al77fr2

O61 - LFC:Last File Created 20/01/2012 - 18:27:53 ---A- D:\Documents And Settings\Alain\Local Settings\Temp\sacmenowrx.exe [363008] O61 - LFC:Last File Created 20/01/2012 - 18:27:54 ---A- D:\Documents And Settings\Alain\Local Settings\Application Data\qkm.exe [363008] O61 - LFC:Last File Created 20/01/2012 - 18:27:54 ---A- D:\Documents And Settings\Alain\Local Settings\Temp\aomscnexwr.exe [363008] O61 - LFC:Last File Created 20/01/2012 - 18:28:02 ---A- D:\Documents And Settings\Alain\Local Settings\Temp\wcaoemrsnx.exe [363008] Lien CJoint.com BAuxidwWB6h qkm.exe

Bonsoir, Ce soir surf sur internet (pas sur des sites sensibles). Antivir a hurlé mais a laissé passer le rogue Xp home security 2012. Merci pour votre aide ---------------------------------------------------------- RogueKiller V6.2.4 [12/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/44) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3, v.6055) 32 bits version Demarrage : Mode normal Utilisateur: Alain [Droits d'admin] Mode: Suppression -- Date : 20/01/2012 19:02:30 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 2 ¤¤¤ [iFEO] HKLM\[...]\Image File Execution Options : keygen.exe (StripMyRights.exe /D /L N) -> DELETED [FILEASSO] HKCR\.exe : (mdaw) -> REPLACED (exefile) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 mpa.one.microsoft.com 127.0.0.1 rad.msn.com 127.0.0.1 rad.live.com 127.0.0.1 ads1.msn.com 127.0.0.1 adfarm.mediaplex.com 127.0.0.1 101com.com 127.0.0.1 101order.com 127.0.0.1 103bees.com 127.0.0.1 1100i.com 127.0.0.1 123banners.com 127.0.0.1 123found.com 127.0.0.1 123pagerank.com 127.0.0.1 180searchassistant.com 127.0.0.1 180solutions.com 127.0.0.1 207.net 127.0.0.1 247media.com 127.0.0.1 247realmedia.com 127.0.0.1 24pm-affiliation.com 127.0.0.1 2log.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] ddba1862b365983ea2dee3f3b13bee0d [bSP] e0671a047cb9a03583cc60ddd6a883e9 : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT16 [VISIBLE] Offset (sectors): 63 | Size: 2097 Mo 1 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 4096575 | Size: 497999 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt

Merci pour StartUpLite. Peut-on considérer le pc comme sûr maintenant ?

# DelFix v8.6 - Rapport créé le 28/11/2011 à 23:38:34 # Mis à jour le 13/10/11 à 18h par Xplode # Système d'exploitation : Windows 7 Starter Service Pack 1 (32 bits) # Nom d'utilisateur : elodie - ELODIE-PC (Administrateur) # Exécuté depuis : C:\Users\elodie\Downloads\delfix.exe # Option [suppression] ~~~~~~ Dossiers(s) ~~~~~~ Supprimé : C:\ZHP Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP Supprimé : C:\Users\elodie\Desktop\RK_Quarantine Supprimé : C:\Program Files\ZHPDiag ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\AdwCleaner[s1].txt Supprimé : C:\PhysicalDisk0_MBR.bin Supprimé : C:\TDSSKiller.2.6.21.0_28.11.2011_18.44.58_log.txt Supprimé : C:\Users\elodie\Desktop\RKreport[1].txt Supprimé : C:\Users\elodie\Desktop\RKreport[2].txt Supprimé : C:\Users\elodie\Desktop\ZHPDiag-17h.txt Supprimé : C:\Users\elodie\Downloads\adwcleaner.exe Supprimé : C:\Users\elodie\Downloads\RogueKiller.exe Supprimé : C:\Users\elodie\Downloads\tdsskiller.zip Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKLM\SOFTWARE\AdwCleaner Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[R1].txt - [1455 octets] - [28/11/2011 23:38:06] DelFix[s1].txt - [1428 octets] - [28/11/2011 23:38:34] ########## EOF - C:\DelFix[s1].txt - [1552 octets] ##########

Cela ne peut être que mieux car Privacy Protection fermait toutes les applications Sinon je trouve le pc pas très réactif mais bon il y a du ménage à faire dans les processus (74 actuellement).

Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Version de la base de données: 8258 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 28/11/2011 22:17:46 mbam-log-2011-11-28 (22-17-46).txt Type d'examen: Examen complet (C:\|D:\|Q:\|) Elément(s) analysé(s): 282485 Temps écoulé: 2 heure(s), 24 minute(s), 15 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{333E6195-0288-1F39-84EB-082CE9041102} (Trojan.ZbotR.Gen) -> Value: {333E6195-0288-1F39-84EB-082CE9041102} -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Users\elodie\AppData\Roaming\privacy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\elodie\Desktop\rk_quarantine\privacy.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\elodie\AppData\Roaming\Qeohdii\dimiil.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

Unsigned file Suspicious file, medium risk TrueSight.sys MD5 : f69641efdb18acb4753b0155f7deed5 Skip ou delete ?

# AdwCleaner v1.319 - Rapport créé le 28/11/2011 à 18:11:48 # Mis à jour le 20/11/11 à 11h par Xplode # Système d'exploitation : Windows 7 Starter Service Pack 1 (32 bits) # Nom d'utilisateur : elodie - ELODIE-PC (Administrateur) # Exécuté depuis : C:\Users\elodie\Downloads\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Users\elodie\AppData\Roaming\FissaSearch Dossier Supprimé : C:\Users\elodie\AppData\Roaming\OfferBox Dossier Supprimé : C:\Program Files\Ask.com Dossier Supprimé : C:\Program Files\OfferBox Fichier Supprimé : C:\Users\elodie\F_ajour.jar Fichier Supprimé : C:\Users\elodie\errorlog.tmp ***** [Registre] ***** Clé Supprimée : HKCU\Software\FissaSearch Clé Supprimée : HKCU\Software\Offerbox Clé Supprimée : HKLM\SOFTWARE\Offerbox Clé Supprimée : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer Clé Supprimée : HKLM\SOFTWARE\Classes\OfferBox.OfferBoxServer.1 Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E} Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4 Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD} Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD} Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec search-web Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chat-land.org Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.chat-land.org] Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [optical] Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com] ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.7601.17514 Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://pentoweb.net/ap8.php --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.search-web.net --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.search-web.net --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://www.search-web.net --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page_bak] = hxxp://www.search-web.net --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.search-web.net --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://www.search-web.net/keyword/ --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultName] = search-web.net --> hxxp://www.google.fr Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultURL] = hxxp://www.search-web.net/results.php?cx=partner-pub-4817357351118828%3Avhr5ng8vpns&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&ie=iso-8859-1&oe=iso-8859-1&q={searchTerms} --> hxxp://www.google.fr -\\ Google Chrome v0.0.0.0 Fichier : C:\Users\elodie\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[s1].txt - [4461 octets] - [28/11/2011 18:11:48] ************************* Dossier Temporaire : 89 dossier(s)et 963 fichier(s) supprimés ########## EOF - C:\AdwCleaner[s1].txt - [4683 octets] ##########

RogueKiller V6.1.10 [18/11/2011] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [url=http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html][RogueKiller] Remontées (1/37)[/url] Blog: [url=http://tigzyrk.blogspot.com]tigzy-RK[/url] Systeme d'exploitation: Windows 7 (6.1.7601 Service Pack 1) 32 bits version Demarrage : Mode normal Utilisateur: elodie [Droits d'admin] Mode: Suppression -- Date : 28/11/2011 17:35:33 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 8 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : binternet (C:\Users\elodie\binternet.exe) -> DELETED [sUSP PATH] HKCU\[...]\Run : tempHome (C:\Users\elodie\AppData\Local\Temp\racourci.vbe) -> DELETED [sUSP PATH] HKCU\[...]\Run : Protection (C:\Users\elodie\Protection1254.exe) -> DELETED [sUSP PATH] HKCU\[...]\Run : {333E6195-0288-1F39-84EB-082CE9041102} (C:\Users\elodie\AppData\Roaming\Qeohdii\dimiil.exe) -> DELETED [sUSP PATH] HKCU\[...]\Run : Privacy Protection (C:\Users\elodie\AppData\Roaming\privacy.exe) -> DELETED [sUSP PATH] Protection.lnk : C:\Users\elodie\Protection.exe -> DELETED [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : Rogue.AntiSpy-SP ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt

Bonjour, On m'a confié un pc pour réparation. Celui-ci est malheureusement infecté par Privacy Protection. Je suspecte la présence d'autres malwares. Voici un rapport préliminaire : Mon lien Cjoint Merci d'avance de votre aide.

up

bonjour, malheureusement les problèmes ont repris ce samedi avec l'envoi d'un spam a tous les contacts hotmail. dois-je changer mon mot de passe maintenant?

Job done Apollo.

up!!!

Cijoint.fr - Service gratuit de dépôt de fichiers Cijoint.fr - Service gratuit de dépôt de fichiers

Bonsoir, le dernier message date du 24/10/2010 @ 7h48 depuis pas de nouveau spam. Sacles, oui je viens de vérifier les messages sont présents dans "messages envoyés" malheureusement.

Bonsoir, la machine va très bien. Je vais faire le RSIT.

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4945 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26/10/2010 00:39:28 mbam-log-2010-10-26 (00-39-28).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 331663 Temps écoulé: 1 heure(s), 0 minute(s), 50 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files (x86)\Electronic Arts\Medal of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. C:\Users\Alain\Downloads\JD-Downloads\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. C:\Users\Alain\Downloads\JD-Downloads\Medal.of.Honor.CRACKONLY-ZHONGGUO\loader.dll (Riskware.Tool.CK) -> Quarantined and deleted successfully. C:\Users\Alain\Downloads\Programmes\astlog\astlog.exe (HackTool.Asterisk) -> Quarantined and deleted successfully.

- Logfile MSNCleaner 1.7.5 by www.forospyware.com - Created Logfile: 25/10/2010 on 22:52:22 - Operative System: Windows 7 - Boot mode: Safe mode _________________________________________ Detected files: 1 Deleted file: 1 Undeleted Files: 0 C:\Windows\System32\Packet.dll <--- Deleted Host file Restored

Bonjour, une fois par jour mon pc envoie des spams à tous mes contacts hotmail du genre : "35 this Dear Sir/Madam: How are you doing? we offer all kinds of electronics, such as Laptops, Cellphones, DC, LCD and Motorcycles etc... We'll offer the best products at the best price and service.we are here be your service! Website: www.eoffari.com round " ou " 97 number or ♀ brother ♀ 89 four ⊕ Dear potential partner, Do you need famous brand of electronic products with original quality and international warranty? Do you want to start your own business career for money making ? What ever you are a small personal business or largest wholesale entity we also can provide your support to be our stable customers or agent. We are largest wholesale business on consumming electronic products between America&China, laptops, Digital camera Videos,GPS,cellphone,mp4,game console and many other electronic products.which market is mainly in Europe,America,south Asia,Australia and Southen America. There is much profit for you if you are our stable customer or agent. For more information please contact us by following infomation : Website: http://www.yongxianfa.com Email: eoffar@188.com TV 103 thirteen am pencil-box student ruler an orange " J'ai Antivir et Windows 7. Merci de votre aide.

merci pour ta précieuse aide il me reste du boulot par contre

non il n'y a plus de problèmes

Virustotal. MD5: 0ee27d9dbb208c13314f3c60f66aed26 oui c'est moi qui a choisi de les ignorer je les connais.

le pc a l'air de fonctionner correctement. si tu ne vois rien d'anormal dans les rapports c'est résolu.

Supprimer le rootkit : W32/TDSS - Alureon ========================================== Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4333 Windows 5.2.3790 Service Pack 2, v.4478 Internet Explorer 8.0.6001.18702 21/07/2010 04:41:28 mbam-log-2010-07-21 (04-41-28).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 268170 Temps écoulé: 1 heure(s), 36 minute(s), 20 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Not selected for removal. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\Administrateur\Bureau\Téléchargements\tst_carte_wifi.exe (Trojan.Agent) -> Not selected for removal. C:\Documents and Settings\Administrateur\Bureau\Téléchargements\backups\backup-20100719-114414-461.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Mes documents\u98.exe (Adware.UltraReach) -> Not selected for removal. C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers.exe (Backdoor.Hupigon) -> Quarantined and deleted successfully. ================================================================================================= 02:24:09:718 3800 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 02:24:09:718 3800 ================================================================================ 02:24:09:718 3800 SystemInfo: 02:24:09:718 3800 OS Version: 5.2.3790 ServicePack: 2.0 02:24:09:718 3800 Product type: Workstation 02:24:09:718 3800 ComputerName: WINDOWS-B5D3568 02:24:09:718 3800 UserName: Administrateur 02:24:09:718 3800 Windows directory: C:\WINDOWS 02:24:09:718 3800 System windows directory: C:\WINDOWS 02:24:09:718 3800 Processor architecture: Intel x86 02:24:09:718 3800 Number of processors: 2 02:24:09:718 3800 Page size: 0x1000 02:24:09:718 3800 Boot type: Normal boot 02:24:09:718 3800 ================================================================================ 02:24:10:828 3800 Initialize success 02:24:10:828 3800 02:24:10:828 3800 Scanning Services ... 02:24:11:531 3800 Raw services enum returned 375 services 02:24:11:531 3800 02:24:11:531 3800 Scanning Drivers ... 02:24:15:546 3800 ACPI (97b8cf6b9df2d2e69c22cfb7c3a69c5c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 02:24:16:140 3800 ACPIEC (8a9a35958ca635c4a4514ca396178e5d) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 02:24:17:968 3800 aec (53847f4df76170ac87bb441c39edb5f1) C:\WINDOWS\system32\drivers\aec.sys 02:24:18:375 3800 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys 02:24:18:703 3800 AFD (78859e016e13e68fa9258f563fda4219) C:\WINDOWS\System32\drivers\afd.sys 02:24:19:609 3800 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 02:24:20:140 3800 AmUStor (53952d6d1bdec4090abca19d84f34e20) C:\WINDOWS\system32\drivers\AmUStor.SYS 02:24:20:468 3800 AR5416 (864a4047208c02e5b3b2d907c920597d) C:\WINDOWS\system32\DRIVERS\athw.sys 02:24:20:953 3800 AsUpIO (e67493490466b5f04b58c22d2590e8ca) C:\WINDOWS\system32\drivers\AsUpIO.sys 02:24:21:265 3800 aswFsBlk (0c0b08847f2f24baa7bd43d8f2c6c8b0) C:\WINDOWS\system32\drivers\aswFsBlk.sys 02:24:21:625 3800 aswMonFlt (effc39a1edf04e83a42279d9daa696a7) C:\WINDOWS\system32\drivers\aswMonFlt.sys 02:24:22:000 3800 aswRdr (f385ffd39165453fda96736aa3edfd9d) C:\WINDOWS\system32\drivers\aswRdr.sys 02:24:22:390 3800 aswSP (45adea26bf613a54fed64ecdd12e58a7) C:\WINDOWS\system32\drivers\aswSP.sys 02:24:22:812 3800 aswTdi (c4ee975c87176f1900662d2874233c7f) C:\WINDOWS\system32\drivers\aswTdi.sys 02:24:23:250 3800 AsyncMac (a35b971f631d4dfdeb68d71e770d2ce9) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 02:24:23:625 3800 atapi (ff953a8f08ca3f822127654375786bbe) C:\WINDOWS\system32\DRIVERS\atapi.sys 02:24:24:312 3800 Atmarpc (d12dad5032285343ce3aa4906f661181) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 02:24:24:937 3800 audstub (5bfd980c2107d88101d1dc14055526fc) C:\WINDOWS\system32\DRIVERS\audstub.sys 02:24:25:578 3800 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 02:24:25:890 3800 avgntflt (c30b5fc0adcdfba7668e99baf0cbf58e) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 02:24:26:250 3800 Beep (99572503e15a3d10239b7b9887cbaf89) C:\WINDOWS\system32\drivers\Beep.sys 02:24:26:687 3800 Bridge (4a22a4dc11a3cd0a3b610960395bedaf) C:\WINDOWS\system32\DRIVERS\bridge.sys 02:24:26:687 3800 BridgeMP (4a22a4dc11a3cd0a3b610960395bedaf) C:\WINDOWS\system32\DRIVERS\bridge.sys 02:24:27:421 3800 cbidf2k (1342877de604a5a6bff986e288e3a8a7) C:\WINDOWS\system32\drivers\cbidf2k.sys 02:24:27:875 3800 CCDECODE (9db6306ead8a885d9f8285eb1cba9d49) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 02:24:28:187 3800 Cdfs (e6d72780c957b69c48bfc66bc3ecdad4) C:\WINDOWS\system32\drivers\Cdfs.sys 02:24:28:609 3800 Cdrom (825aa877a852ecc731fa0c39c8c37744) C:\WINDOWS\system32\DRIVERS\cdrom.sys 02:24:29:046 3800 CmBatt (f9d6abd426e51ed3f688d42d8467c62d) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 02:24:29:390 3800 Compbatt (1dcbf98f0fa712e384a1a2926f774673) C:\WINDOWS\system32\DRIVERS\compbatt.sys 02:24:30:265 3800 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys 02:24:30:687 3800 crcdisk (a0f535d1745c7308a50810f9c7e7d9e1) C:\WINDOWS\system32\DRIVERS\crcdisk.sys 02:24:30:687 3800 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\crcdisk.sys. Real md5: a0f535d1745c7308a50810f9c7e7d9e1, Fake md5: 0ee27d9dbb208c13314f3c60f66aed26 02:24:30:687 3800 File "C:\WINDOWS\system32\DRIVERS\crcdisk.sys" infected by TDSS rootkit ... 02:24:33:062 3800 Backup copy found, using it.. 02:24:33:062 3800 will be cured on next reboot 02:24:33:781 3800 DfsDriver (444726b01c31d29c70e60f7c35de43e5) C:\WINDOWS\system32\drivers\Dfs.sys 02:24:34:265 3800 Disk (98433302c02f1168efb7364f8111a179) C:\WINDOWS\system32\DRIVERS\disk.sys 02:24:34:625 3800 dmboot (8acf355dd241391ee3fde098f9539aaa) C:\WINDOWS\system32\drivers\dmboot.sys 02:24:35:140 3800 dmio (3a6bd8bb458b88a6ede5eb36f36b40aa) C:\WINDOWS\system32\drivers\dmio.sys 02:24:35:906 3800 dmload (3d9bfa13b6f1cd2d91c50c52b32e91a2) C:\WINDOWS\system32\drivers\dmload.sys 02:24:36:687 3800 DMusic (f22e49c8681116e2fd74d7021aa32f13) C:\WINDOWS\system32\drivers\DMusic.sys 02:24:38:093 3800 driverhardwarev2 (685a4f171de1a9464de7d0a3782f8449) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys 02:24:38:593 3800 drmkaud (3f31fa82741d2b1c53e4144ef817444e) C:\WINDOWS\system32\drivers\drmkaud.sys 02:24:39:109 3800 Ekauio (676404927734cd79d1c20a22b8e76cca) C:\WINDOWS\system32\DRIVERS\ekauio.sys 02:24:39:890 3800 Ext2fs (fbc0e085a5becba5dd3c401eeb6e45bb) C:\WINDOWS\system32\DRIVERS\ext2fs.sys 02:24:40:343 3800 Fastfat (e792a18abdc32286212dce8e75baa124) C:\WINDOWS\system32\drivers\Fastfat.sys 02:24:40:781 3800 Fdc (5090cd3f6ab1d71ad507953cff556ea9) C:\WINDOWS\system32\drivers\Fdc.sys 02:24:41:265 3800 Fips (7069604c3eb6e5dfcd0612343be995af) C:\WINDOWS\system32\drivers\Fips.sys 02:24:41:765 3800 Flpydisk (c621a51f415419a3145a5939abde39fa) C:\WINDOWS\system32\drivers\Flpydisk.sys 02:24:42:203 3800 FltMgr (f978277ef786532195cdd9f88e908632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 02:24:42:609 3800 Fs_Rec (aebff3d810b74971b91b2b77b289a98b) C:\WINDOWS\system32\drivers\Fs_Rec.sys 02:24:43:187 3800 Ftdisk (5e131e34c4b86adf3f2edc545800efd2) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 02:24:43:734 3800 Gpc (30b1653a955f548352024a5fee203cc3) C:\WINDOWS\system32\DRIVERS\msgpc.sys 02:24:44:546 3800 GPU-Z (82f814582e869fdd54cafb67f9992deb) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GPU-Z.sys 02:24:45:750 3800 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 02:24:46:531 3800 HidUsb (90a325e14f9b95f17712707b1a7181b5) C:\WINDOWS\system32\DRIVERS\hidusb.sys 02:24:47:953 3800 HTTP (e2adb22c527547bf1dae307365808d76) C:\WINDOWS\system32\Drivers\HTTP.sys 02:24:48:296 3800 HWiNFO32 (fba8b631be54c5fa7f9b792b92ec69a3) C:\Program Files\Windows Trust\HWiNFO32\HWiNFO32.SYS 02:24:49:093 3800 i8042prt (547dd3f5d80008124259893e265340b9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 02:24:49:515 3800 IfsMount (f3f825fcc70471fd967126e1871b2cdc) C:\WINDOWS\system32\DRIVERS\ifsmount.sys 02:24:50:171 3800 imapi (44c132b35921b54b4a9ac64369d86d83) C:\WINDOWS\system32\DRIVERS\imapi.sys 02:24:51:078 3800 IntcAzAudAddService (691dda8c43bd8e33a2567b694643c3f5) C:\WINDOWS\system32\drivers\RtkHDAud.sys 02:24:52:453 3800 intelppm (13fb102e1f4f8c6c6a0f04f424b08507) C:\WINDOWS\system32\DRIVERS\intelppm.sys 02:24:52:875 3800 Ip6Fw (d7e7e7898a05c53dd862b49828747c1e) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 02:24:53:203 3800 IpFilterDriver (5a41f207b7c39ee4918f7496a4f19b14) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 02:24:53:328 3800 IpNat (890e7a14a63aec2ea9257a79a88be784) C:\WINDOWS\system32\DRIVERS\ipnat.sys 02:24:53:656 3800 IPSec (1a9aeac49683b32df55b7fb1516f3028) C:\WINDOWS\system32\DRIVERS\ipsec.sys 02:24:54:421 3800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 02:24:54:812 3800 isapnp (b1a0e76113fa020cd2cb025b34c9c7fd) C:\WINDOWS\system32\DRIVERS\isapnp.sys 02:24:55:312 3800 Kbdclass (0231fbb7ba04f0c252998b0a9aded1a6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 02:24:55:671 3800 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 02:24:56:062 3800 kmixer (80e7673fda20c7baca5749bbb2797866) C:\WINDOWS\system32\drivers\kmixer.sys 02:24:56:421 3800 KSecDD (e0b3c13a8499632c46d91a37ca11d761) C:\WINDOWS\system32\drivers\KSecDD.sys 02:24:57:031 3800 Modem (d12ff464d5cbc1a48e81aa6f7d1c218b) C:\WINDOWS\system32\drivers\Modem.sys 02:24:57:609 3800 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 02:24:58:171 3800 Mouclass (58cc395b48fda305e9d40c6808a3aca6) C:\WINDOWS\system32\DRIVERS\mouclass.sys 02:24:58:703 3800 mouhid (71f94c0ce54b44a5aaa845e8b017b954) C:\WINDOWS\system32\DRIVERS\mouhid.sys 02:24:59:187 3800 MountMgr (fc43a7a34309c750b9daeadf2f6ec9b9) C:\WINDOWS\system32\drivers\MountMgr.sys 02:24:59:687 3800 MRxSmb (e522d38fb367e9c10f03b2ab499d21fc) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 02:25:00:078 3800 Msfs (8f50b87361585763841c6b603d23260c) C:\WINDOWS\system32\drivers\Msfs.sys 02:25:00:531 3800 MSKSSRV (baa279ecaaff6564ba289d38be2e1e83) C:\WINDOWS\system32\drivers\MSKSSRV.sys 02:25:00:593 3800 MSPCLOCK (5d3de11af7f2adf006fb723b0f6b2afa) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 02:25:01:187 3800 MSPQM (ee4171d3f3ceaa7386561aad262f8bd3) C:\WINDOWS\system32\drivers\MSPQM.sys 02:25:01:687 3800 mssmbios (92afab2f216ce8ffbad3bc510fcf4a33) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 02:25:02:140 3800 MSTEE (9e2608d6c72af838d4a5555a859b26c3) C:\WINDOWS\system32\drivers\MSTEE.sys 02:25:02:531 3800 Mup (e0c7b0d27376d7341fc0a0797476adec) C:\WINDOWS\system32\drivers\Mup.sys 02:25:02:906 3800 NABTSFEC (eea65047a31944e4db6c81c5eb616b70) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 02:25:03:203 3800 NDIS (33739ab31d36184772af1ee132d5c2e2) C:\WINDOWS\system32\drivers\NDIS.sys 02:25:03:640 3800 NdisIP (4663329da2727e517872d8ac1d19a2e0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 02:25:03:906 3800 NdisTapi (bbab8ce7a8d2b1302da0b03825d9cae4) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 02:25:04:265 3800 Ndisuio (8b8e682b03483092e17ab9dfe70fedff) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 02:25:04:656 3800 NdisWan (1b397eef4614419be5679e0209f7848b) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 02:25:05:125 3800 NDProxy (d3ced37468b3303ef0c8b24b0585390f) C:\WINDOWS\system32\drivers\NDProxy.sys 02:25:05:468 3800 NetBIOS (a0d5d6ae530ca78a062fc0471f1e6f78) C:\WINDOWS\system32\DRIVERS\netbios.sys 02:25:05:890 3800 NetBT (5cd7cca08498ec8753b22e92d367ca11) C:\WINDOWS\system32\DRIVERS\netbt.sys 02:25:07:125 3800 nhcDriverDevice (37260a293b6a89373ae76791e6cc5a12) C:\WINDOWS\system32\drivers\nhcDriver.sys 02:25:07:875 3800 nibitor (2dde996f6adf1cc0ccddfc16cf08a1dc) C:\Documents and Settings\Administrateur\Mes documents\Tools\NiBiTor.v5.6\NiBiTor.v5.6\nibitor.sys 02:25:08:359 3800 npf (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys 02:25:08:671 3800 Npfs (d5bb605f6dcbdfe0129670c8de57913e) C:\WINDOWS\system32\drivers\Npfs.sys 02:25:09:015 3800 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS 02:25:09:562 3800 Ntfs (482ea51aadb8763a0f67588c394ec693) C:\WINDOWS\system32\drivers\Ntfs.sys 02:25:09:890 3800 Null (5db0ede7aaf3a7bc9110d18c12524be0) C:\WINDOWS\system32\drivers\Null.sys 02:25:11:593 3800 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 02:25:13:562 3800 NVHDA (049aa7021e5406e77f3535be66635b74) C:\WINDOWS\system32\drivers\nvhda32.sys 02:25:13:734 3800 NVR0Dev (9ce1b0e5cfa8223cec3be1c7616e9f63) C:\WINDOWS\nvoclock.sys 02:25:13:796 3800 NVR0FLASHDev (a73f918ec995dddbfb0d0cf1f546089a) C:\WINDOWS\nvflash.sys 02:25:14:187 3800 nvsmu (f13618f0cb1e95232f4c2401592a59e9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys 02:25:14:578 3800 Parport (bac51b15614a91a00b842124bf0eba00) C:\WINDOWS\system32\drivers\Parport.sys 02:25:15:031 3800 PartMgr (4eb6f7418959444a06d3c51eb81bff04) C:\WINDOWS\system32\drivers\PartMgr.sys 02:25:15:421 3800 PCI (26a2354f4e2ffeca0cd8028deb8ea658) C:\WINDOWS\system32\DRIVERS\pci.sys 02:25:15:765 3800 PCIIde (8233f4066db48dd66303f838e5aabfde) C:\WINDOWS\system32\DRIVERS\pciide.sys 02:25:16:156 3800 Pcmcia (2d8cdb7bbc10a8fe5f862ec5b358ae26) C:\WINDOWS\system32\drivers\Pcmcia.sys 02:25:17:890 3800 PptpMiniport (4454f2639bcca93be86a45137e427277) C:\WINDOWS\system32\DRIVERS\raspptp.sys 02:25:18:234 3800 Ptilink (0320fd91fb5ed4298355977cecfc0eb4) C:\WINDOWS\system32\DRIVERS\ptilink.sys 02:25:20:500 3800 RasAcd (48ee7b6802c0306f9a66f34db7e9ef75) C:\WINDOWS\system32\DRIVERS\rasacd.sys 02:25:20:875 3800 Rasl2tp (3633175613e052ecb41776dee2777a89) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 02:25:21:265 3800 RasPppoe (59842f0a22216a71cade6f89fe84c973) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 02:25:21:703 3800 Raspti (5b11871de804d3ed28bbdcc65fe14ede) C:\WINDOWS\system32\DRIVERS\raspti.sys 02:25:22:156 3800 Rdbss (54ea9b760ec1bebff9e1de5fa97f029d) C:\WINDOWS\system32\DRIVERS\rdbss.sys 02:25:22:531 3800 RDPCDD (ac5bb528ecd2bea4ff4bff9df9baf749) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 02:25:22:984 3800 rdpdr (ff678596b761e1ccba79f49981ef51bc) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 02:25:23:328 3800 RDPWD (477d7af3c3583eb85e23375225650b1c) C:\WINDOWS\system32\drivers\RDPWD.sys 02:25:23:687 3800 redbook (a836cb8b3efaff107ac506428bfa6187) C:\WINDOWS\system32\DRIVERS\redbook.sys 02:25:23:875 3800 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys 02:25:24:296 3800 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys 02:25:24:718 3800 RTLWUSB (0534004db838fd5ae5f64e8d78a544dd) C:\WINDOWS\system32\DRIVERS\RTL8187.sys 02:25:25:140 3800 sacdrv (670d823b2bdb9680735dc5bd350750c8) C:\WINDOWS\system32\drivers\sacdrv.sys 02:25:25:625 3800 SbieDrv (0e5a3d6b8362d7b44dbf56acd2c090ce) C:\Program Files\Sandboxie\SbieDrv.sys 02:25:26:093 3800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 02:25:26:468 3800 Serial (278b3609325a29828858f9aee13ec128) C:\WINDOWS\system32\drivers\Serial.sys 02:25:26:875 3800 Sfloppy (831826dc54fa225f0b654ef2f1e13af9) C:\WINDOWS\system32\drivers\Sfloppy.sys 02:25:27:359 3800 SLIP (0abbfad14c4de228bcc0260f7182d830) C:\WINDOWS\system32\DRIVERS\SLIP.sys 02:25:28:281 3800 SNP2UVC (03210c439d0c1224eb36865c8010dab6) C:\WINDOWS\system32\DRIVERS\snp2uvc.sys 02:25:29:109 3800 splitter (b49a94bf901af449c25f41a3cfaaae6b) C:\WINDOWS\system32\drivers\splitter.sys 02:25:30:031 3800 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 02:25:30:031 3800 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 02:25:30:687 3800 Srv (d2d6976bf5b3bc36f401435337bd62ed) C:\WINDOWS\system32\DRIVERS\srv.sys 02:25:31:406 3800 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 02:25:32:171 3800 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 02:25:32:671 3800 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 02:25:33:328 3800 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 02:25:34:046 3800 streamip (490f6fa24633bd351c1664040f12daee) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 02:25:34:687 3800 swenum (93965919785102ba847545ab460ce2df) C:\WINDOWS\system32\DRIVERS\swenum.sys 02:25:35:281 3800 swmidi (e28a71b057f89abe9e3133548d3fbc1d) C:\WINDOWS\system32\drivers\swmidi.sys 02:25:39:453 3800 sysaudio (e69064b5e7e85201db55fad909912fd0) C:\WINDOWS\system32\drivers\sysaudio.sys 02:25:39:984 3800 tap0901t (b7aee68d2e867cbf69b649b18fcedbbb) C:\WINDOWS\system32\DRIVERS\tap0901t.sys 02:25:40:578 3800 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys 02:25:41:296 3800 Tcpip (c49bdbc4b630d6ea46c49ca339026f80) C:\WINDOWS\system32\DRIVERS\tcpip.sys 02:25:41:984 3800 TDPIPE (45d49fb800463de84d1cc2e231319ad5) C:\WINDOWS\system32\drivers\TDPIPE.sys 02:25:42:703 3800 TDTCP (d7c31008de209b8b11ced207580e9c91) C:\WINDOWS\system32\drivers\TDTCP.sys 02:25:43:343 3800 TermDD (a01e46fff445a38d35db188c5458582c) C:\WINDOWS\system32\DRIVERS\termdd.sys 02:25:44:531 3800 Udfs (c26024265a7523312a5d06fc33aa57aa) C:\WINDOWS\system32\drivers\Udfs.sys 02:25:45:703 3800 UnlockerDriver5 (4847639d852763ee39415c929470f672) C:\Program Files\Unlocker\UnlockerDriver5.sys 02:25:46:390 3800 Update (300c31e13018667442b28cbb2cf03542) C:\WINDOWS\system32\DRIVERS\update.sys 02:25:46:828 3800 usbccgp (185959a7fccfd38aa71a274ae6252b88) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 02:25:47:296 3800 usbehci (9dd4aba9462938734bcbf51d8669c884) C:\WINDOWS\system32\DRIVERS\usbehci.sys 02:25:47:656 3800 usbhub (17859937740bc0d422fe71a588d6ddf7) C:\WINDOWS\system32\DRIVERS\usbhub.sys 02:25:48:015 3800 usbohci (910b3b46da0fb5520988f351d0719342) C:\WINDOWS\system32\DRIVERS\usbohci.sys 02:25:48:421 3800 usbscan (ff0464bab0572888111f22da5b9a5fe7) C:\WINDOWS\system32\DRIVERS\usbscan.sys 02:25:48:859 3800 USBSTOR (d0740ff9f7e819486e88096826b4dc37) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 02:25:49:281 3800 usbvideo (38b2a6ad8207e3187b8159209a2fa587) C:\WINDOWS\system32\Drivers\usbvideo.sys 02:25:49:703 3800 VBoxDrv (12525f65e8c561b66e0bce2de2018c0c) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys 02:25:50:093 3800 VBoxNetAdp (b9d3c274e937a15fd2cef8aa1e4c3477) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys 02:25:50:500 3800 VBoxNetFlt (601fe4801743b00b446ef8e21e753ed5) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys 02:25:50:937 3800 VBoxUSB (257358491d40bd541b9b8ce6f9917ef0) C:\WINDOWS\system32\Drivers\VBoxUSB.sys 02:25:51:437 3800 VBoxUSBMon (4ac4d33350cdd927cd575934cf983e68) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys 02:25:51:859 3800 vga (2eb062b434792bb6bb614f107dd3a5cf) C:\WINDOWS\system32\DRIVERS\vgapnp.sys 02:25:52:187 3800 VgaSave (062fbc10147fd837d819f94aa394e661) C:\WINDOWS\System32\drivers\vga.sys 02:25:52:984 3800 VolSnap (988832bf24be4488ff24d99842cdd86d) C:\WINDOWS\system32\DRIVERS\volsnap.sys 02:25:53:437 3800 Wanarp (ce030b1d05a01fa012d32f2d25676b1c) C:\WINDOWS\system32\DRIVERS\wanarp.sys 02:25:53:843 3800 wd (8e0afd92e82165f218377682fd34f300) C:\WINDOWS\system32\DRIVERS\wd.sys 02:25:54:218 3800 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys 02:25:54:671 3800 wdmaud (fd5a720d7997ab69122c96cdd014d43a) C:\WINDOWS\system32\drivers\wdmaud.sys 02:25:55:078 3800 WLBS (05cfc81cc33304041ea69ad722a55af5) C:\WINDOWS\system32\DRIVERS\wlbs.sys 02:25:55:421 3800 WmiAcpi (e80b703695ef1dca481da7b69b0d8de3) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 02:25:56:250 3800 WSIMD (7a36f3083e28405d6c5ecdb942513c3b) C:\WINDOWS\system32\DRIVERS\wsimd.sys 02:25:57:109 3800 WSTCODEC (eb61bb73bb5a318f3df5d73ad1ba2e03) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 02:25:57:781 3800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 02:25:58:281 3800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 02:25:58:281 3800 Reboot required for cure complete.. 02:25:58:750 3800 Cure on reboot scheduled successfully 02:25:58:750 3800 02:25:58:750 3800 Completed 02:25:58:750 3800 02:25:58:750 3800 Results: 02:25:58:750 3800 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 02:25:58:750 3800 File objects infected / cured / cured on reboot: 1 / 0 / 1 02:25:58:750 3800 02:25:58:750 3800 KLMD(ARK) unloaded successfully ===========================================================================