Antimalware doctor virus sur Windows xp
Fermé
devilfox
-
28 juin 2011 à 16:06
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 juin 2011 à 17:12
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 29 juin 2011 à 17:12
A voir également:
- Antimalware doctor virus sur Windows xp
- Cle windows xp - Guide
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Montage video windows - Guide
- Windows ne démarre pas - Guide
- Windows 10 gratuit - Accueil - Mise à jour
5 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 663
28 juin 2011 à 16:07
28 juin 2011 à 16:07
Salut,
Télécharge RogueKiller : https://www.luanagames.com/index.fr.html
Lances en option 2 (Suppression).
Poste le rapport ici.
Si RogueKiller est bloqué - tente de le renommer en iexplore ou winlogon
Si tjrs pas - affiche les extensions de fichiers : https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/
Renomme RogueKiller.exe en RogueKiller.com
Télécharge RogueKiller : https://www.luanagames.com/index.fr.html
Lances en option 2 (Suppression).
Poste le rapport ici.
Si RogueKiller est bloqué - tente de le renommer en iexplore ou winlogon
Si tjrs pas - affiche les extensions de fichiers : https://www.commentcamarche.net/informatique/windows/185-afficher-les-extensions-et-les-fichiers-caches-sous-windows/
Renomme RogueKiller.exe en RogueKiller.com
OK Merci je vais essayer sa et je poste le rapport tout de suite je suis obligé d'utiliser un autre pc pour naviguer.
Voici le rapport
RogueKiller V5.2.6 [27/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: damien [Droits d'admin]
Mode: Suppression -- Date : 28/06/2011 19:59:18
Processus malicieux: 1
[SUSP PATH] setup.exe -- c:\windows\temp\vskbqn\setup.exe -> KILLED
Entrees de registre: 8
[SUSP PATH] HKCU\[...]\Run : tplsis70t.exe (C:\Documents and Settings\damien\Application Data\F63AA964AF8D1ABA08FEF326CE8F5D29\tplsis70t.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : sys32_nov (C:\Documents and Settings\damien\sys32_nov.exe) -> DELETED
[BLACKLIST DLL] HKCU\[...]\Run : Nhehuxegeqe (rundll32.exe "C:\WINDOWS\nwms32rt.dll",Startup) -> DELETED
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AMService (C:\WINDOWS\TEMP\vskbqn\setup.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-20[...]\Run : upd_debug.exe ("C:\Documents and Settings\damien\Application Data\F63AA964AF8D1ABA08FEF326CE8F5D29\upd_debug.exe") -> DELETED
[SUSP PATH] HKUS\S-1-5-20[...]\Run : objpageparse.exe ("C:\Documents and Settings\damien\Local Settings\Application Data\objpageparse.exe") -> DELETED
[SUSP PATH] HKLM\[...]\RunOnce : *objpageparse.exe ("C:\Documents and Settings\damien\Local Settings\Application Data\objpageparse.exe") -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Termine : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V5.2.6 [27/06/2011] par Tigzy
contact sur http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: damien [Droits d'admin]
Mode: Suppression -- Date : 28/06/2011 19:59:18
Processus malicieux: 1
[SUSP PATH] setup.exe -- c:\windows\temp\vskbqn\setup.exe -> KILLED
Entrees de registre: 8
[SUSP PATH] HKCU\[...]\Run : tplsis70t.exe (C:\Documents and Settings\damien\Application Data\F63AA964AF8D1ABA08FEF326CE8F5D29\tplsis70t.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : sys32_nov (C:\Documents and Settings\damien\sys32_nov.exe) -> DELETED
[BLACKLIST DLL] HKCU\[...]\Run : Nhehuxegeqe (rundll32.exe "C:\WINDOWS\nwms32rt.dll",Startup) -> DELETED
[SUSP PATH] HKUS\.DEFAULT[...]\Run : AMService (C:\WINDOWS\TEMP\vskbqn\setup.exe) -> DELETED
[SUSP PATH] HKUS\S-1-5-20[...]\Run : upd_debug.exe ("C:\Documents and Settings\damien\Application Data\F63AA964AF8D1ABA08FEF326CE8F5D29\upd_debug.exe") -> DELETED
[SUSP PATH] HKUS\S-1-5-20[...]\Run : objpageparse.exe ("C:\Documents and Settings\damien\Local Settings\Application Data\objpageparse.exe") -> DELETED
[SUSP PATH] HKLM\[...]\RunOnce : *objpageparse.exe ("C:\Documents and Settings\damien\Local Settings\Application Data\objpageparse.exe") -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Fichier HOSTS:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]
Termine : << RKreport[1].txt >>
RKreport[1].txt
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 663
28 juin 2011 à 20:41
28 juin 2011 à 20:41
[SUSP PATH] setup.exe -- c:\windows\temp\vskbqn\setup.exe -> KILLED
humpff :/
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Poste le rapport ici.
~~
Mets à jour Malwarebyte
Fais un scan rapide, nettoye tout ce qui est détecté et poste le rapport ici.
~~
Ensuite :
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
* Lance OTL
* Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
humpff :/
Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Poste le rapport ici.
~~
Mets à jour Malwarebyte
Fais un scan rapide, nettoye tout ce qui est détecté et poste le rapport ici.
~~
Ensuite :
Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/
* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
* Lance OTL
* Sous Peronnalisation, copie-colle ce qu'il y a dans le cadre ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer les rapports.
Donnes le liens pjjoint ici ensuite pour pouvoir être consultés.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci pour tes conseilles Voila j'ai passé un coup de tds killer un coup de malware bytes antimalware doctor c'est enfin enléve de mon pc mais par contre et ce que tu aurais un bon anti virus a me proposer ainsi que les demarche pour nettoyer le pc d'une nouvelle infection au cas ou?
2011/06/29 12:58:07.0718 0380 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 12:58:07.0781 0380 ================================================================================
2011/06/29 12:58:07.0781 0380 SystemInfo:
2011/06/29 12:58:07.0781 0380
2011/06/29 12:58:07.0781 0380 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/29 12:58:07.0781 0380 Product type: Workstation
2011/06/29 12:58:07.0781 0380 ComputerName: MACHINEXP
2011/06/29 12:58:07.0781 0380 UserName: damien
2011/06/29 12:58:07.0781 0380 Windows directory: C:\WINDOWS
2011/06/29 12:58:07.0781 0380 System windows directory: C:\WINDOWS
2011/06/29 12:58:07.0781 0380 Processor architecture: Intel x86
2011/06/29 12:58:07.0781 0380 Number of processors: 1
2011/06/29 12:58:07.0781 0380 Page size: 0x1000
2011/06/29 12:58:07.0781 0380 Boot type: Normal boot
2011/06/29 12:58:07.0781 0380 ================================================================================
2011/06/29 12:58:09.0531 0380 Initialize success
2011/06/29 12:58:13.0531 0408 ================================================================================
2011/06/29 12:58:13.0531 0408 Scan started
2011/06/29 12:58:13.0531 0408 Mode: Manual;
2011/06/29 12:58:13.0531 0408 ================================================================================
2011/06/29 12:58:15.0890 0408 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/29 12:58:16.0093 0408 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/29 12:58:16.0421 0408 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/29 12:58:16.0609 0408 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/29 12:58:18.0078 0408 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/06/29 12:58:18.0312 0408 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/29 12:58:18.0515 0408 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/29 12:58:18.0812 0408 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/29 12:58:19.0031 0408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/29 12:58:19.0265 0408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/29 12:58:19.0531 0408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/29 12:58:19.0828 0408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/29 12:58:20.0015 0408 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/29 12:58:20.0187 0408 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/29 12:58:21.0093 0408 cmuda3 (dbf0577d5f34a1523efb844be262f8f9) C:\WINDOWS\system32\drivers\cmudax3.sys
2011/06/29 12:58:21.0734 0408 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/29 12:58:21.0921 0408 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/29 12:58:22.0140 0408 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/29 12:58:22.0328 0408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/29 12:58:22.0500 0408 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/29 12:58:22.0718 0408 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/29 12:58:22.0859 0408 eamon (68556a9d5339046a85815c3826caf412) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/06/29 12:58:23.0015 0408 easdrv (fd90ea14a6dad9a3e380dc2b84956c0f) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2011/06/29 12:58:23.0187 0408 epfw (4fcb6bb677efef9335204157d7b1b9b9) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/06/29 12:58:23.0359 0408 Epfwndis (bc2eb5219481b235ae260a88e3922115) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/06/29 12:58:23.0468 0408 epfwtdi (1bad7268b8bcc56c259c141c233fb737) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/06/29 12:58:23.0640 0408 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/29 12:58:23.0796 0408 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/29 12:58:23.0921 0408 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/06/29 12:58:24.0046 0408 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/29 12:58:24.0203 0408 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/29 12:58:24.0375 0408 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/29 12:58:24.0562 0408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/29 12:58:24.0718 0408 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/29 12:58:25.0125 0408 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/29 12:58:25.0718 0408 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/06/29 12:58:25.0921 0408 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/29 12:58:26.0171 0408 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/29 12:58:26.0531 0408 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/29 12:58:26.0703 0408 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/29 12:58:27.0031 0408 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/29 12:58:27.0234 0408 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/29 12:58:27.0375 0408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/29 12:58:27.0531 0408 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/29 12:58:27.0718 0408 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/29 12:58:27.0906 0408 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/29 12:58:28.0062 0408 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/29 12:58:28.0234 0408 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/29 12:58:28.0375 0408 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/29 12:58:28.0531 0408 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/29 12:58:28.0687 0408 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/29 12:58:28.0828 0408 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/29 12:58:29.0328 0408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/29 12:58:30.0125 0408 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/29 12:58:30.0265 0408 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/29 12:58:30.0421 0408 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/29 12:58:30.0593 0408 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/29 12:58:30.0843 0408 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/29 12:58:31.0031 0408 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/29 12:58:31.0234 0408 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/29 12:58:31.0375 0408 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/29 12:58:31.0515 0408 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/29 12:58:31.0640 0408 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/29 12:58:31.0796 0408 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/29 12:58:31.0937 0408 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/29 12:58:32.0140 0408 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/29 12:58:32.0296 0408 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/29 12:58:32.0421 0408 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/29 12:58:32.0546 0408 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/29 12:58:32.0687 0408 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/29 12:58:32.0812 0408 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/29 12:58:32.0937 0408 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/29 12:58:33.0187 0408 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/29 12:58:33.0375 0408 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/29 12:58:33.0578 0408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/29 12:58:33.0718 0408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/29 12:58:33.0859 0408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/29 12:58:34.0062 0408 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/29 12:58:34.0203 0408 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/29 12:58:34.0343 0408 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/29 12:58:34.0468 0408 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/29 12:58:34.0812 0408 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/29 12:58:35.0640 0408 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/29 12:58:35.0781 0408 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/29 12:58:35.0937 0408 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/29 12:58:36.0109 0408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/29 12:58:36.0750 0408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/29 12:58:36.0906 0408 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/29 12:58:37.0062 0408 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/29 12:58:37.0203 0408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/29 12:58:37.0359 0408 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/29 12:58:37.0484 0408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/29 12:58:37.0625 0408 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/29 12:58:37.0796 0408 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/29 12:58:37.0937 0408 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/29 12:58:38.0203 0408 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/06/29 12:58:38.0453 0408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/29 12:58:38.0609 0408 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/29 12:58:38.0734 0408 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/29 12:58:38.0984 0408 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/29 12:58:39.0453 0408 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/29 12:58:39.0671 0408 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/29 12:58:39.0671 0408 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/06/29 12:58:39.0703 0408 sptd - detected LockedFile.Multi.Generic (1)
2011/06/29 12:58:39.0828 0408 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/29 12:58:40.0015 0408 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/29 12:58:40.0171 0408 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/06/29 12:58:40.0359 0408 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/29 12:58:40.0500 0408 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/29 12:58:41.0156 0408 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/29 12:58:41.0359 0408 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/29 12:58:41.0515 0408 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/29 12:58:41.0656 0408 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/29 12:58:41.0859 0408 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/29 12:58:42.0171 0408 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/29 12:58:42.0468 0408 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/29 12:58:42.0671 0408 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/29 12:58:42.0828 0408 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/29 12:58:42.0984 0408 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/29 12:58:43.0187 0408 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/29 12:58:43.0375 0408 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/29 12:58:43.0531 0408 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/29 12:58:43.0687 0408 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/29 12:58:43.0828 0408 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/29 12:58:43.0968 0408 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/29 12:58:44.0109 0408 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/29 12:58:44.0234 0408 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/29 12:58:44.0421 0408 VIAudio (ec14fedcfc97f0af98215ce385afec23) C:\WINDOWS\system32\drivers\viaudios.sys
2011/06/29 12:58:44.0609 0408 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/29 12:58:44.0781 0408 Vsp (aaf94bc88ecdf0ae0586805dad1e59c4) C:\WINDOWS\system32\drivers\Vsp.sys
2011/06/29 12:58:44.0984 0408 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/29 12:58:45.0343 0408 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/29 12:58:45.0734 0408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/29 12:58:45.0890 0408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/29 12:58:46.0031 0408 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0
2011/06/29 12:58:46.0062 0408 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/29 12:58:46.0093 0408 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
2011/06/29 12:58:46.0421 0408 Boot (0x1200) (9d7d3299029e394964bf7b793bf2fa9d) \Device\Harddisk0\DR0\Partition0
2011/06/29 12:58:46.0500 0408 Boot (0x1200) (430f1616e21885c276d169dfc36304ec) \Device\Harddisk0\DR0\Partition1
2011/06/29 12:58:46.0546 0408 Boot (0x1200) (cb6a55dd182f2d4d9c48a2cd447c7084) \Device\Harddisk1\DR3\Partition0
2011/06/29 12:58:46.0562 0408 ================================================================================
2011/06/29 12:58:46.0562 0408 Scan finished
2011/06/29 12:58:46.0562 0408 ================================================================================
2011/06/29 12:58:46.0625 0400 Detected object count: 2
2011/06/29 12:58:46.0625 0400 Actual detected object count: 2
2011/06/29 13:00:18.0750 0400 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/29 13:00:18.0765 0400 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/29 13:00:18.0765 0400 \Device\Harddisk0\DR0 - ok
2011/06/29 13:00:18.0765 0400 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/29 13:00:25.0156 0372 Deinitialize success
2011/06/29 12:58:07.0718 0380 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/06/29 12:58:07.0781 0380 ================================================================================
2011/06/29 12:58:07.0781 0380 SystemInfo:
2011/06/29 12:58:07.0781 0380
2011/06/29 12:58:07.0781 0380 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/29 12:58:07.0781 0380 Product type: Workstation
2011/06/29 12:58:07.0781 0380 ComputerName: MACHINEXP
2011/06/29 12:58:07.0781 0380 UserName: damien
2011/06/29 12:58:07.0781 0380 Windows directory: C:\WINDOWS
2011/06/29 12:58:07.0781 0380 System windows directory: C:\WINDOWS
2011/06/29 12:58:07.0781 0380 Processor architecture: Intel x86
2011/06/29 12:58:07.0781 0380 Number of processors: 1
2011/06/29 12:58:07.0781 0380 Page size: 0x1000
2011/06/29 12:58:07.0781 0380 Boot type: Normal boot
2011/06/29 12:58:07.0781 0380 ================================================================================
2011/06/29 12:58:09.0531 0380 Initialize success
2011/06/29 12:58:13.0531 0408 ================================================================================
2011/06/29 12:58:13.0531 0408 Scan started
2011/06/29 12:58:13.0531 0408 Mode: Manual;
2011/06/29 12:58:13.0531 0408 ================================================================================
2011/06/29 12:58:15.0890 0408 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/29 12:58:16.0093 0408 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/29 12:58:16.0421 0408 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/29 12:58:16.0609 0408 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/29 12:58:18.0078 0408 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
2011/06/29 12:58:18.0312 0408 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/29 12:58:18.0515 0408 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/29 12:58:18.0812 0408 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/29 12:58:19.0031 0408 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/29 12:58:19.0265 0408 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/29 12:58:19.0531 0408 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/29 12:58:19.0828 0408 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/29 12:58:20.0015 0408 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/29 12:58:20.0187 0408 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/29 12:58:21.0093 0408 cmuda3 (dbf0577d5f34a1523efb844be262f8f9) C:\WINDOWS\system32\drivers\cmudax3.sys
2011/06/29 12:58:21.0734 0408 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/29 12:58:21.0921 0408 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/29 12:58:22.0140 0408 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/29 12:58:22.0328 0408 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/29 12:58:22.0500 0408 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/29 12:58:22.0718 0408 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/29 12:58:22.0859 0408 eamon (68556a9d5339046a85815c3826caf412) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/06/29 12:58:23.0015 0408 easdrv (fd90ea14a6dad9a3e380dc2b84956c0f) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2011/06/29 12:58:23.0187 0408 epfw (4fcb6bb677efef9335204157d7b1b9b9) C:\WINDOWS\system32\DRIVERS\epfw.sys
2011/06/29 12:58:23.0359 0408 Epfwndis (bc2eb5219481b235ae260a88e3922115) C:\WINDOWS\system32\DRIVERS\Epfwndis.sys
2011/06/29 12:58:23.0468 0408 epfwtdi (1bad7268b8bcc56c259c141c233fb737) C:\WINDOWS\system32\DRIVERS\epfwtdi.sys
2011/06/29 12:58:23.0640 0408 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/29 12:58:23.0796 0408 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/29 12:58:23.0921 0408 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/06/29 12:58:24.0046 0408 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/29 12:58:24.0203 0408 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/29 12:58:24.0375 0408 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/29 12:58:24.0562 0408 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/29 12:58:24.0718 0408 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/29 12:58:25.0125 0408 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/29 12:58:25.0718 0408 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/06/29 12:58:25.0921 0408 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/29 12:58:26.0171 0408 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/29 12:58:26.0531 0408 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/29 12:58:26.0703 0408 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/29 12:58:27.0031 0408 intelppm (dd5ad1e79ac26d3f8d8828ad4627f160) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/29 12:58:27.0234 0408 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/29 12:58:27.0375 0408 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/29 12:58:27.0531 0408 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/29 12:58:27.0718 0408 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/29 12:58:27.0906 0408 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/29 12:58:28.0062 0408 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/29 12:58:28.0234 0408 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/29 12:58:28.0375 0408 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/29 12:58:28.0531 0408 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/29 12:58:28.0687 0408 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/29 12:58:28.0828 0408 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/29 12:58:29.0328 0408 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/29 12:58:30.0125 0408 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/29 12:58:30.0265 0408 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/29 12:58:30.0421 0408 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/29 12:58:30.0593 0408 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/29 12:58:30.0843 0408 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/29 12:58:31.0031 0408 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/29 12:58:31.0234 0408 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/29 12:58:31.0375 0408 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/29 12:58:31.0515 0408 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/29 12:58:31.0640 0408 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/29 12:58:31.0796 0408 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/29 12:58:31.0937 0408 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/29 12:58:32.0140 0408 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/29 12:58:32.0296 0408 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/29 12:58:32.0421 0408 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/29 12:58:32.0546 0408 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/29 12:58:32.0687 0408 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/29 12:58:32.0812 0408 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/29 12:58:32.0937 0408 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/29 12:58:33.0187 0408 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/29 12:58:33.0375 0408 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/29 12:58:33.0578 0408 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/29 12:58:33.0718 0408 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/29 12:58:33.0859 0408 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/29 12:58:34.0062 0408 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/29 12:58:34.0203 0408 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/29 12:58:34.0343 0408 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/29 12:58:34.0468 0408 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/29 12:58:34.0812 0408 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/29 12:58:35.0640 0408 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/29 12:58:35.0781 0408 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/29 12:58:35.0937 0408 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/29 12:58:36.0109 0408 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/29 12:58:36.0750 0408 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/29 12:58:36.0906 0408 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/29 12:58:37.0062 0408 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/29 12:58:37.0203 0408 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/29 12:58:37.0359 0408 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/29 12:58:37.0484 0408 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/29 12:58:37.0625 0408 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/29 12:58:37.0796 0408 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/29 12:58:37.0937 0408 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/29 12:58:38.0203 0408 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/06/29 12:58:38.0453 0408 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/29 12:58:38.0609 0408 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/29 12:58:38.0734 0408 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/29 12:58:38.0984 0408 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/29 12:58:39.0453 0408 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/29 12:58:39.0671 0408 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/29 12:58:39.0671 0408 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/06/29 12:58:39.0703 0408 sptd - detected LockedFile.Multi.Generic (1)
2011/06/29 12:58:39.0828 0408 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/29 12:58:40.0015 0408 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/29 12:58:40.0171 0408 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/06/29 12:58:40.0359 0408 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/29 12:58:40.0500 0408 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/29 12:58:41.0156 0408 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/29 12:58:41.0359 0408 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/29 12:58:41.0515 0408 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/29 12:58:41.0656 0408 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/29 12:58:41.0859 0408 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/29 12:58:42.0171 0408 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/29 12:58:42.0468 0408 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/29 12:58:42.0671 0408 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/29 12:58:42.0828 0408 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/29 12:58:42.0984 0408 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/29 12:58:43.0187 0408 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/29 12:58:43.0375 0408 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/29 12:58:43.0531 0408 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/29 12:58:43.0687 0408 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/29 12:58:43.0828 0408 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/29 12:58:43.0968 0408 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/29 12:58:44.0109 0408 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/29 12:58:44.0234 0408 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/29 12:58:44.0421 0408 VIAudio (ec14fedcfc97f0af98215ce385afec23) C:\WINDOWS\system32\drivers\viaudios.sys
2011/06/29 12:58:44.0609 0408 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/29 12:58:44.0781 0408 Vsp (aaf94bc88ecdf0ae0586805dad1e59c4) C:\WINDOWS\system32\drivers\Vsp.sys
2011/06/29 12:58:44.0984 0408 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/29 12:58:45.0343 0408 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/29 12:58:45.0734 0408 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/29 12:58:45.0890 0408 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/29 12:58:46.0031 0408 MBR (0x1B8) (dad11e2a62df7f44f938c5059e874339) \Device\Harddisk0\DR0
2011/06/29 12:58:46.0062 0408 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/29 12:58:46.0093 0408 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR3
2011/06/29 12:58:46.0421 0408 Boot (0x1200) (9d7d3299029e394964bf7b793bf2fa9d) \Device\Harddisk0\DR0\Partition0
2011/06/29 12:58:46.0500 0408 Boot (0x1200) (430f1616e21885c276d169dfc36304ec) \Device\Harddisk0\DR0\Partition1
2011/06/29 12:58:46.0546 0408 Boot (0x1200) (cb6a55dd182f2d4d9c48a2cd447c7084) \Device\Harddisk1\DR3\Partition0
2011/06/29 12:58:46.0562 0408 ================================================================================
2011/06/29 12:58:46.0562 0408 Scan finished
2011/06/29 12:58:46.0562 0408 ================================================================================
2011/06/29 12:58:46.0625 0400 Detected object count: 2
2011/06/29 12:58:46.0625 0400 Actual detected object count: 2
2011/06/29 13:00:18.0750 0400 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/29 13:00:18.0765 0400 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/29 13:00:18.0765 0400 \Device\Harddisk0\DR0 - ok
2011/06/29 13:00:18.0765 0400 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/29 13:00:25.0156 0372 Deinitialize success
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 663
29 juin 2011 à 17:12
29 juin 2011 à 17:12
merci de terminer la procédure et donner tous les rapports demandés.