Virus PUM.Hijack.startMenu + Pum.Hidden.Deskt

Résolu/Fermé
dudule - 1 avril 2012 à 16:36
 dudule - 5 avril 2012 à 10:48
Bonjour,

Comme indiqué dans le titre , mon ordinateur est vérolé par different virus, à savoir qu'antimalware detecte a chaque coup ces virus : PUM.Hijack.startMenu (x6) PUM.Hidden.Desktop (x1).
Achaque fois que je les supprime, apres redemmarrage de l'ordinateur, ils reviennent et je me retrouve avec une vingtaine de fenetre "systeme message -write Fault error" m'indiquant ce message :
"A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception error when using a reference to an invalid system memory adress."
De plus, un fois sur windows, il m'est impossible d'acceder au contenu de mon disque dur, via le poste de travail. je vois l'arboressence des differents diques mais il n'y a rien rien dedans.

Voici le rapport donné par Antimawalre :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8340

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

31/03/2012 23:32:35
mbam-log-2012-03-31 (23-32-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 149272
Temps écoulé: 3 minute(s), 32 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Merci d'avance pour votre aide,
Cordialement



A voir également:

21 réponses

Utilisateur anonyme
1 avril 2012 à 16:48
Bonjour

Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
Lance le, clique sur [Suppression] puis patiente le temps du scan.
Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=


Ensuite

tu relances Malwaresbytes.


Tu postes ces deux rapports;merci

@+
0
Rebonjour Guillaume,
Cijoint le rapport de Awdcleaner

# AdwCleaner v1.503 - Rapport créé le 01/04/2012 à 17:32:14
# Mis à jour le 24/03/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Administrateur - CHARLOTT-9DCD77
# Exécuté depuis : C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****


***** [H. Navipromo] *****


***** [Registre] *****


***** [Navigateurs] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v3.6.28 (fr)

Nom du profil : default
Fichier : C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\y4wwhbmw.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[S1].txt - [1115 octets] - [01/04/2012 17:11:59]
AdwCleaner[S2].txt - [945 octets] - [01/04/2012 17:32:14]

########## EOF - C:\AdwCleaner[S2].txt - [1072 octets] ##########


Ainsi que celui de MalwaresBytes :

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 8340

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

01/04/2012 17:41:25
mbam-log-2012-04-01 (17-41-24).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 149097
Temps écoulé: 4 minute(s), 31 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

merci d'avance
0
Utilisateur anonyme
1 avril 2012 à 17:51
Re

Quelles sont le nouvelles?

@+
0
re,
Les fenêtres citées precedement n'apparaissent plus, déjà un bon point. Pareil pour les erreurs système. C'est que le virus a du être effacé, du moin je suppose...
Par contre toujours rien dans l'arborescence de l'explorateur windows. Pas moyen d'acceder au à mes fichiers, pourtant en utilisant l'outil recherche de windows, ils sont toujours present.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Utilisateur anonyme
1 avril 2012 à 20:59
Re

[*] Télécharger sur le bureau https://www.luanagames.com/index.fr.html (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du rapport

@+
0
Hop ! contenu rapport Roguekiller :

RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Administrateur [Droits d'admin]
Mode: Recherche -- Date: 01/04/2012 23:57:19

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 10 ¤¤¤
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++
--- User ---
[MBR] 5e8d64dc8bb50b1d404d93db3082731b
[BSP] 4bc17a43b2a43d6eb62ad239abebb691 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 36993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 75778605 | Size: 115624 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 207a6f069940ac1a1d8fa11ec878fff2
[BSP] d22b8c1e3086e7cb5dbab76f2ad434de : MaxSS MBR Code!
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 36993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 75778605 | Size: 115624 Mo

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
0
Utilisateur anonyme
2 avril 2012 à 06:44
Bonjour

Relance Roguekiller option suppression et ensuite RACC RAZ

Poste moi ces deux rapports

Merci

@+
0
Bonjour,

Lorsque j'ai lancer RK il n'a pas voulu faire suppression mais RACC RAZ il veut bien. J'ai lu que parfois en le renommant winlogon.exe ca marchait du coup j'ai testé mais rien de plus.
Dans le doute j'ai envoyer un mail a mon homme pour savoir s'il avait fait la manip dont tu parles ce matin, mais n'ayant pas eu de réponse j'ai préféré attendre... mais lors de cette attente mon ecran est redevenu noir et les multiple fenetre system message se sont encore affichés ainsi que la fenetre SMART HDD !

Que dois-je faire?? Recommencer les manip d'hier dans le mm ordre?

Merci pour ta réponse
0
re-bonjour,

Je viens d'avoir une reponse de mon homme, ce matin il avait fait les manip indiquées (supression/racc raz) mais il n'avait pas eu de rapport !

merci a toi
0
Utilisateur anonyme
2 avril 2012 à 19:15
Bonsoir

Relance Roguekiller option scan
Poste moi son rapport;merci

@+
0
Bonsoir,

voila le rapport du scan que je viens de faire

RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Administrateur [Droits d'admin]
Mode: Recherche -- Date: 02/04/2012 19:30:05

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 17 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : uWCRRCjJmKaKb.exe (C:\Documents and Settings\All Users\Application Data\uWCRRCjJmKaKb.exe) -> FOUND
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++
--- User ---
[MBR] 5e8d64dc8bb50b1d404d93db3082731b
[BSP] 4bc17a43b2a43d6eb62ad239abebb691 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 36993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 75778605 | Size: 115624 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 207a6f069940ac1a1d8fa11ec878fff2
[BSP] d22b8c1e3086e7cb5dbab76f2ad434de : MaxSS MBR Code!
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 36993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 75778605 | Size: 115624 Mo

Termine : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt



Merci
a tanto
0
Utilisateur anonyme
2 avril 2012 à 20:10
Re

Télécharge TDSSKiller

*Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
* Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.


Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau

Poste moi son rapport à l'issue; merci

@+
0
Re bonsoir,

Alors j'ai tant bien que mal réusiit a lancer TDSSKiller, et il m'affiche cela (je n'ai pas fait continuer pour le moment) :

Locked file
Service : sptd
Suspicious object, medium risk Skip

Rootkit.Boot.SST.a
Physical drive:/Device/harddisk0/DRO
Malware objet, high risk Cure

JE laisse comme cela et je continu ou je change les options?
Merci a toi
0
Bonjour,


Sur TDSSKiller comme indiqué sur le message d'hier j'ai fait continuer par la suite il m'a fait ce rapport ci

