Besoin d aide pour supprimer virus"disc antivirus professionnal"
Résolu/Fermé
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
-
11 mars 2013 à 10:45
celine6676 Messages postés 15 Date d'inscription lundi 11 mars 2013 Statut Membre Dernière intervention 13 mars 2013 - 13 mars 2013 à 20:17
celine6676 Messages postés 15 Date d'inscription lundi 11 mars 2013 Statut Membre Dernière intervention 13 mars 2013 - 13 mars 2013 à 20:17
A voir également:
- Besoin d aide pour supprimer virus"disc antivirus professionnal"
- Supprimer une page word - Guide
- Supprimer compte instagram - Guide
- Supprimer edge - Guide
- Supprimer bing - Guide
- Comodo antivirus - Télécharger - Sécurité
26 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 11/03/2013 à 10:52
Modifié par jlpjlp le 11/03/2013 à 10:52
slt
télécharge ici https://www.luanagames.com/index.fr.html
manuel ici: roguekiller
et colle un rapport de recherche avec
télécharge ici https://www.luanagames.com/index.fr.html
manuel ici: roguekiller
et colle un rapport de recherche avec
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
11 mars 2013 à 11:35
11 mars 2013 à 11:35
Merci beaucoup pour cette reponse rapide.
ci dessous le rapport
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : Celine [Droits d'admin]
Mode : Recherche -- Date : 11/03/2013 11:29:56
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 7 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKCU\[...]\RunOnce : 28647023DC72D7660000286447C4DCAE (C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe) [-] -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKUS\S-1-5-21-2668685833-1935237320-627252653-1006[...]\RunOnce : 28647023DC72D7660000286447C4DCAE (C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe) [-] -> TROUVÉ
[TASK][SUSP PATH] kelio2.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> TROUVÉ
[TASK][SUSP PATH] kelio.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> TROUVÉ
[TASK][SUSP PATH] cmd.job : C:\Documents and Settings\wmorel\Bureau\kelio.bat [x] -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-ST ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2]_S_11032013_112956.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt
ci dessous le rapport
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : Celine [Droits d'admin]
Mode : Recherche -- Date : 11/03/2013 11:29:56
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 7 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKCU\[...]\RunOnce : 28647023DC72D7660000286447C4DCAE (C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe) [-] -> TROUVÉ
[RUN][Rogue.AntiSpy-ST] HKUS\S-1-5-21-2668685833-1935237320-627252653-1006[...]\RunOnce : 28647023DC72D7660000286447C4DCAE (C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe) [-] -> TROUVÉ
[TASK][SUSP PATH] kelio2.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> TROUVÉ
[TASK][SUSP PATH] kelio.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> TROUVÉ
[TASK][SUSP PATH] cmd.job : C:\Documents and Settings\wmorel\Bureau\kelio.bat [x] -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-ST ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[2]_S_11032013_112956.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 mars 2013 à 15:09
11 mars 2013 à 15:09
ok colle un rapport de suppression avec roguekiller
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.com/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
ou sinon pour transmettre ton rapport:
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
puis
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista )
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi sur Cjoint : http://www.cijoint.com/
Clique sur "Parcourir " dans la partie " Joindre un fichier[...] "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message
ou sinon pour transmettre ton rapport:
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
11 mars 2013 à 15:36
11 mars 2013 à 15:36
voila le rapport de suppression
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 11/03/2013 15:18:48
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 6 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> SUPPRIMÉ
[RUN][Rogue.AntiSpy-ST] HKCU\[...]\RunOnce : 28647023DC72D7660000286447C4DCAE (C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe) [-] -> SUPPRIMÉ
[TASK][SUSP PATH] kelio2.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> SUPPRIMÉ
[TASK][SUSP PATH] kelio.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> SUPPRIMÉ
[TASK][SUSP PATH] cmd.job : C:\Documents and Settings\wmorel\Bureau\kelio.bat [x] -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-ST ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[3]_D_11032013_151848.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt
concernant le rapport de ZHPDiag, le site cijoint ne semble plus etre dispo.
merci de me dire ou je peux le deposer
merci !
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode sans echec avec prise en charge reseau
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 11/03/2013 15:18:48
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 6 ¤¤¤
[RUN][BLACKLISTDLL] HKLM\[...]\Run : NVHotkey (rundll32.exe nvHotkey.dll,Start) -> SUPPRIMÉ
[RUN][Rogue.AntiSpy-ST] HKCU\[...]\RunOnce : 28647023DC72D7660000286447C4DCAE (C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe) [-] -> SUPPRIMÉ
[TASK][SUSP PATH] kelio2.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> SUPPRIMÉ
[TASK][SUSP PATH] kelio.job : C:\Documents and Settings\cpreschey\Bureau\kelio.bat [x] -> SUPPRIMÉ
[TASK][SUSP PATH] cmd.job : C:\Documents and Settings\wmorel\Bureau\kelio.bat [x] -> SUPPRIMÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : Rogue.AntiSpy-ST ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[3]_D_11032013_151848.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt
concernant le rapport de ZHPDiag, le site cijoint ne semble plus etre dispo.
merci de me dire ou je peux le deposer
merci !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
11 mars 2013 à 16:11
11 mars 2013 à 16:11
voici finalement sur malekal le lien pour obtenir le rapport de ZHPdiag
Malekal's forum
Voici le lien à donner à vos correspondants afin que ces derniers puissent accéder au document partagé : https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130311_s6l9k7u11e10
merci !
Malekal's forum
Voici le lien à donner à vos correspondants afin que ces derniers puissent accéder au document partagé : https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130311_s6l9k7u11e10
merci !
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 11/03/2013 à 16:56
Modifié par jlpjlp le 11/03/2013 à 16:56
ok
supprime ce fichier
C:\Documents and Settings\Celine\Menu Démarrer\Programmes\Disk Antivirus Professional
télécharge malwarebyte antimalware, mets le à jour et colle un rapport d'analyse rapide avec
mets à jour avec cette version adobe reader https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
supprime ce fichier
C:\Documents and Settings\Celine\Menu Démarrer\Programmes\Disk Antivirus Professional
télécharge malwarebyte antimalware, mets le à jour et colle un rapport d'analyse rapide avec
mets à jour avec cette version adobe reader https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
11 mars 2013 à 18:31
11 mars 2013 à 18:31
le nouveau rapport :
Malwarebytes Anti-Malware (Essai) 1.70.0.1100
www.malwarebytes.org
Version de la base de données: v2013.03.11.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Celine :: PORLIM0207 [administrateur]
Protection: Activé
11/03/2013 17:27:54
MBAM-log-2013-03-11 (18-27-00).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 307628
Temps écoulé: 41 minute(s), 10 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 3
C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe (Malware.Packer.SGX2) -> Aucune action effectuée.
C:\Documents and Settings\Celine\Local Settings\Temp\11D.tmp (Malware.Packer.SGX2) -> Aucune action effectuée.
C:\Documents and Settings\Celine\Bureau\Disk Antivirus Professional.lnk (Trojan.FakeAV) -> Aucune action effectuée.
(fin)
merci d'avance !
Malwarebytes Anti-Malware (Essai) 1.70.0.1100
www.malwarebytes.org
Version de la base de données: v2013.03.11.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Celine :: PORLIM0207 [administrateur]
Protection: Activé
11/03/2013 17:27:54
MBAM-log-2013-03-11 (18-27-00).txt
Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 307628
Temps écoulé: 41 minute(s), 10 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 3
C:\Documents and Settings\All Users\Application Data\28647023DC72D7660000286447C4DCAE\28647023DC72D7660000286447C4DCAE.exe (Malware.Packer.SGX2) -> Aucune action effectuée.
C:\Documents and Settings\Celine\Local Settings\Temp\11D.tmp (Malware.Packer.SGX2) -> Aucune action effectuée.
C:\Documents and Settings\Celine\Bureau\Disk Antivirus Professional.lnk (Trojan.FakeAV) -> Aucune action effectuée.
(fin)
merci d'avance !
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 11/03/2013 à 18:35
Modifié par jlpjlp le 11/03/2013 à 18:35
supprime ce qui a été trouvé par malwarebyte
puis redemarre le pc et remets un rapport de recherche avec roguekiller
puis redemarre le pc et remets un rapport de recherche avec roguekiller
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
11 mars 2013 à 19:18
11 mars 2013 à 19:18
ci dessous le rapport
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Recherche -- Date : 11/03/2013 19:15:52
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[4]_S_11032013_191552.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt
merci!
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Recherche -- Date : 11/03/2013 19:15:52
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[4]_S_11032013_191552.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt
merci!
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 11/03/2013 à 21:21
Modifié par jlpjlp le 11/03/2013 à 21:21
ok colle un rapport de suppression avec roguekiller
puis colle un rapport de recherche avec tdsskiller
-----------------
Téléchargez TDSSKiller sur votre bureau
https://support.kaspersky.com/downloads/utils/tdsskiller.zip
Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.
Cochez les et cliquez sur "Delete/Repair Selected".
Un message peut ensuite apparaitre demandant de redémarrer le pc (reboot)pour finir le nettoyage. taper "Y" pour redémarrer le PC ("close all programs and choose Y to restart").
Informations complémentaires sur cet outil :
https://support.kaspersky.com/5350
puis colle un rapport de recherche avec tdsskiller
-----------------
Téléchargez TDSSKiller sur votre bureau
https://support.kaspersky.com/downloads/utils/tdsskiller.zip
Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.
Cochez les et cliquez sur "Delete/Repair Selected".
Un message peut ensuite apparaitre demandant de redémarrer le pc (reboot)pour finir le nettoyage. taper "Y" pour redémarrer le PC ("close all programs and choose Y to restart").
Informations complémentaires sur cet outil :
https://support.kaspersky.com/5350
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
12 mars 2013 à 09:31
12 mars 2013 à 09:31
bonjour ci dessous les 2 rapports :
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 12/03/2013 09:25:24
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[5]_D_12032013_092524.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt ; RKreport[5]_D_12032013_092524.txt
09:28:48.0734 3104 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:28:49.0281 3104 ============================================================
09:28:49.0281 3104 Current date / time: 2013/03/12 09:28:49.0281
09:28:49.0281 3104 SystemInfo:
09:28:49.0281 3104
09:28:49.0281 3104 OS Version: 5.1.2600 ServicePack: 3.0
09:28:49.0281 3104 Product type: Workstation
09:28:49.0281 3104 ComputerName: PORLIM0207
09:28:49.0281 3104 UserName: Celine
09:28:49.0281 3104 Windows directory: C:\WINDOWS
09:28:49.0281 3104 System windows directory: C:\WINDOWS
09:28:49.0281 3104 Processor architecture: Intel x86
09:28:49.0281 3104 Number of processors: 2
09:28:49.0281 3104 Page size: 0x1000
09:28:49.0281 3104 Boot type: Normal boot
09:28:49.0281 3104 ============================================================
09:28:51.0125 3104 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:28:51.0156 3104 ============================================================
09:28:51.0156 3104 \Device\Harddisk0\DR0:
09:28:51.0156 3104 MBR partitions:
09:28:51.0156 3104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x69E5B, BlocksNum 0xDF29966
09:28:51.0156 3104 ============================================================
09:28:51.0203 3104 C: <-> \Device\Harddisk0\DR0\Partition1
09:28:51.0203 3104 ============================================================
09:28:51.0203 3104 Initialize success
09:28:51.0203 3104 ============================================================
09:28:53.0421 3996 ============================================================
09:28:53.0421 3996 Scan started
09:28:53.0421 3996 Mode: Manual;
09:28:53.0421 3996 ============================================================
09:28:54.0234 3996 ================ Scan system memory ========================
09:29:01.0984 3996 System memory - ok
09:29:01.0984 3996 ================ Scan services =============================
09:29:02.0078 3996 Abiosdsk - ok
09:29:02.0125 3996 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:29:02.0125 3996 abp480n5 - ok
09:29:02.0171 3996 [ E5E6DBFC41EA8AAD005CB9A57A96B43B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:29:02.0171 3996 ACPI - ok
09:29:02.0203 3996 [ E4ABC1212B70BB03D35E60681C447210 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:29:02.0203 3996 ACPIEC - ok
09:29:02.0281 3996 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:29:02.0281 3996 AdobeFlashPlayerUpdateSvc - ok
09:29:02.0296 3996 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:29:02.0296 3996 adpu160m - ok
09:29:02.0312 3996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:29:02.0312 3996 aec - ok
09:29:02.0343 3996 [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:29:02.0359 3996 AegisP - ok
09:29:02.0390 3996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:29:02.0406 3996 AFD - ok
09:29:02.0421 3996 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:29:02.0421 3996 agp440 - ok
09:29:02.0421 3996 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:29:02.0421 3996 agpCPQ - ok
09:29:02.0484 3996 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:29:02.0484 3996 Aha154x - ok
09:29:02.0484 3996 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:29:02.0484 3996 aic78u2 - ok
09:29:02.0484 3996 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:29:02.0484 3996 aic78xx - ok
09:29:02.0531 3996 [ 758FDC60D41716EF889D849989B4B1CD ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:29:02.0562 3996 Alerter - ok
09:29:02.0593 3996 [ 5E9A6658A2A69AE7EB195113B7A2E7A9 ] ALG C:\WINDOWS\System32\alg.exe
09:29:02.0593 3996 ALG - ok
09:29:02.0625 3996 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:29:02.0625 3996 AliIde - ok
09:29:02.0656 3996 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:29:02.0656 3996 alim1541 - ok
09:29:02.0656 3996 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:29:02.0671 3996 amdagp - ok
09:29:02.0687 3996 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:29:02.0687 3996 amsint - ok
09:29:02.0718 3996 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:29:02.0734 3996 ApfiltrService - ok
09:29:02.0765 3996 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
09:29:02.0765 3996 APPDRV - ok
09:29:02.0828 3996 [ F36C9F78FC902C8DCE4D3B576BB0435A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:29:02.0890 3996 AppMgmt - ok
09:29:02.0937 3996 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:29:02.0937 3996 Arp1394 - ok
09:29:02.0953 3996 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:29:02.0953 3996 asc - ok
09:29:02.0968 3996 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:29:02.0968 3996 asc3350p - ok
09:29:02.0968 3996 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:29:02.0984 3996 asc3550 - ok
09:29:03.0046 3996 [ 7591238EBF7DD1FD13B353C382227DC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
09:29:03.0046 3996 ASFIPmon - ok
09:29:03.0156 3996 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:29:03.0234 3996 aspnet_state - ok
09:29:03.0250 3996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:29:03.0250 3996 AsyncMac - ok
09:29:03.0265 3996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:29:03.0281 3996 atapi - ok
09:29:03.0281 3996 Atdisk - ok
09:29:03.0343 3996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:29:03.0343 3996 Atmarpc - ok
09:29:03.0406 3996 [ B4005AEF7873144634765B570DAC466E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:29:03.0406 3996 AudioSrv - ok
09:29:03.0453 3996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:29:03.0453 3996 audstub - ok
09:29:03.0468 3996 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:29:03.0484 3996 b57w2k - ok
09:29:03.0515 3996 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
09:29:03.0515 3996 BASFND - ok
09:29:03.0562 3996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:29:03.0562 3996 Beep - ok
09:29:03.0609 3996 [ BAA0B6E647C1AD593E9BAE5CC31BCFFB ] BITS C:\WINDOWS\system32\qmgr.dll
09:29:03.0656 3996 BITS - ok
09:29:03.0718 3996 [ 952322AE7F95A21F3EEDA99C36C68663 ] Browser C:\WINDOWS\System32\browser.dll
09:29:03.0718 3996 Browser - ok
09:29:03.0765 3996 [ BB12F5FD9C35AF5969C19E6C9D4075C9 ] CA-MessageQueuing C:\Program Files\CA\SC\CAM\bin\cam.exe
09:29:03.0781 3996 CA-MessageQueuing - ok
09:29:03.0796 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:29:03.0796 3996 cbidf - ok
09:29:03.0796 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:29:03.0812 3996 cbidf2k - ok
09:29:03.0843 3996 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:29:03.0843 3996 cd20xrnt - ok
09:29:03.0859 3996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:29:03.0875 3996 Cdaudio - ok
09:29:03.0921 3996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:29:03.0921 3996 Cdfs - ok
09:29:03.0937 3996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:29:03.0937 3996 Cdrom - ok
09:29:03.0953 3996 Changer - ok
09:29:04.0000 3996 [ 793EF38A5FD086C3C8E48A8A861562ED ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:29:04.0000 3996 CiSvc - ok
09:29:04.0015 3996 [ 8B30CBB0C07D49B2658FB190946B0E7E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:29:04.0031 3996 ClipSrv - ok
09:29:04.0109 3996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:29:04.0140 3996 clr_optimization_v2.0.50727_32 - ok
09:29:04.0203 3996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:29:04.0312 3996 clr_optimization_v4.0.30319_32 - ok
09:29:04.0359 3996 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:29:04.0359 3996 CmBatt - ok
09:29:04.0375 3996 [ E3726AD522D0BDAE090671048C991AB3 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:29:04.0390 3996 CmdIde - ok
09:29:04.0421 3996 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:29:04.0421 3996 Compbatt - ok
09:29:04.0437 3996 COMSysApp - ok
09:29:04.0453 3996 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:29:04.0453 3996 Cpqarray - ok
09:29:04.0500 3996 [ 7A6D0B71035E123FDDA2156A25578AD3 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:29:04.0500 3996 CryptSvc - ok
09:29:04.0531 3996 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:29:04.0531 3996 CVirtA - ok
09:29:04.0562 3996 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:29:04.0562 3996 dac2w2k - ok
09:29:04.0593 3996 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:29:04.0593 3996 dac960nt - ok
09:29:04.0656 3996 [ 0203B1AAD358F206CB0A3C1F93CCE17A ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:29:04.0656 3996 DcomLaunch - ok
09:29:04.0671 3996 [ 318F535DC05551D96DEEB90B6D6904DE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:29:04.0671 3996 Dhcp - ok
09:29:04.0687 3996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:29:04.0687 3996 Disk - ok
09:29:04.0687 3996 dmadmin - ok
09:29:04.0750 3996 [ F5DEADD42335FB33EDCA74ECB2F36CBA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:29:04.0765 3996 dmboot - ok
09:29:04.0796 3996 [ 5A7C47C9B3F9FB92A66410A7509F0C71 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:29:04.0796 3996 dmio - ok
09:29:04.0843 3996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:29:04.0843 3996 dmload - ok
09:29:04.0875 3996 [ 6797C23D6B79935482D7F0E8CA5E5B67 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:29:04.0890 3996 dmserver - ok
09:29:04.0906 3996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:29:04.0906 3996 DMusic - ok
09:29:04.0953 3996 [ 1A1E59377FB6CACD711CC5073C4A7D79 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:29:04.0968 3996 Dnscache - ok
09:29:05.0015 3996 [ 3FCF86F03D0302443C21CE6E5BBF7A25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:29:05.0078 3996 Dot3svc - ok
09:29:05.0093 3996 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:29:05.0093 3996 dpti2o - ok
09:29:05.0156 3996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:29:05.0156 3996 drmkaud - ok
09:29:05.0203 3996 [ 549734664886D91222969845E4311D1B ] DXEC01 C:\WINDOWS\system32\drivers\dxec01.sys
09:29:05.0203 3996 DXEC01 - ok
09:29:05.0218 3996 [ 1961F8B618E3C20DF54C146B294EFD2A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:29:05.0234 3996 E100B - ok
09:29:05.0265 3996 [ 8B5FC9087D2CAB110BC2ED5CC5E7B8AC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:29:05.0296 3996 EapHost - ok
09:29:05.0343 3996 [ 94F948CB12C4D35483F1E815DEB16C7B ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:29:05.0343 3996 ERSvc - ok
09:29:05.0390 3996 [ C3FB1D70CB88722267949694BA51759E ] Eventlog C:\WINDOWS\system32\services.exe
09:29:05.0390 3996 Eventlog - ok
09:29:05.0421 3996 [ EC16AE9B37EACF871629227A3F3913FD ] EventSystem C:\WINDOWS\system32\es.dll
09:29:05.0421 3996 EventSystem - ok
09:29:05.0484 3996 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:29:05.0500 3996 EvtEng - ok
09:29:05.0531 3996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:29:05.0531 3996 Fastfat - ok
09:29:05.0593 3996 [ 1B8542F338CDD86929A084A455837158 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:29:05.0609 3996 FastUserSwitchingCompatibility - ok
09:29:05.0656 3996 [ 305687EB8C8E0A12A0B2BAE387B6E466 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:29:05.0656 3996 Fax - ok
09:29:05.0703 3996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:29:05.0703 3996 Fdc - ok
09:29:05.0734 3996 [ 31F923EB2170FC172C81ABDA0045D18C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:29:05.0734 3996 Fips - ok
09:29:05.0765 3996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:29:05.0765 3996 Flpydisk - ok
09:29:05.0828 3996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:29:05.0843 3996 FltMgr - ok
09:29:05.0937 3996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:29:05.0937 3996 FontCache3.0.0.0 - ok
09:29:05.0968 3996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:29:05.0968 3996 Fs_Rec - ok
09:29:06.0000 3996 [ A86859B77B908C18C2657F284AA29FE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:29:06.0000 3996 Ftdisk - ok
09:29:06.0046 3996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:29:06.0046 3996 Gpc - ok
09:29:06.0093 3996 [ 32634C6CC92DB8A721E63C8A37AF5EEA ] GTF32BUS C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
09:29:06.0093 3996 GTF32BUS - ok
09:29:06.0109 3996 [ 571E647090B44F61D2F4F3FEB267A5DD ] GTPTSER C:\WINDOWS\system32\DRIVERS\gtptser.sys
09:29:06.0109 3996 GTPTSER - ok
09:29:06.0125 3996 [ AAF5B637B72DF8275B82FF64FF80791D ] GTSCSER C:\WINDOWS\system32\DRIVERS\gtscser.sys
09:29:06.0125 3996 GTSCSER - ok
09:29:06.0171 3996 [ 7031A936832967A93B0E5D5F1C76745A ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
09:29:06.0171 3996 guardian2 - ok
09:29:06.0218 3996 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:29:06.0234 3996 HDAudBus - ok
09:29:06.0328 3996 [ 1247F83B705AF0E796330442F7967CF8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:29:06.0328 3996 helpsvc - ok
09:29:06.0359 3996 [ A3B9B4A68BC839CE5A264D5908092261 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:29:06.0359 3996 HidServ - ok
09:29:06.0406 3996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:29:06.0421 3996 HidUsb - ok
