Sujet Précédent Sujet Suivant

Fameux virus "redirection Google"

Résolu/Fermé
Pelisse56 - 3 mars 2012 à 14:43
 Pelisse56 - 3 mars 2012 à 21:46
Bonjour,

Comme beaucoup, j'ai sur mon ordinateur un virus qui redirige huit fois sur dix mes résultats de recherche Google vers d'autres sites. Je faisais avec, mais là, ça commence à être plus qu'agaçant.
Après avoir parcouru les différents topics sur le sujet, j'ai compris qu'il n'était pas forcément conseillé de faire des manips tout seul pour tenter de l'éradiquer. Donc, si quelqu'un peut m'aider, je suis preneuse.
Merci d'avance.

A voir également:

7 réponses

Réponse 1 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
3 mars 2012 à 14:44
Salut,

Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Supprime bien ce qui est détecté : bouton supprimer sélection.



puis :

Passe un coup de TDSSKiller : https://forum.malekal.com/viewtopic.php?t=28637&start=
Lire ce qui est écrit au niveau des suppressions/réparation (delete et cure), ne pas supprimer n'importe quoi.
Poste le rapport ici.

puis :

Passe un coup d'aswmbr : https://forum.malekal.com/viewtopic.php?t=31619&start=
Télécharge le et mets le sur ton bureau.
Accepte l'installation des définitions virales d'Avast! et fais un scan.
Quand c'est terminé, fais save logs, ouvre le rapport et poste le ici.
Poste le rapport ici.

0
Réponse 2 / 7
Pelisse56
3 mars 2012 à 16:01
Voici les différents rapports :


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18999
Philoü :: PC-DE-PHILOÜ [administrateur]

03/03/2012 14:48:41
mbam-log-2012-03-03 (14-48-41).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 196419
Temps écoulé: 7 minute(s), 5 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 1
C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\KB470759927.exe (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

(fin)


***


14:59:30.0196 5612 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
14:59:30.0505 5612 ============================================================
14:59:30.0505 5612 Current date / time: 2012/03/03 14:59:30.0505
14:59:30.0505 5612 SystemInfo:
14:59:30.0505 5612
14:59:30.0505 5612 OS Version: 6.0.6002 ServicePack: 2.0
14:59:30.0505 5612 Product type: Workstation
14:59:30.0505 5612 ComputerName: PC-DE-PHILOÜ
14:59:30.0505 5612 UserName: Philoü
14:59:30.0505 5612 Windows directory: C:\Windows
14:59:30.0505 5612 System windows directory: C:\Windows
14:59:30.0505 5612 Processor architecture: Intel x86
14:59:30.0506 5612 Number of processors: 4
14:59:30.0506 5612 Page size: 0x1000
14:59:30.0506 5612 Boot type: Normal boot
14:59:30.0506 5612 ============================================================
14:59:30.0992 5612 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:59:31.0014 5612 \Device\Harddisk0\DR0:
14:59:31.0015 5612 MBR used
14:59:31.0015 5612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1385000, BlocksNum 0x1C83D800
14:59:31.0015 5612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1DBC57CE, BlocksNum 0x1C7BF473
14:59:31.0095 5612 Initialize success
14:59:31.0095 5612 ============================================================
14:59:37.0161 5940 ============================================================
14:59:37.0161 5940 Scan started
14:59:37.0161 5940 Mode: Manual;
14:59:37.0161 5940 ============================================================
14:59:37.0986 5940 acedrv11 (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
14:59:38.0000 5940 acedrv11 - ok
14:59:38.0202 5940 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:59:38.0206 5940 ACPI - ok
14:59:38.0316 5940 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:59:38.0322 5940 adp94xx - ok
14:59:38.0368 5940 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:59:38.0373 5940 adpahci - ok
14:59:38.0447 5940 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:59:38.0449 5940 adpu160m - ok
14:59:38.0498 5940 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:59:38.0501 5940 adpu320 - ok
14:59:38.0593 5940 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
14:59:38.0597 5940 AFD - ok
14:59:38.0647 5940 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
14:59:38.0648 5940 agp440 - ok
14:59:38.0696 5940 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:59:38.0697 5940 aic78xx - ok
14:59:38.0722 5940 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
14:59:38.0723 5940 aliide - ok
14:59:38.0793 5940 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
14:59:38.0795 5940 amdagp - ok
14:59:38.0810 5940 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
14:59:38.0811 5940 amdide - ok
14:59:38.0877 5940 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:59:38.0878 5940 AmdK7 - ok
14:59:38.0901 5940 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
14:59:38.0903 5940 AmdK8 - ok
14:59:39.0175 5940 amdkmdag (03ac6735672f15ceaab502e4349286e0) C:\Windows\system32\DRIVERS\atikmdag.sys
14:59:39.0367 5940 amdkmdag - ok
14:59:39.0454 5940 amdkmdap (f566c90e4bbe387e905130b6e490dccd) C:\Windows\system32\DRIVERS\atikmpag.sys
14:59:39.0458 5940 amdkmdap - ok
14:59:39.0536 5940 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:59:39.0537 5940 arc - ok
14:59:39.0558 5940 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:59:39.0560 5940 arcsas - ok
14:59:39.0597 5940 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:59:39.0598 5940 AsyncMac - ok
14:59:39.0627 5940 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:59:39.0628 5940 atapi - ok
14:59:39.0683 5940 AtiHDAudioService (f71b6ee018eadf4cfd52f3c83847e5f6) C:\Windows\system32\drivers\AtihdLH3.sys
14:59:39.0685 5940 AtiHDAudioService - ok
14:59:39.0718 5940 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
14:59:39.0722 5940 atksgt - ok
14:59:39.0764 5940 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:59:39.0764 5940 avgio - ok
14:59:39.0854 5940 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
14:59:39.0856 5940 avgntflt - ok
14:59:39.0889 5940 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
14:59:39.0892 5940 avipbb - ok
14:59:39.0920 5940 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:59:39.0921 5940 Beep - ok
14:59:39.0958 5940 blbdrive - ok
14:59:39.0998 5940 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
14:59:40.0000 5940 bowser - ok
14:59:40.0040 5940 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:59:40.0041 5940 BrFiltLo - ok
14:59:40.0062 5940 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:59:40.0063 5940 BrFiltUp - ok
14:59:40.0107 5940 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:59:40.0109 5940 Brserid - ok
14:59:40.0146 5940 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:59:40.0147 5940 BrSerWdm - ok
14:59:40.0169 5940 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:59:40.0170 5940 BrUsbMdm - ok
14:59:40.0187 5940 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:59:40.0195 5940 BrUsbSer - ok
14:59:40.0224 5940 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:59:40.0225 5940 BTHMODEM - ok
14:59:40.0265 5940 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:59:40.0268 5940 cdfs - ok
14:59:40.0304 5940 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:59:40.0306 5940 cdrom - ok
14:59:40.0343 5940 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:59:40.0344 5940 circlass - ok
14:59:40.0389 5940 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:59:40.0391 5940 CLFS - ok
14:59:40.0479 5940 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
14:59:40.0480 5940 cmdide - ok
14:59:40.0527 5940 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:59:40.0528 5940 Compbatt - ok
14:59:40.0550 5940 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:59:40.0551 5940 crcdisk - ok
14:59:40.0574 5940 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:59:40.0575 5940 Crusoe - ok
14:59:40.0642 5940 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
14:59:40.0644 5940 DfsC - ok
14:59:40.0696 5940 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:59:40.0698 5940 disk - ok
14:59:40.0753 5940 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:59:40.0754 5940 drmkaud - ok
14:59:40.0795 5940 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
14:59:40.0804 5940 DXGKrnl - ok
14:59:40.0852 5940 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:59:40.0854 5940 E1G60 - ok
14:59:40.0922 5940 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:59:40.0925 5940 Ecache - ok
14:59:40.0977 5940 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:59:40.0981 5940 elxstor - ok
14:59:41.0063 5940 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:59:41.0066 5940 exfat - ok
14:59:41.0093 5940 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:59:41.0095 5940 fastfat - ok
14:59:41.0122 5940 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
14:59:41.0123 5940 fdc - ok
14:59:41.0165 5940 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:59:41.0167 5940 FileInfo - ok
14:59:41.0194 5940 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:59:41.0195 5940 Filetrace - ok
14:59:41.0216 5940 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
14:59:41.0217 5940 flpydisk - ok
14:59:41.0255 5940 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:59:41.0259 5940 FltMgr - ok
14:59:41.0287 5940 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
14:59:41.0289 5940 fssfltr - ok
14:59:41.0326 5940 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:59:41.0328 5940 Fs_Rec - ok
14:59:41.0345 5940 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:59:41.0346 5940 gagp30kx - ok
14:59:41.0406 5940 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:59:41.0410 5940 HdAudAddService - ok
14:59:41.0455 5940 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:59:41.0461 5940 HDAudBus - ok
14:59:41.0487 5940 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:59:41.0488 5940 HidBth - ok
14:59:41.0506 5940 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:59:41.0508 5940 HidIr - ok
14:59:41.0550 5940 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:59:41.0551 5940 HidUsb - ok
14:59:41.0586 5940 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:59:41.0587 5940 HpCISSs - ok
14:59:41.0629 5940 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:59:41.0637 5940 HTTP - ok
14:59:41.0664 5940 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:59:41.0665 5940 i2omp - ok
14:59:41.0694 5940 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:59:41.0696 5940 i8042prt - ok
14:59:41.0724 5940 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:59:41.0729 5940 iaStorV - ok
14:59:41.0765 5940 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:59:41.0766 5940 iirsp - ok
14:59:41.0872 5940 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Acer\Empowering Technology\eRecovery\int15.sys
14:59:41.0873 5940 int15 - ok
14:59:41.0972 5940 IntcAzAudAddService (f6e17c275666a4402588a30e36565910) C:\Windows\system32\drivers\RTKVHDA.sys
14:59:42.0014 5940 IntcAzAudAddService - ok
14:59:42.0074 5940 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
14:59:42.0075 5940 intelide - ok
14:59:42.0104 5940 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:59:42.0105 5940 intelppm - ok
14:59:42.0142 5940 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:59:42.0143 5940 IpFilterDriver - ok
14:59:42.0156 5940 IpInIp - ok
14:59:42.0180 5940 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:59:42.0182 5940 IPMIDRV - ok
14:59:42.0215 5940 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:59:42.0218 5940 IPNAT - ok
14:59:42.0253 5940 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:59:42.0254 5940 IRENUM - ok
14:59:42.0287 5940 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
14:59:42.0288 5940 isapnp - ok
14:59:42.0323 5940 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:59:42.0325 5940 iScsiPrt - ok
14:59:42.0344 5940 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:59:42.0346 5940 iteatapi - ok
14:59:42.0373 5940 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:59:42.0374 5940 iteraid - ok
14:59:42.0410 5940 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:59:42.0411 5940 kbdclass - ok
14:59:42.0443 5940 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:59:42.0444 5940 kbdhid - ok
14:59:42.0494 5940 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:59:42.0502 5940 KSecDD - ok
14:59:42.0623 5940 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
14:59:42.0624 5940 Lavasoft Kernexplorer - ok
14:59:42.0730 5940 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
14:59:42.0731 5940 Lbd - ok
14:59:42.0775 5940 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
14:59:42.0776 5940 lirsgt - ok
14:59:42.0810 5940 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:59:42.0811 5940 lltdio - ok
14:59:42.0853 5940 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:59:42.0854 5940 LSI_FC - ok
14:59:42.0879 5940 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:59:42.0881 5940 LSI_SAS - ok
14:59:42.0903 5940 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:59:42.0905 5940 LSI_SCSI - ok
14:59:42.0943 5940 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:59:42.0945 5940 luafv - ok
14:59:42.0986 5940 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:59:42.0988 5940 megasas - ok
14:59:43.0049 5940 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:59:43.0064 5940 Modem - ok
14:59:43.0108 5940 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:59:43.0108 5940 monitor - ok
14:59:43.0138 5940 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:59:43.0139 5940 mouclass - ok
14:59:43.0168 5940 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
14:59:43.0169 5940 mouhid - ok
14:59:43.0200 5940 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:59:43.0202 5940 MountMgr - ok
14:59:43.0234 5940 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:59:43.0236 5940 mpio - ok
14:59:43.0266 5940 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:59:43.0268 5940 mpsdrv - ok
14:59:43.0298 5940 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:59:43.0299 5940 Mraid35x - ok
14:59:43.0336 5940 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:59:43.0338 5940 MRxDAV - ok
14:59:43.0385 5940 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:59:43.0387 5940 mrxsmb - ok
14:59:43.0417 5940 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:59:43.0422 5940 mrxsmb10 - ok
14:59:43.0442 5940 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:59:43.0445 5940 mrxsmb20 - ok
14:59:43.0470 5940 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
14:59:43.0471 5940 msahci - ok
14:59:43.0501 5940 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:59:43.0503 5940 msdsm - ok
14:59:43.0565 5940 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:59:43.0567 5940 Msfs - ok
14:59:43.0603 5940 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:59:43.0603 5940 msisadrv - ok
14:59:43.0640 5940 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:59:43.0641 5940 MSKSSRV - ok
14:59:43.0674 5940 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:59:43.0675 5940 MSPCLOCK - ok
14:59:43.0711 5940 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:59:43.0712 5940 MSPQM - ok
14:59:43.0746 5940 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:59:43.0749 5940 MsRPC - ok
14:59:43.0781 5940 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:59:43.0782 5940 mssmbios - ok
14:59:43.0829 5940 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:59:43.0830 5940 MSTEE - ok
14:59:43.0856 5940 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:59:43.0858 5940 Mup - ok
14:59:43.0906 5940 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:59:43.0909 5940 NativeWifiP - ok
14:59:43.0960 5940 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:59:43.0975 5940 NDIS - ok
14:59:44.0005 5940 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:59:44.0007 5940 NdisTapi - ok
14:59:44.0038 5940 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:59:44.0039 5940 Ndisuio - ok
14:59:44.0060 5940 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:59:44.0063 5940 NdisWan - ok
14:59:44.0101 5940 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:59:44.0103 5940 NDProxy - ok
14:59:44.0133 5940 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:59:44.0135 5940 NetBIOS - ok
14:59:44.0173 5940 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:59:44.0177 5940 netbt - ok
14:59:44.0214 5940 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:59:44.0216 5940 nfrd960 - ok
14:59:44.0244 5940 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:59:44.0246 5940 Npfs - ok
14:59:44.0278 5940 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:59:44.0279 5940 nsiproxy - ok
14:59:44.0336 5940 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:59:44.0361 5940 Ntfs - ok
14:59:44.0384 5940 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:59:44.0385 5940 NTIDrvr - ok
14:59:44.0405 5940 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:59:44.0406 5940 ntrigdigi - ok
14:59:44.0425 5940 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:59:44.0427 5940 Null - ok
14:59:44.0477 5940 NVENETFD (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:59:44.0501 5940 NVENETFD - ok
14:59:44.0696 5940 nvlddmkm (910de6cb7e6e872af8c034949b9953bf) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:59:44.0840 5940 nvlddmkm - ok
14:59:44.0859 5940 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:59:44.0861 5940 nvraid - ok
14:59:44.0880 5940 nvrd32 (f2abab0c99237ce4e97478af2e0438a0) C:\Windows\system32\drivers\nvrd32.sys
14:59:44.0883 5940 nvrd32 - ok
14:59:44.0899 5940 nvsmu (7ec12a73067baca25a8e3e2a58ae83d8) C:\Windows\system32\DRIVERS\nvsmu.sys
14:59:44.0900 5940 nvsmu - ok
14:59:44.0920 5940 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
14:59:44.0921 5940 nvstor - ok
14:59:44.0933 5940 nvstor32 (afd01721dc3297e6715c5f472dd8bccd) C:\Windows\system32\drivers\nvstor32.sys
14:59:44.0935 5940 nvstor32 - ok
14:59:44.0958 5940 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
14:59:44.0961 5940 nv_agp - ok
14:59:44.0971 5940 NwlnkFlt - ok
14:59:44.0984 5940 NwlnkFwd - ok
14:59:45.0023 5940 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:59:45.0025 5940 ohci1394 - ok
14:59:45.0076 5940 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:59:45.0089 5940 Parport - ok
14:59:45.0119 5940 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:59:45.0121 5940 partmgr - ok
14:59:45.0140 5940 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:59:45.0141 5940 Parvdm - ok
14:59:45.0182 5940 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:59:45.0184 5940 pci - ok
14:59:45.0204 5940 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:59:45.0205 5940 pciide - ok
14:59:45.0237 5940 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:59:45.0241 5940 pcmcia - ok
14:59:45.0283 5940 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:59:45.0309 5940 PEAUTH - ok
14:59:45.0375 5940 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:59:45.0377 5940 PptpMiniport - ok
14:59:45.0403 5940 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:59:45.0404 5940 Processor - ok
14:59:45.0438 5940 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:59:45.0439 5940 PSched - ok
14:59:45.0454 5940 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
14:59:45.0456 5940 PSDFilter - ok
14:59:45.0471 5940 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
14:59:45.0473 5940 PSDNServ - ok
14:59:45.0487 5940 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
14:59:45.0489 5940 psdvdisk - ok
14:59:45.0530 5940 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:59:45.0552 5940 ql2300 - ok
14:59:45.0579 5940 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:59:45.0582 5940 ql40xx - ok
14:59:45.0611 5940 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:59:45.0613 5940 QWAVEdrv - ok
14:59:45.0646 5940 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:59:45.0647 5940 RasAcd - ok
14:59:45.0692 5940 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:59:45.0694 5940 Rasl2tp - ok
14:59:45.0734 5940 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:59:45.0735 5940 RasPppoe - ok
14:59:45.0759 5940 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:59:45.0761 5940 RasSstp - ok
14:59:45.0795 5940 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:59:45.0800 5940 rdbss - ok
14:59:45.0838 5940 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:59:45.0839 5940 RDPCDD - ok
14:59:45.0886 5940 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
14:59:45.0892 5940 rdpdr - ok
14:59:45.0903 5940 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:59:45.0905 5940 RDPENCDD - ok
14:59:45.0935 5940 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:59:45.0938 5940 RDPWD - ok
14:59:46.0006 5940 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:59:46.0008 5940 rspndr - ok
14:59:46.0041 5940 RTL8187 (6d53f52b54bde4d98c9820aaf883b758) C:\Windows\system32\DRIVERS\RTL8187.sys
14:59:46.0046 5940 RTL8187 - ok
14:59:46.0078 5940 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
14:59:46.0079 5940 RtlProt - ok
14:59:46.0125 5940 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:59:46.0127 5940 sbp2port - ok
14:59:46.0170 5940 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:59:46.0171 5940 secdrv - ok
14:59:46.0199 5940 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:59:46.0200 5940 Serenum - ok
14:59:46.0224 5940 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:59:46.0226 5940 Serial - ok
14:59:46.0253 5940 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:59:46.0254 5940 sermouse - ok
14:59:46.0296 5940 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
14:59:46.0304 5940 sffdisk - ok
14:59:46.0332 5940 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
14:59:46.0333 5940 sffp_mmc - ok
14:59:46.0357 5940 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
14:59:46.0358 5940 sffp_sd - ok
14:59:46.0376 5940 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:59:46.0377 5940 sfloppy - ok
14:59:46.0403 5940 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
14:59:46.0404 5940 sisagp - ok
14:59:46.0429 5940 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:59:46.0430 5940 SiSRaid2 - ok
14:59:46.0451 5940 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:59:46.0452 5940 SiSRaid4 - ok
14:59:46.0489 5940 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:59:46.0491 5940 Smb - ok
14:59:46.0526 5940 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:59:46.0527 5940 spldr - ok
14:59:46.0569 5940 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
14:59:46.0569 5940 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
14:59:46.0571 5940 sptd ( LockedFile.Multi.Generic ) - warning
14:59:46.0571 5940 sptd - detected LockedFile.Multi.Generic (1)
14:59:46.0660 5940 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
14:59:46.0666 5940 srv - ok
14:59:46.0714 5940 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
14:59:46.0717 5940 srv2 - ok
14:59:46.0750 5940 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
14:59:46.0752 5940 srvnet - ok
14:59:46.0777 5940 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:59:46.0778 5940 ssmdrv - ok
14:59:46.0808 5940 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:59:46.0809 5940 swenum - ok
14:59:46.0836 5940 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:59:46.0837 5940 Symc8xx - ok
14:59:46.0858 5940 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:59:46.0859 5940 Sym_hi - ok
14:59:46.0870 5940 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:59:46.0872 5940 Sym_u3 - ok
14:59:46.0985 5940 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
14:59:47.0003 5940 Tcpip - ok
14:59:47.0115 5940 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
14:59:47.0123 5940 Tcpip6 - ok
14:59:47.0399 5940 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:59:47.0401 5940 tcpipreg - ok
14:59:47.0477 5940 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:59:47.0478 5940 TDPIPE - ok
14:59:47.0500 5940 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:59:47.0501 5940 TDTCP - ok
14:59:47.0534 5940 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:59:47.0536 5940 tdx - ok
14:59:47.0564 5940 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:59:47.0565 5940 TermDD - ok
14:59:47.0597 5940 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:59:47.0599 5940 tssecsrv - ok
14:59:47.0648 5940 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:59:47.0650 5940 tunmp - ok
14:59:47.0698 5940 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:59:47.0699 5940 tunnel - ok
14:59:47.0719 5940 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:59:47.0720 5940 uagp35 - ok
14:59:47.0758 5940 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:59:47.0762 5940 udfs - ok
14:59:47.0795 5940 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
14:59:47.0797 5940 uliagpkx - ok
14:59:47.0822 5940 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:59:47.0826 5940 uliahci - ok
14:59:47.0847 5940 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:59:47.0849 5940 UlSata - ok
14:59:47.0869 5940 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:59:47.0872 5940 ulsata2 - ok
14:59:47.0907 5940 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:59:47.0909 5940 umbus - ok
14:59:47.0964 5940 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
14:59:47.0964 5940 UnlockerDriver5 - ok
14:59:48.0000 5940 usbbus (5aadc9297c39aa249cd994acdba19034) C:\Windows\system32\DRIVERS\lgusbbus.sys
14:59:48.0001 5940 usbbus - ok
14:59:48.0034 5940 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:59:48.0036 5940 usbccgp - ok
14:59:48.0056 5940 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:59:48.0058 5940 usbcir - ok
14:59:48.0077 5940 UsbDiag (4650ffe04e5922399b0e932319e6b215) C:\Windows\system32\DRIVERS\lgusbdiag.sys
14:59:48.0078 5940 UsbDiag - ok
14:59:48.0125 5940 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:59:48.0126 5940 usbehci - ok
14:59:48.0147 5940 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:59:48.0151 5940 usbhub - ok
14:59:48.0170 5940 USBModem (2666fe171e0c2e7085ccd5fe0bac09e3) C:\Windows\system32\DRIVERS\lgusbmodem.sys
14:59:48.0171 5940 USBModem - ok
14:59:48.0201 5940 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:59:48.0202 5940 usbohci - ok
14:59:48.0231 5940 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:59:48.0232 5940 usbprint - ok
14:59:48.0270 5940 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:59:48.0271 5940 usbscan - ok
14:59:48.0309 5940 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:59:48.0310 5940 USBSTOR - ok
14:59:48.0337 5940 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
14:59:48.0338 5940 usbuhci - ok
14:59:48.0371 5940 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:59:48.0372 5940 vga - ok
14:59:48.0401 5940 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:59:48.0402 5940 VgaSave - ok
14:59:48.0422 5940 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
14:59:48.0423 5940 viaagp - ok
14:59:48.0448 5940 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:59:48.0449 5940 ViaC7 - ok
14:59:48.0469 5940 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
14:59:48.0470 5940 viaide - ok
14:59:48.0509 5940 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:59:48.0513 5940 volmgr - ok
14:59:48.0558 5940 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:59:48.0563 5940 volmgrx - ok
14:59:48.0594 5940 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:59:48.0598 5940 volsnap - ok
14:59:48.0625 5940 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:59:48.0628 5940 vsmraid - ok
14:59:48.0665 5940 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:59:48.0666 5940 WacomPen - ok
14:59:48.0706 5940 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:48.0708 5940 Wanarp - ok
14:59:48.0714 5940 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:59:48.0715 5940 Wanarpv6 - ok
14:59:48.0758 5940 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:59:48.0760 5940 Wd - ok
14:59:48.0801 5940 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:59:48.0810 5940 Wdf01000 - ok
14:59:48.0892 5940 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:59:48.0893 5940 WmiAcpi - ok
14:59:48.0945 5940 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:59:48.0946 5940 WpdUsb - ok
14:59:48.0987 5940 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:59:48.0988 5940 ws2ifsl - ok
14:59:49.0035 5940 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:59:49.0038 5940 WUDFRd - ok
14:59:49.0055 5940 ZTEusbmdm6k - ok
14:59:49.0067 5940 ZTEusbnmea - ok
14:59:49.0083 5940 ZTEusbser6k - ok
14:59:49.0145 5940 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
14:59:49.0146 5940 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
14:59:49.0155 5940 MBR (0x1B8) (a5e72b9509e04abcce59c653b7c10c4a) \Device\Harddisk0\DR0
14:59:49.0179 5940 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
14:59:49.0179 5940 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
14:59:49.0183 5940 Boot (0x1200) (5138c4355f02c2f655b4a81479bef6ff) \Device\Harddisk0\DR0\Partition0
14:59:49.0184 5940 \Device\Harddisk0\DR0\Partition0 - ok
14:59:49.0206 5940 Boot (0x1200) (745947532739910c7eabd9554c3b1d05) \Device\Harddisk0\DR0\Partition1
14:59:49.0207 5940 \Device\Harddisk0\DR0\Partition1 - ok
14:59:49.0208 5940 ============================================================
14:59:49.0208 5940 Scan finished
14:59:49.0208 5940 ============================================================
14:59:49.0221 5532 Detected object count: 2
14:59:49.0221 5532 Actual detected object count: 2
15:01:09.0663 5532 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:01:09.0663 5532 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:01:11.0882 5532 \Device\Harddisk0\DR0\# - copied to quarantine
15:01:11.0883 5532 \Device\Harddisk0\DR0 - copied to quarantine
15:01:11.0913 5532 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine
15:01:11.0915 5532 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
15:01:11.0918 5532 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine
15:01:11.0979 5532 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:01:11.0981 5532 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:01:11.0984 5532 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:01:11.0987 5532 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:01:11.0994 5532 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:01:11.0999 5532 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:01:12.0009 5532 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:01:12.0012 5532 \Device\Harddisk0\DR0\TDLFS\keywords - copied to quarantine
15:01:12.0020 5532 \Device\Harddisk0\DR0\TDLFS\qsct - copied to quarantine
15:01:12.0026 5532 \Device\Harddisk0\DR0\TDLFS\r.dll - copied to quarantine
15:01:12.0031 5532 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
15:01:12.0032 5532 \Device\Harddisk0\DR0 - ok
15:01:26.0665 5532 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
15:02:57.0449 1344 Deinitialize success

***


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-03 15:15:13
-----------------------------
15:15:13.288 OS Version: Windows 6.0.6002 Service Pack 2
15:15:13.288 Number of processors: 4 586 0xF0B
15:15:13.288 ComputerName: PC-DE-PHILOÜ UserName: Philoü
15:15:15.488 Initialize success
15:18:54.360 AVAST engine defs: 12030300
15:18:58.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
15:18:58.978 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 6
15:18:59.009 Disk 0 MBR read successfully
15:18:59.009 Disk 0 MBR scan
15:18:59.212 Disk 0 MBR:Alureon-C [Rtk]
15:18:59.212 Disk 0 TDL4@MBR code has been found
15:18:59.212 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 9993 MB offset 63
15:18:59.243 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233595 MB offset 20467712
15:18:59.259 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 233342 MB offset 498882510
15:18:59.274 Disk 0 MBR [TDL4] **ROOTKIT**
15:18:59.337 Disk 0 scanning C:\Windows\system32\drivers
15:19:11.957 Service scanning
15:19:35.217 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
15:19:42.237 Modules scanning
15:20:03.016 Disk 0 trace - called modules:
15:20:03.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86a161f8]<<
15:20:03.047 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d43ac8]
15:20:03.047 3 CLASSPNP.SYS[8389c8b3] -> nt!IofCallDriver -> [0x86ac09f0]
15:20:03.047 5 acpi.sys[805b96bc] -> nt!IofCallDriver -> \Device\0000006a[0x86ac6730]
15:20:03.063 \Driver\nvstor32[0x86abf558] -> IRP_MJ_CREATE -> 0x86a161f8
15:20:04.108 AVAST engine scan C:\Windows
15:20:11.034 AVAST engine scan C:\Windows\system32
15:24:13.911 AVAST engine scan C:\Windows\system32\drivers
15:24:34.815 AVAST engine scan C:\Users\Philoü
15:57:01.695 AVAST engine scan C:\ProgramData
15:58:35.435 Scan finished successfully
16:00:57.265 Disk 0 MBR has been saved successfully to "C:\Users\Philoü\Desktop\Rapports scans\MBR.dat"
16:00:57.280 The log file has been saved successfully to "C:\Users\Philoü\Desktop\Rapports scans\aswMBR.txt"
0
Pelisse56
3 mars 2012 à 16:21
Je dois m'absenter ; je m'y remets dès mon retour. En tout cas, merci beaucoup pour cette aide rapide et efficace.
0
Réponse 3 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
3 mars 2012 à 16:22
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour, fais un scan rapide, supprime tout et poste le rapport ici.
!!! Malwarebyte doit être à jour avant de faire le scan !!!
Supprime bien ce qui est détecté : bouton supprimer sélection.

ensuite :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

* Lance OTL
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
consrv.dll
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
CREATERESTOREPOINT
nslookup www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
* Clique sur le bouton Analyse.
* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
0
Réponse 4 / 7
Pelisse56
3 mars 2012 à 18:42
Je dois relancer Malwarebyte une seconde fois ?
0
Pelisse56
3 mars 2012 à 19:30
Bon, dans le doute je l'ai refait, mais il n'a rien trouvé, donc je n'ai rien eu à supprimer (normal, je l'avais déjà fait une première fois). Voilà le rapport :

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.03.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18999
Philoü :: PC-DE-PHILOÜ [administrateur]

03/03/2012 19:08:34
mbam-log-2012-03-03 (19-08-34).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 195909
Temps écoulé: 6 minute(s), 50 seconde(s)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
Pelisse56
3 mars 2012 à 19:59
Voici les rapports OTL :

http://pjjoint.malekal.com/files.php?id=20120303_l5f13m11o14i7
http://pjjoint.malekal.com/files.php?id=20120303_b9l5m6m10o14
0
Réponse 6 / 7
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
Modifié par Malekal_morte- le 3/03/2012 à 21:37
C'est OK.


Important - ton infection est venue par un exploit sur site web :

Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
Exemple avec : Exploit Java

Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.

IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
https://forum.malekal.com/viewtopic.php?t=15960&start=

Passe le mot à tes amis !


Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html?sid=71689c9786d0ab1fc7a4b145111238ba

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Réponse 7 / 7
Pelisse56
3 mars 2012 à 21:46
Effectivement Java n'était plus à jour depuis un moment.

Merci beaucoup pour ton aide !
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Prélèvement Google Ireland Limited
jaffa1961 -
gill34051 -

32 réponses