Sujet Précédent Sujet Suivant

Virus bloquant connexion internet

Fermé
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012 - 23 mars 2012 à 17:25
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 25 mars 2012 à 11:49
Bonjour,

Un virus bloque ma connexion internet depuis 2 jours ! Je me suis renseigner sur les forums et est donc décider de faire un scan avec le logiciel hijackthis. Voici le rapport :




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:00:15, on 23/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Smartbar\Application\Smartbar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.plusnetwork.com/?sp=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=4.0003002
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: script helper for ie - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus! Community SmartbarEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll (file missing)
O2 - BHO: Softonic_France - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Update Timer - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Softonic_France Toolbar - {4daac69c-cba7-45e2-9bc8-1044483d3352} - C:\Program Files\Softonic_France\prxtbSof1.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo0.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Messenger Plus! Community Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Browser companion helper] C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 /CHI=kolgnaidildmdbfgdnoapjdianbpajne
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\/\KiesTrayAgent.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Szoxow] rundll32.exe "C:\WINDOWS\dexpldr.dll",Startup
O4 - HKCU\..\Run: [67222e0c9f58be14af5cce1d09423cf9] C:\DOCUME~1\PROPRI~1\MESDOC~1\BAILLY~1\COMPAQ~1\MESDOC~1\100720~1\Bureau\Jeux\DOWNLO~1\BUSDRI~1.EXE /r
O4 - HKCU\..\Run: [GHWAUC6NNZ] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgh.exe
O4 - HKCU\..\Run: [ICS5R7Y0OS] C:\WINDOWS\Jhaheb.exe
O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bubble Dock] "C:\Documents and Settings\PROPRIETAIRE\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Smartbar\Application\Smartbar.exe startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/mjss/MJSS.cab109791.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O18 - Protocol: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

8 réponses

Réponse 1 / 8
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
23 mars 2012 à 17:33
Bonjour,

Pour commencer, passe un coup de RogueKiller et poste le rapport :
https://www.commentcamarche.net/faq/30719-utiliser-roguekiller
1
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012
24 mars 2012 à 16:06
Merci de m'aider . Voici le rapport : RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: PROPRIETAIRE [Droits d'admin]
Mode: Recherche -- Date: 24/03/2012 15:57:29

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] Smartbar.exe -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Smartbar\Application\Smartbar.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 12 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Szoxow (rundll32.exe "C:\WINDOWS\dexpldr.dll",Startup) -> FOUND
[SUSP PATH] HKCU\[...]\Run : GHWAUC6NNZ (C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgh.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : ICS5R7Y0OS (C:\WINDOWS\Jhaheb.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : NtWqIVLZEWZU (C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgm.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Browser Infrastructure Helper (C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Smartbar\Application\Smartbar.exe startup) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1454471165-1770027372-1417001333-1004[...]\Run : Szoxow (rundll32.exe "C:\WINDOWS\dexpldr.dll",Startup) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1454471165-1770027372-1417001333-1004[...]\Run : GHWAUC6NNZ (C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgh.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1454471165-1770027372-1417001333-1004[...]\Run : ICS5R7Y0OS (C:\WINDOWS\Jhaheb.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1454471165-1770027372-1417001333-1004[...]\Run : NtWqIVLZEWZU (C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgm.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1454471165-1770027372-1417001333-1004[...]\Run : Browser Infrastructure Helper (C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Smartbar\Application\Smartbar.exe startup) -> FOUND
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[FAKED] cdrom.sys : c:\windows\system32\drivers\cdrom.sys --> CANNOT FIX
[FAKED] fltMgr.sys : c:\windows\system32\drivers\fltMgr.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] rdpdr.sys : c:\windows\system32\drivers\rdpdr.sys --> CANNOT FIX

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500JS-60NCB1 +++++
--- User ---
[MBR] 19607fed008aab32fe8f127e1dcf09fb
[BSP] 9d23fcdeabd76be2351d6fc7982200af : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 233381 Mo
1 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 477981945 | Size: 5083 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt


Que dois-je supprimer ?
0
Réponse 2 / 8
USA-France Messages postés 1128 Date d'inscription vendredi 25 novembre 2011 Statut Membre Dernière intervention 15 mars 2015 274
23 mars 2012 à 17:30
ça peut éventuellement venir des applications de chat non officielles : SweetIM et de messenger Plus (vrai nid à bactéries quand j'étais plus jeune).
Dans les fichiers Torrents que tu download il y a peut etre aussi des spywares.

Regarde tout de même si ta connexion internet n'est pas simplement mauvaise de la faute de ton réseau ...
0
Réponse 3 / 8
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012
24 mars 2012 à 15:46
Cela ne vient pas de la connexion car j'arrive a me connecter avec la clé wifi sur un autre ordinateur. Des messages avast s'ouvre sans arrêt en me disant adresse URL malveillante bloquée .J'ai surement du choper ça sur internet !
0
Réponse 4 / 8
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
24 mars 2012 à 16:06
Vilaine infection.

Utilise l'option "Suppression" de RogueKiller et poste le rapport.
0
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012
24 mars 2012 à 17:26
Voici le rapport après la suppression :


RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: PROPRIETAIRE [Droits d'admin]
Mode: Suppression -- Date: 24/03/2012 17:23:14

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] Smartbar.exe -- C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Smartbar\Application\Smartbar.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 7 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : Szoxow (rundll32.exe "C:\WINDOWS\dexpldr.dll",Startup) -> DELETED
[SUSP PATH] HKCU\[...]\Run : GHWAUC6NNZ (C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgh.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : ICS5R7Y0OS (C:\WINDOWS\Jhaheb.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : NtWqIVLZEWZU (C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\Jgm.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : Browser Infrastructure Helper (C:\Documents and Settings\PROPRIETAIRE\Local Settings\Application Data\Smartbar\Application\Smartbar.exe startup) -> DELETED
[BLACKLIST] HKLM\[...]\Root : LEGACY_SSHNAS () -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[FAKED] cdrom.sys : c:\windows\system32\drivers\cdrom.sys --> CANNOT FIX
[FAKED] fltMgr.sys : c:\windows\system32\drivers\fltMgr.sys --> CANNOT FIX
[FAKED] mf.sys : c:\windows\system32\drivers\mf.sys --> CANNOT FIX
[FAKED] nwlnknb.sys : c:\windows\system32\drivers\nwlnknb.sys --> CANNOT FIX
[FAKED] rdpdr.sys : c:\windows\system32\drivers\rdpdr.sys --> CANNOT FIX

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
24 mars 2012 à 17:35
--> Télécharge TDSSKiller sur le Bureau :
https://support.kaspersky.com/downloads/utils/tdsskiller.exe

--> Lance TDSSKiller.
(Sous Vista/Win7, il faut cliquer droit sur TDSSKiller et choisir Exécuter en tant qu'administrateur)

--> Clique sur [Start Scan] pour démarrer l'analyse.

--> Si des éléments sont trouvés, clique sur [Continue] puis sur [Reboot Now].

--> Un rapport s'ouvrira au redémarrage du PC.

--> Copie-colle son contenu ici.

Note : le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt.

Note 2 : si TDSSKiller trouve un fichier nommé "Sptd.sys", tu sélectionnes Skip juste pour ce fichier.
0
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012
24 mars 2012 à 17:53
Il y a 3 documents, je te les colles ci dessous :



[InfectedObject]
Verdict: Backdoor.Multi.ZAccess.gen



[InfectedObject]
Type: Service
Name: ss_mdm
Type: n/a (0x20)
Start: Auto (0x2)
ImagePath: %SystemRoot%\system32\svchost.exe -k netsvcs

[InfectedFile]
Type: Raw image
Src: C:\WINDOWS\system32\modem.dll
md5: 11028c6a84a967070cb1286550f2058f
0
Réponse 6 / 8
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
24 mars 2012 à 17:54
Je ne sais pas où tu as eu ça mais c'est le rapport de TDSSKiller que je voudrais.

Le rapport se trouve à la racine de ton disque dur.
0
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012
24 mars 2012 à 17:59
Excuse moi je me suis tromper d'emplacement. Voici le rapport :