23:38:31.0500 2560 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
23:38:31.0593 2560 ============================================================
23:38:31.0593 2560 Current date / time: 2012/04/02 23:38:31.0593
23:38:31.0593 2560 SystemInfo:
23:38:31.0593 2560
23:38:31.0593 2560 OS Version: 5.1.2600 ServicePack: 3.0
23:38:31.0593 2560 Product type: Workstation
23:38:31.0593 2560 ComputerName: CHARLOTT-9DCD77
23:38:31.0593 2560 UserName: Administrateur
23:38:31.0593 2560 Windows directory: C:\WINDOWS
23:38:31.0593 2560 System windows directory: C:\WINDOWS
23:38:31.0593 2560 Processor architecture: Intel x86
23:38:31.0593 2560 Number of processors: 2
23:38:31.0593 2560 Page size: 0x1000
23:38:31.0593 2560 Boot type: Normal boot
23:38:31.0593 2560 ============================================================
23:38:32.0421 2560 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:38:32.0421 2560 \Device\Harddisk0\DR0:
23:38:32.0421 2560 MBR used
23:38:32.0437 2560 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x4840B2D
23:38:32.0437 2560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4844A2D, BlocksNum 0xE1D4094
23:38:32.0500 2560 Initialize success
23:38:32.0500 2560 ============================================================
23:38:40.0078 3932 ============================================================
23:38:40.0078 3932 Scan started
23:38:40.0078 3932 Mode: Manual;
23:38:40.0078 3932 ============================================================
23:38:40.0906 3932 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
23:38:40.0906 3932 Aavmker4 - ok
23:38:41.0500 3932 Abiosdsk - ok
23:38:42.0109 3932 abp480n5 - ok
23:38:42.0718 3932 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:38:42.0718 3932 ACPI - ok
23:38:43.0343 3932 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:38:43.0343 3932 ACPIEC - ok
23:38:43.0937 3932 adpu160m - ok
23:38:44.0578 3932 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
23:38:44.0578 3932 aec - ok
23:38:45.0203 3932 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
23:38:45.0203 3932 AegisP - ok
23:38:45.0843 3932 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
23:38:45.0843 3932 AFD - ok
23:38:46.0453 3932 Aha154x - ok
23:38:47.0062 3932 aic78u2 - ok
23:38:47.0656 3932 aic78xx - ok
23:38:48.0265 3932 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
23:38:48.0265 3932 Alerter - ok
23:38:48.0875 3932 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
23:38:48.0875 3932 ALG - ok
23:38:49.0468 3932 AliIde - ok
23:38:50.0078 3932 amsint - ok
23:38:50.0687 3932 AppMgmt (f36c9f78fc902c8dce4d3b576bb0435a) C:\WINDOWS\System32\appmgmts.dll
23:38:50.0687 3932 AppMgmt - ok
23:38:51.0296 3932 asc - ok
23:38:51.0906 3932 asc3350p - ok
23:38:52.0515 3932 asc3550 - ok
23:38:52.0593 3932 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:38:52.0593 3932 aspnet_state - ok
23:38:53.0203 3932 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
23:38:53.0203 3932 aswFsBlk - ok
23:38:53.0843 3932 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
23:38:53.0843 3932 aswMon2 - ok
23:38:54.0468 3932 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
23:38:54.0468 3932 aswRdr - ok
23:38:55.0109 3932 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
23:38:55.0109 3932 aswSP - ok
23:38:55.0750 3932 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
23:38:55.0750 3932 aswTdi - ok
23:38:56.0375 3932 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:38:56.0375 3932 AsyncMac - ok
23:38:56.0984 3932 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:38:57.0000 3932 atapi - ok
23:38:57.0578 3932 Atdisk - ok
23:38:58.0218 3932 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:38:58.0218 3932 Atmarpc - ok
23:38:58.0828 3932 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
23:38:58.0828 3932 AudioSrv - ok
23:38:59.0437 3932 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:38:59.0437 3932 audstub - ok
23:38:59.0515 3932 avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:38:59.0515 3932 avast! Antivirus - ok
23:38:59.0515 3932 avast! Mail Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:38:59.0515 3932 avast! Mail Scanner - ok
23:38:59.0531 3932 avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
23:38:59.0531 3932 avast! Web Scanner - ok
23:39:00.0156 3932 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:39:00.0156 3932 Beep - ok
23:39:00.0765 3932 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
23:39:00.0765 3932 BITS - ok
23:39:01.0375 3932 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
23:39:01.0375 3932 Browser - ok
23:39:02.0000 3932 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:39:02.0000 3932 cbidf2k - ok
23:39:02.0640 3932 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:39:02.0640 3932 CCDECODE - ok
23:39:03.0234 3932 cd20xrnt - ok
23:39:03.0875 3932 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:39:03.0875 3932 Cdaudio - ok
23:39:04.0500 3932 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
23:39:04.0500 3932 Cdfs - ok
23:39:05.0125 3932 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:39:05.0125 3932 Cdrom - ok
23:39:05.0718 3932 Changer - ok
23:39:06.0312 3932 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
23:39:06.0312 3932 CiSvc - ok
23:39:06.0921 3932 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
23:39:06.0921 3932 ClipSrv - ok
23:39:07.0000 3932 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:39:07.0000 3932 clr_optimization_v2.0.50727_32 - ok
23:39:07.0593 3932 CmdIde - ok
23:39:08.0187 3932 COMSysApp - ok
23:39:08.0796 3932 Cpqarray - ok
23:39:09.0406 3932 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
23:39:09.0421 3932 CryptSvc - ok
23:39:10.0015 3932 dac2w2k - ok
23:39:10.0625 3932 dac960nt - ok
23:39:11.0234 3932 DcomLaunch (3d65eb82e1fa6db15a33e024c9e03cab) C:\WINDOWS\system32\rpcss.dll
23:39:11.0234 3932 DcomLaunch - ok
23:39:11.0843 3932 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
23:39:11.0843 3932 Dhcp - ok
23:39:12.0468 3932 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
23:39:12.0468 3932 Disk - ok
23:39:13.0062 3932 dmadmin - ok
23:39:13.0703 3932 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
23:39:13.0703 3932 dmboot - ok
23:39:14.0343 3932 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
23:39:14.0343 3932 dmio - ok
23:39:14.0968 3932 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:39:14.0968 3932 dmload - ok
23:39:15.0593 3932 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
23:39:15.0625 3932 dmserver - ok
23:39:16.0375 3932 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
23:39:16.0375 3932 DMusic - ok
23:39:17.0031 3932 Dnscache (8a3ce3e2525e1a341fb25e4bdb648fa9) C:\WINDOWS\System32\dnsrslvr.dll
23:39:17.0031 3932 Dnscache - ok
23:39:17.0734 3932 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
23:39:17.0734 3932 Dot3svc - ok
23:39:18.0343 3932 dpti2o - ok
23:39:18.0406 3932 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
23:39:18.0406 3932 driverhardwarev2 - ok
23:39:19.0031 3932 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
23:39:19.0031 3932 drmkaud - ok
23:39:19.0656 3932 e1express (1cd824a565dd4d3a33341f08a7ce44d9) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
23:39:19.0656 3932 e1express - ok
23:39:20.0265 3932 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
23:39:20.0265 3932 EapHost - ok
23:39:20.0859 3932 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
23:39:20.0859 3932 ERSvc - ok
23:39:21.0453 3932 Eventlog (54cb50058851d95e56ec70d09f70857f) C:\WINDOWS\system32\services.exe
23:39:21.0453 3932 Eventlog - ok
23:39:22.0062 3932 EventSystem (9fd4a0615bf3e9388a46edf8774c7294) C:\WINDOWS\system32\es.dll
23:39:22.0062 3932 EventSystem - ok
23:39:22.0703 3932 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
23:39:22.0703 3932 Fastfat - ok
23:39:23.0296 3932 FastUserSwitchingCompatibility (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
23:39:23.0312 3932 FastUserSwitchingCompatibility - ok
23:39:23.0937 3932 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:39:23.0937 3932 Fdc - ok
23:39:24.0562 3932 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
23:39:24.0562 3932 Fips - ok
23:39:25.0187 3932 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:39:25.0187 3932 Flpydisk - ok
23:39:25.0812 3932 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:39:25.0812 3932 FltMgr - ok
23:39:26.0437 3932 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:39:26.0437 3932 Fs_Rec - ok
23:39:27.0078 3932 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:39:27.0078 3932 Ftdisk - ok
23:39:27.0703 3932 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:39:27.0703 3932 Gpc - ok
23:39:27.0781 3932 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:39:27.0781 3932 gupdate - ok
23:39:27.0781 3932 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
23:39:27.0781 3932 gupdatem - ok
23:39:28.0406 3932 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:39:28.0406 3932 HDAudBus - ok
23:39:29.0015 3932 HECI (9c1a84cb7d209cbecb1909de4875e9d6) C:\WINDOWS\system32\DRIVERS\HECI.sys
23:39:29.0015 3932 HECI - ok
23:39:29.0093 3932 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:39:29.0093 3932 helpsvc - ok
23:39:29.0671 3932 HidServ (a3b9b4a68bc839ce5a264d5908092261) C:\WINDOWS\System32\hidserv.dll
23:39:29.0671 3932 HidServ - ok
23:39:30.0296 3932 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:39:30.0296 3932 hidusb - ok
23:39:30.0906 3932 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
23:39:30.0906 3932 hkmsvc - ok
23:39:31.0500 3932 hpn - ok
23:39:32.0125 3932 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
23:39:32.0140 3932 HTTP - ok
23:39:32.0734 3932 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
23:39:32.0734 3932 HTTPFilter - ok
23:39:33.0328 3932 i2omgmt - ok
23:39:33.0921 3932 i2omp - ok
23:39:34.0531 3932 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:39:34.0531 3932 i8042prt - ok
23:39:35.0296 3932 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
23:39:35.0359 3932 ialm - ok
