02 -------- d-----w- C:\Documents and Settings\djayls\Local Settings\Application Data\Loc.Mail.Bron.Tok
2012-03-26 16:01:52 . 2012-03-26 16:01:52 -------- d-----w- C:\Documents and Settings\djayls\Local Settings\Application Data\Ok-SendMail-Bron-tok
2012-03-26 15:56:16 . 2012-04-01 15:37:09 -------- d-----w- C:\WINDOWS\ShellNew
.


(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

2012-03-30 05:57:03 . 2012-01-20 19:46:38 70304 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2009-03-27 00:39:53 . 2009-03-27 00:39:53 122880 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 14:45:08 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41:22 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 08:58:14 16264192]
"SkyTel"="SkyTel.EXE" [2006-05-16 10:04:26 2879488]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-09-25 09:29:38 2007088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 02:27:04 144784]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-11-13 23:05:34 61440]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40:44 155648]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 14:38:34 78008]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-11-04 09:30:50 413696]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-27 00:39:47 30192]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-16 07:35:00 7630848]
"nwiz"="nwiz.exe" [2006-08-16 07:35:00 1617920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-16 07:35:00 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"Config"="C:\WINDOWS\system32\run.cmd" [2006-02-14 09:24:35 248]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-19 14:52:06 44544]

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\
Empty.pif [2012-3-16 42617]

C:\Documents and Settings\djayls\Menu Démarrer\Programmes\Démarrage\
Empty.pif [2012-3-16 42617]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Activer l'ensemble clavier et souris sans fil Labtec.lnk - C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe [2007-10-8 258048]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
REALTEK 11n USB Wireless LAN Utility.lnk - C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtWLan.exe [2011-12-21 1048576]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoFolderOptions"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe \"C:\WINDOWS\eksplorasi.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"MIDI2"=diomidi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisablePagingExecutive"=dword:00000001
"SecondLevelDataCache"=dword:00000200

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\MySpaceMp3Gopher\\MySpaceMp3Gopher.exe"=
"C:\\Program Files\\MusicBrainz Picard\\picard.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=
"C:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"C:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RTLDHCP.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"64808:UDP"= 64808:UDP:emule
"4662:TCP"= 4662:TCP:emule
"38297:TCP"= 38297:TCP:Bit Torrent TCP
"38297:UDP"= 38297:UDP:Bit Torrent UDP
"7662:TCP"= 7662:TCP:emule
"7672:UDP"= 7672:UDP:emule
"2746:TCP"= 2746:TCP:odqcnumm
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot

R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [29/10/2007 20:40:27 16384]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [21/04/2008 14:00:41 78416]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [08/10/2007 17:56:20 11776]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [21/04/2008 14:00:41 20560]
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\drivers\diginet.sys [29/10/2007 20:39:41 11776]
S2 hnozygii;Time Update;C:\WINDOWS\system32\svchost.exe -k netsvcs [19/08/2004 17:10:04 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 7:57:04 253600]
S3 DIGIFW;Service for Mbox 2 Pro Driver (WDM);C:\WINDOWS\system32\drivers\digifw.sys [29/10/2007 20:39:42 158208]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [27/03/2009 2:39:47 30192]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\WINDOWS\system32\drivers\rtwlanu.sys [21/12/2011 18:56:24 1270120]
S3 XPTWOPORT;XP TWO PORT Intermediate Driver;C:\WINDOWS\system32\drivers\XPTWOPORT.sys [21/12/2011 18:56:32 15872]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - WS2IFSL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hnozygii

Contenu du dossier 'Tâches planifiées'

2012-04-01 C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 05:57:04 . 2012-03-30 05:57:04]

2012-03-29 C:\WINDOWS\Tasks\DealPlyUpdate.job
- C:\Program Files\DealPly\DealPlyUpdate.exe [2012-02-26 08:32:14 . 2012-02-26 08:32:14]

2012-03-30 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-838170752-725345543-1003Core.job
- C:\Documents and Settings\djayls\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-27 00:18:11 . 2009-03-27 00:18:09]

2012-04-01 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-838170752-725345543-1003UA.job
- C:\Documents and Settings\djayls\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-27 00:18:11 . 2009-03-27 00:18:09]

je n'arrive pas a coller la derniere partie du rapport (message d'erreur: Titre du message non renseigné).

Bref, au redemarrage effectué par combofix, mon antivirus a quand meme redetecte et effacé une nouvelle fois eksplorasi.exe.

Que faire de plus?

http://pjjoint.malekal.com/files.php?id=20120401_q14p8w6l5z12

hello

S2 hnozygii;Time Update;c:\windows\system32\svchost.exe -k netsvcs [19/08/2004 17:10 14336]

en plus avec un windows cracké pas etonnant de se ramasser des merd$*$

A0000440.exe;C:\System Volume Information\_restore{F8551C86-6EAC-45FA-943E-81655BA69ACB}\RP1;Tool.HideWindows.20;Quarantaine.;
A0000441.exe;C:\System Volume Information\_restore{F8551C86-6EAC-45FA-943E-81655BA69ACB}\RP1;Adware.InstallCore.34;Quarantaine.;
A0000442.exe;C:\System Volume Information\_restore{F8551C86-6EAC-45FA-943E-81655BA69ACB}\RP1;Adware.InstallCore.34;Quarantaine.;
A0000443.exe;C:\System Volume Information\_restore{F8551C86-6EAC-45FA-943E-81655BA69ACB}\RP1;Adware.InstallCore.34;Quarantaine.;
A0000444.exe;C:\System Volume Information\_restore{F8551C86-6EAC-45FA-943E-81655BA69ACB}\RP1;Adware.InstallCore.34;Quarantaine.;
A0000445.exe;D:\System Volume Information\_restore{F8551C86-6EAC-45FA-943E-81655BA69ACB}\RP1;Tool.ASEye.2;Quarantaine.;

Hello Guillaume ,

C'est une infection brontok :( fais passer usbfix ;)

j"étais derriere aussi ^

;)

Je sais pas si l'AV va gérer car ça colle des fichiers partout en plus l'infection est en startup :(

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\
Empty.pif [2012-3-16 42617]

@windowsDir & "\System32\" & @Username & "'s settings.scr"

^^ lol

http://pjjoint.malekal.com/files.php?id=20120404_y12k12x12j14x14

bizarre il est pas à jour cet usbfix.....

oh...conficker en plus...^^