Sujet Précédent Sujet Suivant

Virus sirefef / rootkit gen2

Résolu/Fermé
hibou31 Messages postés 9 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 22 septembre 2012 - 27 mars 2012 à 13:57
 hibou31 - 28 mars 2012 à 21:09
Bonjour,
Depuis quelques jours j ai des virus a répétition
J ai regardé les différents forums et j ai essayé un logiciel (cmdr, je crois) qui était conseillé dans un site et qui m a déréglé la connexion internet.
Je suis depuis passé en tcp/ip manuel mais la connexion n est plus celle qu elle était.
J ai téléchargé et fais tourner roguekiller, TDSSkiller et Antizeroaccess, mais au vus de mes connaissances très moyennes en informatique et des recommandations sur les différents forums, je pense qu il serait plus intelligent et plus efficace de me faire aider.
Si quelqu'un (ou quelqu'une) peut me venir en aide, il (elle) serait le bienvenu

Cordialement

A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
hibou31 Messages postés 9 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 22 septembre 2012 1
27 mars 2012 à 13:59
Voici les différents rapports que j ai obtenu, je les mets en plusieurs posts pour plus de clarté.

Rapport Rogue killer

RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Ordinateur [Droits d'admin]
Mode: Recherche -- Date: 27/03/2012 13:41:38

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 1 ¤¤¤
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{DCE93449-D5C8-42DC-966D-4667A75F45C5} : NameServer (211.54.200.35) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
SSDT[25] : NtClose @ 0x805B1D8E -> HOOKED (Unknown @ 0xF7B02114)
SSDT[41] : NtCreateKey @ 0x8061ACEC -> HOOKED (Unknown @ 0xF7B020CE)
SSDT[50] : NtCreateSection @ 0x805A0816 -> HOOKED (Unknown @ 0xF7B0211E)
SSDT[53] : NtCreateThread @ 0x805C736A -> HOOKED (Unknown @ 0xF7B020C4)
SSDT[63] : NtDeleteKey @ 0x8061B188 -> HOOKED (Unknown @ 0xF7B020D3)
SSDT[65] : NtDeleteValueKey @ 0x8061B358 -> HOOKED (Unknown @ 0xF7B020DD)
SSDT[68] : NtDuplicateObject @ 0x805B39A2 -> HOOKED (Unknown @ 0xF7B0210F)
SSDT[98] : NtLoadKey @ 0x8061CF10 -> HOOKED (Unknown @ 0xF7B020E2)
SSDT[122] : NtOpenProcess @ 0x805C13F8 -> HOOKED (Unknown @ 0xF7B020B0)
SSDT[128] : NtOpenThread @ 0x805C1684 -> HOOKED (Unknown @ 0xF7B020B5)
SSDT[193] : NtReplaceKey @ 0x8061CDC0 -> HOOKED (Unknown @ 0xF7B020EC)
SSDT[204] : NtRestoreKey @ 0x8061C6CC -> HOOKED (Unknown @ 0xF7B020E7)
SSDT[213] : NtSetContextThread @ 0x805C7A8C -> HOOKED (Unknown @ 0xF7B02123)
SSDT[247] : NtSetValueKey @ 0x8061925E -> HOOKED (Unknown @ 0xF7B020D8)
SSDT[257] : NtTerminateProcess @ 0x805C8DA6 -> HOOKED (Unknown @ 0xF7B020BF)
S_SSDT[549] : Unknown -> HOOKED (Unknown @ 0xF7B02128)
S_SSDT[552] : Unknown -> HOOKED (Unknown @ 0xF7B0212D)

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Fichier HOSTS: ¤¤¤


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++
--- User ---
[MBR] 804c293222a6532dba8ba32139de7352
[BSP] 0866e6d5f5b2ee3579c58d2cd3b16292 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152617 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 2 / 26
hibou31 Messages postés 9 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 22 septembre 2012 1
27 mars 2012 à 14:00
Rapport TDSSKiller

13:39:35.0750 3140 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
13:39:35.0750 3140 ============================================================
13:39:35.0750 3140 Current date / time: 2012/03/27 13:39:35.0750
13:39:35.0750 3140 SystemInfo:
13:39:35.0750 3140
13:39:35.0750 3140 OS Version: 5.1.2600 ServicePack: 3.0
13:39:35.0750 3140 Product type: Workstation
13:39:35.0750 3140 ComputerName: MAT
13:39:35.0750 3140 UserName: Ordinateur
13:39:35.0750 3140 Windows directory: C:\WINDOWS
13:39:35.0750 3140 System windows directory: C:\WINDOWS
13:39:35.0750 3140 Processor architecture: Intel x86
13:39:35.0750 3140 Number of processors: 1
13:39:35.0750 3140 Page size: 0x1000
13:39:35.0750 3140 Boot type: Normal boot
13:39:35.0750 3140 ============================================================
13:39:36.0375 3140 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:39:36.0375 3140 \Device\Harddisk0\DR0:
13:39:36.0375 3140 MBR used
13:39:36.0375 3140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
13:39:36.0437 3140 Initialize success
13:39:36.0437 3140 ============================================================
13:39:40.0953 1928 ============================================================
13:39:40.0953 1928 Scan started
13:39:40.0953 1928 Mode: Manual; SigCheck; TDLFS;
13:39:40.0953 1928 ============================================================
13:39:41.0375 1928 6to4 (67927e41a89e6127836152417c5d4fcf) C:\WINDOWS\System32\6to4svc.dll
13:39:41.0671 1928 6to4 - ok
13:39:41.0765 1928 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
13:39:41.0812 1928 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
13:39:41.0890 1928 Abiosdsk - ok
13:39:41.0906 1928 abp480n5 - ok
13:39:41.0953 1928 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:39:42.0562 1928 ACPI - ok
13:39:42.0671 1928 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:39:42.0781 1928 ACPIEC - ok
13:39:42.0859 1928 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
13:39:42.0875 1928 adfs - ok
13:39:42.0953 1928 Adobe LM Service (d01dd9e6a7dfe540181147a38b13f43a) C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
13:39:43.0000 1928 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
13:39:43.0000 1928 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
13:39:43.0125 1928 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
13:39:43.0156 1928 Adobe Version Cue CS4 - ok
13:39:43.0203 1928 adpu160m - ok
13:39:43.0296 1928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:39:43.0406 1928 aec - ok
13:39:43.0593 1928 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:39:43.0625 1928 AFD - ok
13:39:43.0640 1928 Aha154x - ok
13:39:43.0656 1928 aic78u2 - ok
13:39:43.0656 1928 aic78xx - ok
13:39:43.0812 1928 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
13:39:44.0093 1928 ALCXWDM - ok
13:39:44.0125 1928 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
13:39:44.0218 1928 Alerter - ok
13:39:44.0328 1928 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
13:39:44.0453 1928 ALG - ok
13:39:44.0484 1928 AliIde - ok
13:39:44.0500 1928 amsint - ok
13:39:44.0625 1928 AntiVirSchedulerService (a5bcbaf0477c4869b67e0195aea4a9cd) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:39:44.0625 1928 AntiVirSchedulerService - ok
13:39:44.0640 1928 AntiVirService (3cce4afa4aacdb28e01a148394212186) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:39:44.0656 1928 AntiVirService - ok
13:39:44.0703 1928 AppMgmt - ok
13:39:44.0750 1928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:39:44.0843 1928 Arp1394 - ok
13:39:44.0890 1928 asc - ok
13:39:44.0906 1928 asc3350p - ok
13:39:44.0906 1928 asc3550 - ok
13:39:45.0046 1928 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:39:45.0078 1928 aspnet_state - ok
13:39:45.0109 1928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:39:45.0218 1928 AsyncMac - ok
13:39:45.0234 1928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:39:45.0343 1928 atapi - ok
13:39:45.0359 1928 Atdisk - ok
13:39:45.0421 1928 Ati HotKey Poller (3c94e4e7983eff03e7e128325891ea80) C:\WINDOWS\system32\Ati2evxx.exe
13:39:45.0484 1928 Ati HotKey Poller - ok
13:39:45.0578 1928 ATI Smart (5f7412094e169f233415f21fe12eca07) C:\WINDOWS\system32\ati2sgag.exe
13:39:45.0625 1928 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
13:39:45.0625 1928 ATI Smart - detected UnsignedFile.Multi.Generic (1)
13:39:45.0765 1928 ati2mtag (3b23691e9eef04de3364d9271371bbde) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:39:45.0968 1928 ati2mtag - ok
13:39:46.0015 1928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:39:46.0140 1928 Atmarpc - ok
13:39:46.0171 1928 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
13:39:46.0281 1928 AudioSrv - ok
13:39:46.0312 1928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:39:46.0437 1928 audstub - ok
13:39:46.0546 1928 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:39:46.0562 1928 avgio - ok
13:39:46.0578 1928 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:39:46.0781 1928 avgntflt - ok
13:39:46.0906 1928 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:39:46.0921 1928 avipbb - ok
13:39:47.0000 1928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:39:47.0125 1928 Beep - ok
13:39:47.0171 1928 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
13:39:47.0312 1928 BITS - ok
13:39:47.0390 1928 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
13:39:47.0421 1928 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
13:39:47.0421 1928 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
13:39:47.0500 1928 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
13:39:47.0593 1928 Browser - ok
13:39:47.0671 1928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:39:47.0812 1928 cbidf2k - ok
13:39:47.0828 1928 cd20xrnt - ok
13:39:47.0875 1928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:39:48.0000 1928 Cdaudio - ok
13:39:48.0031 1928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:39:48.0125 1928 Cdfs - ok
13:39:48.0156 1928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:39:48.0250 1928 Cdrom - ok
13:39:48.0265 1928 Changer - ok
13:39:48.0296 1928 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
13:39:48.0406 1928 CiSvc - ok
13:39:48.0453 1928 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
13:39:48.0562 1928 ClipSrv - ok
13:39:48.0718 1928 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:39:48.0765 1928 clr_optimization_v2.0.50727_32 - ok
13:39:48.0796 1928 CmdIde - ok
13:39:48.0843 1928 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:39:48.0968 1928 Compbatt - ok
13:39:48.0984 1928 COMSysApp - ok
13:39:49.0000 1928 Cpqarray - ok
13:39:49.0046 1928 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
13:39:49.0140 1928 CryptSvc - ok
13:39:49.0140 1928 dac2w2k - ok
13:39:49.0156 1928 dac960nt - ok
13:39:49.0218 1928 DcomLaunch (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
13:39:49.0281 1928 DcomLaunch - ok
13:39:49.0312 1928 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
13:39:49.0406 1928 Dhcp - ok
13:39:49.0453 1928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:39:49.0562 1928 Disk - ok
13:39:49.0562 1928 dmadmin - ok
13:39:49.0625 1928 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
13:39:49.0765 1928 dmboot - ok
13:39:49.0796 1928 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
13:39:49.0906 1928 dmio - ok
13:39:49.0953 1928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:39:50.0078 1928 dmload - ok
13:39:50.0109 1928 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
13:39:50.0218 1928 dmserver - ok
13:39:50.0265 1928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:39:50.0359 1928 DMusic - ok
13:39:50.0406 1928 Dnscache (1a1e59377fb6cacd711cc5073c4a7d79) C:\WINDOWS\System32\dnsrslvr.dll
13:39:50.0484 1928 Dnscache - ok
13:39:50.0531 1928 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
13:39:50.0640 1928 Dot3svc - ok
13:39:50.0656 1928 dpti2o - ok
13:39:50.0703 1928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:39:50.0796 1928 drmkaud - ok
13:39:50.0843 1928 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
13:39:50.0953 1928 EapHost - ok
13:39:51.0000 1928 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
13:39:51.0093 1928 ERSvc - ok
13:39:51.0140 1928 Eventlog (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
13:39:51.0171 1928 Eventlog - ok
13:39:51.0234 1928 EventSystem (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
13:39:51.0281 1928 EventSystem - ok
13:39:51.0328 1928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:39:51.0437 1928 Fastfat - ok
13:39:51.0468 1928 FastUserSwitchingCompatibility (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
13:39:51.0500 1928 FastUserSwitchingCompatibility - ok
13:39:51.0531 1928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:39:51.0625 1928 Fdc - ok
13:39:51.0656 1928 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
13:39:51.0750 1928 Fips - ok
13:39:51.0859 1928 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:39:51.0906 1928 FLEXnet Licensing Service - ok
13:39:52.0000 1928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:39:52.0093 1928 Flpydisk - ok
13:39:52.0125 1928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:39:52.0218 1928 FltMgr - ok
13:39:52.0390 1928 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:39:52.0406 1928 FontCache3.0.0.0 - ok
13:39:52.0468 1928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:39:52.0609 1928 Fs_Rec - ok
13:39:52.0640 1928 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:39:52.0765 1928 Ftdisk - ok
13:39:52.0812 1928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:39:52.0921 1928 Gpc - ok
13:39:52.0968 1928 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:39:53.0062 1928 helpsvc - ok
13:39:53.0109 1928 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
13:39:53.0203 1928 HidBatt - ok
13:39:53.0250 1928 HidServ (a3b9b4a68bc839ce5a264d5908092261) C:\WINDOWS\System32\hidserv.dll
13:39:53.0343 1928 HidServ - ok
13:39:53.0359 1928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:39:53.0453 1928 HidUsb - ok
13:39:53.0500 1928 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
13:39:53.0593 1928 hkmsvc - ok
13:39:53.0609 1928 hpn - ok
13:39:53.0656 1928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:39:53.0718 1928 HTTP - ok
13:39:53.0750 1928 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
13:39:53.0843 1928 HTTPFilter - ok
13:39:53.0859 1928 i2omgmt - ok
13:39:53.0890 1928 i2omp - ok
13:39:53.0937 1928 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:39:54.0031 1928 i8042prt - ok
13:39:54.0203 1928 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:39:54.0250 1928 idsvc - ok
13:39:54.0328 1928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:39:54.0421 1928 Imapi - ok
13:39:54.0468 1928 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
13:39:54.0562 1928 ImapiService - ok
13:39:54.0578 1928 ini910u - ok
13:39:54.0593 1928 IntelIde - ok
13:39:54.0625 1928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:39:54.0734 1928 Ip6Fw - ok
13:39:54.0796 1928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:39:54.0906 1928 IpFilterDriver - ok
13:39:54.0937 1928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:39:55.0046 1928 IpInIp - ok
13:39:55.0078 1928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:39:55.0171 1928 IpNat - ok
13:39:55.0187 1928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:39:55.0296 1928 IPSec - ok
13:39:55.0312 1928 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
13:39:55.0406 1928 irda - ok
13:39:55.0421 1928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:39:55.0531 1928 IRENUM - ok
13:39:55.0578 1928 Irmon (f9cb3a98b395a5e5cc36c65b3c41ad9c) C:\WINDOWS\System32\irmon.dll
13:39:55.0671 1928 Irmon - ok
13:39:55.0703 1928 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
13:39:55.0765 1928 irsir - ok
13:39:55.0812 1928 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:39:55.0921 1928 isapnp - ok
13:39:56.0015 1928 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
13:39:56.0031 1928 JavaQuickStarterService - ok
13:39:56.0093 1928 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:39:56.0187 1928 Kbdclass - ok
13:39:56.0218 1928 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:39:56.0312 1928 kbdhid - ok
13:39:56.0328 1928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:39:56.0421 1928 kmixer - ok
13:39:56.0468 1928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:39:56.0515 1928 KSecDD - ok
13:39:56.0562 1928 LanmanServer (1db8078a32e03ac8f5eb5e6dcac2aa34) C:\WINDOWS\System32\srvsvc.dll
13:39:56.0609 1928 LanmanServer - ok
13:39:56.0640 1928 LanmanWorkstation (ad54ead46d92f413be189aabc1c59490) C:\WINDOWS\System32\wkssvc.dll
13:39:56.0687 1928 LanmanWorkstation - ok
13:39:56.0703 1928 lbrtfdc - ok
13:39:56.0765 1928 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
13:39:56.0843 1928 LmHosts - ok
13:39:56.0890 1928 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
13:39:56.0984 1928 Messenger - ok
13:39:57.0093 1928 Microsoft SharePoint Workspace Audit Service - ok
13:39:57.0156 1928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:39:57.0281 1928 mnmdd - ok
13:39:57.0343 1928 mnmsrvc (d3a2870cd96cda7bcff3dc54f64087ad) C:\WINDOWS\system32\mnmsrvc.exe
13:39:57.0453 1928 mnmsrvc - ok
13:39:57.0500 1928 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
13:39:57.0609 1928 Modem - ok
13:39:57.0625 1928 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:39:57.0718 1928 Mouclass - ok
13:39:57.0765 1928 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:39:57.0890 1928 mouhid - ok
13:39:57.0906 1928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:39:58.0000 1928 MountMgr - ok
13:39:58.0015 1928 mraid35x - ok
13:39:58.0046 1928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:39:58.0140 1928 MRxDAV - ok
13:39:58.0187 1928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:39:58.0265 1928 MRxSmb - ok
13:39:58.0296 1928 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
13:39:58.0390 1928 MSDTC - ok
13:39:58.0484 1928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:39:58.0562 1928 Msfs - ok
13:39:58.0578 1928 MSIServer - ok
13:39:58.0593 1928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:39:58.0703 1928 MSKSSRV - ok
13:39:58.0718 1928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:39:58.0828 1928 MSPCLOCK - ok
13:39:58.0859 1928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:39:58.0953 1928 MSPQM - ok
13:39:58.0984 1928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:39:59.0078 1928 mssmbios - ok
