TitWawa

Re, Tout à été fais. Merci pour ton aide encore une fois! Bonne continuation (et surtout bonne chance pour les futurs victimes de cette bestiole ^^") @++

Voici le rapport de Load_TDSS Killer. 23:14:52:593 1196 TDSSKiller 2.1.1 Dec 20 2009 02:40:02 23:14:52:593 1196 ================================================================================ 23:14:52:593 1196 SystemInfo: 23:14:52:593 1196 OS Version: 5.1.2600 ServicePack: 2.0 23:14:52:593 1196 Product type: Workstation 23:14:52:593 1196 ComputerName: NOM-EB85C523610 23:14:52:609 1196 UserName: HP_Propriétaire 23:14:52:609 1196 Windows directory: C:\WINDOWS 23:14:52:609 1196 Processor architecture: Intel x86 23:14:52:609 1196 Number of processors: 1 23:14:52:609 1196 Page size: 0x1000 23:14:52:609 1196 Boot type: Normal boot 23:14:52:609 1196 ================================================================================ 23:14:52:750 1196 ForceUnloadDriver: NtUnloadDriver error 2 23:14:52:750 1196 ForceUnloadDriver: NtUnloadDriver error 2 23:14:52:750 1196 ForceUnloadDriver: NtUnloadDriver error 2 23:14:52:750 1196 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\Drivers\KLMD.sys) returned status 0 23:14:52:750 1196 main: Driver KLMD successfully dropped 23:14:53:265 1196 main: Driver KLMD successfully loaded 23:14:53:265 1196 Scanning Registry ... 23:14:53:281 1196 ScanServices: Searching service UACd.sys 23:14:53:281 1196 ScanServices: Open/Create key error 2 23:14:53:281 1196 ScanServices: Searching service TDSSserv.sys 23:14:53:281 1196 ScanServices: Open/Create key error 2 23:14:53:281 1196 ScanServices: Searching service gaopdxserv.sys 23:14:53:281 1196 ScanServices: Open/Create key error 2 23:14:53:281 1196 ScanServices: Searching service gxvxcserv.sys 23:14:53:281 1196 ScanServices: Open/Create key error 2 23:14:53:281 1196 ScanServices: Searching service MSIVXserv.sys 23:14:53:281 1196 ScanServices: Open/Create key error 2 23:14:53:312 1196 UnhookRegistry: Kernel module file name: C:\windows\system32\ntkrnlpa.exe, base addr: 804D7000 23:14:53:312 1196 UnhookRegistry: Kernel local addr: A20000 23:14:53:312 1196 UnhookRegistry: KeServiceDescriptorTable addr: A9B400 23:14:53:359 1196 UnhookRegistry: KiServiceTable addr: A4A21C 23:14:53:375 1196 UnhookRegistry: NtEnumerateKey service number (local): 47 23:14:53:375 1196 UnhookRegistry: NtEnumerateKey local addr: B62772 23:14:53:375 1196 KLMD_OpenDevice: Trying to open KLMD device 23:14:53:375 1196 KLMD_GetSystemRoutineAddressA: Trying to get system routine address ZwEnumerateKey 23:14:53:375 1196 KLMD_GetSystemRoutineAddressW: Trying to get system routine address ZwEnumerateKey 23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x804FD9ED[0x4] 23:14:53:375 1196 UnhookRegistry: NtEnumerateKey service number (kernel): 47 23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x80501338[0x4] 23:14:53:375 1196 UnhookRegistry: NtEnumerateKey real addr: 80619772 23:14:53:375 1196 UnhookRegistry: NtEnumerateKey calc addr: 80619772 23:14:53:375 1196 UnhookRegistry: No SDT hooks found on NtEnumerateKey 23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x80619772[0xA] 23:14:53:375 1196 UnhookRegistry: No splicing found on NtEnumerateKey 23:14:53:375 1196 Scanning Kernel memory ... 23:14:53:375 1196 KLMD_OpenDevice: Trying to open KLMD device 23:14:53:375 1196 KLMD_GetSystemObjectAddressByNameA: Trying to get system object address by name \Driver\Disk 23:14:53:375 1196 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk 23:14:53:375 1196 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 85724F38 23:14:53:375 1196 DetectCureTDL3: KLMD_GetDeviceObjectList returned 11 DevObjects 23:14:53:375 1196 DetectCureTDL3: 0 Curr stack PDEVICE_OBJECT: 851296F0 23:14:53:375 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851296F0 23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x851296F0[0x38] 23:14:53:375 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38 23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8] 23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208] 23:14:53:375 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 23:14:53:375 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30 23:14:53:375 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30 23:14:53:375 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B 23:14:53:375 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B 23:14:53:375 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366 23:14:53:375 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D 23:14:53:375 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3 23:14:53:375 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366 23:14:53:375 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3 23:14:53:375 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24 23:14:53:375 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:375 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:375 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 23:14:53:375 1196 KLMD_ReadMem: DeviceIoControl error 1 23:14:53:375 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code 23:14:53:375 1196 TDL3_FileDetect: Processing driver: Disk 23:14:53:375 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 23:14:53:375 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 23:14:53:375 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 23:14:53:437 1196 DetectCureTDL3: 1 Curr stack PDEVICE_OBJECT: 853AE250 23:14:53:437 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 853AE250 23:14:53:437 1196 KLMD_ReadMem: Trying to ReadMemory 0x853AE250[0x38] 23:14:53:437 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38 23:14:53:437 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8] 23:14:53:437 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208] 23:14:53:437 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 23:14:53:437 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30 23:14:53:437 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30 23:14:53:437 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B 23:14:53:437 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B 23:14:53:437 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366 23:14:53:437 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:437 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D 23:14:53:437 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3 23:14:53:453 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366 23:14:53:453 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:453 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:453 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:453 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:453 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:453 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3 23:14:53:453 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24 23:14:53:453 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:453 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:453 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:453 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 23:14:53:453 1196 KLMD_ReadMem: DeviceIoControl error 1 23:14:53:453 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code 23:14:53:453 1196 TDL3_FileDetect: Processing driver: Disk 23:14:53:453 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 23:14:53:453 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 23:14:53:453 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 23:14:53:468 1196 DetectCureTDL3: 2 Curr stack PDEVICE_OBJECT: 8565DAD0 23:14:53:468 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8565DAD0 23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0x8565DAD0[0x38] 23:14:53:468 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38 23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8] 23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208] 23:14:53:468 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 23:14:53:468 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30 23:14:53:468 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30 23:14:53:468 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B 23:14:53:468 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B 23:14:53:468 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366 23:14:53:468 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D 23:14:53:468 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3 23:14:53:468 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366 23:14:53:468 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3 23:14:53:468 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24 23:14:53:468 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:468 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:468 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 23:14:53:468 1196 KLMD_ReadMem: DeviceIoControl error 1 23:14:53:468 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code 23:14:53:468 1196 TDL3_FileDetect: Processing driver: Disk 23:14:53:468 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 23:14:53:468 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 23:14:53:468 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 23:14:53:484 1196 DetectCureTDL3: 3 Curr stack PDEVICE_OBJECT: 854557D8 23:14:53:484 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 854557D8 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x854557D8[0x38] 23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8] 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208] 23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 23:14:53:484 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30 23:14:53:484 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30 23:14:53:484 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B 23:14:53:484 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B 23:14:53:484 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366 23:14:53:484 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D 23:14:53:484 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3 23:14:53:484 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366 23:14:53:484 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3 23:14:53:484 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24 23:14:53:484 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 23:14:53:484 1196 KLMD_ReadMem: DeviceIoControl error 1 23:14:53:484 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code 23:14:53:484 1196 TDL3_FileDetect: Processing driver: Disk 23:14:53:484 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 23:14:53:484 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 23:14:53:484 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 23:14:53:484 1196 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 851B9AB8 23:14:53:484 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851B9AB8 23:14:53:484 1196 DetectCureTDL3: 4 Curr stack PDEVICE_OBJECT: 851A1360 23:14:53:484 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851A1360 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x851A1360[0x38] 23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8] 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208] 23:14:53:484 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 23:14:53:484 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218 23:14:53:484 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218 23:14:53:484 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C 23:14:53:484 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C 23:14:53:484 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180 23:14:53:484 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6 23:14:53:484 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0 23:14:53:484 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E 23:14:53:484 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:484 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:484 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400] 23:14:53:484 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 23:14:53:484 1196 TDL3_FileDetect: Processing driver: USBSTOR 23:14:53:500 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 23:14:53:500 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:500 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:531 1196 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 851A8AB8 23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851A8AB8 23:14:53:531 1196 DetectCureTDL3: 5 Curr stack PDEVICE_OBJECT: 854B6030 23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 854B6030 23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x854B6030[0x38] 23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030 23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8] 23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208] 23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 23:14:53:531 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218 23:14:53:531 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218 23:14:53:531 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C 23:14:53:531 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C 23:14:53:531 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180 23:14:53:531 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6 23:14:53:531 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0 23:14:53:531 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E 23:14:53:531 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400] 23:14:53:531 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 23:14:53:531 1196 TDL3_FileDetect: Processing driver: USBSTOR 23:14:53:531 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 23:14:53:531 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:531 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:531 1196 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 8519FAB8 23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8519FAB8 23:14:53:531 1196 DetectCureTDL3: 6 Curr stack PDEVICE_OBJECT: 85159D08 23:14:53:531 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85159D08 23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x85159D08[0x38] 23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030 23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8] 23:14:53:531 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208] 23:14:53:531 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 23:14:53:531 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218 23:14:53:531 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218 23:14:53:531 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C 23:14:53:531 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C 23:14:53:531 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180 23:14:53:531 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6 23:14:53:531 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418 23:14:53:531 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0 23:14:53:546 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E 23:14:53:546 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400] 23:14:53:546 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 23:14:53:546 1196 TDL3_FileDetect: Processing driver: USBSTOR 23:14:53:546 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 23:14:53:546 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:546 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:546 1196 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 851A2AB8 23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 851A2AB8 23:14:53:546 1196 DetectCureTDL3: 7 Curr stack PDEVICE_OBJECT: 85151D08 23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85151D08 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85151D08[0x38] 23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT addr: 855E8030 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x855E8030[0xA8] 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1729E60[0x208] 23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR 23:14:53:546 1196 DetectCureTDL3: IrpHandler (0) addr: F7875218 23:14:53:546 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (2) addr: F7875218 23:14:53:546 1196 DetectCureTDL3: IrpHandler (3) addr: F787523C 23:14:53:546 1196 DetectCureTDL3: IrpHandler (4) addr: F787523C 23:14:53:546 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (14) addr: F7875180 23:14:53:546 1196 DetectCureTDL3: IrpHandler (15) addr: F78709E6 23:14:53:546 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (22) addr: F78745F0 23:14:53:546 1196 DetectCureTDL3: IrpHandler (23) addr: F7872A6E 23:14:53:546 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xF7871F26[0x400] 23:14:53:546 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 0, 0 23:14:53:546 1196 TDL3_FileDetect: Processing driver: USBSTOR 23:14:53:546 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\usbstor.sys, C:\WINDOWS\system32\Drivers\usbstor.tsk, SYSTEM\CurrentControlSet\Services\USBSTOR, system32\Drivers\usbstor.tsk 23:14:53:546 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:546 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\usbstor.sys 23:14:53:546 1196 DetectCureTDL3: 8 Curr stack PDEVICE_OBJECT: 85721C68 23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85721C68 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85721C68[0x38] 23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8] 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208] 23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 23:14:53:546 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30 23:14:53:546 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30 23:14:53:546 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B 23:14:53:546 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B 23:14:53:546 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366 23:14:53:546 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D 23:14:53:546 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3 23:14:53:546 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366 23:14:53:546 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3 23:14:53:546 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24 23:14:53:546 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:546 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 23:14:53:546 1196 KLMD_ReadMem: DeviceIoControl error 1 23:14:53:546 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code 23:14:53:546 1196 TDL3_FileDetect: Processing driver: Disk 23:14:53:546 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 23:14:53:546 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 23:14:53:546 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 23:14:53:546 1196 DetectCureTDL3: 9 Curr stack PDEVICE_OBJECT: 857512C0 23:14:53:546 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 857512C0 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x857512C0[0x38] 23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85724F38 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0x85724F38[0xA8] 23:14:53:546 1196 KLMD_ReadMem: Trying to ReadMemory 0xE13CDE30[0x208] 23:14:53:546 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk 23:14:53:546 1196 DetectCureTDL3: IrpHandler (0) addr: F75D6C30 23:14:53:562 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (2) addr: F75D6C30 23:14:53:562 1196 DetectCureTDL3: IrpHandler (3) addr: F75D0D9B 23:14:53:562 1196 DetectCureTDL3: IrpHandler (4) addr: F75D0D9B 23:14:53:562 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (9) addr: F75D1366 23:14:53:562 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (14) addr: F75D144D 23:14:53:562 1196 DetectCureTDL3: IrpHandler (15) addr: F75D4FC3 23:14:53:562 1196 DetectCureTDL3: IrpHandler (16) addr: F75D1366 23:14:53:562 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (22) addr: F75D2EF3 23:14:53:562 1196 DetectCureTDL3: IrpHandler (23) addr: F75D7A24 23:14:53:562 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0x0[0x400] 23:14:53:562 1196 KLMD_ReadMem: DeviceIoControl error 1 23:14:53:562 1196 TDL3_StartIoHookDetect: Unable to get StartIo handler code 23:14:53:562 1196 TDL3_FileDetect: Processing driver: Disk 23:14:53:562 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\disk.sys, C:\WINDOWS\system32\Drivers\disk.tsk, SYSTEM\CurrentControlSet\Services\Disk, system32\Drivers\disk.tsk 23:14:53:562 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\disk.sys 23:14:53:562 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\disk.sys 23:14:53:562 1196 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 85720AB8 23:14:53:562 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85720AB8 23:14:53:562 1196 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8578DF18 23:14:53:562 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8578DF18 23:14:53:562 1196 DetectCureTDL3: 10 Curr stack PDEVICE_OBJECT: 8574FB00 23:14:53:562 1196 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8574FB00 23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0x8574FB00[0x38] 23:14:53:562 1196 DetectCureTDL3: DRIVER_OBJECT addr: 85751C28 23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0x85751C28[0xA8] 23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0xE1008B90[0x208] 23:14:53:562 1196 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi 23:14:53:562 1196 DetectCureTDL3: IrpHandler (0) addr: F7402572 23:14:53:562 1196 DetectCureTDL3: IrpHandler (1) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (2) addr: F7402572 23:14:53:562 1196 DetectCureTDL3: IrpHandler (3) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (4) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (5) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (6) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (7) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler ( addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (9) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (10) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (11) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (12) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (13) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (14) addr: F7402592 23:14:53:562 1196 DetectCureTDL3: IrpHandler (15) addr: F73FE7B4 23:14:53:562 1196 DetectCureTDL3: IrpHandler (16) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (17) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (18) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (19) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (20) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (21) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (22) addr: F74025BC 23:14:53:562 1196 DetectCureTDL3: IrpHandler (23) addr: F7409164 23:14:53:562 1196 DetectCureTDL3: IrpHandler (24) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (25) addr: 804F3418 23:14:53:562 1196 DetectCureTDL3: IrpHandler (26) addr: 804F3418 23:14:53:562 1196 KLMD_ReadMem: Trying to ReadMemory 0xF73FF7C6[0x400] 23:14:53:562 1196 TDL3_StartIoHookDetect: CheckParameters: 0, 0, 229, 0 23:14:53:562 1196 TDL3_FileDetect: Processing driver: atapi 23:14:53:562 1196 TDL3_FileDetect: Parameters: C:\WINDOWS\system32\drivers\atapi.sys, C:\WINDOWS\system32\Drivers\atapi.tsk, SYSTEM\CurrentControlSet\Services\atapi, system32\Drivers\atapi.tsk 23:14:53:562 1196 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys 23:14:53:562 1196 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\atapi.sys 23:14:53:609 1196 Completed Results: 23:14:53:609 1196 Infected objects in memory: 0 23:14:53:609 1196 Cured objects in memory: 0 23:14:53:609 1196 Infected objects on disk: 0 23:14:53:609 1196 Objects on disk cured on reboot: 0 23:14:53:609 1196 Objects on disk deleted on reboot: 0 23:14:53:609 1196 Registry nodes deleted on reboot: 0 23:14:53:609 1196

Re, Oui tout à fais, plus de problème avec les fenêtre Malware défense. Le Pc ne rame plus, donc je pense que j'en ai fini avec cette bestiole ^^" Un grand merci à toi, pour cette aide précieuse. Je vais tout de même passer Load_TDSS killer. +++

Bonjour, désolé pour pour l'attente mais l'analyse était longue ^^" Voici le rapport MBAM : Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3449 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 29/12/2009 15:03:44 mbam-log-2009-12-29 (15-03-44).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 264291 Temps écoulé: 1 hour(s), 44 minute(s), 16 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 8 Fichier(s) infecté(s): 15 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\HelpAssistant\Application Data\AntiVirus (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Application Data\AntiVirus (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Application Data\SystemDoctor Free (Rogue.SystemDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Application Data\SystemDoctor Free\Logs (Rogue.SystemDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Application Data\WinTouch (Adware.WinPop) -> Quarantined and deleted successfully. C:\Program Files\Fichiers communs\Carlson (Trojan.Dialer) -> Quarantined and deleted successfully. C:\Program Files\DebroPack (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\AntiSpywareXP2009 (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Qoobox\Quarantine\C\Program Files\AntiSpywareXP2009\htmlayout.dll.vir (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTkylqxmtyqj.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\H8SRTwbejxuxnmb.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTabrsnvmyrj.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Documents and Settings\HelpAssistant\Application Data\AntiVirus\antvrs.exe (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Application Data\AntiVirus\antvrs.exe (Rogue.AntiVirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Application Data\SystemDoctor Free\Logs\update.log (Rogue.SystemDoctor) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Application Data\WinTouch\wintouch.cfg (Adware.WinPop) -> Quarantined and deleted successfully. C:\Program Files\DebroPack\Uninstall.exe (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire\Menu Démarrer\Programmes\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntiSpywareXP) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\nsadsoftinc.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files\Mozilla Firefox\components\nsworldadmarketplace.dll (Adware.AdRotator) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\carlton (Trojan.Dialer) -> Quarantined and deleted successfully. C:\WINDOWS\photos01.zip (Backdoor.Bot) -> Quarantined and deleted successfully. Merci.

Voici le rapport. ComboFix 09-12-27.04 - HP_Propriétaire 28/12/2009 23:46:06.1.1 - x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.958.579 [GMT 1:00] Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\bardaf01.exe . Les fichiers ci-dessous ont été désactivés pendant l'exécution: c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\HP_PRO~1\LOCALS~1\Temp\wscsvc32.exe c:\documents and settings\All Star\RavMonLog c:\documents and settings\HP_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\uekrhhd.dat c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\uekrhhd_nav.dat c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\uekrhhd_navps.dat c:\program files\AntiSpywareXP2009 c:\program files\AntiSpywareXP2009\data\daily.cvd c:\program files\AntiSpywareXP2009\htmlayout.dll c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntiSpywareXP2009\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntiSpywareXP2009\pthreadVC2.dll c:\program files\BChanger c:\program files\BChanger\data.dat c:\program files\BChanger\Uninstall.exe c:\program files\CPV c:\program files\Eroca c:\program files\GrandPack c:\program files\Insider c:\program files\Insider\Insider.exe c:\program files\Insider\UnInstall.exe c:\program files\Mozilla Firefox\Components\9e06dd49-1aea-e964-da63-58b3b4292f18.dll c:\program files\NoDNS c:\program files\NoDNS\UnInstall.exe c:\program files\nvcoi c:\program files\nvcoi\mst.stt c:\program files\RcvSystem c:\program files\smbols~1 c:\program files\Temporary c:\program files\WinAble c:\program files\Words c:\program files\Words\script.txt c:\recycler\S-1-5-21-4141595813-2295377448-1625402431-1008 c:\recycler\S-1-5-21-4141595813-2295377448-1625402431-1009 c:\recycler\S-1-5-21-958653642-812838196-4078779400-1008 c:\windows\cookies.ini c:\windows\ssembl~1 c:\windows\system32\drivers\H8SRTabrsnvmyrj.sys c:\windows\system32\H8SRTkylqxmtyqj.dll c:\windows\system32\H8SRTpyuvndqemu.dat c:\windows\system32\H8SRTwbejxuxnmb.dll c:\windows\system32\krl32mainweq.dll c:\windows\system32\ps2.bat c:\windows\system32\srcr.dat D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_H8SRTd.sys -------\Service_H8SRTd.sys ((((((((((((((((((((((((((((( Fichiers créés du 2009-11-28 au 2009-12-28 )))))))))))))))))))))))))))))))))))) . 2009-12-28 21:26 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-28 21:26 . 2009-12-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-28 21:26 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-28 20:39 . 2009-12-28 20:39 -------- d-----w- c:\program files\Enigma Software Group 2009-12-28 20:32 . 2009-12-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-27 18:49 . 2009-12-27 18:49 -------- d-----w- c:\windows\system32\drivers\NSS 2009-12-27 18:49 . 2009-12-27 18:49 -------- d-----w- c:\program files\Norton Security Scan 2009-12-27 18:49 . 2009-12-27 18:49 -------- d-----w- c:\program files\NortonInstaller 2009-12-27 15:49 . 2009-12-27 15:49 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2009-12-27 14:11 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-26 22:21 . 2009-12-26 22:21 -------- d-----w- C:\SystemRoot 2009-12-26 22:20 . 2009-12-26 22:20 -------- d-----w- c:\windows\Hewlett-Packard 2009-12-26 14:13 . 2009-12-26 14:13 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-11 18:56 . 2009-12-11 18:58 -------- d-----w- c:\program files\Windows Live Safety Center 2009-12-09 14:18 . 2009-12-09 14:24 -------- d-----w- c:\program files\Warrior Epic 2009-12-04 18:20 . 2006-08-10 01:02 75264 ----a-w- c:\windows\system32\E_FLBBEE.DLL 2009-12-04 18:20 . 2006-04-19 01:00 62976 ----a-w- c:\windows\system32\E_FD4BBEE.DLL 2009-12-04 18:20 . 2004-09-10 19:12 49152 ----a-w- c:\windows\system32\E_DCINST.DLL 2009-12-04 18:19 . 2009-12-04 18:20 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON 2009-12-04 13:49 . 2009-12-04 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-12-04 09:31 . 2004-08-04 21:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll 2009-12-04 09:31 . 2004-08-04 21:00 98304 ----a-w- c:\windows\system32\msir3jp.dll 2009-12-04 09:31 . 2004-08-04 21:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll 2009-12-04 09:31 . 2004-08-04 21:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll 2009-12-04 09:30 . 2004-08-04 21:00 218112 ----a-w- c:\windows\system32\c_g18030.dll 2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbd101a.dll 2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbdlk41j.dll 2009-12-04 09:30 . 2004-08-04 21:00 9216 ----a-w- c:\windows\system32\kbdnecAT.dll 2009-12-04 09:30 . 2004-08-04 21:00 7680 ----a-w- c:\windows\system32\kbdnecNT.dll 2009-12-04 09:30 . 2004-08-04 21:00 7168 ----a-w- c:\windows\system32\kbdnec95.dll 2009-12-04 09:30 . 2004-08-04 21:00 7168 ----a-w- c:\windows\system32\f3ahvoas.dll 2009-12-04 09:30 . 2004-08-04 21:00 6656 ----a-w- c:\windows\system32\kbdlk41a.dll 2009-12-04 09:30 . 2004-08-04 21:00 7168 ----a-w- c:\windows\system32\kbdibm02.dll 2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbdax2.dll 2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbd106n.dll 2009-12-04 09:30 . 2004-08-04 21:00 6144 ----a-w- c:\windows\system32\kbd101.dll 2009-12-04 09:29 . 2004-08-04 21:00 6656 ----a-w- c:\windows\system32\c_is2022.dll 2009-12-04 09:29 . 2004-08-04 21:00 76288 ----a-w- c:\windows\system32\uniime.dll 2009-12-04 09:29 . 2004-08-04 21:00 811064 ----a-w- c:\windows\system32\imjp81k.dll 2009-12-04 09:29 . 2001-08-23 16:47 8704 ----a-w- c:\windows\system32\kbdjpn.dll 2009-12-04 09:29 . 2001-08-23 16:47 8192 ----a-w- c:\windows\system32\kbdkor.dll 2009-12-04 09:29 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd106.dll 2009-12-04 09:29 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101c.dll 2009-12-04 09:29 . 2001-08-17 21:55 5632 ----a-w- c:\windows\system32\kbd103.dll 2009-12-04 09:29 . 2001-08-17 21:55 6144 ----a-w- c:\windows\system32\kbd101b.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-28 19:32 . 2007-08-01 16:44 -------- d-----w- c:\program files\Metin2_France 2009-12-27 22:55 . 2008-04-01 10:54 -------- d-----w- c:\program files\Avira 2009-12-27 19:42 . 2005-01-02 01:15 -------- d-----w- c:\program files\Fichiers communs\Symantec Shared 2009-12-27 18:49 . 2009-10-12 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-12-27 15:49 . 2007-07-22 12:04 -------- d-----w- c:\program files\DivX 2009-12-26 22:38 . 2004-11-23 14:26 65112 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-26 22:38 . 2004-11-23 14:26 447780 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-26 22:36 . 2007-03-10 20:01 -------- d-----w- c:\program files\WinAVI MP4 Converter 2009-12-26 22:32 . 2007-03-02 18:45 -------- d-----w- c:\program files\Cyanide 2009-12-26 22:30 . 2007-03-10 19:57 -------- d-----w- c:\program files\3GP Converter 2007 2009-12-26 22:21 . 2005-01-02 00:44 -------- d-----w- c:\program files\HP 2009-12-26 22:21 . 2005-01-02 00:59 -------- d-----w- c:\program files\Hewlett-Packard 2009-12-21 18:05 . 2009-11-22 16:26 -------- d-----w- c:\program files\RevolutionMT2 2009-12-18 22:17 . 2009-11-17 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-19 19:44 . 2009-11-19 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-11-19 19:44 . 2008-10-17 15:45 -------- d-----w- c:\program files\iTunes 2009-11-19 19:43 . 2009-11-19 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-11-19 19:40 . 2009-11-19 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-11-19 19:39 . 2008-10-17 15:43 -------- d-----w- c:\program files\QuickTime 2009-11-17 19:54 . 2009-11-17 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-11-17 19:53 . 2008-07-24 22:55 -------- d-----w- c:\program files\AVG 2009-11-13 15:37 . 2009-11-13 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2009-11-13 15:35 . 2009-11-13 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Cyberlink 2009-11-01 20:08 . 2009-10-24 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-10-31 18:06 . 2007-08-06 12:27 22 ----a-w- c:\windows\photos01.zip 2009-10-31 16:36 . 2007-08-29 08:45 -------- d-----w- c:\program files\Fichiers communs\Error Safe 2009-10-31 16:30 . 2007-10-25 17:36 -------- d--h--w- c:\program files\Fichiers communs\Carlson 2009-10-29 05:46 . 2004-08-05 11:00 666112 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 06:03 . 2004-08-05 11:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 06:03 . 2004-08-05 11:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 14:58 . 2004-08-05 11:00 263552 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:52 . 2004-08-05 11:00 267776 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:52 . 2004-08-05 11:00 69632 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:52 . 2004-08-05 11:00 113152 ----a-w- c:\windows\system32\rastls.dll 2007-10-29 07:08 . 2007-10-29 07:08 10 ----a-w- c:\program files\.autoreg 2007-10-29 07:08 . 2007-10-29 07:08 69632 ----a-w- c:\program files\mozilla firefox\components\ffwt.dll 2009-01-10 13:03 . 2007-07-22 12:04 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-01-10 13:03 . 2007-07-22 12:04 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-10 13:03 . 2007-07-22 12:04 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-01-06 18:03 . 2008-11-19 21:23 654336 ----a-w- c:\program files\mozilla firefox\components\nsadsoftinc.dll 2008-12-29 16:48 . 2009-02-03 11:13 653824 ----a-w- c:\program files\mozilla firefox\components\nsworldadmarketplace.dll 2009-01-10 13:03 . 2007-07-22 12:04 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-01-10 13:03 . 2007-07-22 12:04 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\atapi.sys [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\atapi.sys [-] 2004-08-05 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys [-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\asyncmac.sys [-] 2004-08-05 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2004-08-05 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-05 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2004-08-05 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\kbdclass.sys [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\kbdclass.sys [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\kbdclass.sys [-] 2004-08-04 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\kbdclass.sys [-] 2004-08-03 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-03 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ndis.sys [-] 2004-08-05 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys [-] 2004-08-05 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-05 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2004-08-05 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\browser.dll [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\browser.dll [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\browser.dll [-] 2004-08-05 . CE9DC7CC6D75515EE62CA341473EC5F3 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll [-] 2004-08-05 . CE9DC7CC6D75515EE62CA341473EC5F3 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lsass.exe [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\lsass.exe [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\lsass.exe [-] 2004-08-05 . 9F3744A5C6F49291A7A685040A013399 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2004-08-05 . 9F3744A5C6F49291A7A685040A013399 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\qmgr.dll [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\qmgr.dll [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\qmgr.dll [-] 2004-08-05 . 87424817F82CF6A7F55DAC01A20111A3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll [-] 2004-08-05 . 87424817F82CF6A7F55DAC01A20111A3 . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\winlogon.exe [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\winlogon.exe [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\winlogon.exe [-] 2004-08-05 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2004-08-05 . D2DE785AEAB0BB8CA4C14A8A199DBE4E . 506368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\cryptsvc.dll [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\cryptsvc.dll [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\cryptsvc.dll [-] 2004-08-05 . BDDF3723D95DC28D78B1E93119E0E6AB . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-05 . BDDF3723D95DC28D78B1E93119E0E6AB . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\imm32.dll [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\imm32.dll [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\imm32.dll [-] 2004-08-05 . 39EE5FAF56260EBB8D77A08F525EBBB4 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll [-] 2004-08-05 . 39EE5FAF56260EBB8D77A08F525EBBB4 . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\lpk.dll [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\lpk.dll [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\lpk.dll [-] 2004-08-05 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll [-] 2004-08-05 . 8C97E0E3DAA99659D4F4B44CC1F282A6 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll [-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msvcrt.dll [-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\msvcrt.dll [-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\msvcrt.dll [-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\asms\70\msft\windows\mswincrt\msvcrt.dll [-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\asms\70\msft\windows\mswincrt\msvcrt.dll [-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\asms\70\msft\windows\mswincrt\msvcrt.dll [-] 2004-08-05 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll [-] 2004-08-05 . 351B1AD22FD0EC70D889766E0B4F72ED . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2004-08-04 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL [-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll [-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll [-] 2009-02-06 . ECD7791E0E9246CA5F218A19F3911EB9 . 408064 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\97b111600286d152fcefc716b84582eb\sp2qfe\netlogon.dll [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\netlogon.dll [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\netlogon.dll [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\netlogon.dll [-] 2004-08-05 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll [-] 2004-08-05 . FAF07FDCDE76000621A28D19F8E2E8EB . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\powrprof.dll [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\powrprof.dll [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\powrprof.dll [-] 2004-08-05 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll [-] 2004-08-05 . B02E4DDBE0E98F42F3B61292DDB3A104 . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\scecli.dll [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\scecli.dll [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\scecli.dll [-] 2004-08-05 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll [-] 2004-08-05 . DEC0397F35D027874804EC72979D03CC . 186368 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfc.dll [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfc.dll [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfc.dll [-] 2004-08-05 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll [-] 2004-08-05 . 94559DE281DADCB58E6A3919C7EAC0B4 . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll [-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\svchost.exe [-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\svchost.exe [-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\svchost.exe [-] 2004-08-05 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2004-08-05 . 1BD6C2F707A275CB7C16FD99FE0F31CA . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\userinit.exe [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\userinit.exe [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\userinit.exe [-] 2004-08-05 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe [-] 2004-08-05 . D6D65EA32B190401B57EDB6706F29669 . 25088 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ws2_32.dll [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ws2_32.dll [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ws2_32.dll [-] 2004-08-05 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll [-] 2004-08-05 . BC41F51A39D3B255805FDB759B7814AE . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\srsvc.dll [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\srsvc.dll [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\srsvc.dll [-] 2004-08-05 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll [-] 2004-08-05 . 6469C53F4D16FA6055CCA265BC03DB66 . 171008 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wscntfy.exe [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\wscntfy.exe [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\wscntfy.exe [-] 2004-08-05 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2004-08-05 . 54CDDAD404557ED98433D6ECBFC92691 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\xmlprov.dll [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\xmlprov.dll [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\xmlprov.dll [-] 2004-08-05 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll [-] 2004-08-05 . 21056AEF44322C3E2DD5391B6AEFA75A . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\eventlog.dll [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\eventlog.dll [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\eventlog.dll [-] 2004-08-05 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll [-] 2004-08-05 . 21E83876A6287F15538EF187D286FE11 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\sfcfiles.dll [-] 2004-08-05 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-05 . ACF04FB3448D2C2CD3A851C138EC8AB6 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ctfmon.exe [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ctfmon.exe [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ctfmon.exe [-] 2004-08-05 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe [-] 2004-08-05 . 5584247B568C2E53934873F4B655FE6A . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\regsvc.dll [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\regsvc.dll [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\regsvc.dll [-] 2004-08-05 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll [-] 2004-08-05 . 345D02087F5696749C6120359B1E2988 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\schedsvc.dll [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\schedsvc.dll [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\schedsvc.dll [-] 2004-08-05 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll [-] 2004-08-05 . 4612EC6DAF695B87A2529FCBB95B75DE . 193024 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ssdpsrv.dll [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ssdpsrv.dll [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ssdpsrv.dll [-] 2004-08-05 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-05 . B636478A2569AE69CAF003254022A742 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\termsrv.dll [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\termsrv.dll [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\termsrv.dll [-] 2004-08-05 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll [-] 2004-08-05 . 7D521B8CF926459E270D18C559323815 . 297984 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll [-] 2004-08-05 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ip6fw.sys [-] 2004-08-05 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2004-08-05 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\msgsvc.dll [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\msgsvc.dll [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\msgsvc.dll [-] 2004-08-05 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll [-] 2004-08-05 . 97939358ED4487CBB4A0D743CE958266 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll [-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll [-] 2005-01-28 19:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-08-05 11:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\ntmssvc.dll [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\327771f7f3830b5acec68906a2aac4ab\ntmssvc.dll [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\51f93922a72f4cba24d116598e161b49\ntmssvc.dll [-] 2004-08-05 11:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-05 11:00 . 3F82A4226289510DF300813B9B87F0E5 . 438272 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-24 133104] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568] "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-17 2010904] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-26 149280] c:\documents and settings\All Star\Menu D‚marrer\Programmes\D‚marrage\ Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-1-2 27136] c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448] c:\documents and settings\HP_Propri‚taire\Menu D‚marrer\Programmes\D‚marrage\ Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-1-5 3469448] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services "2479:TCP"= 2479:TCP:Services "2551:TCP"= 2551:TCP:Services R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [17/11/2009 20:53 285392] S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI9.sys --> c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . ------- Examen supplémentaire ------- . uStart Page = google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.duxet.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe HKLM-Run-PCDrProfiler - (no file) Notify-avgrsstarter - avgrsstx.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-12-28 23:56 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\Ati2evxx.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\LightScribe\LSSrvc.exe c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE c:\program files\HP\Digital Imaging\bin\hpqtra08.exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\documents and settings\HP_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe c:\hp\KBD\KBD.EXE . ************************************************************************** . Heure de fin: 2009-12-29 00:06:29 - La machine a redémarré ComboFix-quarantined-files.txt 2009-12-28 23:06 Avant-CF: 187 531 382 784 octets libres Après-CF: 188 657 315 840 octets libres - - End Of File - - 8FF5274BA76FF8F7FF5C41EBD0CB0626

Voilà le rapport d'HijackThis! Merci de m'aider dans ma démarche. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:21:56, on 28/12/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S19B.tmp" /EF "HKCU" O4 - HKCU\..\Run: [richtx64.exe] C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\richtx64.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -- End of file - 7031 bytes