Se connecter / S'enregistrer
Votre question

Supprimer le virus ABNOW

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Mars 2012 17:20:43

Bonjour,

J'ai un probleme, lorsque je fais une recherche sur un moteur de recherche comme google et que je clique sur un lien, je suis redirigé vers une page abnow.

J'ai essayé de faire des scan spybot et malwarebytes en mode sans echec sans prise en charge réseau mais au bout d'un moment j'obtient un ecran bleu ( que je ne peux lire car il ne reste que peu de temps ) et l'ordinateur redémarre.

Kaperspy TDSSKILLER n'a rien trouvé et voici mon scan OTL

OTL logfile created on: 04/03/2012 17:13:13 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\PaRaDiGm\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,91 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 47,02% Memory free
7,83 Gb Paging File | 5,28 Gb Available in Paging File | 67,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113,00 Gb Total Space | 9,87 Gb Free Space | 8,73% Space Free | Partition Type: NTFS
Drive D: | 6,99 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 1,92 Gb Total Space | 1,19 Gb Free Space | 61,88% Space Free | Partition Type: FAT

Computer Name: PARADIGM-PC | User Name: PaRaDiGm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 17:11:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\PaRaDiGm\Desktop\OTL.exe
PRC - [2012/03/02 23:21:07 | 000,250,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
PRC - [2012/02/20 06:44:42 | 003,669,680 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012/02/20 06:44:32 | 002,786,480 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012/01/23 13:15:54 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Travail\ICQ7.4\ICQ7.7\ICQ.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/07 17:35:37 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/07 17:35:37 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/06 11:45:41 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/07/14 02:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/07 17:40:38 | 000,223,544 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2011/02/07 17:40:38 | 000,110,904 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)
SRV:64bit: - [2011/02/07 17:33:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/14 02:39:46 | 000,005,120 | ---- | M] (Iomega) [Auto | Running] -- C:\Windows\SysNative\PhilCam8116.dll -- (mcafeeframework)
SRV - [2012/02/20 06:44:52 | 001,148,632 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012/02/15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/07 17:35:37 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/07 17:35:37 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/04 17:01:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2011/04/26 10:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/07 17:40:44 | 000,070,200 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2011/02/07 17:40:44 | 000,014,392 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2011/02/07 17:40:42 | 000,021,048 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2011/02/07 17:40:42 | 000,015,928 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2011/02/07 17:35:37 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011/02/07 17:35:33 | 000,018,432 | ---- | M] (Cirrus Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CS420x64.sys -- (CirrusFilter)
DRV:64bit: - [2011/02/07 17:35:29 | 004,798,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/02/07 17:35:28 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2011/02/07 17:34:52 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)
DRV:64bit: - [2011/02/07 17:34:42 | 000,038,912 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2011/02/07 17:34:42 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2011/02/07 17:34:39 | 000,030,208 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2011/02/07 17:34:20 | 000,018,944 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)
DRV:64bit: - [2011/02/07 17:33:26 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/07 17:33:26 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3139924882-133156326-3537661849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKU\S-1-5-21-3139924882-133156326-3537661849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3139924882-133156326-3537661849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-3139924882-133156326-3537661849-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D D6 26 9F 4C A9 CC 01 [binary data]
IE - HKU\S-1-5-21-3139924882-133156326-3537661849-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3139924882-133156326-3537661849-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3139924882-133156326-3537661849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PaRaDiGm\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PaRaDiGm\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Travail\Mozilla Firefox\components [2012/02/17 17:38:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Travail\Mozilla Firefox\plugins [2012/01/18 21:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Travail\SeaMonkey\components [2011/11/23 00:15:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Travail\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Travail\Mozilla Firefox\components [2012/02/17 17:38:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Travail\Mozilla Firefox\plugins [2012/01/18 21:42:58 | 000,000,000 | ---D | M]

[2011/11/23 00:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PaRaDiGm\AppData\Roaming\mozilla\Extensions
[2011/11/23 00:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PaRaDiGm\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2011/12/24 20:16:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PaRaDiGm\AppData\Roaming\mozilla\SeaMonkey\Profiles\gngjpt60.default\extensions
[2011/12/24 20:16:34 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\PaRaDiGm\AppData\Roaming\mozilla\SeaMonkey\Profiles\gngjpt60.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:o riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\PaRaDiGm\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PaRaDiGm\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\PaRaDiGm\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PaRaDiGm\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Travail\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Google Update (Enabled) = C:\Users\PaRaDiGm\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\PaRaDiGm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Recherche Google = C:\Users\PaRaDiGm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\PaRaDiGm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/11/23 12:27:36 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3139924882-133156326-3537661849-1000..\Run: [ICQ] C:\Travail\ICQ7.4\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3139924882-133156326-3537661849-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\PaRaDiGm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Travail\ICQ7.4\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Travail\ICQ7.4\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-wind... (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-wind... (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-wind... (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{197ECDBE-77F5-4732-B3DA-33936BD1783A}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2577925-C1B9-40D1-B4C0-ACF6668572BD}: DhcpNameServer = 80.67.0.2 91.213.246.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\S-1-5-21-3139924882-133156326-3537661849-1000 Winlogon: Shell - (C:\Users\PaRaDiGm\AppData\Local\b1a59648\X) - C:\Users\PaRaDiGm\AppData\Local\b1a59648\X ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/25 18:35:12 | 000,000,046 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2bdca460-153a-11e1-a002-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2bdca460-153a-11e1-a002-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2010/05/25 18:35:12 | 002,505,256 | ---- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 17:14:27 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\Desktop\tdsskiller
[2012/03/04 17:11:58 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\PaRaDiGm\Desktop\OTL.exe
[2012/03/04 17:01:07 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/03/04 17:01:07 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Roaming\Spyware Terminator
[2012/03/04 17:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012/03/04 17:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012/03/04 17:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012/03/04 17:00:14 | 000,804,024 | ---- | C] (Crawler.com ) -- C:\Users\PaRaDiGm\Desktop\SpywareTerminatorSetup.exe
[2012/03/04 16:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/04 16:42:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/04 16:42:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/03/04 16:31:01 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Roaming\Malwarebytes
[2012/03/04 16:30:58 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/04 16:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/04 16:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/04 16:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/04 13:57:54 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{1315F714-0645-4F1F-B86B-46525FECA54A}
[2012/03/04 13:57:43 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{48C2E539-7135-4376-96BC-85F53D4A3F43}
[2012/03/04 05:25:35 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{F6C86A44-D95A-4B46-96C8-26EF0A27F363}
[2012/03/04 05:25:24 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{E48CC7C8-9622-435E-94C0-FE0ED6145584}
[2012/03/03 13:10:57 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{2B0EA97E-D981-42F0-ABE6-468884B5BBA4}
[2012/03/03 01:05:53 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{160BA7A4-14AE-4E43-932C-250D704016A7}
[2012/03/03 01:05:42 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{44C5C04A-1932-4985-A3C5-A6AF4AAFA625}
[2012/03/02 23:25:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/03/02 23:20:31 | 000,000,000 | -HSD | C] -- C:\Users\PaRaDiGm\AppData\Local\b1a59648
[2012/03/02 13:05:29 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{EAD89E5C-C537-4BF4-944F-D6146455E0C7}
[2012/03/02 13:05:18 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{87023C21-65B2-410A-A997-326E688AA65B}
[2012/03/02 01:05:06 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{0401DE77-C010-44A1-BFDA-8F7A8478A994}
[2012/03/02 01:04:55 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{F10112FE-8108-4A9F-84CA-1A584AD6C498}
[2012/03/01 13:04:43 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{80BEAA12-6D58-4864-A234-D7CC57E6AF8B}
[2012/03/01 13:04:32 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{117B5343-B1BA-42AD-9A7D-B78D11A34A13}
[2012/03/01 01:04:20 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{7FB38C6A-5FAB-4435-BF74-397695333755}
[2012/03/01 01:04:09 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{F9CF9259-3715-4715-BC0F-7C5D77F5CBD6}
[2012/02/29 12:05:27 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{0B7D2574-769C-4BD9-8362-8635238A5D18}
[2012/02/29 12:05:16 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{0CB5D09C-8ED4-44F3-B81D-756163B396D2}
[2012/02/29 00:05:04 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{0AFC3199-1792-465E-998E-EF261835CA9D}
[2012/02/29 00:04:53 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{602E0336-F2DF-46E5-96A5-93799E0D7830}
[2012/02/28 12:04:41 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{28CB82B1-ABD4-44E6-BCD2-5E5A4421A3B4}
[2012/02/28 12:04:30 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{EC974502-552D-4AC7-B3C0-312F72E4B474}
[2012/02/27 14:05:23 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{6D21189F-49A6-42A4-9421-A75B0F7B443A}
[2012/02/27 14:05:12 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{99D79D78-5F0A-49C1-9C8B-222B0757588D}
[2012/02/27 02:04:55 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{215FDC48-7EF0-4F9A-9E13-2EDEE00E18E5}
[2012/02/27 02:04:43 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{ADB82E70-868C-4AB5-8C50-145DE0C5F60D}
[2012/02/26 16:34:25 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[2012/02/26 13:25:35 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{7DD2C63C-505E-460A-B849-F91C3B7BB47A}
[2012/02/26 13:25:23 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{5083A673-664A-4C3A-B51A-D2278BCEAB7C}
[2012/02/26 03:01:32 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/26 03:01:32 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/26 03:01:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/26 03:01:32 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/26 03:01:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/26 03:01:32 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/26 03:01:32 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/26 03:01:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/26 03:01:32 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/26 03:01:32 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/26 03:01:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/26 03:01:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/26 03:01:32 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/26 03:01:32 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/26 03:01:32 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/26 03:01:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/26 03:01:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/26 03:01:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/26 03:01:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/26 03:01:32 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/26 03:01:32 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/26 03:01:32 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/26 03:01:32 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/26 03:01:32 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/26 03:01:32 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/26 03:01:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/26 03:01:32 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/26 03:01:32 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/26 03:01:32 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/26 03:01:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/26 03:01:32 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/26 03:01:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/26 03:01:32 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/26 03:01:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/26 03:01:32 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/26 03:01:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/26 03:01:32 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/26 03:01:32 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/26 03:01:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/26 03:01:32 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/26 03:01:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/26 03:01:32 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/26 03:01:32 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/26 03:01:32 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/26 03:01:32 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/26 03:01:32 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/26 03:01:32 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/26 03:01:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/26 03:01:32 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/26 03:01:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/26 03:01:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/26 03:01:32 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/26 03:01:32 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/26 03:01:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/26 03:01:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/26 03:01:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/26 03:01:31 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/26 03:01:31 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/26 03:01:31 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/26 03:01:31 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/26 03:01:31 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/26 03:01:31 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/26 03:01:31 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/26 03:01:31 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/26 03:01:31 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/26 03:01:31 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/26 03:01:31 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/26 03:01:31 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/26 03:01:31 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/26 03:01:31 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/26 03:01:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/26 03:01:31 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/26 01:24:58 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{52C80D2C-CD86-473A-A176-E0B23735B10C}
[2012/02/26 01:24:47 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{25C15199-2939-4D76-92C7-2157F5D7C246}
[2012/02/25 13:24:35 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{7F066027-A808-47F1-B430-C5B5BBB36EEA}
[2012/02/25 13:24:24 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{BDE29077-180F-4B81-8841-C894633C1BD0}
[2012/02/25 01:24:12 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{2F805F92-D1F2-42C3-9068-F8E91F4CBC13}
[2012/02/25 01:24:01 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{9EF07C90-BA9E-4B55-AF05-1EE96A8341DD}
[2012/02/24 12:39:18 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{CF9F40E4-F1BF-4A32-B70E-9A08FD8DD7D8}
[2012/02/24 12:39:07 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{4CECF527-C6CD-4FF4-A208-9461C154F4C7}
[2012/02/24 00:38:55 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{4F35BE71-FB7E-420A-8B98-9CF3F458D3FF}
[2012/02/24 00:38:44 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{25FB03E5-D8BE-4D41-BA15-0BB5DADDC37A}
[2012/02/23 12:38:32 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{D88C766A-8F25-413C-AFCE-478DE59AD434}
[2012/02/23 12:38:21 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{3E813AD8-CB37-45E6-B53F-F861C7D38A9A}
[2012/02/22 14:24:24 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Roaming\Skype
[2012/02/22 14:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/22 14:24:20 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/02/22 14:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/02/22 14:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/02/22 12:04:40 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{24CE6E6E-20FC-47C9-87E9-0237EB970762}
[2012/02/22 12:04:29 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{FA3306EA-1408-43F1-BC6A-2A0B74F00435}
[2012/02/22 00:04:17 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{A71EAF57-3C84-4A01-8916-961882F7E8B4}
[2012/02/22 00:04:06 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{55580B16-B664-4A83-B098-143A327A6BDE}
[2012/02/21 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{514E90A8-22E2-475E-8685-571277E984A7}
[2012/02/21 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{C6717316-7E2B-4847-84D0-711F9C85AE76}
[2012/02/21 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{DBC915E0-5BDC-4AF0-BD0A-6E363865F65B}
[2012/02/21 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{FC5F9A3B-16C7-49BC-9F6A-3737FA3C4ED7}
[2012/02/20 12:02:43 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{22DD0A29-9687-4BDE-B9DB-AB9B896D8260}
[2012/02/20 12:02:32 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{66742113-3B9E-47CA-A616-222977DC94EC}
[2012/02/19 13:08:27 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{4D633C2F-DA17-451F-97DD-ACD8C6EF8988}
[2012/02/19 13:08:15 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{22847356-1194-4212-8CEF-A9D26711C478}
[2012/02/18 23:04:01 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{7BC8132C-9899-4361-9CB0-DA73A8F3D891}
[2012/02/18 23:03:50 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{7F675D97-67FD-460F-820B-2F055CBBEE87}
[2012/02/18 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{FD8F6ED6-C273-4E97-BD46-9C895DE1CED5}
[2012/02/18 11:03:26 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{CA186F80-CE7E-456A-ADDD-AF7680D59DBD}
[2012/02/18 02:55:53 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{2D81DA92-16B1-499D-A842-6E7E3CE6F95E}
[2012/02/18 02:55:41 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{85FAD20D-240C-4C20-A1D9-70921685A1ED}
[2012/02/17 13:02:14 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{873FAFE9-9422-425B-A2D5-DF37EFA89E30}
[2012/02/17 13:02:03 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{9E120C4E-F4B2-41B1-A1D5-1BA65A6F6C0A}
[2012/02/17 01:01:51 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{0069134C-0945-4ED1-BDDF-B5012DFBB1CA}
[2012/02/17 01:01:39 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{B14C6836-D4EC-4517-9D65-67750A244480}
[2012/02/16 13:01:27 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{DCC3341F-DEE3-458D-BA2F-635820B505CD}
[2012/02/16 13:01:16 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{91F3D2A9-5F64-4777-9521-8BB8914EAF11}
[2012/02/16 01:01:04 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{EA024796-18A3-4D2F-B9C1-6F2CD354E819}
[2012/02/16 01:00:53 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{09B86072-7992-496B-ACFC-63FD1F02DD90}
[2012/02/16 00:39:54 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/15 13:00:30 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{9EF9479C-06A3-4D57-AA3D-0AD3BD05735A}
[2012/02/15 13:00:19 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{D5F1AC9B-D52B-4B6F-91AB-AA93C7297039}
[2012/02/15 01:00:06 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{FCB9A7B2-157D-48A1-A3DC-1DC05E87C839}
[2012/02/15 00:59:55 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{D45FB92D-A641-45F0-82FC-A49C8AB87CC4}
[2012/02/14 12:59:31 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{2482553C-E726-4536-B61A-E62B6F56DBD7}
[2012/02/14 12:59:20 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{D1E8AD15-1BB0-4D92-95A4-483FCFF8FA53}
[2012/02/14 00:59:08 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{B424A630-DB9A-4843-B51B-74A2021A71D0}
[2012/02/14 00:58:57 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{1CDBEDAD-46B0-4789-BFE4-3E5207986970}
[2012/02/13 12:58:45 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{1F2A3007-9EE6-48D6-8363-E827A32EBCFB}
[2012/02/13 12:58:33 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{1D753C41-D3AA-4F0F-BC8D-B09CA69381F4}
[2012/02/13 00:58:21 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{D6A8F1A3-F4DF-4FB0-A372-C5FC013C3835}
[2012/02/13 00:58:09 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{6ADEC4DB-241A-4980-934D-7C325C00D642}
[2012/02/12 12:57:12 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{482D5122-C6F7-4C10-9077-7F24AF7100D5}
[2012/02/12 00:25:34 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{1B1A70B9-23EE-4550-A9C1-84306F4ACCED}
[2012/02/12 00:25:23 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{D483C9C0-3D48-494F-ABE6-5EC261440674}
[2012/02/11 12:24:58 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{1626E1D3-4500-458E-8860-6B90A1F684E0}
[2012/02/11 12:24:47 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{ACB6731C-2D11-4D38-A08D-1B5E5DFDE1D7}
[2012/02/10 12:56:52 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{8F2291A5-E05A-42C1-9855-EB357601DDBE}
[2012/02/10 12:56:41 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{179A9FC6-464C-4348-AE1A-45E6907D64CF}
[2012/02/09 12:21:00 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{E629E38C-65F1-4386-A4B5-28836F92A5A3}
[2012/02/09 12:20:49 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{3577F5E3-0A7C-4D2D-B92A-177E6CE7C3FA}
[2012/02/09 00:20:37 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{1CCC7169-653C-4A21-98D0-CFCB05CBA199}
[2012/02/09 00:20:25 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{F02EB30D-4AD2-4BF1-8C73-6CCECFF6B41D}
[2012/02/08 12:20:01 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{C27DE8B0-F591-4784-B053-C046A951C284}
[2012/02/08 12:19:50 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{E96C328A-4440-406A-B873-7343D36561D2}
[2012/02/08 00:19:38 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{91796C0A-C95C-468C-B2D8-951561F2C85A}
[2012/02/08 00:19:27 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{CBD69EB8-C796-4DB3-8B74-4AB39BE2405B}
[2012/02/07 11:18:43 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{AF2436EF-6742-49BB-BB94-CB887B4CD2B2}
[2012/02/07 11:18:32 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{654E26C4-42AC-44B7-A51F-C3D13F6246CD}
[2012/02/06 22:49:56 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{53C8123D-29A0-4405-AF0B-5F530D1E3EA8}
[2012/02/06 22:49:44 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{5EE4B3F2-2CC9-4F99-9B88-F7A8D7A0CA4B}
[2012/02/06 10:32:12 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{10AB4110-761F-4D3D-8B91-8A52A5A858AE}
[2012/02/06 10:32:01 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{3E7517B9-E21A-4E33-AFA7-064A78FF1FE3}
[2012/02/05 13:40:33 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{E613D41A-93FD-4CE5-8B27-5A07E4B1A529}
[2012/02/05 13:40:22 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{5F802289-9CAD-4328-B5A5-CB06C3511D89}
[2012/02/04 18:40:20 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{0835BF53-A883-4EC0-8AEC-1F3BE211A4DE}
[2012/02/04 18:40:09 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{205726FA-F9C7-4D00-8EE6-823FBCFA431E}
[2012/02/04 02:39:43 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{23A33FA7-FA97-4BC8-AA0E-9A30359452AD}
[2012/02/04 02:39:32 | 000,000,000 | ---D | C] -- C:\Users\PaRaDiGm\AppData\Local\{919CC2FE-627A-4DA4-9974-AD40AFA4C35C}

========== Files - Modified Within 30 Days ==========

[2012/03/04 17:13:59 | 002,044,252 | ---- | M] () -- C:\Users\PaRaDiGm\Desktop\tdsskiller.zip
[2012/03/04 17:12:12 | 001,549,700 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/04 17:12:12 | 000,704,480 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/03/04 17:12:12 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/04 17:12:12 | 000,130,754 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/03/04 17:12:12 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 17:11:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\PaRaDiGm\Desktop\OTL.exe
[2012/03/04 17:08:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3139924882-133156326-3537661849-1000UA.job
[2012/03/04 17:06:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/04 17:06:06 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_log_trash.cmd
[2012/03/04 17:05:59 | 3151,495,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/04 17:02:24 | 000,013,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 17:02:24 | 000,013,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 17:01:07 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012/03/04 17:01:06 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012/03/04 17:00:14 | 000,804,024 | ---- | M] (Crawler.com ) -- C:\Users\PaRaDiGm\Desktop\SpywareTerminatorSetup.exe
[2012/03/04 16:42:07 | 000,001,290 | ---- | M] () -- C:\Users\PaRaDiGm\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/04 16:42:07 | 000,001,266 | ---- | M] () -- C:\Users\PaRaDiGm\Desktop\Spybot - Search & Destroy.lnk
[2012/03/04 16:30:58 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 16:23:44 | 000,000,000 | -HS- | M] () -- C:\Windows\muzuki.exc
[2012/03/04 13:56:54 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3139924882-133156326-3537661849-1000Core.job
[2012/03/02 23:21:07 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/26 13:16:01 | 000,001,461 | ---- | M] () -- C:\Users\PaRaDiGm\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/26 03:01:32 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/26 03:01:32 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/26 03:01:32 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/26 03:01:32 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/26 03:01:32 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/26 03:01:32 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/26 03:01:32 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/26 03:01:32 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/26 03:01:32 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/26 03:01:32 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/26 03:01:32 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/26 03:01:32 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/26 03:01:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/26 03:01:32 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/26 03:01:32 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/26 03:01:32 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/26 03:01:32 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/26 03:01:32 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/26 03:01:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/26 03:01:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/26 03:01:32 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/26 03:01:32 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/26 03:01:32 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/26 03:01:32 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/26 03:01:32 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/26 03:01:32 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/26 03:01:32 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/26 03:01:32 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/26 03:01:32 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/26 03:01:32 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/26 03:01:32 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/26 03:01:32 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/26 03:01:32 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/26 03:01:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/26 03:01:32 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/26 03:01:32 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/26 03:01:32 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/26 03:01:32 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/26 03:01:32 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/26 03:01:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/26 03:01:32 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/26 03:01:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/26 03:01:32 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/26 03:01:32 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/26 03:01:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/26 03:01:32 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/26 03:01:32 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/26 03:01:32 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/26 03:01:32 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/26 03:01:32 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/26 03:01:32 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/26 03:01:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/26 03:01:32 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/26 03:01:32 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/26 03:01:32 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/26 03:01:32 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/26 03:01:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/26 03:01:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/26 03:01:31 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/26 03:01:31 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/26 03:01:31 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/26 03:01:31 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/26 03:01:31 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/26 03:01:31 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/26 03:01:31 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/26 03:01:31 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/26 03:01:31 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/26 03:01:31 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/26 03:01:31 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/26 03:01:31 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/26 03:01:31 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/26 03:01:31 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/26 03:01:31 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/26 03:01:31 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/22 14:24:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/18 11:03:02 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/17 12:03:24 | 000,002,423 | ---- | M] () -- C:\Users\PaRaDiGm\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/03/04 17:13:59 | 002,044,252 | ---- | C] () -- C:\Users\PaRaDiGm\Desktop\tdsskiller.zip
[2012/03/04 17:01:06 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012/03/04 16:42:07 | 000,001,290 | ---- | C] () -- C:\Users\PaRaDiGm\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/04 16:42:07 | 000,001,266 | ---- | C] () -- C:\Users\PaRaDiGm\Desktop\Spybot - Search & Destroy.lnk
[2012/03/04 16:30:58 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/04 16:22:55 | 000,000,000 | -HS- | C] () -- C:\Windows\muzuki.exc
[2012/03/02 23:21:42 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_log_trash.cmd
[2012/02/26 03:01:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/26 03:01:31 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/22 14:24:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/29 14:20:13 | 000,000,600 | ---- | C] () -- C:\Users\PaRaDiGm\AppData\Local\PUTTY.RND
[2011/11/22 20:20:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/22 20:09:32 | 000,013,600 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/11/22 20:06:43 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >

Autres pages sur : supprimer virus abnow

4 Mars 2012 18:21:19

Bonjour
désinstalle Spyware Terminator et Spybot - Search & Destroy. (obsolètes)
Lire aussi:
  • Antispyware gratuit : ça sert à rien!
    j'aurais bien aimé voir le rapport TDSSkiller.
    Il est sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).


    puis

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>
    4 Mars 2012 19:11:34

    J'ai desinstallé Spyware Terminator et Spybot.

    Voici le rapport TDSSKiller:

    17:14:35.0233 4708 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
    17:14:35.0322 4708 ============================================================
    17:14:35.0322 4708 Current date / time: 2012/03/04 17:14:35.0322
    17:14:35.0322 4708 SystemInfo:
    17:14:35.0322 4708
    17:14:35.0323 4708 OS Version: 6.1.7600 ServicePack: 0.0
    17:14:35.0323 4708 Product type: Workstation
    17:14:35.0323 4708 ComputerName: PARADIGM-PC
    17:14:35.0323 4708 UserName: PaRaDiGm
    17:14:35.0323 4708 Windows directory: C:\Windows
    17:14:35.0323 4708 System windows directory: C:\Windows
    17:14:35.0323 4708 Running under WOW64
    17:14:35.0323 4708 Processor architecture: Intel x64
    17:14:35.0323 4708 Number of processors: 8
    17:14:35.0323 4708 Page size: 0x1000
    17:14:35.0323 4708 Boot type: Normal boot
    17:14:35.0323 4708 ============================================================
    17:14:36.0491 4708 Drive \Device\Harddisk0\DR0 - Size: 0x1C40000000 (113.00 Gb), SectorSize: 0x200, Cylinders: 0x399F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:14:36.0499 4708 Drive \Device\Harddisk1\DR1 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:14:36.0502 4708 \Device\Harddisk0\DR0:
    17:14:36.0502 4708 MBR used
    17:14:36.0502 4708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xE1FFFAB
    17:14:36.0502 4708 \Device\Harddisk1\DR1:
    17:14:36.0503 4708 MBR used
    17:14:36.0503 4708 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3D77E0
    17:14:36.0506 4708 Initialize success
    17:14:36.0506 4708 ============================================================
    17:14:37.0954 5208 ============================================================
    17:14:37.0954 5208 Scan started
    17:14:37.0954 5208 Mode: Manual;
    17:14:37.0954 5208 ============================================================
    17:14:38.0859 5208 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
    17:14:38.0862 5208 1394ohci - ok
    17:14:38.0884 5208 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    17:14:38.0887 5208 ACPI - ok
    17:14:38.0906 5208 acpials (12c5274cd87449a2a37a607cdb321922) C:\Windows\system32\DRIVERS\acpials.sys
    17:14:38.0906 5208 acpials - ok
    17:14:38.0926 5208 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    17:14:38.0927 5208 AcpiPmi - ok
    17:14:38.0958 5208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:14:38.0963 5208 adp94xx - ok
    17:14:38.0985 5208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:14:38.0989 5208 adpahci - ok
    17:14:39.0009 5208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:14:39.0011 5208 adpu320 - ok
    17:14:39.0040 5208 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    17:14:39.0046 5208 AFD - ok
    17:14:39.0065 5208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    17:14:39.0066 5208 agp440 - ok
    17:14:39.0083 5208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    17:14:39.0084 5208 aliide - ok
    17:14:39.0104 5208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    17:14:39.0105 5208 amdide - ok
    17:14:39.0125 5208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:14:39.0126 5208 AmdK8 - ok
    17:14:39.0255 5208 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
    17:14:39.0364 5208 amdkmdag - ok
    17:14:39.0386 5208 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
    17:14:39.0389 5208 amdkmdap - ok
    17:14:39.0408 5208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:14:39.0409 5208 AmdPPM - ok
    17:14:39.0427 5208 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    17:14:39.0429 5208 amdsata - ok
    17:14:39.0448 5208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:14:39.0451 5208 amdsbs - ok
    17:14:39.0470 5208 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    17:14:39.0471 5208 amdxata - ok
    17:14:39.0490 5208 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    17:14:39.0492 5208 AppID - ok
    17:14:39.0512 5208 AppleBtBc (f65d10a8637f5eb0c6f7811548b06770) C:\Windows\system32\DRIVERS\AppleBtBc.sys
    17:14:39.0513 5208 AppleBtBc - ok
    17:14:39.0534 5208 AppleHFS (f2b651ea3caedb22e5283e0fdccbf16b) C:\Windows\system32\drivers\AppleHFS.sys
    17:14:39.0535 5208 AppleHFS - ok
    17:14:39.0559 5208 AppleMNT (b6f82ef1f5fd4881dec76727a58f3d0d) C:\Windows\system32\drivers\AppleMNT.sys
    17:14:39.0560 5208 AppleMNT - ok
    17:14:39.0577 5208 applemtm (a0a045a7cc583e1b024aba3e9b38e2c0) C:\Windows\system32\DRIVERS\applemtm.sys
    17:14:39.0577 5208 applemtm - ok
    17:14:39.0594 5208 applemtp (cc8879aaa4de50f70d194f54b50ff5cf) C:\Windows\system32\DRIVERS\applemtp.sys
    17:14:39.0594 5208 applemtp - ok
    17:14:39.0614 5208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:14:39.0616 5208 arc - ok
    17:14:39.0632 5208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:14:39.0633 5208 arcsas - ok
    17:14:39.0648 5208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:14:39.0649 5208 AsyncMac - ok
    17:14:39.0664 5208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    17:14:39.0664 5208 atapi - ok
    17:14:39.0688 5208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:14:39.0693 5208 b06bdrv - ok
    17:14:39.0712 5208 b57nd60a (bfd70bea3f8398f6b8b44e5cded3249c) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:14:39.0716 5208 b57nd60a - ok
    17:14:39.0776 5208 BCM43XX (b95cb8da758278b58a58afc375bbb0d4) C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:14:39.0817 5208 BCM43XX - ok
    17:14:39.0833 5208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:14:39.0834 5208 Beep - ok
    17:14:39.0850 5208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:14:39.0851 5208 blbdrive - ok
    17:14:39.0868 5208 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    17:14:39.0870 5208 bowser - ok
    17:14:39.0884 5208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:14:39.0884 5208 BrFiltLo - ok
    17:14:39.0900 5208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:14:39.0900 5208 BrFiltUp - ok
    17:14:39.0919 5208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:14:39.0922 5208 Brserid - ok
    17:14:39.0937 5208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:14:39.0938 5208 BrSerWdm - ok
    17:14:39.0955 5208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:14:39.0956 5208 BrUsbMdm - ok
    17:14:39.0971 5208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:14:39.0971 5208 BrUsbSer - ok
    17:14:39.0987 5208 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    17:14:39.0987 5208 BthEnum - ok
    17:14:40.0003 5208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:14:40.0004 5208 BTHMODEM - ok
    17:14:40.0020 5208 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    17:14:40.0021 5208 BthPan - ok
    17:14:40.0039 5208 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
    17:14:40.0045 5208 BTHPORT - ok
    17:14:40.0062 5208 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
    17:14:40.0063 5208 BTHUSB - ok
    17:14:40.0079 5208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:14:40.0080 5208 cdfs - ok
    17:14:40.0099 5208 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    17:14:40.0101 5208 cdrom - ok
    17:14:40.0119 5208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:14:40.0121 5208 circlass - ok
    17:14:40.0134 5208 CirrusFilter (11da0ccbce49e7a4c6a4f9f2b4e858f8) C:\Windows\system32\DRIVERS\CS420x64.sys
    17:14:40.0135 5208 CirrusFilter - ok
    17:14:40.0151 5208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:14:40.0155 5208 CLFS - ok
    17:14:40.0177 5208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:14:40.0177 5208 CmBatt - ok
    17:14:40.0192 5208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    17:14:40.0193 5208 cmdide - ok
    17:14:40.0212 5208 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    17:14:40.0217 5208 CNG - ok
    17:14:40.0233 5208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:14:40.0234 5208 Compbatt - ok
    17:14:40.0250 5208 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    17:14:40.0251 5208 CompositeBus - ok
    17:14:40.0267 5208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:14:40.0268 5208 crcdisk - ok
    17:14:40.0291 5208 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    17:14:40.0296 5208 CSC - ok
    17:14:40.0316 5208 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    17:14:40.0318 5208 DfsC - ok
    17:14:40.0336 5208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:14:40.0336 5208 discache - ok
    17:14:40.0352 5208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:14:40.0353 5208 Disk - ok
    17:14:40.0372 5208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:14:40.0373 5208 drmkaud - ok
    17:14:40.0397 5208 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    17:14:40.0407 5208 DXGKrnl - ok
    17:14:40.0455 5208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:14:40.0484 5208 ebdrv - ok
    17:14:40.0507 5208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:14:40.0513 5208 elxstor - ok
    17:14:40.0527 5208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    17:14:40.0528 5208 ErrDev - ok
    17:14:40.0554 5208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:14:40.0556 5208 exfat - ok
    17:14:40.0572 5208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:14:40.0574 5208 fastfat - ok
    17:14:40.0591 5208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:14:40.0592 5208 fdc - ok
    17:14:40.0610 5208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:14:40.0611 5208 FileInfo - ok
    17:14:40.0626 5208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:14:40.0626 5208 Filetrace - ok
    17:14:40.0642 5208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:14:40.0642 5208 flpydisk - ok
    17:14:40.0660 5208 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    17:14:40.0663 5208 FltMgr - ok
    17:14:40.0681 5208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:14:40.0682 5208 FsDepends - ok
    17:14:40.0698 5208 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    17:14:40.0698 5208 Fs_Rec - ok
    17:14:40.0716 5208 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:14:40.0718 5208 fvevol - ok
    17:14:40.0733 5208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:14:40.0734 5208 gagp30kx - ok
    17:14:40.0750 5208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:14:40.0750 5208 hcw85cir - ok
    17:14:40.0768 5208 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    17:14:40.0772 5208 HdAudAddService - ok
    17:14:40.0787 5208 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:14:40.0789 5208 HDAudBus - ok
    17:14:40.0804 5208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:14:40.0804 5208 HidBatt - ok
    17:14:40.0820 5208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:14:40.0821 5208 HidBth - ok
    17:14:40.0837 5208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:14:40.0838 5208 HidIr - ok
    17:14:40.0856 5208 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    17:14:40.0857 5208 HidUsb - ok
    17:14:40.0875 5208 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    17:14:40.0876 5208 HpSAMD - ok
    17:14:40.0898 5208 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    17:14:40.0905 5208 HTTP - ok
    17:14:40.0920 5208 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    17:14:40.0921 5208 hwpolicy - ok
    17:14:40.0940 5208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:14:40.0944 5208 i8042prt - ok
    17:14:40.0962 5208 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    17:14:40.0967 5208 iaStorV - ok
    17:14:40.0983 5208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:14:40.0984 5208 iirsp - ok
    17:14:41.0001 5208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    17:14:41.0002 5208 intelide - ok
    17:14:41.0018 5208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:14:41.0019 5208 intelppm - ok
    17:14:41.0036 5208 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:14:41.0037 5208 IpFilterDriver - ok
    17:14:41.0053 5208 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    17:14:41.0054 5208 IPMIDRV - ok
    17:14:41.0070 5208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:14:41.0072 5208 IPNAT - ok
    17:14:41.0088 5208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:14:41.0089 5208 IRENUM - ok
    17:14:41.0104 5208 IRRemoteFlt (a2ea52f7140d9439ef0eca7a9e2940c9) C:\Windows\system32\DRIVERS\IRFilter.sys
    17:14:41.0105 5208 IRRemoteFlt - ok
    17:14:41.0120 5208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    17:14:41.0121 5208 isapnp - ok
    17:14:41.0139 5208 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    17:14:41.0141 5208 iScsiPrt - ok
    17:14:41.0156 5208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:14:41.0157 5208 kbdclass - ok
    17:14:41.0172 5208 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:14:41.0173 5208 kbdhid - ok
    17:14:41.0187 5208 KeyAgent (866cfff1e1e6927361e673dc65a0d21a) C:\Windows\system32\drivers\KeyAgent.sys
    17:14:41.0188 5208 KeyAgent - ok
    17:14:41.0205 5208 KeyMagic (92e4c22a0e6aa5f4fbb3c3338813e57c) C:\Windows\system32\DRIVERS\KeyMagic.sys
    17:14:41.0206 5208 KeyMagic - ok
    17:14:41.0221 5208 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    17:14:41.0222 5208 KSecDD - ok
    17:14:41.0238 5208 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    17:14:41.0240 5208 KSecPkg - ok
    17:14:41.0256 5208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:14:41.0256 5208 ksthunk - ok
    17:14:41.0276 5208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:14:41.0277 5208 lltdio - ok
    17:14:41.0297 5208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:14:41.0298 5208 LSI_FC - ok
    17:14:41.0314 5208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:14:41.0316 5208 LSI_SAS - ok
    17:14:41.0331 5208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:14:41.0333 5208 LSI_SAS2 - ok
    17:14:41.0348 5208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:14:41.0350 5208 LSI_SCSI - ok
    17:14:41.0367 5208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:14:41.0368 5208 luafv - ok
    17:14:41.0382 5208 MacHALDriver (9abb699f225a8a0b63a1407f5fa60385) C:\Windows\system32\drivers\MacHALDriver.sys
    17:14:41.0383 5208 MacHALDriver - ok
    17:14:41.0401 5208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:14:41.0402 5208 megasas - ok
    17:14:41.0419 5208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:14:41.0422 5208 MegaSR - ok
    17:14:41.0437 5208 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
    17:14:41.0438 5208 MEIx64 - ok
    17:14:41.0455 5208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:14:41.0456 5208 Modem - ok
    17:14:41.0471 5208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:14:41.0471 5208 monitor - ok
    17:14:41.0487 5208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:14:41.0488 5208 mouclass - ok
    17:14:41.0505 5208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:14:41.0505 5208 mouhid - ok
    17:14:41.0520 5208 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    17:14:41.0521 5208 mountmgr - ok
    17:14:41.0537 5208 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    17:14:41.0539 5208 mpio - ok
    17:14:41.0556 5208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:14:41.0557 5208 mpsdrv - ok
    17:14:41.0573 5208 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    17:14:41.0574 5208 MRxDAV - ok
    17:14:41.0591 5208 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:14:41.0593 5208 mrxsmb - ok
    17:14:41.0611 5208 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:14:41.0614 5208 mrxsmb10 - ok
    17:14:41.0629 5208 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:14:41.0631 5208 mrxsmb20 - ok
    17:14:41.0646 5208 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    17:14:41.0647 5208 msahci - ok
    17:14:41.0663 5208 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    17:14:41.0665 5208 msdsm - ok
    17:14:41.0683 5208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:14:41.0684 5208 Msfs - ok
    17:14:41.0699 5208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:14:41.0700 5208 mshidkmdf - ok
    17:14:41.0715 5208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    17:14:41.0715 5208 msisadrv - ok
    17:14:41.0732 5208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:14:41.0733 5208 MSKSSRV - ok
    17:14:41.0748 5208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:14:41.0749 5208 MSPCLOCK - ok
    17:14:41.0764 5208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:14:41.0765 5208 MSPQM - ok
    17:14:41.0783 5208 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    17:14:41.0787 5208 MsRPC - ok
    17:14:41.0803 5208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:14:41.0804 5208 mssmbios - ok
    17:14:41.0819 5208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:14:41.0820 5208 MSTEE - ok
    17:14:41.0834 5208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:14:41.0835 5208 MTConfig - ok
    17:14:41.0850 5208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:14:41.0851 5208 Mup - ok
    17:14:41.0870 5208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:14:41.0874 5208 NativeWifiP - ok
    17:14:41.0899 5208 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    17:14:41.0908 5208 NDIS - ok
    17:14:41.0922 5208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:14:41.0923 5208 NdisCap - ok
    17:14:41.0938 5208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:14:41.0941 5208 NdisTapi - ok
    17:14:41.0956 5208 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:14:41.0957 5208 Ndisuio - ok
    17:14:41.0973 5208 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:14:41.0975 5208 NdisWan - ok
    17:14:41.0990 5208 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    17:14:41.0991 5208 NDProxy - ok
    17:14:42.0005 5208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:14:42.0006 5208 NetBIOS - ok
    17:14:42.0023 5208 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    17:14:42.0026 5208 NetBT - ok
    17:14:42.0046 5208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:14:42.0047 5208 nfrd960 - ok
    17:14:42.0063 5208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:14:42.0064 5208 Npfs - ok
    17:14:42.0080 5208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:14:42.0081 5208 nsiproxy - ok
    17:14:42.0113 5208 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    17:14:42.0128 5208 Ntfs - ok
    17:14:42.0144 5208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:14:42.0144 5208 Null - ok
    17:14:42.0161 5208 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    17:14:42.0162 5208 nvraid - ok
    17:14:42.0178 5208 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    17:14:42.0180 5208 nvstor - ok
    17:14:42.0196 5208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    17:14:42.0198 5208 nv_agp - ok
    17:14:42.0213 5208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    17:14:42.0214 5208 ohci1394 - ok
    17:14:42.0233 5208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:14:42.0234 5208 Parport - ok
    17:14:42.0249 5208 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    17:14:42.0251 5208 partmgr - ok
    17:14:42.0268 5208 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    17:14:42.0270 5208 pci - ok
    17:14:42.0284 5208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    17:14:42.0285 5208 pciide - ok
    17:14:42.0302 5208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:14:42.0305 5208 pcmcia - ok
    17:14:42.0320 5208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:14:42.0321 5208 pcw - ok
    17:14:42.0341 5208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:14:42.0348 5208 PEAUTH - ok
    17:14:42.0380 5208 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    17:14:42.0382 5208 PptpMiniport - ok
    17:14:42.0397 5208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:14:42.0398 5208 Processor - ok
    17:14:42.0417 5208 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    17:14:42.0419 5208 Psched - ok
    17:14:42.0448 5208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:14:42.0462 5208 ql2300 - ok
    17:14:42.0478 5208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:14:42.0480 5208 ql40xx - ok
    17:14:42.0496 5208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:14:42.0497 5208 QWAVEdrv - ok
    17:14:42.0511 5208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:14:42.0512 5208 RasAcd - ok
    17:14:42.0528 5208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:14:42.0529 5208 RasAgileVpn - ok
    17:14:42.0551 5208 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:14:42.0552 5208 Rasl2tp - ok
    17:14:42.0569 5208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:14:42.0571 5208 RasPppoe - ok
    17:14:42.0586 5208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:14:42.0587 5208 RasSstp - ok
    17:14:42.0605 5208 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    17:14:42.0608 5208 rdbss - ok
    17:14:42.0623 5208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:14:42.0624 5208 rdpbus - ok
    17:14:42.0638 5208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:14:42.0639 5208 RDPCDD - ok
    17:14:42.0656 5208 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    17:14:42.0658 5208 RDPDR - ok
    17:14:42.0673 5208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:14:42.0674 5208 RDPENCDD - ok
    17:14:42.0690 5208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:14:42.0690 5208 RDPREFMP - ok
    17:14:42.0707 5208 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    17:14:42.0709 5208 RDPWD - ok
    17:14:42.0726 5208 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    17:14:42.0729 5208 rdyboost - ok
    17:14:42.0747 5208 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    17:14:42.0749 5208 RFCOMM - ok
    17:14:42.0768 5208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:14:42.0769 5208 rspndr - ok
    17:14:42.0784 5208 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
    17:14:42.0784 5208 s3cap - ok
    17:14:42.0802 5208 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    17:14:42.0803 5208 sbp2port - ok
    17:14:42.0821 5208 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    17:14:42.0822 5208 scfilter - ok
    17:14:42.0841 5208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:14:42.0841 5208 secdrv - ok
    17:14:42.0860 5208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:14:42.0860 5208 Serenum - ok
    17:14:42.0876 5208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:14:42.0877 5208 Serial - ok
    17:14:42.0893 5208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:14:42.0894 5208 sermouse - ok
    17:14:42.0914 5208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    17:14:42.0915 5208 sffdisk - ok
    17:14:42.0930 5208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    17:14:42.0931 5208 sffp_mmc - ok
    17:14:42.0949 5208 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
    17:14:42.0950 5208 sffp_sd - ok
    17:14:42.0964 5208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:14:42.0965 5208 sfloppy - ok
    17:14:42.0983 5208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:14:42.0984 5208 SiSRaid2 - ok
    17:14:43.0000 5208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:14:43.0001 5208 SiSRaid4 - ok
    17:14:43.0018 5208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:14:43.0020 5208 Smb - ok
    17:14:43.0038 5208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:14:43.0039 5208 spldr - ok
    17:14:43.0059 5208 sp_rsdrv2 (b9657a0aff28c1cb114acc0cb93ee4bb) C:\Windows\system32\DRIVERS\stflt.sys
    17:14:43.0061 5208 sp_rsdrv2 - ok
    17:14:43.0080 5208 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    17:14:43.0084 5208 srv - ok
    17:14:43.0103 5208 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    17:14:43.0107 5208 srv2 - ok
    17:14:43.0123 5208 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    17:14:43.0125 5208 srvnet - ok
    17:14:43.0145 5208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:14:43.0145 5208 stexstor - ok
    17:14:43.0162 5208 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
    17:14:43.0163 5208 storflt - ok
    17:14:43.0179 5208 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
    17:14:43.0179 5208 storvsc - ok
    17:14:43.0195 5208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    17:14:43.0196 5208 swenum - ok
    17:14:43.0214 5208 tap0901 (f0b9d3ed88e56d3cd713dff21e42aaf0) C:\Windows\system32\DRIVERS\tap0901.sys
    17:14:43.0215 5208 tap0901 - ok
    17:14:43.0250 5208 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    17:14:43.0267 5208 Tcpip - ok
    17:14:43.0300 5208 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    17:14:43.0308 5208 TCPIP6 - ok
    17:14:43.0325 5208 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    17:14:43.0326 5208 tcpipreg - ok
    17:14:43.0343 5208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:14:43.0343 5208 TDPIPE - ok
    17:14:43.0357 5208 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    17:14:43.0358 5208 TDTCP - ok
    17:14:43.0375 5208 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    17:14:43.0376 5208 tdx - ok
    17:14:43.0392 5208 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    17:14:43.0393 5208 TermDD - ok
    17:14:43.0417 5208 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:14:43.0418 5208 tssecsrv - ok
    17:14:43.0435 5208 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    17:14:43.0436 5208 tunnel - ok
    17:14:43.0451 5208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:14:43.0452 5208 uagp35 - ok
    17:14:43.0470 5208 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    17:14:43.0473 5208 udfs - ok
    17:14:43.0493 5208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    17:14:43.0494 5208 uliagpkx - ok
    17:14:43.0510 5208 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    17:14:43.0511 5208 umbus - ok
    17:14:43.0527 5208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:14:43.0527 5208 UmPass - ok
    17:14:43.0552 5208 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:14:43.0553 5208 usbccgp - ok
    17:14:43.0570 5208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    17:14:43.0571 5208 usbcir - ok
    17:14:43.0587 5208 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
    17:14:43.0588 5208 usbehci - ok
    17:14:43.0606 5208 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    17:14:43.0610 5208 usbhub - ok
    17:14:43.0625 5208 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
    17:14:43.0626 5208 usbohci - ok
    17:14:43.0640 5208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:14:43.0641 5208 usbprint - ok
    17:14:43.0658 5208 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
    17:14:43.0659 5208 USBSTOR - ok
    17:14:43.0674 5208 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:14:43.0675 5208 usbuhci - ok
    17:14:43.0693 5208 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    17:14:43.0695 5208 usbvideo - ok
    17:14:43.0712 5208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    17:14:43.0713 5208 vdrvroot - ok
    17:14:43.0729 5208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:14:43.0730 5208 vga - ok
    17:14:43.0745 5208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:14:43.0746 5208 VgaSave - ok
    17:14:43.0763 5208 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    17:14:43.0765 5208 vhdmp - ok
    17:14:43.0781 5208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    17:14:43.0781 5208 viaide - ok
    17:14:43.0799 5208 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
    17:14:43.0801 5208 vmbus - ok
    17:14:43.0816 5208 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
    17:14:43.0817 5208 VMBusHID - ok
    17:14:43.0833 5208 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    17:14:43.0834 5208 volmgr - ok
    17:14:43.0852 5208 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    17:14:43.0855 5208 volmgrx - ok
    17:14:43.0873 5208 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    17:14:43.0877 5208 volsnap - ok
    17:14:43.0892 5208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:14:43.0894 5208 vsmraid - ok
    17:14:43.0910 5208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:14:43.0911 5208 vwifibus - ok
    17:14:43.0927 5208 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:14:43.0928 5208 vwififlt - ok
    17:14:43.0948 5208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:14:43.0949 5208 WacomPen - ok
    17:14:43.0965 5208 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    17:14:43.0966 5208 WANARP - ok
    17:14:43.0969 5208 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    17:14:43.0970 5208 Wanarpv6 - ok
    17:14:43.0992 5208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:14:43.0993 5208 Wd - ok
    17:14:44.0014 5208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:14:44.0020 5208 Wdf01000 - ok
    17:14:44.0046 5208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:14:44.0046 5208 WfpLwf - ok
    17:14:44.0063 5208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:14:44.0064 5208 WIMMount - ok
    17:14:44.0090 5208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:14:44.0090 5208 WmiAcpi - ok
    17:14:44.0111 5208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:14:44.0112 5208 ws2ifsl - ok
    17:14:44.0131 5208 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    17:14:44.0133 5208 WudfPf - ok
    17:14:44.0148 5208 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:14:44.0150 5208 WUDFRd - ok
    17:14:44.0162 5208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:14:44.0165 5208 \Device\Harddisk0\DR0 - ok
    17:14:44.0169 5208 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
    17:14:45.0567 5208 \Device\Harddisk1\DR1 - ok
    17:14:45.0569 5208 Boot (0x1200) (f42da0c284365bf9763ecbf45d92ab32) \Device\Harddisk0\DR0\Partition0
    17:14:45.0570 5208 \Device\Harddisk0\DR0\Partition0 - ok
    17:14:45.0572 5208 Boot (0x1200) (bce3e5f299cc6a95d6b369a68cf260e7) \Device\Harddisk1\DR1\Partition0
    17:14:45.0573 5208 \Device\Harddisk1\DR1\Partition0 - ok
    17:14:45.0573 5208 ============================================================
    17:14:45.0573 5208 Scan finished
    17:14:45.0573 5208 ============================================================
    17:14:45.0579 5452 Detected object count: 0
    17:14:45.0579 5452 Actual detected object count: 0
    17:21:24.0309 2760 Deinitialize success

    Voici le rapport combofix:

    ComboFix 12-03-04.01 - PaRaDiGm 04/03/2012 19:01:37.1.8 - x64
    Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.4007.2595 [GMT 1:00]
    Lancé depuis: c:\users\PaRaDiGm\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\PaRaDiGm\AppData\Local\b1a59648
    c:\users\PaRaDiGm\AppData\Local\b1a59648\@
    c:\users\PaRaDiGm\AppData\Local\b1a59648\U\80000000.@
    c:\users\PaRaDiGm\AppData\Local\b1a59648\U\800000cb.@
    c:\users\PaRaDiGm\AppData\Local\b1a59648\U\800000cf.@
    c:\users\PaRaDiGm\AppData\Local\b1a59648\X
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\assembly\tmp\U
    c:\windows\assembly\tmp\U\00000001.@
    c:\windows\assembly\tmp\U\000000c0.@
    c:\windows\assembly\tmp\U\000000cb.@
    c:\windows\assembly\tmp\U\000000cf.@
    c:\windows\assembly\tmp\U\80000000.@
    c:\windows\assembly\tmp\U\800000c0.@
    c:\windows\assembly\tmp\U\800000cb.@
    c:\windows\assembly\tmp\U\800000cf.@
    c:\windows\system32\consrv.dll
    c:\windows\system32\dds_log_trash.cmd
    c:\windows\system32\PhilCam8116.dll
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2012-02-04 au 2012-03-04 ))))))))))))))))))))))))))))))))))))
    .
    .
    2012-03-04 18:05 . 2012-03-04 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-04 18:00 . 2012-03-04 18:00 -------- d-----w- c:\users\PaRaDiGm\AppData\Local\Diagnostics
    2012-03-04 16:01 . 2012-03-04 16:01 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
    2012-03-04 16:00 . 2012-03-04 17:51 -------- d-----w- c:\program files (x86)\Spyware Terminator
    2012-03-04 15:42 . 2012-03-04 17:51 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-03-04 15:42 . 2012-03-04 17:49 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-03-04 15:31 . 2012-03-04 15:31 -------- d-----w- c:\users\PaRaDiGm\AppData\Roaming\Malwarebytes
    2012-03-04 15:30 . 2012-03-04 15:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-04 15:30 . 2012-03-04 15:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-04 15:30 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-02 22:25 . 2012-03-02 22:25 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-02-27 13:10 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CD9928B-0CF0-4774-AF6F-DAC7F00CAF8D}\mpengine.dll
    2012-02-26 15:34 . 2012-02-26 15:34 -------- d-----w- c:\windows\rescache
    2012-02-26 12:15 . 2012-02-26 12:15 -------- d-----w- c:\windows\SysWow64\wbem\en-US
    2012-02-26 12:15 . 2012-02-26 12:15 -------- d-----w- c:\windows\system32\wbem\en-US
    2012-02-22 13:24 . 2012-03-04 18:05 -------- d-----w- c:\users\PaRaDiGm\AppData\Roaming\Skype
    2012-02-22 13:24 . 2012-02-22 13:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-02-22 13:24 . 2012-02-22 13:24 -------- d-----r- c:\program files (x86)\Skype
    2012-02-22 13:24 . 2012-02-22 13:24 -------- d-----w- c:\programdata\Skype
    2012-02-15 23:39 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-02-15 23:39 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-15 23:39 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-15 23:39 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-02 22:21 . 2011-11-22 22:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-26 10:59 . 2012-01-26 10:59 1409 ----a-w- c:\windows\QTFont.for
    2012-01-18 20:42 . 2012-01-18 20:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ICQ"="c:\travail\ICQ7.4\ICQ7.7\ICQ.exe" [2012-01-23 127040]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\users\PaRaDiGm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-07 2655768]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 AppleHFS;AppleHFS; [x]
    S0 AppleMNT;AppleMNT; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
    S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
    S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
    S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
    S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
    S3 acpials;Filtre du capteur de lumière ambiante;c:\windows\system32\DRIVERS\acpials.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [x]
    S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
    S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
    S3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [x]
    S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
    S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    .
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139924882-133156326-3537661849-1000Core.job
    - c:\users\PaRaDiGm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 20:58]
    .
    2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3139924882-133156326-3537661849-1000UA.job
    - c:\users\PaRaDiGm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 20:58]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-02-07 740152]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
    "combofix"="c:\combofix\CF22011.3XE" [2009-07-14 344576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    mcafeeframework
    artdhcp
    winpppoverethernet
    s116mdfl
    irda
    VAIOMediaPlatform-PhotoServer-HTTP
    WcesComm
    FGDSCSI
    cnmpar21
    XBCD
    bvrp_pci
    RIOXDRV
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.fr/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\travail\ICQ7.4\ICQ7.7\ICQ.exe
    TCP: DhcpNameServer = 192.168.0.254
    FF - ProfilePath - c:\users\PaRaDiGm\AppData\Roaming\Mozilla\Firefox\Profiles\uo7dxs5d.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
    HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    .
    .
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    c:\program files (x86)\Internet Explorer\iexplore.exe
    .
    **************************************************************************
    .
    Heure de fin: 2012-03-04 19:08:45 - La machine a redémarré
    ComboFix-quarantined-files.txt 2012-03-04 18:08
    .
    Avant-CF: 9 824 530 432 octets libres
    Après-CF: 9 253 580 800 octets libres
    .
    - - End Of File - - F51CB678D61269C36BBF12B78827CF40




    Sham_Rock a dit :
    Bonjour
    désinstalle Spyware Terminator et Spybot - Search & Destroy. (obsolètes)
    Lire aussi:
  • Antispyware gratuit : ça sert à rien!
    j'aurais bien aimé voir le rapport TDSSkiller.
    Il est sauvegardé à la racine de ta partition système sous le nom C:\TDSSKiller_Quarantine\JJ.MM.AA_HH.MM.SS. (JJ.MM.AA date du passage de l'outil, HH.MM.SS heure de passage).


    puis

    Désactive ton antivirus et tout autre type de protection.
    Télécharge ComboFix de sUBs : Combofix
    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
    clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"

    viens sur le forum et édition "coller"

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer

    <@_@>


    Contenus similaires
    5 Mars 2012 15:40:24

    Bonjour
    zero access sur seven 64 bits, ça risque d'être un peu chaud....

    sauvegarde tes données
    puis:


    Télécharge aswMBR.exe

    Sauvegarde-le sur ton bureau et pas ailleurs!

    Double clique sur aswMBR.exe pour l'exécuter
    (Clic droit -> "Exécuter en tant qu'administrateur" pour VISTA / SEVEN)
    Accepte la demande de mise à jour si besoin.
    Clique sur le bouton Scan et laisse l'outil travailler.




    Clic sur Save Log ,Enregistre le rapport sur le bureau et poste le rapport dans ta prochaine réponse.




    ++++++++++++++

    tu ne fais plus aucune suppression/manipulations avant que je vois les rapports. :) 

    5 Mars 2012 16:28:01

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-05 16:21:11
    -----------------------------
    16:21:11.960 OS Version: Windows x64 6.1.7600
    16:21:11.960 Number of processors: 8 586 0x2A07
    16:21:11.960 ComputerName: PARADIGM-PC UserName: PaRaDiGm
    16:21:12.670 Initialize success
    16:22:22.092 AVAST engine defs: 12030500
    16:22:49.158 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:22:49.173 Disk 0 Vendor: APPLE_SSD_TS128C CJAA0201 Size: 115712MB BusType: 3
    16:22:49.189 Disk 0 MBR read successfully
    16:22:49.189 Disk 0 MBR scan
    16:22:49.205 Disk 0 Windows 7 default MBR code
    16:22:49.205 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 115711 MB offset 63
    16:22:49.220 Disk 0 scanning C:\Windows\system32\drivers
    16:22:51.451 Service scanning
    16:22:57.129 Modules scanning
    16:22:57.145 Disk 0 trace - called modules:
    16:22:57.161 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    16:22:57.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005697060]
    16:22:57.161 3 CLASSPNP.SYS[fffff880018fb43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80053df060]
    16:22:58.112 AVAST engine scan C:\Windows
    16:22:58.799 AVAST engine scan C:\Windows\system32
    16:23:03.401 File: C:\Windows\system32\dmserver.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:05.522 File: C:\Windows\system32\hap16v2k.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:06.240 File: C:\Windows\system32\ikfilesec.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:06.957 File: C:\Windows\system32\kavsvc.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:10.187 File: C:\Windows\system32\msloop.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:16.536 File: C:\Windows\system32\qcmerced.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:19.203 File: C:\Windows\system32\sqlserveragent.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:19.453 File: C:\Windows\system32\stllssvr.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:22.012 File: C:\Windows\system32\VRFIL.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:22.370 File: C:\Windows\system32\wdelmgr20.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:25.787 File: C:\Windows\system32\zebrceb.dll **INFECTED** Win64:Sirefef-E [Trj]
    16:23:52.822 AVAST engine scan C:\Windows\system32\drivers
    16:23:55.520 AVAST engine scan C:\Users\PaRaDiGm
    16:24:18.359 File: C:\Users\PaRaDiGm\Downloads\Arles Image\keygen.exe **INFECTED** Win32:SdBot-FGY [Trj]
    16:25:03.084 AVAST engine scan C:\ProgramData
    16:25:13.583 Scan finished successfully
    16:26:11.231 Disk 0 MBR has been saved successfully to "C:\Users\PaRaDiGm\Desktop\MBR.dat"
    16:26:11.262 The log file has been saved successfully to "C:\Users\PaRaDiGm\Desktop\aswMBR.txt"
    5 Mars 2012 21:05:34

    Bonsoir
    c'est bien ce que je craignais. :/ 
    tu as sauvegardé tes données?

    en même temps:
    Citation :
    16:24:18.359 File: C:\Users\PaRaDiGm\Downloads\Arles Image\keygen.exe **INFECTED** Win32:SdBot-FGY [Trj]

    :o 

    vu que l'outil dédié à cette infection ne marche pas sous les système 64bits, Il va falloir remplacer toutes les dll patchées par l'infection, ça va être rock'n'roll ;O)))))))

    Télécharge OTLPENet.
    Prépare un CD vierge et lance OTLPENet, cela va te permettre de graver une image iso.
    Note : Le CD gravé, il faut maintenant redémarrer la machine sur le lecteur CDROM
    Pour se faire suivre ce lien : Booter sur un CD.
    Tuto OTLPE

    Tu lances l'iso d'OTLPENet que tu as gravé.
  • une fois le bureau de reatogo chargé , tu lances OTLPE , l'icône jaune

  • Double-clique sur l'icone OTLPE
  • quand demandé "Do you wish to load the remote registry", select Yes
  • quand demandé "Do you wish to load remote user profile(s) for scanning", select Yes
  • vérifier que "Automatically Load All Remaining Users" est sélectionné et press OK



  • sous Custom Scan box
    1 copie_colle le contenu du cadre ci dessous:


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    /md5start
    dmserver.dll
    hap16v2k.dll
    ikfilesec.dll
    kavsvc.dll
    msloop.dll
    qcmerced.dll
    sqlserveragent.dll
    stllssvr.dll
    VRFIL.dll
    wdelmgr20.dll
    zebrceb.dll
    explorer.exe
    userinit.exe
    winlogon.exe
    wininit.exe
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    volsnap.sys
    nvstor.sys
    atapi.sys
    i8042prt.sys
    cdrom.sys
    disk.sys
    ndis.sys
    tcpip.sys
    imapi.sys
    RDPCDD.sys
    mountmgr.sys
    aec.sys
    rasacd.sys
    redbook.sys
    intelide.sys
    mrxsmb10.sys
    mrxsmb20.sys
    termdd.sys
    mrxsmb.sys
    win32k.sys
    storport.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\repair\*.*
    %systemroot%\repair\*.
    %systemroot%\repair\*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


  • copie colle ce texte dans un fichier texte|bloc note que tu enregistres sur clé usb que tu brancheras sous reatogo tu pourras alors facilement le copier\coller.
  • 2 Clic Run Scan pour démarrer le scan.
  • Une fois terminé , le fichier se trouve là C:\OTL.txt
  • Copie_colle le contenu dans ta prochaine réponse.

    si le rapport est trop long:
  • Héberge-le, puis donne le lien.
    Utilise ceci : http://pjjoint.malekal.com/

    +++++++++++++++++++++++++++++++++++++
    6 Mars 2012 13:19:11

    J'ai gravé avec succes deux dvd et un cd de marque differentes et lorque je boot cd je suis bloqué a ce message: "Setup is inspecting your computer hardware configuration...". J'ai attendu plus d'une heure et cela ne bouge pas.
    6 Mars 2012 14:26:06

    Bonjour,
    tu as regravé la même iso les 3 fois?
    si c'est le cas, il est fort possible que cela soit lié à un problème de téléchargement de l'iso OTLPE.

    +++++

    Il y a peut-être un outil qui pourrait marcher, tu vas essayer avant de recommencer la procédure otlpe.
    BitDefender ZeroAccess/Sirefef Removal tool
    tuto:
    http://forum.malekal.com/bitdefender-zeroaccess-sirefef...

    c'est tout frais, donc je ne peux pas t'en dire plus, mais apparemment, il est efficace pour ton infection. (zero access)
    6 Mars 2012 15:16:50

    Je viens d'essayer de telecharger OTLPENET a partir d'une autre source sur un autre ordinateur, gravé sur cet autre ordinateur. Et cela bloque toujours "Setup is inspecting your computer hardware configuration...".

    Pour ce qui est de "BitDefender ZeroAccess/Sirefef Removal tool" cela a l'air detre pour les systemes 32 bits. Il me met lors du lancement du programme: "Could not load trufosalt.sys"
    6 Mars 2012 15:33:46

    re
    la poisse :o 

    est-ce que ta galette OTLPE se lance correctement sur le pc qui est sain?
    6 Mars 2012 15:46:34

    Cela marche sous l'autre ordinateur qui est sous windows xp.

    Je tiens a preciser que l'ordinateur infecté est un macbook pro mais que mac os n'est pas installé. Il y'a seulement windows 7 dessus. Et que j'ai bien fais un boot cd.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS