Infection ? Fermé

Question

Bonjour,  

Mon ordinateur sous windows Xp pro rame depuis plusieurs jours. J'ai enlevé sous Malwayrebytes plusieurs choses malveillantes puis j'ai fait un scan avec avira. J'ai aussi enlevé un virus. Mais mon ordi rame toujours et à du mal à s'éteindre  (un écran bleu apparaît). Voici un rapport Hijackthis. Merci de m'aider. Bonne journée 


https://www.cjoint.com/?BDeirpDF31v 

Configuration: Windows XP

H3RV3 · Answer

salut,

Tu peux mettre les rapport de Malwarebytes et Avira puis faire ceci :

&#9679; Télécharge AdwCleaner (de Xplode) sur ton bureau.

&#9679; Lance le, clique sur [Suppression] puis patiente le temps du scan.

&#9679; Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

&#9650; Le rapport est sauvegardé dans C:\AdwCleaner[S1].txt

ckiller76 · Answer

Merci pour ton aide. Voici le rapport ADWcleaner :

https://www.cjoint.com/?BDelAECWywa 

Les rapports malwayre
https://www.cjoint.com/?BDelByY2TSl 
https://www.cjoint.com/?BDelBRrp7aP 


et ceux d'avira
https://www.cjoint.com/?BDelClefErC 
https://www.cjoint.com/?BDelCA5KRHD

H3RV3 · Answer

OK, ton MBR a l'ai touché.

Télécharge aswMBR.exe sur ton bureau.

Lance aswMBR.exe, clique sur Scan puis sur Save log.

Copie colle le rapport présent sur ton bureau dans ta réponse.

ckiller76 · Answer

Voici le rapport aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-04-04 12:09:25 ----------------------------- 12:09:25.281 OS Version: Windows 5.1.2600 Service Pack 3 12:09:25.281 Number of processors: 2 586 0x209 12:09:25.281 ComputerName: CLAUDIE UserName: poste2 12:09:26.718 Initialize success 12:09:51.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 12:09:51.093 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3 12:09:51.093 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@J@ f74a0864 12:09:51.125 Disk 0 MBR read successfully 12:09:51.125 Disk 0 MBR scan 12:09:51.125 Disk 0 Windows XP default MBR code found via API 12:09:51.125 Disk 0 unknown MBR code 12:09:51.125 Disk 0 MBR hidden 12:09:51.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63 12:09:51.156 Disk 0 scanning sectors +156296385 12:09:51.171 Disk 0 malicious Win32:MBRoot code @ sector 156296388 ! 12:09:51.187 Disk 0 PE file @ sector 156296410 ! 12:09:51.187 Disk 0 MBR [Win32:MBRoot] **ROOTKIT** 12:09:51.187 Disk 0 trace - called modules: 12:09:51.187 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89611e78]<< 12:09:51.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x898b0ab8] 12:09:51.187 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000060[0x8986ff18] 12:09:51.203 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89873940] 12:09:51.203 Scan finished successfully 12:10:04.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\poste2\Bureau\MBR.dat" 12:10:04.375 The log file has been saved successfully to "C:\Documents and Settings\poste2\Bureau\aswMBR.txt"

H3RV3 · Answer

OK, relance aswMBR et clique sur Fix.

ckiller76 · Answer

ok c'est fait par contre il est noté please reboot ASAP. Est-ce normal ?

H3RV3 · Answer

Oui, redémarre ton PC et refais un scan avec aswMBR.

ckiller76 · Answer

Bon appétit je reviens après.

ckiller76 · Answer

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-04-04 12:41:12 ----------------------------- 12:41:12.906 OS Version: Windows 5.1.2600 Service Pack 3 12:41:12.906 Number of processors: 2 586 0x209 12:41:12.906 ComputerName: CLAUDIE UserName: poste2 12:41:24.218 Initialize success 12:42:02.031 AVAST engine defs: 12040400 12:43:37.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 12:43:37.046 Disk 0 Vendor: ST380011A 3.06 Size: 76319MB BusType: 3 12:43:37.046 Device owAZEVAoRGRCZ -> DriverStartIo RGRCZ@J@ f74a0864 12:43:37.234 Disk 0 MBR read successfully 12:43:37.234 Disk 0 MBR scan 12:43:37.953 Disk 0 Win32:MBRoot-J [Trj] 12:43:37.953 Disk 0 Windows XP default MBR code found via API 12:43:37.953 Disk 0 MBR hidden 12:43:37.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63 12:43:38.984 Disk 0 MBR [Win32:MBRoot] **ROOTKIT** 12:43:38.984 Disk 0 trace - called modules: 12:43:38.984 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x898295a8]<< 12:43:38.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x898afab8] 12:43:39.000 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\00000060[0x8988bf18] 12:43:39.000 5 ACPI.sys[f75ad620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x898b1940] 12:43:41.390 AVAST engine scan C:\WINDOWS 12:44:48.968 AVAST engine scan C:\WINDOWS\system32 12:52:25.031 AVAST engine scan C:\WINDOWS\system32\drivers 12:52:55.656 AVAST engine scan C:\Documents and Settings\poste2 13:01:14.812 AVAST engine scan C:\Documents and Settings\All Users 13:01:45.890 Scan finished successfully 13:05:10.843 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\poste2\Bureau\MBR.dat" 13:05:10.859 The log file has been saved successfully to "C:\Documents and Settings\poste2\Bureau\aswMBRbis.txt"

H3RV3 · Answer

Il est encore là, essaie avec cet outil :

Puis essaie ceci :

Télécharge ce fichier sur ton bureau ==> http://www.pandasecurity.com/resources/tools/yorkyt.exe

Lance le, il va t'inviter à redémarrer ton PC. Fais le et laisse travailler au redémarrage. Il est possible qu'il faille que redémarre entre temps.

Copie colle le rapport yorkyt.log

ckiller76 · Answer

2012-04-04 13:39:03: ****************************************************
2012-04-04 13:39:03:  Starting UP ... v 0.0.0.192
2012-04-04 13:39:03: ****************************************************
2012-04-04 13:39:03: Listing processes...
2012-04-04 13:39:03:    :[System Process]:0
2012-04-04 13:39:03:    :System:4
2012-04-04 13:39:03:    :smss.exe:468
2012-04-04 13:39:03:    :csrss.exe:516
2012-04-04 13:39:03:    :winlogon.exe:548
2012-04-04 13:39:03:    :services.exe:592
2012-04-04 13:39:03:    :lsass.exe:612
2012-04-04 13:39:03:    :svchost.exe:792
2012-04-04 13:39:03:    :svchost.exe:860
2012-04-04 13:39:03:    :svchost.exe:928
2012-04-04 13:39:03:    :svchost.exe:1024
2012-04-04 13:39:03:    :svchost.exe:1076
2012-04-04 13:39:03:    :spoolsv.exe:1200
2012-04-04 13:39:03:    :sched.exe:1260
2012-04-04 13:39:03:    :svchost.exe:1312
2012-04-04 13:39:03:    :explorer.exe:1848
2012-04-04 13:39:03:    :SMax4PNP.exe:384
2012-04-04 13:39:03:    :type32.exe:400
2012-04-04 13:39:03:    :hpwuschd2.exe:320
2012-04-04 13:39:03:    :DivXUpdate.exe:520
2012-04-04 13:39:03:    :avgnt.exe:616
2012-04-04 13:39:03:    :jusched.exe:820
2012-04-04 13:39:03:    :msnmsgr.exe:992
2012-04-04 13:39:03:    :9props.exe:1032
2012-04-04 13:39:03:    :hpqtra08.exe:740
2012-04-04 13:39:03:    :ONENOTEM.EXE:1768
2012-04-04 13:39:03:    :aswMBR.exe:2056
2012-04-04 13:39:03:    :hpqste08.exe:2404
2012-04-04 13:39:03:    :avguard.exe:2532
2012-04-04 13:39:03:    :jqs.exe:2628
2012-04-04 13:39:03:    :mdm.exe:2652
2012-04-04 13:39:03:    :SMAgent.exe:2836
2012-04-04 13:39:03:    :svchost.exe:2892
2012-04-04 13:39:03:    :WLIDSVC.EXE:2948
2012-04-04 13:39:03:    :WLIDSVCM.EXE:3320
2012-04-04 13:39:03:    :avshadow.exe:3432
2012-04-04 13:39:03:    :alg.exe:132
2012-04-04 13:39:03:    :chrome.exe:1684
2012-04-04 13:39:03:    :chrome.exe:1468
2012-04-04 13:39:03:    :chrome.exe:1932
2012-04-04 13:39:03:    :chrome.exe:1592
2012-04-04 13:39:03:    :chrome.exe:2512
2012-04-04 13:39:03:    :chrome.exe:2692
2012-04-04 13:39:03:    :yorkyt.exe:3644
2012-04-04 13:39:03:    :wmiprvse.exe:3760
2012-04-04 13:39:03: 
2012-04-04 13:39:03: Setting restore point
2012-04-04 13:39:14: Determining autonomous or dropped mode...
2012-04-04 13:39:14: Autonomus mode
2012-04-04 13:39:15: Installing drivers...
2012-04-04 13:39:18: Checking that it installed...
2012-04-04 13:39:18: Driver is installed...
2012-04-04 13:39:18: cmd.exe /c start "C:\Documents and Settings\poste2\Mes documents\Downloads\yorkyt.exe"
2012-04-04 13:40:14: Restarting...
2012-04-04 13:44:37: ****************************************************
2012-04-04 13:44:37:  Starting UP ... v 0.0.0.192
2012-04-04 13:44:37: ****************************************************
2012-04-04 13:44:38: Listing processes...
2012-04-04 13:44:38:    :[System Process]:0
2012-04-04 13:44:38:    :System:4
2012-04-04 13:44:38:    :smss.exe:592
2012-04-04 13:44:38:    :csrss.exe:660
2012-04-04 13:44:38:    :winlogon.exe:692
2012-04-04 13:44:38:    :services.exe:744
2012-04-04 13:44:38:    :savedump.exe:760
2012-04-04 13:44:38:    :lsass.exe:772
2012-04-04 13:44:38:    :svchost.exe:1192
2012-04-04 13:44:38:    :svchost.exe:1340
2012-04-04 13:44:38:    :svchost.exe:1444
2012-04-04 13:44:38:    :svchost.exe:1532
2012-04-04 13:44:38:    :svchost.exe:1684
2012-04-04 13:44:38:    :spoolsv.exe:1888
2012-04-04 13:44:39:    :sched.exe:1940
2012-04-04 13:44:39:    :svchost.exe:256
2012-04-04 13:44:39:    :WgaTray.exe:780
2012-04-04 13:44:39:    :explorer.exe:1240
2012-04-04 13:44:39:    :yorkyt.exe:1780
2012-04-04 13:44:39:    :SMax4PNP.exe:2180
2012-04-04 13:44:39:    :type32.exe:2212
2012-04-04 13:44:39:    :hpwuschd2.exe:2356
2012-04-04 13:44:39:    :DivXUpdate.exe:2428
2012-04-04 13:44:39:    :avgnt.exe:2464
2012-04-04 13:44:39:    :jusched.exe:2476
2012-04-04 13:44:39:    :msnmsgr.exe:2684
2012-04-04 13:44:39:    :GoogleToolbarNotifier.exe:2712
2012-04-04 13:44:39:    :9props.exe:2736
2012-04-04 13:44:39:    :hpqtra08.exe:2768
2012-04-04 13:44:39:    :ONENOTEM.EXE:2780
2012-04-04 13:44:39:    :hpqste08.exe:2860
2012-04-04 13:44:39:    :avguard.exe:2912
2012-04-04 13:44:39:    :GoogleUpdaterService.exe:2984
2012-04-04 13:44:39:    :jqs.exe:3016
2012-04-04 13:44:39:    :mdm.exe:3052
2012-04-04 13:44:39:    :SMAgent.exe:3144
2012-04-04 13:44:39:    :svchost.exe:3168
2012-04-04 13:44:39:    :taskmgr.exe:3272
2012-04-04 13:44:39:    :WLIDSVC.EXE:3372
2012-04-04 13:44:39:    :wuauclt.exe:3612
2012-04-04 13:44:39:    :WLIDSVCM.EXE:3724
2012-04-04 13:44:39:    :avshadow.exe:3904
2012-04-04 13:44:39:    :wmiprvse.exe:4064
2012-04-04 13:44:39:    :alg.exe:1412
2012-04-04 13:44:39:    :HPZipm12.exe:2808
2012-04-04 13:44:39: 
2012-04-04 13:44:39: RUN mode
2012-04-04 13:44:39: Determining autonomous or dropped mode...
2012-04-04 13:44:39: Autonomus mode
2012-04-04 13:44:39: Waiting for Explorer.exe...
2012-04-04 13:45:09: Launching parsers...
2012-04-04 13:45:13: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\KDCOM.DLL kdcom.dll
2012-04-04 13:45:13: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\BOOTVID.DLL bootvid.dll
2012-04-04 13:45:13: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOT.SYS 
2012-04-04 13:45:13: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTD.SYS 
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTK.SYS 
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTI.SYS 
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTS.SYS 
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS ACPI.sys
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS WmiLib.sys
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS pci.sys
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS isapnp.sys
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS pciide.sys
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PCIIDEX.SYS pciidex.sys
2012-04-04 13:45:14: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\MOUNTMGR.SYS mountmgr.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS ftdisk.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS dmload.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS dmio.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PARTMGR.SYS partmgr.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\SFSYNC02.SYS sfsync02.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\VOLSNAP.SYS volsnap.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS atapi.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS scsidisk.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\CLASSPNP.SYS Classpnp.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS fltMgr.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\SR.SYS sr.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS PxHelp20.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\KSECDD.SYS ksecdd.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\NTFS.SYS ntfs.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\NDIS.SYS NDIS.SYS
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\SFVFS02.SYS sfvfs02.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS sfhlp02.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS sfdrv01.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\MUP.SYS MUP.SYS
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DASBOOTF.SYS 
2012-04-04 13:45:15: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SMBIOS.SYS SMBios.sys
2012-04-04 13:45:15: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS intelppm.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\VIDEOPRT.SYS videoprt.sys
2012-04-04 13:45:15: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IALMNT5.SYS ialmnt5.sys
2012-04-04 13:45:15: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\USBPORT.SYS usbport.sys
2012-04-04 13:45:15: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS USBUHCI.sys
2012-04-04 13:45:15: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS USBEHCI.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS E100B325.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS i8042prt.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS kbdclass.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS mouclass.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS fdc.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS serial.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS serenum.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS parport.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS cdrom.sys
2012-04-04 13:45:16: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\KS.SYS ks.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS redbook.sys
2012-04-04 13:45:16: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DRMK.SYS drmk.sys
2012-04-04 13:45:16: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\PORTCLS.SYS portcls.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SMWDM.SYS smwdm.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AEAUDIO.SYS AEAudio.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SF.SYS sf.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS audstub.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS rasl2tp.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS NDISTAPI.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS NDISWAN.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS raspppoe.sys
2012-04-04 13:45:16: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS tdi.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS RASPPTP.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS PSCHED.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS MSGPC.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS ptilink.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS raspti.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS RDPDR.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS termdd.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS swenum.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS update.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS smbios.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDPROXY.SYS ndproxy.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IALMKCHW.SYS ialmkchw.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IALMSBW.SYS ialmsbw.sys
2012-04-04 13:45:16: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\USBD.SYS usbd.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS usbhub.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS floppy.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\CDAUDIO.SYS cdaudio.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FS_REC.SYS fs_rec.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NULL.SYS null.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\BEEP.SYS beep.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS vga.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MNMDD.SYS videosim.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS RDPCDD.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MSFS.SYS MSFS.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NPFS.SYS npfs.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS rasacd.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS ipsec.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS tcpip.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS netbt.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS IPNAT.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS WANARP.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS afd.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS NETBIOS.SYS
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS processr.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SSMDRV.SYS ssmdrv.sys
2012-04-04 13:45:16: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS RDBSS.Sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS MRXSMB.Sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS IMAPI.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS fips.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AVKMGR.SYS avkmgr.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AVIPBB.SYS avipbb.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\CDFS.SYS cdfs.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\WMILIB.SYS WmiLib.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS atapi.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DXAPI.SYS dxapi.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\WATCHDOG.SYS watchdog.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\WIN32K.SYS win32k.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DXGTHK.SYS dxgthk.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\DRIVERS\DXG.SYS dxg.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\IALMRNT5.DLL imdispdrv.dll
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\IALMDNT5.DLL ialmdnt5.dll
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\VGA.DLL vga.dll
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\IALMDEV5.DLL ialmdev5.dll
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\IALMDD5.DLL ialmdd5.dll
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\XPSEC.SYS ipsec.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\XCPIP.SYS tcpip.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\SYSTEM32\ATMFD.DLL ATMFD.DLL
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AVGNTFLT.SYS avgntflt.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS NDISUIO.SYS
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS MRxDAV.Sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS WDMAUD.SYS
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS sysaudio.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS splitter.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS aec.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS swmidi.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS DMusic.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\MIDISYN.SYS MidiSyn.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS kmixer.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS drmkaud.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PARVDM.SYS parvdm.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS SRV.SYS
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\TDTCP.SYS tdtcp.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\RDPWD.SYS RDPWD.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS http.sys
2012-04-04 13:45:17: Looking at \DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\DRIVERS\PRSBDRVR.SYS 
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32
tdll.dll ntdll.dll
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\SMBios.sys SMBios.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\intelppm.sys intelppm.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ialmnt5.sys ialmnt5.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\videoprt.sys videoprt.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbuhci.sys USBUHCI.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbport.sys usbport.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbehci.sys USBEHCI.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\e100b325.sys E100B325.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\i8042prt.sys i8042prt.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\kbdclass.sys kbdclass.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mouclass.sys mouclass.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\fdc.sys fdc.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\serial.sys serial.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\serenum.sys serenum.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\parport.sys parport.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdrom.sys cdrom.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversedbook.sys redbook.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ks.sys ks.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\smwdm.sys smwdm.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\portcls.sys portcls.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\drmk.sys drmk.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\aeaudio.sys AEAudio.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\sf.sys sf.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\audstub.sys audstub.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversasl2tp.sys rasl2tp.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
distapi.sys NDISTAPI.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
diswan.sys NDISWAN.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversaspppoe.sys raspppoe.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversaspptp.sys RASPPTP.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers	di.sys tdi.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\psched.sys PSCHED.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\msgpc.sys MSGPC.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ptilink.sys ptilink.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversaspti.sys raspti.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversdpdr.sys RDPDR.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers	ermdd.sys termdd.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\swenum.sys swenum.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\update.sys update.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mssmbios.sys smbios.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
dproxy.sys ndproxy.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ialmkchw.sys ialmkchw.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ialmsbw.sys ialmsbw.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbhub.sys usbhub.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\usbd.sys usbd.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\flpydisk.sys floppy.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdaudio.sys cdaudio.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\fs_rec.sys fs_rec.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
ull.sys null.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\beep.sys beep.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\vga.sys vga.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mnmdd.sys videosim.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversdpcdd.sys RDPCDD.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\msfs.sys MSFS.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
pfs.sys npfs.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversasacd.sys rasacd.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ipsec.sys ipsec.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers	cpip.sys tcpip.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
etbt.sys netbt.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ipnat.sys IPNAT.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\wanarp.sys WANARP.SYS
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\afd.sys afd.sys
2012-04-04 13:45:17: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
etbios.sys NETBIOS.SYS
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\processr.sys processr.sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\ssmdrv.sys ssmdrv.sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\driversdbss.sys RDBSS.Sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mrxsmb.sys MRXSMB.Sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\imapi.sys IMAPI.sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\fips.sys fips.sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\avkmgr.sys avkmgr.sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\avipbb.sys avipbb.sys
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\smss.exe smss.exe
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\autochk.exe AutoChk.Exe
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sfcfiles.dll sfcfiles.dll
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\advapi32.dll advapi32.dll
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\comdlg32.dll comdlg32.dll
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\gdi32.dll gdi32
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\imagehlp.dll IMAGEHLP.DLL
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kernel32.dll kernel32
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lz32.dll LZ32.DLL
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ole32.dll OLE32.DLL
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\oleaut32.dll 
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olecli32.dll OLECLI32.DLL
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olecnv32.dll OLECNV32.DLL
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olesvr32.dll OLESVR32.DLL
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32\olethk32.dll OLETHK32.DLL
2012-04-04 13:45:18: Looking at \Device\HarddiskVolume1\WINDOWS\system32pcrt4.dll rpcrt4.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shell32.dll SHELL32.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\url.dll URL.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\urlmon.dll UrlMon.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\user32.dll user32
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\version.dll VERSION.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wininet.dll wininet.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wldap32.dll WLDAP32.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\comctl32.dll COMCTL32.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shlwapi.dll SHLWAPI.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcrt.dll msvcrt.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mpr.dll mpr.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32
tvdm.exe NTVDM.EXE
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wow32.dll WOW32.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\secur32.dll security.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\iertutil.dll IeRtUtil.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ieframe.dll IEFRAME.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32
ormaliz.dll normaliz.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\apphelp.dll Apphelp
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\userenv.dll userenv.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\cdfs.sys cdfs.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\atapi.sys atapi.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\wmilib.sys WmiLib.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\win32k.sys win32k.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxapi.sys dxapi.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\watchdog.sys watchdog.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\csrss.exe CSRSS.Exe
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\csrsrv.dll CSRSrv.DLL
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\basesrv.dll basesrv
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winsrv.dll winsrv.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxg.sys dxg.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\dxgthk.sys dxgthk.sys
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ialmrnt5.dll imdispdrv.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ialmdnt5.dll ialmdnt5.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\vga.dll vga.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ialmdev5.dll ialmdev5.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ialmdd5.dll ialmdd5.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winlogon.exe WINLOGON.EXE
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\authz.dll authz.dll
2012-04-04 13:45:19: Looking at \Device\HarddiskVolume1\WINDOWS\system32\crypt32.dll CRYPT32.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msasn1.dll msasn1.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32
ddeapi.dll NDDEAPI.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\profmap.dll userenv.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32
etapi32.dll NetApi32.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\psapi.dll PSAPI
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32egapi.dll regapi.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\setupapi.dll SETUPAPI.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winsta.dll winsta.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wintrust.dll WINTRUST.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ws2_32.dll ws2_32.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ws2help.dll ws2help.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\imm32.dll imm32
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kbdfr.dll kbdfr.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msctfime.ime MSCTFIME.IME
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kbdus.dll kbdus.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msgina.dll MSGINA.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\odbc32.dll ODBC32
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sxs.dll SXS.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll comctl32.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\WindowsShell.Manifest 
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\odbcint.dll ODBCINT
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shsvcs.dll SHSVCS.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sfc.dll sfc.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sfc_os.dll sfc.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\xpsec.sys ipsec.sys
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\services.exe services.exe
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\xcpip.sys tcpip.sys
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\savedump.exe savedump.exe
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32
cobjapi.dll NCObjAPI.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lsass.exe lsass.exe
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcp60.dll MSVCP60.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dbgeng.dll DbgEng.Dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lsasrv.dll lsasrv.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\scesrv.dll scesrv
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\umpnpmgr.dll Umpnpmgr.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32
tdsapi.dll ntdsapi.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dnsapi.dll dnsapi
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shimeng.dll ShimEngineDLL(IAT)
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dbghelp.dll DBGHELP.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\AppPatch\acadproc.dll 
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\samlib.dll SAMLib.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\samsrv.dll samsrv.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cryptdll.dll cryptdll.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\AppPatch\acgenral.dll 
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\AppPatch\acgenral.dll 
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winmm.dll WINMM.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msacm32.dll msfltr32.acm
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\uxtheme.dll UxTheme.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msapsspc.dll MSAPSSPC.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcrt40.dll msvcrt40.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\faultrep.dll FAULTREP.DLL
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\schannel.dll schannel.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wtsapi32.dll wtsapi32.dll
2012-04-04 13:45:20: Looking at \Device\HarddiskVolume1\WINDOWS\system32\digest.dll digest.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msnsspc.dll MSNSSPC.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\oleacc.dll OLEACC.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msprivs.dll mspriv.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\WindowsLogon.manifest 
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\kerberos.dll kerberos.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msv1_0.dll MSV1_0.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32asapi32.dll rasapi32.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32asman.dll Rasman.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\iphlpapi.dll iphlpapi.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32	api32.dll TAPI32.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32tutils.dll RTUTILS.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32
etlogon.dll NetLogon.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\w32time.dll w32time.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wdigest.dll WDIGEST.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32saenh.dll rsaenh.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\atmfd.dll ATMFD.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winscard.dll winscard.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msctf.dll MSCTF.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\scecli.dll scecli
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\avgntflt.sys avgntflt.sys
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\svchost.exe svchost.exe
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32
tmarta.dll ntmarta.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32pcss.dll rpcss.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eventlog.dll Eventlog.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\xpsp2res.dll xpsp2res.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32	ermsrv.dll termsrv.exe
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\icaapi.dll icaapi.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mstlsapi.dll mstlsapi.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\activeds.dll ADs
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\adsldpc.dll adsldpc
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\atl.dll ATL.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mswsock.dll mswsock.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\hnetcfg.dll HNETCFG.DLL
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wshtcpip.dll wshtcpip.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winrnr.dll winrnr
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32asadhlp.dll rasadhlp.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers
disuio.sys NDISUIO.SYS
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dhcpcsvc.dll dhcpcsvc.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dnsrslvr.dll dnsrslvr.dll
2012-04-04 13:45:21: Looking at \Device\HarddiskVolume1\WINDOWS\Resources\Themes\Luna\luna.msstyles luna.mst
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cscdll.dll CSCDLL.DLL
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dimsntfy.dll dimsntfy.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wlnotify.dll WlNotify.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winspool.drv winspool.drv
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\WgaLogon.dll WgaLogon.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\clbcatq.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\comres.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msxml3.dll MSXML3.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msxml3r.dll MSXML3R.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\lmhsvc.dll lmhsvc.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wzcsvc.dll wzcsvc.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wmi.dll wmi.DLL
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eapolqec.dll EapolQec.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\qutil.dll QUtil.DLL
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dot3api.dll dot3api.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\esent.dll esent.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32astls.dll rastls.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cryptui.dll CRYPTUI.DLL
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mprapi.dll mprapi.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32iched20.dll riched20.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\schedsvc.dll schedsvc.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32aschap.dll raschap.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msidle.dll MSIDLE.DLL
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\spoolsv.exe spoolsv.exe
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\audiosrv.dll audiosrv.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\sched.exe 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcp100.dll msvcp100.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msvcr100.dll msvcr100_clr0400.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\grdcore.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktopctext.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\sched.xml 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\scewxmlw.dll scewxml.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\cfglib.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wkssvc.dll WKSSVC.DLL
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\gpipc.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\gpgen.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\gpschd.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\schedr.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\avevtlog.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\sqlite3.dll sqlite3.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\guardmsg.dll 
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\mrxdav.sys MRxDAV.Sys
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\webclnt.dll davsvc.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cscui.dll cscui.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\powrprof.dll POWRPROF.DLL
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dpcdll.dll Dpcdll.dll
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wdmaud.drv WDMAUD.DRV
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\wdmaud.sys WDMAUD.SYS
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\sysaudio.sys sysaudio.sys
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\splitter.sys splitter.sys
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\aec.sys aec.sys
2012-04-04 13:45:22: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\swmidi.sys swmidi.sys
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\dmusic.sys DMusic.sys
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\MidiSyn.sys MidiSyn.sys
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\userinit.exe USERINIT.EXE
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\Program Files\Google\Update\GoogleUpdate.exe GoogleUpdate.exe
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\WgaTray.exe WgaTray.exe
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\explorer.exe EXPLORER.EXE
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\browseui.dll BROWSEUI.DLL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemprox.dll wbemprox.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\kmixer.sys kmixer.sys
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemcomn.dll wbemcomn.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\drmkaud.sys drmkaud.sys
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\LegitCheckControl.dll LegitCheckControl.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shdocvw.dll SHDOCVW.DLL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\pstorec.dll pstorec.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msacm32.drv msacm32.acm
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\midimap.dll midimap.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cryptnet.dll CRYPTNET.DLL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\sensapi.dll SensApi.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\winhttp.dll winhttp.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\desk.cpl DESK.CPL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32	hemeui.dll ThemeUI.DLL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msimg32.dll gdiext
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\actxprxy.dll ActXPrxy.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cmd.exe Cmd.Exe
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\Documents and Settings\poste2\Mes documents\Downloads\yorkyt.exe 
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wsock32.dll wsock32.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msimtf.dll MSIMTF.DLL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\linkinfo.dll LINKINFO.DLL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wbemdisp.dll WBEMDISP.DLL
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32
tshrui.dll ntshrui.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wbem\wmiutils.dll wmiutils.dll
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\verclsid.exe verclsid.exe
2012-04-04 13:45:23: Looking at \Device\HarddiskVolume1\WINDOWS\system32\spoolss.dll spoolss.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\localspl.dll localspl.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cnbjmon.dll CNBJMON.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\E_FLM9BE.DLL EBPMON25.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32
etshell.dll netshell.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\HPTcpMon.dll tcpmon.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\credui.dll credui.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\hpzjrd01.dll hpzjrd01.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dot3dlg.dll dot3dlg.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\onex.dll onex.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\HPTcpMUI.dll tcpmonui.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eappcfg.dll eappcfg.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\eappprxy.dll eappprxy.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\HPTcpMib.dll tcpmon.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mgmtapi.dll mgmtapi.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\snmpapi.dll snmpapi.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wsnmp32.dll wsnmp32.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\webcheck.dll WEBCHECK.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\hpz3l054.dll 
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\pjlmon.dll PJLMON.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\es.dll 
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msonpmon.dll MSPCORE.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe SMax4PNP.EXE
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mlang.dll MLANG.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll MSVCR80.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msi.dll msi.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32	cpmon.dll tcpmon.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\stobject.dll stobject.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll SMWDMIF.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\batmeter.dll BATMETER.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\usbmon.dll DynaMon.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dsound.dll dsound.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\WPDShServiceObj.dll WPDSHSERVICEOBJ.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll 
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll PrintFilterPipelinePrxy.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Hardware\Keyboard	ype32.exe Type32.exe
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mydocs.dll mydocs.dll
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll MSPCORE.DLL
2012-04-04 13:45:24: Looking at \Device\HarddiskVolume1\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe GoogleQuickSearchBox.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\win32spl.dll win32spl.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\PortableDeviceTypes.dll PORTABLEDEVICETYPES.DLL
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Hardware\Keyboard\ITRes.dll ITRes.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32
etrap.dll NetRap.DLL
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\HP\HP Software Update\hpwuschd2.exe hpwuSchd.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Hardware\Keyboard\Type32.dll Type32.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\inetpp.dll inetpp.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mfc42.dll MFC42.DLL
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\PortableDeviceApi.dll PortableDeviceApi.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Hardware\Keyboard\MSHCmd.dll MSHCmd.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mfc42loc.dll 
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\QuickTime\QTTask.exe QTTask.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\shfolder.dll shfolder.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Hardware\Keyboard\ITHook.dll ITHook.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\hid.dll hid.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Hardware\Keyboard\psapi.dll PSAPI
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Google\Quick Search Box\bin\1.2.1150.158\qsb.dll qsb.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe AdobeARM.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\drivers\smwdm.sys smwdm.sys
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\ksuser.dll ksuser.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Office\Office12\MSOHEVI.DLL MsoHevI.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Analog Devices\SoundMAX\SMax4.exe SMax4.EXE
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\DivX\DivX Update\DivXUpdate.exe DivXUpdate.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Analog Devices\SoundMAX\SMax4Wiz.exe SMax4Wiz.EXE
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\cabinet.dll cabinet.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Google\Google Updater\GoogleUpdater.exe GoogleUpdater.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\avgnt.exe 
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\GdiPlus.dll gdiplus
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Google\Google Updater\2.4.2432.1652\cires.dll 
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll MSVCP80.DLL
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Fichiers communs\Java\Java Update\jusched.exe jusched.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe AcroRd32.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\dumprep.exe DUMPREP.EXE
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\WINDOWS\system32\usp10.dll Uniscribe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Documents and Settings\poste2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe GoogleUpdate.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\DivX\DivX Update\DivXUpdateCheck.dll DivXUpdate.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Adobe\Reader 10.0\Readereader_sl.exe AcroSpeedLaunch.exe
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Google\Google Updater\2.4.2432.1652\ci.dll ci.dll
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Program Files\Google\Quick Search Box\bin\1.2.1150.158lz.dll 
2012-04-04 13:45:25: Looking at \Device\HarddiskVolume1\Documents and Settings\poste2\Local Settings\Application Data\Google\Update\1.3.21.111\goopdate.dll goopdate.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll MSVCP90.DLL
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Documents and Settings\poste2\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe GoogleUpdate.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll MSVCR90.DLL
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mstask.dll mstask.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll GoogleToolbarNotifier.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Internet Explorer\iexplore.exe IEXPLORE.EXE
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mfc100u.dll MFC100U.DLL
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Windows Live\Messenger\msnmsgr.exe msnmsgr.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Mozilla Firefox\firefox.exe firefox.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mfc100fra.dll MFC100FRA.DLL
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll 
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\mmcshext.dll mmcshext.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\hhsetup.dll HHSetup.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Windows Live\Messenger\uccapi.dll UccApi.DLL
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Windows Live\Messenger\vvpltfrm.dll vvpltfrm.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe AcroRd32.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe GoogleToolbarNotifier.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll GoogleToolbarNotifier.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\SFR\Kit\9props.exe 9props.exe
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\oledlg.dll OLEDLG.DLL
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\msisip.dll MSISIP.DLL
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\wshext.dll wshext.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Avira\AntiVir Desktopcimage.dll 
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll pwrshsip.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\Microsoft Silverlight\xapauthenticodesip.dll xapauthenticodesip.dll
2012-04-04 13:45:26: Looking at \Device\HarddiskVolume1\Program Files\HP\Digital Imaging\bin\hpqtra08.exe HPQTRA00.EXE
2012-04-04 13:45:27: Looking at \Device\HarddiskVolume1\Prog

H3RV3 · Answer

Le rapport est top grand, peux-tu l'héberger ici : http://pjjoint.malekal.com/

ckiller76 · Answer

https://pjjoint.malekal.com/files.php?id=20120404_h14p14r15i13c13

H3RV3 · Answer

OK, tu peux refaire un scan avec aswMBR stp.

ckiller76 · Answer

ok

ckiller76 · Answer

https://www.cjoint.com/?BDeq23pWdwj 

merci de tout le temps que tu passes à m'aider.

H3RV3 · Answer

Peux-tu faire çà :

&#9679; Télécharge TDSSKiller sur ton bureau

&#9679; Sous XP : Double clique sur tdsskiller.exe
&#9679; Sous Vista/7 : Fais un clic droit sur tdsskiller.exe et sélectionne "Exécuter en tant qu'administrateur"

&#9679; Clique sur "Start Scan" pour démarrer le scan

&#9679; En cas de détection, clique sur "Continue" puis sur "Reboot Now"

&#9679; Un rapport va s'ouvrir, copie/colle le dans ta réponse

&#9650; Le rapport est sauvegardé dans C:\TDSSKiller.N°deversion_Date_Heure_log.txt

ckiller76 · Answer

https://www.cjoint.com/?BDerR0gplca

H3RV3 · Answer

OK, cette fois çà a l'air bon.
Peux-tu repasser TDSSKiller pour vérification.

ckiller76 · Answer

https://www.cjoint.com/?BDesRrDm06j 

Par contre j'ai toujours un écran bleu avec des écritures blanches à chaque fois que j'éteins

ckiller76 · Answer

Bon appétit

H3RV3 · Answer

Bon, le rootkit est toujours là, passe Combofix :

&#9679; Télécharge ComboFix (de sUBs) sur ton Bureau de cette manière :
Fais un clic droit sur ce lien

&#9679; Choisis "enregistrer la cible sous ... " et  dans la fenêtre qui s'ouvre choisis ton bureau pour l'emplacement et tape CBFix.exe pour le nom.

&#9650; Ferme tous tes logiciels de protection et les programmes en cours

&#9650; ComboFix peut être amené à accéder à internet, il faut dans ce cas l'autoriser

&#9679; Sous XP : Double clique sur CBFix.exe
&#9679; Sous Vista/7 : Fais un clic droit sur CBFix.exe et sélectionne "Exécuter en tant qu'administrateur"

&#9679; Clique sur le bouton Oui dans la fenêtre d'avertissement

&#9679; Si tu es sous XP et que la console de récupération n'est pas installée, ComboFix va te proposer de l'installer, accepte en cliquant sur Oui.

&#9679; Laisse travailler l'outil et si il te demande de redémarrer le PC, accepte.

&#9679; Un rapport va s'ouvrir à la fin du processus, copie/colle le dans ta réponse
&#9650; Le rapport est sauvegardé dans C:\ComboFix.txt

Tutorial officiel de ComboFix

ckiller76 · Answer

https://www.cjoint.com/?BDeuYqHePIC L'ordinateur s'est éteint tout seul lors de la fin du rapport avec un écran bleu et des écritures blanches

H3RV3 · Answer

Tu peux repasser TDSSKiller.

ckiller76 · Answer

ok je le fais

ckiller76 · Answer

https://www.cjoint.com/?BDevj3a7rnj

ckiller76 · Answer

Bonne soirée et à demain. Merci pour ton aide ! Sinon je serais perdue

ckiller76 · Answer

Bonjour !

Que dois-je faire ? Est-il toujours là ce virus ? Merci Bonne journée

H3RV3 · Answer

Oui, il est toujours là, je vais demander conseil.

ckiller76 · Answer

D'accord

ckiller76 · Answer

Personne pour nous aider ?

H3RV3 · Answer

La demande est en cours.
En attendant, tu as un CD de Windows XP ?

ckiller76 · Answer

Non je n'ai pas de CD

g3n-h@ckm@n · Answer

j'aimerais avoir un scan de ca :

@ckiller76 :

telecharge et enregistre Pre_Scan sur ton bureau :

http://forums-fec.be/gen-hackman/Pre_Scan.exe

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

http://forums-fec.be/gen-hackman/Pre_Scan.pif

ou cette version renommée winlogon.exe :

http://forums-fec.be/gen-hackman/winlogon.exe

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan


NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange

ckiller76 · Answer

https://pjjoint.malekal.com/files.php?id=20120405_v8i13d5c9m11
merci de ton aide

g3n-h@ckm@n · Answer

c'est un faux positif ce truc....

ckiller76 · Answer

C'est à dire ?

juju666 · Answer

c'est à dire que TDSS Killer et autres détectent quelque chose d'inexistant :) 

(salut vous 3). 
 .::. Contributeur Sécurité .::.

ckiller76 · Answer

Et comment enlever quelque chose qui n'existe pas ?

ckiller76 · Answer

Mais est ce que ce n'est pas aussi du au fait que mon ordi ne s'éteint pas normalement. Quand j'éteins un écran bleu apparaît avec page non fault... et je suis obligée d'appuyer sur le bouton pour éteindre sinon cela resterait allumer

juju666 · Answer

gen-hackman et H3RV3 vont continuer avec toi, inutile qu'on soit à 3 pour t'aider, nos messages risquent de se croiser, etc.

H3RV3 · Answer

Tu as le temps de voir ce qui est indiqué sur l'écran bleu ?  

Tous les tools passés détectent un FP ??

Salut juju 


Merci de rester jusqu'à la fin de la désinfection.

ckiller76 · Answer

Sur l'écran bleu s'est écrit page  fault in nonpaged area après ils disent de débrancher ce qu'on aurait pu ajouter (mon ordi n'a rien de nouveau depuis 6 ans) et tout en bas il y a stop 0 x 000050 (et d'autres chiffres)

juju666 · Answer

@H3RV3 : ¤¤¤¤¤¤¤¤¤¤ | Contrôle de(s) Partition(s) Disk: 0 Size= 76G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 76G Yes No 63 156,296,322 ¤¤¤¤¤¤¤¤¤¤ | Contrôle du MBR MBR code signature : 58 EE 58 EE Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: ST380011A rev.3.06 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [89797A58]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 10; MOV DWORD [EBP-8], 89527426; LEA EAX, [EBP+8]; MOV [EBP-c], EAX; MOV DWORD [EBP-10], 8952755f; } 1 nt!IofCallDriver[804E13B9] -> \Device\Harddisk0\DR0[89869AB8] 3 CLASSPNP[F7647FD7] -> nt!IofCallDriver[804E13B9] -> \Device\00000065[89872F18] 5 ACPI[F75AD620] -> nt!IofCallDriver[804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-3[898A8940] kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 7c1b; MOV DI, 61b; PUSH AX; PUSH DI; MOV CX, 1e5; REP MOVSB ; RETF ; MOV BP, 7be; MOV CL, 4; CMP [BP+0], CH; JL 2e; JNZ 3a; } user & kernel MBR OK Doit y'avoir de l'émulateur là dessous. .::. Contributeur Sécurité .::.

g3n-h@ckm@n · Answer

pre_scan le detecte et le desactive en installant defogger...

ckiller76 · Answer

Que dois je faire alors ?

g3n-h@ckm@n · Answer

bien   

mets firefox à jour => version 11  

relance pre_scan et choisis script , une page vierge va s'ouvrir.  

selectionne tout le texte en gras ci-dessous, puis (clic droit/copier ou ctrl+c) :  
___________________________________________________  
Kill::  

Registry::  
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]   
"HP Software Update"=-  
"QuickTime Task"=-  
"DivXUpdate"=-  
[-HKCU\Software\ECBarre_V5]       
[-HKLM\Software\BrowserChoice]   
[HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]   
"C:\Program Files\Messenger\msmsgs.exe"=-  
[HKLM\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]   
"65533:TCP"=-  
"52344:TCP"=-  
[HKLM\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]   
"139:TCP"=-  
"445:TCP"=-  
"137:UDP"=-  
"138:UDP"=-  
"1900:UDP"=-  
"2869:TCP"=-  
"5985:TCP"=-  

list::  
C:\WINDOWS\system32\DBBK  

file::  
C:\WINDOWS\DUMP8404.tmp    
C:\WINDOWS\explorer(2).exe   
C:\Documents and Settings\poste2\RefEdit.exd   
C:\Program Files\FileFormatConverters.exe   

folder::  
C:\WINDOWS\assembly	mp\M88T9QU0   
C:\0d3984ea5496cf1e72c912cfa027   
C:\3a7a53ee679ea53e068133   
C:\68cff3248a17244592   
C:\6ad829c93f4cdf143e382e   
C:\7905e5a29a6bbf7b3fec   
C:\8e5085a88fd46e58d9c8ac98038b09   
C:\e42dc179c3cdbd6717ba0a2de7  
C:\f020c5dd4d820ba8f6   
C:\f7a53270713f7e555adb7712502e7092  
C:\Documents and Settings\poste2\Application Data\WebPlayerBdd   

Mbr::      

clean::        

Reboot::          
___________________________________________________  

colle-le ensuite (clic droit/coller ou ctrl+V) dans la page vierge.  

puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte  

des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille   

poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail   

=======================

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

 C:\Pre_scan\MBR.bin

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.

¤¤¤¤¤¤¤¤¤¤_g3n-h@ckm@n_Developpement_¤¤¤¤¤¤¤¤¤¤  
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤_Pre_Scan_¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

ckiller76 · Answer

Et il ne peut pas s'enlever manuellement ?

ckiller76 · Answer

pas de soucis

ckiller76 · Answer

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Script | 2.326 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Microsoft Windows XP (32 bits) Service Pack 3

Switchs possibles :

processes:: | file:: | folder:: | Registry::
Driver:: | replace:: | DNS:: | Command:: 
txt:: | Host:: | NsLook:: | DLL:: | Unhide_Part::
list:: | IP:: | Kill:: | clean:: | Del_Part:: 
Reboot:: | MBR:: | Fixmbr:: | 40:: | Zip::
search:: | Tray:: | FF::

Script : 17:00:19

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Modification du registre effectuée

¤

Supprimé : C:\WINDOWS\DUMP8404.tmp 
Supprimé : C:\WINDOWS\explorer(2).exe 
Supprimé : C:\Documents and Settings\poste2\RefEdit.exd 
Supprimé : C:\Program Files\FileFormatConverters.exe 

¤

Supprimé : C:\WINDOWS\assembly	mp\M88T9QU0 
Supprimé : C:\0d3984ea5496cf1e72c912cfa027 
Supprimé : C:\3a7a53ee679ea53e068133 
Supprimé : C:\68cff3248a17244592 
Supprimé : C:\6ad829c93f4cdf143e382e 
Supprimé : C:\7905e5a29a6bbf7b3fec 
Supprimé : C:\8e5085a88fd46e58d9c8ac98038b09 
Supprimé : C:\e42dc179c3cdbd6717ba0a2de7 
Supprimé : C:\f020c5dd4d820ba8f6 
non Supprimé : C:\f7a53270713f7e555adb7712502e7092 
Supprimé : C:\Documents and Settings\poste2\Application Data\WebPlayerBdd 

¤

¤¤¤¤¤¤¤¤¤¤ | Listing de : C:\WINDOWS\system32\DBBK 



¤

¤¤¤¤¤¤¤¤¤¤ | MBR

Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000000d

Analysis of file "C:\Pre_Scan\MBR.bin":
Windows XP MBR code detected




¤


¤¤¤¤¤¤¤¤¤¤ | Nettoyage disque

Nettoyage du disque effectué

¤


Fin : 17:02:48

¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤

g3n-h@ckm@n · Answer

ok virus total maintenant

ckiller76 · Answer

https://www.virustotal.com/gui/file/0c1a465f0d1dff10b8895bb85e7085d4b0d8e5b3cb81b62a4b8ea84ef485f904

g3n-h@ckm@n · Answer

il est pas bon le lien.....

ckiller76 · Answer

pourtant c'est bien le lien que j'ai en haut de ma page

ckiller76 · Answer

SHA256:	0c1a465f0d1dff10b8895bb85e7085d4b0d8e5b3cb81b62a4b8ea84ef485f904
File name:	MBR.bin
Detection ratio:	0 / 42
Analysis date:	 2012-04-05 15:02:49 UTC ( 0 minute ago )

ckiller76 · Answer

https://www.virustotal.com/gui/file/0c1a465f0d1dff10b8895bb85e7085d4b0d8e5b3cb81b62a4b8ea84ef485f904

ckiller76 · Answer

C'est le bon lien ?

ckiller76 · Answer

Bon appétit !

g3n-h@ckm@n · Answer

c'etait un faux positif.....

ckiller76 · Answer

Qu'est ce qui faut faire alors ?

g3n-h@ckm@n · Answer

ben rien l'infection n'existe pas :)

ckiller76 · Answer

Est ce qu'il y a une solution pour mon écran bleu et ces inscriptions ? Dois-je faire autre chose ?  Merci pour ton aide

g3n-h@ckm@n · Answer

j'avais pas vu le rapport de TDSSKiller....

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

    clique sur "Parcourir" et trouve puis selectionne ce(s) fichier(s) :

C:\WINDOWS\SYSTEM32\DRIVERS\XPSEC.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\XCPIP.SYS

    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée colle le lien de(s)( la) page(s)  dans ta prochaine réponse.

ckiller76 · Answer

Quand je recherche je ne trouve pas XPSEC.SYS ni XCPIP.SYS

g3n-h@ckm@n · Answer

affiche les fichiers cachés

ckiller76 · Answer

pourtant c'est marqué qu'il n'y a pas de fichiers ou de dossiers cachés quand je clique sur option

ckiller76 · Answer

comment je peux faire ?

g3n-h@ckm@n · Answer

as-tu affiché les fichiers cachés dans les options d'affichage ? as-tu aussi afffiché les fichiers systeme ?

ckiller76 · Answer

oui mais rien ni fait

g3n-h@ckm@n · Answer

pourtant dans les rapports precedents ils sont bien existantants....

ckiller76 · Answer

Quand je clique sur recherche dans drivers : XPSEC. SYS il met "aucun résultat"

ckiller76 · Answer

J'ai fait une recherche pour les deux en affichant les dossiers cachés etc... Résultat aucun. Les fichiers du drivers s'arrêtent à W

ckiller76 · Answer

Et en scannant tout le drivers cela ne fonctionnerait pas ,

g3n-h@ckm@n · Answer

passe cet outil et heberge le rapport voir...

https://gen-hackman.kanak.fr/

ckiller76 · Answer

https://www.cjoint.com/?BDfvwbp4pXp

ckiller76 · Answer

Bon je te laisse pour ce soir. Bonne soirée je ne me reconnecterais que demain soir vers 21 h car je travaille toute la journée demain. Merci pour ton aide

g3n-h@ckm@n · Answer

bizarre qu ils soient dans un rapport et pas dans l autre...

ok bonne soirée :)

ckiller76 · Answer

Désolé j'ai pas pu venir avant ! Oui j'ai vu que ce n'était pas dans tous les rapports et je ne trouve nulle part ces fichiers

g3n-h@ckm@n · Answer

ca m'a perturbé cette histoire de ces fichiers là...

Infection ?

79 réponses

Discussions similaires