17:42:09.0703 1972 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
17:42:09.0718 1972 ============================================================
17:42:09.0718 1972 Current date / time: 2012/03/24 17:42:09.0718
17:42:09.0718 1972 SystemInfo:
17:42:09.0718 1972
17:42:09.0718 1972 OS Version: 5.1.2600 ServicePack: 3.0
17:42:09.0718 1972 Product type: Workstation
17:42:09.0718 1972 ComputerName: PROPRIET-691E28
17:42:09.0718 1972 UserName: PROPRIETAIRE
17:42:09.0718 1972 Windows directory: C:\WINDOWS
17:42:09.0718 1972 System windows directory: C:\WINDOWS
17:42:09.0718 1972 Processor architecture: Intel x86
17:42:09.0718 1972 Number of processors: 2
17:42:09.0718 1972 Page size: 0x1000
17:42:09.0718 1972 Boot type: Normal boot
17:42:09.0718 1972 ============================================================
17:42:11.0406 1972 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:42:11.0578 1972 Drive \Device\Harddisk5\DR15 - Size: 0xF1800000 (3.77 Gb), SectorSize: 0x200, Cylinders: 0x1EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:42:11.0578 1972 \Device\Harddisk0\DR0:
17:42:11.0578 1972 MBR used
17:42:11.0609 1972 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x1C7D2DF9
17:42:11.0609 1972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x1C7D6CF9, BlocksNum 0x9ED888
17:42:11.0609 1972 \Device\Harddisk5\DR15:
17:42:11.0609 1972 MBR used
17:42:11.0609 1972 \Device\Harddisk5\DR15\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x78BFC1
17:42:11.0781 1972 Initialize success
17:42:11.0781 1972 ============================================================
17:42:14.0140 3232 ============================================================
17:42:14.0140 3232 Scan started
17:42:14.0140 3232 Mode: Manual;
17:42:14.0140 3232 ============================================================
17:42:15.0046 3232 Aavmker4 (fdba5bb4c8171cda00b2233d5389ee5f) C:\WINDOWS\system32\drivers\Aavmker4.sys
17:42:15.0062 3232 Aavmker4 - ok
17:42:15.0093 3232 Abiosdsk - ok
17:42:15.0109 3232 abp480n5 - ok
17:42:15.0187 3232 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:42:15.0187 3232 ACPI - ok
17:42:15.0250 3232 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:42:15.0250 3232 ACPIEC - ok
17:42:15.0250 3232 adpu160m - ok
17:42:15.0312 3232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:42:15.0328 3232 aec - ok
17:42:15.0390 3232 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:42:15.0390 3232 AFD - ok
17:42:15.0390 3232 Aha154x - ok
17:42:15.0406 3232 aic78u2 - ok
17:42:15.0421 3232 aic78xx - ok
17:42:15.0656 3232 Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll
17:42:15.0656 3232 Suspicious file (Hidden): c:\program files\fichiers communs\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4
17:42:15.0656 3232 Akamai ( HiddenFile.Multi.Generic ) - warning
17:42:15.0656 3232 Akamai - detected HiddenFile.Multi.Generic (1)
17:42:15.0703 3232 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
17:42:15.0703 3232 Alerter - ok
17:42:15.0734 3232 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
17:42:15.0734 3232 ALG - ok
17:42:15.0750 3232 AliIde - ok
17:42:15.0750 3232 amsint - ok
17:42:15.0765 3232 AppMgmt - ok
17:42:15.0765 3232 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:42:15.0765 3232 Arp1394 - ok
17:42:15.0781 3232 asc - ok
17:42:15.0781 3232 asc3350p - ok
17:42:15.0796 3232 asc3550 - ok
17:42:15.0843 3232 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:42:15.0843 3232 aspnet_state - ok
17:42:15.0890 3232 aswFsBlk (581b82df5dbcc1dda6b775fac0d92472) C:\WINDOWS\system32\drivers\aswFsBlk.sys
17:42:15.0890 3232 aswFsBlk - ok
17:42:15.0906 3232 aswMon2 (4310e0977b48ec9bc5cca6931f806e6d) C:\WINDOWS\system32\drivers\aswMon2.sys
17:42:15.0921 3232 aswMon2 - ok
17:42:15.0984 3232 aswRdr (0b44ee90b3db93582b260a80b28b7ffd) C:\WINDOWS\system32\drivers\aswRdr.sys
17:42:15.0984 3232 aswRdr - ok
17:42:16.0328 3232 aswSnx (ca9601cd277a1e510b80422a40240a95) C:\WINDOWS\system32\drivers\aswSnx.sys
17:42:16.0343 3232 aswSnx - ok
17:42:16.0375 3232 aswSP (05ea22dde5ca7ee3a865046aff2f0229) C:\WINDOWS\system32\drivers\aswSP.sys
17:42:16.0375 3232 aswSP - ok
17:42:16.0390 3232 aswTdi (3ac73a9e7378848d1bde174b4bb39212) C:\WINDOWS\system32\drivers\aswTdi.sys
17:42:16.0390 3232 aswTdi - ok
17:42:16.0406 3232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:42:16.0406 3232 AsyncMac - ok
17:42:16.0500 3232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:42:16.0500 3232 atapi - ok
17:42:16.0515 3232 Atdisk - ok
17:42:16.0546 3232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:42:16.0562 3232 Atmarpc - ok
17:42:16.0609 3232 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
17:42:16.0609 3232 AudioSrv - ok
17:42:16.0671 3232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:42:16.0671 3232 audstub - ok
17:42:16.0750 3232 avast! Antivirus (a45aa986d9490a4e5b87563d9cd7b175) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:42:16.0750 3232 avast! Antivirus - ok
17:42:16.0812 3232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:42:16.0812 3232 Beep - ok
17:42:16.0859 3232 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
17:42:16.0921 3232 BITS - ok
17:42:16.0968 3232 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
17:42:16.0968 3232 Browser - ok
17:42:17.0046 3232 camfilt2 (088c0978203d59425a12b2a53fccd02b) C:\WINDOWS\system32\DRIVERS\camfilt2.sys
17:42:17.0046 3232 camfilt2 - ok
17:42:17.0109 3232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:42:17.0109 3232 cbidf2k - ok
17:42:17.0171 3232 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:42:17.0171 3232 CCDECODE - ok
17:42:17.0171 3232 cd20xrnt - ok
17:42:17.0234 3232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:42:17.0250 3232 Cdaudio - ok
17:42:17.0281 3232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:42:17.0281 3232 Cdfs - ok
17:42:17.0312 3232 Cdrom (fe763ea06a05042c19dcf97da01123a0) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:42:17.0312 3232 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\cdrom.sys. Real md5: fe763ea06a05042c19dcf97da01123a0, Fake md5: 61e89604a184cc18608590a5a2214b45
17:42:17.0328 3232 Cdrom ( ForgedFile.Multi.Generic ) - warning
17:42:17.0328 3232 Cdrom - detected ForgedFile.Multi.Generic (1)
17:42:17.0328 3232 Changer - ok
17:42:17.0343 3232 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
17:42:17.0343 3232 CiSvc - ok
17:42:17.0375 3232 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
17:42:17.0375 3232 ClipSrv - ok
17:42:17.0406 3232 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:42:17.0421 3232 clr_optimization_v2.0.50727_32 - ok
17:42:17.0421 3232 CmdIde - ok
17:42:17.0437 3232 COMSysApp - ok
17:42:17.0437 3232 Cpqarray - ok
17:42:17.0468 3232 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
17:42:17.0484 3232 CryptSvc - ok
17:42:17.0546 3232 dac2w2k - ok
17:42:17.0546 3232 dac960nt - ok
17:42:17.0625 3232 DcomLaunch (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
17:42:17.0640 3232 DcomLaunch - ok
17:42:17.0828 3232 ddxgb - ok
17:42:17.0890 3232 dgderdrv (3be1651c63954067940e7f473498ad70) C:\WINDOWS\system32\drivers\dgderdrv.sys
17:42:17.0890 3232 dgderdrv - ok
17:42:17.0921 3232 dgdersvc (10b8f89d146d0e20b1284d47bb4ec6c9) C:\WINDOWS\system32\dgdersvc.exe
17:42:17.0921 3232 dgdersvc - ok
17:42:17.0968 3232 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
17:42:17.0984 3232 Dhcp - ok
17:42:18.0031 3232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:42:18.0031 3232 Disk - ok
17:42:18.0031 3232 dmadmin - ok
17:42:18.0078 3232 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
17:42:18.0140 3232 dmboot - ok
17:42:18.0203 3232 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
17:42:18.0203 3232 dmio - ok
17:42:18.0234 3232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:42:18.0250 3232 dmload - ok
17:42:18.0265 3232 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
17:42:18.0265 3232 dmserver - ok
17:42:18.0328 3232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:42:18.0328 3232 DMusic - ok
17:42:18.0375 3232 Dnscache (1a1e59377fb6cacd711cc5073c4a7d79) C:\WINDOWS\System32\dnsrslvr.dll
17:42:18.0375 3232 Dnscache - ok
17:42:18.0421 3232 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
17:42:18.0437 3232 Dot3svc - ok
17:42:18.0453 3232 dpti2o - ok
17:42:18.0562 3232 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
17:42:18.0562 3232 driverhardwarev2 - ok
17:42:18.0609 3232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:42:18.0609 3232 drmkaud - ok
17:42:18.0671 3232 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:42:18.0671 3232 E100B - ok
17:42:18.0765 3232 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
17:42:18.0765 3232 EapHost - ok
17:42:18.0812 3232 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
17:42:18.0812 3232 ERSvc - ok
17:42:18.0875 3232 Eventlog (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
17:42:18.0875 3232 Eventlog - ok
17:42:18.0953 3232 EventSystem (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
17:42:18.0968 3232 EventSystem - ok
17:42:19.0046 3232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:42:19.0046 3232 Fastfat - ok
17:42:19.0109 3232 FastUserSwitchingCompatibility (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
17:42:19.0125 3232 FastUserSwitchingCompatibility - ok
17:42:19.0187 3232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:42:19.0187 3232 Fdc - ok
17:42:19.0203 3232 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
17:42:19.0203 3232 FETNDIS - ok
17:42:19.0218 3232 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
17:42:19.0218 3232 Fips - ok
17:42:19.0234 3232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:42:19.0234 3232 Flpydisk - ok
17:42:19.0296 3232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:42:19.0312 3232 FltMgr - ok
17:42:19.0390 3232 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:42:19.0390 3232 FontCache3.0.0.0 - ok
17:42:19.0437 3232 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
17:42:19.0437 3232 FsUsbExDisk - ok
17:42:19.0515 3232 FsUsbExService (f96c429788350db4ba6771c3034dfd88) C:\WINDOWS\system32\FsUsbExService.Exe
17:42:19.0515 3232 FsUsbExService - ok
17:42:19.0562 3232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:42:19.0562 3232 Fs_Rec - ok
17:42:19.0578 3232 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:42:19.0578 3232 Ftdisk - ok
17:42:19.0734 3232 FTRTSVC (17f954e3696180c52ea55fdb13a6a70f) C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
17:42:19.0750 3232 FTRTSVC - ok
17:42:19.0812 3232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:42:19.0812 3232 Gpc - ok
17:42:19.0875 3232 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:42:19.0875 3232 gupdate - ok
17:42:19.0890 3232 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
17:42:19.0890 3232 gupdatem - ok
17:42:19.0953 3232 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:42:19.0953 3232 HDAudBus - ok
17:42:19.0968 3232 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:42:19.0968 3232 helpsvc - ok
17:42:20.0015 3232 HidServ (a3b9b4a68bc839ce5a264d5908092261) C:\WINDOWS\System32\hidserv.dll
17:42:20.0015 3232 HidServ - ok
17:42:20.0062 3232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:42:20.0062 3232 HidUsb - ok
17:42:20.0109 3232 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
17:42:20.0125 3232 hkmsvc - ok
17:42:20.0125 3232 hpn - ok
17:42:20.0187 3232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:42:20.0187 3232 HTTP - ok
17:42:20.0234 3232 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
17:42:20.0234 3232 HTTPFilter - ok
17:42:20.0250 3232 i2omgmt - ok
17:42:20.0250 3232 i2omp - ok
17:42:20.0328 3232 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:42:20.0328 3232 i8042prt - ok
17:42:20.0437 3232 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:42:20.0437 3232 IDriverT - ok
17:42:20.0531 3232 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:42:20.0546 3232 idsvc - ok
17:42:20.0593 3232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:42:20.0593 3232 Imapi - ok
17:42:20.0671 3232 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
17:42:20.0671 3232 ImapiService - ok
17:42:20.0734 3232 ini910u - ok
17:42:20.0890 3232 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:42:20.0921 3232 IntcAzAudAddService - ok
17:42:20.0921 3232 IntelIde - ok
17:42:20.0968 3232 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:42:20.0968 3232 intelppm - ok
17:42:21.0031 3232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:42:21.0031 3232 Ip6Fw - ok
17:42:21.0078 3232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:42:21.0078 3232 IpFilterDriver - ok
17:42:21.0078 3232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:42:21.0078 3232 IpInIp - ok
17:42:21.0125 3232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:42:21.0125 3232 IpNat - ok
17:42:21.0140 3232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:42:21.0140 3232 IPSec - ok
17:42:21.0171 3232 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:42:21.0171 3232 IRENUM - ok
17:42:21.0218 3232 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:42:21.0218 3232 isapnp - ok
17:42:21.0390 3232 JavaQuickStarterService (9ae07549a0d691a103faf8946554bdb7) C:\Program Files\Java\jre6\bin\jqs.exe
17:42:21.0406 3232 JavaQuickStarterService - ok
17:42:21.0453 3232 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:42:21.0468 3232 Kbdclass - ok
17:42:21.0531 3232 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:42:21.0531 3232 kbdhid - ok
17:42:21.0593 3232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:42:21.0609 3232 kmixer - ok
17:42:21.0640 3232 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:42:21.0640 3232 KSecDD - ok
17:42:21.0687 3232 LanmanServer (1db8078a32e03ac8f5eb5e6dcac2aa34) C:\WINDOWS\System32\srvsvc.dll
17:42:21.0703 3232 LanmanServer - ok
17:42:21.0765 3232 lanmanworkstation (ad54ead46d92f413be189aabc1c59490) C:\WINDOWS\System32\wkssvc.dll
17:42:21.0796 3232 lanmanworkstation - ok
17:42:21.0796 3232 lbrtfdc - ok
17:42:21.0859 3232 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
17:42:21.0875 3232 LmHosts - ok
17:42:21.0968 3232 maconfservice (09ed79fb8364390ba894806da2f66a55) C:\Program Files\ma-config.com\maconfservice.exe
17:42:21.0968 3232 maconfservice - ok
17:42:22.0062 3232 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
17:42:22.0078 3232 Messenger - ok
17:42:22.0125 3232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:42:22.0125 3232 mnmdd - ok
17:42:22.0203 3232 mnmsrvc (d3a2870cd96cda7bcff3dc54f64087ad) C:\WINDOWS\system32\mnmsrvc.exe
17:42:22.0203 3232 mnmsrvc - ok
17:42:22.0265 3232 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
17:42:22.0265 3232 Modem - ok
17:42:22.0281 3232 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:42:22.0281 3232 Mouclass - ok
17:42:22.0296 3232 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:42:22.0296 3232 mouhid - ok
17:42:22.0328 3232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:42:22.0328 3232 MountMgr - ok
17:42:22.0343 3232 mraid35x - ok
17:42:22.0390 3232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:42:22.0390 3232 MRxDAV - ok
17:42:22.0468 3232 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:42:22.0468 3232 MRxSmb - ok
17:42:22.0500 3232 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
17:42:22.0515 3232 MSDTC - ok
17:42:22.0546 3232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:42:22.0546 3232 Msfs - ok
17:42:22.0546 3232 MSIServer - ok
17:42:22.0593 3232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:42:22.0593 3232 MSKSSRV - ok
17:42:22.0609 3232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:42:22.0609 3232 MSPCLOCK - ok
17:42:22.0625 3232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:42:22.0625 3232 MSPQM - ok
17:42:22.0671 3232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:42:22.0671 3232 mssmbios - ok
17:42:22.0718 3232 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:42:22.0718 3232 MSTEE - ok
17:42:22.0734 3232 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:42:22.0734 3232 Mup - ok
17:42:22.0765 3232 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:42:22.0765 3232 NABTSFEC - ok
17:42:22.0796 3232 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
17:42:22.0812 3232 napagent - ok
17:42:22.0812 3232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:42:22.0828 3232 NDIS - ok
17:42:22.0843 3232 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:42:22.0843 3232 NdisIP - ok
17:42:22.0890 3232 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:42:22.0890 3232 NdisTapi - ok
17:42:23.0000 3232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:42:23.0000 3232 Ndisuio - ok
17:42:23.0062 3232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:42:23.0078 3232 NdisWan - ok
17:42:23.0093 3232 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:42:23.0109 3232 NDProxy - ok
17:42:23.0156 3232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:42:23.0156 3232 NetBIOS - ok
17:42:23.0218 3232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:42:23.0218 3232 NetBT - ok
17:42:23.0296 3232 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
17:42:23.0296 3232 NetDDE - ok
17:42:23.0312 3232 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
17:42:23.0312 3232 NetDDEdsdm - ok
17:42:23.0359 3232 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:42:23.0359 3232 Netlogon - ok
17:42:23.0421 3232 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
17:42:23.0453 3232 Netman - ok
17:42:23.0500 3232 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:42:23.0515 3232 NetTcpPortSharing - ok
17:42:23.0562 3232 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:42:23.0562 3232 NIC1394 - ok
17:42:23.0609 3232 Nla (6f5f546a92c7b6ae45db1d6910781eb0) C:\WINDOWS\System32\mswsock.dll
17:42:23.0609 3232 Nla - ok
17:42:23.0671 3232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:42:23.0687 3232 Npfs - ok
17:42:23.0687 3232 npggsvc - ok
17:42:23.0734 3232 NPPTNT2 (9131fe60adfab595c8da53ad6a06aa31) C:\WINDOWS\system32\npptNT2.sys
17:42:23.0750 3232 NPPTNT2 - ok
17:42:23.0796 3232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:42:23.0828 3232 Ntfs - ok
17:42:23.0843 3232 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:42:23.0843 3232 NtLmSsp - ok
17:42:23.0906 3232 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
17:42:23.0953 3232 NtmsSvc - ok
17:42:24.0046 3232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:42:24.0062 3232 Null - ok
17:42:24.0406 3232 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:42:24.0468 3232 nv - ok
17:42:24.0515 3232 nvsvc (cc4f8220ead1f6a38d51679708f435b9) C:\WINDOWS\system32\nvsvc32.exe
17:42:24.0531 3232 nvsvc - ok
17:42:24.0578 3232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:42:24.0578 3232 NwlnkFlt - ok
17:42:24.0593 3232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:42:24.0593 3232 NwlnkFwd - ok
17:42:24.0609 3232 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:42:24.0609 3232 ohci1394 - ok
17:42:24.0656 3232 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
17:42:24.0656 3232 Parport - ok
17:42:24.0656 3232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:42:24.0671 3232 PartMgr - ok
17:42:24.0671 3232 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
17:42:24.0671 3232 ParVdm - ok
17:42:24.0718 3232 PCAMPR5 (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS
17:42:24.0734 3232 PCAMPR5 - ok
17:42:24.0781 3232 PCANDIS5 (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS
17:42:24.0781 3232 PCANDIS5 - ok
17:42:24.0812 3232 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:42:24.0828 3232 pccsmcfd - ok
17:42:24.0875 3232 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
17:42:24.0875 3232 PCI - ok
17:42:24.0875 3232 PCIDump - ok
17:42:24.0921 3232 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:42:24.0921 3232 PCIIde - ok
17:42:24.0937 3232 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:42:24.0937 3232 Pcmcia - ok
17:42:24.0953 3232 PDCOMP - ok
17:42:24.0953 3232 PDFRAME - ok
17:42:24.0968 3232 PDRELI - ok
17:42:24.0968 3232 PDRFRAME - ok
17:42:24.0984 3232 perc2 - ok
17:42:24.0984 3232 perc2hib - ok
17:42:25.0046 3232 PlugPlay (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
17:42:25.0046 3232 PlugPlay - ok
17:42:25.0109 3232 PnkBstrA (a1dd33d16f277ce34124ee52ab2c0f14) C:\WINDOWS\system32\PnkBstrA.exe
17:42:25.0109 3232 PnkBstrA - ok
17:42:25.0171 3232 PnkBstrB (27f1be4a53441c9f1f48b9adc145b0a5) C:\WINDOWS\system32\PnkBstrB.exe
17:42:25.0187 3232 PnkBstrB - ok
17:42:25.0281 3232 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:42:25.0281 3232 PolicyAgent - ok
17:42:25.0312 3232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:42:25.0328 3232 PptpMiniport - ok
17:42:25.0328 3232 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:42:25.0328 3232 ProtectedStorage - ok
17:42:25.0343 3232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:42:25.0343 3232 PSched - ok
17:42:25.0375 3232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:42:25.0375 3232 Ptilink - ok
17:42:25.0390 3232 ql1080 - ok
17:42:25.0390 3232 Ql10wnt - ok
17:42:25.0406 3232 ql12160 - ok
17:42:25.0406 3232 ql1240 - ok
17:42:25.0421 3232 ql1280 - ok
17:42:25.0453 3232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:42:25.0453 3232 RasAcd - ok
17:42:25.0500 3232 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
17:42:25.0515 3232 RasAuto - ok
17:42:25.0546 3232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:42:25.0546 3232 Rasl2tp - ok
17:42:25.0562 3232 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
17:42:25.0578 3232 RasMan - ok
17:42:25.0593 3232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:42:25.0593 3232 RasPppoe - ok
17:42:25.0609 3232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:42:25.0609 3232 Raspti - ok
17:42:25.0625 3232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:42:25.0625 3232 Rdbss - ok
17:42:25.0640 3232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:42:25.0640 3232 RDPCDD - ok
17:42:25.0703 3232 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
17:42:25.0703 3232 RDPWD - ok
17:42:25.0750 3232 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
17:42:25.0796 3232 RDSessMgr - ok
17:42:25.0843 3232 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:42:25.0859 3232 redbook - ok
17:42:25.0906 3232 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
17:42:25.0906 3232 RemoteAccess - ok
17:42:25.0921 3232 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
17:42:25.0937 3232 RpcLocator - ok
17:42:25.0984 3232 RpcSs (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
17:42:26.0000 3232 RpcSs - ok
17:42:26.0046 3232 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
17:42:26.0093 3232 RSVP - ok
17:42:26.0140 3232 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
17:42:26.0140 3232 SamSs - ok
17:42:26.0187 3232 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
17:42:26.0203 3232 SCardSvr - ok
17:42:26.0265 3232 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
17:42:26.0281 3232 Schedule - ok
17:42:26.0375 3232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:42:26.0375 3232 Secdrv - ok
17:42:26.0437 3232 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
17:42:26.0437 3232 seclogon - ok
17:42:26.0453 3232 SENS (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
17:42:26.0453 3232 SENS - ok
17:42:26.0531 3232 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
17:42:26.0531 3232 Serial - ok
17:42:26.0671 3232 ServiceLayer (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:42:26.0734 3232 ServiceLayer - ok
17:42:26.0765 3232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:42:26.0765 3232 Sfloppy - ok
17:42:26.0843 3232 SG762_XP (fa30e1c37b67de5a2e4cb8815d022880) C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys
17:42:26.0843 3232 SG762_XP - ok
17:42:26.0921 3232 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
17:42:26.0937 3232 SharedAccess - ok
17:42:27.0000 3232 ShellHWDetection (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
17:42:27.0015 3232 ShellHWDetection - ok
17:42:27.0015 3232 Simbad - ok
17:42:27.0062 3232 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:42:27.0078 3232 SLIP - ok
17:42:27.0328 3232 SNPSTD3 (9cd6ffc9f5b999eb5df69b9177d9848f) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
17:42:27.0406 3232 SNPSTD3 - ok
17:42:27.0406 3232 Sparrow - ok
17:42:27.0421 3232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:42:27.0437 3232 splitter - ok
17:42:27.0468 3232 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
17:42:27.0484 3232 Spooler - ok
17:42:27.0609 3232 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
17:42:27.0609 3232 sr - ok
17:42:27.0640 3232 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
17:42:27.0656 3232 srservice - ok
17:42:27.0718 3232 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:42:27.0718 3232 Srv - ok
17:42:27.0781 3232 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
17:42:27.0781 3232 SSDPSRV - ok
17:42:27.0843 3232 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
17:42:27.0843 3232 ss_bbus - ok
17:42:27.0859 3232 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
17:42:27.0859 3232 ss_bmdfl - ok
17:42:27.0875 3232 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
17:42:27.0875 3232 ss_bmdm - ok
17:42:27.0890 3232 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\WINDOWS\system32\DRIVERS\ss_bserd.sys
17:42:27.0890 3232 ss_bserd - ok
17:42:27.0937 3232 ss_mdm (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\modem.dll
17:42:27.0937 3232 ss_mdm ( Backdoor.Multi.ZAccess.gen ) - infected
17:42:27.0937 3232 ss_mdm - detected Backdoor.Multi.ZAccess.gen (0)
17:42:28.0015 3232 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
17:42:28.0046 3232 stisvc - ok
17:42:28.0093 3232 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:42:28.0093 3232 streamip - ok
17:42:28.0140 3232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:42:28.0156 3232 swenum - ok
17:42:28.0218 3232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:42:28.0218 3232 swmidi - ok
17:42:28.0218 3232 SwPrv - ok
17:42:28.0234 3232 symc810 - ok
17:42:28.0234 3232 symc8xx - ok
17:42:28.0250 3232 sym_hi - ok
17:42:28.0250 3232 sym_u3 - ok
17:42:28.0296 3232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:42:28.0312 3232 sysaudio - ok
17:42:28.0359 3232 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
17:42:28.0375 3232 SysmonLog - ok
17:42:28.0421 3232 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
17:42:28.0437 3232 TapiSrv - ok
17:42:28.0562 3232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:42:28.0562 3232 Tcpip - ok
17:42:28.0609 3232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:42:28.0609 3232 TDPIPE - ok
17:42:28.0640 3232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:42:28.0640 3232 TDTCP - ok
17:42:28.0687 3232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:42:28.0687 3232 TermDD - ok
17:42:28.0765 3232 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
17:42:28.0781 3232 TermService - ok
17:42:28.0843 3232 Themes (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
17:42:28.0859 3232 Themes - ok
17:42:28.0859 3232 TosIde - ok
17:42:28.0937 3232 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
17:42:28.0937 3232 TrkWks - ok
17:42:29.0000 3232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:42:29.0000 3232 Udfs - ok
17:42:29.0000 3232 ultra - ok
17:42:29.0062 3232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:42:29.0078 3232 Update - ok
17:42:29.0140 3232 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
17:42:29.0187 3232 upnphost - ok
17:42:29.0234 3232 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
17:42:29.0250 3232 UPS - ok
17:42:29.0296 3232 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:42:29.0296 3232 usbaudio - ok
17:42:29.0375 3232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:42:29.0375 3232 usbccgp - ok
17:42:29.0453 3232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:42:29.0453 3232 usbehci - ok
17:42:29.0515 3232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:42:29.0515 3232 usbhub - ok
17:42:29.0578 3232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:42:29.0578 3232 usbscan - ok
17:42:29.0593 3232 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:42:29.0593 3232 usbstor - ok
17:42:29.0625 3232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:42:29.0640 3232 usbuhci - ok
17:42:29.0750 3232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:42:29.0765 3232 VgaSave - ok
17:42:29.0765 3232 ViaIde - ok
17:42:29.0828 3232 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
17:42:29.0843 3232 VolSnap - ok
17:42:29.0875 3232 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
17:42:29.0921 3232 VSS - ok
17:42:29.0984 3232 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
17:42:30.0015 3232 W32Time - ok
17:42:30.0062 3232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:42:30.0078 3232 Wanarp - ok
17:42:30.0078 3232 WDICA - ok
17:42:30.0156 3232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:42:30.0156 3232 wdmaud - ok
17:42:30.0218 3232 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
17:42:30.0218 3232 WebClient - ok
17:42:30.0343 3232 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
17:42:30.0359 3232 winmgmt - ok
17:42:30.0406 3232 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
17:42:30.0406 3232 WmdmPmSN - ok
17:42:30.0468 3232 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:42:30.0468 3232 WmiApSrv - ok
17:42:30.0640 3232 WMPNetworkSvc (c9bea742ce225cc993c9465fddae4656) C:\Program Files\Windows Media Player\WMPNetwk.exe
17:42:30.0671 3232 WMPNetworkSvc - ok
17:42:30.0687 3232 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:42:30.0687 3232 WpdUsb - ok
17:42:30.0718 3232 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:42:30.0734 3232 WSTCODEC - ok
17:42:30.0765 3232 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
17:42:30.0781 3232 wuauserv - ok
17:42:30.0859 3232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:42:30.0859 3232 WudfPf - ok
17:42:30.0890 3232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:42:30.0890 3232 WudfRd - ok
17:42:31.0062 3232 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
17:42:31.0140 3232 WudfSvc - ok
17:42:31.0328 3232 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
17:42:31.0359 3232 WZCSVC - ok
17:42:31.0406 3232 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
17:42:31.0468 3232 xmlprov - ok
17:42:31.0484 3232 ZDCndis5 - ok
17:42:31.0484 3232 ZDPNDIS5 - ok
17:42:31.0578 3232 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
17:42:31.0578 3232 ZDPSp50 - ok
17:42:31.0625 3232 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
17:42:31.0765 3232 \Device\Harddisk0\DR0 - ok
17:42:31.0765 3232 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR15
17:42:35.0093 3232 \Device\Harddisk5\DR15 - ok
17:42:35.0125 3232 Boot (0x1200) (9300ffa9184375493fdcc0b3940ba353) \Device\Harddisk0\DR0\Partition0
17:42:35.0125 3232 \Device\Harddisk0\DR0\Partition0 - ok
17:42:35.0125 3232 Boot (0x1200) (883b73ef42ac0d8abcea82136a03bf27) \Device\Harddisk0\DR0\Partition1
17:42:35.0125 3232 \Device\Harddisk0\DR0\Partition1 - ok
17:42:35.0125 3232 Boot (0x1200) (4b660d958324cb3298acc8b7236d7067) \Device\Harddisk5\DR15\Partition0
17:42:35.0125 3232 \Device\Harddisk5\DR15\Partition0 - ok
17:42:35.0125 3232 ============================================================
17:42:35.0125 3232 Scan finished
17:42:35.0125 3232 ============================================================
17:42:35.0140 3684 Detected object count: 3
17:42:35.0140 3684 Actual detected object count: 3
17:43:55.0406 3684 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:43:55.0406 3684 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
17:43:55.0406 3684 Cdrom ( ForgedFile.Multi.Generic ) - skipped by user
17:43:55.0406 3684 Cdrom ( ForgedFile.Multi.Generic ) - User select action: Skip
17:43:55.0562 3684 C:\WINDOWS\system32\modem.dll - copied to quarantine
17:43:55.0578 3684 HKLM\SYSTEM\ControlSet001\services\ss_mdm - will be deleted on reboot
17:43:55.0578 3684 HKLM\SYSTEM\ControlSet002\services\ss_mdm - will be deleted on reboot
17:43:55.0609 3684 C:\WINDOWS\system32\modem.dll - will be deleted on reboot
17:43:55.0609 3684 ss_mdm ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
17:44:01.0828 0512 Deinitialize success
0
Réponse 7 / 8
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
24 mars 2012 à 18:20
Je t'aurais bien proposé ComboFix mais j'ai peur que ça plante ton PC.
0
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012
24 mars 2012 à 21:59
Il y a apparament pas trop de risque . Je veut bien essayer ce logiciel .
0
Réponse 8 / 8
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
24 mars 2012 à 22:38
En cas de plantage, essaie une restauration du système (ComboFix va créer un point de restauration avant le scan) :
http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/restauration-systeme-commande-sujet_198433_1.htm

Avertissement : ne pas utiliser ComboFix sans l'avis d'un helper.

--> Télécharge ComboFix (par sUBs) sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Si besoin :
https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

--> Quitte tous les programmes.

--> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton antivirus et de tes antispywares (si tu en as), qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

--> Lance ComboFix.

--> Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du PC.

--> Accepte l'installation de la console de récupération.

/!\ Pendant la durée de cette étape, ne te sers pas du PC et n'ouvre aucun programme.

--> En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection/recherche, laisse-le faire.

--> Un rapport s'ouvrira ensuite dans le Bloc-notes. Ce rapport ComboFix.txt est automatiquement sauvegardé à l'emplacement suivant C:\ComboFix\ComboFix.txt.

--> Réactive la protection en temps réel de ton antivirus et de tes antispywares (s'ils ne sont pas déjà actifs), avant de te reconnecter à Internet.

--> Copie-colle le rapport de ComboFix ici.
0
remi77390 Messages postés 8 Date d'inscription vendredi 23 mars 2012 Statut Membre Dernière intervention 25 mars 2012
25 mars 2012 à 11:13
Je te rappelle que le virus bloque la connexion internet , je ne peux donc pas installer la console de récupération avec comboFix . Puis-je l'installer à partir d'un autre ordinateur et la mettre sur clé ?
0
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
25 mars 2012 à 11:49
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#manual_recovery
0

Discussions similaires

Formaté mais pas de connexion Internet ?
VissErale -
VissErale -

4 réponses
Coco chat connexion sur mobile, le tchat est fermé ?
Pisceneo -
brucine -

24 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Plus de connexion internet après formatage
***kiwi*** -
iyadh abdelmoumen -

20 réponses
format internet
hilal03 -
avion-f16 -

5 réponses