09:29:06.0468 3996 [ 17B3C3D40CDBA40C2E331D28BE4DE27F ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:29:06.0515 3996 hkmsvc - ok
09:29:06.0531 3996 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:29:06.0546 3996 hpn - ok
09:29:06.0562 3996 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:29:06.0578 3996 HPZid412 - ok
09:29:06.0609 3996 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:29:06.0609 3996 HPZipr12 - ok
09:29:06.0656 3996 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:29:06.0656 3996 HPZius12 - ok
09:29:06.0703 3996 [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:29:06.0703 3996 HSFHWAZL - ok
09:29:06.0765 3996 [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:29:06.0781 3996 HSF_DPV - ok
09:29:06.0843 3996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:29:06.0843 3996 HTTP - ok
09:29:06.0875 3996 [ BD31CFACE38D1800ABDB43F4260AF0D5 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:29:06.0906 3996 HTTPFilter - ok
09:29:06.0937 3996 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:29:06.0937 3996 i2omgmt - ok
09:29:06.0984 3996 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:29:06.0984 3996 i2omp - ok
09:29:07.0000 3996 [ A09BDC4ED10E3B2E0EC27BB94AF32516 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:29:07.0015 3996 i8042prt - ok
09:29:07.0156 3996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:29:07.0250 3996 idsvc - ok
09:29:07.0281 3996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:29:07.0281 3996 Imapi - ok
09:29:07.0343 3996 [ C4221678BBAA55239C23632875759961 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:29:07.0343 3996 ImapiService - ok
09:29:07.0375 3996 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:29:07.0375 3996 ini910u - ok
09:29:07.0406 3996 [ 4B6DA2F0A4095857A9E3F3697399D575 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:29:07.0406 3996 IntelIde - ok
09:29:07.0453 3996 [ AD340800C35A42D4DE1641A37FEEA34C ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:29:07.0453 3996 intelppm - ok
09:29:07.0468 3996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:29:07.0484 3996 Ip6Fw - ok
09:29:07.0515 3996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:29:07.0515 3996 IpFilterDriver - ok
09:29:07.0546 3996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:29:07.0562 3996 IpInIp - ok
09:29:07.0593 3996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:29:07.0593 3996 IpNat - ok
09:29:07.0656 3996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:29:07.0656 3996 IPSec - ok
09:29:07.0687 3996 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:29:07.0703 3996 IRENUM - ok
09:29:07.0718 3996 [ 355836975A67B6554BCA60328CD6CB74 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:29:07.0734 3996 isapnp - ok
09:29:07.0812 3996 [ 5FD5865DC1A2100F8D4CF000EE5409A3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:29:07.0812 3996 JavaQuickStarterService - ok
09:29:07.0843 3996 [ 16813155807C6881F4BFBF6657424659 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:29:07.0843 3996 Kbdclass - ok
09:29:07.0859 3996 [ 94C59CB884BA010C063687C3A50DCE8E ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:29:07.0859 3996 kbdhid - ok
09:29:07.0890 3996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:29:07.0890 3996 kmixer - ok
09:29:07.0921 3996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:29:07.0921 3996 KSecDD - ok
09:29:07.0968 3996 [ 1DB8078A32E03AC8F5EB5E6DCAC2AA34 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:29:07.0968 3996 lanmanserver - ok
09:29:08.0000 3996 [ AD54EAD46D92F413BE189AABC1C59490 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:29:08.0000 3996 lanmanworkstation - ok
09:29:08.0015 3996 lbrtfdc - ok
09:29:08.0078 3996 [ 0F357C079AC529A844AB5B18E4EEF881 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:29:08.0078 3996 LmHosts - ok
09:29:08.0109 3996 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
09:29:08.0109 3996 MBAMProtector - ok
09:29:08.0125 3996 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:29:08.0140 3996 MBAMScheduler - ok
09:29:08.0171 3996 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:29:08.0187 3996 MBAMService - ok
09:29:08.0218 3996 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:29:08.0218 3996 mdmxsdk - ok
09:29:08.0234 3996 [ E67A66A3781C1A483F0F8992664CBE0D ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:29:08.0296 3996 Messenger - ok
09:29:08.0343 3996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:29:08.0343 3996 mnmdd - ok
09:29:08.0390 3996 [ D3A2870CD96CDA7BCFF3DC54F64087AD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:29:08.0390 3996 mnmsrvc - ok
09:29:08.0437 3996 [ 510ADE9327FE84C10254E1902697E25F ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:29:08.0437 3996 Modem - ok
09:29:08.0468 3996 [ 027C01BD7EF3349AAEBC883D8A799EFB ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:29:08.0468 3996 Mouclass - ok
09:29:08.0500 3996 [ 124D6846040C79B9C997F78EF4B2A4E5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:29:08.0500 3996 mouhid - ok
09:29:08.0515 3996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:29:08.0515 3996 MountMgr - ok
09:29:08.0578 3996 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:29:08.0578 3996 mraid35x - ok
09:29:08.0593 3996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:29:08.0593 3996 MRxDAV - ok
09:29:08.0656 3996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:29:08.0671 3996 MRxSmb - ok
09:29:08.0718 3996 [ 8648D670AE0D95C95E7BBB5B80661796 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:29:08.0718 3996 MSDTC - ok
09:29:08.0734 3996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:29:08.0734 3996 Msfs - ok
09:29:08.0750 3996 MSIServer - ok
09:29:08.0796 3996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:29:08.0796 3996 MSKSSRV - ok
09:29:08.0812 3996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:29:08.0812 3996 MSPCLOCK - ok
09:29:08.0828 3996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:29:08.0828 3996 MSPQM - ok
09:29:08.0859 3996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:29:08.0859 3996 mssmbios - ok
09:29:08.0937 3996 MSSQL$EBP - ok
09:29:09.0000 3996 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:29:09.0000 3996 MSSQLServerADHelper100 - ok
09:29:09.0046 3996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:29:09.0046 3996 Mup - ok
09:29:09.0109 3996 [ 69E4FBBABAEEE1BFF422E091DA3171DA ] napagent C:\WINDOWS\System32\qagentrt.dll
09:29:09.0234 3996 napagent - ok
09:29:09.0281 3996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:29:09.0281 3996 NDIS - ok
09:29:09.0328 3996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:29:09.0328 3996 NdisTapi - ok
09:29:09.0359 3996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:29:09.0359 3996 Ndisuio - ok
09:29:09.0375 3996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:29:09.0375 3996 NdisWan - ok
09:29:09.0421 3996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:29:09.0437 3996 NDProxy - ok
09:29:09.0453 3996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:29:09.0453 3996 NetBIOS - ok
09:29:09.0468 3996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:29:09.0484 3996 NetBT - ok
09:29:09.0531 3996 [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDE C:\WINDOWS\system32\netdde.exe
09:29:09.0531 3996 NetDDE - ok
09:29:09.0546 3996 [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:29:09.0546 3996 NetDDEdsdm - ok
09:29:09.0578 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] Netlogon C:\WINDOWS\system32\lsass.exe
09:29:09.0578 3996 Netlogon - ok
09:29:09.0609 3996 [ BE0CB143FA427D93440DED18DB8C918B ] Netman C:\WINDOWS\System32\netman.dll
09:29:09.0609 3996 Netman - ok
09:29:09.0656 3996 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:29:09.0687 3996 NetTcpPortSharing - ok
09:29:09.0796 3996 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:29:09.0812 3996 NETw4x32 - ok
09:29:09.0843 3996 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:29:09.0843 3996 NIC1394 - ok
09:29:09.0921 3996 [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
09:29:09.0921 3996 NICCONFIGSVC - ok
09:29:09.0937 3996 [ 6F5F546A92C7B6AE45DB1D6910781EB0 ] Nla C:\WINDOWS\System32\mswsock.dll
09:29:09.0953 3996 Nla - ok
09:29:10.0000 3996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:29:10.0000 3996 Npfs - ok
09:29:10.0031 3996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:29:10.0046 3996 Ntfs - ok
09:29:10.0062 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:29:10.0062 3996 NtLmSsp - ok
09:29:10.0140 3996 [ 037D92B3A7853A183FCAB77FB1D13D6C ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:29:10.0187 3996 NtmsSvc - ok
09:29:10.0312 3996 [ 7EC20D4E92CA8F63C924918AFBA82EC2 ] ntrtscan C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
09:29:10.0328 3996 ntrtscan - ok
09:29:10.0359 3996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:29:10.0359 3996 Null - ok
09:29:10.0625 3996 [ 8129D762CC3E3C5AB9CF2EABC377FB73 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:29:10.0703 3996 nv - ok
09:29:10.0750 3996 [ 7EE6243758619A391491148EABF0E7B7 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
09:29:10.0765 3996 NVSvc - ok
09:29:10.0781 3996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:29:10.0781 3996 NwlnkFlt - ok
09:29:10.0796 3996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:29:10.0796 3996 NwlnkFwd - ok
09:29:10.0843 3996 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:29:10.0843 3996 ohci1394 - ok
09:29:10.0906 3996 OracleMTSRecoveryService - ok
09:29:10.0953 3996 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
09:29:10.0968 3996 ose - ok
09:29:10.0984 3996 [ 8FD0BDBEA875D06CCF6C945CA9ABAF75 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:29:10.0984 3996 Parport - ok
09:29:11.0000 3996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:29:11.0000 3996 PartMgr - ok
09:29:11.0015 3996 [ 9575C5630DB8FB804649A6959737154C ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:29:11.0015 3996 ParVdm - ok
09:29:11.0031 3996 [ 9EC004140E1B675ACDEB07F66EE797A4 ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
09:29:11.0031 3996 PBADRV - ok
09:29:11.0031 3996 [ 043410877BDA580C528F45165F7125BC ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:29:11.0046 3996 PCI - ok
09:29:11.0046 3996 PCIDump - ok
09:29:11.0046 3996 [ F4BFDE7209C14A07AAA61E4D6AE69EAC ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:29:11.0046 3996 PCIIde - ok
09:29:11.0062 3996 [ F0406CBC60BDB0394A0E17FFB04CDD3D ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:29:11.0078 3996 Pcmcia - ok
09:29:11.0078 3996 PDCOMP - ok
09:29:11.0078 3996 PDFRAME - ok
09:29:11.0078 3996 PDRELI - ok
09:29:11.0093 3996 PDRFRAME - ok
09:29:11.0109 3996 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:29:11.0109 3996 perc2 - ok
09:29:11.0125 3996 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:29:11.0125 3996 perc2hib - ok
09:29:11.0156 3996 [ C3FB1D70CB88722267949694BA51759E ] PlugPlay C:\WINDOWS\system32\services.exe
09:29:11.0156 3996 PlugPlay - ok
09:29:11.0203 3996 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
09:29:11.0203 3996 Pml Driver HPZ12 - ok
09:29:11.0218 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:29:11.0218 3996 PolicyAgent - ok
09:29:11.0265 3996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:29:11.0265 3996 PptpMiniport - ok
09:29:11.0265 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:29:11.0265 3996 ProtectedStorage - ok
09:29:11.0281 3996 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:29:11.0281 3996 PSched - ok
09:29:11.0328 3996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:29:11.0328 3996 Ptilink - ok
09:29:11.0375 3996 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:29:11.0375 3996 ql1080 - ok
09:29:11.0375 3996 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:29:11.0375 3996 Ql10wnt - ok
09:29:11.0390 3996 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:29:11.0390 3996 ql12160 - ok
09:29:11.0421 3996 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:29:11.0421 3996 ql1240 - ok
09:29:11.0437 3996 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:29:11.0437 3996 ql1280 - ok
09:29:11.0468 3996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:29:11.0468 3996 RasAcd - ok
09:29:11.0500 3996 [ 78DA9CCDAC683EF5AA87D1C919F6D221 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:29:11.0531 3996 RasAuto - ok
09:29:11.0546 3996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:29:11.0546 3996 Rasl2tp - ok
09:29:11.0609 3996 [ 0A48DF90B4784F9B90A2671AF992C914 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:29:11.0609 3996 RasMan - ok
09:29:11.0609 3996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:29:11.0609 3996 RasPppoe - ok
09:29:11.0625 3996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:29:11.0625 3996 Raspti - ok
09:29:11.0640 3996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:29:11.0640 3996 Rdbss - ok
09:29:11.0656 3996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:29:11.0656 3996 RDPCDD - ok
09:29:11.0671 3996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:29:11.0671 3996 rdpdr - ok
09:29:11.0703 3996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:29:11.0718 3996 RDPWD - ok
09:29:11.0750 3996 [ 9F63D9C5B238ED1C375D417EFF3D5BE7 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:29:11.0750 3996 RDSessMgr - ok
09:29:11.0796 3996 [ D8EB2A7904DB6C916EB5361878DDCBAE ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:29:11.0796 3996 redbook - ok
09:29:11.0843 3996 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:29:11.0843 3996 RegSrvc - ok
09:29:11.0890 3996 [ 7DA370C31673C99497BD07068EE6E354 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:29:11.0937 3996 RemoteAccess - ok
09:29:11.0984 3996 [ E598D81197E2E0EC42A0C55772BB00E8 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:29:11.0984 3996 RemoteRegistry - ok
09:29:12.0015 3996 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
09:29:12.0031 3996 RimUsb - ok
09:29:12.0062 3996 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:29:12.0062 3996 RimVSerPort - ok
09:29:12.0109 3996 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
09:29:12.0109 3996 ROOTMODEM - ok
09:29:12.0156 3996 [ 499C59A2584F6D4EA41E944DA571D993 ] RpcLocator C:\WINDOWS\system32\locator.exe
09:29:12.0171 3996 RpcLocator - ok
09:29:12.0203 3996 [ 0203B1AAD358F206CB0A3C1F93CCE17A ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:29:12.0203 3996 RpcSs - ok
09:29:12.0265 3996 [ A95840A95A9FF74B0009E5D848CDDB39 ] RsFx0150 C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
09:29:12.0265 3996 RsFx0150 - ok
09:29:12.0312 3996 [ 414964844F4793ACB868D057E8ED997E ] RSVP C:\WINDOWS\system32\rsvp.exe
09:29:12.0312 3996 RSVP - ok
09:29:12.0375 3996 [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
09:29:12.0390 3996 S24EventMonitor - ok
09:29:12.0421 3996 [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:29:12.0421 3996 s24trans - ok
09:29:12.0421 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] SamSs C:\WINDOWS\system32\lsass.exe
09:29:12.0437 3996 SamSs - ok
09:29:12.0484 3996 [ 67949CC8A865296C1333C96A4E1A2D66 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:29:12.0484 3996 SCardSvr - ok
09:29:12.0546 3996 [ 55F5C5C1BE1A78E285033E432BA01597 ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:29:12.0562 3996 Schedule - ok
09:29:12.0625 3996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:29:12.0625 3996 Secdrv - ok
09:29:12.0656 3996 [ 5AC311C0AF2AF5EC221670BB8DC479D3 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:29:12.0656 3996 seclogon - ok
09:29:12.0781 3996 [ 472946EDEBF85C1F0B44B6EBA01AC9B6 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
09:29:12.0796 3996 SecureStorageService - ok
09:29:12.0812 3996 [ 3531366F38F453D08FE72E7B32DFE786 ] SENS C:\WINDOWS\system32\sens.dll
09:29:12.0828 3996 SENS - ok
09:29:12.0890 3996 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:29:12.0890 3996 serenum - ok
09:29:12.0921 3996 [ 93D313C31F7AD9EA2B75F26075413C7C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:29:12.0937 3996 Serial - ok
09:29:12.0984 3996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:29:12.0984 3996 Sfloppy - ok
09:29:13.0046 3996 [ F4CE708A7D17A625DE6C0FD746D50E88 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:29:13.0046 3996 SharedAccess - ok
09:29:13.0093 3996 [ 1B8542F338CDD86929A084A455837158 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:29:13.0093 3996 ShellHWDetection - ok
09:29:13.0109 3996 Simbad - ok
09:29:13.0140 3996 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:29:13.0140 3996 sisagp - ok
09:29:13.0187 3996 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:29:13.0187 3996 Sparrow - ok
09:29:13.0203 3996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:29:13.0218 3996 splitter - ok
09:29:13.0265 3996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:29:13.0265 3996 Spooler - ok
09:29:13.0359 3996 [ 37761F6BE2EBAED72CC0D43BD4C8C2A6 ] SQLAgent$EBP C:\Program Files\Microsoft SQL Server\MSSQL10_50.EBP\MSSQL\Binn\SQLAGENT.EXE
09:29:13.0375 3996 SQLAgent$EBP - ok
09:29:13.0468 3996 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:29:13.0468 3996 SQLBrowser - ok
09:29:13.0468 3996 [ 8E6E5CFA06769A417B03FD6FAA29E010 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:29:13.0484 3996 SQLWriter - ok
09:29:13.0500 3996 [ 39626E6DC1FB39434EC40C42722B660A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:29:13.0500 3996 sr - ok
09:29:13.0546 3996 [ 6ED29124A1C83BD0CF6B26BD01CA6F6F ] srservice C:\WINDOWS\system32\srsvc.dll
09:29:13.0562 3996 srservice - ok
09:29:13.0625 3996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:29:13.0625 3996 Srv - ok
09:29:13.0656 3996 [ EA9E0DB8684CEF2FD3BADD671DF5A112 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:29:13.0671 3996 SSDPSRV - ok
09:29:13.0671 3996 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\WINDOWS\system32\StacSV.exe
09:29:13.0687 3996 STacSV - ok
09:29:13.0750 3996 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
09:29:13.0765 3996 STHDA - ok
09:29:13.0828 3996 [ D76B0E8A4ECAD1ADCC75FD14A7ACC54C ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:29:13.0843 3996 stisvc - ok
09:29:13.0890 3996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:29:13.0890 3996 swenum - ok
09:29:13.0906 3996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:29:13.0906 3996 swmidi - ok
09:29:13.0906 3996 SwPrv - ok
09:29:13.0937 3996 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:29:13.0937 3996 symc810 - ok
09:29:13.0953 3996 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:29:13.0968 3996 symc8xx - ok
09:29:13.0968 3996 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:29:13.0968 3996 sym_hi - ok
09:29:13.0984 3996 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:29:13.0984 3996 sym_u3 - ok
09:29:14.0000 3996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:29:14.0015 3996 sysaudio - ok
09:29:14.0046 3996 [ 0899061318A6B1D9596AABFC77F45E44 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:29:14.0062 3996 SysmonLog - ok
09:29:14.0062 3996 [ 8E5231171AD6595FF002E848CC54FCD7 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:29:14.0078 3996 TapiSrv - ok
09:29:14.0125 3996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:29:14.0140 3996 Tcpip - ok
09:29:14.0234 3996 [ 23B506262493F1A521683EE88C5FBF60 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:29:14.0250 3996 tcsd_win32.exe - ok
09:29:14.0343 3996 [ A27D803B21F24A5CFB775944EA4CB130 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
09:29:14.0359 3996 TdmService - ok
09:29:14.0406 3996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:29:14.0421 3996 TDPIPE - ok
09:29:14.0453 3996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:29:14.0453 3996 TDTCP - ok
09:29:14.0484 3996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:29:14.0484 3996 TermDD - ok
09:29:14.0531 3996 [ 710BC85A8C22626EE094439E3EA0D38C ] TermService C:\WINDOWS\System32\termsrv.dll
09:29:14.0546 3996 TermService - ok
09:29:14.0562 3996 [ 1B8542F338CDD86929A084A455837158 ] Themes C:\WINDOWS\System32\shsvcs.dll
09:29:14.0562 3996 Themes - ok
09:29:14.0609 3996 [ D859A9D2F026CE5804485068FFD6EAF2 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:29:14.0609 3996 TlntSvr - ok
09:29:14.0656 3996 [ CA9E9C2C04A198ED345C1752222A5F3E ] tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys
09:29:14.0656 3996 tmactmon - ok
09:29:14.0718 3996 [ 4D69206E3A3E665221FDD7E397106405 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
09:29:14.0718 3996 TMBMServer - ok
09:29:14.0781 3996 [ A3D20789B3FF0576A29462BEF25BCFCC ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
09:29:14.0781 3996 tmcomm - ok
09:29:14.0828 3996 [ 21F215E54770C4BF93EFAF63F58FE57E ] tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys
09:29:14.0828 3996 tmevtmgr - ok
09:29:14.0859 3996 [ 6341531EE7FE1CE4C116C849BE02534F ] TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
09:29:14.0859 3996 TmFilter - ok
09:29:14.0937 3996 [ A4F769194F2497C20E27F7504F1FDF10 ] tmlisten C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
09:29:14.0937 3996 tmlisten - ok
09:29:14.0953 3996 [ 0DE3104387D312EA8B096D97305430D0 ] TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
09:29:14.0953 3996 TmPreFilter - ok
09:29:14.0984 3996 [ 7E3601439FF68B4F64AB3342DFBA7FE7 ] TmProxy C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
09:29:14.0984 3996 TmProxy - ok
09:29:15.0015 3996 [ 50453BC5BA46C6AE2F85FA124A59DA2E ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
09:29:15.0031 3996 tmtdi - ok
09:29:15.0046 3996 [ B411668322C3BF4E690888706B999679 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:29:15.0046 3996 TosIde - ok
09:29:15.0093 3996 [ E1A84A5067627407A53C2C4F8D8A1D2E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:29:15.0109 3996 TrkWks - ok
09:29:15.0156 3996 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
09:29:15.0156 3996 TrueSight - ok
09:29:15.0156 3996 TSClient - ok
09:29:15.0187 3996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:29:15.0187 3996 Udfs - ok
09:29:15.0218 3996 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:29:15.0218 3996 ultra - ok
09:29:15.0281 3996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:29:15.0296 3996 Update - ok
09:29:15.0328 3996 [ BD8166A495B02308F364B36249475F22 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:29:15.0390 3996 upnphost - ok
09:29:15.0406 3996 [ 1EDC93D7BD731B5CA6248AE245099B60 ] UPS C:\WINDOWS\System32\ups.exe
09:29:15.0406 3996 UPS - ok
09:29:15.0468 3996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:29:15.0468 3996 usbccgp - ok
09:29:15.0531 3996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:29:15.0531 3996 usbehci - ok
09:29:15.0531 3996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:29:15.0531 3996 usbhub - ok
09:29:15.0562 3996 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:29:15.0562 3996 usbprint - ok
09:29:15.0578 3996 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:29:15.0578 3996 usbscan - ok
09:29:15.0609 3996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:29:15.0609 3996 USBSTOR - ok
09:29:15.0640 3996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:29:15.0640 3996 usbuhci - ok
09:29:15.0671 3996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:29:15.0687 3996 VgaSave - ok
09:29:15.0718 3996 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:29:15.0718 3996 viaagp - ok
09:29:15.0734 3996 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:29:15.0734 3996 ViaIde - ok
09:29:15.0750 3996 [ 46DE1126684369BACE4849E4FC8C43CA ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:29:15.0765 3996 VolSnap - ok
09:29:15.0812 3996 [ 1C0A7FF6CA0F21E26AD34377A56C9B4F ] VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
09:29:15.0843 3996 VSApiNt - ok
09:29:15.0859 3996 vsdatant - ok
09:29:15.0906 3996 [ 5A4DA252B2C0550AB83D129C02CF6C19 ] VSS C:\WINDOWS\System32\vssvc.exe
09:29:15.0906 3996 VSS - ok
09:29:15.0937 3996 [ C1F726EE0B043B074A68992BC4AEF8FD ] w32time C:\WINDOWS\system32\w32time.dll
09:29:15.0953 3996 w32time - ok
09:29:16.0000 3996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:29:16.0000 3996 Wanarp - ok
09:29:16.0015 3996 Wave UCSPlus - ok
09:29:16.0125 3996 [ 796FDA916625BE7E5F6CFECE15A81C3A ] WaveEnrollmentService C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
09:29:16.0125 3996 WaveEnrollmentService - ok
09:29:16.0156 3996 [ DB626C46997C2430D4958DA5C7FFB969 ] WaveFDE C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
09:29:16.0156 3996 WaveFDE - ok
09:29:16.0187 3996 [ 51E756F2BFB5E3ADCB15F966AD293231 ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
09:29:16.0203 3996 WavxDMgr - ok
09:29:16.0250 3996 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:29:16.0265 3996 Wdf01000 - ok
09:29:16.0265 3996 WDICA - ok
09:29:16.0312 3996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:29:16.0312 3996 wdmaud - ok
09:29:16.0375 3996 [ 714670E64FBE6D28D99871ED9A52A334 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:29:16.0375 3996 WebClient - ok
09:29:16.0437 3996 [ A8596CF86D445269A42ECC08B7066A4C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:29:16.0453 3996 winachsf - ok
09:29:16.0562 3996 [ 5E9DEAE9980FF34BCD6DDE2E9E2BF911 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:29:16.0562 3996 winmgmt - ok
09:29:16.0656 3996 [ 3FC39DC90318C1B72D867FE04962A20F ] WinVNC4 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
09:29:16.0671 3996 WinVNC4 - ok
09:29:16.0718 3996 [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
09:29:16.0718 3996 WLANKEEPER - ok
09:29:16.0765 3996 [ AA370F0D5B900E13D40E9CB834B5DA10 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:29:16.0859 3996 WmdmPmSN - ok
09:29:16.0906 3996 [ 31C1FD0BBDC5B81C21EDBA4331EDAE55 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:29:16.0937 3996 Wmi - ok
09:29:16.0953 3996 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:29:16.0953 3996 WmiAcpi - ok
09:29:17.0015 3996 [ 4E8E8A58F56B25D0795F484E5EB7F898 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:29:17.0015 3996 WmiApSrv - ok
09:29:17.0109 3996 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:29:17.0125 3996 WPFFontCache_v0400 - ok
09:29:17.0171 3996 [ C1FD85DB4A80A98D60ECB7A828E77FE0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:29:17.0187 3996 wscsvc - ok
09:29:17.0203 3996 [ 75D6C5C3D2C93B1F9931E5DFB693AE2A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:29:17.0203 3996 wuauserv - ok
09:29:17.0265 3996 [ C336E54EE0C291A02F004667DB1E66CB ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:29:17.0281 3996 WZCSVC - ok
09:29:17.0312 3996 [ F92A87FDDA0C11C8604FBC2B864FA726 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:29:17.0375 3996 xmlprov - ok
09:29:17.0390 3996 ================ Scan global ===============================
09:29:17.0421 3996 [ 61013AB2E38550619637AA6CC02383D4 ] C:\WINDOWS\system32\basesrv.dll