23:39:35.0984 3932 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:39:35.0984 3932 Imapi - ok
23:39:36.0578 3932 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
23:39:36.0593 3932 ImapiService - ok
23:39:37.0203 3932 ini910u - ok
23:39:37.0984 3932 IntcAzAudAddService (58dabdef7a35f9e3ab1fabd2cbaf3d13) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:39:38.0046 3932 IntcAzAudAddService - ok
23:39:38.0640 3932 Intel(R) PROSet Monitoring Service (16508b07d708b92d74df6233cdc06e3c) C:\WINDOWS\system32\IProsetMonitor.exe
23:39:38.0640 3932 Intel(R) PROSet Monitoring Service - ok
23:39:39.0250 3932 IntelIde - ok
23:39:39.0890 3932 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:39:39.0890 3932 intelppm - ok
23:39:40.0500 3932 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:39:40.0500 3932 Ip6Fw - ok
23:39:41.0125 3932 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:39:41.0125 3932 IpFilterDriver - ok
23:39:41.0750 3932 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:39:41.0750 3932 IpInIp - ok
23:39:42.0375 3932 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:39:42.0375 3932 IpNat - ok
23:39:43.0109 3932 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:39:43.0109 3932 IPSec - ok
23:39:43.0734 3932 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:39:43.0734 3932 IRENUM - ok
23:39:44.0375 3932 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:39:44.0375 3932 isapnp - ok
23:39:44.0453 3932 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
23:39:44.0453 3932 JavaQuickStarterService - ok
23:39:45.0062 3932 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:39:45.0062 3932 Kbdclass - ok
23:39:45.0687 3932 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:39:45.0687 3932 kbdhid - ok
23:39:46.0312 3932 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
23:39:46.0312 3932 kmixer - ok
23:39:46.0937 3932 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
23:39:46.0937 3932 KSecDD - ok
23:39:47.0531 3932 LanmanServer (b206cee1cb4876cc59e2c3721e6034e3) C:\WINDOWS\System32\srvsvc.dll
23:39:47.0531 3932 LanmanServer - ok
23:39:48.0140 3932 lanmanworkstation (1e407456df47b04af13264becf3bc3f4) C:\WINDOWS\System32\wkssvc.dll
23:39:48.0140 3932 lanmanworkstation - ok
23:39:48.0765 3932 lbrtfdc - ok
23:39:49.0359 3932 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
23:39:49.0359 3932 LmHosts - ok
23:39:49.0984 3932 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
23:39:49.0984 3932 LVPr2Mon - ok
23:39:50.0062 3932 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe
23:39:50.0062 3932 LVPrcSrv - ok
23:39:50.0687 3932 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\WINDOWS\system32\DRIVERS\lvrs.sys
23:39:50.0687 3932 LVRS - ok
23:39:51.0453 3932 LVUVC (3703406af0726badd24c5e552493e5b1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
23:39:51.0484 3932 LVUVC - ok
23:39:51.0593 3932 maconfservice (3137b276c48d77dc05b7592e156e2880) C:\Program Files\ma-config.com\maconfservice.exe
23:39:51.0593 3932 maconfservice - ok
23:39:51.0671 3932 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
23:39:51.0671 3932 McComponentHostService - ok
23:39:52.0281 3932 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
23:39:52.0281 3932 Messenger - ok
23:39:52.0921 3932 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
23:39:52.0921 3932 Modem - ok
23:39:53.0546 3932 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:39:53.0546 3932 Mouclass - ok
23:39:54.0171 3932 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:39:54.0187 3932 mouhid - ok
23:39:54.0796 3932 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
23:39:54.0796 3932 MountMgr - ok
23:39:55.0406 3932 mraid35x - ok
23:39:56.0046 3932 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:39:56.0046 3932 MRxDAV - ok
23:39:56.0687 3932 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:39:56.0703 3932 MRxSmb - ok
23:39:57.0296 3932 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
23:39:57.0296 3932 MSDTC - ok
23:39:57.0921 3932 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
23:39:57.0921 3932 Msfs - ok
23:39:58.0500 3932 MSIServer - ok
23:39:59.0125 3932 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:39:59.0125 3932 MSKSSRV - ok
23:39:59.0750 3932 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:39:59.0750 3932 MSPCLOCK - ok
23:40:00.0375 3932 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
23:40:00.0375 3932 MSPQM - ok
23:40:01.0000 3932 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:40:01.0000 3932 mssmbios - ok
23:40:01.0625 3932 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
23:40:01.0625 3932 MSTEE - ok
23:40:02.0265 3932 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
23:40:02.0265 3932 Mup - ok
23:40:02.0906 3932 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:40:02.0906 3932 NABTSFEC - ok
23:40:03.0515 3932 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
23:40:03.0531 3932 napagent - ok
23:40:04.0156 3932 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
23:40:04.0156 3932 NDIS - ok
23:40:04.0781 3932 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:40:04.0781 3932 NdisIP - ok
23:40:05.0406 3932 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:40:05.0406 3932 NdisTapi - ok
23:40:06.0015 3932 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:40:06.0015 3932 Ndisuio - ok
23:40:06.0656 3932 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:40:06.0656 3932 NdisWan - ok
23:40:07.0296 3932 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
23:40:07.0296 3932 NDProxy - ok
23:40:07.0921 3932 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:40:07.0921 3932 NetBIOS - ok
23:40:08.0562 3932 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:40:08.0562 3932 NetBT - ok
23:40:09.0156 3932 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
23:40:09.0171 3932 NetDDE - ok
23:40:09.0171 3932 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
23:40:09.0171 3932 NetDDEdsdm - ok
23:40:09.0781 3932 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
23:40:09.0781 3932 Netlogon - ok
23:40:10.0375 3932 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
23:40:10.0390 3932 Netman - ok
23:40:11.0000 3932 Nla (196ccc3fdd21665dcaa9f83ffc03b41a) C:\WINDOWS\System32\mswsock.dll
23:40:11.0000 3932 Nla - ok
23:40:11.0625 3932 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
23:40:11.0625 3932 Npfs - ok
23:40:12.0265 3932 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
23:40:12.0281 3932 Ntfs - ok
23:40:12.0890 3932 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
23:40:12.0890 3932 NtLmSsp - ok
23:40:13.0484 3932 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
23:40:13.0500 3932 NtmsSvc - ok
23:40:14.0125 3932 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:40:14.0125 3932 Null - ok
23:40:14.0750 3932 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:40:14.0750 3932 NwlnkFlt - ok
23:40:15.0375 3932 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:40:15.0375 3932 NwlnkFwd - ok
23:40:16.0015 3932 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
23:40:16.0015 3932 Parport - ok
23:40:16.0640 3932 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
23:40:16.0640 3932 PartMgr - ok
23:40:17.0281 3932 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
23:40:17.0281 3932 ParVdm - ok
23:40:17.0906 3932 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
23:40:17.0906 3932 PCI - ok
23:40:18.0500 3932 PCIDump - ok
23:40:19.0140 3932 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:40:19.0140 3932 PCIIde - ok
23:40:19.0765 3932 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:40:19.0765 3932 Pcmcia - ok
23:40:20.0375 3932 PDCOMP - ok
23:40:20.0984 3932 PDFRAME - ok
23:40:21.0578 3932 PDRELI - ok
23:40:22.0187 3932 PDRFRAME - ok
23:40:22.0796 3932 perc2 - ok
23:40:23.0406 3932 perc2hib - ok
23:40:24.0015 3932 PlugPlay (54cb50058851d95e56ec70d09f70857f) C:\WINDOWS\system32\services.exe
23:40:24.0015 3932 PlugPlay - ok
23:40:24.0640 3932 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
23:40:24.0640 3932 PolicyAgent - ok
23:40:25.0250 3932 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:40:25.0265 3932 PptpMiniport - ok
23:40:25.0859 3932 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
23:40:25.0859 3932 ProtectedStorage - ok
23:40:26.0468 3932 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
23:40:26.0468 3932 PSched - ok
23:40:27.0093 3932 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:40:27.0093 3932 Ptilink - ok
23:40:27.0687 3932 ql1080 - ok
23:40:28.0296 3932 Ql10wnt - ok
23:40:28.0906 3932 ql12160 - ok
23:40:29.0515 3932 ql1240 - ok
23:40:30.0125 3932 ql1280 - ok
23:40:30.0750 3932 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:40:30.0750 3932 RasAcd - ok
23:40:31.0359 3932 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
23:40:31.0359 3932 RasAuto - ok
23:40:31.0968 3932 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:40:31.0984 3932 Rasl2tp - ok
23:40:32.0593 3932 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
23:40:32.0593 3932 RasMan - ok
23:40:33.0234 3932 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:40:33.0234 3932 RasPppoe - ok
23:40:33.0843 3932 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:40:33.0859 3932 Raspti - ok
23:40:34.0484 3932 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:40:34.0484 3932 Rdbss - ok
23:40:35.0109 3932 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:40:35.0109 3932 RDPCDD - ok
23:40:35.0734 3932 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:40:35.0734 3932 rdpdr - ok
23:40:36.0375 3932 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
23:40:36.0375 3932 RDPWD - ok
23:40:36.0984 3932 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
23:40:36.0984 3932 RDSessMgr - ok
23:40:37.0609 3932 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:40:37.0609 3932 redbook - ok
23:40:38.0203 3932 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
23:40:38.0218 3932 RemoteAccess - ok
23:40:38.0812 3932 RemoteRegistry (e598d81197e2e0ec42a0c55772bb00e8) C:\WINDOWS\system32\regsvc.dll
23:40:38.0812 3932 RemoteRegistry - ok
23:40:39.0421 3932 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
23:40:39.0421 3932 RpcLocator - ok
23:40:40.0031 3932 RpcSs (3d65eb82e1fa6db15a33e024c9e03cab) C:\WINDOWS\system32\rpcss.dll
23:40:40.0046 3932 RpcSs - ok
23:40:40.0656 3932 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
23:40:40.0656 3932 RSVP - ok
23:40:41.0281 3932 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
23:40:41.0296 3932 RT73 - ok
23:40:41.0890 3932 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
23:40:41.0890 3932 SamSs - ok
23:40:42.0500 3932 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
23:40:42.0500 3932 SCardSvr - ok
23:40:43.0125 3932 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
23:40:43.0125 3932 Schedule - ok
23:40:43.0765 3932 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:40:43.0765 3932 Secdrv - ok
23:40:44.0343 3932 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
23:40:44.0359 3932 seclogon - ok
23:40:44.0968 3932 SENS (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
23:40:44.0968 3932 SENS - ok
23:40:45.0593 3932 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:40:45.0593 3932 serenum - ok
23:40:46.0218 3932 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
23:40:46.0218 3932 Serial - ok
23:40:46.0843 3932 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:40:46.0843 3932 Sfloppy - ok
23:40:47.0453 3932 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
23:40:47.0453 3932 SharedAccess - ok
23:40:48.0046 3932 ShellHWDetection (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
23:40:48.0046 3932 ShellHWDetection - ok
23:40:48.0656 3932 Simbad - ok
23:40:48.0718 3932 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
23:40:48.0718 3932 SkypeUpdate - ok
23:40:49.0343 3932 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:40:49.0343 3932 SLIP - ok
23:40:49.0953 3932 Sparrow - ok
23:40:50.0578 3932 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
23:40:50.0578 3932 splitter - ok
23:40:51.0187 3932 Spooler (460e4ce148bd07218da0b6a3d31885a9) C:\WINDOWS\system32\spoolsv.exe
23:40:51.0187 3932 Spooler - ok
23:40:51.0828 3932 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
23:40:51.0828 3932 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
23:40:51.0828 3932 sptd ( LockedFile.Multi.Generic ) - warning
23:40:51.0828 3932 sptd - detected LockedFile.Multi.Generic (1)
23:40:52.0453 3932 Sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
23:40:52.0453 3932 Sr - ok
23:40:53.0062 3932 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
23:40:53.0062 3932 srservice - ok
23:40:53.0687 3932 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
23:40:53.0703 3932 Srv - ok
23:40:54.0312 3932 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
23:40:54.0312 3932 SSDPSRV - ok
23:40:54.0921 3932 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
23:40:54.0921 3932 stisvc - ok
23:40:55.0546 3932 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:40:55.0546 3932 streamip - ok
23:40:56.0187 3932 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:40:56.0187 3932 swenum - ok
23:40:56.0312 3932 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
23:40:56.0328 3932 SwitchBoard - ok
23:40:56.0953 3932 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
23:40:56.0953 3932 swmidi - ok
23:40:57.0531 3932 SwPrv - ok
23:40:58.0140 3932 symc810 - ok
23:40:58.0750 3932 symc8xx - ok
23:40:59.0359 3932 sym_hi - ok
23:40:59.0968 3932 sym_u3 - ok
23:41:00.0593 3932 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
23:41:00.0609 3932 sysaudio - ok
23:41:01.0203 3932 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
23:41:01.0203 3932 SysmonLog - ok
23:41:01.0406 3932 TabletServiceWacom (68261a8395cda72bcae3ce4ac0dd5caf) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
23:41:01.0468 3932 TabletServiceWacom - ok
23:41:02.0203 3932 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
23:41:02.0203 3932 TapiSrv - ok
23:41:02.0843 3932 Tcpip (accf5a9a1ffaa490f33dba1c632b95e1) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:41:02.0843 3932 Tcpip - ok
23:41:03.0468 3932 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:41:03.0468 3932 TDPIPE - ok
23:41:04.0109 3932 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
23:41:04.0109 3932 TDTCP - ok
23:41:04.0718 3932 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:41:04.0718 3932 TermDD - ok
23:41:05.0343 3932 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
23:41:05.0359 3932 TermService - ok
23:41:05.0953 3932 Themes (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
23:41:05.0953 3932 Themes - ok
23:41:06.0562 3932 TlntSvr (d859a9d2f026ce5804485068ffd6eaf2) C:\WINDOWS\system32\tlntsvr.exe
23:41:06.0578 3932 TlntSvr - ok
23:41:07.0187 3932 TosIde - ok
23:41:07.0796 3932 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
23:41:07.0796 3932 TrkWks - ok
23:41:08.0437 3932 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
23:41:08.0437 3932 Udfs - ok
23:41:09.0031 3932 ultra - ok
23:41:09.0687 3932 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
23:41:09.0687 3932 Update - ok
23:41:10.0296 3932 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
23:41:10.0312 3932 upnphost - ok
23:41:10.0906 3932 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
23:41:10.0906 3932 UPS - ok
23:41:11.0546 3932 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
23:41:11.0546 3932 usbaudio - ok
23:41:12.0171 3932 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:41:12.0171 3932 usbccgp - ok
23:41:12.0796 3932 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:41:12.0796 3932 usbehci - ok
23:41:13.0421 3932 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:41:13.0421 3932 usbhub - ok
23:41:14.0046 3932 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:41:14.0046 3932 usbscan - ok
23:41:14.0687 3932 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:41:14.0687 3932 USBSTOR - ok
23:41:15.0312 3932 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:41:15.0312 3932 usbuhci - ok
23:41:15.0937 3932 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
23:41:15.0937 3932 usbvideo - ok
23:41:16.0562 3932 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
23:41:16.0562 3932 VgaSave - ok
23:41:17.0156 3932 ViaIde - ok
23:41:17.0796 3932 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
23:41:17.0796 3932 VolSnap - ok
23:41:18.0406 3932 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
23:41:18.0406 3932 VSS - ok
23:41:19.0031 3932 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
23:41:19.0031 3932 W32Time - ok
23:41:19.0656 3932 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
23:41:19.0656 3932 wacmoumonitor - ok
23:41:20.0281 3932 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
23:41:20.0281 3932 wacommousefilter - ok
23:41:20.0906 3932 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
23:41:20.0906 3932 wacomvhid - ok
23:41:21.0515 3932 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:41:21.0515 3932 Wanarp - ok
23:41:22.0125 3932 WDICA - ok
23:41:22.0750 3932 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
23:41:22.0750 3932 wdmaud - ok
23:41:23.0359 3932 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
23:41:23.0359 3932 WebClient - ok
23:41:23.0984 3932 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:41:23.0984 3932 winmgmt - ok
23:41:24.0609 3932 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
23:41:24.0609 3932 WmdmPmSN - ok
23:41:25.0218 3932 Wmi (cfd8dd457e2e2d4b62cc36676acc2a7d) C:\WINDOWS\System32\advapi32.dll
23:41:25.0234 3932 Wmi - ok
23:41:25.0859 3932 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
23:41:25.0859 3932 WmiAcpi - ok
23:41:26.0484 3932 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:41:26.0484 3932 WmiApSrv - ok
23:41:26.0593 3932 WMPNetworkSvc (c9bea742ce225cc993c9465fddae4656) C:\Program Files\Windows Media Player\WMPNetwk.exe
23:41:26.0640 3932 WMPNetworkSvc - ok
23:41:27.0265 3932 wscsvc (c1fd85db4a80a98d60ecb7a828e77fe0) C:\WINDOWS\system32\wscsvc.dll
23:41:27.0265 3932 wscsvc - ok
23:41:27.0906 3932 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:41:27.0906 3932 WSTCODEC - ok
23:41:28.0515 3932 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
23:41:28.0515 3932 wuauserv - ok
23:41:29.0156 3932 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:41:29.0156 3932 WudfPf - ok
23:41:29.0781 3932 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:41:29.0781 3932 WudfRd - ok
23:41:30.0375 3932 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:41:30.0390 3932 WudfSvc - ok
23:41:31.0000 3932 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
23:41:31.0000 3932 WZCSVC - ok
23:41:31.0609 3932 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
23:41:31.0609 3932 xmlprov - ok
23:41:31.0656 3932 MBR (0x1B8) (76aae2a4bcab3e2c060f941e27fe7612) \Device\Harddisk0\DR0
23:41:31.0671 3932 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
23:41:31.0671 3932 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
23:41:31.0718 3932 Boot (0x1200) (1fd6b247fe52b029c50a711a06a6ed51) \Device\Harddisk0\DR0\Partition0
23:41:31.0718 3932 \Device\Harddisk0\DR0\Partition0 - ok
23:41:31.0734 3932 Boot (0x1200) (62de92f832be8597baa280b4231d7fcd) \Device\Harddisk0\DR0\Partition1
23:41:31.0734 3932 \Device\Harddisk0\DR0\Partition1 - ok
23:41:31.0734 3932 ============================================================
23:41:31.0734 3932 Scan finished
23:41:31.0734 3932 ============================================================
23:41:31.0750 1956 Detected object count: 2
23:41:31.0750 1956 Actual detected object count: 2
11:33:21.0000 1956 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:33:21.0000 1956 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:33:21.0468 1956 \Device\Harddisk0\DR0\# - copied to quarantine
11:33:21.0468 1956 \Device\Harddisk0\DR0 - copied to quarantine
11:33:21.0609 1956 \Device\Harddisk0\DR0 - processing error
11:33:27.0140 1956 \Device\Harddisk0\DR0 - will be restored on reboot
11:33:27.0140 1956 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
11:33:51.0062 2876 Deinitialize success
0
suite

Apres cela il m'a demandé de redemarrer l'ordi ce que j'ai donc fait puis lorsque l'ordi s'est remis en marche l'ecran s'est encore une fois affiché noir et les multiples fenetres sont apparues (system message)

j'ai donc refait un scan et le second rapport indiqué ceci:

11:36:57.0546 3892 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
11:36:57.0656 3892 ============================================================
11:36:57.0656 3892 Current date / time: 2012/04/03 11:36:57.0656
11:36:57.0656 3892 SystemInfo:
11:36:57.0656 3892
11:36:57.0656 3892 OS Version: 5.1.2600 ServicePack: 3.0
11:36:57.0656 3892 Product type: Workstation
11:36:57.0656 3892 ComputerName: CHARLOTT-9DCD77
11:36:57.0656 3892 UserName: Administrateur
11:36:57.0656 3892 Windows directory: C:\WINDOWS
11:36:57.0656 3892 System windows directory: C:\WINDOWS
11:36:57.0656 3892 Processor architecture: Intel x86
11:36:57.0656 3892 Number of processors: 2
11:36:57.0656 3892 Page size: 0x1000
11:36:57.0656 3892 Boot type: Normal boot
11:36:57.0656 3892 ============================================================
11:37:02.0937 3892 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:37:02.0937 3892 \Device\Harddisk0\DR0:
11:37:02.0953 3892 MBR used
11:37:02.0968 3892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x4840B2D
11:37:02.0968 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x4844A2D, BlocksNum 0xE1D4094
11:37:03.0218 3892 Initialize success
11:37:03.0218 3892 ============================================================
11:37:14.0343 4012 ============================================================
11:37:14.0343 4012 Scan started
11:37:14.0343 4012 Mode: Manual;
11:37:14.0343 4012 ============================================================
11:37:18.0218 4012 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
11:37:18.0218 4012 Aavmker4 - ok
11:37:19.0046 4012 Abiosdsk - ok
11:37:19.0937 4012 abp480n5 - ok
11:37:20.0812 4012 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:37:20.0843 4012 ACPI - ok
11:37:21.0593 4012 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:37:21.0609 4012 ACPIEC - ok
11:37:22.0781 4012 adpu160m - ok
11:37:23.0781 4012 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:37:23.0781 4012 aec - ok
11:37:25.0093 4012 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:37:25.0093 4012 AegisP - ok
11:37:26.0375 4012 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
11:37:26.0375 4012 AFD - ok
11:37:27.0234 4012 Aha154x - ok
11:37:28.0375 4012 aic78u2 - ok
11:37:29.0421 4012 aic78xx - ok
11:37:31.0109 4012 Alerter (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
11:37:31.0109 4012 Alerter - ok
11:37:34.0375 4012 ALG (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
11:37:34.0375 4012 ALG - ok
11:37:37.0234 4012 AliIde - ok
11:37:39.0593 4012 amsint - ok
11:37:42.0343 4012 AppMgmt (f36c9f78fc902c8dce4d3b576bb0435a) C:\WINDOWS\System32\appmgmts.dll
11:37:42.0359 4012 AppMgmt - ok
11:37:45.0406 4012 asc - ok
11:37:47.0281 4012 asc3350p - ok
11:37:50.0171 4012 asc3550 - ok
11:37:50.0281 4012 aspnet_state (d33c507942299753868204cc7642fa27) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:37:50.0296 4012 aspnet_state - ok
11:37:52.0812 4012 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
11:37:52.0812 4012 aswFsBlk - ok
11:37:54.0500 4012 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
11:37:54.0500 4012 aswMon2 - ok
11:37:56.0359 4012 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
11:37:56.0359 4012 aswRdr - ok
11:37:58.0296 4012 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
11:37:58.0312 4012 aswSP - ok
11:38:00.0296 4012 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
11:38:00.0296 4012 aswTdi - ok
11:38:03.0531 4012 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:38:03.0531 4012 AsyncMac - ok
11:38:07.0781 4012 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:38:07.0781 4012 atapi - ok
11:38:11.0312 4012 Atdisk - ok
11:38:14.0140 4012 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:38:14.0203 4012 Atmarpc - ok
11:38:16.0578 4012 AudioSrv (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
11:38:16.0578 4012 AudioSrv - ok
11:38:18.0593 4012 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:38:18.0593 4012 audstub - ok
11:38:18.0671 4012 avast! Antivirus (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:38:18.0671 4012 avast! Antivirus - ok
11:38:18.0671 4012 avast! Mail Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:38:18.0671 4012 avast! Mail Scanner - ok
11:38:18.0671 4012 avast! Web Scanner (acb544d7254f366dfb48f380bc36cd25) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:38:18.0687 4012 avast! Web Scanner - ok
11:38:19.0875 4012 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:38:19.0890 4012 Beep - ok
11:38:21.0687 4012 BITS (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
11:38:21.0718 4012 BITS - ok
11:38:22.0921 4012 Browser (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
11:38:22.0937 4012 Browser - ok
11:38:24.0546 4012 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:38:24.0546 4012 cbidf2k - ok
11:38:25.0593 4012 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:38:25.0593 4012 CCDECODE - ok
11:38:26.0890 4012 cd20xrnt - ok
11:38:28.0468 4012 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:38:28.0484 4012 Cdaudio - ok
11:38:29.0984 4012 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:38:29.0984 4012 Cdfs - ok
11:38:30.0984 4012 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:38:30.0984 4012 Cdrom - ok
11:38:32.0500 4012 Changer - ok
11:38:33.0875 4012 CiSvc (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
11:38:33.0875 4012 CiSvc - ok
11:38:35.0359 4012 ClipSrv (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
11:38:35.0375 4012 ClipSrv - ok
11:38:35.0453 4012 clr_optimization_v2.0.50727_32 (3c4d595e7f9b747325aef28b4adcaae5) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:38:35.0468 4012 clr_optimization_v2.0.50727_32 - ok
11:38:36.0625 4012 CmdIde - ok
11:38:37.0656 4012 COMSysApp - ok
11:38:38.0781 4012 Cpqarray - ok
11:38:40.0421 4012 CryptSvc (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
11:38:40.0437 4012 CryptSvc - ok
11:38:41.0656 4012 dac2w2k - ok
11:38:42.0953 4012 dac960nt - ok
11:38:43.0984 4012 DcomLaunch (3d65eb82e1fa6db15a33e024c9e03cab) C:\WINDOWS\system32\rpcss.dll
11:38:44.0015 4012 DcomLaunch - ok
11:38:45.0406 4012 Dhcp (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
11:38:45.0406 4012 Dhcp - ok
11:38:46.0515 4012 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:38:46.0515 4012 Disk - ok
11:38:47.0578 4012 dmadmin - ok
11:38:48.0843 4012 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
11:38:48.0906 4012 dmboot - ok
11:38:50.0343 4012 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
11:38:50.0343 4012 dmio - ok
11:38:51.0687 4012 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:38:51.0687 4012 dmload - ok
11:38:52.0843 4012 dmserver (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
11:38:52.0843 4012 dmserver - ok
11:38:53.0968 4012 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:38:53.0984 4012 DMusic - ok
11:38:54.0953 4012 Dnscache (8a3ce3e2525e1a341fb25e4bdb648fa9) C:\WINDOWS\System32\dnsrslvr.dll
11:38:54.0953 4012 Dnscache - ok
11:38:55.0906 4012 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
11:38:55.0906 4012 Dot3svc - ok
11:38:57.0265 4012 dpti2o - ok
11:38:57.0343 4012 driverhardwarev2 (0f1189883690949ba7a9f68339587e51) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
11:38:57.0359 4012 driverhardwarev2 - ok
11:38:58.0531 4012 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:38:58.0531 4012 drmkaud - ok
11:38:59.0859 4012 e1express (1cd824a565dd4d3a33341f08a7ce44d9) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
11:38:59.0859 4012 e1express - ok
11:39:01.0046 4012 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
11:39:01.0062 4012 EapHost - ok
11:39:02.0031 4012 ERSvc (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
11:39:02.0046 4012 ERSvc - ok
11:39:03.0343 4012 Eventlog (54cb50058851d95e56ec70d09f70857f) C:\WINDOWS\system32\services.exe
11:39:03.0343 4012 Eventlog - ok
11:39:04.0609 4012 EventSystem (9fd4a0615bf3e9388a46edf8774c7294) C:\WINDOWS\system32\es.dll
11:39:04.0625 4012 EventSystem - ok
11:39:05.0781 4012 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:39:05.0796 4012 Fastfat - ok
11:39:06.0765 4012 FastUserSwitchingCompatibility (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
11:39:06.0765 4012 FastUserSwitchingCompatibility - ok
11:39:07.0625 4012 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:39:07.0640 4012 Fdc - ok
11:39:08.0921 4012 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
11:39:08.0921 4012 Fips - ok
11:39:10.0062 4012 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
11:39:10.0062 4012 Flpydisk - ok
11:39:10.0953 4012 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:39:10.0968 4012 FltMgr - ok
11:39:12.0062 4012 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:39:12.0062 4012 Fs_Rec - ok
11:39:13.0281 4012 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:39:13.0312 4012 Ftdisk - ok
11:39:14.0390 4012 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:39:14.0390 4012 Gpc - ok
11:39:14.0484 4012 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:39:14.0484 4012 gupdate - ok
11:39:14.0500 4012 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:39:14.0500 4012 gupdatem - ok
11:39:16.0078 4012 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:39:16.0078 4012 HDAudBus - ok
11:39:16.0953 4012 HECI (9c1a84cb7d209cbecb1909de4875e9d6) C:\WINDOWS\system32\DRIVERS\HECI.sys
11:39:16.0968 4012 HECI - ok
11:39:17.0046 4012 helpsvc (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:39:17.0062 4012 helpsvc - ok
11:39:18.0265 4012 HidServ (a3b9b4a68bc839ce5a264d5908092261) C:\WINDOWS\System32\hidserv.dll
11:39:18.0265 4012 HidServ - ok
11:39:19.0875 4012 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:39:19.0875 4012 hidusb - ok
11:39:20.0781 4012 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
11:39:20.0781 4012 hkmsvc - ok
11:39:21.0734 4012 hpn - ok
11:39:22.0546 4012 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
11:39:22.0546 4012 HTTP - ok
11:39:23.0515 4012 HTTPFilter (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
11:39:23.0515 4012 HTTPFilter - ok
11:39:24.0921 4012 i2omgmt - ok
11:39:27.0656 4012 i2omp - ok
11:39:28.0609 4012 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:39:28.0609 4012 i8042prt - ok
11:39:30.0156 4012 ialm (66a685b05066683621920bc14a45cfe8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
11:39:30.0468 4012 ialm - ok
11:39:32.0031 4012 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:39:32.0046 4012 Imapi - ok
11:39:33.0875 4012 ImapiService (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
11:39:33.0890 4012 ImapiService - ok
11:39:34.0546 4012 ini910u - ok
11:39:35.0484 4012 IntcAzAudAddService (58dabdef7a35f9e3ab1fabd2cbaf3d13) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:39:35.0531 4012 IntcAzAudAddService - ok
11:39:36.0140 4012 Intel(R) PROSet Monitoring Service (16508b07d708b92d74df6233cdc06e3c) C:\WINDOWS\system32\IProsetMonitor.exe
11:39:36.0140 4012 Intel(R) PROSet Monitoring Service - ok
11:39:36.0750 4012 IntelIde - ok
11:39:37.0390 4012 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:39:37.0390 4012 intelppm - ok
11:39:38.0015 4012 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:39:38.0015 4012 Ip6Fw - ok
11:39:38.0750 4012 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:39:38.0750 4012 IpFilterDriver - ok
11:39:39.0437 4012 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:39:39.0437 4012 IpInIp - ok
11:39:40.0031 4012 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:39:40.0031 4012 IpNat - ok
11:39:40.0671 4012 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:39:40.0671 4012 IPSec - ok
11:39:41.0281 4012 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:39:41.0281 4012 IRENUM - ok
11:39:41.0890 4012 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:39:41.0906 4012 isapnp - ok
11:39:41.0968 4012 JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Program Files\Java\jre6\bin\jqs.exe
11:39:41.0984 4012 JavaQuickStarterService - ok
11:39:42.0609 4012 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:39:42.0609 4012 Kbdclass - ok
11:39:43.0250 4012 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:39:43.0250 4012 kbdhid - ok
11:39:44.0609 4012 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:39:44.0609 4012 kmixer - ok
11:39:45.0234 4012 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
11:39:45.0234 4012 KSecDD - ok
11:39:45.0843 4012 LanmanServer (b206cee1cb4876cc59e2c3721e6034e3) C:\WINDOWS\System32\srvsvc.dll
11:39:45.0843 4012 LanmanServer - ok
11:39:46.0562 4012 lanmanworkstation (1e407456df47b04af13264becf3bc3f4) C:\WINDOWS\System32\wkssvc.dll
11:39:46.0562 4012 lanmanworkstation - ok
11:39:47.0031 4012 lbrtfdc - ok
11:39:47.0484 4012 LmHosts (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
11:39:47.0484 4012 LmHosts - ok
11:39:47.0953 4012 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
11:39:47.0953 4012 LVPr2Mon - ok
11:39:48.0031 4012 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcSrv.exe
11:39:48.0031 4012 LVPrcSrv - ok
11:39:48.0500 4012 LVRS (a1857fbb9b4930eeb2fd92386c45c529) C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:39:48.0500 4012 LVRS - ok
11:39:49.0093 4012 LVUVC (3703406af0726badd24c5e552493e5b1) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:39:49.0125 4012 LVUVC - ok
11:39:49.0203 4012 maconfservice (3137b276c48d77dc05b7592e156e2880) C:\Program Files\ma-config.com\maconfservice.exe
11:39:49.0203 4012 maconfservice - ok
11:39:49.0296 4012 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
11:39:49.0296 4012 McComponentHostService - ok
11:39:50.0375 4012 Messenger (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
11:39:50.0375 4012 Messenger - ok
11:39:51.0000 4012 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
11:39:51.0000 4012 Modem - ok
11:39:51.0671 4012 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:39:51.0671 4012 Mouclass - ok
11:39:52.0312 4012 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:39:52.0312 4012 mouhid - ok
11:39:52.0937 4012 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:39:52.0937 4012 MountMgr - ok
11:39:53.0578 4012 mraid35x - ok
11:39:54.0234 4012 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:39:54.0234 4012 MRxDAV - ok
11:39:54.0875 4012 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:39:54.0875 4012 MRxSmb - ok
11:39:55.0953 4012 MSDTC (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
11:39:55.0953 4012 MSDTC - ok
11:39:56.0578 4012 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:39:56.0578 4012 Msfs - ok
11:39:57.0156 4012 MSIServer - ok
11:39:57.0781 4012 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:39:57.0781 4012 MSKSSRV - ok
11:39:58.0406 4012 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:39:58.0406 4012 MSPCLOCK - ok
11:39:59.0031 4012 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:39:59.0031 4012 MSPQM - ok
11:39:59.0656 4012 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:39:59.0656 4012 mssmbios - ok
11:40:00.0296 4012 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:40:00.0296 4012 MSTEE - ok
11:40:00.0937 4012 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
11:40:00.0937 4012 Mup - ok
11:40:01.0562 4012 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:40:01.0578 4012 NABTSFEC - ok
11:40:02.0187 4012 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
11:40:02.0187 4012 napagent - ok
11:40:02.0828 4012 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:40:02.0828 4012 NDIS - ok
11:40:03.0468 4012 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:40:03.0468 4012 NdisIP - ok
11:40:04.0156 4012 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:40:04.0156 4012 NdisTapi - ok
11:40:04.0781 4012 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:40:04.0781 4012 Ndisuio - ok
11:40:05.0437 4012 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:40:05.0437 4012 NdisWan - ok
11:40:06.0156 4012 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
11:40:06.0156 4012 NDProxy - ok
11:40:06.0781 4012 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:40:06.0781 4012 NetBIOS - ok
11:40:07.0406 4012 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:40:07.0406 4012 NetBT - ok
11:40:08.0000 4012 NetDDE (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
11:40:08.0000 4012 NetDDE - ok
11:40:08.0015 4012 NetDDEdsdm (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
11:40:08.0015 4012 NetDDEdsdm - ok
11:40:08.0625 4012 Netlogon (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
11:40:08.0625 4012 Netlogon - ok
11:40:09.0218 4012 Netman (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
11:40:09.0218 4012 Netman - ok
11:40:09.0828 4012 Nla (196ccc3fdd21665dcaa9f83ffc03b41a) C:\WINDOWS\System32\mswsock.dll
11:40:09.0843 4012 Nla - ok
11:40:10.0468 4012 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:40:10.0468 4012 Npfs - ok
11:40:11.0093 4012 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:40:11.0140 4012 Ntfs - ok
11:40:11.0734 4012 NtLmSsp (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
11:40:11.0734 4012 NtLmSsp - ok
11:40:12.0328 4012 NtmsSvc (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
11:40:12.0343 4012 NtmsSvc - ok
11:40:12.0953 4012 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:40:12.0953 4012 Null - ok
11:40:13.0578 4012 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:40:13.0578 4012 NwlnkFlt - ok
11:40:14.0328 4012 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:40:14.0328 4012 NwlnkFwd - ok
11:40:14.0953 4012 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys
11:40:14.0953 4012 Parport - ok
11:40:15.0578 4012 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:40:15.0578 4012 PartMgr - ok
11:40:16.0187 4012 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
11:40:16.0187 4012 ParVdm - ok
11:40:16.0812 4012 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
11:40:16.0812 4012 PCI - ok
11:40:17.0406 4012 PCIDump - ok
11:40:18.0031 4012 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:40:18.0031 4012 PCIIde - ok
11:40:18.0656 4012 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:40:18.0656 4012 Pcmcia - ok
11:40:19.0250 4012 PDCOMP - ok
11:40:19.0843 4012 PDFRAME - ok
11:40:20.0437 4012 PDRELI - ok
11:40:21.0031 4012 PDRFRAME - ok
11:40:21.0625 4012 perc2 - ok
11:40:22.0218 4012 perc2hib - ok
11:40:22.0828 4012 PlugPlay (54cb50058851d95e56ec70d09f70857f) C:\WINDOWS\system32\services.exe
11:40:22.0828 4012 PlugPlay - ok
11:40:23.0437 4012 PolicyAgent (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
11:40:23.0437 4012 PolicyAgent - ok
11:40:24.0046 4012 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:40:24.0062 4012 PptpMiniport - ok
11:40:24.0640 4012 ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
11:40:24.0656 4012 ProtectedStorage - ok
11:40:25.0265 4012 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:40:25.0265 4012 PSched - ok
11:40:25.0890 4012 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:40:25.0890 4012 Ptilink - ok
11:40:26.0484 4012 ql1080 - ok
11:40:27.0078 4012 Ql10wnt - ok
11:40:28.0031 4012 ql12160 - ok
11:40:29.0359 4012 ql1240 - ok
11:40:30.0703 4012 ql1280 - ok
11:40:32.0218 4012 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:40:32.0218 4012 RasAcd - ok
11:40:32.0828 4012 RasAuto (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
11:40:32.0828 4012 RasAuto - ok
11:40:33.0453 4012 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:40:33.0453 4012 Rasl2tp - ok
11:40:34.0062 4012 RasMan (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
11:40:34.0062 4012 RasMan - ok
11:40:34.0687 4012 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:40:34.0687 4012 RasPppoe - ok
11:40:35.0328 4012 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:40:35.0328 4012 Raspti - ok
11:40:35.0953 4012 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:40:35.0953 4012 Rdbss - ok
11:40:36.0578 4012 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:40:36.0578 4012 RDPCDD - ok
11:40:37.0203 4012 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:40:37.0218 4012 rdpdr - ok
11:40:37.0843 4012 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
11:40:37.0843 4012 RDPWD - ok
11:40:38.0453 4012 RDSessMgr (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
11:40:38.0453 4012 RDSessMgr - ok
11:40:39.0078 4012 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:40:39.0078 4012 redbook - ok
11:40:39.0687 4012 RemoteAccess (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
11:40:39.0687 4012 RemoteAccess - ok
11:40:40.0281 4012 RemoteRegistry (e598d81197e2e0ec42a0c55772bb00e8) C:\WINDOWS\system32\regsvc.dll
11:40:40.0281 4012 RemoteRegistry - ok
11:40:40.0890 4012 RpcLocator (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
11:40:40.0890 4012 RpcLocator - ok
11:40:41.0515 4012 RpcSs (3d65eb82e1fa6db15a33e024c9e03cab) C:\WINDOWS\system32\rpcss.dll
11:40:41.0515 4012 RpcSs - ok
11:40:42.0125 4012 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
11:40:42.0140 4012 RSVP - ok
11:40:42.0765 4012 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys
11:40:42.0781 4012 RT73 - ok
11:40:43.0390 4012 SamSs (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
11:40:43.0390 4012 SamSs - ok
11:40:44.0000 4012 SCardSvr (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
11:40:44.0015 4012 SCardSvr - ok
11:40:44.0625 4012 Schedule (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
11:40:44.0625 4012 Schedule - ok
11:40:45.0250 4012 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:40:45.0250 4012 Secdrv - ok
11:40:45.0859 4012 seclogon (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
11:40:45.0859 4012 seclogon - ok
11:40:46.0484 4012 SENS (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
11:40:46.0484 4012 SENS - ok
11:40:47.0109 4012 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:40:47.0109 4012 serenum - ok
11:40:47.0750 4012 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
11:40:47.0750 4012 Serial - ok
11:40:48.0375 4012 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:40:48.0375 4012 Sfloppy - ok
11:40:48.0968 4012 SharedAccess (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
11:40:48.0984 4012 SharedAccess - ok
11:40:49.0578 4012 ShellHWDetection (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
11:40:49.0578 4012 ShellHWDetection - ok
11:40:50.0187 4012 Simbad - ok
11:40:50.0250 4012 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
11:40:50.0250 4012 SkypeUpdate - ok
11:40:50.0875 4012 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:40:50.0875 4012 SLIP - ok
11:40:51.0468 4012 Sparrow - ok
11:40:52.0078 4012 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:40:52.0078 4012 splitter - ok
11:40:52.0687 4012 Spooler (460e4ce148bd07218da0b6a3d31885a9) C:\WINDOWS\system32\spoolsv.exe
11:40:52.0687 4012 Spooler - ok
11:40:53.0343 4012 sptd (7f1b7c4d446cd3f926af45b8c48bd593) C:\WINDOWS\system32\Drivers\sptd.sys
11:40:53.0359 4012 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 7f1b7c4d446cd3f926af45b8c48bd593
11:40:53.0359 4012 sptd ( LockedFile.Multi.Generic ) - warning
11:40:53.0359 4012 sptd - detected LockedFile.Multi.Generic (1)
11:40:53.0984 4012 Sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
11:40:53.0984 4012 Sr - ok
11:40:54.0609 4012 srservice (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
11:40:54.0609 4012 srservice - ok
11:40:55.0250 4012 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
11:40:55.0250 4012 Srv - ok
11:40:55.0859 4012 SSDPSRV (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
11:40:55.0875 4012 SSDPSRV - ok
11:40:56.0484 4012 stisvc (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
11:40:56.0484 4012 stisvc - ok
11:40:57.0109 4012 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:40:57.0109 4012 streamip - ok
11:40:57.0734 4012 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:40:57.0734 4012 swenum - ok
11:40:57.0859 4012 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
11:40:57.0875 4012 SwitchBoard - ok
11:40:58.0515 4012 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:40:58.0515 4012 swmidi - ok
11:40:59.0109 4012 SwPrv - ok
11:40:59.0703 4012 symc810 - ok
11:41:00.0312 4012 symc8xx - ok
11:41:00.0921 4012 sym_hi - ok
11:41:01.0546 4012 sym_u3 - ok
11:41:02.0171 4012 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:41:02.0171 4012 sysaudio - ok
11:41:02.0765 4012 SysmonLog (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
11:41:02.0781 4012 SysmonLog - ok
11:41:03.0000 4012 TabletServiceWacom (68261a8395cda72bcae3ce4ac0dd5caf) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
11:41:03.0140 4012 TabletServiceWacom - ok
11:41:03.0812 4012 TapiSrv (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
11:41:03.0812 4012 TapiSrv - ok
11:41:04.0437 4012 Tcpip (accf5a9a1ffaa490f33dba1c632b95e1) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:41:04.0453 4012 Tcpip - ok
11:41:05.0078 4012 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:41:05.0078 4012 TDPIPE - ok
11:41:05.0703 4012 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:41:05.0703 4012 TDTCP - ok
11:41:06.0312 4012 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:41:06.0328 4012 TermDD - ok
11:41:06.0968 4012 TermService (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
11:41:06.0984 4012 TermService - ok
11:41:07.0578 4012 Themes (b9f20d71e5b6ce89a7a94b38351fdbdc) C:\WINDOWS\System32\shsvcs.dll
11:41:07.0593 4012 Themes - ok
11:41:08.0187 4012 TlntSvr (d859a9d2f026ce5804485068ffd6eaf2) C:\WINDOWS\system32\tlntsvr.exe
11:41:08.0203 4012 TlntSvr - ok
11:41:08.0796 4012 TosIde - ok
11:41:09.0406 4012 TrkWks (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
11:41:09.0421 4012 TrkWks - ok
11:41:10.0046 4012 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:41:10.0046 4012 Udfs - ok
11:41:10.0656 4012 ultra - ok
11:41:11.0328 4012 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:41:11.0328 4012 Update - ok
11:41:11.0937 4012 upnphost (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
11:41:11.0953 4012 upnphost - ok
11:41:12.0593 4012 UPS (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
11:41:12.0593 4012 UPS - ok
11:41:13.0234 4012 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:41:13.0234 4012 usbaudio - ok
11:41:13.0859 4012 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:41:13.0859 4012 usbccgp - ok
11:41:14.0484 4012 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:41:14.0484 4012 usbehci - ok
11:41:15.0109 4012 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:41:15.0109 4012 usbhub - ok
11:41:15.0734 4012 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:41:15.0734 4012 usbscan - ok
11:41:16.0390 4012 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:41:16.0390 4012 USBSTOR - ok
11:41:17.0015 4012 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:41:17.0015 4012 usbuhci - ok
11:41:17.0640 4012 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
11:41:17.0640 4012 usbvideo - ok
11:41:18.0265 4012 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:41:18.0265 4012 VgaSave - ok
11:41:18.0875 4012 ViaIde - ok
11:41:19.0500 4012 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
11:41:19.0500 4012 VolSnap - ok
11:41:20.0109 4012 VSS (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
11:41:20.0125 4012 VSS - ok
11:41:20.0750 4012 W32Time (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
11:41:20.0750 4012 W32Time - ok
11:41:21.0375 4012 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
11:41:21.0375 4012 wacmoumonitor - ok
11:41:21.0984 4012 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11:41:22.0000 4012 wacommousefilter - ok
11:41:22.0609 4012 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
11:41:22.0609 4012 wacomvhid - ok
11:41:23.0218 4012 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:41:23.0234 4012 Wanarp - ok
11:41:23.0843 4012 WDICA - ok
11:41:24.0468 4012 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:41:24.0468 4012 wdmaud - ok
11:41:25.0078 4012 WebClient (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
11:41:25.0078 4012 WebClient - ok
11:41:25.0718 4012 winmgmt (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
11:41:25.0718 4012 winmgmt - ok
11:41:26.0328 4012 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
11:41:26.0328 4012 WmdmPmSN - ok
11:41:26.0953 4012 Wmi (cfd8dd457e2e2d4b62cc36676acc2a7d) C:\WINDOWS\System32\advapi32.dll
11:41:26.0984 4012 Wmi - ok
11:41:27.0593 4012 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
11:41:27.0593 4012 WmiAcpi - ok
11:41:28.0218 4012 WmiApSrv (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:41:28.0218 4012 WmiApSrv - ok
11:41:28.0328 4012 WMPNetworkSvc (c9bea742ce225cc993c9465fddae4656) C:\Program Files\Windows Media Player\WMPNetwk.exe
11:41:28.0359 4012 WMPNetworkSvc - ok
11:41:28.0968 4012 wscsvc (c1fd85db4a80a98d60ecb7a828e77fe0) C:\WINDOWS\system32\wscsvc.dll
11:41:28.0968 4012 wscsvc - ok
11:41:29.0609 4012 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:41:29.0609 4012 WSTCODEC - ok
11:41:30.0218 4012 wuauserv (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
11:41:30.0218 4012 wuauserv - ok
11:41:30.0859 4012 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:41:30.0859 4012 WudfPf - ok
11:41:31.0484 4012 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:41:31.0484 4012 WudfRd - ok
11:41:32.0093 4012 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
11:41:32.0093 4012 WudfSvc - ok
11:41:32.0703 4012 WZCSVC (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
11:41:32.0750 4012 WZCSVC - ok
11:41:33.0359 4012 xmlprov (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
11:41:33.0359 4012 xmlprov - ok
11:41:33.0390 4012 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:41:33.0531 4012 \Device\Harddisk0\DR0 - ok
11:41:33.0562 4012 Boot (0x1200) (1fd6b247fe52b029c50a711a06a6ed51) \Device\Harddisk0\DR0\Partition0
11:41:33.0562 4012 \Device\Harddisk0\DR0\Partition0 - ok
11:41:33.0562 4012 Boot (0x1200) (62de92f832be8597baa280b4231d7fcd) \Device\Harddisk0\DR0\Partition1
11:41:33.0562 4012 \Device\Harddisk0\DR0\Partition1 - ok
11:41:33.0562 4012 ============================================================
11:41:33.0562 4012 Scan finished
11:41:33.0562 4012 ============================================================
11:41:33.0578 4004 Detected object count: 1
11:41:33.0578 4004 Actual detected object count: 1
11:41:57.0968 4004 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:41:57.0968 4004 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:42:07.0515 3884 Deinitialize success


Que dois je faire a présent?

Merci de ta réponse
0
Utilisateur anonyme
3 avril 2012 à 18:39
Bonsoir

Poste moi un nouveau rapport Roguekiller option scan

Merci

@+
0
bonsoir

Voici le rapport du scan:

RogueKiller V7.3.2 [20/03/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Administrateur [Droits d'admin]
Mode: Recherche -- Date: 03/04/2012 19:05:42

¤¤¤ Processus malicieux: 1 ¤¤¤
[SUSP PATH] uWCRRCjJmKaKb.exe -- C:\Documents and Settings\All Users\Application Data\uWCRRCjJmKaKb.exe -> KILLED [TermProc]

¤¤¤ Entrees de registre: 17 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : uWCRRCjJmKaKb.exe (C:\Documents and Settings\All Users\Application Data\uWCRRCjJmKaKb.exe) -> FOUND
[HJPOL] HKCU\[...]\Explorer : NoDesktop (1) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyComputer (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSearch (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)
IRP[IRP_MJ_DEVICE_CHANGE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9DFEB40)

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 activate.adobe.com


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++
--- User ---
[MBR] b6fccd1133dfdcd368e0de0f749b6295
[BSP] 6ab81512ed7b103b5f7d01d89b81ec91 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 16065 | Size: 36993 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 75778605 | Size: 115624 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt


Merci a toi

a tanto
0
Utilisateur anonyme
3 avril 2012 à 20:14
Re

Relance Roguekiller option suppression et Racc RAZ.

Poste moi ces deux rapports

Merci

@+
0
Re bonsoir,

Alors ce soir un ami est venu pour jeter un coup d'oeil et il a lancer Combofix (mise a jour du 03/04/12) puis apres il a réussit a virer deux fichier a la source (SMARTHDD me semble t-il et un autre associé)
Depuis mes données ne sont plus cachées, et au dernier scan de malwarebytes il n'y aurait plus de virus

Faut il que je fasse par précaution un nouveau scan de RogueKiller?

Merci a toi
0
Utilisateur anonyme
4 avril 2012 à 18:27
Bonsoir

Je te laisse gérer avec ton ami.

@+
0