Mon ordi a été infecté par vsbntlo

sacha99 · le 24 août 2010

Bon alors déja bonne nouvelle, je poste depuis l'ordi infecté,internet remarche sans problème. Par contre je suis toujours en mode sans échec, je teste le mode normal et j'édite pour dire si ca marche ou pas ...

EDIT : l'ordinateur reste bloqué au moment où il charge windows quand les barres vertes "progressent". Il est pas vraiment bloqué puisqu'il semble charger normalement mais ca dure beaucoup trop longtemps pour être normal !

Pour combofix il n'y avait rien d'autre dans le rapport.

Voici le rapport de RSIT :

Logfile of random's system information tool 1.08 (written by random/random)

Run by dieryck at 2010-08-24 13:00:42

Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2

System drive C: has 44 GB (9%) free of 477 GB

Total RAM: 2046 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:01:03, on 24/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Safe mode with network support

Running processes:

C:\Windows\Explorer.EXE

C:\Users\dieryck\Desktop\RSIT.exe

C:\Program Files\trend micro\dieryck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sys32V2Contoller] C:\Windows\mw2mmgr32\mw2mmgr32.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Wrapper] runonce

O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe

O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Service Google Update (gupdate1c9b239ebb99295) (gupdate1c9b239ebb99295) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe

O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe

O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 22093 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

C:\Windows\tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-31 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-06-13 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]

STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll [2010-08-18 247248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]

"Sys32V2Contoller"=C:\Windows\mw2mmgr32\mw2mmgr32.exe [2010-05-21 221696]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

""= []

"Wrapper"=runonce []

"GrpConv"=grpconv -o []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]

C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

C:\Program Files\Electronic Arts\EADM\Core.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2010-04-28 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2009-08-06 41051]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-12-15 384000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-08-24 00:16:38 ----SHD---- C:\$RECYCLE.BIN

2010-08-24 00:11:10 ----D---- C:\Windows\temp

2010-08-24 00:00:54 ----A---- C:\Windows\NIRCMD.exe

2010-08-24 00:00:47 ----D---- C:\ComboFix

2010-08-24 00:00:32 ----A---- C:\Windows\SWXCACLS.exe

2010-08-23 22:35:16 ----A---- C:\Windows\zip.exe

2010-08-23 22:35:16 ----A---- C:\Windows\SWSC.exe

2010-08-23 22:35:16 ----A---- C:\Windows\SWREG.exe

2010-08-23 22:35:16 ----A---- C:\Windows\sed.exe

2010-08-23 22:35:16 ----A---- C:\Windows\PEV.exe

2010-08-23 22:35:16 ----A---- C:\Windows\MBR.exe

2010-08-23 22:35:16 ----A---- C:\Windows\grep.exe

2010-08-23 22:35:10 ----D---- C:\Windows\ERDNT

2010-08-23 22:33:52 ----D---- C:\Qoobox

2010-08-23 16:43:47 ----D---- C:\Program Files\trend micro

2010-08-23 16:43:46 ----D---- C:\rsit

2010-08-23 11:58:50 ----D---- C:\Program Files\STOPzilla!

2010-08-23 11:58:46 ----D---- C:\Program Files\Common Files\iS3

2010-08-23 11:58:43 ----D---- C:\ProgramData\STOPzilla!

2010-08-23 11:08:18 ----D---- C:\Users\dieryck\AppData\Roaming\Malwarebytes

2010-08-23 11:08:12 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys

2010-08-23 11:08:11 ----D---- C:\ProgramData\Malwarebytes

2010-08-23 11:08:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-08-23 11:08:11 ----A---- C:\Windows\system32\drivers\mbam.sys

2010-08-22 23:46:35 ----D---- C:\Windows\Minidump

2010-08-22 23:46:29 ----A---- C:\Windows\ntbtlog.txt

2010-08-22 23:25:30 ----A---- C:\Windows\system32\drivers\hhakkp.sys

2010-08-18 19:11:46 ----RA---- C:\Windows\system32\SZIO5.dll

2010-08-18 19:11:46 ----RA---- C:\Windows\system32\SZComp5.dll

2010-08-18 19:11:46 ----RA---- C:\Windows\system32\IS3HTUI5.dll

2010-08-18 19:11:44 ----RA---- C:\Windows\system32\SZBase5.dll

2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3XDat5.dll

2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3Svc5.dll

2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3Hks5.dll

2010-08-18 19:11:44 ----RA---- C:\Windows\system32\IS3DBA5.dll

2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Win325.dll

2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3UI5.dll

2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Inet5.dll

2010-08-18 19:11:42 ----RA---- C:\Windows\system32\IS3Base5.dll

2010-08-11 17:27:26 ----A---- C:\Windows\system32\mshtml.dll

2010-08-11 17:27:26 ----A---- C:\Windows\system32\iertutil.dll

2010-08-11 17:27:25 ----A---- C:\Windows\system32\urlmon.dll

2010-08-11 17:27:25 ----A---- C:\Windows\system32\ieframe.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\wininet.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\occache.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\mstime.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedssync.exe

2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeedsbs.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\msfeeds.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\jsproxy.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieUnatt.exe

2010-08-11 17:27:24 ----A---- C:\Windows\system32\ieui.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesysprep.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iesetup.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iernonce.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iepeers.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\iedkcs32.dll

2010-08-11 17:27:24 ----A---- C:\Windows\system32\ie4uinit.exe

2010-08-11 17:27:15 ----A---- C:\Windows\system32\iccvid.dll

2010-08-11 17:27:14 ----A---- C:\Windows\system32\schannel.dll

2010-08-11 17:27:08 ----A---- C:\Windows\system32\win32k.sys

2010-08-11 17:27:04 ----A---- C:\Windows\system32\rtutils.dll

2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntoskrnl.exe

2010-08-11 17:26:48 ----A---- C:\Windows\system32\ntkrnlpa.exe

2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv2.sys

2010-08-11 17:26:45 ----A---- C:\Windows\system32\drivers\srv.sys

2010-08-11 17:26:43 ----A---- C:\Windows\system32\msxml3.dll

2010-08-11 17:26:41 ----A---- C:\Windows\system32\drivers\tcpip.sys

2010-08-05 21:27:26 ----D---- C:\Users\dieryck\AppData\Roaming\Skype

2010-08-05 21:26:22 ----D---- C:\Program Files\Common Files\Skype

2010-08-05 21:26:21 ----RD---- C:\Program Files\Skype

2010-08-05 21:26:12 ----D---- C:\ProgramData\Skype

2010-08-03 11:00:12 ----A---- C:\Windows\system32\shell32.dll

======List of files/folders modified in the last 1 months======

2010-08-24 00:16:25 ----D---- C:\Windows

2010-08-24 00:16:25 ----A---- C:\Windows\system.ini

2010-08-24 00:16:21 ----D---- C:\Windows\system32\drivers\etc

2010-08-24 00:11:14 ----D---- C:\Windows\system32\drivers

2010-08-24 00:08:52 ----D---- C:\Windows\System32

2010-08-24 00:08:52 ----D---- C:\Windows\AppPatch

2010-08-24 00:08:51 ----D---- C:\Program Files\Common Files

2010-08-24 00:08:45 ----D---- C:\Windows\system32\wbem

2010-08-23 22:44:22 ----D---- C:\ProgramData

2010-08-23 22:23:06 ----SHD---- C:\System Volume Information

2010-08-23 16:46:00 ----D---- C:\Windows\Prefetch

2010-08-23 16:43:47 ----RD---- C:\Program Files

2010-08-23 16:41:19 ----D---- C:\Windows\inf

2010-08-23 16:41:19 ----A---- C:\Windows\system32\PerfStringBackup.INI

2010-08-23 13:46:11 ----D---- C:\Windows\Tasks

2010-08-23 12:33:00 ----D---- C:\Windows\Globalization

2010-08-23 12:01:26 ----SHD---- C:\Windows\Installer

2010-08-23 11:41:32 ----D---- C:\ProgramData\Google Updater

2010-08-23 11:38:19 ----D---- C:\Windows\Provisioning

2010-08-23 00:18:59 ----D---- C:\Windows\system32\Tasks

2010-08-23 00:03:43 ----D---- C:\Windows\system32\spool

2010-08-23 00:03:43 ----D---- C:\Windows\system32\catroot2

2010-08-23 00:03:43 ----D---- C:\Windows\registration

2010-08-22 23:51:56 ----D---- C:\Windows\system32\Msdtc

2010-08-16 19:26:35 ----D---- C:\Users\dieryck\AppData\Roaming\uTorrent

2010-08-16 01:50:58 ----SD---- C:\Windows\Downloaded Program Files

2010-08-12 12:17:53 ----D---- C:\Windows\winsxs

2010-08-12 12:16:10 ----D---- C:\Windows\Microsoft.NET

2010-08-12 12:15:44 ----RSD---- C:\Windows\assembly

2010-08-12 12:04:51 ----D---- C:\Windows\system32\migration

2010-08-12 12:04:51 ----D---- C:\Program Files\Internet Explorer

2010-08-12 12:04:48 ----D---- C:\Program Files\Movie Maker

2010-08-12 11:44:26 ----D---- C:\Windows\system32\catroot

2010-08-12 11:44:19 ----D---- C:\Program Files\Windows Mail

2010-08-04 17:12:50 ----D---- C:\Program Files\Common Files\Adobe

2010-08-04 17:12:07 ----D---- C:\Program Files\Common Files\PX Storage Engine

2010-08-04 17:11:57 ----D---- C:\Program Files\Adobe

2010-08-03 20:12:23 ----HD---- C:\Program Files\InstallShield Installation Information

2010-08-03 20:12:23 ----D---- C:\Program Files\Electronic Arts

2010-08-03 20:10:17 ----D---- C:\Program Files\Pcsx2

2010-08-03 20:09:31 ----A---- C:\Windows\system32\mrt.exe

2010-08-03 20:05:10 ----D---- C:\ProgramData\Media Center Programs

2010-08-03 08:45:01 ----D---- C:\Program Files\Mozilla Firefox

2010-08-02 07:15:14 ----A---- C:\Windows\win.ini

2010-08-01 22:50:42 ----HD---- C:\Windows\mw2mmgr32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 is3srv;is3srv; C:\Windows\system32\drivers\is3srv.sys [2009-12-07 61328]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-19 7680]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-12-29 104448]

S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-05-17 691696]

S0 uclp;uclp; C:\Windows\System32\drivers\ranjqep.sys []

S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]

S1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-05-01 96104]

S1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]

S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2009-06-21 281760]

S2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]

S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2009-06-21 25888]

S3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys []

S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-02 4179968]

S3 catchme;catchme; \??\C:\Users\dieryck\AppData\Local\Temp\catchme.sys []

S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]

S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]

S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]

S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]

S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]

S3 ovt530;Webcam Deluxe; C:\Windows\System32\Drivers\ov530vid.sys [2005-03-15 161792]

S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2008-05-08 269824]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]

S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-05 185089]

S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]

S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-01 720896]

S2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-04-08 345376]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 183280]

S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]

S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-07-30 75064]

S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]

S2 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2010-08-18 62928]

S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]

S3 Apache2.2;Apache2.2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]

S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636]

S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe [2009-03-16 6562432]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

a+

Modifié le 24 août 2010 par sacha99

nardino · le 24 août 2010

Bonjour,

Nous allons refaire un script Combofix :

driver::
ranjqep

hhakkp

rootkit::

C:\Windows\System32\drivers\ranjqep.sys

C:\Windows\system32\drivers\hhakkp.sys

Essaie ensuite de redémarrer en mode normal et poste le rapport.

@+

Modifié le 24 août 2010 par nardino

sacha99 · le 24 août 2010

Salut, tout semble marcher correctement

ComboFix 10-08-23.02 - dieryck 24/08/2010 13:44:17.1.2 - x86 NETWORK

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.2046.1563 [GMT 2:00]

Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe

Commutateurs utilisés :: c:\users\dieryck\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Exécution préalable -------

.

c:\windows\system32\DRIVERS\szkg.sys

c:\windows\system32\drivers\szkgfs.sys

c:\windows\system32\drivers\hhakkp.sys . . . . impossible à supprimer

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_HHAKKP

-------\Legacy_SZKGFS

-------\Service_hhakkp

-------\Service_szkgfs

-------\Legacy_szkg5

-------\Service_szkg5

-------\Legacy_HHAKKP

-------\Service_hhakkp

-------\Service_uclp

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-24 au 2010-08-24 ))))))))))))))))))))))))))))))))))))

.

2010-08-24 11:52 . 2010-08-24 11:58 -------- d-----w- c:\users\dieryck\AppData\Local\temp

2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro

2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit

2010-08-23 09:58 . 2010-08-23 09:58 -------- d-----w- c:\program files\STOPzilla!

2010-08-23 09:58 . 2010-08-23 09:58 -------- d-----w- c:\program files\Common Files\iS3

2010-08-23 09:58 . 2010-08-24 11:56 -------- d-----w- c:\programdata\STOPzilla!

2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\users\dieryck\AppData\Roaming\Malwarebytes

2010-08-23 09:08 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-23 09:08 . 2010-08-23 09:08 -------- d-----w- c:\programdata\Malwarebytes

2010-08-23 09:08 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-22 21:25 . 2010-08-23 09:34 -------- d-----w- c:\users\dieryck\AppData\Local\epgkyeupn

2010-08-20 19:32 . 2010-06-04 21:39 -------- d-----w- c:\users\dieryck\Tome 33

2010-08-18 17:11 . 2010-08-18 17:11 546256 ----a-r- c:\windows\system32\SZComp5.dll

2010-08-18 17:11 . 2010-08-18 17:11 22992 ----a-r- c:\windows\system32\SZIO5.dll

2010-08-18 17:11 . 2010-08-18 17:11 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll

2010-08-18 17:11 . 2010-08-18 17:11 99792 ----a-r- c:\windows\system32\IS3Svc5.dll

2010-08-18 17:11 . 2010-08-18 17:11 67024 ----a-r- c:\windows\system32\IS3Hks5.dll

2010-08-18 17:11 . 2010-08-18 17:11 447952 ----a-r- c:\windows\system32\SZBase5.dll

2010-08-18 17:11 . 2010-08-18 17:11 398800 ----a-r- c:\windows\system32\IS3DBA5.dll

2010-08-18 17:11 . 2010-08-18 17:11 28624 ----a-r- c:\windows\system32\IS3XDat5.dll

2010-08-18 17:11 . 2010-08-18 17:11 99792 ----a-r- c:\windows\system32\IS3Inet5.dll

2010-08-18 17:11 . 2010-08-18 17:11 738768 ----a-r- c:\windows\system32\IS3Base5.dll

2010-08-18 17:11 . 2010-08-18 17:11 390608 ----a-r- c:\windows\system32\IS3UI5.dll

2010-08-18 17:11 . 2010-08-18 17:11 230864 ----a-r- c:\windows\system32\IS3Win325.dll

2010-08-11 15:26 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-11 15:26 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-11 15:26 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-11 15:26 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-11 15:26 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll

2010-08-11 15:26 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-05 19:27 . 2010-08-23 09:41 -------- d-----w- c:\users\dieryck\AppData\Roaming\Skype

2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\program files\Common Files\Skype

2010-08-05 19:26 . 2010-08-05 19:27 -------- d-----r- c:\program files\Skype

2010-08-05 19:26 . 2010-08-05 19:26 -------- d-----w- c:\programdata\Skype

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-24 11:59 . 2010-08-24 11:55 1448 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg

2010-08-24 11:58 . 2010-08-24 11:56 400 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2010-08-24 11:58 . 2009-03-31 19:49 -------- d-----w- c:\programdata\Google Updater

2010-08-23 20:23 . 2010-08-23 20:23 785408 ----a-w- c:\windows\system32\drivers\30baa2d0dfb26df45ec667c40c4cd40d.szcpf

2010-08-23 14:41 . 2008-01-21 08:40 678056 ----a-w- c:\windows\system32\perfh00C.dat

2010-08-23 14:41 . 2008-01-21 08:40 126042 ----a-w- c:\windows\system32\perfc00C.dat

2010-08-16 17:26 . 2009-08-25 09:59 -------- d-----w- c:\users\dieryck\AppData\Roaming\uTorrent

2010-08-12 09:44 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-04 15:12 . 2009-03-28 16:42 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-04 15:12 . 2010-03-28 12:18 -------- d-----w- c:\program files\Common Files\PX Storage Engine

2010-08-03 18:12 . 2009-01-05 15:20 -------- d-----w- c:\program files\Electronic Arts

2010-08-03 18:12 . 2008-12-30 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-03 18:10 . 2010-05-14 15:28 -------- d-----w- c:\program files\Pcsx2

2010-08-03 18:05 . 2009-01-03 16:51 -------- d-----w- c:\programdata\Media Center Programs

2010-06-28 20:00 . 2010-06-28 20:00 -------- d-----w- c:\programdata\2DBoy

2010-06-28 19:57 . 2010-06-28 19:57 -------- d-----w- c:\program files\WorldOfGoo

2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\users\dieryck\AppData\Roaming\Ubisoft

2010-06-28 19:43 . 2010-06-28 19:43 -------- d-----w- c:\programdata\Ubisoft

2010-06-28 19:31 . 2009-01-01 12:42 -------- d-----w- c:\program files\Ubisoft

2010-06-26 18:40 . 2010-06-26 18:40 -------- d-----w- c:\program files\Microsoft.NET

2010-06-26 06:05 . 2010-08-11 15:27 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-26 06:02 . 2010-08-11 15:27 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-06-26 06:02 . 2010-08-11 15:27 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-06-26 04:25 . 2010-08-11 15:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-06-21 13:37 . 2010-08-11 15:27 2037760 ----a-w- c:\windows\system32\win32k.sys

2010-06-18 17:31 . 2010-08-11 15:27 36864 ----a-w- c:\windows\system32\rtutils.dll

2010-06-13 15:52 . 2008-12-30 17:12 70728 ----a-w- c:\users\dieryck\AppData\Local\GDIPFONTCACHEV1.DAT

2010-06-13 12:16 . 2009-03-01 17:11 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-06-11 16:16 . 2010-08-11 15:27 274944 ----a-w- c:\windows\system32\schannel.dll

2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-27 20:08 . 2010-08-11 15:27 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-05-26 17:06 . 2010-06-09 11:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:47 . 2010-06-09 11:11 289792 ----a-w- c:\windows\system32\atmfd.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

"Sys32V2Contoller"="c:\windows\mw2mmgr32\mw2mmgr32.exe" [2010-05-21 221696]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk

backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^dieryck^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]

path=c:\users\dieryck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk

backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 03:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]

2008-07-11 16:51 423200 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-04-28 13:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-17 19:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(b):d3,2b,ea,32,0e,ec,c9,01

R0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [x]

R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9b239ebb99295;Service Google Update (gupdate1c9b239ebb99295);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 133104]

R2 TBS;Services de base de module de plateforme sécurisée;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2009-08-06 24645]

R3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\brfiltlo.sys [2006-11-02 13568]

R3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\brfiltup.sys [2006-11-02 5248]

R3 CertPropSvc;Propagation du certificat;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]

R3 DFSR;Réplication DFS;c:\windows\system32\DFSR.exe [2009-04-11 2092544]

R3 E1G60;Intel® PRO/1000 NDIS 6 Adapter Driver;c:\windows\system32\DRIVERS\E1G60I32.sys [2008-01-21 118784]

R3 Filetrace;Filetrace;c:\windows\system32\drivers\filetrace.sys [2008-01-21 27648]

R3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 IPBusEnum;Énumérateur de bus IP PnP-X;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 KeyIso;Isolation de clé CNG;c:\windows\system32\lsass.exe [2009-06-15 9728]

R3 lltdsvc;Mappage de découverte de topologie de la couche de liaison;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 MSiSCSI;Service Initiateur iSCSI de Microsoft;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 MsRPC;MsRPC; [x]

R3 NativeWifiP;Filtre NativeWiFi;c:\windows\system32\DRIVERS\nwifi.sys [2009-04-11 148480]

R3 pla;Journaux & alertes de performance;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 PNRPAutoReg;Service de publication des noms d’ordinateurs PNRP;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 SCPolicySvc;Stratégie de retrait de la carte à puce;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 SDRSVC;Sauvegarde Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 SessionEnv;Configuration des services Terminal Server;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 sffp_mmc;SFF Storage Protocol Driver for MMC;c:\windows\system32\drivers\sffp_mmc.sys [2008-01-21 12288]

R3 SLUINotify;Service de notification de l’interface utilisateur SL;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 THREADORDER;Serveur de priorités des threads;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 tssecsrv;Terminal Services Security Filter Driver;c:\windows\system32\DRIVERS\tssecsrv.sys [2008-01-21 23552]

R3 UI0Detect;Détection de services interactifs;c:\windows\system32\UI0Detect.exe [2008-01-21 35840]

R3 uliagpkx;Uli AGP Bus Filter;c:\windows\system32\drivers\uliagpkx.sys [2008-01-21 60984]

R3 wcncsvc;Windows Connect Now - Registre de configuration;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 WcsPlugInService;Système de couleurs Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 WdiServiceHost;Service hôte WDIServiceHost;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 Wecsvc;Collecteur d'événements de Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 wercplsupport;Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration;c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 WinRM;Gestion à distance de Windows (Gestion WSM);c:\windows\System32\svchost.exe [2008-01-21 21504]

R3 Wlansvc;Service de configuration automatique WLAN;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 WPCSvc;Contrôle parental;c:\windows\system32\svchost.exe [2008-01-21 21504]

R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 adp94xx;adp94xx;c:\windows\system32\drivers\adp94xx.sys [2008-01-21 422968]

R4 adpahci;adpahci;c:\windows\system32\drivers\adpahci.sys [2008-01-21 300600]

R4 arcsas;arcsas;c:\windows\system32\drivers\arcsas.sys [2008-01-21 79928]

R4 blbdrive;blbdrive;c:\windows\system32\drivers\blbdrive.sys [2008-01-21 45568]

R4 Brserid;Brother MFC Serial Port Interface Driver (WDM);c:\windows\system32\drivers\brserid.sys [2006-11-02 71808]

R4 BrSerWdm;Brother WDM Serial driver;c:\windows\system32\drivers\brserwdm.sys [2006-11-02 62336]

R4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\brusbmdm.sys [2006-11-02 12160]

R4 circlass;Consumer IR Devices;c:\windows\system32\drivers\circlass.sys [2008-01-21 35328]

R4 Crusoe;Transmeta Crusoe Processor Driver;c:\windows\system32\drivers\crusoe.sys [2008-01-21 40960]

R4 elxstor;elxstor;c:\windows\system32\drivers\elxstor.sys [2008-01-21 342584]

R4 HpCISSs;HpCISSs;c:\windows\system32\drivers\hpcisss.sys [2008-01-21 40504]

R4 iaStorV;Intel RAID Controller Vista;c:\windows\system32\drivers\iastorv.sys [2008-01-21 235064]

R4 IPMIDRV;IPMIDRV;c:\windows\system32\drivers\ipmidrv.sys [2008-01-21 64512]

R4 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-11-02 35944]

R4 LSI_FC;LSI_FC;c:\windows\system32\drivers\lsi_fc.sys [2008-01-21 96312]

R4 LSI_SAS;LSI_SAS;c:\windows\system32\drivers\lsi_sas.sys [2008-01-21 89656]

R4 LSI_SCSI;LSI_SCSI;c:\windows\system32\drivers\lsi_scsi.sys [2008-01-21 96312]

R4 Mcx2Svc;Service Windows Media Center Extender;c:\windows\system32\svchost.exe [2008-01-21 21504]

R4 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2008-01-21 31288]

R4 mpio;Microsoft Multi-Path Bus Driver;c:\windows\system32\drivers\mpio.sys [2008-01-21 105016]

R4 msahci;msahci;c:\windows\system32\drivers\msahci.sys [2008-01-21 28728]

R4 msdsm;Microsoft Multi-Path Device Specific Module;c:\windows\system32\drivers\msdsm.sys [2008-01-21 94776]

R4 nfrd960;nfrd960;c:\windows\system32\drivers\nfrd960.sys [2006-11-02 45160]

R4 ntrigdigi;N-trig HID Tablet Driver;c:\windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608]

R4 nvstor;nvstor;c:\windows\system32\drivers\nvstor.sys [2008-01-21 45112]

R4 ql2300;QLogic Fibre Channel Miniport Driver;c:\windows\system32\drivers\ql2300.sys [2008-01-21 1122360]

R4 ql40xx;QLogic iSCSI Miniport Driver;c:\windows\system32\drivers\ql40xx.sys [2006-11-02 106088]

R4 SiSRaid4;SiSRaid4;c:\windows\system32\drivers\sisraid4.sys [2008-01-21 74808]

R4 uliahci;uliahci;c:\windows\system32\drivers\uliahci.sys [2008-01-21 238648]

R4 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [2008-01-21 115816]

R4 usbcir;eHome Infrared Receiver (USBCIR);c:\windows\system32\drivers\usbcir.sys [2006-11-02 68608]

R4 ViaC7;VIA C7 Processor Driver;c:\windows\system32\drivers\viac7.sys [2008-01-21 41472]

R4 vsmraid;vsmraid;c:\windows\system32\drivers\vsmraid.sys [2008-01-21 130616]

R4 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-11-02 20608]

R4 Wd;Microsoft Watchdog Timer Driver;c:\windows\system32\drivers\wd.sys [2008-01-21 22072]

S0 CLFS;Common Log (CLFS);c:\windows\System32\CLFS.sys [2009-04-11 245736]

S0 Ecache;ReadyBoost Caching Driver;c:\windows\System32\drivers\ecache.sys [2009-04-11 141288]

S0 FileInfo;File Information FS MiniFilter;c:\windows\system32\drivers\fileinfo.sys [2008-01-21 58936]

S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-07 61328]

S0 msisadrv;Pilote de classe ISA/EISA;c:\windows\system32\drivers\msisadrv.sys [2008-01-21 16440]

S0 spldr;Security Processor Loader Driver; [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-17 691696]

S0 volmgr;Pilote du Gestionnaire de volume;c:\windows\system32\drivers\volmgr.sys [2008-01-21 52792]

S0 volmgrx;Dynamic Volume Manager;c:\windows\System32\drivers\volmgrx.sys [2009-04-11 292840]

S1 DfsC;DFS Namespace Client Driver;c:\windows\system32\Drivers\dfsc.sys [2009-04-11 75264]

S1 nsiproxy;NSI proxy service;c:\windows\system32\drivers\nsiproxy.sys [2008-01-21 16384]

S1 RDPENCDD;RDP Encoder Mirror Driver;c:\windows\system32\drivers\rdpencdd.sys [2008-01-21 6144]

S1 Smb;Protocoles TCP/IP et TCP/IPv6 orienté messages (session SMB);c:\windows\system32\DRIVERS\smb.sys [2009-04-11 66560]

S1 tdx;Pilote de prise en charge TDI héritée NetIO;c:\windows\system32\DRIVERS\tdx.sys [2009-04-11 72192]

S1 Wanarpv6;Remote Access IPv6 ARP Driver;c:\windows\system32\DRIVERS\wanarp.sys [2008-01-21 62464]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

S2 AudioEndpointBuilder;Générateur de points de terminaison du service Audio Windows;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 BFE;Moteur de filtrage de base;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 DPS;Service de stratégie de diagnostic;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 EMDMgmt;Service ReadyBoost;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 FDResPub;Publication des ressources de découverte de fonctions;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 gpsvc;Client de stratégie de groupe;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 IKEEXT;Modules de génération de clés IKE et AuthIP;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 iphlpsvc;Assistance IP;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 KtmRm;Service KtmRm pour Distributed Transaction Coordinator;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;c:\windows\system32\DRIVERS\lltdio.sys [2008-01-21 47104]

S2 luafv;UAC File Virtualization;c:\windows\system32\drivers\luafv.sys [2008-01-21 84480]

S2 MMCSS;Planificateur de classes multimédias;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 MpsSvc;Pare-feu Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 netprofm;Service Liste des réseaux;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 NlaSvc;Connaissance des emplacements réseau;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 nsi;Service Interface du magasin réseau;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 PcaSvc;Service de l’Assistant Compatibilité des programmes;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 PEAUTH;PEAUTH;c:\windows\system32\drivers\peauth.sys [2006-11-02 878080]

S2 ProfSvc;Service de profil utilisateur;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 slsvc;Licence du logiciel;c:\windows\system32\SLsvc.exe [2009-04-11 3408896]

S2 SysMain;Superfetch;c:\windows\system32\svchost.exe [2008-01-21 21504]

S2 TabletInputService;Service Panneau de saisie Tablet PC;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 tcpipreg;TCP/IP Registry Compatibility;c:\windows\system32\drivers\tcpipreg.sys [2009-12-08 30720]

S2 UxSms;Gestionnaire de sessions du Gestionnaire de fenêtrage;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 WerSvc;Service de rapport d'erreurs Windows;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2008-01-21 21504]

S2 WPDBusEnum;Service Énumérateur d’appareil mobile;c:\windows\system32\svchost.exe [2008-01-21 21504]

S3 Appinfo;Informations d'application;c:\windows\system32\svchost.exe [2008-01-21 21504]

S3 bowser;bowser;c:\windows\system32\DRIVERS\bowser.sys [2008-01-21 69632]

S3 DXGKrnl;LDDM Graphics Subsystem;c:\windows\System32\drivers\dxgkrnl.sys [2009-09-25 634880]

S3 fdPHost;Hôte du fournisseur de découverte de fonctions;c:\windows\system32\svchost.exe [2008-01-21 21504]

S3 iScsiPrt;Pilote iScsiPort;c:\windows\system32\DRIVERS\msiscsi.sys [2009-04-11 180712]

S3 monitor;Service Pilote de fonction de classe Moniteur Microsoft;c:\windows\system32\DRIVERS\monitor.sys [2008-01-21 41984]

S3 mpsdrv;Pilote d’autorisation du Pare-feu Windows;c:\windows\system32\drivers\mpsdrv.sys [2008-01-21 64000]

S3 mrxsmb10;SMB 1.x MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb10.sys [2010-02-23 212992]

S3 mrxsmb20;SMB 2.0 MiniRedirector;c:\windows\system32\DRIVERS\mrxsmb20.sys [2010-02-23 79360]

S3 ovt530;Webcam Deluxe;c:\windows\system32\Drivers\ov530vid.sys [2005-03-15 161792]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]

S3 srv2;srv2;c:\windows\system32\DRIVERS\srv2.sys [2010-06-18 144896]

S3 srvnet;srvnet;c:\windows\system32\DRIVERS\srvnet.sys [2009-12-11 98816]

S3 TrustedInstaller;Programme d’installation de modules Windows;c:\windows\servicing\TrustedInstaller.exe [2009-04-11 39424]

S3 tunnel;Pilote de carte miniport Microsoft IPv6 Tunnel;c:\windows\system32\DRIVERS\tunnel.sys [2010-02-18 25088]

S3 umbus;Pilote d’énumérateur UMBus;c:\windows\system32\DRIVERS\umbus.sys [2008-01-21 34816]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-05-08 269824]

S3 WdiSystemHost;Hôte système de diagnostics;c:\windows\System32\svchost.exe [2008-01-21 21504]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - HHAKKP

*Deregistered* - hhakkp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc ehstart

WerSvcGroup REG_MULTI_SZ wersvc

swprv REG_MULTI_SZ swprv

regsvc REG_MULTI_SZ RemoteRegistry

wcssvc REG_MULTI_SZ WcsPlugInService

DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch

wdisvc REG_MULTI_SZ WdiServiceHost

sdrsvc REG_MULTI_SZ sdrsvc

secsvcs REG_MULTI_SZ WinDefend

GPSvcGroup REG_MULTI_SZ GPSvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

AeLookupSvc

wercplsupport

Themes

CertPropSvc

SCPolicySvc

lanmanserver

gpsvc

IKEEXT

AudioSrv

FastUserSwitchingCompatibility

Nla

NWCWorkstation

SRService

Wmi

WmdmPmSp

TermService

wuauserv

BITS

ShellHWDetection

LogonHours

PCAudit

helpsvc

uploadmgr

iphlpsvc

seclogon

AppInfo

msiscsi

MMCSS

ProfSvc

EapHost

winmgmt

schedule

SessionEnv

browser

hkmsvc

.

Contenu du dossier 'Tâches planifiées'

2010-08-24 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-31 19:49]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50]

2010-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 19:50]

2010-08-24 c:\windows\Tasks\User_Feed_Synchronization-{1CECBB6C-9FA0-4995-BF9F-EF9043E77139}.job

- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]

.

------- Examen supplémentaire -------

.

uInternet Settings,ProxyOverride = <local>

uInternet Settings,ProxyServer = http=127.0.0.1:6522

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.21.0.cab

FF - ProfilePath - c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\users\dieryck\AppData\Roaming\Mozilla\Firefox\Profiles\pgw3l2jf.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-sacsvr

MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\daemon.exe

MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-24 13:56

Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x855DA1F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x889abd24

\Driver\ACPI -> acpi.sys @ 0x807bbd68

\Driver\atapi -> 0x855da1f8

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hhakkp]

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:59,ec,77,a3,8e,6b,ae,21,bd,c8,4c,e1,0c,0c,75,e3,a1,e0,dd,60,14,d2,bd,

6f,49,d6,53,88,73,c1,b2,0a,14,9d,fc,7c,70,2e,cc,47,d9,e8,cc,54,ac,2f,6e,55,\

"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-4055484233-1827887739-1200249487-1000\Software\SecuROM\License information*]

"datasecu"=hex:f1,82,c5,2f,1a,7b,3f,08,b3,8d,65,1e,fd,3c,2e,01,84,bb,27,20,a2,

eb,d1,45,37,a2,40,bc,8b,72,89,48,4e,b1,a5,ba,2c,18,4b,38,b7,03,2d,96,2d,4c,\

"rkeysecu"=hex:60,72,c7,18,69,1d,ba,a6,c9,1a,ad,56,62,96,a5,65

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3896)

c:\program files\Hercules\WebCam Station\PhotoImpression\share\pihook.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\AUDIODG.EXE

c:\windows\system32\Ati2evxx.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conime.exe

c:\program files\Secunia\PSI\psi.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\ehome\ehmsas.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Heure de fin: 2010-08-24 14:07:41 - La machine a redémarré

ComboFix-quarantined-files.txt 2010-08-24 12:07

Avant-CF: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

Après-CF: 43.692.654.592 octets libres

- - End Of File - - 3F0F95C407DFCEBBEC8D2E5CF28E08F6

nardino · le 24 août 2010

Bonjour,

C'est un coriace, il faut arriver à identifier et faire sauter le dropper qui réinstalle et protège le malfaisant.

A faire dans l'ordre. Poste les trois rapports en même temps.

Télécharge rkill de Grinler depuis, au choix:

http://download.bleepingcomputer.com/grinler/rkill.scr

http://download.bleepingcomputer.com/grinler/rkill.com

http://download.bleepingcomputer.com/grinler/rkill.exe

http://download.bleepingcomputer.com/grinler/eXplorer.exe

http://download.bleepingcomputer.com/grinler/iExplore.exe

Désactive ton antivirus

Lance l'outil, il ne nécessite pas d'installation.
En cas d'échec essaie une autre extension et en mode sans échec.

Poste le rapport C:\rkill.log

Réactive ton antivirus

Télécharge tdsskiller.zip

Décompresse l'archive et place TDSSKiller.exe sur le bureau.

Double clicque sur le fichier.

Sur l'écran clique sur le bouton Start scan

A la fin du scan, si des nuisibles sont détectés

Vérifie que l'option Cure est sélectionnée

Clique sur le bouton

Puis sur

Poste le contenu du rapport C:\TDSSKiller.Version_Date_Heure_log.txt

Refais un passage Combofix et poste le rapport.

J'attends donc trois rapports.

@+

sacha99 · le 24 août 2010

Bon voici les 3 rapports que tu m'as demandé mais l'ordi est devenu beaucoup plus lent et il n'arrive plus à s'éteindre, je suis obligé de forcer l'extinction !

le rapport rkill :

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as dieryck on 24/08/2010 at 17:47:16.

Processes terminated by Rkill or while it was running:

C:\Users\dieryck\Downloads\rkill.scr

Rkill completed on 24/08/2010 at 17:47:19.

le rapport tdsskiller qui n'a par contre trouvé aucuns malicious objects, "juste" des suspicious files pour lesquelles j'ai conservé l'action par défaut c'est à dire skip.

2010/08/24 17:50:58.0507 TDSS rootkit removing tool 2.4.1.2 Aug 16 2010 09:46:23

2010/08/24 17:50:58.0508 ================================================================================

2010/08/24 17:50:58.0508 SystemInfo:

2010/08/24 17:50:58.0508

2010/08/24 17:50:58.0508 OS Version: 6.0.6002 ServicePack: 2.0

2010/08/24 17:50:58.0508 Product type: Workstation

2010/08/24 17:50:58.0508 ComputerName: PC-DE-DIERYCK

2010/08/24 17:50:58.0508 UserName: dieryck

2010/08/24 17:50:58.0508 Windows directory: C:\Windows

2010/08/24 17:50:58.0508 System windows directory: C:\Windows

2010/08/24 17:50:58.0508 Processor architecture: Intel x86

2010/08/24 17:50:58.0508 Number of processors: 2

2010/08/24 17:50:58.0508 Page size: 0x1000

2010/08/24 17:50:58.0508 Boot type: Normal boot

2010/08/24 17:50:58.0508 ================================================================================

2010/08/24 17:51:06.0209 Initialize success

2010/08/24 17:51:13.0369 ================================================================================

2010/08/24 17:51:13.0369 Scan started

2010/08/24 17:51:13.0369 Mode: Manual;

2010/08/24 17:51:13.0369 ================================================================================

2010/08/24 17:51:14.0292 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/08/24 17:51:14.0351 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2010/08/24 17:51:14.0419 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2010/08/24 17:51:14.0470 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2010/08/24 17:51:14.0510 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2010/08/24 17:51:14.0627 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/08/24 17:51:14.0689 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2010/08/24 17:51:14.0742 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/08/24 17:51:14.0789 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2010/08/24 17:51:14.0830 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2010/08/24 17:51:14.0873 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2010/08/24 17:51:14.0912 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2010/08/24 17:51:14.0951 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2010/08/24 17:51:15.0058 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2010/08/24 17:51:15.0104 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2010/08/24 17:51:15.0145 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/08/24 17:51:15.0185 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2010/08/24 17:51:15.0315 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/08/24 17:51:15.0477 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

2010/08/24 17:51:15.0548 avgio (6a646c46b9415e13095aa9b352040a7a) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2010/08/24 17:51:15.0595 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys

2010/08/24 17:51:15.0647 avipbb (452e382340bb0c5e694ed9d3625356d0) C:\Windows\system32\DRIVERS\avipbb.sys

2010/08/24 17:51:15.0695 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/08/24 17:51:15.0738 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2010/08/24 17:51:15.0773 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/08/24 17:51:15.0810 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/08/24 17:51:15.0853 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/08/24 17:51:15.0895 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/08/24 17:51:15.0924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/08/24 17:51:15.0959 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/08/24 17:51:15.0979 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/08/24 17:51:16.0003 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/08/24 17:51:16.0048 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/08/24 17:51:16.0084 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/08/24 17:51:16.0120 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2010/08/24 17:51:16.0168 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/08/24 17:51:16.0217 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2010/08/24 17:51:16.0251 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

2010/08/24 17:51:16.0286 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2010/08/24 17:51:16.0315 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2010/08/24 17:51:16.0386 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/08/24 17:51:16.0429 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/08/24 17:51:16.0493 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/08/24 17:51:16.0562 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/08/24 17:51:16.0619 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/08/24 17:51:16.0746 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/08/24 17:51:16.0904 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2010/08/24 17:51:16.0946 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2010/08/24 17:51:17.0011 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/08/24 17:51:17.0075 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/08/24 17:51:17.0102 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/08/24 17:51:17.0157 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/08/24 17:51:17.0196 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/08/24 17:51:17.0230 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/08/24 17:51:17.0261 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/08/24 17:51:17.0310 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/08/24 17:51:17.0348 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2010/08/24 17:51:17.0400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/08/24 17:51:17.0488 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

2010/08/24 17:51:17.0545 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/08/24 17:51:17.0583 Suspicious service (NoAccess): hhakkp

2010/08/24 17:51:17.0653 hhakkp (9dd55346430319b1377478a132658426) C:\Windows\system32\drivers\hhakkp.sys

2010/08/24 17:51:17.0653 Suspicious file (NoAccess): C:\Windows\system32\drivers\hhakkp.sys. md5: 9dd55346430319b1377478a132658426

2010/08/24 17:51:17.0662 hhakkp - detected Locked service (1)

2010/08/24 17:51:17.0696 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/08/24 17:51:17.0731 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/08/24 17:51:17.0778 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/08/24 17:51:17.0839 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2010/08/24 17:51:17.0947 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/08/24 17:51:18.0015 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2010/08/24 17:51:18.0060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/08/24 17:51:18.0106 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2010/08/24 17:51:18.0188 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/08/24 17:51:18.0252 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/08/24 17:51:18.0276 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/08/24 17:51:18.0311 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/08/24 17:51:18.0375 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2010/08/24 17:51:18.0418 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/08/24 17:51:18.0451 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/08/24 17:51:18.0498 is3srv (8fe4ecc7877fcfe4e59414708898073d) C:\Windows\system32\drivers\is3srv.sys

2010/08/24 17:51:18.0528 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2010/08/24 17:51:18.0576 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/08/24 17:51:18.0609 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/08/24 17:51:18.0647 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/08/24 17:51:18.0672 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/08/24 17:51:18.0711 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/08/24 17:51:18.0784 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/08/24 17:51:18.0867 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

2010/08/24 17:51:18.0895 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/08/24 17:51:18.0947 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2010/08/24 17:51:18.0985 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2010/08/24 17:51:19.0019 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2010/08/24 17:51:19.0052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/08/24 17:51:19.0094 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2010/08/24 17:51:19.0142 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2010/08/24 17:51:19.0183 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/08/24 17:51:19.0201 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/08/24 17:51:19.0236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/08/24 17:51:19.0255 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/08/24 17:51:19.0280 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/08/24 17:51:19.0318 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2010/08/24 17:51:19.0353 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/08/24 17:51:19.0400 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/08/24 17:51:19.0436 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/08/24 17:51:19.0503 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/08/24 17:51:19.0544 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/08/24 17:51:19.0622 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/08/24 17:51:19.0663 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2010/08/24 17:51:19.0702 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2010/08/24 17:51:19.0765 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/08/24 17:51:19.0787 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/08/24 17:51:19.0826 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/08/24 17:51:19.0890 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/08/24 17:51:19.0926 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/08/24 17:51:19.0967 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/08/24 17:51:19.0998 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/08/24 17:51:20.0031 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/08/24 17:51:20.0092 MTsensor (dcdaab8697a47894a554050ce18d0b56) C:\Windows\system32\DRIVERS\ASACPI.sys

2010/08/24 17:51:20.0130 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/08/24 17:51:20.0190 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/08/24 17:51:20.0287 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/08/24 17:51:20.0347 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/08/24 17:51:20.0392 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/08/24 17:51:20.0450 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/08/24 17:51:20.0488 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/08/24 17:51:20.0523 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/08/24 17:51:20.0568 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/08/24 17:51:20.0651 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/08/24 17:51:20.0732 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/08/24 17:51:20.0778 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/08/24 17:51:20.0844 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/08/24 17:51:20.0935 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/08/24 17:51:20.0972 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/08/24 17:51:20.0999 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2010/08/24 17:51:21.0038 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2010/08/24 17:51:21.0081 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2010/08/24 17:51:21.0195 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2010/08/24 17:51:21.0263 ovt530 (71cffb1e06aa8978a7b4a346c191f8ba) C:\Windows\system32\Drivers\ov530vid.sys

2010/08/24 17:51:21.0313 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys

2010/08/24 17:51:21.0346 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/08/24 17:51:21.0398 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys

2010/08/24 17:51:21.0449 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/08/24 17:51:21.0496 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2010/08/24 17:51:21.0539 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2010/08/24 17:51:21.0597 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/08/24 17:51:21.0764 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/08/24 17:51:21.0837 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2010/08/24 17:51:21.0962 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/08/24 17:51:22.0064 PSI (365622e1f0b6d5f9871d76e89bf0501a) C:\Windows\system32\DRIVERS\psi_mf.sys

2010/08/24 17:51:22.0129 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

2010/08/24 17:51:22.0229 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2010/08/24 17:51:22.0318 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/08/24 17:51:22.0359 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/08/24 17:51:22.0397 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/08/24 17:51:22.0453 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/08/24 17:51:22.0513 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/08/24 17:51:22.0565 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/08/24 17:51:22.0613 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/08/24 17:51:22.0651 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/08/24 17:51:22.0705 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2010/08/24 17:51:22.0744 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/08/24 17:51:22.0796 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/08/24 17:51:22.0853 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/08/24 17:51:22.0895 RTL8169 (8cca591019216e9523e3cb385ce643e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

2010/08/24 17:51:22.0926 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/08/24 17:51:22.0990 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/08/24 17:51:23.0033 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2010/08/24 17:51:23.0064 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2010/08/24 17:51:23.0099 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/08/24 17:51:23.0153 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2010/08/24 17:51:23.0184 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2010/08/24 17:51:23.0210 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2010/08/24 17:51:23.0244 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/08/24 17:51:23.0286 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2010/08/24 17:51:23.0329 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2010/08/24 17:51:23.0370 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2010/08/24 17:51:23.0429 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/08/24 17:51:23.0492 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/08/24 17:51:23.0574 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys

2010/08/24 17:51:23.0574 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2010/08/24 17:51:23.0583 sptd - detected Locked file (1)

2010/08/24 17:51:23.0631 srv (96a5e2c642af8f591a7366429809506b) C:\Windows\system32\DRIVERS\srv.sys

2010/08/24 17:51:23.0699 srv2 (71da2d64880c97e5ffc3c81761632751) C:\Windows\system32\DRIVERS\srv2.sys

2010/08/24 17:51:23.0755 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/08/24 17:51:23.0820 ssmdrv (654dfea96bc82b4acda4f37e5e4a3bbf) C:\Windows\system32\DRIVERS\ssmdrv.sys

2010/08/24 17:51:23.0856 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/08/24 17:51:23.0903 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/08/24 17:51:23.0943 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/08/24 17:51:23.0981 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/08/24 17:51:24.0125 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2010/08/24 17:51:24.0200 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2010/08/24 17:51:24.0240 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/08/24 17:51:24.0276 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/08/24 17:51:24.0310 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/08/24 17:51:24.0357 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/08/24 17:51:24.0398 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/08/24 17:51:24.0462 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/08/24 17:51:24.0498 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/08/24 17:51:24.0570 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/08/24 17:51:24.0614 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2010/08/24 17:51:24.0660 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/08/24 17:51:24.0715 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2010/08/24 17:51:24.0763 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2010/08/24 17:51:24.0811 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/08/24 17:51:24.0873 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/08/24 17:51:24.0912 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/08/24 17:51:24.0989 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2010/08/24 17:51:25.0031 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

2010/08/24 17:51:25.0070 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/08/24 17:51:25.0114 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/08/24 17:51:25.0173 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/08/24 17:51:25.0207 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/08/24 17:51:25.0269 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/08/24 17:51:25.0324 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2010/08/24 17:51:25.0354 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/08/24 17:51:25.0381 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/08/24 17:51:25.0421 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/08/24 17:51:25.0453 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/08/24 17:51:25.0487 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2010/08/24 17:51:25.0524 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2010/08/24 17:51:25.0589 VIAHdAudAddService (8e0e128c2b53c1316e3ea5708d0d3c8c) C:\Windows\system32\drivers\viahduaa.sys

2010/08/24 17:51:25.0630 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2010/08/24 17:51:25.0666 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/08/24 17:51:25.0722 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/08/24 17:51:25.0772 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/08/24 17:51:25.0822 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2010/08/24 17:51:25.0892 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/08/24 17:51:25.0933 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/24 17:51:25.0948 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/08/24 17:51:25.0987 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2010/08/24 17:51:26.0026 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/08/24 17:51:26.0137 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2010/08/24 17:51:26.0224 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/08/24 17:51:26.0262 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/08/24 17:51:26.0313 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/08/24 17:51:26.0362 ================================================================================

2010/08/24 17:51:26.0363 Scan finished

2010/08/24 17:51:26.0363 ================================================================================

2010/08/24 17:51:26.0376 Detected object count: 2

2010/08/24 17:52:12.0963 Locked service(hhakkp) - User select action: Skip

2010/08/24 17:52:12.0963 Locked file(sptd) - User select action: Skip

2010/08/24 17:54:52.0179 Deinitialize success

Et enfin le dernier rapport Combofix :

ComboFix 10-08-23.06 - dieryck 24/08/2010 18:08:08.1.2 - x86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.32.1036.18.2046.1217 [GMT 2:00]

Lancé depuis: c:\users\dieryck\Desktop\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-24 au 2010-08-24 ))))))))))))))))))))))))))))))))))))

.

2010-08-24 16:18 . 2010-08-24 16:19 -------- d-----w- c:\users\dieryck\AppData\Local\temp

2010-08-24 16:18 . 2010-08-24 16:18 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-08-24 16:18 . 2010-08-24 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-23 14:43 . 2010-08-24 11:01 -------- d-----w- c:\program files\trend micro

2010-08-23 14:43 . 2010-08-23 14:43 -------- d-----w- C:\rsit

2010-08-23 09:58 . 2010-08-24 16:02 -------- d-----w- c:\programdata\STOPzilla!