13:39:59.0125 1928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:39:59.0156 1928 Mup - ok
13:39:59.0203 1928 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
13:39:59.0312 1928 napagent - ok
13:39:59.0375 1928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:39:59.0468 1928 NDIS - ok
13:39:59.0500 1928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:39:59.0546 1928 NdisTapi - ok
13:39:59.0562 1928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:39:59.0656 1928 Ndisuio - ok
13:39:59.0687 1928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:39:59.0796 1928 NdisWan - ok
13:39:59.0828 1928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:39:59.0843 1928 NDProxy - ok
13:39:59.0890 1928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:39:59.0984 1928 NetBIOS - ok
13:40:00.0046 1928 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
13:40:00.0140 1928 NetDDE - ok
13:40:00.0156 1928 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
13:40:00.0234 1928 NetDDEdsdm - ok
13:40:00.0265 1928 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:40:00.0343 1928 Netlogon - ok
13:40:00.0375 1928 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
13:40:00.0468 1928 Netman - ok
13:40:00.0609 1928 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:40:00.0640 1928 NetTcpPortSharing - ok
13:40:00.0703 1928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:40:00.0796 1928 NIC1394 - ok
13:40:00.0843 1928 Nla (6f5f546a92c7b6ae45db1d6910781eb0) C:\WINDOWS\System32\mswsock.dll
13:40:00.0875 1928 Nla - ok
13:40:00.0937 1928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:40:01.0031 1928 Npfs - ok
13:40:01.0062 1928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:40:01.0187 1928 Ntfs - ok
13:40:01.0234 1928 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:40:01.0328 1928 NtLmSsp - ok
13:40:01.0359 1928 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
13:40:01.0484 1928 NtmsSvc - ok
13:40:01.0515 1928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:40:01.0640 1928 Null - ok
13:40:01.0703 1928 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:40:01.0734 1928 NVENETFD - ok
13:40:01.0765 1928 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:40:01.0781 1928 nvnetbus - ok
13:40:01.0828 1928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:40:01.0953 1928 NwlnkFlt - ok
13:40:02.0000 1928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:40:02.0109 1928 NwlnkFwd - ok
13:40:02.0140 1928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:40:02.0250 1928 ohci1394 - ok
13:40:02.0343 1928 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
13:40:02.0343 1928 ose - ok
13:40:02.0531 1928 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:40:02.0796 1928 osppsvc - ok
13:40:02.0890 1928 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
13:40:02.0984 1928 Parport - ok
13:40:03.0015 1928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:40:03.0109 1928 PartMgr - ok
13:40:03.0156 1928 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
13:40:03.0265 1928 ParVdm - ok
13:40:03.0328 1928 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
13:40:03.0437 1928 PCI - ok
13:40:03.0437 1928 PCIDump - ok
13:40:03.0468 1928 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:40:03.0625 1928 PCIIde - ok
13:40:03.0656 1928 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:40:03.0765 1928 Pcmcia - ok
13:40:03.0812 1928 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
13:40:03.0828 1928 pcouffin ( UnsignedFile.Multi.Generic ) - warning
13:40:03.0828 1928 pcouffin - detected UnsignedFile.Multi.Generic (1)
13:40:03.0843 1928 PDCOMP - ok
13:40:03.0859 1928 PDFRAME - ok
13:40:03.0859 1928 PDRELI - ok
13:40:03.0875 1928 PDRFRAME - ok
13:40:03.0890 1928 perc2 - ok
13:40:03.0906 1928 perc2hib - ok
13:40:03.0968 1928 PlugPlay (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
13:40:04.0000 1928 PlugPlay - ok
13:40:04.0031 1928 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:40:04.0140 1928 PolicyAgent - ok
13:40:04.0171 1928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:40:04.0250 1928 PptpMiniport - ok
13:40:04.0281 1928 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
13:40:04.0375 1928 Processor - ok
13:40:04.0421 1928 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:40:04.0500 1928 ProtectedStorage - ok
13:40:04.0531 1928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:40:04.0640 1928 PSched - ok
13:40:04.0687 1928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:40:04.0828 1928 Ptilink - ok
13:40:04.0875 1928 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:40:04.0875 1928 PxHelp20 - ok
13:40:04.0890 1928 ql1080 - ok
13:40:04.0906 1928 Ql10wnt - ok
13:40:04.0921 1928 ql12160 - ok
13:40:04.0937 1928 ql1240 - ok
13:40:04.0937 1928 ql1280 - ok
13:40:05.0000 1928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:40:05.0125 1928 RasAcd - ok
13:40:05.0171 1928 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
13:40:05.0265 1928 RasAuto - ok
13:40:05.0296 1928 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
13:40:05.0359 1928 Rasirda - ok
13:40:05.0375 1928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:40:05.0468 1928 Rasl2tp - ok
13:40:05.0531 1928 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
13:40:05.0625 1928 RasMan - ok
13:40:05.0656 1928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:40:05.0750 1928 RasPppoe - ok
13:40:05.0796 1928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:40:05.0906 1928 Raspti - ok
13:40:05.0937 1928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:40:06.0031 1928 Rdbss - ok
13:40:06.0046 1928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:40:06.0156 1928 RDPCDD - ok
13:40:06.0218 1928 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
13:40:06.0234 1928 RDPWD - ok
13:40:06.0281 1928 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
13:40:06.0375 1928 RDSessMgr - ok
13:40:06.0406 1928 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:40:06.0500 1928 redbook - ok
13:40:06.0546 1928 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
13:40:06.0656 1928 RemoteAccess - ok
13:40:06.0687 1928 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
13:40:06.0781 1928 RpcLocator - ok
13:40:06.0828 1928 RpcSs (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
13:40:06.0875 1928 RpcSs - ok
13:40:06.0953 1928 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
13:40:07.0078 1928 RSVP - ok
13:40:07.0109 1928 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:40:07.0203 1928 SamSs - ok
13:40:07.0234 1928 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
13:40:07.0343 1928 SCardSvr - ok
13:40:07.0359 1928 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
13:40:07.0468 1928 Schedule - ok
13:40:07.0500 1928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:40:07.0593 1928 Secdrv - ok
13:40:07.0640 1928 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
13:40:07.0734 1928 seclogon - ok
13:40:07.0796 1928 SENS - ok
13:40:07.0828 1928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:40:07.0906 1928 serenum - ok
13:40:07.0921 1928 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
13:40:08.0000 1928 Serial - ok
13:40:08.0031 1928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:40:08.0125 1928 Sfloppy - ok
13:40:08.0187 1928 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
13:40:08.0312 1928 SharedAccess - ok
13:40:08.0343 1928 ShellHWDetection (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
13:40:08.0390 1928 ShellHWDetection - ok
13:40:08.0390 1928 Simbad - ok
13:40:08.0406 1928 Sparrow - ok
13:40:08.0468 1928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:40:08.0546 1928 splitter - ok
13:40:08.0593 1928 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:40:08.0625 1928 Spooler - ok
13:40:08.0687 1928 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
13:40:08.0765 1928 sr - ok
13:40:08.0812 1928 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
13:40:08.0906 1928 srservice - ok
13:40:08.0968 1928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:40:09.0000 1928 Srv - ok
13:40:09.0046 1928 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
13:40:09.0140 1928 SSDPSRV - ok
13:40:09.0187 1928 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:40:09.0187 1928 ssmdrv - ok
13:40:09.0234 1928 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
13:40:09.0328 1928 stisvc - ok
13:40:09.0375 1928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:40:09.0468 1928 swenum - ok
13:40:09.0500 1928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:40:09.0593 1928 swmidi - ok
13:40:09.0593 1928 SwPrv - ok
13:40:09.0625 1928 symc810 - ok
13:40:09.0640 1928 symc8xx - ok
13:40:09.0640 1928 sym_hi - ok
13:40:09.0656 1928 sym_u3 - ok
13:40:09.0687 1928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:40:09.0781 1928 sysaudio - ok
13:40:09.0828 1928 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
13:40:09.0921 1928 SysmonLog - ok
13:40:09.0937 1928 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
13:40:10.0031 1928 TapiSrv - ok
13:40:10.0093 1928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:40:10.0156 1928 Tcpip - ok
13:40:10.0218 1928 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:40:10.0234 1928 Tcpip6 - ok
13:40:10.0265 1928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:40:10.0359 1928 TDPIPE - ok
13:40:10.0390 1928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:40:10.0500 1928 TDTCP - ok
13:40:10.0531 1928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:40:10.0671 1928 TermDD - ok
13:40:10.0718 1928 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
13:40:10.0812 1928 TermService - ok
13:40:10.0843 1928 Themes (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
13:40:10.0859 1928 Themes - ok
13:40:10.0875 1928 TosIde - ok
13:40:10.0921 1928 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
13:40:11.0015 1928 TrkWks - ok
13:40:11.0062 1928 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:40:11.0156 1928 tunmp - ok
13:40:11.0203 1928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:40:11.0296 1928 Udfs - ok
13:40:11.0312 1928 ultra - ok
13:40:11.0359 1928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:40:11.0453 1928 Update - ok
13:40:11.0484 1928 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
13:40:11.0578 1928 upnphost - ok
13:40:11.0609 1928 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
13:40:11.0718 1928 UPS - ok
13:40:11.0765 1928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:40:11.0859 1928 usbccgp - ok
13:40:11.0875 1928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:40:11.0968 1928 usbehci - ok
13:40:12.0000 1928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:40:12.0078 1928 usbhub - ok
13:40:12.0109 1928 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:40:12.0203 1928 usbohci - ok
13:40:12.0218 1928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:40:12.0296 1928 usbprint - ok
13:40:12.0328 1928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:40:12.0421 1928 usbscan - ok
13:40:12.0437 1928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:40:12.0546 1928 USBSTOR - ok
13:40:12.0578 1928 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:40:12.0671 1928 usb_rndisx - ok
13:40:12.0703 1928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:40:12.0796 1928 VgaSave - ok
13:40:12.0796 1928 ViaIde - ok
13:40:12.0828 1928 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
13:40:12.0906 1928 VolSnap - ok
13:40:12.0953 1928 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
13:40:13.0046 1928 VSS - ok
13:40:13.0078 1928 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
13:40:13.0171 1928 W32Time - ok
13:40:13.0218 1928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:40:13.0312 1928 Wanarp - ok
13:40:13.0328 1928 WDICA - ok
13:40:13.0343 1928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:40:13.0437 1928 wdmaud - ok
13:40:13.0500 1928 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
13:40:13.0578 1928 WebClient - ok
13:40:13.0671 1928 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:40:13.0765 1928 winmgmt - ok
13:40:13.0812 1928 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
13:40:13.0843 1928 WmdmPmSN - ok
13:40:13.0921 1928 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:40:14.0031 1928 WmiApSrv - ok
13:40:14.0062 1928 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
13:40:14.0078 1928 WpdUsb - ok
13:40:14.0109 1928 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
13:40:14.0203 1928 wuauserv - ok
13:40:14.0234 1928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:40:14.0296 1928 WudfPf - ok
13:40:14.0343 1928 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:40:14.0359 1928 WudfRd - ok
13:40:14.0406 1928 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:40:14.0406 1928 WudfSvc - ok
13:40:14.0468 1928 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
13:40:14.0578 1928 WZCSVC - ok
13:40:14.0640 1928 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
13:40:14.0734 1928 xmlprov - ok
13:40:14.0781 1928 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
13:40:14.0890 1928 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:40:14.0890 1928 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:40:14.0906 1928 Boot (0x1200) (88f7a9d8edf3be722af5eeac8ef66511) \Device\Harddisk0\DR0\Partition0
13:40:14.0906 1928 \Device\Harddisk0\DR0\Partition0 - ok
13:40:14.0906 1928 ============================================================
13:40:14.0906 1928 Scan finished
13:40:14.0906 1928 ============================================================
13:40:15.0031 0944 Detected object count: 5
13:40:15.0031 0944 Actual detected object count: 5
13:40:24.0812 0944 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:40:24.0812 0944 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:40:24.0812 0944 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
13:40:24.0812 0944 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:40:24.0812 0944 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:40:24.0812 0944 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:40:24.0812 0944 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
13:40:24.0812 0944 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:40:24.0828 0944 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:40:24.0828 0944 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
0
Réponse 3 / 26
Utilisateur anonyme
Modifié par nanard4700 le 27/03/2012 à 14:48
Bonjour


Tu as le rapport de Antizeroaccess??

Poster le rapport AntiZeroAccess_Log.txt sur le forum.
Ce fichier est enregistré dans le même emplacement que le programme AntiZeroAccess.
********************************************
Le cerveau a des capacités tellement étonnantes qu'aujourd'hui pratiquement tout le monde en a un.
0
Réponse 4 / 26
hibou31 Messages postés 9 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 22 septembre 2012 1
27 mars 2012 à 15:39
Salut

Voila le rapport antizeroaccess

Webroot AntiZeroAccess 0.8 Log File
Execution time: 27/03/2012 - 13:43
Host operation System: Windows Xp X86 version 5.1.2600 Service Pack 3
13:43:30 - CheckSystem - Begin to check system...
13:43:30 - OpenRootDrive - Opening system root volume and physical drive....
13:43:30 - C Root Drive: Disk number: 0 Start sector: 0x0000003F Partition Size: 0x12A14BC1 sectors.
13:43:30 - PrevX Main driver extracted in "C:\WINDOWS\system32\drivers\ZeroAccess.sys".
13:43:31 - InstallAndStartDriver - Main driver was installed and now is running.
13:43:31 - CheckSystem - Disk class driver state is OK.
13:43:34 - StopAndRemoveDriver - AntiZeroAccess Driver is stopped and removed.
13:43:34 - StopAndRemoveDriver - File "ZeroAccess.sys" was deleted!
13:43:34 - Execution Ended!


Merci de s occuper de mon cas, j'étais en train de penser a formater mon disque dur et repartir a zero.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
hibou31 Messages postés 9 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 22 septembre 2012 1
27 mars 2012 à 15:42
J ai le rapport hijackthis aussi si ca t interesse.
Je l ai fait analyser sur le site de malekal, mais l analyse autonome n a rien détecté de dangereux.
0
Réponse 6 / 26
Utilisateur anonyme
27 mars 2012 à 16:54
/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection (Antivirus, Antispywares) /!\

* Télécharge combofix(de sUBs) sur ton Bureau.
* Double-clique sur ComboFix.exe afin de le lancer.
* Il va te demander d'installer la console de récupération : accepte. (important en cas de problème)
/!\ Ne touche ni à la souris, ni au clavier durant le scan /!\
* Lorsque la recherche sera terminée, un rapport apparaîtra.
* Héberge le rapport C:\Combofix.txt sur le site pjjoint.malekal.com ou cijoint.fr ou toofiles puis copie/colle le lien fournit dans ta prochaine réponse sur le forum
#Si combofix ne veut pas se lancer renommes le en ccm.exe et éxécutes le en mode sans échec .
Tutoriel officiel de Combofix : Tuto Combofix
0
Réponse 7 / 26
hibou31
27 mars 2012 à 18:30
Voila le lien demandé

http://pjjoint.malekal.com/files.php?id=20120327_f9d14u11e5y13

Toutefois, j ai désactivé les antivirus pour lancer combofix mais il m'a signalé qu'Antivir destock fonctionnait toujours. J arrivais à le désactiver mais pas à l arrêter. J ai lancé Combofix quand même.
0
Réponse 8 / 26
Utilisateur anonyme
27 mars 2012 à 18:50
/!\ ATTENTION /!\
Le script qui suit a été écrit spécialement pour hibou31 , il n'est pas transposable sur un autre ordinateur !
* Télécharge ce dossier:
====> hibou31.zip <====
* Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
* Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau et pas ailleurs.
* Désactive tes logiciels de protection
* Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe
comme ceci :http://img155.imageshack.us/img155/4837/cfscriptop0.gif
* Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal !
/!\ Ne touche ni à la souris, ni au clavier durant le scan /!\
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici ? C:\ComboFix.txt
0
Réponse 9 / 26
hibou31
27 mars 2012 à 19:20
Et voila le rapport Combofix:



ComboFix 12-03-27.02 - Ordinateur 27/03/2012 19:01:30.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.450 [GMT 2:00]
Lancé depuis: c:\documents and settings\Ordinateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Ordinateur\Bureau\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-27 au 2012-03-27 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-26 19:28 . 2008-04-14 02:33 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-03-18 23:29 . 2012-03-18 23:29 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 23:29 . 2012-03-18 23:29 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-03-15 20:21 . 2012-03-15 20:21 -------- d-----w- c:\program files\Winamax Poker
2012-03-09 16:09 . 2012-03-09 16:09 -------- d-----w- c:\program files\FreeTime
2012-03-08 14:28 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-03-08 14:24 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-03-08 14:21 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-03-08 14:19 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-03-08 14:19 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-03-08 14:18 . 2011-12-19 08:54 449536 -c----w- c:\windows\system32\dllcache\mshtmled.dll
2012-03-08 14:18 . 2011-12-19 08:54 37888 -c----w- c:\windows\system32\dllcache\url.dll
2012-03-08 14:18 . 2011-12-19 08:54 532480 -c----w- c:\windows\system32\dllcache\mstime.dll
2012-03-08 14:13 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
2012-03-08 14:13 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-03-08 14:13 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-03-08 14:13 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-03-08 14:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-03-07 16:54 . 2012-03-07 16:54 -------- d-----w- c:\windows\system32\bits
2012-03-07 16:45 . 2012-03-07 16:45 -------- d-----w- c:\windows\EHome
2012-03-07 16:32 . 2012-03-07 16:32 -------- d-----w- c:\windows\system32\wbem\Repository
2012-03-07 16:26 . 2012-03-07 16:32 -------- d-s---w- c:\documents and settings\Administrateur
2012-03-05 23:04 . 2012-03-05 23:04 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-03-05 23:04 . 2012-03-05 23:04 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-03-05 23:04 . 2012-03-05 23:04 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-03 09:58 . 2004-08-05 12:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2010-10-07 08:27 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-18 23:29 . 2011-12-21 12:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-27_16.07.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-27 17:09 . 2012-03-27 17:09 16384 c:\windows\temp\Perflib_Perfdata_71c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-17 281768]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS4ServiceManager"="c:\program files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\AutorunsDisabled
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Artlantis Studio 3\\ArtlantisStudio.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 18:07 759048]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [12/10/2010 18:29 136360]
S3 Hkmhtte;Hkmhtte; [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [07/11/2010 23:34 47360]
S4 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 06:46 284016]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ajouter la cible du lien à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Ajouter à un fichier PDF existant - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien au format Adobe PDF - c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{90EAE591-7E7E-434a-8E28-ECFD00071806} - c:\program files\PokerStars.FR\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E48CE618-7A6B-4558-8585-839510F2C0E2}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Ordinateur\Application Data\Mozilla\Firefox\Profiles\fouor0we.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 19:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1760)
c:\progra~1\FICHIE~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1036\GrooveIntlResource.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Heure de fin: 2012-03-27 19:14:59 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-27 17:14
ComboFix2.txt 2012-03-27 16:12
.
Avant-CF: 87 935 029 248 octets libres
Après-CF: 87 917 326 336 octets libres
.
- - End Of File - - CE613E97D0F11EDB55B97B3913663FEE
0
Réponse 10 / 26
Utilisateur anonyme
27 mars 2012 à 19:38
Normalement zeroaccess a disparu.

relances tdsskiller et postes son rapport.

D'autres problémes?
0
Réponse 11 / 26
hibou31
27 mars 2012 à 19:59
Voila le rapport TDSSKiller


19:52:01.0546 3320 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:52:03.0546 3320 ============================================================
19:52:03.0546 3320 Current date / time: 2012/03/27 19:52:03.0546
19:52:03.0546 3320 SystemInfo:
19:52:03.0546 3320
19:52:03.0546 3320 OS Version: 5.1.2600 ServicePack: 3.0
19:52:03.0546 3320 Product type: Workstation
19:52:03.0546 3320 ComputerName: MAT
19:52:03.0546 3320 UserName: Ordinateur
19:52:03.0546 3320 Windows directory: C:\WINDOWS
19:52:03.0546 3320 System windows directory: C:\WINDOWS
19:52:03.0546 3320 Processor architecture: Intel x86
19:52:03.0546 3320 Number of processors: 1
19:52:03.0546 3320 Page size: 0x1000
19:52:03.0546 3320 Boot type: Normal boot
19:52:03.0546 3320 ============================================================
19:52:05.0031 3320 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:52:05.0046 3320 \Device\Harddisk0\DR0:
19:52:05.0046 3320 MBR used
19:52:05.0046 3320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
19:52:05.0187 3320 Initialize success
19:52:05.0187 3320 ============================================================
19:52:13.0359 3936 ============================================================
19:52:13.0359 3936 Scan started
19:52:13.0359 3936 Mode: Manual; SigCheck; TDLFS;
19:52:13.0359 3936 ============================================================
19:52:13.0484 3936 6to4 (67927e41a89e6127836152417c5d4fcf) C:\WINDOWS\System32\6to4svc.dll
19:52:13.0781 3936 6to4 - ok
19:52:13.0875 3936 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Fichiers communs\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:52:13.0921 3936 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:52:13.0984 3936 Abiosdsk - ok
19:52:14.0000 3936 abp480n5 - ok
19:52:14.0046 3936 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:52:14.0562 3936 ACPI - ok
19:52:14.0656 3936 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:52:14.0765 3936 ACPIEC - ok
19:52:14.0796 3936 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
19:52:14.0812 3936 adfs - ok
19:52:14.0875 3936 Adobe LM Service (d01dd9e6a7dfe540181147a38b13f43a) C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
19:52:14.0890 3936 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
19:52:14.0890 3936 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
19:52:14.0984 3936 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Fichiers communs\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
19:52:15.0000 3936 Adobe Version Cue CS4 - ok
19:52:15.0046 3936 adpu160m - ok
19:52:15.0093 3936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:52:15.0187 3936 aec - ok
19:52:15.0234 3936 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:52:15.0281 3936 AFD - ok
19:52:15.0296 3936 Aha154x - ok
19:52:15.0296 3936 aic78u2 - ok
19:52:15.0312 3936 aic78xx - ok
19:52:15.0453 3936 ALCXWDM (34149a136b2b7525113950233f259ec1) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
19:52:15.0671 3936 ALCXWDM - ok
19:52:15.0703 3936 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
19:52:15.0812 3936 Alerter - ok
19:52:15.0828 3936 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
19:52:15.0921 3936 ALG - ok
19:52:15.0953 3936 AliIde - ok
19:52:15.0953 3936 amsint - ok
19:52:16.0046 3936 AntiVirSchedulerService (a5bcbaf0477c4869b67e0195aea4a9cd) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:52:16.0046 3936 AntiVirSchedulerService - ok
19:52:16.0062 3936 AntiVirService (3cce4afa4aacdb28e01a148394212186) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:52:16.0078 3936 AntiVirService - ok
19:52:16.0109 3936 AppMgmt - ok
19:52:16.0171 3936 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:52:16.0281 3936 Arp1394 - ok
19:52:16.0296 3936 asc - ok
19:52:16.0328 3936 asc3350p - ok
19:52:16.0328 3936 asc3550 - ok
19:52:16.0421 3936 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:52:16.0421 3936 aspnet_state - ok
19:52:16.0437 3936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:52:16.0546 3936 AsyncMac - ok
19:52:16.0562 3936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:52:16.0671 3936 atapi - ok
19:52:16.0687 3936 Atdisk - ok
19:52:16.0734 3936 Ati HotKey Poller (3c94e4e7983eff03e7e128325891ea80) C:\WINDOWS\system32\Ati2evxx.exe
19:52:16.0796 3936 Ati HotKey Poller - ok
19:52:16.0843 3936 ATI Smart (5f7412094e169f233415f21fe12eca07) C:\WINDOWS\system32\ati2sgag.exe
19:52:16.0890 3936 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
19:52:16.0890 3936 ATI Smart - detected UnsignedFile.Multi.Generic (1)
19:52:17.0000 3936 ati2mtag (3b23691e9eef04de3364d9271371bbde) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
19:52:17.0171 3936 ati2mtag - ok
19:52:17.0187 3936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:52:17.0296 3936 Atmarpc - ok
19:52:17.0328 3936 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
19:52:17.0437 3936 AudioSrv - ok
19:52:17.0468 3936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:52:17.0578 3936 audstub - ok
19:52:17.0656 3936 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:52:17.0656 3936 avgio - ok
19:52:17.0671 3936 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:52:17.0796 3936 avgntflt - ok
19:52:17.0890 3936 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:52:17.0906 3936 avipbb - ok
19:52:17.0953 3936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:52:18.0078 3936 Beep - ok
19:52:18.0140 3936 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
19:52:18.0265 3936 BITS - ok
19:52:18.0328 3936 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files\Bonjour\mDNSResponder.exe
19:52:18.0343 3936 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
19:52:18.0343 3936 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
19:52:18.0375 3936 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
19:52:18.0484 3936 Browser - ok
19:52:18.0484 3936 catchme - ok
19:52:18.0546 3936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:52:18.0671 3936 cbidf2k - ok
19:52:18.0687 3936 cd20xrnt - ok
19:52:18.0718 3936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:52:18.0843 3936 Cdaudio - ok
19:52:18.0875 3936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:52:18.0968 3936 Cdfs - ok
19:52:18.0984 3936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:52:19.0078 3936 Cdrom - ok
19:52:19.0093 3936 Changer - ok
19:52:19.0125 3936 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
19:52:19.0218 3936 CiSvc - ok
19:52:19.0234 3936 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
19:52:19.0312 3936 ClipSrv - ok
19:52:19.0390 3936 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:52:19.0390 3936 clr_optimization_v2.0.50727_32 - ok
19:52:19.0406 3936 CmdIde - ok
19:52:19.0437 3936 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:52:19.0531 3936 Compbatt - ok
19:52:19.0546 3936 COMSysApp - ok
19:52:19.0562 3936 Cpqarray - ok
19:52:19.0609 3936 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
19:52:19.0703 3936 CryptSvc - ok
19:52:19.0718 3936 dac2w2k - ok
19:52:19.0734 3936 dac960nt - ok
19:52:19.0781 3936 DcomLaunch (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
19:52:19.0859 3936 DcomLaunch - ok
19:52:19.0890 3936 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
19:52:20.0000 3936 Dhcp - ok
19:52:20.0031 3936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:52:20.0125 3936 Disk - ok
19:52:20.0140 3936 dmadmin - ok
19:52:20.0187 3936 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
19:52:20.0328 3936 dmboot - ok
19:52:20.0359 3936 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
19:52:20.0468 3936 dmio - ok
19:52:20.0515 3936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:52:20.0656 3936 dmload - ok
19:52:20.0687 3936 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
19:52:20.0781 3936 dmserver - ok
19:52:20.0812 3936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:52:20.0921 3936 DMusic - ok
19:52:20.0937 3936 Dnscache (1a1e59377fb6cacd711cc5073c4a7d79) C:\WINDOWS\System32\dnsrslvr.dll
19:52:21.0031 3936 Dnscache - ok
19:52:21.0078 3936 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
19:52:21.0187 3936 Dot3svc - ok
19:52:21.0218 3936 dpti2o - ok
19:52:21.0265 3936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:52:21.0359 3936 drmkaud - ok
19:52:21.0390 3936 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
19:52:21.0484 3936 EapHost - ok
19:52:21.0531 3936 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
19:52:21.0625 3936 ERSvc - ok
19:52:21.0671 3936 Eventlog (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
19:52:21.0703 3936 Eventlog - ok
19:52:21.0734 3936 EventSystem (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
19:52:21.0796 3936 EventSystem - ok
19:52:21.0859 3936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:52:21.0953 3936 Fastfat - ok
19:52:21.0984 3936 FastUserSwitchingCompatibility (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
19:52:22.0015 3936 FastUserSwitchingCompatibility - ok
19:52:22.0046 3936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:52:22.0156 3936 Fdc - ok
19:52:22.0171 3936 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
19:52:22.0250 3936 Fips - ok
19:52:22.0343 3936 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:52:22.0375 3936 FLEXnet Licensing Service - ok
19:52:22.0406 3936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:52:22.0500 3936 Flpydisk - ok
19:52:22.0546 3936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:52:22.0640 3936 FltMgr - ok
19:52:22.0734 3936 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:52:22.0734 3936 FontCache3.0.0.0 - ok
19:52:22.0765 3936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:52:22.0890 3936 Fs_Rec - ok
19:52:22.0921 3936 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:52:23.0046 3936 Ftdisk - ok
19:52:23.0078 3936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:52:23.0187 3936 Gpc - ok
19:52:23.0234 3936 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:52:23.0328 3936 helpsvc - ok
19:52:23.0359 3936 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
19:52:23.0453 3936 HidBatt - ok
19:52:23.0484 3936 HidServ (a3b9b4a68bc839ce5a264d5908092261) C:\WINDOWS\System32\hidserv.dll
19:52:23.0578 3936 HidServ - ok
19:52:23.0593 3936 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:52:23.0687 3936 HidUsb - ok
19:52:23.0718 3936 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
19:52:23.0828 3936 hkmsvc - ok
19:52:23.0843 3936 hpn - ok
19:52:23.0875 3936 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:52:23.0921 3936 HTTP - ok
19:52:23.0968 3936 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
19:52:24.0062 3936 HTTPFilter - ok
19:52:24.0078 3936 i2omgmt - ok
19:52:24.0093 3936 i2omp - ok
19:52:24.0125 3936 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:52:24.0218 3936 i8042prt - ok
19:52:24.0328 3936 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:52:24.0375 3936 idsvc - ok
19:52:24.0406 3936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:52:24.0500 3936 Imapi - ok
19:52:24.0531 3936 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
19:52:24.0625 3936 ImapiService - ok
19:52:24.0640 3936 ini910u - ok
19:52:24.0671 3936 IntelIde - ok
19:52:24.0687 3936 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:52:24.0781 3936 Ip6Fw - ok
19:52:24.0812 3936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:52:24.0937 3936 IpFilterDriver - ok
19:52:24.0953 3936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:52:25.0046 3936 IpInIp - ok
19:52:25.0062 3936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:52:25.0156 3936 IpNat - ok
19:52:25.0171 3936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:52:25.0265 3936 IPSec - ok
19:52:25.0296 3936 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
19:52:25.0390 3936 irda - ok
19:52:25.0406 3936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:52:25.0500 3936 IRENUM - ok
19:52:25.0531 3936 Irmon (f9cb3a98b395a5e5cc36c65b3c41ad9c) C:\WINDOWS\System32\irmon.dll
19:52:25.0625 3936 Irmon - ok
19:52:25.0656 3936 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
19:52:25.0703 3936 irsir - ok
19:52:25.0750 3936 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:52:25.0843 3936 isapnp - ok
19:52:25.0906 3936 JavaQuickStarterService (e731921db2e17dcd3db472fad5549c57) C:\Program Files\Java\jre6\bin\jqs.exe
19:52:25.0921 3936 JavaQuickStarterService - ok
19:52:25.0937 3936 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:52:26.0031 3936 Kbdclass - ok
19:52:26.0046 3936 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:52:26.0140 3936 kbdhid - ok
19:52:26.0171 3936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:52:26.0265 3936 kmixer - ok
19:52:26.0312 3936 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:52:26.0359 3936 KSecDD - ok
19:52:26.0406 3936 LanmanServer (1db8078a32e03ac8f5eb5e6dcac2aa34) C:\WINDOWS\System32\srvsvc.dll
19:52:26.0437 3936 LanmanServer - ok
19:52:26.0484 3936 LanmanWorkstation (ad54ead46d92f413be189aabc1c59490) C:\WINDOWS\System32\wkssvc.dll
19:52:26.0515 3936 LanmanWorkstation - ok
19:52:26.0546 3936 lbrtfdc - ok
19:52:26.0593 3936 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
19:52:26.0703 3936 LmHosts - ok
19:52:26.0718 3936 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
19:52:26.0812 3936 Messenger - ok
19:52:26.0875 3936 Microsoft SharePoint Workspace Audit Service - ok
19:52:26.0921 3936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:52:27.0031 3936 mnmdd - ok
19:52:27.0062 3936 mnmsrvc (d3a2870cd96cda7bcff3dc54f64087ad) C:\WINDOWS\system32\mnmsrvc.exe
19:52:27.0156 3936 mnmsrvc - ok
19:52:27.0203 3936 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
19:52:27.0296 3936 Modem - ok
19:52:27.0312 3936 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:52:27.0406 3936 Mouclass - ok
19:52:27.0437 3936 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:52:27.0546 3936 mouhid - ok
19:52:27.0578 3936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:52:27.0671 3936 MountMgr - ok
19:52:27.0687 3936 mraid35x - ok
19:52:27.0703 3936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:52:27.0796 3936 MRxDAV - ok
19:52:27.0828 3936 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:52:27.0875 3936 MRxSmb - ok
19:52:27.0906 3936 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
19:52:28.0015 3936 MSDTC - ok
19:52:28.0046 3936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:52:28.0140 3936 Msfs - ok
19:52:28.0156 3936 MSIServer - ok
19:52:28.0171 3936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:52:28.0265 3936 MSKSSRV - ok
19:52:28.0281 3936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:52:28.0375 3936 MSPCLOCK - ok
19:52:28.0390 3936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:52:28.0484 3936 MSPQM - ok
19:52:28.0500 3936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:52:28.0593 3936 mssmbios - ok
19:52:28.0625 3936 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:52:28.0656 3936 Mup - ok
19:52:28.0703 3936 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
19:52:28.0812 3936 napagent - ok
19:52:28.0843 3936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:52:28.0953 3936 NDIS - ok
19:52:28.0984 3936 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:52:29.0015 3936 NdisTapi - ok
19:52:29.0031 3936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:52:29.0125 3936 Ndisuio - ok
19:52:29.0140 3936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:52:29.0234 3936 NdisWan - ok
19:52:29.0265 3936 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:52:29.0296 3936 NDProxy - ok
19:52:29.0328 3936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:52:29.0421 3936 NetBIOS - ok
19:52:29.0453 3936 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:52:29.0562 3936 NetBT - ok
19:52:29.0609 3936 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
19:52:29.0703 3936 NetDDE - ok
19:52:29.0703 3936 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
19:52:29.0796 3936 NetDDEdsdm - ok
19:52:29.0812 3936 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
19:52:29.0906 3936 Netlogon - ok
19:52:29.0953 3936 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
19:52:30.0046 3936 Netman - ok
19:52:30.0140 3936 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:52:30.0156 3936 NetTcpPortSharing - ok
19:52:30.0218 3936 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:52:30.0296 3936 NIC1394 - ok
19:52:30.0343 3936 Nla (6f5f546a92c7b6ae45db1d6910781eb0) C:\WINDOWS\System32\mswsock.dll
19:52:30.0375 3936 Nla - ok
19:52:30.0406 3936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:52:30.0500 3936 Npfs - ok
19:52:30.0546 3936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:52:30.0656 3936 Ntfs - ok
19:52:30.0687 3936 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
19:52:30.0781 3936 NtLmSsp - ok
19:52:30.0828 3936 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
19:52:30.0953 3936 NtmsSvc - ok
19:52:31.0015 3936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:52:31.0125 3936 Null - ok
19:52:31.0156 3936 NVENETFD (a545df28f75bcb109a3aadbb07552b12) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:52:31.0218 3936 NVENETFD - ok
19:52:31.0265 3936 nvnetbus (ea41f641420f3d8271804d287c1ef461) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:52:31.0296 3936 nvnetbus - ok
19:52:31.0343 3936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:52:31.0468 3936 NwlnkFlt - ok
19:52:31.0484 3936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:52:31.0609 3936 NwlnkFwd - ok
19:52:31.0656 3936 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:52:31.0750 3936 ohci1394 - ok
19:52:31.0812 3936 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
19:52:31.0812 3936 ose - ok
19:52:31.0968 3936 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Fichiers communs\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:52:32.0171 3936 osppsvc - ok
19:52:32.0265 3936 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
19:52:32.0359 3936 Parport - ok
19:52:32.0390 3936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:52:32.0484 3936 PartMgr - ok
19:52:32.0500 3936 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
19:52:32.0625 3936 ParVdm - ok
19:52:32.0640 3936 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
19:52:32.0734 3936 PCI - ok
19:52:32.0750 3936 PCIDump - ok
19:52:32.0765 3936 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:52:32.0890 3936 PCIIde - ok
19:52:32.0921 3936 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:52:33.0015 3936 Pcmcia - ok
19:52:33.0046 3936 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
19:52:33.0062 3936 pcouffin ( UnsignedFile.Multi.Generic ) - warning
19:52:33.0062 3936 pcouffin - detected UnsignedFile.Multi.Generic (1)
19:52:33.0062 3936 PDCOMP - ok
19:52:33.0078 3936 PDFRAME - ok
19:52:33.0093 3936 PDRELI - ok
19:52:33.0109 3936 PDRFRAME - ok
19:52:33.0125 3936 perc2 - ok
19:52:33.0140 3936 perc2hib - ok
19:52:33.0187 3936 PlugPlay (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
19:52:33.0218 3936 PlugPlay - ok
19:52:33.0234 3936 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
19:52:33.0312 3936 PolicyAgent - ok
19:52:33.0359 3936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:52:33.0437 3936 PptpMiniport - ok
19:52:33.0453 3936 Processor (e19c9632ac828f6f214391e2bdda11cb) C:\WINDOWS\system32\DRIVERS\processr.sys
19:52:33.0546 3936 Processor - ok
19:52:33.0578 3936 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
19:52:33.0656 3936 ProtectedStorage - ok
19:52:33.0671 3936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:52:33.0781 3936 PSched - ok
19:52:33.0796 3936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:52:33.0921 3936 Ptilink - ok
19:52:33.0968 3936 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:52:33.0968 3936 PxHelp20 - ok
19:52:33.0984 3936 ql1080 - ok
19:52:34.0000 3936 Ql10wnt - ok
19:52:34.0015 3936 ql12160 - ok
19:52:34.0031 3936 ql1240 - ok
19:52:34.0031 3936 ql1280 - ok
19:52:34.0078 3936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:52:34.0203 3936 RasAcd - ok
19:52:34.0234 3936 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
19:52:34.0343 3936 RasAuto - ok
19:52:34.0375 3936 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:52:34.0421 3936 Rasirda - ok
19:52:34.0453 3936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:52:34.0546 3936 Rasl2tp - ok
19:52:34.0593 3936 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
19:52:34.0703 3936 RasMan - ok
19:52:34.0703 3936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:52:34.0812 3936 RasPppoe - ok
19:52:34.0843 3936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:52:34.0968 3936 Raspti - ok
19:52:34.0984 3936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:52:35.0093 3936 Rdbss - ok
19:52:35.0109 3936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:52:35.0234 3936 RDPCDD - ok
19:52:35.0281 3936 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
19:52:35.0343 3936 RDPWD - ok
19:52:35.0375 3936 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
19:52:35.0468 3936 RDSessMgr - ok
19:52:35.0500 3936 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:52:35.0593 3936 redbook - ok
19:52:35.0625 3936 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
19:52:35.0718 3936 RemoteAccess - ok
19:52:35.0750 3936 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
19:52:35.0828 3936 RpcLocator - ok
19:52:35.0875 3936 RpcSs (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\System32\rpcss.dll
19:52:35.0937 3936 RpcSs - ok
19:52:35.0984 3936 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
19:52:36.0109 3936 RSVP - ok
19:52:36.0125 3936 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
19:52:36.0218 3936 SamSs - ok
19:52:36.0234 3936 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
19:52:36.0328 3936 SCardSvr - ok
19:52:36.0359 3936 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
19:52:36.0453 3936 Schedule - ok
19:52:36.0500 3936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:52:36.0593 3936 Secdrv - ok
19:52:36.0625 3936 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
19:52:36.0718 3936 seclogon - ok
19:52:36.0734 3936 SENS (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
19:52:36.0828 3936 SENS - ok
19:52:36.0875 3936 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:52:36.0968 3936 serenum - ok
19:52:36.0984 3936 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
19:52:37.0062 3936 Serial - ok
19:52:37.0093 3936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:52:37.0171 3936 Sfloppy - ok
19:52:37.0218 3936 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
19:52:37.0328 3936 SharedAccess - ok
19:52:37.0359 3936 ShellHWDetection (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
19:52:37.0375 3936 ShellHWDetection - ok
19:52:37.0406 3936 Simbad - ok
19:52:37.0421 3936 Sparrow - ok
19:52:37.0468 3936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:52:37.0562 3936 splitter - ok
19:52:37.0593 3936 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
19:52:37.0640 3936 Spooler - ok
19:52:37.0656 3936 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
19:52:37.0750 3936 sr - ok
19:52:37.0796 3936 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
19:52:37.0890 3936 srservice - ok
19:52:37.0953 3936 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:52:38.0000 3936 Srv - ok
19:52:38.0031 3936 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
19:52:38.0125 3936 SSDPSRV - ok
19:52:38.0171 3936 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:52:38.0187 3936 ssmdrv - ok
19:52:38.0218 3936 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
19:52:38.0328 3936 stisvc - ok
19:52:38.0359 3936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:52:38.0437 3936 swenum - ok
19:52:38.0453 3936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:52:38.0546 3936 swmidi - ok
19:52:38.0562 3936 SwPrv - ok
19:52:38.0593 3936 symc810 - ok
19:52:38.0625 3936 symc8xx - ok
19:52:38.0640 3936 sym_hi - ok
19:52:38.0640 3936 sym_u3 - ok
19:52:38.0671 3936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:52:38.0765 3936 sysaudio - ok
19:52:38.0796 3936 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
19:52:38.0875 3936 SysmonLog - ok
19:52:38.0906 3936 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
19:52:39.0000 3936 TapiSrv - ok
19:52:39.0062 3936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:52:39.0093 3936 Tcpip - ok
19:52:39.0125 3936 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:52:39.0140 3936 Tcpip6 - ok
19:52:39.0156 3936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:52:39.0250 3936 TDPIPE - ok
19:52:39.0281 3936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:52:39.0375 3936 TDTCP - ok
19:52:39.0390 3936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:52:39.0484 3936 TermDD - ok
19:52:39.0531 3936 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
19:52:39.0640 3936 TermService - ok
19:52:39.0671 3936 Themes (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
19:52:39.0671 3936 Themes - ok
19:52:39.0703 3936 TosIde - ok
19:52:39.0734 3936 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
19:52:39.0828 3936 TrkWks - ok
19:52:39.0859 3936 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:52:39.0953 3936 tunmp - ok
19:52:39.0968 3936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:52:40.0062 3936 Udfs - ok
19:52:40.0078 3936 ultra - ok
19:52:40.0109 3936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:52:40.0203 3936 Update - ok
19:52:40.0218 3936 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
19:52:40.0328 3936 upnphost - ok
19:52:40.0343 3936 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
19:52:40.0437 3936 UPS - ok
19:52:40.0468 3936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:52:40.0562 3936 usbccgp - ok
19:52:40.0593 3936 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:52:40.0671 3936 usbehci - ok
19:52:40.0890 3936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:52:40.0984 3936 usbhub - ok
19:52:41.0031 3936 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:52:41.0109 3936 usbohci - ok
19:52:41.0156 3936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:52:41.0234 3936 usbprint - ok
19:52:41.0296 3936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:52:41.0390 3936 usbscan - ok
19:52:41.0421 3936 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:52:41.0531 3936 USBSTOR - ok
19:52:41.0562 3936 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
19:52:41.0656 3936 usb_rndisx - ok
19:52:41.0687 3936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:52:41.0781 3936 VgaSave - ok
19:52:41.0796 3936 ViaIde - ok
19:52:41.0828 3936 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
19:52:41.0921 3936 VolSnap - ok
19:52:41.0968 3936 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
19:52:42.0078 3936 VSS - ok
19:52:42.0093 3936 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
19:52:42.0187 3936 W32Time - ok
19:52:42.0234 3936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:52:42.0328 3936 Wanarp - ok
19:52:42.0343 3936 WDICA - ok
19:52:42.0359 3936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:52:42.0453 3936 wdmaud - ok
19:52:42.0484 3936 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
19:52:42.0578 3936 WebClient - ok
19:52:42.0656 3936 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
19:52:42.0734 3936 winmgmt - ok
19:52:42.0781 3936 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
19:52:42.0843 3936 WmdmPmSN - ok
19:52:42.0921 3936 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:52:43.0015 3936 WmiApSrv - ok
19:52:43.0062 3936 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
19:52:43.0062 3936 WpdUsb - ok
19:52:43.0109 3936 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:52:43.0218 3936 WS2IFSL - ok
19:52:43.0265 3936 wscsvc (c1fd85db4a80a98d60ecb7a828e77fe0) C:\WINDOWS\system32\wscsvc.dll
19:52:43.0375 3936 wscsvc - ok
19:52:43.0390 3936 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
19:52:43.0484 3936 wuauserv - ok
19:52:43.0531 3936 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:52:43.0562 3936 WudfPf - ok
19:52:43.0593 3936 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:52:43.0625 3936 WudfRd - ok
19:52:43.0640 3936 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
19:52:43.0671 3936 WudfSvc - ok
19:52:43.0734 3936 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
19:52:43.0859 3936 WZCSVC - ok
19:52:43.0906 3936 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
19:52:44.0000 3936 xmlprov - ok
19:52:44.0031 3936 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
19:52:44.0140 3936 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:52:44.0140 3936 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:52:44.0140 3936 Boot (0x1200) (88f7a9d8edf3be722af5eeac8ef66511) \Device\Harddisk0\DR0\Partition0
19:52:44.0140 3936 \Device\Harddisk0\DR0\Partition0 - ok
19:52:44.0156 3936 ============================================================
19:52:44.0156 3936 Scan finished
19:52:44.0156 3936 ============================================================
19:52:44.0281 3680 Detected object count: 5
19:52:44.0281 3680 Actual detected object count: 5
19:52:51.0531 3680 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:51.0531 3680 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:51.0531 3680 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:51.0531 3680 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:51.0531 3680 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:51.0531 3680 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:51.0531 3680 pcouffin ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:51.0531 3680 pcouffin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:51.0531 3680 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:52:51.0531 3680 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
0
Réponse 12 / 26
hibou31
27 mars 2012 à 20:05
Et oui j ai d autres problèmes:
un virus a été détecté pas avira à 19h47 c.a.d. après la manipulation de combofix et avant le dernier rapport TDSSKiller.

