Votre question

2 processus iexplore + redirection des recherches Internet [Résolu]

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Février 2012 10:11:07

Bonjour,

-Symptômes :
J'ai en permanence 2 processus iexplore qui tournent dans mon gestionnaire des taches (même quand Internet n'est pas lancé). J'ai également constaté que lorsque je fais des recherches sur google, je ne peux pas me connecter aux sites voulus puisque je suis redirigé vers des pages pub (pub d'antivirus - bizarre? comique?). Symptômes persistant sur internet explorer, Mozilla, Safari. Il semblerait que ces processus Iexplore m'ouvrent des ports, et ça je n'aime pas du tout. J'utilise un outil process explorer qui permet de tracer les processus de windows (comme le gestionnaire des tâches mais plus complet).

Tentatives de résolution perso :
J'ai tenté de désinstaller Iexplore mais je me suis rendu compte que cela était impossible car attaché au noyau de windows. J'ai utilisé les outils suivants : AD-R / Malwarebytes / CCleaner / Adwcleaner / Avg Antirootkit / reg cleaner. Des choses ont été trouvées mais rien qui ne solutionne mes problèmes. J'ai également visité ma base de registre afin d'examiner ce qui pouvait tourner (HKey_current_user/software/microsoft/windows/run) et (HKey_local_machine/software/microsoft/windows/run). Je n'ai trouvé qui me semble suspect. J'ai tenté une réparation windows via la console. J'ai lancé une analyse en ligne par trendmicro. Là, je ne sais plus quoi faire...

Voici mon rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:20, on 16/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Impartial Software\Diagnostic Suite\ISMySQL\bin\mysqld.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Tonio\Bureau\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.geomapguide.com/LAVAL/Intranet/mgaxctrl.cab
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.eu-supply.com/Java/CAPICOM/FR/capicom.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://orange.securitoo.com/ols/fscax.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF3A29A0-0490-4C0D-916B-F4F54ECAC385}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISMySQL - Unknown owner - C:\Impartial.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 9018 bytes

Autres pages sur : processus iexplore redirection recherches internet resolu

16 Février 2012 21:30:07

Bonsoir


étape 1

Télécharge DDS de sUBs sur ton bureau.
L'outil ne nécessite pas d'installation.

Lance-le en cliquant sur l'icône dds.scr:

Cette fenêtre DOS va apparaitre:



Le scan ne doit pas dépasser trois minutes.

Deux rapports seront générés, Enregistre les rapports DDS.txt et Attach.txt.



Poste le rapport DDS.txt, tu ne fourniras le rapport Attach.txt que s'il t'est demandé.


<@_@>**<@_@>**<@_@>**<@_@>**<@_@>**@_@>**<@_@><@_@>**<@_@>**<@_@>**<@_@>**

++

****
étape 2




  • Télécharge MbrScan (d'Eric71) sur ton Bureau.

  • Double-clique sur MbrScan situé sur ton Bureau pour le lancer.
    (Sous Vista/Seven, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)

  • Au menu principal, choisis l'option Report.




    /!\ Laisse travailler l'outil, cela ne prendra que quelques secondes /!\

  • Poste le rapport qui apparaît à la fin .



    étape 3

    Suis ce Tutoriel: TDSSKiller
    Poste le rapport généré.


    17 Février 2012 09:40:31

    Bonjour Sham et tout d'abord merci pour ton aide. Il semble que je n'ai plus les processus Iexplorer qui tournent. J'ai lancé un defrag avec defraggler (l'ordi en avait plus que besoin) en mode sans échec hier soir...
    voici les rapports demandés :
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Tonio at 9:11:15 on 2012-02-17
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.246 [GMT 1:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Impartial Software\Diagnostic Suite\ISMySQL\bin\mysqld.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.fr/
    uWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    EB: &Rechercher: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [APSDaemon] "c:\program files\fichiers communs\apple\apple application support\APSDaemon.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    mPolicies-system: EnablELUA = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Rechercher sur le Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
    DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.geomapguide.com/LAVAL/Intranet/mgaxctrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.eu-supply.com/Java/CAPICOM/FR/capicom.cab
    DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://orange.securitoo.com/ols/fscax.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: Interfaces\{EF3A29A0-0490-4C0D-916B-F4F54ECAC385} : NameServer = 80.10.246.2,80.10.246.129
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\fichiers communs\microsoft shared\web folders\PKMCDO.DLL
    Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer\TerraExplorerX.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\tonio\application data\mozilla\firefox\profiles\imn4flon.default\
    FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - plugin: c:\documents and settings\tonio\application data\mozilla\firefox\profiles\imn4flon.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\quicktime alternative\plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-5-12 3968]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-7-3 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-7-3 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-7-3 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-15 66616]
    R2 ISMySQL;ISMySQL;"c:\impartial software\diagnostic suite\ismysql\bin\mysqld" --defaults-file="c:\impartial software\diagnostic suite\ismysql\my.ini" ismysql --> c:\impartial software\diagnostic suite\ismysql\bin\mysqld [?]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-30 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-4 47640]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-4-22 218688]
    S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [2006-1-13 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [2006-1-13 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [2006-1-13 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [2006-1-13 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [2006-1-13 77072]
    S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\drivers\procexp150.sys --> c:\windows\system32\drivers\PROCEXP150.SYS [?]
    S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [2002-10-22 40448]
    S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-2-20 30192]
    S4 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
    S4 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2012-02-16 11:25:08 -------- d-----w- c:\program files\Defraggler
    2012-02-16 09:21:46 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
    2012-02-16 09:21:41 -------- d-----w- c:\program files\Security Task Manager
    2012-02-15 15:07:06 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-02-14 17:12:36 -------- d-----w- C:\Kill'em
    2012-01-26 08:39:57 -------- d-----w- c:\program files\iPod
    2012-01-26 08:39:19 -------- d-----w- c:\program files\iTunes
    2012-01-20 08:47:09 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-20 08:47:09 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-20 08:47:09 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-20 08:47:09 45016 ----a-w- c:\program files\mozilla firefox\mozutils.dll
    .
    ==================== Find3M ====================
    .
    2012-02-14 15:09:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-07 08:13:55 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-02-07 08:13:55 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2012-02-07 08:13:54 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2012-02-07 08:13:54 30592 ----a-w- c:\windows\system32\LMIport.dll
    2011-12-20 09:04:55 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2011-12-20 09:04:54 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
    2011-11-25 21:57:09 293888 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 14:40:17 1859712 ----a-w- c:\windows\system32\win32k.sys
    2011-11-20 06:12:29 61952 ----a-w- c:\windows\system32\packager.exe
    .
    ============= FINISH: 9:15:45.79 ===============





    Mbrscan :

    1. MBRScan v1.1.1
    2.  
    3. OS : Windows XP Home Service Pack 3 (32 bit)
    4. PROCESSOR : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    5. BOOT : Normal Boot
    6. DATE : 2012/02/17 (ISO 8601) at 09:22:28
    7. ________________________________________________________________________________
    8.  
    9. DISK : Device\Harddisk0\DR0 __WDC WD1600JS-75NCB1 (10.02E01)
    10. BUS_TYPE : (0x03) P-ATA
    11. USE_PIO : YES
    12. MAX_TRANSFER : 128 Kb
    13. ALIGNMENT_MASK : word aligned
    14. ________________________________________________________________________________
    15.  
    16. Device\Harddisk0\DR0 149.0 Go [Fixed] ==> XP MBR Code
    17.  
    18. MBR_MD5 : 49F26431B76B679D04396C3FA0A37140
    19. MBR_SHA1 : 7E9662833EE5E1A7E8135D7C21955AA7EAA0983C
    20.  
    21. Device\Harddisk0\Partition1 54.88 Mo 0xDE Dell Utility
    22. Device\Harddisk0\Partition2 29.81 Go 0x07 NTFS / HPFS __ BOOTABLE __
    23. Device\Harddisk0\Partition3 119.1 Go 0x07 NTFS / HPFS
    24. ________________________________________________________________________________
    25.  
    26. ############################### Additional scan ################################
    27.  
    28. DRIVER : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
    29. ADDRESS : 0xAA4FA000
    30. SIZE : 96.0 Ko
    31.  
    32. DRIVER : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
    33. ADDRESS : 0xF7AD0000
    34. SIZE : 8.0 Ko
    35.  
    36. DRIVER : C:\DOCUME~1\Tonio\LOCALS~1\Temp\mbr.sys => Invisible on the disk
    37. ADDRESS : 0xF786E000
    38. SIZE : 28.0 Ko
    39.  
    40. SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
    41.  
    42. ________________________________________________________________________________
    43.  
    44. _______MBR \Device\Harddisk0\DR0
    45.  
    46. 0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
    47. 0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
    48. 0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
    49. 0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
    50. 0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
    51. 0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
    52. 0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
    53. 0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
    54. 0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
    55. 0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
    56. 0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
    57. 0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
    58. 0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
    59. 0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
    60. 0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
    61. 0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
    62. 0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
    63. 0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
    64. 0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva
    65. 0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta
    66. 0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin
    67. 0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
    68. 0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera
    69. 0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....
    70. 0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
    71. 0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
    72. 0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
    73. 0x000001B0 00 00 00 00 00 2C 44 63 79 9D DE EE 00 00 00 01 .....,Dcy.Þî....
    74. 0x000001C0 01 00 DE FE 3F 06 3F 00 00 00 08 B7 01 00 80 00 ..Þþ?.?....·....
    75. 0x000001D0 01 07 07 FE FF FF 47 B7 01 00 34 0E BA 03 00 00 ...þ..G·..4.º...
    76. 0x000001E0 C1 FF 0F FE FF FF 7B C5 BB 03 81 8B E4 0E 00 00 Á..þ..{Å»...ä...
    77. 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª





    TDSkiller :


    09:24:51.0390 3132 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    09:24:51.0531 3132 ============================================================
    09:24:51.0531 3132 Current date / time: 2012/02/17 09:24:51.0531
    09:24:51.0531 3132 SystemInfo:
    09:24:51.0531 3132
    09:24:51.0531 3132 OS Version: 5.1.2600 ServicePack: 3.0
    09:24:51.0531 3132 Product type: Workstation
    09:24:51.0531 3132 ComputerName: DELL
    09:24:51.0531 3132 UserName: Tonio
    09:24:51.0531 3132 Windows directory: C:\WINDOWS
    09:24:51.0531 3132 System windows directory: C:\WINDOWS
    09:24:51.0531 3132 Processor architecture: Intel x86
    09:24:51.0531 3132 Number of processors: 2
    09:24:51.0531 3132 Page size: 0x1000
    09:24:51.0531 3132 Boot type: Normal boot
    09:24:51.0531 3132 ============================================================
    09:24:52.0843 3132 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    09:24:52.0843 3132 \Device\Harddisk0\DR0:
    09:24:52.0843 3132 MBR used
    09:24:52.0843 3132 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1B747, BlocksNum 0x3BA0E34
    09:24:52.0859 3132 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3BBC5BA, BlocksNum 0xEE48B42
    09:24:53.0015 3132 Initialize success
    09:24:53.0015 3132 ============================================================
    09:25:17.0093 3064 ============================================================
    09:25:17.0093 3064 Scan started
    09:25:17.0093 3064 Mode: Manual;
    09:25:17.0093 3064 ============================================================
    09:25:17.0296 3064 Abiosdsk - ok
    09:25:17.0343 3064 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    09:25:17.0343 3064 abp480n5 - ok
    09:25:17.0406 3064 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    09:25:17.0406 3064 ACPI - ok
    09:25:17.0437 3064 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
    09:25:17.0437 3064 ACPIEC - ok
    09:25:17.0468 3064 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    09:25:17.0468 3064 adpu160m - ok
    09:25:17.0515 3064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    09:25:17.0515 3064 aec - ok
    09:25:17.0546 3064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    09:25:17.0562 3064 AFD - ok
    09:25:17.0593 3064 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    09:25:17.0593 3064 agp440 - ok
    09:25:17.0625 3064 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    09:25:17.0625 3064 agpCPQ - ok
    09:25:17.0640 3064 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    09:25:17.0640 3064 Aha154x - ok
    09:25:17.0671 3064 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    09:25:17.0671 3064 aic78u2 - ok
    09:25:17.0687 3064 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    09:25:17.0687 3064 aic78xx - ok
    09:25:17.0718 3064 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    09:25:17.0718 3064 AliIde - ok
    09:25:17.0734 3064 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    09:25:17.0734 3064 alim1541 - ok
    09:25:17.0765 3064 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    09:25:17.0781 3064 amdagp - ok
    09:25:17.0781 3064 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    09:25:17.0796 3064 amsint - ok
    09:25:17.0812 3064 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    09:25:17.0812 3064 asc - ok
    09:25:17.0828 3064 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    09:25:17.0828 3064 asc3350p - ok
    09:25:17.0843 3064 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    09:25:17.0843 3064 asc3550 - ok
    09:25:17.0890 3064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    09:25:17.0890 3064 AsyncMac - ok
    09:25:17.0921 3064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    09:25:17.0921 3064 atapi - ok
    09:25:17.0921 3064 Atdisk - ok
    09:25:17.0953 3064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    09:25:17.0953 3064 Atmarpc - ok
    09:25:17.0984 3064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    09:25:17.0984 3064 audstub - ok
    09:25:18.0078 3064 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys
    09:25:18.0078 3064 AVG Anti-Rootkit - ok
    09:25:18.0093 3064 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys
    09:25:18.0093 3064 AvgArCln - ok
    09:25:18.0203 3064 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    09:25:18.0203 3064 avgio - ok
    09:25:18.0250 3064 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    09:25:18.0250 3064 avgntflt - ok
    09:25:18.0281 3064 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    09:25:18.0281 3064 avipbb - ok
    09:25:18.0312 3064 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    09:25:18.0312 3064 b57w2k - ok
    09:25:18.0343 3064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    09:25:18.0343 3064 Beep - ok
    09:25:18.0437 3064 catchme - ok
    09:25:18.0468 3064 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    09:25:18.0468 3064 cbidf - ok
    09:25:18.0484 3064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    09:25:18.0484 3064 cbidf2k - ok
    09:25:18.0531 3064 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    09:25:18.0531 3064 cd20xrnt - ok
    09:25:18.0546 3064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    09:25:18.0546 3064 Cdaudio - ok
    09:25:18.0593 3064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    09:25:18.0593 3064 Cdfs - ok
    09:25:18.0640 3064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    09:25:18.0656 3064 Cdrom - ok
    09:25:18.0656 3064 Changer - ok
    09:25:18.0687 3064 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    09:25:18.0687 3064 CmdIde - ok
    09:25:18.0718 3064 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    09:25:18.0718 3064 Cpqarray - ok
    09:25:18.0718 3064 CrystalSysInfo - ok
    09:25:18.0750 3064 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    09:25:18.0765 3064 dac2w2k - ok
    09:25:18.0765 3064 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    09:25:18.0765 3064 dac960nt - ok
    09:25:18.0828 3064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    09:25:18.0828 3064 Disk - ok
    09:25:18.0875 3064 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    09:25:18.0906 3064 dmboot - ok
    09:25:18.0937 3064 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    09:25:18.0953 3064 dmio - ok
    09:25:19.0015 3064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    09:25:19.0015 3064 dmload - ok
    09:25:19.0062 3064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    09:25:19.0062 3064 DMusic - ok
    09:25:19.0093 3064 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    09:25:19.0093 3064 dpti2o - ok
    09:25:19.0140 3064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    09:25:19.0140 3064 drmkaud - ok
    09:25:19.0187 3064 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
    09:25:19.0187 3064 dtsoftbus01 - ok
    09:25:19.0218 3064 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    09:25:19.0218 3064 E100B - ok
    09:25:19.0281 3064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    09:25:19.0281 3064 Fastfat - ok
    09:25:19.0296 3064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    09:25:19.0312 3064 Fdc - ok
    09:25:19.0328 3064 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    09:25:19.0328 3064 Fips - ok
    09:25:19.0375 3064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    09:25:19.0375 3064 Flpydisk - ok
    09:25:19.0406 3064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    09:25:19.0406 3064 FltMgr - ok
    09:25:19.0437 3064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    09:25:19.0437 3064 Fs_Rec - ok
    09:25:19.0500 3064 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    09:25:19.0500 3064 Ftdisk - ok
    09:25:19.0546 3064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    09:25:19.0546 3064 GEARAspiWDM - ok
    09:25:19.0578 3064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    09:25:19.0578 3064 Gpc - ok
    09:25:19.0625 3064 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    09:25:19.0625 3064 HidUsb - ok
    09:25:19.0656 3064 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    09:25:19.0656 3064 hpn - ok
    09:25:19.0687 3064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    09:25:19.0703 3064 HTTP - ok
    09:25:19.0781 3064 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    09:25:19.0781 3064 i2omgmt - ok
    09:25:19.0812 3064 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    09:25:19.0812 3064 i2omp - ok
    09:25:19.0828 3064 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    09:25:19.0843 3064 i8042prt - ok
    09:25:19.0890 3064 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    09:25:19.0906 3064 ialm - ok
    09:25:19.0937 3064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    09:25:19.0937 3064 Imapi - ok
    09:25:19.0953 3064 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    09:25:19.0953 3064 ini910u - ok
    09:25:19.0968 3064 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
    09:25:19.0984 3064 IntelIde - ok
    09:25:20.0015 3064 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    09:25:20.0015 3064 intelppm - ok
    09:25:20.0031 3064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    09:25:20.0031 3064 Ip6Fw - ok
    09:25:20.0046 3064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    09:25:20.0062 3064 IpInIp - ok
    09:25:20.0078 3064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    09:25:20.0078 3064 IpNat - ok
    09:25:20.0093 3064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    09:25:20.0109 3064 IPSec - ok
    09:25:20.0125 3064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    09:25:20.0125 3064 IRENUM - ok
    09:25:20.0156 3064 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    09:25:20.0156 3064 isapnp - ok
    09:25:20.0203 3064 k600bus (53d606019bb0f0c6b3e6ec9d2e0f7622) C:\WINDOWS\system32\DRIVERS\k600bus.sys
    09:25:20.0203 3064 k600bus - ok
    09:25:20.0218 3064 k600mdfl (c0d81f66557847bbb7f5b9980bc2ea2e) C:\WINDOWS\system32\DRIVERS\k600mdfl.sys
    09:25:20.0218 3064 k600mdfl - ok
    09:25:20.0234 3064 k600mdm (646900b2921bad4757b427d2d328ec96) C:\WINDOWS\system32\DRIVERS\k600mdm.sys
    09:25:20.0234 3064 k600mdm - ok
    09:25:20.0265 3064 k600mgmt (3990320cfef38b038c012029257e2300) C:\WINDOWS\system32\DRIVERS\k600mgmt.sys
    09:25:20.0265 3064 k600mgmt - ok
    09:25:20.0296 3064 k600obex (1578cb8176d08cc4d3dbe094c62fc236) C:\WINDOWS\system32\DRIVERS\k600obex.sys
    09:25:20.0296 3064 k600obex - ok
    09:25:20.0390 3064 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    09:25:20.0390 3064 Kbdclass - ok
    09:25:20.0421 3064 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    09:25:20.0437 3064 kbdhid - ok
    09:25:20.0453 3064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    09:25:20.0468 3064 kmixer - ok
    09:25:20.0500 3064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    09:25:20.0515 3064 KSecDD - ok
    09:25:20.0531 3064 lbrtfdc - ok
    09:25:20.0625 3064 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    09:25:20.0625 3064 LMIInfo - ok
    09:25:20.0671 3064 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    09:25:20.0671 3064 lmimirr - ok
    09:25:20.0687 3064 LMIRfsClientNP - ok
    09:25:20.0703 3064 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    09:25:20.0703 3064 LMIRfsDriver - ok
    09:25:20.0750 3064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    09:25:20.0750 3064 mnmdd - ok
    09:25:20.0796 3064 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    09:25:20.0796 3064 Modem - ok
    09:25:20.0812 3064 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    09:25:20.0812 3064 Mouclass - ok
    09:25:20.0859 3064 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    09:25:20.0859 3064 mouhid - ok
    09:25:20.0890 3064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    09:25:20.0890 3064 MountMgr - ok
    09:25:20.0921 3064 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    09:25:20.0921 3064 mraid35x - ok
    09:25:20.0953 3064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    09:25:20.0953 3064 MRxDAV - ok
    09:25:21.0000 3064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    09:25:21.0031 3064 MRxSmb - ok
    09:25:21.0046 3064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    09:25:21.0046 3064 Msfs - ok
    09:25:21.0093 3064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    09:25:21.0093 3064 MSKSSRV - ok
    09:25:21.0156 3064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    09:25:21.0156 3064 MSPCLOCK - ok
    09:25:21.0171 3064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    09:25:21.0187 3064 MSPQM - ok
    09:25:21.0218 3064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    09:25:21.0218 3064 mssmbios - ok
    09:25:21.0281 3064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    09:25:21.0281 3064 Mup - ok
    09:25:21.0328 3064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    09:25:21.0328 3064 NDIS - ok
    09:25:21.0375 3064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    09:25:21.0375 3064 NdisTapi - ok
    09:25:21.0406 3064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    09:25:21.0406 3064 Ndisuio - ok
    09:25:21.0437 3064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    09:25:21.0437 3064 NdisWan - ok
    09:25:21.0484 3064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    09:25:21.0484 3064 NDProxy - ok
    09:25:21.0531 3064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    09:25:21.0531 3064 NetBIOS - ok
    09:25:21.0562 3064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    09:25:21.0562 3064 NetBT - ok
    09:25:21.0625 3064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    09:25:21.0625 3064 Npfs - ok
    09:25:21.0656 3064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    09:25:21.0671 3064 Ntfs - ok
    09:25:21.0718 3064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    09:25:21.0718 3064 Null - ok
    09:25:21.0796 3064 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    09:25:21.0859 3064 nv - ok
    09:25:21.0875 3064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    09:25:21.0875 3064 NwlnkFlt - ok
    09:25:21.0890 3064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    09:25:21.0890 3064 NwlnkFwd - ok
    09:25:21.0968 3064 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    09:25:21.0968 3064 NwlnkIpx - ok
    09:25:22.0000 3064 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    09:25:22.0000 3064 NwlnkNb - ok
    09:25:22.0031 3064 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    09:25:22.0031 3064 NwlnkSpx - ok
    09:25:22.0078 3064 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
    09:25:22.0078 3064 Parport - ok
    09:25:22.0093 3064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    09:25:22.0093 3064 PartMgr - ok
    09:25:22.0109 3064 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    09:25:22.0109 3064 ParVdm - ok
    09:25:22.0156 3064 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS
    09:25:22.0187 3064 PCAMPR5 - ok
    09:25:22.0203 3064 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS
    09:25:22.0218 3064 PCANDIS5 - ok
    09:25:22.0234 3064 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    09:25:22.0234 3064 PCI - ok
    09:25:22.0234 3064 PCIDump - ok
    09:25:22.0265 3064 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    09:25:22.0265 3064 PCIIde - ok
    09:25:22.0312 3064 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
    09:25:22.0328 3064 Pcmcia - ok
    09:25:22.0328 3064 PDCOMP - ok
    09:25:22.0343 3064 PDFRAME - ok
    09:25:22.0359 3064 PDRELI - ok
    09:25:22.0359 3064 PDRFRAME - ok
    09:25:22.0390 3064 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    09:25:22.0390 3064 perc2 - ok
    09:25:22.0406 3064 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    09:25:22.0406 3064 perc2hib - ok
    09:25:22.0468 3064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    09:25:22.0468 3064 PptpMiniport - ok
    09:25:22.0515 3064 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
    09:25:22.0515 3064 PQNTDrv - ok
    09:25:22.0515 3064 PROCEXP150 - ok
    09:25:22.0546 3064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    09:25:22.0546 3064 PSched - ok
    09:25:22.0578 3064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    09:25:22.0578 3064 Ptilink - ok
    09:25:22.0609 3064 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    09:25:22.0609 3064 ql1080 - ok
    09:25:22.0640 3064 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    09:25:22.0640 3064 Ql10wnt - ok
    09:25:22.0718 3064 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    09:25:22.0718 3064 ql12160 - ok
    09:25:22.0765 3064 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    09:25:22.0765 3064 ql1240 - ok
    09:25:22.0781 3064 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    09:25:22.0781 3064 ql1280 - ok
    09:25:22.0812 3064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    09:25:22.0812 3064 RasAcd - ok
    09:25:22.0828 3064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    09:25:22.0828 3064 Rasl2tp - ok
    09:25:22.0859 3064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    09:25:22.0859 3064 RasPppoe - ok
    09:25:22.0875 3064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    09:25:22.0875 3064 Raspti - ok
    09:25:22.0906 3064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    09:25:22.0906 3064 Rdbss - ok
    09:25:22.0937 3064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    09:25:22.0937 3064 RDPCDD - ok
    09:25:22.0984 3064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    09:25:22.0984 3064 rdpdr - ok
    09:25:23.0031 3064 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    09:25:23.0031 3064 RDPWD - ok
    09:25:23.0062 3064 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    09:25:23.0062 3064 redbook - ok
    09:25:23.0125 3064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    09:25:23.0125 3064 Secdrv - ok
    09:25:23.0171 3064 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    09:25:23.0203 3064 senfilt - ok
    09:25:23.0250 3064 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    09:25:23.0250 3064 serenum - ok
    09:25:23.0265 3064 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
    09:25:23.0281 3064 Serial - ok
    09:25:23.0328 3064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    09:25:23.0328 3064 Sfloppy - ok
    09:25:23.0343 3064 Simbad - ok
    09:25:23.0390 3064 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    09:25:23.0390 3064 sisagp - ok
    09:25:23.0421 3064 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    09:25:23.0437 3064 smwdm - ok
    09:25:23.0515 3064 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    09:25:23.0515 3064 Sparrow - ok
    09:25:23.0562 3064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    09:25:23.0562 3064 splitter - ok
    09:25:23.0625 3064 sptd (614deea4bdcec3fd5a07bdc705723ad7) C:\WINDOWS\System32\Drivers\sptd.sys
    09:25:23.0625 3064 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\sptd.sys. md5: 614deea4bdcec3fd5a07bdc705723ad7
    09:25:23.0625 3064 sptd ( LockedFile.Multi.Generic ) - warning
    09:25:23.0625 3064 sptd - detected LockedFile.Multi.Generic (1)
    09:25:23.0640 3064 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    09:25:23.0640 3064 sr - ok
    09:25:23.0687 3064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    09:25:23.0718 3064 Srv - ok
    09:25:23.0750 3064 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    09:25:23.0765 3064 ssmdrv - ok
    09:25:23.0812 3064 SUSCOM (16767dce5814bc80aaa9b9c6cd2596a7) C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS
    09:25:23.0812 3064 SUSCOM - ok
    09:25:23.0859 3064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    09:25:23.0859 3064 swenum - ok
    09:25:23.0875 3064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    09:25:23.0875 3064 swmidi - ok
    09:25:23.0906 3064 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    09:25:23.0906 3064 symc810 - ok
    09:25:23.0921 3064 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    09:25:23.0937 3064 symc8xx - ok
    09:25:23.0937 3064 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    09:25:23.0953 3064 sym_hi - ok
    09:25:23.0968 3064 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    09:25:23.0968 3064 sym_u3 - ok
    09:25:24.0000 3064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    09:25:24.0000 3064 sysaudio - ok
    09:25:24.0062 3064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    09:25:24.0078 3064 Tcpip - ok
    09:25:24.0125 3064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    09:25:24.0125 3064 TDPIPE - ok
    09:25:24.0203 3064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    09:25:24.0203 3064 TDTCP - ok
    09:25:24.0250 3064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    09:25:24.0250 3064 TermDD - ok
    09:25:24.0296 3064 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
    09:25:24.0296 3064 TosIde - ok
    09:25:24.0343 3064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    09:25:24.0359 3064 Udfs - ok
    09:25:24.0375 3064 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    09:25:24.0390 3064 ultra - ok
    09:25:24.0437 3064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    09:25:24.0453 3064 Update - ok
    09:25:24.0500 3064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    09:25:24.0500 3064 USBAAPL - ok
    09:25:24.0515 3064 usbbus - ok
    09:25:24.0531 3064 UsbDiag - ok
    09:25:24.0562 3064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    09:25:24.0578 3064 usbehci - ok
    09:25:24.0609 3064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    09:25:24.0625 3064 usbhub - ok
    09:25:24.0625 3064 USBModem - ok
    09:25:24.0671 3064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    09:25:24.0671 3064 usbscan - ok
    09:25:24.0703 3064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    09:25:24.0703 3064 USBSTOR - ok
    09:25:24.0750 3064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    09:25:24.0750 3064 usbuhci - ok
    09:25:24.0765 3064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    09:25:24.0765 3064 VgaSave - ok
    09:25:24.0796 3064 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    09:25:24.0812 3064 viaagp - ok
    09:25:24.0843 3064 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    09:25:24.0843 3064 ViaIde - ok
    09:25:24.0875 3064 VolSnap (4d39b6fbf65832f9ae75d8157694afb0) C:\WINDOWS\system32\drivers\VolSnap.sys
    09:25:24.0875 3064 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 4d39b6fbf65832f9ae75d8157694afb0, Fake md5: 46de1126684369bace4849e4fc8c43ca
    09:25:24.0875 3064 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
    09:25:24.0875 3064 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
    09:25:24.0937 3064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    09:25:24.0937 3064 Wanarp - ok
    09:25:24.0984 3064 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    09:25:24.0984 3064 wceusbsh - ok
    09:25:25.0046 3064 WDICA - ok
    09:25:25.0093 3064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    09:25:25.0093 3064 wdmaud - ok
    09:25:25.0171 3064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    09:25:25.0343 3064 \Device\Harddisk0\DR0 - ok
    09:25:25.0343 3064 Boot (0x1200) (294d6cb120aa7dc15c191ec964792265) \Device\Harddisk0\DR0\Partition0
    09:25:25.0343 3064 \Device\Harddisk0\DR0\Partition0 - ok
    09:25:25.0359 3064 Boot (0x1200) (39358eb70f7386af91bc4f9746a9a757) \Device\Harddisk0\DR0\Partition1
    09:25:25.0359 3064 \Device\Harddisk0\DR0\Partition1 - ok
    09:25:25.0375 3064 ============================================================
    09:25:25.0375 3064 Scan finished
    09:25:25.0375 3064 ============================================================
    09:25:25.0375 1792 Detected object count: 2
    09:25:25.0375 1792 Actual detected object count: 2
    09:26:01.0171 1792 sptd ( LockedFile.Multi.Generic ) - skipped by user
    09:26:01.0171 1792 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
    09:26:01.0281 1792 C:\WINDOWS\system32\drivers\VolSnap.sys - copied to quarantine
    09:26:03.0265 1792 Backup copy found, using it..
    09:26:03.0281 1792 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured on reboot
    09:26:03.0281 1792 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure



    -PC rebooté
    Contenus similaires
    17 Février 2012 18:22:32

    Bonjour

    bien joué:
    Citation :
    09:26:03.0281 1792 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured on reboot
    09:26:03.0281 1792 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure


    on continue:
    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>

    +++++++++++++++++++++
    20 Février 2012 10:12:57

    Salut Sham,
    Déjà merci pour le temps passé. Je ne sais plus si je l'ai déjà dit mais je n'ai plus de problème de redirections ni de processus Iexplore qui tourne. Mais j'ai quand même fait mes devoirs :

    ComboFix 12-02-19.02 - Tonio 20/02/2012 9:46.2.2 - x86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1014.528 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Tonio\Bureau\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Tonio\Local Settings\Application Data\DSPatch-Vsupport.exe
    c:\windows\system32\SET3A.tmp
    c:\windows\system32\SET3E.tmp
    c:\windows\system32\SET46.tmp
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-01-20 au 2012-02-20 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-02-17 08:26 . 2012-02-17 08:26 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-02-17 08:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    2012-02-17 08:04 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-16 11:25 . 2012-02-16 11:25 -------- d-----w- c:\program files\Defraggler
    2012-02-16 09:21 . 2012-02-16 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-16 09:21 . 2012-02-16 09:21 -------- d-----w- c:\program files\Security Task Manager
    2012-02-15 15:07 . 2012-02-15 15:07 -------- d--h--w- c:\windows\system32\GroupPolicy
    2012-02-14 17:12 . 2012-02-14 17:12 -------- d-----w- C:\Kill'em
    2012-02-14 15:05 . 2012-02-14 15:05 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE
    2012-02-14 14:55 . 2012-02-14 14:55 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
    2012-01-26 08:39 . 2012-01-26 08:39 -------- d-----w- c:\program files\iPod
    2012-01-26 08:39 . 2012-01-26 08:41 -------- d-----w- c:\program files\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-17 08:28 . 2004-08-19 13:03 53376 ----a-w- c:\windows\system32\drivers\volsnap.sys
    2012-02-14 15:09 . 2011-05-13 15:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-07 08:13 . 2007-12-04 16:11 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2012-02-07 08:13 . 2007-12-04 16:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-02-07 08:13 . 2007-12-04 16:11 30592 ----a-w- c:\windows\system32\LMIport.dll
    2012-02-07 08:13 . 2007-12-04 16:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2012-01-12 17:20 . 2004-08-19 13:03 1860096 ----a-w- c:\windows\system32\win32k.sys
    2011-12-20 09:04 . 2007-12-04 16:11 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2011-12-20 09:04 . 2007-12-04 16:11 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
    2011-12-17 19:43 . 2004-08-19 13:03 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:43 . 2004-08-19 13:03 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:43 . 2004-08-19 13:03 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2004-08-19 13:03 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-25 21:57 . 2004-08-19 13:03 293888 ----a-w- c:\windows\system32\winsrv.dll
    2012-02-17 08:55 . 2011-10-20 07:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-07-20 08:01 . 2008-09-18 23:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 1204224]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2012-02-07 08:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Speed Launcher.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Speed Launcher.lnk
    backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^OKI LPR Utility.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\OKI LPR Utility.lnk
    backup=c:\windows\pss\OKI LPR Utility.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Tonio^Menu Démarrer^Programmes^Démarrage^Ulead Quick Access.lnk]
    path=c:\documents and settings\Tonio\Menu Démarrer\Programmes\Démarrage\Ulead Quick Access.lnk
    backup=c:\windows\pss\Ulead Quick Access.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2006-01-12 19:52 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-10-05 23:52 59240 ----a-w- c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    2008-04-14 02:33 15360 ----a-w- c:\windows\system32\ctfmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-07-20 08:01 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-04-06 02:19 77824 ----a-w- c:\windows\system32\hkcmd.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-04-06 02:22 94208 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
    2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 02:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBCore]
    2008-09-24 11:57 1561896 ----a-w- c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBCore.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2005-04-06 02:23 114688 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime Alternative\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 15:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2005-11-10 11:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-07-01 14:34 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 15:45 313472 ----a-w- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "UPS"=3 (0x3)
    "srservice"=2 (0x2)
    "Schedule"=2 (0x2)
    "SCardSvr"=3 (0x3)
    "Nero BackItUp Scheduler 4.0"=2 (0x2)
    "helpsvc"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "FTRTSVC"=2 (0x2)
    "GoogleDesktopManager-051210-111108"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "c:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
    "c:\\Program Files\\Orange\\Connexion Internet Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/07/2011 14:28 136360]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [30/09/2010 15:59 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [03/08/2007 15:09 12856]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [22/04/2011 10:26 218688]
    S2 ISMySQL;ISMySQL;"c:\impartial software\Diagnostic Suite\ISMySQL\bin\mysqld" --defaults-file="c:\impartial software\Diagnostic Suite\ISMySQL\my.ini" ISMySQL --> c:\impartial software\Diagnostic Suite\ISMySQL\bin\mysqld [?]
    S3 k600bus;Sony Ericsson 600i driver (WDM);c:\windows\system32\drivers\k600bus.sys [13/01/2006 14:35 52384]
    S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;c:\windows\system32\drivers\k600mdfl.sys [13/01/2006 14:37 6096]
    S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;c:\windows\system32\drivers\k600mdm.sys [13/01/2006 14:37 87456]
    S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;c:\windows\system32\drivers\k600mgmt.sys [13/01/2006 14:43 79248]
    S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\k600obex.sys [13/01/2006 14:39 77072]
    S3 PROCEXP150;PROCEXP150;\??\c:\windows\system32\Drivers\PROCEXP150.SYS --> c:\windows\system32\Drivers\PROCEXP150.SYS [?]
    S3 SUSCOM;Susteen Serial port driver;c:\windows\system32\drivers\SUSCOM.SYS [22/10/2002 12:58 40448]
    S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20/02/2007 17:56 30192]
    S4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 14:57 135664]
    S4 gupdatem;Service Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 14:57 135664]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    TCP: Interfaces\{EF3A29A0-0490-4C0D-916B-F4F54ECAC385}: NameServer = 80.10.246.2,80.10.246.129
    FF - ProfilePath - c:\documents and settings\Tonio\Application Data\Mozilla\Firefox\Profiles\imn4flon.default\
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    SafeBoot-44685604.sys
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-20 09:55
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISMySQL]
    "ImagePath"="\"c:\impartial software\Diagnostic Suite\ISMySQL\bin\mysqld\" --defaults-file=\"c:\impartial software\Diagnostic Suite\ISMySQL\my.ini\" ISMySQL"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters]
    @DACL=(02 0000)
    @SACL=
    "WinSock_Registry_Version"="2.0"
    "Current_NameSpace_Catalog"="NameSpace_Catalog5"
    "Current_Protocol_Catalog"="Protocol_Catalog9"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'winlogon.exe'(704)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    .
    Heure de fin: 2012-02-20 09:58:36
    ComboFix-quarantined-files.txt 2012-02-20 08:58
    ComboFix2.txt 2011-04-27 06:56
    .
    Avant-CF: 6 347 968 512 octets libres
    Après-CF: 6 397 251 584 octets libres
    .
    - - End Of File - - 91819F1D5DB85296899C197A7F600B12



    Pour info, le PC n'a pas rebooté.
    20 Février 2012 21:56:04

    Bonsoir


    Nous allons vérifier que tes programmes sont à jour.

    • Télécharge SX Check&Update (de igor 51) sur ton Bureau.

      /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
    • Double-clique sur SXCU.exe situé sur ton Bureau pour le lancer.

    • Au menu principal, choisis l'option Rapport.




    • Poste le rapport qui s'affiche à ton écran.

  • /!\ Pense à réactiver ton antivirus /!\



    Tutoriel: SX Check&Update
    21 Février 2012 14:12:14

    Voilà,

    Bon, j'avoue avoir remis à jour flashplayer (et activex) avant de poster... :) 


    SX Check&Update
    Lien vers le tutoriel : http://forum.security-x.fr/tutoriels-317/tutoriel-sx-ch...
    ---
    Windows Version : Windows XP 32 bits
    Service Pack : 3
    UserName : Tonio
    21/02/2012
    14:10:43
    version = v0.1.1
    ---
    Windows Update Information :
    AUOptions : 4
    Automatically, no notification
    ---
    Name : FlashPlayer ActiveX
    Version : 11.1.102.62
    Flash Player ActiveX est à jour

    Name : FlashPlayer Plugin
    Version : 11.1.102.62
    Flash Player Plugin est à jour

    Nom : Mozilla Firefox 10.0.2 (x86 fr)
    Version : 10.0.2

    Nom : Internet Explorer
    Version : 8.0.6001.18702

    --
    21 Février 2012 22:14:48

    Bonsoir :) 

    Citation :
    Bon, j'avoue avoir remis à jour flashplayer (et activex) avant de poster... :) 

    GG ;O)

    +++




    Supprime/Désinstalle tous les programmes utilisés pour la désinfection.


    Merci de consulter ce dossier (en pdf) pour en connaître davantage sur les risques du Net.



    Si tu trouves ce document intéressant, n'hésite pas à le transmettre à tes contacts.

    Si tu en as assez d'être assailli de publicités durant ta navigation, installe Firefox sécurisé avec les extensions noscript et AdBlock Plus.

    Lire aussi:
  • Antispyware gratuit : ça sert à rien!

    ~Clique, sur ton premier message, sur le bouton "Editer" et marque [résolu] dans le titre.

    Clique ensuite sur "Valider votre message"

    Si ton nom de session correspond à ton véritable nom, tu as la possibilité de le changer en éditant tes posts.

    :hello: 

    ++++++
    22 Février 2012 09:51:38

    Un grand merci à toi Sham_Rock !!!!!!!!!!!
    22 Février 2012 09:59:27

    Par contre, j'ai beau chercher, je ne vois pas le moyen de marquer [résolu] et je ne vois pas non plus la case éditer...
    22 Février 2012 18:00:37

    c'est fait
    :hello: 
    27 Février 2012 11:44:52

    Encore une fois, merci pour tout


    27 Février 2012 18:30:39

    de rien
    bon surf :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS