[Résolu] Security Sphere 2012 / Infection

[lance_yien]

Bonjour,

 

C'est bon pour les liens, tout était exploitable

Voici ce qui en ressort: l'espace libre est encore à 13% environ et il va falloir supprimer des choses après avoir fini ce qui suit.

Je pense que tu pourra désinstaller tout ce qui est du Google et Yahoo (ça ne t'empêchera pas de faire des recherches).

 

>>> Correction OTL: (Re)brancher (et allumer) tous les médias amovibles disponibles et fermer toutes les applications et fenêtres en cours.

Désactiver les programmes de protection (antivirus etc...) et lancer OTL.

Copier et coller la liste suivante (commençant par :OTL) dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très importants, merci de vérifier).

 

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = Le Complément de recherche d'Internet Explorer 6 n'est plus pris en charge.

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Sign In [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Durable.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = {searchTerms} - Recherche Durable

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://fr.yahoo.com/http://www.google.fr/ [binary data]

FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Live Search"

FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com"'>http://www.plusnetwork.com"

FF - prefs.js..keyword.URL: "http://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA2&q="

FF - prefs.js..browser.startup.homepage: "http://www.plusnetwork.com"

FF - prefs.js..browser.startup.homepage: "http://www.durable.com/recherche"

FF - prefs.js..browser.search.defaultenginename: "Durable"

FF - prefs.js..browser.search.selectedEngine: "Durable"

FF - prefs.js..browser.search.defaulturl: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="'>http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="

FF - prefs.js..keyword.URL: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/31 21:58:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/31 21:58:04 | 000,000,000 | ---D | M]

[2010/03/24 10:24:36 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Sylvie Roussin\Application Data\Mozilla\Firefox\Profiles\ug1bo9ca.default\searchplugins\durable.xml

[2007/07/06 11:18:22 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\Sylvie Roussin\Application Data\Mozilla\Firefox\Profiles\ug1bo9ca.default\searchplugins\LiveSearch.xml

File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\GOOGLE-CJK@PARTNERS.MOZILLA.COM

File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\TALKBACK@MOZILLA.ORG

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

 

:Services

 

:Reg

 

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\WINDOWS\System32\*.tmp

C:\WINDOWS\*.tmp

 

:Commands

[EMPTYTEMP]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur "Oui".

A la fin un rapport s'ouvre dans le bloc-note. Copier et le coller son contenu dans une nouvelle réponse. Fermer le rapport et OTL.

 

>>> Est-ce que ça rame moins?

[Brylama]

Bonjour,

 

 

oui, la navigation semble plus rapide!!

oui aussi il y a une nouvelle erreur! au démarrage d'IE, j'ai normalement 3 onglets qui s'ouvrent; là, j'en ai 2 dont 1 avec le logo d'Imesh!!

Alors, c'est quoi la manoeuvre du jour??

Sinon, j'ai un travail à tapper sur word et je dois retransmettre ce travail sur un autre PC avec ma clé USB; c'est assez urgent, mais dans l'état actuel de mon PC puis-je le faire? Je ne voudrai évidemment pas transmettre en mm temps une infection! oups

 

Bref! sinon, voici le rapport que tu attendsAll processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search bar| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

Prefs.js: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" removed from browser.search.defaulturl

Prefs.js: "Live Search" removed from browser.search.selectedEngine

Prefs.js: "http://www.plusnetwork.com"'>http://www.plusnetwork.com" removed from browser.startup.homepage

Prefs.js: "http://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA2&q=" removed from keyword.URL

Prefs.js: "http://www.plusnetwork.com" removed from browser.startup.homepage

Prefs.js: "http://www.durable.com/recherche" removed from browser.startup.homepage

Prefs.js: "Durable" removed from browser.search.defaultenginename

Prefs.js: "Durable" removed from browser.search.selectedEngine

Prefs.js: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q="'>http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=" removed from browser.search.defaulturl

Prefs.js: "http://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ deleted successfully.

C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.

C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0\ deleted successfully.

C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0\ deleted successfully.

C:\Program Files\Google\Picasa3\npPicasa3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.

C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\ deleted successfully.

C:\Program Files\Yahoo!\Shared\npYState.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ deleted successfully.

c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3\ deleted successfully.

C:\Program Files\Microsoft\Office Live\npOLW.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5\ deleted successfully.

c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@virtools.com/3DviaPlayer\ deleted successfully.

C:\Program Files\Virtools\3D Life Player\npvirtools.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.

C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8\ deleted successfully.

C:\Documents and Settings\Sylvie Roussin\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll moved successfully.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video not found.

File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa not found.

C:\Documents and Settings\Sylvie Roussin\Application Data\Mozilla\Firefox\Profiles\ug1bo9ca.default\searchplugins\durable.xml moved successfully.