Voici la signalisation Avira:
Le fichier 'C:\System Volume Information\_restore{E3B49C7F-489D-4203-9035-19A6C84AAD50}\RP149\A0014197.sys'
contenait un virus ou un programme indésirable 'TR/Rootkit.Gen2' [trojan].
Action(s) exécutée(s) :
Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4dcc5c30.qua' !
0
Réponse 13 / 26
hibou31
27 mars 2012 à 20:15
Et j ai toujours une connexion qui rame beaucoup.
Comme je disais au premier post, j ai changé la configuration internet:
Au protocole internet (TCP/IP) au lieu d'obtenir l adresse IP automatique (qui ne fonctionnait pas) j'ai mis une adresse IP manuelle
et de meme pour l adresse de serveur DNS.
0
Réponse 14 / 26
Utilisateur anonyme
27 mars 2012 à 20:22
Le fichier 'C:\System Volume Information\_restore{E3B49C7F-489D-4203-9035-19A6C84AAD50}\RP149\A0014197.sys'
contenait un virus ou un programme indésirable 'TR/Rootkit.Gen2' [trojan].
Il est dans ta restauration donc innoffensif.

Pour Tdsskiller tu as bien cliqué sur Skip ?
0
Réponse 15 / 26
hibou31
27 mars 2012 à 20:22
Et aussi lorsque que je lance une nouvelle page (par exemple, celle de "comment ca marche"), il apparait dans la barre d'état:
recherche de l'hôte ba-ccm2.net
ad-doubleclick.net
cstatic.weborama.fr
Est ce que ca correspond à une intrusion ou seulement au logo de publicité du site, ou autre chose que je n'ai pas besoin de savoir?

J'en demande beaucoup, mais tant que j ai quelqu'un de compétent, j'en profite.
Merci d'avance.
0
Réponse 16 / 26
Utilisateur anonyme
27 mars 2012 à 20:26
Voir mon message précédent.
https://forums.commentcamarche.net/forum/affich-24803901-virus-sirefef-rootkit-gen2#14

ad-doubleclick.net ===>ok


On va faire une analyse de ton systéme.


* Télécharge ZHPDiag ( de Nicolas coolman ).
ou
ZHPDiag
ou
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Ou le lien FTP en secours :
ftp://zebulon.fr/ZHPDiag2.exe

***********************
/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, (icône en forme de parchemin) exécuter en tant qu'Administrateur /!\
* Laisse toi guider lors de l'installation
* Il se lancera automatiquement à la fin de l'installation
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur le site pjjoint.malekal.com ou cijoint.fr ou toofiles puis copie/colle le lien fournit dans ta prochaine réponse sur le forum
0
Réponse 17 / 26
hibou31
27 mars 2012 à 20:49
Voila l'adresse du rapport ZHPDiag:

http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120327_z7h7m12q6e15


Pour Tdsskiller tu as bien cliqué sur Skip ?
Au bout des différentes menaces qu il a trouvé, j ai laissé skip, ensuite j ai fais close.
0
Réponse 18 / 26
Utilisateur anonyme
27 mars 2012 à 22:22
Relances Tdsskiller et fais skip.



1/ Copie/colle les lignes suivantes en gras:
2/Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag)
3/Clique sur l''icone représentant la lettre H (« coller les lignes Helper »)

----------------------------------------------------------
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: Modified
O43 - CFD: 27/01/2011 - 22:08:30 - [4,159] ----D- C:\Documents and Settings\Ordinateur\Application Data\OpenCandy
[HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}]
[HKLM\Software\Canneverbe Limited\OpenCandy]
C:\Documents and Settings\Ordinateur\Application Data\OpenCandy
O69 - SBI: SearchScopes [HKCU] {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - (Ask Search) - http://www.search.ask.com/?o=10148&l=dis
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}]
O17 - HKLM\System\CS3\Services\Tcpip\..\{DCE93449-D5C8-42DC-966D-4667A75F45C5}: NameServer = 211.54.200.35
EmptyTemp
FirewallRaz
--------------------------------------------------------

- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
0
Réponse 19 / 26
hibou31
27 mars 2012 à 22:37
Voila le rapport ZHP

Rapport de ZHPFix 1.12.3381 par Nicolas Coolman, Update du 08/02/2011
Fichier d'export Registre :
Run by Ordinateur at 27/03/2012 22:31:47
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Clé(s) du Registre ==========
SUPPRIME Key: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
SUPPRIME Key: HKLM\Software\Canneverbe Limited\OpenCandy
SUPPRIME Key: SearchScopes :{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}

========== Valeur(s) du Registre ==========
ABSENT TCPIP: NameServer
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)

========== Elément(s) de donnée du Registre ==========
REMPLACE Value AntiVirusOverride : Good (0) - Bad (1)

========== Dossier(s) ==========
SUPPRIME Folder: C:\Documents and Settings\Ordinateur\Application Data\OpenCandy
SUPPRIME Temporaires Windows: : 68

========== Fichier(s) ==========
ABSENT Folder/File: c:\documents and settings\ordinateur\application data\opencandy
SUPPRIME Temporaires Windows: : 13


========== Récapitulatif ==========
4 : Clé(s) du Registre
2 : Valeur(s) du Registre
1 : Elément(s) de donnée du Registre
2 : Dossier(s)
2 : Fichier(s)


End of clean in 00mn 01s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 27/03/2012 22:31:47 [1492]
0
Réponse 20 / 26
Utilisateur anonyme
27 mars 2012 à 22:48
* Télécharge :https://www.superantispyware.com/
* Choisis "enregistrer" et enregistre-le sur ton bureau.
* Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.
* Créé une icône sur le bureau.
* Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.
* Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
* Sous Configuration and Preferences, clique sur le bouton "Preferences"
* Clique sur l'onglet "Scanning Control "
* Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :
* Close browsers before scanning
* Scan for tracking cookies
* Terminate memory threats before quarantining
* Laisse les autres lignes décochées.
* Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.
* Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".
* Dans la colonne de gauche, coche C:\Fixed Drive.
* Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"
* Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.
* A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.
* Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".
* Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.
* Pour recopier les informations sur le forum, fais ceci :
* après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
* Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
* Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.
* Le rapport va s'ouvrir dans ton éditeur de texte par défaut.
* Copie son contenu dans ta réponse.
* Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
* https://www.malekal.com/?s=SUPERAntiSpyware

0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses