Ordinateur lent + bruits intempestifs
Fermé
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
-
9 août 2011 à 14:16
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 - 19 sept. 2011 à 13:07
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 - 19 sept. 2011 à 13:07
A voir également:
- Ordinateur lent + bruits intempestifs
- Ordinateur lent que faire - Guide
- Réinitialiser ordinateur - Guide
- Mon mac est lent comment le nettoyer - Guide
- Pad ordinateur - Guide
- Comment réinitialiser un ordinateur verrouillé - Guide
41 réponses
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
29 août 2011 à 14:48
29 août 2011 à 14:48
>Copie les lignes "helpers" (Avec Ctrl + C) présentes dans le fichier texte : http://dl.dropbox.com/u/32869654/Pour%20alicemissmeat.txt
>Ouvre ZHPfix, icone seringue (Vista et 7 : "Exécuter en tant qu'administrateur").
>Colle les lignes helpers : Pour ce, clique sur la balise document, à droite de l'appareil photo. Ou alors sur le H.
>Faire Ok.
>Clique sur "Tous".
>Clique sur "Nettoyer".
>Copie le rapport, et coller-le dans la prochaine réponse sur le forum.
Si tu as des questions, n'hésite pas à me les poser !
@+
Gabriel.
>Ouvre ZHPfix, icone seringue (Vista et 7 : "Exécuter en tant qu'administrateur").
>Colle les lignes helpers : Pour ce, clique sur la balise document, à droite de l'appareil photo. Ou alors sur le H.
>Faire Ok.
>Clique sur "Tous".
>Clique sur "Nettoyer".
>Copie le rapport, et coller-le dans la prochaine réponse sur le forum.
Si tu as des questions, n'hésite pas à me les poser !
@+
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
Modifié par alicemissmeat le 29/08/2011 à 16:31
Modifié par alicemissmeat le 29/08/2011 à 16:31
J'ai un probleme, avec ZHPfix, en effet apres avoir cliqué sur éliminer, un message apparait avec écrit : "violation d'accès à l'adresse 7C809E32 dans le module 'kernel32.dll'. Lecture de l'adresse 000000B8". Ensuite, tous les icones de mon bureau disparaissent et ZHPfix se bloque. Que dois-je faire ?
merci
merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
31 août 2011 à 22:03
31 août 2011 à 22:03
Clic droit => Exécuter en tant qu'admin ;)
@+
Gabriel.
@+
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
1 sept. 2011 à 04:06
1 sept. 2011 à 04:06
bonjour, executer en tant qu'admin ne change rien, je rencontre le meme probleme. J'apporte des precisions, je suis sous windows xp et c'est un pc italien (si ça change quelque chose dqns la décontamination...)
merci
merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
1 sept. 2011 à 17:15
1 sept. 2011 à 17:15
Retélécharge ZHPfix ici : https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html
Et fixe ça : http://dl.dropbox.com/u/32869654/Pour%20alicemissmeat.txt
Merci,
Gabriel.
Et fixe ça : http://dl.dropbox.com/u/32869654/Pour%20alicemissmeat.txt
Merci,
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
2 sept. 2011 à 16:26
2 sept. 2011 à 16:26
C'est bon ça a marché :)
voila le rapport de ZHPfix :
http://ww38.toofiles.com/fr/oip/documents/zip/zhpfixreport.html
merci
voila le rapport de ZHPfix :
http://ww38.toofiles.com/fr/oip/documents/zip/zhpfixreport.html
merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
3 sept. 2011 à 00:18
3 sept. 2011 à 00:18
Ok, refais moi un ZHPdiag pour en être sûr ;)
Merci,
Gabriel.
Merci,
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
4 sept. 2011 à 18:27
4 sept. 2011 à 18:27
Et voila le rapport ZHPdiag :
http://ww38.toofiles.com/fr/oip/documents/zip/zhpdiag2000.html
merci
http://ww38.toofiles.com/fr/oip/documents/zip/zhpdiag2000.html
merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
4 sept. 2011 à 22:13
4 sept. 2011 à 22:13
Ok :)
>Copie les lignes "helpers" (Avec Ctrl + C) présentes dans le fichier texte : http://dl.dropbox.com/u/32869654/Pour%20alicemissmeat2.txt
>Ouvre ZHPfix, icone seringue (Vista et 7 : "Exécuter en tant qu'administrateur").
>Colle les lignes helpers : Pour ce, clique sur la balise document, à droite de l'appareil photo. Ou alors sur le H.
>Faire Ok.
>Clique sur "Tous".
>Clique sur "Nettoyer".
>Copie le rapport, et coller-le dans la prochaine réponse sur le forum.
Ensuite, on va vérifier une potentielle infection USB...
- Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau : http://www.teamxscript.org/usbfixTelechargement.html Si ton antivirus affiche une alerte, ignore la et désactive l'antivirus temporairement.
- Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
- Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement.
- Clique sur "Recherche".
- Laisse travailler l'outil.
- À la fin du scan, un rapport va s'afficher : post-le dans ta prochaine réponse sur le forum (il est aussi sauvegardé a la racine du disque dur).
@+
Gabriel.
>Copie les lignes "helpers" (Avec Ctrl + C) présentes dans le fichier texte : http://dl.dropbox.com/u/32869654/Pour%20alicemissmeat2.txt
>Ouvre ZHPfix, icone seringue (Vista et 7 : "Exécuter en tant qu'administrateur").
>Colle les lignes helpers : Pour ce, clique sur la balise document, à droite de l'appareil photo. Ou alors sur le H.
>Faire Ok.
>Clique sur "Tous".
>Clique sur "Nettoyer".
>Copie le rapport, et coller-le dans la prochaine réponse sur le forum.
Ensuite, on va vérifier une potentielle infection USB...
- Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau : http://www.teamxscript.org/usbfixTelechargement.html Si ton antivirus affiche une alerte, ignore la et désactive l'antivirus temporairement.
- Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
- Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement.
- Clique sur "Recherche".
- Laisse travailler l'outil.
- À la fin du scan, un rapport va s'afficher : post-le dans ta prochaine réponse sur le forum (il est aussi sauvegardé a la racine du disque dur).
@+
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
5 sept. 2011 à 17:59
5 sept. 2011 à 17:59
bonjour,
alors voila le rapport de ZHPfix :
http://ww38.toofiles.com/fr/oip/documents/txt/zhpfixr3.html
et voila le rapport de USBfix :
###########################
### | UsbFix 7.058 |
[Research]
User: ali (Administrator) #
USER-09D5B1B0BD [ ]
Updated 24/08/2011 by El
Desaparecido
Started at 17:47:46 |
05/09/2011
Website:
http://www.teamxscript.org
Submit your sample:
http://www.teamxscript.org/
Upload.php
Contact:
contact@eldesaparecido.com
CPU: Genuine Intel(R) CPU
T1500 @ 1.86GHz
CPU 2: Genuine Intel(R) CPU
T1500 @ 1.86GHz
Microsoft Windows XP Home
Edition (5.1.2600 32-Bit) #
Service Pack 3
Internet Explorer
6.0.2900.5512
Windows Firewall: Enabled
Antivirus: AVG Anti-Virus
Free Edition 2011 10.0 [(!)
Disabled | Updated]
RAM -> 2039 Mb
C:\ (%systemdrive%) ->
Fixed drive # 233 Gb (204
Mb free - 88%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4
Gb (4 Mb free - 96%) [] #
FAT32
F:\ -> Removable drive # 2
Gb (308 Mb free - 16%) [] #
FAT
G:\ -> Fixed drive # 466 Gb
(331 Mb free - 71%)
[Iomega_HDD] # NTFS
################## | Files
# Infected Folders |
Found ! E:\AdobeR.exe
Found !
C:\RECYCLER\S-1-5-21-682003
330-920026266-2146954855-10
04
Found ! E:\adober.exe
Found ! E:\msvcr71.dll
Found ! F:\msvcr71.dll
Found !
G:\RECYCLER\S-1-5-21-682003
330-920026266-2146954855-10
04
################## |
Registry |
################## |
Mountpoints2 |
HKCU\.\.\.\.\Explorer\Mount
Points2\{036b674e-b772-11de
-9c6f-0021855381a0}
Shell\AutoRun\Command =
ClickMe.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{073419fe-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{07341a00-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{07341a03-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{07341a05-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{17f82f56-d5bf-11dd
-a7f8-0021855381a0}
Shell\Auto\Command =
hvNrtID.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{5b0ecfc6-1f3b-11e0
-962d-0021855381a0}
Shell\AutoRun\Command =
E:\LaunchU3.exe -a
HKCU\.\.\.\.\Explorer\Mount
Points2\{9f32c4a2-1a85-11df
-9d9b-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{af8035c4-0906-11de
-9ab9-0021855381a0}
Shell\AutoRun\Command =
E:\LaunchU3.exe -a
################## | Vaccin
|
(!) This computer is not
vaccinated!
################## | E.O.F
|
merci
alors voila le rapport de ZHPfix :
http://ww38.toofiles.com/fr/oip/documents/txt/zhpfixr3.html
et voila le rapport de USBfix :
###########################
### | UsbFix 7.058 |
[Research]
User: ali (Administrator) #
USER-09D5B1B0BD [ ]
Updated 24/08/2011 by El
Desaparecido
Started at 17:47:46 |
05/09/2011
Website:
http://www.teamxscript.org
Submit your sample:
http://www.teamxscript.org/
Upload.php
Contact:
contact@eldesaparecido.com
CPU: Genuine Intel(R) CPU
T1500 @ 1.86GHz
CPU 2: Genuine Intel(R) CPU
T1500 @ 1.86GHz
Microsoft Windows XP Home
Edition (5.1.2600 32-Bit) #
Service Pack 3
Internet Explorer
6.0.2900.5512
Windows Firewall: Enabled
Antivirus: AVG Anti-Virus
Free Edition 2011 10.0 [(!)
Disabled | Updated]
RAM -> 2039 Mb
C:\ (%systemdrive%) ->
Fixed drive # 233 Gb (204
Mb free - 88%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Removable drive # 4
Gb (4 Mb free - 96%) [] #
FAT32
F:\ -> Removable drive # 2
Gb (308 Mb free - 16%) [] #
FAT
G:\ -> Fixed drive # 466 Gb
(331 Mb free - 71%)
[Iomega_HDD] # NTFS
################## | Files
# Infected Folders |
Found ! E:\AdobeR.exe
Found !
C:\RECYCLER\S-1-5-21-682003
330-920026266-2146954855-10
04
Found ! E:\adober.exe
Found ! E:\msvcr71.dll
Found ! F:\msvcr71.dll
Found !
G:\RECYCLER\S-1-5-21-682003
330-920026266-2146954855-10
04
################## |
Registry |
################## |
Mountpoints2 |
HKCU\.\.\.\.\Explorer\Mount
Points2\{036b674e-b772-11de
-9c6f-0021855381a0}
Shell\AutoRun\Command =
ClickMe.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{073419fe-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{07341a00-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{07341a03-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{07341a05-09ae-11df
-9d54-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{17f82f56-d5bf-11dd
-a7f8-0021855381a0}
Shell\Auto\Command =
hvNrtID.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{5b0ecfc6-1f3b-11e0
-962d-0021855381a0}
Shell\AutoRun\Command =
E:\LaunchU3.exe -a
HKCU\.\.\.\.\Explorer\Mount
Points2\{9f32c4a2-1a85-11df
-9d9b-0021855381a0}
Shell\AutoRun\Command =
E:\AutoRun.exe
HKCU\.\.\.\.\Explorer\Mount
Points2\{af8035c4-0906-11de
-9ab9-0021855381a0}
Shell\AutoRun\Command =
E:\LaunchU3.exe -a
################## | Vaccin
|
(!) This computer is not
vaccinated!
################## | E.O.F
|
merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
5 sept. 2011 à 18:52
5 sept. 2011 à 18:52
Re,
Ok :) Tu avais bien branché tous tes supports externes ?
@+
Gabriel.
Ok :) Tu avais bien branché tous tes supports externes ?
@+
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
6 sept. 2011 à 12:40
6 sept. 2011 à 12:40
oui tous
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
6 sept. 2011 à 12:47
6 sept. 2011 à 12:47
Ok :)
Encore des soucis ?
Comment va le PC ?
@+
Gabriel.
Encore des soucis ?
Comment va le PC ?
@+
Gabriel.
Tigzy
Messages postés
7498
Date d'inscription
lundi 15 février 2010
Statut
Contributeur sécurité
Dernière intervention
15 septembre 2021
582
6 sept. 2011 à 15:08
6 sept. 2011 à 15:08
Hello
Log RogueKiller:
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> DELETED
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> DELETED
=> TDSS
Log RogueKiller:
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> DELETED
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> DELETED
=> TDSS
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
6 sept. 2011 à 21:14
6 sept. 2011 à 21:14
Hello Tigzy ;)
Ok merci :)
- Télécharge TDSSKiller : https://support.kaspersky.com/downloads/utils/tdsskiller.zip
- Lance-le (Utilisateurs de Vista/Seven => Clic droit puis "Exécuter en tant que administrateur")
L'outil va télécharger automatiquement la dernière version de TDSSKiller puis lancera une analyse.
Patiente pendant le scan. À la fin de l'analyse, appuie sur une touche de ton choix. Un rapport va s'ouvrir.
- Copie/Colle son contenu dans ta prochaine réponse sur le forum.
N.B : Le rapport se trouve également sous C:\tdsskiller.txt.
Si tu as des questions sur l'utilisation de TDSSkiller, n'hésite pas à me les poser !
@+
Gabriel.
Ok merci :)
- Télécharge TDSSKiller : https://support.kaspersky.com/downloads/utils/tdsskiller.zip
- Lance-le (Utilisateurs de Vista/Seven => Clic droit puis "Exécuter en tant que administrateur")
L'outil va télécharger automatiquement la dernière version de TDSSKiller puis lancera une analyse.
Patiente pendant le scan. À la fin de l'analyse, appuie sur une touche de ton choix. Un rapport va s'ouvrir.
- Copie/Colle son contenu dans ta prochaine réponse sur le forum.
N.B : Le rapport se trouve également sous C:\tdsskiller.txt.
Si tu as des questions sur l'utilisation de TDSSkiller, n'hésite pas à me les poser !
@+
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
10 sept. 2011 à 16:48
10 sept. 2011 à 16:48
bonjour,
je m'excuse pour ma réponse tardive, je tiens a dire que mon ordinateur va beaucoup mieux et voila le raport TDSSkiller :
2011/09/10 16:40:18.0328 4088 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/10 16:40:18.0515 4088 ================================================================================
2011/09/10 16:40:18.0515 4088 SystemInfo:
2011/09/10 16:40:18.0515 4088
2011/09/10 16:40:18.0515 4088 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/10 16:40:18.0515 4088 Product type: Workstation
2011/09/10 16:40:18.0515 4088 ComputerName: USER-09D5B1B0BD
2011/09/10 16:40:18.0515 4088 UserName: ali
2011/09/10 16:40:18.0515 4088 Windows directory: C:\WINDOWS
2011/09/10 16:40:18.0515 4088 System windows directory: C:\WINDOWS
2011/09/10 16:40:18.0515 4088 Processor architecture: Intel x86
2011/09/10 16:40:18.0515 4088 Number of processors: 2
2011/09/10 16:40:18.0515 4088 Page size: 0x1000
2011/09/10 16:40:18.0515 4088 Boot type: Normal boot
2011/09/10 16:40:18.0515 4088 ================================================================================
2011/09/10 16:40:18.0796 4088 Initialize success
2011/09/10 16:40:55.0859 1296 ================================================================================
2011/09/10 16:40:55.0859 1296 Scan started
2011/09/10 16:40:55.0859 1296 Mode: Manual;
2011/09/10 16:40:55.0859 1296 ================================================================================
2011/09/10 16:40:56.0203 1296 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/10 16:40:56.0234 1296 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/10 16:40:56.0328 1296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/10 16:40:56.0406 1296 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/10 16:40:56.0531 1296 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/10 16:40:56.0828 1296 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/10 16:40:56.0984 1296 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/09/10 16:40:57.0546 1296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/10 16:40:57.0671 1296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/10 16:40:57.0718 1296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/10 16:40:57.0781 1296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/10 16:40:57.0828 1296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/10 16:40:57.0890 1296 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/10 16:40:57.0906 1296 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/10 16:40:57.0984 1296 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/10 16:40:58.0015 1296 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/10 16:40:58.0062 1296 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/10 16:40:58.0093 1296 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/10 16:40:58.0125 1296 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/10 16:40:58.0156 1296 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/10 16:40:58.0203 1296 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/10 16:40:58.0265 1296 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/10 16:40:58.0328 1296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/10 16:40:58.0343 1296 Suspicious service (NoAccess): bpborw
2011/09/10 16:40:58.0390 1296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/10 16:40:58.0437 1296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/10 16:40:58.0484 1296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/10 16:40:58.0515 1296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/10 16:40:58.0546 1296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/10 16:40:58.0625 1296 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/10 16:40:58.0656 1296 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/10 16:40:58.0781 1296 Suspicious service (NoAccess): cpzdodboj
2011/09/10 16:40:58.0859 1296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/10 16:40:58.0921 1296 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/10 16:40:59.0000 1296 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/10 16:40:59.0046 1296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/10 16:40:59.0093 1296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/10 16:40:59.0156 1296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/10 16:40:59.0171 1296 Suspicious service (NoAccess): dwaahsqlr
2011/09/10 16:40:59.0218 1296 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2011/09/10 16:40:59.0218 1296 Suspicious file (Forged): C:\WINDOWS\system32\drivers\es1969.sys. Real md5: b9f03760af557348e17a5bb5ffeb73c0, Fake md5: b5d78bc756e8dec20a1cc438dfffb88e
2011/09/10 16:40:59.0218 1296 es1969 - detected ForgedFile.Multi.Generic (1)
2011/09/10 16:40:59.0281 1296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/10 16:40:59.0328 1296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/10 16:40:59.0359 1296 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/10 16:40:59.0406 1296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/10 16:40:59.0437 1296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/10 16:40:59.0500 1296 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/10 16:40:59.0515 1296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/10 16:40:59.0531 1296 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/10 16:40:59.0578 1296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/10 16:40:59.0609 1296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/10 16:40:59.0609 1296 Suspicious service (NoAccess): gunvlhj
2011/09/10 16:40:59.0656 1296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/10 16:40:59.0718 1296 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/10 16:40:59.0734 1296 Suspicious service (NoAccess): hrmrmnkuc
2011/09/10 16:40:59.0765 1296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/10 16:40:59.0828 1296 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/09/10 16:40:59.0890 1296 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/09/10 16:40:59.0968 1296 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/10 16:41:00.0187 1296 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/10 16:41:00.0390 1296 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/10 16:41:00.0406 1296 Suspicious service (NoAccess): idpoxub
2011/09/10 16:41:00.0468 1296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/10 16:41:00.0734 1296 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/10 16:41:00.0953 1296 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/10 16:41:01.0000 1296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/10 16:41:01.0046 1296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/10 16:41:01.0078 1296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/10 16:41:01.0125 1296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/10 16:41:01.0203 1296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/10 16:41:01.0250 1296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/10 16:41:01.0296 1296 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/10 16:41:01.0312 1296 Suspicious service (NoAccess): jtkmnzuh
2011/09/10 16:41:01.0328 1296 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/10 16:41:01.0359 1296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/10 16:41:01.0406 1296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/10 16:41:01.0453 1296 Suspicious service (NoAccess): lundedax
2011/09/10 16:41:01.0500 1296 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/09/10 16:41:01.0546 1296 MA8630C (f2aaa3dc599dda3819aa47daf07a393b) C:\WINDOWS\system32\DRIVERS\MA8630C.sys
2011/09/10 16:41:01.0593 1296 MA8630M (a6d160b8485a2b77a25fde1f43edf8fa) C:\WINDOWS\system32\DRIVERS\MA8630M.sys
2011/09/10 16:41:01.0640 1296 MA8630U (a144be1eac6daf909d65a1af71383aa8) C:\WINDOWS\system32\DRIVERS\MA8630U.sys
2011/09/10 16:41:01.0687 1296 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/09/10 16:41:01.0734 1296 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/09/10 16:41:01.0812 1296 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/10 16:41:01.0875 1296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/10 16:41:01.0921 1296 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/10 16:41:02.0015 1296 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/10 16:41:02.0109 1296 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/10 16:41:02.0140 1296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/10 16:41:02.0187 1296 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/10 16:41:02.0281 1296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/10 16:41:02.0328 1296 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/10 16:41:02.0375 1296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/10 16:41:02.0421 1296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/10 16:41:02.0468 1296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/10 16:41:02.0515 1296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/10 16:41:02.0531 1296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/10 16:41:02.0578 1296 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/10 16:41:02.0609 1296 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/10 16:41:02.0656 1296 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/10 16:41:02.0718 1296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/10 16:41:02.0781 1296 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/10 16:41:02.0828 1296 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/10 16:41:02.0875 1296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/10 16:41:02.0890 1296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/10 16:41:02.0953 1296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/10 16:41:02.0984 1296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/10 16:41:03.0015 1296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/10 16:41:03.0078 1296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/10 16:41:03.0109 1296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/10 16:41:03.0156 1296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/10 16:41:03.0203 1296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/10 16:41:03.0234 1296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/10 16:41:03.0250 1296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/10 16:41:03.0296 1296 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/09/10 16:41:03.0312 1296 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/09/10 16:41:03.0343 1296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/10 16:41:03.0359 1296 Suspicious service (NoAccess): onmwycvyn
2011/09/10 16:41:03.0390 1296 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/10 16:41:03.0421 1296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/10 16:41:03.0453 1296 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/10 16:41:03.0500 1296 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/10 16:41:03.0531 1296 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/10 16:41:03.0562 1296 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/10 16:41:03.0765 1296 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/09/10 16:41:03.0828 1296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/10 16:41:03.0859 1296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/10 16:41:03.0875 1296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/10 16:41:03.0890 1296 Suspicious service (NoAccess): putqiamb
2011/09/10 16:41:03.0921 1296 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/10 16:41:04.0062 1296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/10 16:41:04.0093 1296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/10 16:41:04.0125 1296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/10 16:41:04.0140 1296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/10 16:41:04.0171 1296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/10 16:41:04.0218 1296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/10 16:41:04.0265 1296 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/10 16:41:04.0343 1296 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/10 16:41:04.0421 1296 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/10 16:41:04.0500 1296 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/10 16:41:04.0546 1296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/10 16:41:04.0609 1296 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/10 16:41:04.0656 1296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/10 16:41:04.0703 1296 Suspicious service (NoAccess): skwhjz
2011/09/10 16:41:04.0734 1296 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/10 16:41:04.0781 1296 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/10 16:41:04.0843 1296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/10 16:41:04.0875 1296 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/10 16:41:04.0953 1296 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/10 16:41:04.0968 1296 Suspicious service (NoAccess): stbonseb
2011/09/10 16:41:04.0984 1296 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/10 16:41:05.0015 1296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/10 16:41:05.0046 1296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/10 16:41:05.0171 1296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/10 16:41:05.0218 1296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/10 16:41:05.0250 1296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/10 16:41:05.0281 1296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/10 16:41:05.0312 1296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/10 16:41:05.0421 1296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/10 16:41:05.0500 1296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/10 16:41:05.0562 1296 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/09/10 16:41:05.0609 1296 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/09/10 16:41:05.0656 1296 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/10 16:41:05.0703 1296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/10 16:41:05.0765 1296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/10 16:41:05.0796 1296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/10 16:41:05.0859 1296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/10 16:41:05.0921 1296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/10 16:41:05.0953 1296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/10 16:41:06.0000 1296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/10 16:41:06.0015 1296 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/10 16:41:06.0031 1296 Suspicious service (NoAccess): vagsyfx
2011/09/10 16:41:06.0062 1296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/10 16:41:06.0125 1296 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/10 16:41:06.0203 1296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/10 16:41:06.0265 1296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/10 16:41:06.0359 1296 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/10 16:41:06.0421 1296 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/10 16:41:06.0437 1296 Suspicious service (NoAccess): xysqt
2011/09/10 16:41:06.0453 1296 Suspicious service (NoAccess): zhdmdpea
2011/09/10 16:41:06.0453 1296 Suspicious service (NoAccess): zobfk
2011/09/10 16:41:06.0484 1296 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
2011/09/10 16:41:06.0640 1296 Boot (0x1200) (bd895713ecd542d456dcb1953a1aa7e3) \Device\Harddisk0\DR0\Partition0
2011/09/10 16:41:06.0640 1296 ================================================================================
2011/09/10 16:41:06.0640 1296 Scan finished
2011/09/10 16:41:06.0640 1296 ================================================================================
2011/09/10 16:41:06.0671 2300 Detected object count: 1
2011/09/10 16:41:06.0671 2300 Actual detected object count: 1
2011/09/10 16:41:24.0171 2300 ForgedFile.Multi.Generic(es1969) - User
select action: Skip
merci
je m'excuse pour ma réponse tardive, je tiens a dire que mon ordinateur va beaucoup mieux et voila le raport TDSSkiller :
2011/09/10 16:40:18.0328 4088 TDSS rootkit removing tool 2.5.20.0 Sep 7 2011 16:44:34
2011/09/10 16:40:18.0515 4088 ================================================================================
2011/09/10 16:40:18.0515 4088 SystemInfo:
2011/09/10 16:40:18.0515 4088
2011/09/10 16:40:18.0515 4088 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/10 16:40:18.0515 4088 Product type: Workstation
2011/09/10 16:40:18.0515 4088 ComputerName: USER-09D5B1B0BD
2011/09/10 16:40:18.0515 4088 UserName: ali
2011/09/10 16:40:18.0515 4088 Windows directory: C:\WINDOWS
2011/09/10 16:40:18.0515 4088 System windows directory: C:\WINDOWS
2011/09/10 16:40:18.0515 4088 Processor architecture: Intel x86
2011/09/10 16:40:18.0515 4088 Number of processors: 2
2011/09/10 16:40:18.0515 4088 Page size: 0x1000
2011/09/10 16:40:18.0515 4088 Boot type: Normal boot
2011/09/10 16:40:18.0515 4088 ================================================================================
2011/09/10 16:40:18.0796 4088 Initialize success
2011/09/10 16:40:55.0859 1296 ================================================================================
2011/09/10 16:40:55.0859 1296 Scan started
2011/09/10 16:40:55.0859 1296 Mode: Manual;
2011/09/10 16:40:55.0859 1296 ================================================================================
2011/09/10 16:40:56.0203 1296 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/10 16:40:56.0234 1296 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/10 16:40:56.0328 1296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/10 16:40:56.0406 1296 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/10 16:40:56.0531 1296 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/10 16:40:56.0828 1296 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/10 16:40:56.0984 1296 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/09/10 16:40:57.0546 1296 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/10 16:40:57.0671 1296 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/10 16:40:57.0718 1296 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/10 16:40:57.0781 1296 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/10 16:40:57.0828 1296 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/10 16:40:57.0890 1296 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/10 16:40:57.0906 1296 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/10 16:40:57.0984 1296 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/10 16:40:58.0015 1296 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/10 16:40:58.0062 1296 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/10 16:40:58.0093 1296 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/10 16:40:58.0125 1296 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/10 16:40:58.0156 1296 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/10 16:40:58.0203 1296 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/10 16:40:58.0265 1296 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/10 16:40:58.0328 1296 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/10 16:40:58.0343 1296 Suspicious service (NoAccess): bpborw
2011/09/10 16:40:58.0390 1296 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/10 16:40:58.0437 1296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/10 16:40:58.0484 1296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/10 16:40:58.0515 1296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/10 16:40:58.0546 1296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/10 16:40:58.0625 1296 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/10 16:40:58.0656 1296 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/10 16:40:58.0781 1296 Suspicious service (NoAccess): cpzdodboj
2011/09/10 16:40:58.0859 1296 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/10 16:40:58.0921 1296 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/10 16:40:59.0000 1296 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/10 16:40:59.0046 1296 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/10 16:40:59.0093 1296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/10 16:40:59.0156 1296 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/10 16:40:59.0171 1296 Suspicious service (NoAccess): dwaahsqlr
2011/09/10 16:40:59.0218 1296 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2011/09/10 16:40:59.0218 1296 Suspicious file (Forged): C:\WINDOWS\system32\drivers\es1969.sys. Real md5: b9f03760af557348e17a5bb5ffeb73c0, Fake md5: b5d78bc756e8dec20a1cc438dfffb88e
2011/09/10 16:40:59.0218 1296 es1969 - detected ForgedFile.Multi.Generic (1)
2011/09/10 16:40:59.0281 1296 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/10 16:40:59.0328 1296 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/10 16:40:59.0359 1296 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/10 16:40:59.0406 1296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/10 16:40:59.0437 1296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/10 16:40:59.0500 1296 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/10 16:40:59.0515 1296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/10 16:40:59.0531 1296 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/10 16:40:59.0578 1296 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/10 16:40:59.0609 1296 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/10 16:40:59.0609 1296 Suspicious service (NoAccess): gunvlhj
2011/09/10 16:40:59.0656 1296 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/10 16:40:59.0718 1296 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/10 16:40:59.0734 1296 Suspicious service (NoAccess): hrmrmnkuc
2011/09/10 16:40:59.0765 1296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/10 16:40:59.0828 1296 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/09/10 16:40:59.0890 1296 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/09/10 16:40:59.0968 1296 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/10 16:41:00.0187 1296 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/10 16:41:00.0390 1296 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/10 16:41:00.0406 1296 Suspicious service (NoAccess): idpoxub
2011/09/10 16:41:00.0468 1296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/10 16:41:00.0734 1296 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/10 16:41:00.0953 1296 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/10 16:41:01.0000 1296 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/10 16:41:01.0046 1296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/10 16:41:01.0078 1296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/10 16:41:01.0125 1296 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/10 16:41:01.0203 1296 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/10 16:41:01.0250 1296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/10 16:41:01.0296 1296 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/10 16:41:01.0312 1296 Suspicious service (NoAccess): jtkmnzuh
2011/09/10 16:41:01.0328 1296 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/10 16:41:01.0359 1296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/10 16:41:01.0406 1296 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/10 16:41:01.0453 1296 Suspicious service (NoAccess): lundedax
2011/09/10 16:41:01.0500 1296 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/09/10 16:41:01.0546 1296 MA8630C (f2aaa3dc599dda3819aa47daf07a393b) C:\WINDOWS\system32\DRIVERS\MA8630C.sys
2011/09/10 16:41:01.0593 1296 MA8630M (a6d160b8485a2b77a25fde1f43edf8fa) C:\WINDOWS\system32\DRIVERS\MA8630M.sys
2011/09/10 16:41:01.0640 1296 MA8630U (a144be1eac6daf909d65a1af71383aa8) C:\WINDOWS\system32\DRIVERS\MA8630U.sys
2011/09/10 16:41:01.0687 1296 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/09/10 16:41:01.0734 1296 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/09/10 16:41:01.0812 1296 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/10 16:41:01.0875 1296 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/10 16:41:01.0921 1296 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/10 16:41:02.0015 1296 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/10 16:41:02.0109 1296 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/10 16:41:02.0140 1296 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/10 16:41:02.0187 1296 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/10 16:41:02.0281 1296 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/10 16:41:02.0328 1296 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/10 16:41:02.0375 1296 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/10 16:41:02.0421 1296 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/10 16:41:02.0468 1296 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/10 16:41:02.0515 1296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/10 16:41:02.0531 1296 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/10 16:41:02.0578 1296 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/10 16:41:02.0609 1296 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/10 16:41:02.0656 1296 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/10 16:41:02.0718 1296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/10 16:41:02.0781 1296 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/10 16:41:02.0828 1296 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/10 16:41:02.0875 1296 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/10 16:41:02.0890 1296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/10 16:41:02.0953 1296 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/10 16:41:02.0984 1296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/10 16:41:03.0015 1296 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/10 16:41:03.0078 1296 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/10 16:41:03.0109 1296 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/10 16:41:03.0156 1296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/10 16:41:03.0203 1296 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/10 16:41:03.0234 1296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/10 16:41:03.0250 1296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/10 16:41:03.0296 1296 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/09/10 16:41:03.0312 1296 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/09/10 16:41:03.0343 1296 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/10 16:41:03.0359 1296 Suspicious service (NoAccess): onmwycvyn
2011/09/10 16:41:03.0390 1296 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/10 16:41:03.0421 1296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/10 16:41:03.0453 1296 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/10 16:41:03.0500 1296 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/10 16:41:03.0531 1296 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/10 16:41:03.0562 1296 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/10 16:41:03.0765 1296 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/09/10 16:41:03.0828 1296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/10 16:41:03.0859 1296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/10 16:41:03.0875 1296 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/10 16:41:03.0890 1296 Suspicious service (NoAccess): putqiamb
2011/09/10 16:41:03.0921 1296 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/10 16:41:04.0062 1296 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/10 16:41:04.0093 1296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/10 16:41:04.0125 1296 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/10 16:41:04.0140 1296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/10 16:41:04.0171 1296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/10 16:41:04.0218 1296 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/10 16:41:04.0265 1296 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/10 16:41:04.0343 1296 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/10 16:41:04.0421 1296 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/10 16:41:04.0500 1296 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/10 16:41:04.0546 1296 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/10 16:41:04.0609 1296 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/10 16:41:04.0656 1296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/10 16:41:04.0703 1296 Suspicious service (NoAccess): skwhjz
2011/09/10 16:41:04.0734 1296 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/10 16:41:04.0781 1296 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/10 16:41:04.0843 1296 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/10 16:41:04.0875 1296 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/10 16:41:04.0953 1296 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/10 16:41:04.0968 1296 Suspicious service (NoAccess): stbonseb
2011/09/10 16:41:04.0984 1296 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/10 16:41:05.0015 1296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/10 16:41:05.0046 1296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/10 16:41:05.0171 1296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/10 16:41:05.0218 1296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/10 16:41:05.0250 1296 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/10 16:41:05.0281 1296 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/10 16:41:05.0312 1296 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/10 16:41:05.0421 1296 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/10 16:41:05.0500 1296 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/10 16:41:05.0562 1296 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/09/10 16:41:05.0609 1296 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/09/10 16:41:05.0656 1296 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/10 16:41:05.0703 1296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/10 16:41:05.0765 1296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/10 16:41:05.0796 1296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/10 16:41:05.0859 1296 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/10 16:41:05.0921 1296 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/10 16:41:05.0953 1296 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/10 16:41:06.0000 1296 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/10 16:41:06.0015 1296 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/10 16:41:06.0031 1296 Suspicious service (NoAccess): vagsyfx
2011/09/10 16:41:06.0062 1296 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/10 16:41:06.0125 1296 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/10 16:41:06.0203 1296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/10 16:41:06.0265 1296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/10 16:41:06.0359 1296 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/10 16:41:06.0421 1296 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/10 16:41:06.0437 1296 Suspicious service (NoAccess): xysqt
2011/09/10 16:41:06.0453 1296 Suspicious service (NoAccess): zhdmdpea
2011/09/10 16:41:06.0453 1296 Suspicious service (NoAccess): zobfk
2011/09/10 16:41:06.0484 1296 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
2011/09/10 16:41:06.0640 1296 Boot (0x1200) (bd895713ecd542d456dcb1953a1aa7e3) \Device\Harddisk0\DR0\Partition0
2011/09/10 16:41:06.0640 1296 ================================================================================
2011/09/10 16:41:06.0640 1296 Scan finished
2011/09/10 16:41:06.0640 1296 ================================================================================
2011/09/10 16:41:06.0671 2300 Detected object count: 1
2011/09/10 16:41:06.0671 2300 Actual detected object count: 1
2011/09/10 16:41:24.0171 2300 ForgedFile.Multi.Generic(es1969) - User
select action: Skip
merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
11 sept. 2011 à 11:41
11 sept. 2011 à 11:41
Re,
Tu peux refaire TDSSkiller en faisant "Cure" et non "Skip" ?
Poste le rapport :)
Merci,
Gabriel.
Tu peux refaire TDSSkiller en faisant "Cure" et non "Skip" ?
Poste le rapport :)
Merci,
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
11 sept. 2011 à 17:02
11 sept. 2011 à 17:02
bonjour,
il n'y a pas "cure". Je fais "delete" ou "copy to quarantine" ?
merci
il n'y a pas "cure". Je fais "delete" ou "copy to quarantine" ?
merci
2011N2
Messages postés
13352
Date d'inscription
samedi 29 janvier 2011
Statut
Contributeur sécurité
Dernière intervention
24 décembre 2016
917
11 sept. 2011 à 20:20
11 sept. 2011 à 20:20
Delete :)
@+
Gabriel.
@+
Gabriel.
alicemissmeat
Messages postés
21
Date d'inscription
mardi 9 août 2011
Statut
Membre
Dernière intervention
19 septembre 2011
19 sept. 2011 à 13:01
19 sept. 2011 à 13:01
bonjour,
désolé encore une fois de répondre aussi lentement, voila le rapport de TDSSkiller :
2011/09/19 12:52:42.0968 3548 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/19 12:52:43.0093 3548 ================================================================================
2011/09/19 12:52:43.0093 3548 SystemInfo:
2011/09/19 12:52:43.0093 3548
2011/09/19 12:52:43.0093 3548 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/19 12:52:43.0093 3548 Product type: Workstation
2011/09/19 12:52:43.0093 3548 ComputerName: USER-09D5B1B0BD
2011/09/19 12:52:43.0093 3548 UserName: ali
2011/09/19 12:52:43.0093 3548 Windows directory: C:\WINDOWS
2011/09/19 12:52:43.0093 3548 System windows directory: C:\WINDOWS
2011/09/19 12:52:43.0093 3548 Processor architecture: Intel x86
2011/09/19 12:52:43.0093 3548 Number of processors: 2
2011/09/19 12:52:43.0093 3548 Page size: 0x1000
2011/09/19 12:52:43.0093 3548 Boot type: Normal boot
2011/09/19 12:52:43.0093 3548 ================================================================================
2011/09/19 12:52:43.0421 3548 Initialize success
2011/09/19 12:52:54.0437 2960 ================================================================================
2011/09/19 12:52:54.0437 2960 Scan started
2011/09/19 12:52:54.0437 2960 Mode: Manual;
2011/09/19 12:52:54.0437 2960 ================================================================================
2011/09/19 12:52:54.0921 2960 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/19 12:52:54.0953 2960 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/19 12:52:55.0046 2960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/19 12:52:55.0093 2960 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/19 12:52:55.0187 2960 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/19 12:52:55.0421 2960 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/19 12:52:55.0578 2960 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/09/19 12:52:55.0656 2960 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/19 12:52:55.0781 2960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/19 12:52:55.0828 2960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/19 12:52:55.0890 2960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/19 12:52:55.0953 2960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/19 12:52:56.0015 2960 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/19 12:52:56.0015 2960 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/19 12:52:56.0093 2960 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/19 12:52:56.0109 2960 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/19 12:52:56.0140 2960 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/19 12:52:56.0187 2960 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/19 12:52:56.0218 2960 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/19 12:52:56.0234 2960 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/19 12:52:56.0281 2960 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/19 12:52:56.0343 2960 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/19 12:52:56.0390 2960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/19 12:52:56.0421 2960 Suspicious service (NoAccess): bpborw
2011/09/19 12:52:56.0453 2960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/19 12:52:56.0500 2960 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/19 12:52:56.0546 2960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/19 12:52:56.0609 2960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/19 12:52:56.0656 2960 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/19 12:52:56.0734 2960 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/19 12:52:56.0781 2960 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/19 12:52:56.0937 2960 Suspicious service (NoAccess): cpzdodboj
2011/09/19 12:52:57.0000 2960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/19 12:52:57.0078 2960 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/19 12:52:57.0171 2960 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/19 12:52:57.0250 2960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/19 12:52:57.0296 2960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/19 12:52:57.0359 2960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/19 12:52:57.0359 2960 Suspicious service (NoAccess): dwaahsqlr
2011/09/19 12:52:57.0406 2960 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2011/09/19 12:52:57.0421 2960 Suspicious file (Forged): C:\WINDOWS\system32\drivers\es1969.sys. Real md5: b9f03760af557348e17a5bb5ffeb73c0, Fake md5: b5d78bc756e8dec20a1cc438dfffb88e
2011/09/19 12:52:57.0421 2960 es1969 - detected ForgedFile.Multi.Generic (1)
2011/09/19 12:52:57.0484 2960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/19 12:52:57.0515 2960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/19 12:52:57.0546 2960 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/19 12:52:57.0578 2960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/19 12:52:57.0609 2960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/19 12:52:57.0671 2960 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/19 12:52:57.0687 2960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/19 12:52:57.0718 2960 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/19 12:52:57.0765 2960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/19 12:52:57.0796 2960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/19 12:52:57.0812 2960 Suspicious service (NoAccess): gunvlhj
2011/09/19 12:52:57.0843 2960 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/19 12:52:57.0937 2960 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/19 12:52:57.0953 2960 Suspicious service (NoAccess): hrmrmnkuc
2011/09/19 12:52:58.0031 2960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/19 12:52:58.0093 2960 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/09/19 12:52:58.0171 2960 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/09/19 12:52:58.0234 2960 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/19 12:52:58.0437 2960 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/19 12:52:58.0656 2960 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/19 12:52:58.0656 2960 Suspicious service (NoAccess): idpoxub
2011/09/19 12:52:58.0718 2960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/19 12:52:58.0968 2960 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/19 12:52:59.0078 2960 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/19 12:52:59.0125 2960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/19 12:52:59.0171 2960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/19 12:52:59.0203 2960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/19 12:52:59.0234 2960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/19 12:52:59.0296 2960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/19 12:52:59.0343 2960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/19 12:52:59.0406 2960 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/19 12:52:59.0421 2960 Suspicious service (NoAccess): jtkmnzuh
2011/09/19 12:52:59.0453 2960 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/19 12:52:59.0484 2960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/19 12:52:59.0515 2960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/19 12:52:59.0578 2960 Suspicious service (NoAccess): lundedax
2011/09/19 12:52:59.0609 2960 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/09/19 12:52:59.0671 2960 MA8630C (f2aaa3dc599dda3819aa47daf07a393b) C:\WINDOWS\system32\DRIVERS\MA8630C.sys
2011/09/19 12:52:59.0718 2960 MA8630M (a6d160b8485a2b77a25fde1f43edf8fa) C:\WINDOWS\system32\DRIVERS\MA8630M.sys
2011/09/19 12:52:59.0750 2960 MA8630U (a144be1eac6daf909d65a1af71383aa8) C:\WINDOWS\system32\DRIVERS\MA8630U.sys
2011/09/19 12:52:59.0796 2960 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/09/19 12:52:59.0843 2960 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/09/19 12:52:59.0890 2960 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/19 12:52:59.0953 2960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/19 12:53:00.0015 2960 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/19 12:53:00.0109 2960 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/19 12:53:00.0203 2960 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/19 12:53:00.0250 2960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/19 12:53:00.0296 2960 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/19 12:53:00.0375 2960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/19 12:53:00.0421 2960 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/19 12:53:00.0484 2960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/19 12:53:00.0531 2960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/19 12:53:00.0578 2960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/19 12:53:00.0625 2960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/19 12:53:00.0671 2960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/19 12:53:00.0718 2960 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/19 12:53:00.0750 2960 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/19 12:53:00.0781 2960 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/19 12:53:00.0843 2960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/19 12:53:00.0921 2960 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/19 12:53:00.0968 2960 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/19 12:53:01.0000 2960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/19 12:53:01.0015 2960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/19 12:53:01.0078 2960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/19 12:53:01.0093 2960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/19 12:53:01.0140 2960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/19 12:53:01.0187 2960 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/19 12:53:01.0218 2960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/19 12:53:01.0265 2960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/19 12:53:01.0312 2960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/19 12:53:01.0343 2960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/19 12:53:01.0359 2960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/19 12:53:01.0406 2960 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/09/19 12:53:01.0421 2960 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/09/19 12:53:01.0453 2960 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/19 12:53:01.0468 2960 Suspicious service (NoAccess): onmwycvyn
2011/09/19 12:53:01.0500 2960 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/19 12:53:01.0531 2960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/19 12:53:01.0578 2960 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/19 12:53:01.0609 2960 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/19 12:53:01.0640 2960 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/19 12:53:01.0671 2960 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/19 12:53:01.0859 2960 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/09/19 12:53:01.0921 2960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/19 12:53:01.0953 2960 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/19 12:53:01.0968 2960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/19 12:53:01.0984 2960 Suspicious service (NoAccess): putqiamb
2011/09/19 12:53:02.0015 2960 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/19 12:53:02.0140 2960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/19 12:53:02.0171 2960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/19 12:53:02.0187 2960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/19 12:53:02.0203 2960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/19 12:53:02.0234 2960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/19 12:53:02.0265 2960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/19 12:53:02.0328 2960 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/19 12:53:02.0375 2960 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/19 12:53:02.0453 2960 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/19 12:53:02.0515 2960 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/19 12:53:02.0562 2960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/19 12:53:02.0625 2960 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/19 12:53:02.0671 2960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/19 12:53:02.0703 2960 Suspicious service (NoAccess): skwhjz
2011/09/19 12:53:02.0750 2960 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/19 12:53:02.0796 2960 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/19 12:53:02.0843 2960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/19 12:53:02.0890 2960 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/19 12:53:02.0968 2960 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/19 12:53:02.0984 2960 Suspicious service (NoAccess): stbonseb
2011/09/19 12:53:03.0000 2960 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/19 12:53:03.0046 2960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/19 12:53:03.0062 2960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/19 12:53:03.0171 2960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/19 12:53:03.0234 2960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/19 12:53:03.0265 2960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/19 12:53:03.0296 2960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/19 12:53:03.0343 2960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/19 12:53:03.0437 2960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/19 12:53:03.0515 2960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/19 12:53:03.0578 2960 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/09/19 12:53:03.0625 2960 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/09/19 12:53:03.0656 2960 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/19 12:53:03.0703 2960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/19 12:53:03.0781 2960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/19 12:53:03.0796 2960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/19 12:53:03.0843 2960 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/19 12:53:03.0906 2960 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/19 12:53:03.0937 2960 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/19 12:53:04.0000 2960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/19 12:53:04.0015 2960 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/19 12:53:04.0031 2960 Suspicious service (NoAccess): vagsyfx
2011/09/19 12:53:04.0078 2960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/19 12:53:04.0156 2960 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/19 12:53:04.0218 2960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/19 12:53:04.0281 2960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/19 12:53:04.0375 2960 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/19 12:53:04.0437 2960 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/19 12:53:04.0468 2960 Suspicious service (NoAccess): xysqt
2011/09/19 12:53:04.0468 2960 Suspicious service (NoAccess): zhdmdpea
2011/09/19 12:53:04.0468 2960 Suspicious service (NoAccess): zobfk
2011/09/19 12:53:04.0515 2960 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
2011/09/19 12:53:04.0687 2960 Boot (0x1200) (bd895713ecd542d456dcb1953a1aa7e3) \Device\Harddisk0\DR0\Partition0
2011/09/19 12:53:04.0687 2960 ================================================================================
2011/09/19 12:53:04.0687 2960 Scan finished
2011/09/19 12:53:04.0687 2960 ================================================================================
2011/09/19 12:53:04.0703 2880 Detected object count: 1
2011/09/19 12:53:04.0703 2880 Actual detected object count: 1
2011/09/19 12:53:12.0281 2880 HKLM\SYSTEM\ControlSet001\services\es1969 - will be deleted after reboot
2011/09/19 12:53:12.0281 2880 HKLM\SYSTEM\ControlSet003\services\es1969 - will be deleted after reboot
2011/09/19 12:53:12.0281 2880 C:\WINDOWS\system32\drivers\es1969.sys - will be deleted after reboot
2011/09/19 12:53:12.0281 2880 ForgedFile.Multi.Generic(es1969) - User select action: Delete
2011/09/19 12:53:17.0734 1672 Deinitialize success
merci
désolé encore une fois de répondre aussi lentement, voila le rapport de TDSSkiller :
2011/09/19 12:52:42.0968 3548 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/19 12:52:43.0093 3548 ================================================================================
2011/09/19 12:52:43.0093 3548 SystemInfo:
2011/09/19 12:52:43.0093 3548
2011/09/19 12:52:43.0093 3548 OS Version: 5.1.2600 ServicePack: 3.0
2011/09/19 12:52:43.0093 3548 Product type: Workstation
2011/09/19 12:52:43.0093 3548 ComputerName: USER-09D5B1B0BD
2011/09/19 12:52:43.0093 3548 UserName: ali
2011/09/19 12:52:43.0093 3548 Windows directory: C:\WINDOWS
2011/09/19 12:52:43.0093 3548 System windows directory: C:\WINDOWS
2011/09/19 12:52:43.0093 3548 Processor architecture: Intel x86
2011/09/19 12:52:43.0093 3548 Number of processors: 2
2011/09/19 12:52:43.0093 3548 Page size: 0x1000
2011/09/19 12:52:43.0093 3548 Boot type: Normal boot
2011/09/19 12:52:43.0093 3548 ================================================================================
2011/09/19 12:52:43.0421 3548 Initialize success
2011/09/19 12:52:54.0437 2960 ================================================================================
2011/09/19 12:52:54.0437 2960 Scan started
2011/09/19 12:52:54.0437 2960 Mode: Manual;
2011/09/19 12:52:54.0437 2960 ================================================================================
2011/09/19 12:52:54.0921 2960 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/09/19 12:52:54.0953 2960 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/09/19 12:52:55.0046 2960 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/09/19 12:52:55.0093 2960 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/09/19 12:52:55.0187 2960 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/09/19 12:52:55.0421 2960 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/09/19 12:52:55.0578 2960 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/09/19 12:52:55.0656 2960 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/09/19 12:52:55.0781 2960 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/09/19 12:52:55.0828 2960 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/09/19 12:52:55.0890 2960 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/09/19 12:52:55.0953 2960 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/09/19 12:52:56.0015 2960 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/19 12:52:56.0015 2960 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/09/19 12:52:56.0093 2960 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/19 12:52:56.0109 2960 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/09/19 12:52:56.0140 2960 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/19 12:52:56.0187 2960 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/09/19 12:52:56.0218 2960 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/09/19 12:52:56.0234 2960 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/09/19 12:52:56.0281 2960 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/09/19 12:52:56.0343 2960 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/09/19 12:52:56.0390 2960 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/09/19 12:52:56.0421 2960 Suspicious service (NoAccess): bpborw
2011/09/19 12:52:56.0453 2960 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/09/19 12:52:56.0500 2960 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/09/19 12:52:56.0546 2960 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/09/19 12:52:56.0609 2960 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/09/19 12:52:56.0656 2960 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/09/19 12:52:56.0734 2960 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/09/19 12:52:56.0781 2960 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/09/19 12:52:56.0937 2960 Suspicious service (NoAccess): cpzdodboj
2011/09/19 12:52:57.0000 2960 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/09/19 12:52:57.0078 2960 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/09/19 12:52:57.0171 2960 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/09/19 12:52:57.0250 2960 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/09/19 12:52:57.0296 2960 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/09/19 12:52:57.0359 2960 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/09/19 12:52:57.0359 2960 Suspicious service (NoAccess): dwaahsqlr
2011/09/19 12:52:57.0406 2960 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2011/09/19 12:52:57.0421 2960 Suspicious file (Forged): C:\WINDOWS\system32\drivers\es1969.sys. Real md5: b9f03760af557348e17a5bb5ffeb73c0, Fake md5: b5d78bc756e8dec20a1cc438dfffb88e
2011/09/19 12:52:57.0421 2960 es1969 - detected ForgedFile.Multi.Generic (1)
2011/09/19 12:52:57.0484 2960 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/09/19 12:52:57.0515 2960 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/09/19 12:52:57.0546 2960 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/09/19 12:52:57.0578 2960 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/09/19 12:52:57.0609 2960 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/09/19 12:52:57.0671 2960 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/09/19 12:52:57.0687 2960 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/09/19 12:52:57.0718 2960 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/09/19 12:52:57.0765 2960 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/09/19 12:52:57.0796 2960 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/09/19 12:52:57.0812 2960 Suspicious service (NoAccess): gunvlhj
2011/09/19 12:52:57.0843 2960 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/09/19 12:52:57.0937 2960 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/09/19 12:52:57.0953 2960 Suspicious service (NoAccess): hrmrmnkuc
2011/09/19 12:52:58.0031 2960 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/09/19 12:52:58.0093 2960 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/09/19 12:52:58.0171 2960 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/09/19 12:52:58.0234 2960 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/09/19 12:52:58.0437 2960 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/09/19 12:52:58.0656 2960 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/09/19 12:52:58.0656 2960 Suspicious service (NoAccess): idpoxub
2011/09/19 12:52:58.0718 2960 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/09/19 12:52:58.0968 2960 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/09/19 12:52:59.0078 2960 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/09/19 12:52:59.0125 2960 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/09/19 12:52:59.0171 2960 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/09/19 12:52:59.0203 2960 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/09/19 12:52:59.0234 2960 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/09/19 12:52:59.0296 2960 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/09/19 12:52:59.0343 2960 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/09/19 12:52:59.0406 2960 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/09/19 12:52:59.0421 2960 Suspicious service (NoAccess): jtkmnzuh
2011/09/19 12:52:59.0453 2960 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/09/19 12:52:59.0484 2960 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/09/19 12:52:59.0515 2960 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/09/19 12:52:59.0578 2960 Suspicious service (NoAccess): lundedax
2011/09/19 12:52:59.0609 2960 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/09/19 12:52:59.0671 2960 MA8630C (f2aaa3dc599dda3819aa47daf07a393b) C:\WINDOWS\system32\DRIVERS\MA8630C.sys
2011/09/19 12:52:59.0718 2960 MA8630M (a6d160b8485a2b77a25fde1f43edf8fa) C:\WINDOWS\system32\DRIVERS\MA8630M.sys
2011/09/19 12:52:59.0750 2960 MA8630U (a144be1eac6daf909d65a1af71383aa8) C:\WINDOWS\system32\DRIVERS\MA8630U.sys
2011/09/19 12:52:59.0796 2960 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/09/19 12:52:59.0843 2960 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/09/19 12:52:59.0890 2960 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/09/19 12:52:59.0953 2960 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/09/19 12:53:00.0015 2960 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/09/19 12:53:00.0109 2960 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/09/19 12:53:00.0203 2960 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/09/19 12:53:00.0250 2960 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/09/19 12:53:00.0296 2960 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/09/19 12:53:00.0375 2960 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/09/19 12:53:00.0421 2960 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/09/19 12:53:00.0484 2960 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/09/19 12:53:00.0531 2960 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/09/19 12:53:00.0578 2960 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/09/19 12:53:00.0625 2960 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/09/19 12:53:00.0671 2960 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/09/19 12:53:00.0718 2960 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/09/19 12:53:00.0750 2960 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/09/19 12:53:00.0781 2960 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/09/19 12:53:00.0843 2960 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/09/19 12:53:00.0921 2960 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/09/19 12:53:00.0968 2960 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/09/19 12:53:01.0000 2960 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/09/19 12:53:01.0015 2960 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/09/19 12:53:01.0078 2960 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/09/19 12:53:01.0093 2960 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/09/19 12:53:01.0140 2960 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/09/19 12:53:01.0187 2960 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/09/19 12:53:01.0218 2960 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/09/19 12:53:01.0265 2960 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/09/19 12:53:01.0312 2960 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/09/19 12:53:01.0343 2960 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/09/19 12:53:01.0359 2960 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/09/19 12:53:01.0406 2960 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/09/19 12:53:01.0421 2960 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/09/19 12:53:01.0453 2960 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/09/19 12:53:01.0468 2960 Suspicious service (NoAccess): onmwycvyn
2011/09/19 12:53:01.0500 2960 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/09/19 12:53:01.0531 2960 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/09/19 12:53:01.0578 2960 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/09/19 12:53:01.0609 2960 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/09/19 12:53:01.0640 2960 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/09/19 12:53:01.0671 2960 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/09/19 12:53:01.0859 2960 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/09/19 12:53:01.0921 2960 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/09/19 12:53:01.0953 2960 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/09/19 12:53:01.0968 2960 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/09/19 12:53:01.0984 2960 Suspicious service (NoAccess): putqiamb
2011/09/19 12:53:02.0015 2960 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/09/19 12:53:02.0140 2960 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/09/19 12:53:02.0171 2960 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/09/19 12:53:02.0187 2960 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/09/19 12:53:02.0203 2960 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/09/19 12:53:02.0234 2960 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/09/19 12:53:02.0265 2960 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/09/19 12:53:02.0328 2960 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/09/19 12:53:02.0375 2960 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/09/19 12:53:02.0453 2960 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/09/19 12:53:02.0515 2960 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/09/19 12:53:02.0562 2960 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/09/19 12:53:02.0625 2960 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/09/19 12:53:02.0671 2960 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/09/19 12:53:02.0703 2960 Suspicious service (NoAccess): skwhjz
2011/09/19 12:53:02.0750 2960 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/09/19 12:53:02.0796 2960 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/09/19 12:53:02.0843 2960 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/09/19 12:53:02.0890 2960 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/09/19 12:53:02.0968 2960 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/09/19 12:53:02.0984 2960 Suspicious service (NoAccess): stbonseb
2011/09/19 12:53:03.0000 2960 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/09/19 12:53:03.0046 2960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/09/19 12:53:03.0062 2960 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/09/19 12:53:03.0171 2960 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/09/19 12:53:03.0234 2960 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/09/19 12:53:03.0265 2960 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/09/19 12:53:03.0296 2960 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/09/19 12:53:03.0343 2960 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/09/19 12:53:03.0437 2960 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/09/19 12:53:03.0515 2960 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/09/19 12:53:03.0578 2960 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/09/19 12:53:03.0625 2960 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/09/19 12:53:03.0656 2960 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/09/19 12:53:03.0703 2960 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/09/19 12:53:03.0781 2960 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/09/19 12:53:03.0796 2960 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/09/19 12:53:03.0843 2960 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/09/19 12:53:03.0906 2960 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/09/19 12:53:03.0937 2960 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/09/19 12:53:04.0000 2960 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/09/19 12:53:04.0015 2960 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/09/19 12:53:04.0031 2960 Suspicious service (NoAccess): vagsyfx
2011/09/19 12:53:04.0078 2960 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/09/19 12:53:04.0156 2960 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/09/19 12:53:04.0218 2960 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/09/19 12:53:04.0281 2960 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/09/19 12:53:04.0375 2960 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/09/19 12:53:04.0437 2960 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/09/19 12:53:04.0468 2960 Suspicious service (NoAccess): xysqt
2011/09/19 12:53:04.0468 2960 Suspicious service (NoAccess): zhdmdpea
2011/09/19 12:53:04.0468 2960 Suspicious service (NoAccess): zobfk
2011/09/19 12:53:04.0515 2960 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
2011/09/19 12:53:04.0687 2960 Boot (0x1200) (bd895713ecd542d456dcb1953a1aa7e3) \Device\Harddisk0\DR0\Partition0
2011/09/19 12:53:04.0687 2960 ================================================================================
2011/09/19 12:53:04.0687 2960 Scan finished
2011/09/19 12:53:04.0687 2960 ================================================================================
2011/09/19 12:53:04.0703 2880 Detected object count: 1
2011/09/19 12:53:04.0703 2880 Actual detected object count: 1
2011/09/19 12:53:12.0281 2880 HKLM\SYSTEM\ControlSet001\services\es1969 - will be deleted after reboot
2011/09/19 12:53:12.0281 2880 HKLM\SYSTEM\ControlSet003\services\es1969 - will be deleted after reboot
2011/09/19 12:53:12.0281 2880 C:\WINDOWS\system32\drivers\es1969.sys - will be deleted after reboot
2011/09/19 12:53:12.0281 2880 ForgedFile.Multi.Generic(es1969) - User select action: Delete
2011/09/19 12:53:17.0734 1672 Deinitialize success
merci