09:29:17.0453 3996 [ 8FB644D08037BB9CF532F697CCC0A8E6 ] C:\WINDOWS\system32\winsrv.dll
09:29:17.0484 3996 [ 8FB644D08037BB9CF532F697CCC0A8E6 ] C:\WINDOWS\system32\winsrv.dll
09:29:17.0515 3996 [ C3FB1D70CB88722267949694BA51759E ] C:\WINDOWS\system32\services.exe
09:29:17.0515 3996 [Global] - ok
09:29:17.0515 3996 ================ Scan MBR ==================================
09:29:17.0531 3996 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:29:17.0796 3996 \Device\Harddisk0\DR0 - ok
09:29:17.0796 3996 ================ Scan VBR ==================================
09:29:17.0812 3996 [ D442E4856AEAE0715C0AF14A887EF599 ] \Device\Harddisk0\DR0\Partition1
09:29:17.0812 3996 \Device\Harddisk0\DR0\Partition1 - ok
09:29:17.0812 3996 ============================================================
09:29:17.0812 3996 Scan finished
09:29:17.0812 3996 ============================================================
09:29:17.0828 5752 Detected object count: 0
09:29:17.0828 5752 Actual detected object count: 0
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 12/03/2013 09:25:24
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[5]_D_12032013_092524.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt ; RKreport[5]_D_12032013_092524.txt
09:28:48.0734 3104 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:28:49.0281 3104 ============================================================
09:28:49.0281 3104 Current date / time: 2013/03/12 09:28:49.0281
09:28:49.0281 3104 SystemInfo:
09:28:49.0281 3104
09:28:49.0281 3104 OS Version: 5.1.2600 ServicePack: 3.0
09:28:49.0281 3104 Product type: Workstation
09:28:49.0281 3104 ComputerName: PORLIM0207
09:28:49.0281 3104 UserName: Celine
09:28:49.0281 3104 Windows directory: C:\WINDOWS
09:28:49.0281 3104 System windows directory: C:\WINDOWS
09:28:49.0281 3104 Processor architecture: Intel x86
09:28:49.0281 3104 Number of processors: 2
09:28:49.0281 3104 Page size: 0x1000
09:28:49.0281 3104 Boot type: Normal boot
09:28:49.0281 3104 ============================================================
09:28:51.0125 3104 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:28:51.0156 3104 ============================================================
09:28:51.0156 3104 \Device\Harddisk0\DR0:
09:28:51.0156 3104 MBR partitions:
09:28:51.0156 3104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x69E5B, BlocksNum 0xDF29966
09:28:51.0156 3104 ============================================================
09:28:51.0203 3104 C: <-> \Device\Harddisk0\DR0\Partition1
09:28:51.0203 3104 ============================================================
09:28:51.0203 3104 Initialize success
09:28:51.0203 3104 ============================================================
09:28:53.0421 3996 ============================================================
09:28:53.0421 3996 Scan started
09:28:53.0421 3996 Mode: Manual;
09:28:53.0421 3996 ============================================================
09:28:54.0234 3996 ================ Scan system memory ========================
09:29:01.0984 3996 System memory - ok
09:29:01.0984 3996 ================ Scan services =============================
09:29:02.0078 3996 Abiosdsk - ok
09:29:02.0125 3996 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
09:29:02.0125 3996 abp480n5 - ok
09:29:02.0171 3996 [ E5E6DBFC41EA8AAD005CB9A57A96B43B ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:29:02.0171 3996 ACPI - ok
09:29:02.0203 3996 [ E4ABC1212B70BB03D35E60681C447210 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
09:29:02.0203 3996 ACPIEC - ok
09:29:02.0281 3996 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:29:02.0281 3996 AdobeFlashPlayerUpdateSvc - ok
09:29:02.0296 3996 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
09:29:02.0296 3996 adpu160m - ok
09:29:02.0312 3996 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
09:29:02.0312 3996 aec - ok
09:29:02.0343 3996 [ A1AD1A4A9F18D900CA9C93FA3EFDCB56 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
09:29:02.0359 3996 AegisP - ok
09:29:02.0390 3996 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
09:29:02.0406 3996 AFD - ok
09:29:02.0421 3996 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
09:29:02.0421 3996 agp440 - ok
09:29:02.0421 3996 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
09:29:02.0421 3996 agpCPQ - ok
09:29:02.0484 3996 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
09:29:02.0484 3996 Aha154x - ok
09:29:02.0484 3996 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
09:29:02.0484 3996 aic78u2 - ok
09:29:02.0484 3996 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
09:29:02.0484 3996 aic78xx - ok
09:29:02.0531 3996 [ 758FDC60D41716EF889D849989B4B1CD ] Alerter C:\WINDOWS\system32\alrsvc.dll
09:29:02.0562 3996 Alerter - ok
09:29:02.0593 3996 [ 5E9A6658A2A69AE7EB195113B7A2E7A9 ] ALG C:\WINDOWS\System32\alg.exe
09:29:02.0593 3996 ALG - ok
09:29:02.0625 3996 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
09:29:02.0625 3996 AliIde - ok
09:29:02.0656 3996 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
09:29:02.0656 3996 alim1541 - ok
09:29:02.0656 3996 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
09:29:02.0671 3996 amdagp - ok
09:29:02.0687 3996 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
09:29:02.0687 3996 amsint - ok
09:29:02.0718 3996 [ 350F19EB5FE4EC37A2414DF56CDE1AA8 ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
09:29:02.0734 3996 ApfiltrService - ok
09:29:02.0765 3996 [ EC94E05B76D033B74394E7B2175103CF ] APPDRV C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
09:29:02.0765 3996 APPDRV - ok
09:29:02.0828 3996 [ F36C9F78FC902C8DCE4D3B576BB0435A ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
09:29:02.0890 3996 AppMgmt - ok
09:29:02.0937 3996 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:29:02.0937 3996 Arp1394 - ok
09:29:02.0953 3996 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
09:29:02.0953 3996 asc - ok
09:29:02.0968 3996 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
09:29:02.0968 3996 asc3350p - ok
09:29:02.0968 3996 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
09:29:02.0984 3996 asc3550 - ok
09:29:03.0046 3996 [ 7591238EBF7DD1FD13B353C382227DC3 ] ASFIPmon C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
09:29:03.0046 3996 ASFIPmon - ok
09:29:03.0156 3996 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:29:03.0234 3996 aspnet_state - ok
09:29:03.0250 3996 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:29:03.0250 3996 AsyncMac - ok
09:29:03.0265 3996 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
09:29:03.0281 3996 atapi - ok
09:29:03.0281 3996 Atdisk - ok
09:29:03.0343 3996 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:29:03.0343 3996 Atmarpc - ok
09:29:03.0406 3996 [ B4005AEF7873144634765B570DAC466E ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
09:29:03.0406 3996 AudioSrv - ok
09:29:03.0453 3996 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
09:29:03.0453 3996 audstub - ok
09:29:03.0468 3996 [ F96038AA1EC4013A93D2420FC689D1E9 ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
09:29:03.0484 3996 b57w2k - ok
09:29:03.0515 3996 [ 5C68AC6F3E5B3E6D6A78E97D05E42C3A ] BASFND C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
09:29:03.0515 3996 BASFND - ok
09:29:03.0562 3996 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
09:29:03.0562 3996 Beep - ok
09:29:03.0609 3996 [ BAA0B6E647C1AD593E9BAE5CC31BCFFB ] BITS C:\WINDOWS\system32\qmgr.dll
09:29:03.0656 3996 BITS - ok
09:29:03.0718 3996 [ 952322AE7F95A21F3EEDA99C36C68663 ] Browser C:\WINDOWS\System32\browser.dll
09:29:03.0718 3996 Browser - ok
09:29:03.0765 3996 [ BB12F5FD9C35AF5969C19E6C9D4075C9 ] CA-MessageQueuing C:\Program Files\CA\SC\CAM\bin\cam.exe
09:29:03.0781 3996 CA-MessageQueuing - ok
09:29:03.0796 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
09:29:03.0796 3996 cbidf - ok
09:29:03.0796 3996 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
09:29:03.0812 3996 cbidf2k - ok
09:29:03.0843 3996 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
09:29:03.0843 3996 cd20xrnt - ok
09:29:03.0859 3996 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
09:29:03.0875 3996 Cdaudio - ok
09:29:03.0921 3996 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
09:29:03.0921 3996 Cdfs - ok
09:29:03.0937 3996 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:29:03.0937 3996 Cdrom - ok
09:29:03.0953 3996 Changer - ok
09:29:04.0000 3996 [ 793EF38A5FD086C3C8E48A8A861562ED ] CiSvc C:\WINDOWS\system32\cisvc.exe
09:29:04.0000 3996 CiSvc - ok
09:29:04.0015 3996 [ 8B30CBB0C07D49B2658FB190946B0E7E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
09:29:04.0031 3996 ClipSrv - ok
09:29:04.0109 3996 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:29:04.0140 3996 clr_optimization_v2.0.50727_32 - ok
09:29:04.0203 3996 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:29:04.0312 3996 clr_optimization_v4.0.30319_32 - ok
09:29:04.0359 3996 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
09:29:04.0359 3996 CmBatt - ok
09:29:04.0375 3996 [ E3726AD522D0BDAE090671048C991AB3 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
09:29:04.0390 3996 CmdIde - ok
09:29:04.0421 3996 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
09:29:04.0421 3996 Compbatt - ok
09:29:04.0437 3996 COMSysApp - ok
09:29:04.0453 3996 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
09:29:04.0453 3996 Cpqarray - ok
09:29:04.0500 3996 [ 7A6D0B71035E123FDDA2156A25578AD3 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
09:29:04.0500 3996 CryptSvc - ok
09:29:04.0531 3996 [ CB7D7C0E74ADCB7DA96D08EC8DB86062 ] CVirtA C:\WINDOWS\system32\DRIVERS\CVirtA.sys
09:29:04.0531 3996 CVirtA - ok
09:29:04.0562 3996 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
09:29:04.0562 3996 dac2w2k - ok
09:29:04.0593 3996 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
09:29:04.0593 3996 dac960nt - ok
09:29:04.0656 3996 [ 0203B1AAD358F206CB0A3C1F93CCE17A ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
09:29:04.0656 3996 DcomLaunch - ok
09:29:04.0671 3996 [ 318F535DC05551D96DEEB90B6D6904DE ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
09:29:04.0671 3996 Dhcp - ok
09:29:04.0687 3996 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
09:29:04.0687 3996 Disk - ok
09:29:04.0687 3996 dmadmin - ok
09:29:04.0750 3996 [ F5DEADD42335FB33EDCA74ECB2F36CBA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
09:29:04.0765 3996 dmboot - ok
09:29:04.0796 3996 [ 5A7C47C9B3F9FB92A66410A7509F0C71 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
09:29:04.0796 3996 dmio - ok
09:29:04.0843 3996 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
09:29:04.0843 3996 dmload - ok
09:29:04.0875 3996 [ 6797C23D6B79935482D7F0E8CA5E5B67 ] dmserver C:\WINDOWS\System32\dmserver.dll
09:29:04.0890 3996 dmserver - ok
09:29:04.0906 3996 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
09:29:04.0906 3996 DMusic - ok
09:29:04.0953 3996 [ 1A1E59377FB6CACD711CC5073C4A7D79 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
09:29:04.0968 3996 Dnscache - ok
09:29:05.0015 3996 [ 3FCF86F03D0302443C21CE6E5BBF7A25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
09:29:05.0078 3996 Dot3svc - ok
09:29:05.0093 3996 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
09:29:05.0093 3996 dpti2o - ok
09:29:05.0156 3996 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
09:29:05.0156 3996 drmkaud - ok
09:29:05.0203 3996 [ 549734664886D91222969845E4311D1B ] DXEC01 C:\WINDOWS\system32\drivers\dxec01.sys
09:29:05.0203 3996 DXEC01 - ok
09:29:05.0218 3996 [ 1961F8B618E3C20DF54C146B294EFD2A ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
09:29:05.0234 3996 E100B - ok
09:29:05.0265 3996 [ 8B5FC9087D2CAB110BC2ED5CC5E7B8AC ] EapHost C:\WINDOWS\System32\eapsvc.dll
09:29:05.0296 3996 EapHost - ok
09:29:05.0343 3996 [ 94F948CB12C4D35483F1E815DEB16C7B ] ERSvc C:\WINDOWS\System32\ersvc.dll
09:29:05.0343 3996 ERSvc - ok
09:29:05.0390 3996 [ C3FB1D70CB88722267949694BA51759E ] Eventlog C:\WINDOWS\system32\services.exe
09:29:05.0390 3996 Eventlog - ok
09:29:05.0421 3996 [ EC16AE9B37EACF871629227A3F3913FD ] EventSystem C:\WINDOWS\system32\es.dll
09:29:05.0421 3996 EventSystem - ok
09:29:05.0484 3996 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
09:29:05.0500 3996 EvtEng - ok
09:29:05.0531 3996 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
09:29:05.0531 3996 Fastfat - ok
09:29:05.0593 3996 [ 1B8542F338CDD86929A084A455837158 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
09:29:05.0609 3996 FastUserSwitchingCompatibility - ok
09:29:05.0656 3996 [ 305687EB8C8E0A12A0B2BAE387B6E466 ] Fax C:\WINDOWS\system32\fxssvc.exe
09:29:05.0656 3996 Fax - ok
09:29:05.0703 3996 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
09:29:05.0703 3996 Fdc - ok
09:29:05.0734 3996 [ 31F923EB2170FC172C81ABDA0045D18C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
09:29:05.0734 3996 Fips - ok
09:29:05.0765 3996 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:29:05.0765 3996 Flpydisk - ok
09:29:05.0828 3996 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
09:29:05.0843 3996 FltMgr - ok
09:29:05.0937 3996 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:29:05.0937 3996 FontCache3.0.0.0 - ok
09:29:05.0968 3996 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:29:05.0968 3996 Fs_Rec - ok
09:29:06.0000 3996 [ A86859B77B908C18C2657F284AA29FE3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:29:06.0000 3996 Ftdisk - ok
09:29:06.0046 3996 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:29:06.0046 3996 Gpc - ok
09:29:06.0093 3996 [ 32634C6CC92DB8A721E63C8A37AF5EEA ] GTF32BUS C:\WINDOWS\system32\DRIVERS\gtf32bus.sys
09:29:06.0093 3996 GTF32BUS - ok
09:29:06.0109 3996 [ 571E647090B44F61D2F4F3FEB267A5DD ] GTPTSER C:\WINDOWS\system32\DRIVERS\gtptser.sys
09:29:06.0109 3996 GTPTSER - ok
09:29:06.0125 3996 [ AAF5B637B72DF8275B82FF64FF80791D ] GTSCSER C:\WINDOWS\system32\DRIVERS\gtscser.sys
09:29:06.0125 3996 GTSCSER - ok
09:29:06.0171 3996 [ 7031A936832967A93B0E5D5F1C76745A ] guardian2 C:\WINDOWS\system32\Drivers\oz776.sys
09:29:06.0171 3996 guardian2 - ok
09:29:06.0218 3996 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:29:06.0234 3996 HDAudBus - ok
09:29:06.0328 3996 [ 1247F83B705AF0E796330442F7967CF8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:29:06.0328 3996 helpsvc - ok
09:29:06.0359 3996 [ A3B9B4A68BC839CE5A264D5908092261 ] HidServ C:\WINDOWS\System32\hidserv.dll
09:29:06.0359 3996 HidServ - ok
09:29:06.0406 3996 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:29:06.0421 3996 HidUsb - ok
09:29:06.0468 3996 [ 17B3C3D40CDBA40C2E331D28BE4DE27F ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
09:29:06.0515 3996 hkmsvc - ok
09:29:06.0531 3996 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
09:29:06.0546 3996 hpn - ok
09:29:06.0562 3996 [ 5FABA4775D4C61E55EC669D643FFC71F ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
09:29:06.0578 3996 HPZid412 - ok
09:29:06.0609 3996 [ A3C43980EE1F1BEAC778B44EA65DBDD4 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
09:29:06.0609 3996 HPZipr12 - ok
09:29:06.0656 3996 [ 2906949BD4E206F2BB0DD1896CE9F66F ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
09:29:06.0656 3996 HPZius12 - ok
09:29:06.0703 3996 [ 290CDBB05903742EA06B7203C5A662F5 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
09:29:06.0703 3996 HSFHWAZL - ok
09:29:06.0765 3996 [ 7AB812355F98858B9ECDD46E6FCC221F ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
09:29:06.0781 3996 HSF_DPV - ok
09:29:06.0843 3996 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
09:29:06.0843 3996 HTTP - ok
09:29:06.0875 3996 [ BD31CFACE38D1800ABDB43F4260AF0D5 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
09:29:06.0906 3996 HTTPFilter - ok
09:29:06.0937 3996 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
09:29:06.0937 3996 i2omgmt - ok
09:29:06.0984 3996 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
09:29:06.0984 3996 i2omp - ok
09:29:07.0000 3996 [ A09BDC4ED10E3B2E0EC27BB94AF32516 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:29:07.0015 3996 i8042prt - ok
09:29:07.0156 3996 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:29:07.0250 3996 idsvc - ok
09:29:07.0281 3996 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
09:29:07.0281 3996 Imapi - ok
09:29:07.0343 3996 [ C4221678BBAA55239C23632875759961 ] ImapiService C:\WINDOWS\system32\imapi.exe
09:29:07.0343 3996 ImapiService - ok
09:29:07.0375 3996 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
09:29:07.0375 3996 ini910u - ok
09:29:07.0406 3996 [ 4B6DA2F0A4095857A9E3F3697399D575 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
09:29:07.0406 3996 IntelIde - ok
09:29:07.0453 3996 [ AD340800C35A42D4DE1641A37FEEA34C ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:29:07.0453 3996 intelppm - ok
09:29:07.0468 3996 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
09:29:07.0484 3996 Ip6Fw - ok
09:29:07.0515 3996 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:29:07.0515 3996 IpFilterDriver - ok
09:29:07.0546 3996 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:29:07.0562 3996 IpInIp - ok
09:29:07.0593 3996 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:29:07.0593 3996 IpNat - ok
09:29:07.0656 3996 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:29:07.0656 3996 IPSec - ok
09:29:07.0687 3996 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
09:29:07.0703 3996 IRENUM - ok
09:29:07.0718 3996 [ 355836975A67B6554BCA60328CD6CB74 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:29:07.0734 3996 isapnp - ok
09:29:07.0812 3996 [ 5FD5865DC1A2100F8D4CF000EE5409A3 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
09:29:07.0812 3996 JavaQuickStarterService - ok
09:29:07.0843 3996 [ 16813155807C6881F4BFBF6657424659 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:29:07.0843 3996 Kbdclass - ok
09:29:07.0859 3996 [ 94C59CB884BA010C063687C3A50DCE8E ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:29:07.0859 3996 kbdhid - ok
09:29:07.0890 3996 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
09:29:07.0890 3996 kmixer - ok
09:29:07.0921 3996 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
09:29:07.0921 3996 KSecDD - ok
09:29:07.0968 3996 [ 1DB8078A32E03AC8F5EB5E6DCAC2AA34 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
09:29:07.0968 3996 lanmanserver - ok
09:29:08.0000 3996 [ AD54EAD46D92F413BE189AABC1C59490 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
09:29:08.0000 3996 lanmanworkstation - ok
09:29:08.0015 3996 lbrtfdc - ok
09:29:08.0078 3996 [ 0F357C079AC529A844AB5B18E4EEF881 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
09:29:08.0078 3996 LmHosts - ok
09:29:08.0109 3996 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
09:29:08.0109 3996 MBAMProtector - ok
09:29:08.0125 3996 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:29:08.0140 3996 MBAMScheduler - ok
09:29:08.0171 3996 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:29:08.0187 3996 MBAMService - ok
09:29:08.0218 3996 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
09:29:08.0218 3996 mdmxsdk - ok
09:29:08.0234 3996 [ E67A66A3781C1A483F0F8992664CBE0D ] Messenger C:\WINDOWS\System32\msgsvc.dll
09:29:08.0296 3996 Messenger - ok
09:29:08.0343 3996 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
09:29:08.0343 3996 mnmdd - ok
09:29:08.0390 3996 [ D3A2870CD96CDA7BCFF3DC54F64087AD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
09:29:08.0390 3996 mnmsrvc - ok
09:29:08.0437 3996 [ 510ADE9327FE84C10254E1902697E25F ] Modem C:\WINDOWS\system32\drivers\Modem.sys
09:29:08.0437 3996 Modem - ok
09:29:08.0468 3996 [ 027C01BD7EF3349AAEBC883D8A799EFB ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:29:08.0468 3996 Mouclass - ok
09:29:08.0500 3996 [ 124D6846040C79B9C997F78EF4B2A4E5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:29:08.0500 3996 mouhid - ok
09:29:08.0515 3996 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
09:29:08.0515 3996 MountMgr - ok
09:29:08.0578 3996 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
09:29:08.0578 3996 mraid35x - ok
09:29:08.0593 3996 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:29:08.0593 3996 MRxDAV - ok
09:29:08.0656 3996 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:29:08.0671 3996 MRxSmb - ok
09:29:08.0718 3996 [ 8648D670AE0D95C95E7BBB5B80661796 ] MSDTC C:\WINDOWS\system32\msdtc.exe
09:29:08.0718 3996 MSDTC - ok
09:29:08.0734 3996 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
09:29:08.0734 3996 Msfs - ok
09:29:08.0750 3996 MSIServer - ok
09:29:08.0796 3996 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:29:08.0796 3996 MSKSSRV - ok
09:29:08.0812 3996 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:29:08.0812 3996 MSPCLOCK - ok
09:29:08.0828 3996 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
09:29:08.0828 3996 MSPQM - ok
09:29:08.0859 3996 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:29:08.0859 3996 mssmbios - ok
09:29:08.0937 3996 MSSQL$EBP - ok
09:29:09.0000 3996 [ 8E8E74C953EB0C4F8828D99D6F27FD6F ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
09:29:09.0000 3996 MSSQLServerADHelper100 - ok
09:29:09.0046 3996 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
09:29:09.0046 3996 Mup - ok
09:29:09.0109 3996 [ 69E4FBBABAEEE1BFF422E091DA3171DA ] napagent C:\WINDOWS\System32\qagentrt.dll
09:29:09.0234 3996 napagent - ok
09:29:09.0281 3996 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
09:29:09.0281 3996 NDIS - ok
09:29:09.0328 3996 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:29:09.0328 3996 NdisTapi - ok
09:29:09.0359 3996 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:29:09.0359 3996 Ndisuio - ok
09:29:09.0375 3996 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:29:09.0375 3996 NdisWan - ok
09:29:09.0421 3996 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
09:29:09.0437 3996 NDProxy - ok
09:29:09.0453 3996 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
09:29:09.0453 3996 NetBIOS - ok
09:29:09.0468 3996 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
09:29:09.0484 3996 NetBT - ok
09:29:09.0531 3996 [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDE C:\WINDOWS\system32\netdde.exe
09:29:09.0531 3996 NetDDE - ok
09:29:09.0546 3996 [ 5C9B1D83755B36237B70F95DF3D46A52 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
09:29:09.0546 3996 NetDDEdsdm - ok
09:29:09.0578 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] Netlogon C:\WINDOWS\system32\lsass.exe
09:29:09.0578 3996 Netlogon - ok
09:29:09.0609 3996 [ BE0CB143FA427D93440DED18DB8C918B ] Netman C:\WINDOWS\System32\netman.dll
09:29:09.0609 3996 Netman - ok
09:29:09.0656 3996 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:29:09.0687 3996 NetTcpPortSharing - ok
09:29:09.0796 3996 [ B5AB1108B377B5F3D37409FABDA01453 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
09:29:09.0812 3996 NETw4x32 - ok
09:29:09.0843 3996 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:29:09.0843 3996 NIC1394 - ok
09:29:09.0921 3996 [ 27D38B7D646283D98D65E3435B1E6197 ] NICCONFIGSVC C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
09:29:09.0921 3996 NICCONFIGSVC - ok
09:29:09.0937 3996 [ 6F5F546A92C7B6AE45DB1D6910781EB0 ] Nla C:\WINDOWS\System32\mswsock.dll
09:29:09.0953 3996 Nla - ok
09:29:10.0000 3996 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
09:29:10.0000 3996 Npfs - ok
09:29:10.0031 3996 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
09:29:10.0046 3996 Ntfs - ok
09:29:10.0062 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] NtLmSsp C:\WINDOWS\system32\lsass.exe
09:29:10.0062 3996 NtLmSsp - ok
09:29:10.0140 3996 [ 037D92B3A7853A183FCAB77FB1D13D6C ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
09:29:10.0187 3996 NtmsSvc - ok
09:29:10.0312 3996 [ 7EC20D4E92CA8F63C924918AFBA82EC2 ] ntrtscan C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
09:29:10.0328 3996 ntrtscan - ok
09:29:10.0359 3996 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
09:29:10.0359 3996 Null - ok
09:29:10.0625 3996 [ 8129D762CC3E3C5AB9CF2EABC377FB73 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:29:10.0703 3996 nv - ok
09:29:10.0750 3996 [ 7EE6243758619A391491148EABF0E7B7 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
09:29:10.0765 3996 NVSvc - ok
09:29:10.0781 3996 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:29:10.0781 3996 NwlnkFlt - ok
09:29:10.0796 3996 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:29:10.0796 3996 NwlnkFwd - ok
09:29:10.0843 3996 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:29:10.0843 3996 ohci1394 - ok
09:29:10.0906 3996 OracleMTSRecoveryService - ok
09:29:10.0953 3996 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
09:29:10.0968 3996 ose - ok
09:29:10.0984 3996 [ 8FD0BDBEA875D06CCF6C945CA9ABAF75 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
09:29:10.0984 3996 Parport - ok
09:29:11.0000 3996 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
09:29:11.0000 3996 PartMgr - ok
09:29:11.0015 3996 [ 9575C5630DB8FB804649A6959737154C ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
09:29:11.0015 3996 ParVdm - ok
09:29:11.0031 3996 [ 9EC004140E1B675ACDEB07F66EE797A4 ] PBADRV C:\WINDOWS\system32\DRIVERS\PBADRV.sys
09:29:11.0031 3996 PBADRV - ok
09:29:11.0031 3996 [ 043410877BDA580C528F45165F7125BC ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
09:29:11.0046 3996 PCI - ok
09:29:11.0046 3996 PCIDump - ok
09:29:11.0046 3996 [ F4BFDE7209C14A07AAA61E4D6AE69EAC ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
09:29:11.0046 3996 PCIIde - ok
09:29:11.0062 3996 [ F0406CBC60BDB0394A0E17FFB04CDD3D ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
09:29:11.0078 3996 Pcmcia - ok
09:29:11.0078 3996 PDCOMP - ok
09:29:11.0078 3996 PDFRAME - ok
09:29:11.0078 3996 PDRELI - ok
09:29:11.0093 3996 PDRFRAME - ok
09:29:11.0109 3996 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
09:29:11.0109 3996 perc2 - ok
09:29:11.0125 3996 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
09:29:11.0125 3996 perc2hib - ok
09:29:11.0156 3996 [ C3FB1D70CB88722267949694BA51759E ] PlugPlay C:\WINDOWS\system32\services.exe
09:29:11.0156 3996 PlugPlay - ok
09:29:11.0203 3996 [ 901C43516504CBE582E4C4193E00876A ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
09:29:11.0203 3996 Pml Driver HPZ12 - ok
09:29:11.0218 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] PolicyAgent C:\WINDOWS\system32\lsass.exe
09:29:11.0218 3996 PolicyAgent - ok
09:29:11.0265 3996 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:29:11.0265 3996 PptpMiniport - ok
09:29:11.0265 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
09:29:11.0265 3996 ProtectedStorage - ok
09:29:11.0281 3996 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
09:29:11.0281 3996 PSched - ok
09:29:11.0328 3996 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:29:11.0328 3996 Ptilink - ok
09:29:11.0375 3996 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
09:29:11.0375 3996 ql1080 - ok
09:29:11.0375 3996 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
09:29:11.0375 3996 Ql10wnt - ok
09:29:11.0390 3996 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
09:29:11.0390 3996 ql12160 - ok
09:29:11.0421 3996 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
09:29:11.0421 3996 ql1240 - ok
09:29:11.0437 3996 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
09:29:11.0437 3996 ql1280 - ok
09:29:11.0468 3996 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:29:11.0468 3996 RasAcd - ok
09:29:11.0500 3996 [ 78DA9CCDAC683EF5AA87D1C919F6D221 ] RasAuto C:\WINDOWS\System32\rasauto.dll
09:29:11.0531 3996 RasAuto - ok
09:29:11.0546 3996 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:29:11.0546 3996 Rasl2tp - ok
09:29:11.0609 3996 [ 0A48DF90B4784F9B90A2671AF992C914 ] RasMan C:\WINDOWS\System32\rasmans.dll
09:29:11.0609 3996 RasMan - ok
09:29:11.0609 3996 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:29:11.0609 3996 RasPppoe - ok
09:29:11.0625 3996 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
09:29:11.0625 3996 Raspti - ok
09:29:11.0640 3996 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:29:11.0640 3996 Rdbss - ok
09:29:11.0656 3996 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:29:11.0656 3996 RDPCDD - ok
09:29:11.0671 3996 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:29:11.0671 3996 rdpdr - ok
09:29:11.0703 3996 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
09:29:11.0718 3996 RDPWD - ok
09:29:11.0750 3996 [ 9F63D9C5B238ED1C375D417EFF3D5BE7 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
09:29:11.0750 3996 RDSessMgr - ok
09:29:11.0796 3996 [ D8EB2A7904DB6C916EB5361878DDCBAE ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
09:29:11.0796 3996 redbook - ok
09:29:11.0843 3996 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
09:29:11.0843 3996 RegSrvc - ok
09:29:11.0890 3996 [ 7DA370C31673C99497BD07068EE6E354 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
09:29:11.0937 3996 RemoteAccess - ok
09:29:11.0984 3996 [ E598D81197E2E0EC42A0C55772BB00E8 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
09:29:11.0984 3996 RemoteRegistry - ok
09:29:12.0015 3996 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\WINDOWS\system32\Drivers\RimUsb.sys
09:29:12.0031 3996 RimUsb - ok
09:29:12.0062 3996 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
09:29:12.0062 3996 RimVSerPort - ok
09:29:12.0109 3996 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
09:29:12.0109 3996 ROOTMODEM - ok
09:29:12.0156 3996 [ 499C59A2584F6D4EA41E944DA571D993 ] RpcLocator C:\WINDOWS\system32\locator.exe
09:29:12.0171 3996 RpcLocator - ok
09:29:12.0203 3996 [ 0203B1AAD358F206CB0A3C1F93CCE17A ] RpcSs C:\WINDOWS\system32\rpcss.dll
09:29:12.0203 3996 RpcSs - ok
09:29:12.0265 3996 [ A95840A95A9FF74B0009E5D848CDDB39 ] RsFx0150 C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
09:29:12.0265 3996 RsFx0150 - ok
09:29:12.0312 3996 [ 414964844F4793ACB868D057E8ED997E ] RSVP C:\WINDOWS\system32\rsvp.exe
09:29:12.0312 3996 RSVP - ok
09:29:12.0375 3996 [ 874173EDBD4F2FE711F245855A2FFA23 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
09:29:12.0390 3996 S24EventMonitor - ok
09:29:12.0421 3996 [ EADFB87F911A7A75D1B80617F92901E8 ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
09:29:12.0421 3996 s24trans - ok
09:29:12.0421 3996 [ 91E6024D6D4DCDECDB36C43ECF9BBECB ] SamSs C:\WINDOWS\system32\lsass.exe
09:29:12.0437 3996 SamSs - ok
09:29:12.0484 3996 [ 67949CC8A865296C1333C96A4E1A2D66 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
09:29:12.0484 3996 SCardSvr - ok
09:29:12.0546 3996 [ 55F5C5C1BE1A78E285033E432BA01597 ] Schedule C:\WINDOWS\system32\schedsvc.dll
09:29:12.0562 3996 Schedule - ok
09:29:12.0625 3996 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:29:12.0625 3996 Secdrv - ok
09:29:12.0656 3996 [ 5AC311C0AF2AF5EC221670BB8DC479D3 ] seclogon C:\WINDOWS\System32\seclogon.dll
09:29:12.0656 3996 seclogon - ok
09:29:12.0781 3996 [ 472946EDEBF85C1F0B44B6EBA01AC9B6 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
09:29:12.0796 3996 SecureStorageService - ok
09:29:12.0812 3996 [ 3531366F38F453D08FE72E7B32DFE786 ] SENS C:\WINDOWS\system32\sens.dll
09:29:12.0828 3996 SENS - ok
09:29:12.0890 3996 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
09:29:12.0890 3996 serenum - ok
09:29:12.0921 3996 [ 93D313C31F7AD9EA2B75F26075413C7C ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
09:29:12.0937 3996 Serial - ok
09:29:12.0984 3996 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
09:29:12.0984 3996 Sfloppy - ok
09:29:13.0046 3996 [ F4CE708A7D17A625DE6C0FD746D50E88 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
09:29:13.0046 3996 SharedAccess - ok
09:29:13.0093 3996 [ 1B8542F338CDD86929A084A455837158 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
09:29:13.0093 3996 ShellHWDetection - ok
09:29:13.0109 3996 Simbad - ok
09:29:13.0140 3996 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
09:29:13.0140 3996 sisagp - ok
09:29:13.0187 3996 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
09:29:13.0187 3996 Sparrow - ok
09:29:13.0203 3996 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
09:29:13.0218 3996 splitter - ok
09:29:13.0265 3996 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
09:29:13.0265 3996 Spooler - ok
09:29:13.0359 3996 [ 37761F6BE2EBAED72CC0D43BD4C8C2A6 ] SQLAgent$EBP C:\Program Files\Microsoft SQL Server\MSSQL10_50.EBP\MSSQL\Binn\SQLAGENT.EXE
09:29:13.0375 3996 SQLAgent$EBP - ok
09:29:13.0468 3996 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:29:13.0468 3996 SQLBrowser - ok
09:29:13.0468 3996 [ 8E6E5CFA06769A417B03FD6FAA29E010 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:29:13.0484 3996 SQLWriter - ok
09:29:13.0500 3996 [ 39626E6DC1FB39434EC40C42722B660A ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
09:29:13.0500 3996 sr - ok
09:29:13.0546 3996 [ 6ED29124A1C83BD0CF6B26BD01CA6F6F ] srservice C:\WINDOWS\system32\srsvc.dll
09:29:13.0562 3996 srservice - ok
09:29:13.0625 3996 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
09:29:13.0625 3996 Srv - ok
09:29:13.0656 3996 [ EA9E0DB8684CEF2FD3BADD671DF5A112 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
09:29:13.0671 3996 SSDPSRV - ok
09:29:13.0671 3996 [ 6F855B5625A47F3AC731A262FDC379A6 ] STacSV C:\WINDOWS\system32\StacSV.exe
09:29:13.0687 3996 STacSV - ok
09:29:13.0750 3996 [ 951801DFB54D86F611F0AF47825476F9 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
09:29:13.0765 3996 STHDA - ok
09:29:13.0828 3996 [ D76B0E8A4ECAD1ADCC75FD14A7ACC54C ] stisvc C:\WINDOWS\system32\wiaservc.dll
09:29:13.0843 3996 stisvc - ok
09:29:13.0890 3996 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
09:29:13.0890 3996 swenum - ok
09:29:13.0906 3996 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
09:29:13.0906 3996 swmidi - ok
09:29:13.0906 3996 SwPrv - ok
09:29:13.0937 3996 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
09:29:13.0937 3996 symc810 - ok
09:29:13.0953 3996 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
09:29:13.0968 3996 symc8xx - ok
09:29:13.0968 3996 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
09:29:13.0968 3996 sym_hi - ok
09:29:13.0984 3996 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
09:29:13.0984 3996 sym_u3 - ok
09:29:14.0000 3996 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
09:29:14.0015 3996 sysaudio - ok
09:29:14.0046 3996 [ 0899061318A6B1D9596AABFC77F45E44 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
09:29:14.0062 3996 SysmonLog - ok
09:29:14.0062 3996 [ 8E5231171AD6595FF002E848CC54FCD7 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
09:29:14.0078 3996 TapiSrv - ok
09:29:14.0125 3996 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:29:14.0140 3996 Tcpip - ok
09:29:14.0234 3996 [ 23B506262493F1A521683EE88C5FBF60 ] tcsd_win32.exe C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
09:29:14.0250 3996 tcsd_win32.exe - ok
09:29:14.0343 3996 [ A27D803B21F24A5CFB775944EA4CB130 ] TdmService C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
09:29:14.0359 3996 TdmService - ok
09:29:14.0406 3996 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
09:29:14.0421 3996 TDPIPE - ok
09:29:14.0453 3996 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
09:29:14.0453 3996 TDTCP - ok
09:29:14.0484 3996 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
09:29:14.0484 3996 TermDD - ok
09:29:14.0531 3996 [ 710BC85A8C22626EE094439E3EA0D38C ] TermService C:\WINDOWS\System32\termsrv.dll
09:29:14.0546 3996 TermService - ok
09:29:14.0562 3996 [ 1B8542F338CDD86929A084A455837158 ] Themes C:\WINDOWS\System32\shsvcs.dll
09:29:14.0562 3996 Themes - ok
09:29:14.0609 3996 [ D859A9D2F026CE5804485068FFD6EAF2 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
09:29:14.0609 3996 TlntSvr - ok
09:29:14.0656 3996 [ CA9E9C2C04A198ED345C1752222A5F3E ] tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys
09:29:14.0656 3996 tmactmon - ok
09:29:14.0718 3996 [ 4D69206E3A3E665221FDD7E397106405 ] TMBMServer C:\Program Files\Trend Micro\BM\TMBMSRV.exe
09:29:14.0718 3996 TMBMServer - ok
09:29:14.0781 3996 [ A3D20789B3FF0576A29462BEF25BCFCC ] tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys
09:29:14.0781 3996 tmcomm - ok
09:29:14.0828 3996 [ 21F215E54770C4BF93EFAF63F58FE57E ] tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys
09:29:14.0828 3996 tmevtmgr - ok
09:29:14.0859 3996 [ 6341531EE7FE1CE4C116C849BE02534F ] TmFilter C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
09:29:14.0859 3996 TmFilter - ok
09:29:14.0937 3996 [ A4F769194F2497C20E27F7504F1FDF10 ] tmlisten C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
09:29:14.0937 3996 tmlisten - ok
09:29:14.0953 3996 [ 0DE3104387D312EA8B096D97305430D0 ] TmPreFilter C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
09:29:14.0953 3996 TmPreFilter - ok
09:29:14.0984 3996 [ 7E3601439FF68B4F64AB3342DFBA7FE7 ] TmProxy C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
09:29:14.0984 3996 TmProxy - ok
09:29:15.0015 3996 [ 50453BC5BA46C6AE2F85FA124A59DA2E ] tmtdi C:\WINDOWS\system32\DRIVERS\tmtdi.sys
09:29:15.0031 3996 tmtdi - ok
09:29:15.0046 3996 [ B411668322C3BF4E690888706B999679 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
09:29:15.0046 3996 TosIde - ok
09:29:15.0093 3996 [ E1A84A5067627407A53C2C4F8D8A1D2E ] TrkWks C:\WINDOWS\system32\trkwks.dll
09:29:15.0109 3996 TrkWks - ok
09:29:15.0156 3996 [ 81532F3628F8ACC80FD1264095960C3A ] TrueSight C:\WINDOWS\system32\drivers\TrueSight.sys
09:29:15.0156 3996 TrueSight - ok
09:29:15.0156 3996 TSClient - ok
09:29:15.0187 3996 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
09:29:15.0187 3996 Udfs - ok
09:29:15.0218 3996 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
09:29:15.0218 3996 ultra - ok
09:29:15.0281 3996 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
09:29:15.0296 3996 Update - ok
09:29:15.0328 3996 [ BD8166A495B02308F364B36249475F22 ] upnphost C:\WINDOWS\System32\upnphost.dll
09:29:15.0390 3996 upnphost - ok
09:29:15.0406 3996 [ 1EDC93D7BD731B5CA6248AE245099B60 ] UPS C:\WINDOWS\System32\ups.exe
09:29:15.0406 3996 UPS - ok
09:29:15.0468 3996 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:29:15.0468 3996 usbccgp - ok
09:29:15.0531 3996 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:29:15.0531 3996 usbehci - ok
09:29:15.0531 3996 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:29:15.0531 3996 usbhub - ok
09:29:15.0562 3996 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:29:15.0562 3996 usbprint - ok
09:29:15.0578 3996 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:29:15.0578 3996 usbscan - ok
09:29:15.0609 3996 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:29:15.0609 3996 USBSTOR - ok
09:29:15.0640 3996 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:29:15.0640 3996 usbuhci - ok
09:29:15.0671 3996 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
09:29:15.0687 3996 VgaSave - ok
09:29:15.0718 3996 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
09:29:15.0718 3996 viaagp - ok
09:29:15.0734 3996 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
09:29:15.0734 3996 ViaIde - ok
09:29:15.0750 3996 [ 46DE1126684369BACE4849E4FC8C43CA ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
09:29:15.0765 3996 VolSnap - ok
09:29:15.0812 3996 [ 1C0A7FF6CA0F21E26AD34377A56C9B4F ] VSApiNt C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
09:29:15.0843 3996 VSApiNt - ok
09:29:15.0859 3996 vsdatant - ok
09:29:15.0906 3996 [ 5A4DA252B2C0550AB83D129C02CF6C19 ] VSS C:\WINDOWS\System32\vssvc.exe
09:29:15.0906 3996 VSS - ok
09:29:15.0937 3996 [ C1F726EE0B043B074A68992BC4AEF8FD ] w32time C:\WINDOWS\system32\w32time.dll
09:29:15.0953 3996 w32time - ok
09:29:16.0000 3996 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:29:16.0000 3996 Wanarp - ok
09:29:16.0015 3996 Wave UCSPlus - ok
09:29:16.0125 3996 [ 796FDA916625BE7E5F6CFECE15A81C3A ] WaveEnrollmentService C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
09:29:16.0125 3996 WaveEnrollmentService - ok
09:29:16.0156 3996 [ DB626C46997C2430D4958DA5C7FFB969 ] WaveFDE C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
09:29:16.0156 3996 WaveFDE - ok
09:29:16.0187 3996 [ 51E756F2BFB5E3ADCB15F966AD293231 ] WavxDMgr C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
09:29:16.0203 3996 WavxDMgr - ok
09:29:16.0250 3996 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
09:29:16.0265 3996 Wdf01000 - ok
09:29:16.0265 3996 WDICA - ok
09:29:16.0312 3996 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
09:29:16.0312 3996 wdmaud - ok
09:29:16.0375 3996 [ 714670E64FBE6D28D99871ED9A52A334 ] WebClient C:\WINDOWS\System32\webclnt.dll
09:29:16.0375 3996 WebClient - ok
09:29:16.0437 3996 [ A8596CF86D445269A42ECC08B7066A4C ] winachsf C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
09:29:16.0453 3996 winachsf - ok
09:29:16.0562 3996 [ 5E9DEAE9980FF34BCD6DDE2E9E2BF911 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
09:29:16.0562 3996 winmgmt - ok
09:29:16.0656 3996 [ 3FC39DC90318C1B72D867FE04962A20F ] WinVNC4 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
09:29:16.0671 3996 WinVNC4 - ok
09:29:16.0718 3996 [ 4307641CA3389A210295FDFFD2A73DEE ] WLANKEEPER C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
09:29:16.0718 3996 WLANKEEPER - ok
09:29:16.0765 3996 [ AA370F0D5B900E13D40E9CB834B5DA10 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
09:29:16.0859 3996 WmdmPmSN - ok
09:29:16.0906 3996 [ 31C1FD0BBDC5B81C21EDBA4331EDAE55 ] Wmi C:\WINDOWS\System32\advapi32.dll
09:29:16.0937 3996 Wmi - ok
09:29:16.0953 3996 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:29:16.0953 3996 WmiAcpi - ok
09:29:17.0015 3996 [ 4E8E8A58F56B25D0795F484E5EB7F898 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:29:17.0015 3996 WmiApSrv - ok
09:29:17.0109 3996 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:29:17.0125 3996 WPFFontCache_v0400 - ok
09:29:17.0171 3996 [ C1FD85DB4A80A98D60ECB7A828E77FE0 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
09:29:17.0187 3996 wscsvc - ok
09:29:17.0203 3996 [ 75D6C5C3D2C93B1F9931E5DFB693AE2A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
09:29:17.0203 3996 wuauserv - ok
09:29:17.0265 3996 [ C336E54EE0C291A02F004667DB1E66CB ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
09:29:17.0281 3996 WZCSVC - ok
09:29:17.0312 3996 [ F92A87FDDA0C11C8604FBC2B864FA726 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
09:29:17.0375 3996 xmlprov - ok
09:29:17.0390 3996 ================ Scan global ===============================
09:29:17.0421 3996 [ 61013AB2E38550619637AA6CC02383D4 ] C:\WINDOWS\system32\basesrv.dll
09:29:17.0453 3996 [ 8FB644D08037BB9CF532F697CCC0A8E6 ] C:\WINDOWS\system32\winsrv.dll
09:29:17.0484 3996 [ 8FB644D08037BB9CF532F697CCC0A8E6 ] C:\WINDOWS\system32\winsrv.dll
09:29:17.0515 3996 [ C3FB1D70CB88722267949694BA51759E ] C:\WINDOWS\system32\services.exe
09:29:17.0515 3996 [Global] - ok
09:29:17.0515 3996 ================ Scan MBR ==================================
09:29:17.0531 3996 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
09:29:17.0796 3996 \Device\Harddisk0\DR0 - ok
09:29:17.0796 3996 ================ Scan VBR ==================================
09:29:17.0812 3996 [ D442E4856AEAE0715C0AF14A887EF599 ] \Device\Harddisk0\DR0\Partition1
09:29:17.0812 3996 \Device\Harddisk0\DR0\Partition1 - ok
09:29:17.0812 3996 ============================================================
09:29:17.0812 3996 Scan finished
09:29:17.0812 3996 ============================================================
09:29:17.0828 5752 Detected object count: 0
09:29:17.0828 5752 Actual detected object count: 0
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 12/03/2013 à 10:00
Modifié par jlpjlp le 12/03/2013 à 10:00
supprime ce qui a été trouvé par roguekiller et colle le rapport
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
12 mars 2013 à 10:30
12 mars 2013 à 10:30
ci dessous le rapport
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 12/03/2013 10:28:53
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[6]_D_12032013_102853.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt ; RKreport[5]_D_12032013_092524.txt ;
RKreport[6]_D_12032013_102853.txt
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 12/03/2013 10:28:53
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[6]_D_12032013_102853.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt ; RKreport[5]_D_12032013_092524.txt ;
RKreport[6]_D_12032013_102853.txt
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 mars 2013 à 10:35
12 mars 2013 à 10:35
choisis de supprimer les drivers trouvés et colle le rapport
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
12 mars 2013 à 10:43
12 mars 2013 à 10:43
RogueKiller V8.5.2 [Mar 9 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 12/03/2013 10:42:53
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[7]_D_12032013_104253.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt ; RKreport[5]_D_12032013_092524.txt ;
RKreport[6]_D_12032013_102853.txt ; RKreport[7]_D_12032013_104253.txt
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : Celine [Droits d'admin]
Mode : Suppression -- Date : 12/03/2013 10:42:53
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x80624160 -> HOOKED (Unknown @ 0x89505DC0)
SSDT[43] : NtCreateMutant @ 0x80617718 -> HOOKED (Unknown @ 0x89506F60)
SSDT[47] : NtCreateProcess @ 0x805D1250 -> HOOKED (Unknown @ 0x895052C0)
SSDT[48] : NtCreateProcessEx @ 0x805D119A -> HOOKED (Unknown @ 0x89505580)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x89506C20)
SSDT[63] : NtDeleteKey @ 0x806245FC -> HOOKED (Unknown @ 0x89506340)
SSDT[65] : NtDeleteValueKey @ 0x806247CC -> HOOKED (Unknown @ 0x89506600)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x89506DC0)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x89505840)
SSDT[240] : NtSetSystemInformation @ 0x8060FD8E -> HOOKED (Unknown @ 0x89507100)
SSDT[247] : NtSetValueKey @ 0x806226D2 -> HOOKED (Unknown @ 0x89506080)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x89505B00)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x89506A80)
S_SSDT[548] : NtUserSetWindowsHookAW -> HOOKED (Unknown @ 0x89507720)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x89507540)
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK1252GSX +++++
--- User ---
[MBR] c99e9d2f645bbdd7ff3dc66a32fc88a0
[BSP] 512aacd0667e28c8ab25e6b27fb9dda8 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 433755 | Size: 114259 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Termine : << RKreport[7]_D_12032013_104253.txt >>
RKreport[1]_S_11032013_111611.txt ; RKreport[2]_S_11032013_112956.txt ; RKreport[3]_D_11032013_151848.txt ; RKreport[4]_S_11032013_191552.txt ; RKreport[5]_D_12032013_092524.txt ;
RKreport[6]_D_12032013_102853.txt ; RKreport[7]_D_12032013_104253.txt
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
Modifié par jlpjlp le 12/03/2013 à 11:15
Modifié par jlpjlp le 12/03/2013 à 11:15
remets un rapport zhpdiag
et explique tes problèmes actuels
a plus
et explique tes problèmes actuels
a plus
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
12 mars 2013 à 11:52
12 mars 2013 à 11:52
rapport ZHPDIAG sur le lien ci dessous :
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130312_w5d13w14i12t15
est ce que mon probleme de virus est donc solutionné?
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130312_w5d13w14i12t15
est ce que mon probleme de virus est donc solutionné?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 mars 2013 à 15:46
12 mars 2013 à 15:46
analyse ces fichiers sur virus total et colle moi les rapports
https://www.virustotal.com/gui/
C:\Documents and Settings\Celine\Local Settings\Application Data\WavXMapDrive.bat
C:\WINDOWS\system32\d3d9caps.dat
affiche les fichiers cachés si besoin comme ceci https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/#pour-afficher-les-fichiers-et-les-dossiers-caches
https://www.virustotal.com/gui/
C:\Documents and Settings\Celine\Local Settings\Application Data\WavXMapDrive.bat
C:\WINDOWS\system32\d3d9caps.dat
affiche les fichiers cachés si besoin comme ceci https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/#pour-afficher-les-fichiers-et-les-dossiers-caches
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
12 mars 2013 à 17:52
12 mars 2013 à 17:52
C:\Documents and Settings\Celine\Local Settings\Application Data\WavXMapDrive.bat
rapport ci dessous :
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
MD5: d41d8cd98f00b204e9800998ecf8427e
File size: 0 bytes ( 0 bytes )
File name: WavXMapDrive.bat
File type: unknown
Detection ratio: 0 / 45
Analysis date: 2013-03-12 16:45:37 UTC ( 1 minute ago )
1437 2070 Less detailsAnalysis File detail
Additional information Comments Votes
Antivirus Result Update
Agnitum - 20130312
AhnLab-V3 - 20130312
AntiVir - 20130312
Antiy-AVL - 20130312
Avast - 20130312
AVG - 20130312
BitDefender - 20130312
ByteHero - 20130304
CAT-QuickHeal - 20130312
ClamAV - 20130312
Commtouch - 20130312
Comodo - 20130312
DrWeb - 20130312
Emsisoft - 20130312
eSafe - 20130307
ESET-NOD32 - 20130312
F-Prot - 20130312
F-Secure - 20130312
Fortinet - 20130312
GData - 20130312
Ikarus - 20130312
Jiangmin - 20130311
K7AntiVirus - 20130312
Kaspersky - 20130312
Kingsoft - 20130311
Malwarebytes - 20130312
McAfee - 20130312
McAfee-GW-Edition - 20130312
Microsoft - 20130312
MicroWorld-eScan - 20130312
NANO-Antivirus - 20130312
Norman - 20130312
nProtect - 20130312
Panda - 20130312
PCTools - 20130312
Sophos - 20130312
SUPERAntiSpyware - 20130312
Symantec - 20130312
TheHacker - 20130312
TotalDefense - 20130312
TrendMicro - 20130312
TrendMicro-HouseCall - 20130312
VBA32 - 20130312
VIPRE - 20130312
ViRobot - 20130312
rapport ci dessous :
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
MD5: d41d8cd98f00b204e9800998ecf8427e
File size: 0 bytes ( 0 bytes )
File name: WavXMapDrive.bat
File type: unknown
Detection ratio: 0 / 45
Analysis date: 2013-03-12 16:45:37 UTC ( 1 minute ago )
1437 2070 Less detailsAnalysis File detail
Additional information Comments Votes
Antivirus Result Update
Agnitum - 20130312
AhnLab-V3 - 20130312
AntiVir - 20130312
Antiy-AVL - 20130312
Avast - 20130312
AVG - 20130312
BitDefender - 20130312
ByteHero - 20130304
CAT-QuickHeal - 20130312
ClamAV - 20130312
Commtouch - 20130312
Comodo - 20130312
DrWeb - 20130312
Emsisoft - 20130312
eSafe - 20130307
ESET-NOD32 - 20130312
F-Prot - 20130312
F-Secure - 20130312
Fortinet - 20130312
GData - 20130312
Ikarus - 20130312
Jiangmin - 20130311
K7AntiVirus - 20130312
Kaspersky - 20130312
Kingsoft - 20130311
Malwarebytes - 20130312
McAfee - 20130312
McAfee-GW-Edition - 20130312
Microsoft - 20130312
MicroWorld-eScan - 20130312
NANO-Antivirus - 20130312
Norman - 20130312
nProtect - 20130312
Panda - 20130312
PCTools - 20130312
Sophos - 20130312
SUPERAntiSpyware - 20130312
Symantec - 20130312
TheHacker - 20130312
TotalDefense - 20130312
TrendMicro - 20130312
TrendMicro-HouseCall - 20130312
VBA32 - 20130312
VIPRE - 20130312
ViRobot - 20130312
celine6676
Messages postés
15
Date d'inscription
lundi 11 mars 2013
Statut
Membre
Dernière intervention
13 mars 2013
12 mars 2013 à 18:31
12 mars 2013 à 18:31
ci dessous 2 ieme rapport
C:\WINDOWS\system32\d3d9caps.dat
SHA256: 996d8f452f30f06bad76d68383225d239ae3752a6eb7dc263ecc19d32b1bd6ab
SHA1: 79ec3347fb2e5884d6b1698e38597ffd740319d5
MD5: 6c480153e894e2994c7652165ad869bc
File size: 664 bytes ( 664 bytes )
File name: d3d9caps.dat
File type: unknown
Detection ratio: 0 / 44
Analysis date: 2013-03-12 16:54:37 UTC ( 1 minute ago )
0 0 Less detailsAnalysis File detail
Additional information Comments Votes
Antivirus Result Update
Agnitum - 20130312
AhnLab-V3 - 20130312
AntiVir - 20130312
Antiy-AVL - 20130312
Avast - 20130312
AVG - 20130312
BitDefender - 20130312
ByteHero - 20130310
CAT-QuickHeal - 20130312
ClamAV - 20130312
Commtouch - 20130312
Comodo - 20130312
DrWeb - 20130312
Emsisoft - 20130312
eSafe - 20130307
ESET-NOD32 - 20130312
F-Prot - 20130312
Fortinet - 20130312
GData - 20130312
Ikarus - 20130312
Jiangmin - 20130311
K7AntiVirus - 20130312
Kaspersky - 20130312
Kingsoft - 20130311
Malwarebytes - 20130312
McAfee - 20130312
McAfee-GW-Edition - 20130312
Microsoft - 20130312
MicroWorld-eScan - 20130312
NANO-Antivirus - 20130312
Norman - 20130312
nProtect - 20130312
Panda - 20130312
PCTools - 20130312
Sophos - 20130312
SUPERAntiSpyware - 20130312
Symantec - 20130312
TheHacker - 20130312
TotalDefense - 20130312
TrendMicro - 20130312
TrendMicro-HouseCall - 20130312
VBA32 - 20130312
VIPRE - 20130312
ViRobot - 20130312
C:\WINDOWS\system32\d3d9caps.dat
SHA256: 996d8f452f30f06bad76d68383225d239ae3752a6eb7dc263ecc19d32b1bd6ab
SHA1: 79ec3347fb2e5884d6b1698e38597ffd740319d5
MD5: 6c480153e894e2994c7652165ad869bc
File size: 664 bytes ( 664 bytes )
File name: d3d9caps.dat
File type: unknown
Detection ratio: 0 / 44
Analysis date: 2013-03-12 16:54:37 UTC ( 1 minute ago )
0 0 Less detailsAnalysis File detail
Additional information Comments Votes
Antivirus Result Update
Agnitum - 20130312
AhnLab-V3 - 20130312
AntiVir - 20130312
Antiy-AVL - 20130312
Avast - 20130312
AVG - 20130312
BitDefender - 20130312
ByteHero - 20130310
CAT-QuickHeal - 20130312
ClamAV - 20130312
Commtouch - 20130312
Comodo - 20130312
DrWeb - 20130312
Emsisoft - 20130312
eSafe - 20130307
ESET-NOD32 - 20130312
F-Prot - 20130312
Fortinet - 20130312
GData - 20130312
Ikarus - 20130312
Jiangmin - 20130311
K7AntiVirus - 20130312
Kaspersky - 20130312
Kingsoft - 20130311
Malwarebytes - 20130312
McAfee - 20130312
McAfee-GW-Edition - 20130312
Microsoft - 20130312
MicroWorld-eScan - 20130312
NANO-Antivirus - 20130312
Norman - 20130312
nProtect - 20130312
Panda - 20130312
PCTools - 20130312
Sophos - 20130312
SUPERAntiSpyware - 20130312
Symantec - 20130312
TheHacker - 20130312
TotalDefense - 20130312
TrendMicro - 20130312
TrendMicro-HouseCall - 20130312
VBA32 - 20130312
VIPRE - 20130312
ViRobot - 20130312