C:\Documents and Settings\Sylvie Roussin\Application Data\Mozilla\Firefox\Profiles\ug1bo9ca.default\searchplugins\LiveSearch.xml moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.

C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully.

C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivX Download Manager deleted successfully.

C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.

C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Messenger (Yahoo!) deleted successfully.

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Configuration IP de Windows

Cache de résolution DNS vidé.

C:\Documents and Settings\Sylvie Roussin\Bureau\cmd.bat deleted successfully.

C:\Documents and Settings\Sylvie Roussin\Bureau\cmd.txt deleted successfully.

C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.

C:\WINDOWS\tasks\Google Software Updater.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\WINDOWS\tasks\User_Feed_Synchronization-{759560B5-645C-4717-9B34-5FB54AE4C439}.job moved successfully.

C:\WINDOWS\tasks\User_Feed_Synchronization-{8DD1D78B-1050-4F62-8053-D8E3BC6CA08D}.job moved successfully.

C:\sqmdata00.sqm moved successfully.

C:\sqmdata01.sqm moved successfully.

C:\sqmdata02.sqm moved successfully.

C:\sqmdata03.sqm moved successfully.

C:\sqmdata04.sqm moved successfully.

C:\sqmdata05.sqm moved successfully.

C:\sqmdata06.sqm moved successfully.

C:\sqmnoopt00.sqm moved successfully.

C:\sqmnoopt01.sqm moved successfully.

C:\sqmnoopt02.sqm moved successfully.

C:\sqmnoopt03.sqm moved successfully.

C:\sqmnoopt04.sqm moved successfully.

C:\sqmnoopt05.sqm moved successfully.

C:\sqmnoopt06.sqm moved successfully.

File\Folder C:\WINDOWS\System32\*.tmp not found.

C:\WINDOWS\msdownld.tmp folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Denis Malabry

->Temp folder emptied: 18181270 bytes

->Temporary Internet Files folder emptied: 6911128 bytes

->Java cache emptied: 12119679 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 127142977 bytes

->Flash cache emptied: 15440 bytes

 

User: Invité

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 1442 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 173930688 bytes

->Java cache emptied: 9719 bytes

->Flash cache emptied: 10554 bytes

 

User: Sylvie Roussin

->Temp folder emptied: 92148 bytes

->Temporary Internet Files folder emptied: 139619003 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 16718356 bytes

->Apple Safari cache emptied: 21312512 bytes

->Flash cache emptied: 2487 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 16850410 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 154362120 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 655,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 10172011_083923

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

 

Et bien bon courrage et merci mille fois!!!

 

Cordialement,Brylama

[Brylama]

la navigation est devenue franchement agréable pendant env.20 mn puis de nouveau ralentie avec mon ordi qui a recommencer à faire beaucoup de bruit ( vous voyez ce que je veux dire?) en continue et lorsque cela arrive, mon PC ne tarde pas à beuguer voire s'éteindre tout seul! Donc je l'ai devancé; je l'ai éteint et rallumé. Mais je ne vais pas faire ça toutes les demie-heure!!!

C'est parce qu'il est saturé? ou c'est encore une vilaine bête??

Ah oui,j'oubliai, j'entend régulièrement un son comme celui qu'on entend lorsque une action est terminée ou prête à autre chose. Visuellement, il ne paraît rien. ça sent pas bon ça encore

 

Cordialement, Brylama

Modifié le 17 octobre 2011 par Brylama

[lance_yien]

>>> Pour iMesh, désactiver les programmes de protection (antivirus etc...) et relancer OTL.

Copier et coller la liste suivante (commençant par :OTL) dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très importants, merci de vérifier).

 

:OTL

CHR - default_search_provider: search_url = {searchTerms} - Search

 

:Commands

[EMPTYTEMP]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur "Oui".

A la fin un rapport s'ouvre dans le bloc-note. Je n'ai pas besoin de voir son contenu. Juste fermer le rapport ainsi que OTL et me dire si le problème de iMesh est résolu.

 

Pour le nombre d'onglets qui s'ouvrent au lancement de ton navigateur tu peux le ré-paramétrer après.

 

Oui, tu peux utiliser ton PC et la clé USB à volonté. Par précaution, tu peux analyser ta clé avec l'antivirus de l'autre PC dès que tu l'as insérée dedans (SANS L'OUVRIR) par un clic-droit => "Analyser avec...".

 

>>> Le bruit peut être la cause d'un matériel quelconque particulièrement un ventilateur défectueux ou poussiéreux. Ce qui peut créer une surchauffe suivi d'un arrêt de ta machine le cas échéant. As-tu beaucoup d'appareils branchés sur ton PC (imprimantes...)

Oui ça peut être parce qu'il est saturé mais aussi à cause d'une vilaine bête. Je ne suis pas encore en mesure de confirmer la vraie raison.

Quand le problème de iMesh sera réglé, je t'indiquerai comment désinstaller les outils utilisés et on fera d'autres recherches plus approfondies.

 

Bon courage!

[Brylama]

Bon appétit!

 

pour ma part j'ai effectoué OTH // à IMesh: après repdémarrage et bien IMesh ne s'est pas imposé dans mes onglets! J'espère que l'on peut considérer cet épisode clos!

 

J'attend les prochaines instructions et merci encore surtout!

 

Cordialement, brylama

[lance_yien]

Yes, pour IMesh c'est clos!

 

>>> Supprimer les utilitaires:

- Pour supprimer ComboFix et ses fichiers/dossiers, cliquer sur "Démarrer" => "Exécuter" et saisir (ou copier/ coller): ComboFix /Uninstall (espace entre "ComboFix" et "/Uninstall"). Cliquer sur "OK".

Ce qui a pour effet de supprimer ComboFix ainsi que les dossiers/ fichiers qu'il a installés et ré-initialiser les points de restauration.

- Lancer OTL et cliquer sur Purge outils. Laisser faire et redémarrer le PC quand c'est demandé.

- Supprimer ZHPDiag depuis "Ajout/ suppression de programmes.

- Pour supprimer les autres utilitaires et leur rapports (sur le Bureau et/ou à la racine de la partition système), cliquer-droit dessus => "Supprimer".

 

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et télécharger, sur le Bureau TDSSKiller.zip depuis ici et le dézipper TDSSKiller.zip (clic-droit dessus => "Extraire ici"). Glisser TDSSKiller.zip dans la corbeille pour le supprimer.

Fermer toutes les fenêtres et applications en cours et désactiver antivirus et tout autre programme de protection.

Double-cliquer sur TDSSKiller.exe pour lancer le programme. Cliquer sur le bouton "Start Scan" et patienter jusqu'à la fin de l'analyse.

Si un fichier infecté est détecté, l'action par défaut sera "Cure" et si un fichier suspect est détecté, l'action par défaut sera "Skip".

Sans rien changer, cliquer sur le bouton "Continue".

Si vous êtes invité à redémarre la machine pour finir le processus (reboot the computer to complete the process), cliquez sur le bouton "Reboot Now". Le rapport sera sauvegardé à la racine de la partition système, là où Windows est installé (généralement C:\); son format est du type "TDSSKiller.[Version]_[Date]_[Heure]_log.txt" (par exemple, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

Si aucun redémarrage n'est requis, cliquer sur "Report". Un fichier texte s'ouvre et sera sauvegardé de la même manière.

Copier/coller le contenu du rapport dans la prochaine réponse.

 

 

>>> aswMBR/ Analyse: Télécharger, sur le Bureau, aswMBR.exe et désactiver tous les programmes de protection (antivirus, pare-feu et antispyware).

Fermer toutes les fenêtres ouvertes et double-cliquer/cliquer-droit sur aswMBR.exe => "Exécuter en tant qu'administrateur" puis cliquer sur le bouton "[scan]".

Patienter jusqu'à la fin et cliquer sur le bouton "Save log". L'enregistrer sur le Bureau comme "aswmbr.txt" et poster son contenu dans une prochaine réponse. (NE rien fixer sans y être invité).

 

 

>>> Rapports demandés:

• TDSSKiller_log.txt
• aswmbr.txt

Bon appétit!

[Brylama]

Désolée, mais je ne peux pas désinstaller Combofix comme demandé. Une fenêtre s'ouvre stipulant "This operating is not supported! Combofix only runs on: Windows 2000, ..., ... C'était la même chose si l'on se souvient bien lorsque l'on a voulu utiliser Combofix. Que faire alors??

 

Cordialement; Brylama

Modifié le 17 octobre 2011 par Brylama

[lance_yien]

Continue, il va partir avec OTL.

[Brylama]

Bonsoir,

 

 

voici les derniers rapports:

 

16:57:30.0406 2140 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23

16:57:30.0687 2140 ============================================================

16:57:30.0687 2140 Current date / time: 2011/10/17 16:57:30.0687

16:57:30.0687 2140 SystemInfo:

16:57:30.0687 2140

16:57:30.0687 2140 OS Version: 5.1.2600 ServicePack: 3.0

16:57:30.0687 2140 Product type: Workstation

16:57:30.0687 2140 ComputerName: SAMI

16:57:30.0687 2140 UserName: Sylvie Roussin

16:57:30.0687 2140 Windows directory: C:\WINDOWS

16:57:30.0687 2140 System windows directory: C:\WINDOWS

16:57:30.0687 2140 Processor architecture: Intel x86

16:57:30.0687 2140 Number of processors: 2

16:57:30.0687 2140 Page size: 0x1000

16:57:30.0687 2140 Boot type: Normal boot

16:57:30.0687 2140 ============================================================

16:57:31.0640 2140 Initialize success

16:57:33.0781 2812 ============================================================

16:57:33.0781 2812 Scan started

16:57:33.0781 2812 Mode: Manual;

16:57:33.0781 2812 ============================================================

16:57:35.0593 2812 Abiosdsk - ok

16:57:35.0656 2812 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

16:57:35.0656 2812 abp480n5 - ok

16:57:35.0718 2812 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

16:57:35.0734 2812 ACPI - ok

16:57:35.0750 2812 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

16:57:35.0750 2812 ACPIEC - ok

16:57:35.0812 2812 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

16:57:35.0812 2812 adpu160m - ok

16:57:35.0843 2812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

16:57:35.0843 2812 aec - ok

16:57:35.0906 2812 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

16:57:35.0906 2812 AFD - ok

16:57:35.0953 2812 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

16:57:35.0953 2812 agp440 - ok

16:57:36.0093 2812 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

16:57:36.0093 2812 agpCPQ - ok

16:57:36.0187 2812 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

16:57:36.0187 2812 Aha154x - ok

16:57:36.0328 2812 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

16:57:36.0328 2812 aic78u2 - ok

16:57:36.0375 2812 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

16:57:36.0375 2812 aic78xx - ok

16:57:36.0421 2812 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

16:57:36.0421 2812 AliIde - ok

16:57:36.0546 2812 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

16:57:36.0578 2812 alim1541 - ok

16:57:36.0609 2812 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

16:57:36.0609 2812 amdagp - ok

16:57:36.0656 2812 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

16:57:36.0656 2812 amsint - ok

16:57:36.0843 2812 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

16:57:36.0843 2812 Arp1394 - ok

16:57:36.0921 2812 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

16:57:36.0921 2812 asc - ok

16:57:36.0953 2812 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

16:57:36.0953 2812 asc3350p - ok

16:57:37.0046 2812 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

16:57:37.0046 2812 asc3550 - ok

16:57:37.0093 2812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

16:57:37.0093 2812 AsyncMac - ok

16:57:37.0109 2812 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

16:57:37.0109 2812 atapi - ok

16:57:37.0140 2812 Atdisk - ok

16:57:37.0171 2812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

16:57:37.0171 2812 Atmarpc - ok

16:57:37.0203 2812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

16:57:37.0203 2812 audstub - ok

16:57:37.0343 2812 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

16:57:37.0343 2812 avgio - ok

16:57:37.0406 2812 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

16:57:37.0406 2812 avgntflt - ok

16:57:37.0562 2812 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\WINDOWS\system32\DRIVERS\avipbb.sys

16:57:37.0562 2812 avipbb - ok

16:57:37.0609 2812 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

16:57:37.0609 2812 Beep - ok

16:57:37.0671 2812 BTWUSB (7024e11dab9410b31a37547575249dd7) C:\WINDOWS\system32\Drivers\btwusb.sys

16:57:37.0671 2812 BTWUSB - ok

16:57:37.0734 2812 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

16:57:37.0734 2812 cbidf - ok

16:57:37.0750 2812 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

16:57:37.0750 2812 cbidf2k - ok

16:57:37.0812 2812 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

16:57:37.0812 2812 CCDECODE - ok

16:57:37.0843 2812 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

16:57:37.0843 2812 cd20xrnt - ok

16:57:37.0859 2812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

16:57:37.0875 2812 Cdaudio - ok

16:57:37.0906 2812 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

16:57:37.0906 2812 Cdfs - ok

16:57:37.0937 2812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

16:57:37.0937 2812 Cdrom - ok

16:57:37.0953 2812 Changer - ok

16:57:37.0984 2812 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

16:57:37.0984 2812 CmBatt - ok

16:57:38.0031 2812 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys

16:57:38.0031 2812 CmdIde - ok

16:57:38.0109 2812 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

16:57:38.0109 2812 Compbatt - ok

16:57:38.0140 2812 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

16:57:38.0140 2812 Cpqarray - ok

16:57:38.0171 2812 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

16:57:38.0187 2812 dac2w2k - ok

16:57:38.0203 2812 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

16:57:38.0203 2812 dac960nt - ok

16:57:38.0218 2812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

16:57:38.0218 2812 Disk - ok

16:57:38.0281 2812 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys

16:57:38.0312 2812 dmboot - ok

16:57:38.0390 2812 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys

16:57:38.0390 2812 dmio - ok

16:57:38.0437 2812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

16:57:38.0437 2812 dmload - ok

16:57:38.0531 2812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

16:57:38.0531 2812 DMusic - ok

16:57:38.0562 2812 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

16:57:38.0578 2812 dpti2o - ok

16:57:38.0609 2812 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

16:57:38.0609 2812 drmkaud - ok

16:57:38.0671 2812 E100B (6ca101f9aa3d845ba31f6e13c01301a8) C:\WINDOWS\system32\DRIVERS\e100b325.sys

16:57:38.0687 2812 E100B - ok

16:57:38.0843 2812 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys

16:57:38.0843 2812 eabfiltr - ok

16:57:38.0859 2812 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys

16:57:38.0859 2812 eabusb - ok

16:57:38.0921 2812 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

16:57:38.0921 2812 Fastfat - ok

16:57:38.0953 2812 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

16:57:38.0953 2812 Fdc - ok

16:57:39.0031 2812 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys

16:57:39.0031 2812 Fips - ok

16:57:39.0062 2812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

16:57:39.0062 2812 Flpydisk - ok

16:57:39.0125 2812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

16:57:39.0140 2812 FltMgr - ok

16:57:39.0187 2812 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\WINDOWS\system32\FsUsbExDisk.SYS

16:57:39.0281 2812 FsUsbExDisk - ok

16:57:39.0515 2812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

16:57:39.0515 2812 Fs_Rec - ok

16:57:39.0562 2812 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

16:57:39.0578 2812 Ftdisk - ok

16:57:39.0640 2812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

16:57:39.0640 2812 GEARAspiWDM - ok

16:57:39.0703 2812 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

16:57:39.0703 2812 Gpc - ok

16:57:39.0781 2812 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys

16:57:39.0781 2812 HBtnKey - ok

16:57:39.0859 2812 HdAudAddService (bb42bb78bbbc1e83292ef26973598daf) C:\WINDOWS\system32\drivers\CHDAud.sys

16:57:39.0875 2812 HdAudAddService - ok

16:57:40.0093 2812 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

16:57:40.0093 2812 HDAudBus - ok

16:57:40.0156 2812 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

16:57:40.0156 2812 HidUsb - ok

16:57:40.0234 2812 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

16:57:40.0234 2812 hpn - ok

16:57:40.0281 2812 HSFHWAZL (89e256c5f5346be265d9f86ac8625d4f) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

16:57:40.0296 2812 HSFHWAZL - ok

16:57:40.0343 2812 HSF_DPV (0e44af3828111d4c3e73c33ac95226d8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

16:57:40.0406 2812 HSF_DPV - ok

16:57:40.0671 2812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

16:57:40.0671 2812 HTTP - ok

16:57:40.0734 2812 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

16:57:40.0734 2812 i2omgmt - ok

16:57:40.0765 2812 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

16:57:40.0765 2812 i2omp - ok

16:57:40.0796 2812 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

16:57:40.0796 2812 i8042prt - ok

16:57:40.0906 2812 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys

16:57:40.0921 2812 iaStor - ok

16:57:40.0953 2812 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

16:57:40.0968 2812 Imapi - ok

16:57:41.0000 2812 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

16:57:41.0000 2812 ini910u - ok

16:57:41.0015 2812 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys

16:57:41.0015 2812 IntelIde - ok

16:57:41.0078 2812 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys

16:57:41.0078 2812 intelppm - ok

16:57:41.0218 2812 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

16:57:41.0218 2812 Ip6Fw - ok

16:57:41.0250 2812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

16:57:41.0265 2812 IpFilterDriver - ok

16:57:41.0312 2812 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

16:57:41.0312 2812 IpInIp - ok

16:57:41.0343 2812 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

16:57:41.0343 2812 IpNat - ok

16:57:41.0390 2812 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

16:57:41.0390 2812 IPSec - ok

16:57:41.0421 2812 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

16:57:41.0421 2812 IRENUM - ok

16:57:41.0437 2812 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys

16:57:41.0437 2812 isapnp - ok

16:57:41.0531 2812 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

16:57:41.0531 2812 Kbdclass - ok

16:57:41.0562 2812 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

16:57:41.0562 2812 kbdhid - ok

16:57:41.0609 2812 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

16:57:41.0625 2812 kmixer - ok

16:57:41.0671 2812 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

16:57:41.0671 2812 KSecDD - ok

16:57:41.0687 2812 lbrtfdc - ok

16:57:41.0734 2812 MBAMSwissArmy - ok

16:57:41.0781 2812 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

16:57:41.0796 2812 mdmxsdk - ok

16:57:41.0968 2812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

16:57:41.0968 2812 mnmdd - ok

16:57:42.0000 2812 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys

16:57:42.0015 2812 Modem - ok

16:57:42.0031 2812 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys

16:57:42.0031 2812 Mouclass - ok

16:57:42.0078 2812 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys

16:57:42.0078 2812 mouhid - ok

16:57:42.0093 2812 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

16:57:42.0093 2812 MountMgr - ok

16:57:42.0109 2812 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

16:57:42.0125 2812 mraid35x - ok

16:57:42.0156 2812 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

16:57:42.0156 2812 MRxDAV - ok

16:57:42.0218 2812 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

16:57:42.0234 2812 MRxSmb - ok

16:57:42.0281 2812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

16:57:42.0296 2812 Msfs - ok

16:57:42.0328 2812 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

16:57:42.0328 2812 MSKSSRV - ok

16:57:42.0359 2812 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

16:57:42.0359 2812 MSPCLOCK - ok

16:57:42.0593 2812 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

16:57:42.0593 2812 MSPQM - ok

16:57:42.0640 2812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

16:57:42.0640 2812 mssmbios - ok

16:57:42.0671 2812 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

16:57:42.0687 2812 MSTEE - ok

16:57:42.0718 2812 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

16:57:42.0718 2812 Mup - ok

16:57:42.0765 2812 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

16:57:42.0765 2812 NABTSFEC - ok

16:57:42.0796 2812 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

16:57:42.0796 2812 NDIS - ok

16:57:42.0828 2812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

16:57:42.0828 2812 NdisIP - ok

16:57:42.0890 2812 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

16:57:42.0890 2812 NdisTapi - ok

16:57:42.0921 2812 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

16:57:42.0921 2812 Ndisuio - ok

16:57:42.0984 2812 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

16:57:42.0984 2812 NdisWan - ok

16:57:43.0171 2812 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

16:57:43.0171 2812 NDProxy - ok

16:57:43.0421 2812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

16:57:43.0421 2812 NetBIOS - ok

16:57:43.0484 2812 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

16:57:43.0484 2812 NetBT - ok

16:57:43.0562 2812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

16:57:43.0562 2812 NIC1394 - ok

16:57:43.0578 2812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

16:57:43.0593 2812 Npfs - ok

16:57:43.0640 2812 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

16:57:43.0656 2812 Ntfs - ok

16:57:43.0781 2812 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

16:57:43.0781 2812 Null - ok

16:57:43.0984 2812 nv (88d8f8d4c3243e0bb0ed57496868e52e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

16:57:44.0062 2812 nv - ok

16:57:44.0343 2812 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

16:57:44.0343 2812 NwlnkFlt - ok

16:57:44.0375 2812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

16:57:44.0375 2812 NwlnkFwd - ok

16:57:44.0453 2812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

16:57:44.0453 2812 ohci1394 - ok

16:57:44.0531 2812 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys

16:57:44.0531 2812 Parport - ok

16:57:44.0578 2812 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

16:57:44.0578 2812 PartMgr - ok

16:57:44.0609 2812 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys

16:57:44.0609 2812 ParVdm - ok

16:57:44.0625 2812 PCAMPR5 - ok

16:57:44.0656 2812 PCANDIS5 (ceef86cb35abe95c40a88784f5b631ad) C:\WINDOWS\system32\PCANDIS5.SYS

16:57:44.0687 2812 PCANDIS5 - ok

16:57:44.0843 2812 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys

16:57:44.0859 2812 pccsmcfd - ok

16:57:44.0875 2812 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys

16:57:44.0875 2812 PCI - ok

16:57:44.0890 2812 PCIDump - ok

16:57:44.0921 2812 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys

16:57:44.0921 2812 PCIIde - ok

16:57:44.0937 2812 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

16:57:44.0937 2812 Pcmcia - ok

16:57:44.0953 2812 PDCOMP - ok

16:57:44.0968 2812 PDFRAME - ok

16:57:44.0984 2812 PDRELI - ok

16:57:45.0000 2812 PDRFRAME - ok

16:57:45.0078 2812 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

16:57:45.0078 2812 perc2 - ok

16:57:45.0125 2812 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

16:57:45.0125 2812 perc2hib - ok

16:57:45.0234 2812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

16:57:45.0234 2812 PptpMiniport - ok

16:57:45.0265 2812 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

16:57:45.0265 2812 PSched - ok

16:57:45.0312 2812 PSI (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

16:57:45.0328 2812 PSI - ok

16:57:45.0390 2812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

16:57:45.0390 2812 Ptilink - ok

16:57:45.0453 2812 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

16:57:45.0484 2812 PxHelp20 - ok

16:57:45.0531 2812 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

16:57:45.0531 2812 ql1080 - ok

16:57:45.0687 2812 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

16:57:45.0687 2812 Ql10wnt - ok

16:57:45.0703 2812 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

16:57:45.0703 2812 ql12160 - ok

16:57:45.0734 2812 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

16:57:45.0734 2812 ql1240 - ok

16:57:45.0750 2812 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

16:57:45.0750 2812 ql1280 - ok

16:57:45.0796 2812 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

16:57:45.0796 2812 RasAcd - ok

16:57:45.0828 2812 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

16:57:45.0828 2812 Rasl2tp - ok

16:57:45.0875 2812 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

16:57:45.0875 2812 RasPppoe - ok

16:57:45.0890 2812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

16:57:45.0890 2812 Raspti - ok

16:57:45.0921 2812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

16:57:45.0921 2812 Rdbss - ok

16:57:45.0937 2812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

16:57:45.0937 2812 RDPCDD - ok

16:57:45.0984 2812 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

16:57:46.0000 2812 rdpdr - ok

16:57:46.0078 2812 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys

16:57:46.0078 2812 RDPWD - ok

16:57:46.0218 2812 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys

16:57:46.0234 2812 redbook - ok

16:57:46.0281 2812 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

16:57:46.0281 2812 rtl8139 - ok

16:57:46.0328 2812 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

16:57:46.0328 2812 sdbus - ok

16:57:46.0375 2812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

16:57:46.0375 2812 Secdrv - ok

16:57:46.0421 2812 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys

16:57:46.0421 2812 Serial - ok

16:57:46.0453 2812 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

16:57:46.0468 2812 Sfloppy - ok

16:57:46.0484 2812 Simbad - ok

16:57:46.0515 2812 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

16:57:46.0515 2812 sisagp - ok

16:57:46.0546 2812 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

16:57:46.0546 2812 SLIP - ok

16:57:46.0593 2812 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

16:57:46.0593 2812 Sparrow - ok

16:57:46.0625 2812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

16:57:46.0625 2812 splitter - ok

16:57:46.0671 2812 SQTECH905C (c526f69809cf33ca214f29243ead47dc) C:\WINDOWS\system32\Drivers\Capt905c.sys

16:57:46.0671 2812 SQTECH905C - ok

16:57:46.0828 2812 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys

16:57:46.0828 2812 sr - ok

16:57:46.0890 2812 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

16:57:46.0890 2812 Srv - ok

16:57:46.0953 2812 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

16:57:46.0953 2812 ssmdrv - ok

16:57:47.0000 2812 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys

16:57:47.0000 2812 ss_bbus - ok

16:57:47.0046 2812 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys

16:57:47.0046 2812 ss_bmdfl - ok

16:57:47.0078 2812 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys

16:57:47.0078 2812 ss_bmdm - ok

16:57:47.0140 2812 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

16:57:47.0140 2812 streamip - ok

16:57:47.0171 2812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

16:57:47.0171 2812 swenum - ok

16:57:47.0203 2812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

16:57:47.0203 2812 swmidi - ok

16:57:47.0250 2812 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

16:57:47.0250 2812 symc810 - ok

16:57:47.0421 2812 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

16:57:47.0421 2812 symc8xx - ok

16:57:47.0437 2812 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

16:57:47.0437 2812 sym_hi - ok

16:57:47.0453 2812 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

16:57:47.0453 2812 sym_u3 - ok

16:57:47.0531 2812 SynTP (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys

16:57:47.0531 2812 SynTP - ok

16:57:47.0593 2812 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

16:57:47.0593 2812 sysaudio - ok

16:57:47.0656 2812 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

16:57:47.0656 2812 Tcpip - ok

16:57:47.0703 2812 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

16:57:47.0703 2812 TDPIPE - ok

16:57:47.0734 2812 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

16:57:47.0734 2812 TDTCP - ok

16:57:47.0781 2812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

16:57:47.0781 2812 TermDD - ok

16:57:47.0843 2812 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys

16:57:47.0843 2812 tifm21 - ok

16:57:48.0109 2812 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys

16:57:48.0109 2812 TosIde - ok

16:57:48.0140 2812 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

16:57:48.0140 2812 Udfs - ok

16:57:48.0156 2812 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

16:57:48.0156 2812 ultra - ok

16:57:48.0234 2812 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

16:57:48.0234 2812 Update - ok

16:57:48.0281 2812 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

16:57:48.0281 2812 USBAAPL - ok

16:57:48.0328 2812 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

16:57:48.0328 2812 usbaudio - ok

16:57:48.0343 2812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

16:57:48.0343 2812 usbccgp - ok

16:57:48.0390 2812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

16:57:48.0390 2812 usbehci - ok

16:57:48.0406 2812 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

16:57:48.0406 2812 usbhub - ok

16:57:48.0656 2812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

16:57:48.0656 2812 usbscan - ok

16:57:48.0703 2812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

16:57:48.0703 2812 USBSTOR - ok

16:57:48.0734 2812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

16:57:48.0734 2812 usbuhci - ok

16:57:48.0750 2812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

16:57:48.0750 2812 VgaSave - ok

16:57:48.0796 2812 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

16:57:48.0796 2812 viaagp - ok

16:57:48.0843 2812 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

16:57:48.0843 2812 ViaIde - ok

16:57:48.0859 2812 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys

16:57:48.0859 2812 VolSnap - ok

16:57:48.0984 2812 VX3000 (45798ec03c6aeb45aa2f2084f7842f6c) C:\WINDOWS\system32\DRIVERS\VX3000.sys

16:57:49.0031 2812 VX3000 - ok

16:57:49.0531 2812 w39n51 (4e7b07653f4f9937cf62ad2869fba520) C:\WINDOWS\system32\DRIVERS\w39n51.sys

16:57:49.0562 2812 w39n51 - ok

16:57:49.0765 2812 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

16:57:49.0765 2812 Wanarp - ok

16:57:49.0781 2812 WDICA - ok

16:57:49.0812 2812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

16:57:49.0812 2812 wdmaud - ok

16:57:49.0890 2812 winachsf (214bc3ad84907ad6ad655ac5465f449a) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

16:57:49.0906 2812 winachsf - ok

16:57:49.0968 2812 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

16:57:49.0968 2812 WmiAcpi - ok

16:57:50.0046 2812 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

16:57:50.0046 2812 WSTCODEC - ok

16:57:50.0109 2812 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

16:57:50.0109 2812 WudfPf - ok

16:57:50.0156 2812 MBR (0x1B8) (c55974362fe92a949251a654e3d5df52) \Device\Harddisk0\DR0

16:57:50.0156 2812 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected

16:57:50.0156 2812 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

16:57:50.0203 2812 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4

16:57:50.0218 2812 \Device\Harddisk1\DR4 - ok

16:57:50.0218 2812 Boot (0x1200) (fdd152a409f39976dd9389ff0ff7ba8f) \Device\Harddisk0\DR0\Partition0

16:57:50.0218 2812 \Device\Harddisk0\DR0\Partition0 - ok

16:57:50.0250 2812 Boot (0x1200) (29ac50c71d081d89f5ada766db790aab) \Device\Harddisk0\DR0\Partition1

16:57:50.0250 2812 \Device\Harddisk0\DR0\Partition1 - ok

16:57:50.0265 2812 Boot (0x1200) (1d57f9d4c69f15fc242ddc2c51d1659a) \Device\Harddisk1\DR4\Partition0

16:57:50.0265 2812 \Device\Harddisk1\DR4\Partition0 - ok

16:57:50.0265 2812 ============================================================

16:57:50.0265 2812 Scan finished

16:57:50.0265 2812 ============================================================

16:57:50.0281 3820 Detected object count: 1

16:57:50.0281 3820 Actual detected object count: 1

16:58:34.0796 3820 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot

16:58:34.0796 3820 \Device\Harddisk0\DR0 - ok

16:58:34.0796 3820 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure

17:00:53.0656 3088 Deinitialize success

[Brylama]

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-10-17 17:10:21

-----------------------------

17:10:21.937 OS Version: Windows 5.1.2600 Service Pack 3

17:10:21.937 Number of processors: 2 586 0xE08

17:10:21.937 ComputerName: SAMI UserName:

17:10:22.812 Initialize success

17:10:42.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

17:10:42.531 Disk 0 Vendor: HTS54101 MBZO Size: 95396MB BusType: 3

17:10:42.546 Disk 0 MBR read successfully

17:10:42.546 Disk 0 MBR scan

17:10:42.546 Disk 0 unknown MBR code

17:10:42.562 Disk 0 scanning sectors +195366465

17:10:42.609 Disk 0 scanning C:\WINDOWS\system32\drivers

17:10:51.953 Service scanning

17:10:53.515 Modules scanning

17:11:00.125 Disk 0 trace - called modules:

17:11:00.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys

17:11:00.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f3f030]

17:11:00.156 3 CLASSPNP.SYS[f75f2fd7] -> nt!IofCallDriver -> \Device\0000007d[0x86f77a28]

17:11:00.156 5 ACPI.sys[f7468620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f75030]

17:11:00.671 Scan finished successfully

17:11:27.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sylvie Roussin\Bureau\MBR.dat"

17:11:27.375 The log file has been saved successfully to "C:\Documents and Settings\Sylvie Roussin\Bureau\aswMBR.txt"