Sujet Précédent Sujet Suivant

Virus gendarmerie et cd restauration manquant

Fermé
keelin - 8 avril 2012 à 00:28
 Utilisateur anonyme - 9 avril 2012 à 14:55
Bonjour,
ben oui, je l'ai chopé moi aussi, sauf que je suis en allemagne et que mon ordi n'affichait jusqu'a tout à l'heure plus qu'une seule page avec le logo de la SACEM allemande et me disant que pour eviter des poursuites judiciaires par apport au contenu de mon ordi, fallait payer 50 euros. Je suppose que c'est l'equivalent de virus gendarmerie dont tout le monde parle. Le problème, 'est que je ne peux pas lancer la restauration système, j'ai déménagé il y a trois semaines et comme je ne pouvais emmener au premier voyage que la moitié des cartons, celui avec le fameux cd et resté à 2000 bornes d'ici...
j'ai fait redemarrer avec la dernière bonne configuration connue et depuis j'ai droit a mon fond d'écran et rien d'autre, au moins j'arrive à lancer quelques programmes en passant par Ctr+alt+Supp puis nouvelle tâche. j'ai pu faire un rapport HJ que je poste ici en espérant que quelqu'un pourra m'aider:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:15:09, on 08/04/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\HJ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
F2 - REG:system.ini: Shell=C:\WINDOWS\Temp\anyfyr\setup.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Fichiers communs\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [EPSON BX305 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGJE.EXE /FU "C:\WINDOWS\TEMP\E_S5C.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PC Health Status] C:\Documents and Settings\NetworkService\Application Data\fokrqdnd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
A voir également:

39 réponses

  • 1
  • 2
Réponse 1 / 39
hyuga59 Messages postés 287 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 25 mai 2012 53
8 avril 2012 à 00:45
Salut,



Vu que tu as accès à ton bureau,


Télécharge sur le bureau https://www.luanagames.com/index.fr.html (by tigzy)
Quitte tous les programmes
Lance RogueKiller.exe.
Attend que le Prescan soit terminé
Clique sur Scan. Clique sur Rapport et copie colle le contenu du rapport obtenu dans ton prochain message
0
Réponse 2 / 39
keelin
8 avril 2012 à 01:04
je me suis mal exprimmé, j'ai accès a mon fond d'écran sans bureau dessus, mais comme le rogue killer se lance automatiquement après telechargement:

RogueKiller V7.3.2 [03/20/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Dora [Droits d'admin]
Mode: Recherche -- Date: 04/08/2012 00:40:09

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 53 ¤¤¤
[SUSP PATH] HKUS\.DEFAULT[...]\Run : PC Health Status (C:\Documents and Settings\NetworkService\Application Data\fokrqdnd.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Run : PC Health Status (C:\Documents and Settings\NetworkService\Application Data\fokrqdnd.exe) -> FOUND
[SUSP PATH] HKLM\[...]\Winlogon : Shell (C:\WINDOWS\Temp\anyfyr\setup.exe) -> FOUND
[SUSP PATH] At16.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At15.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At14.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At13.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At12.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At11.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At10.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At1.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At25.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At24.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At23.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At22.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At21.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At20.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At2.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At19.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At18.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At17.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At34.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At33.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At32.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At31.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At30.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At3.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At29.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At28.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At27.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At26.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At43.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At42.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At41.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At40.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At4.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At39.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At38.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At37.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At36.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At35.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At9.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At8.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At7.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At6.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At5.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> FOUND
[SUSP PATH] At48.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At47.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At46.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At45.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[SUSP PATH] At44.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[FAKED] afd.sys : c:\windows\system32\drivers\afd.sys --> CANNOT FIX
[FAKED] nvsnpu.sys : c:\windows\system32\drivers\nvsnpu.sys --> CANNOT FIX

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3320820AS +++++
--- User ---
[MBR] 85bd6c7bd6d2ae801795a5f96ea4be42
[BSP] 7876a01a209a2dfe6b2a1cacf0246906 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 3 / 39
hyuga59 Messages postés 287 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 25 mai 2012 53
8 avril 2012 à 01:15
Re,


Tu es également infecté par zero access


Relance RogueKiller puis choisis"Suppression" ensuite "RAZ host" et poste les deux rapports correspondants à ces 2 options.
0
Réponse 4 / 39
keelin
8 avril 2012 à 01:17
mode suppression:
RogueKiller V7.3.2 [03/20/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Dora [Droits d'admin]
Mode: Suppression -- Date: 04/09/2012 01:15:17

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 52 ¤¤¤
[SUSP PATH] HKUS\.DEFAULT[...]\Run : PC Health Status (C:\Documents and Settings\NetworkService\Application Data\fokrqdnd.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Winlogon : Shell (C:\WINDOWS\Temp\anyfyr\setup.exe) -> REPLACED (Explorer.exe)
[SUSP PATH] At16.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At15.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At14.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At13.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At12.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At11.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At10.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At1.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At25.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At24.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At23.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At22.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At21.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At20.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At2.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At19.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At18.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At17.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At34.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At33.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At32.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At31.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At30.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At3.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At29.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At28.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At27.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At26.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At43.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At42.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At41.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At40.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At4.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At39.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At38.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At37.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At36.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At35.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At9.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At8.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At7.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At6.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At5.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe -> DELETED
[SUSP PATH] At48.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At47.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At46.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At45.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[SUSP PATH] At44.job @ : C:\Documents and Settings\All Users\Application Data\y7COdfne.exe_ -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[FAKED] afd.sys : c:\windows\system32\drivers\afd.sys --> CANNOT FIX
[FAKED] nvsnpu.sys : c:\windows\system32\drivers\nvsnpu.sys --> CANNOT FIX

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤
[ZeroAccess] (LOCKED) windir\NtUpdateKBxxxx present!

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: ST3320820AS +++++
--- User ---
[MBR] 85bd6c7bd6d2ae801795a5f96ea4be42
[BSP] 7876a01a209a2dfe6b2a1cacf0246906 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 39
keelin
8 avril 2012 à 01:18
Mode RAZ Host

RogueKiller V7.3.2 [03/20/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: Dora [Droits d'admin]
Mode: HOSTS RAZ -- Date: 05/08/2012 00:17:02

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ Nouveau fichier HOSTS: ¤¤¤
127.0.0.1 localhost

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
0
Réponse 6 / 39
keelin
8 avril 2012 à 01:19
merci de ton aide!!
0
Réponse 7 / 39
hyuga59 Messages postés 287 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 25 mai 2012 53
8 avril 2012 à 01:31
Re,


Télécharge TDSSKiller sur ton bureau :
Merci à Electricien pour le tuto qui suit


https://support.kaspersky.com/downloads/utils/tdsskiller.exe

* Lance le ( Utilisateurs de vista/Seven -> Clic droit puis " Exécuter en tant qu'administrateur " )

* Clique sur [Start Scan] pour démarrer l'analyse.

* Si des élements sont trouvés, cliques sur [Continue] puis sur [Reboot Now]

* Un rapport s'ouvrira au redémarrage du PC.

* Copie/Colle son contenu dans ta prochaine réponse.

Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt.

note :
Conserve l'action proposée par défaut par l'outil :

- Si TDSS.tdl2 : l'option Delete sera cochée.
- Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
- Si "Suspicious object" ou Sptd ou ForgedFile.Multi.Generic : laisse l'option cochée sur Skip
- Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas:D
0
Réponse 8 / 39
keelin
8 avril 2012 à 02:09
le demarage n'a pas fonctionné, du coup j'ai été obligé d'éteindre puis de rallumer l'ordi et du coup pas de rapport qui s'affiche...
0
Réponse 9 / 39
keelin
8 avril 2012 à 02:21
du coup j'ai répété l'opération et ce coup ci l'ordi a réussit a redemarrer, entre temps (depuis rogue killer) l'ordi fonctionne déjà mieux, il à l'air de fonctionner noramelent, mais avg me prévient quand même toutes les 5 minutes qu'il y a une infection.
par contre, toujours pas de rapport qui s'affiche au démarage... une idée ou je pourrais le trouver?
0
Réponse 10 / 39
hyuga59 Messages postés 287 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 25 mai 2012 53
Modifié par hyuga59 le 8/04/2012 à 02:29
Re,


Regarde içi:

C:\TDSSKiller.N°deversion_Date_Heure_log.txt.


On va diagnostic de ton PC

Télécharge ZHPDiag sur ton bureau :


https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Héberge le rapport ZHPDiag.txt sur Cjoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :

https://www.cjoint.com/ => https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers
0
Réponse 11 / 39
keelin
8 avril 2012 à 02:30
j'en ai trouvé 3, je te les met par ordre chronologique... donc à 1:41, premier rapport:
01:41:17.0546 1692 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
01:41:18.0015 1692 ============================================================
01:41:18.0015 1692 Current date / time: 2012/04/08 01:41:18.0015
01:41:18.0015 1692 SystemInfo:
01:41:18.0015 1692
01:41:18.0015 1692 OS Version: 5.1.2600 ServicePack: 2.0
01:41:18.0015 1692 Product type: Workstation
01:41:18.0015 1692 ComputerName: NOM-14AAC46F927
01:41:18.0015 1692 UserName: Dora
01:41:18.0015 1692 Windows directory: C:\WINDOWS
01:41:18.0015 1692 System windows directory: C:\WINDOWS
01:41:18.0015 1692 Processor architecture: Intel x86
01:41:18.0015 1692 Number of processors: 2
01:41:18.0015 1692 Page size: 0x1000
01:41:18.0015 1692 Boot type: Normal boot
01:41:18.0015 1692 ============================================================
01:41:18.0640 1692 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:41:18.0703 1692 \Device\Harddisk0\DR0:
01:41:18.0703 1692 MBR used
01:41:18.0703 1692 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
01:41:18.0750 1692 Initialize success
01:41:18.0750 1692 ============================================================
01:41:25.0109 0484 ============================================================
01:41:25.0109 0484 Scan started
01:41:25.0109 0484 Mode: Manual;
01:41:25.0109 0484 ============================================================
01:41:25.0281 0484 Abiosdsk - ok
01:41:25.0343 0484 abp480n5 - ok
01:41:25.0437 0484 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:41:25.0437 0484 ACPI - ok
01:41:25.0515 0484 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
01:41:25.0515 0484 ACPIEC - ok
01:41:25.0609 0484 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:41:25.0625 0484 AdobeFlashPlayerUpdateSvc - ok
01:41:25.0640 0484 adpu160m - ok
01:41:25.0687 0484 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
01:41:25.0687 0484 aec - ok
01:41:25.0750 0484 AFD (5ea63579ec9ee25f461b2f32063e2dc4) C:\WINDOWS\System32\drivers\afd.sys
01:41:25.0765 0484 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 5ea63579ec9ee25f461b2f32063e2dc4, Fake md5: 55e6e1c51b6d30e54335750955453702
01:41:25.0765 0484 AFD ( Virus.Win32.ZAccess.aml ) - infected
01:41:25.0765 0484 AFD - detected Virus.Win32.ZAccess.aml (0)
01:41:25.0796 0484 Aha154x - ok
01:41:25.0859 0484 aic78u2 - ok
01:41:25.0906 0484 aic78xx - ok
01:41:25.0953 0484 Alerter (d1b6794bc9c2fca07378cc2d7afee189) C:\WINDOWS\system32\alrsvc.dll
01:41:25.0968 0484 Alerter - ok
01:41:26.0046 0484 ALG (2fe681d10c5fc343dbbc0610b8dd4d24) C:\WINDOWS\System32\alg.exe
01:41:26.0046 0484 ALG - ok
01:41:26.0062 0484 AliIde - ok
01:41:26.0125 0484 ALYac_PZSrv (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\eaphost.dll
01:41:26.0187 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\eaphost.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:26.0187 0484 ALYac_PZSrv ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:26.0187 0484 ALYac_PZSrv - detected Backdoor.Multi.ZAccess.gen (0)
01:41:26.0265 0484 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
01:41:26.0265 0484 AmdK8 - ok
01:41:26.0281 0484 amsint - ok
01:41:26.0343 0484 AppMgmt (ce66077813d83c2d6908cdc64ae7e55a) C:\WINDOWS\System32\appmgmts.dll
01:41:26.0343 0484 AppMgmt - ok
01:41:26.0375 0484 aracpi (c195c48aebcc2891550c1167b3e3f658) C:\WINDOWS\system32\DRIVERS\aracpi.sys
01:41:26.0375 0484 aracpi - ok
01:41:26.0437 0484 arhidfltr (7de52fcde9468ee55c2e9a9492373a08) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
01:41:26.0453 0484 arhidfltr - ok
01:41:26.0484 0484 arkbcfltr (7ecd19a1e174fac4ac14a74910c0433b) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
01:41:26.0484 0484 arkbcfltr - ok
01:41:26.0531 0484 armoucfltr (cb37867bf77e8e95df759ca7680487e5) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
01:41:26.0531 0484 armoucfltr - ok
01:41:26.0593 0484 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
01:41:26.0593 0484 Arp1394 - ok
01:41:26.0656 0484 ARPolicy (ef05d0cc4061f790a6e0ffe03b585600) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
01:41:26.0656 0484 ARPolicy - ok
01:41:26.0687 0484 ARSVC (9f9aa480baaf48695b920c425ffe5425) C:\WINDOWS\arservice.exe
01:41:27.0562 0484 ARSVC - ok
01:41:27.0625 0484 asc - ok
01:41:27.0671 0484 asc3350p - ok
01:41:27.0703 0484 asc3550 - ok
01:41:27.0875 0484 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
01:41:27.0890 0484 aspnet_state - ok
01:41:27.0953 0484 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:41:27.0968 0484 AsyncMac - ok
01:41:28.0000 0484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
01:41:28.0000 0484 atapi - ok
01:41:28.0031 0484 Atdisk - ok
01:41:28.0140 0484 Ati HotKey Poller (688e49afef3a07fca943250d6a9729aa) C:\WINDOWS\system32\Ati2evxx.exe
01:41:28.0140 0484 Ati HotKey Poller - ok
01:41:28.0296 0484 ati2mtag (86a7a22f3670465ef575614e001159c0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
01:41:28.0359 0484 ati2mtag - ok
01:41:28.0453 0484 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:41:28.0453 0484 Atmarpc - ok
01:41:28.0531 0484 AudioSrv (32957b7b46cbe2066c47febc7e56050e) C:\WINDOWS\System32\audiosrv.dll
01:41:28.0531 0484 AudioSrv - ok
01:41:28.0593 0484 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
01:41:28.0593 0484 audstub - ok
01:41:28.0718 0484 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
01:41:28.0734 0484 avg9wd - ok
01:41:28.0796 0484 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
01:41:28.0812 0484 AvgLdx86 - ok
01:41:28.0843 0484 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
01:41:28.0843 0484 AvgMfx86 - ok
01:41:28.0859 0484 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
01:41:28.0875 0484 AvgRkx86 - ok
01:41:28.0890 0484 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
01:41:28.0906 0484 AvgTdiX - ok
01:41:28.0906 0484 b57w2k - ok
01:41:28.0953 0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
01:41:28.0953 0484 Beep - ok
01:41:28.0968 0484 bgsvcgen - ok
01:41:29.0078 0484 BITS (87424817f82cf6a7f55dac01a20111a3) C:\WINDOWS\system32\qmgr.dll
01:41:29.0140 0484 BITS - ok
01:41:29.0187 0484 bltrust - ok
01:41:29.0250 0484 BlueSoleilCS - ok
01:41:29.0343 0484 Browser (ce9dc7cc6d75515ee62ca341473ec5f3) C:\WINDOWS\System32\browser.dll
01:41:29.0343 0484 Browser - ok
01:41:29.0375 0484 bthpan - ok
01:41:29.0421 0484 btserial - ok
01:41:29.0421 0484 catchme - ok
01:41:29.0484 0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
01:41:29.0484 0484 cbidf2k - ok
01:41:29.0546 0484 CBTNDIS5 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\ppmoucls.dll
01:41:29.0562 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\ppmoucls.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:29.0562 0484 CBTNDIS5 ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:29.0562 0484 CBTNDIS5 - detected Backdoor.Multi.ZAccess.gen (0)
01:41:29.0671 0484 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Program Files\Canon\CAL\CALMAIN.exe
01:41:29.0671 0484 CCALib8 - ok
01:41:29.0734 0484 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
01:41:29.0734 0484 CCDECODE - ok
01:41:29.0765 0484 cd20xrnt - ok
01:41:29.0781 0484 CdaC15BA - ok
01:41:29.0875 0484 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
01:41:29.0875 0484 Cdaudio - ok
01:41:29.0937 0484 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
01:41:29.0937 0484 Cdfs - ok
01:41:29.0968 0484 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:41:29.0984 0484 Cdrom - ok
01:41:30.0000 0484 Changer - ok
01:41:30.0093 0484 CiSvc (d24f6382f5171b07705364812e9459e2) C:\WINDOWS\system32\cisvc.exe
01:41:30.0093 0484 CiSvc - ok
01:41:30.0156 0484 ClipSrv (711db3a49efde3e2640cdb782d478628) C:\WINDOWS\system32\clipsrv.exe
01:41:30.0156 0484 ClipSrv - ok
01:41:30.0281 0484 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:41:30.0343 0484 clr_optimization_v2.0.50727_32 - ok
01:41:30.0390 0484 CmdIde - ok
01:41:30.0453 0484 COMSysApp - ok
01:41:30.0515 0484 Cpqarray - ok
01:41:30.0546 0484 cpqnicmgmt - ok
01:41:30.0593 0484 cqmghost - ok
01:41:30.0703 0484 CryptSvc (bddf3723d95dc28d78b1e93119e0e6ab) C:\WINDOWS\System32\cryptsvc.dll
01:41:30.0703 0484 CryptSvc - ok
01:41:30.0750 0484 dac2w2k - ok
01:41:30.0812 0484 dac960nt - ok
01:41:30.0843 0484 DCamUSBGrandTek - ok
01:41:30.0937 0484 DcomLaunch (ba1ef616f55210820f6462d033088497) C:\WINDOWS\system32\rpcss.dll
01:41:30.0937 0484 DcomLaunch - ok
01:41:31.0000 0484 DevUpper - ok
01:41:31.0078 0484 Dhcp (b9d04e1839d82a2f512c180177773eec) C:\WINDOWS\System32\dhcpcsvc.dll
01:41:31.0078 0484 Dhcp - ok
01:41:31.0140 0484 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
01:41:31.0140 0484 Disk - ok
01:41:31.0171 0484 dmadmin - ok
01:41:31.0250 0484 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
01:41:31.0281 0484 dmboot - ok
01:41:31.0328 0484 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\DRIVERS\dmio.sys
01:41:31.0343 0484 dmio - ok
01:41:31.0390 0484 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
01:41:31.0390 0484 dmload - ok
01:41:31.0437 0484 dmserver (316c1bab74ca10613ab2da46a2ef3e47) C:\WINDOWS\System32\dmserver.dll
01:41:31.0453 0484 dmserver - ok
01:41:31.0468 0484 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
01:41:31.0484 0484 DMusic - ok
01:41:31.0515 0484 Dnscache (8d4d8d797cde07a7ec53c8992bf3e95f) C:\WINDOWS\System32\dnsrslvr.dll
01:41:31.0515 0484 Dnscache - ok
01:41:31.0593 0484 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
01:41:31.0593 0484 Dot3svc - ok
01:41:31.0640 0484 dpti2o - ok
01:41:31.0734 0484 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
01:41:31.0734 0484 drmkaud - ok
01:41:31.0781 0484 e100b (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\mcafeeantispyware.dll
01:41:31.0812 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\mcafeeantispyware.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:31.0812 0484 e100b ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:31.0812 0484 e100b - detected Backdoor.Multi.ZAccess.gen (0)
01:41:31.0828 0484 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
01:41:31.0828 0484 EapHost - ok
01:41:31.0906 0484 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
01:41:31.0906 0484 ehRecvr - ok
01:41:31.0953 0484 ehSched (980eeea91776357518892c5544768e2b) C:\WINDOWS\eHome\ehSched.exe
01:41:31.0953 0484 ehSched - ok
01:41:32.0000 0484 ERSvc (be3ce05230890e1baf8f0dd09d7a00fe) C:\WINDOWS\System32\ersvc.dll
01:41:32.0000 0484 ERSvc - ok
01:41:32.0062 0484 Eventlog (51a24094f076961a7ff73e5f7e991d68) C:\WINDOWS\system32\services.exe
01:41:32.0062 0484 Eventlog - ok
01:41:32.0125 0484 EventSystem (a5b1b7c76134329aa7547f6e6da35410) C:\WINDOWS\system32\es.dll
01:41:32.0125 0484 EventSystem - ok
01:41:32.0156 0484 F700ius - ok
01:41:32.0234 0484 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
01:41:32.0234 0484 Fastfat - ok
01:41:32.0296 0484 FastUserSwitchingCompatibility (b590e69a45ae8fcbf7ddade89cce3588) C:\WINDOWS\System32\shsvcs.dll
01:41:32.0296 0484 FastUserSwitchingCompatibility - ok
01:41:32.0328 0484 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
01:41:32.0328 0484 Fdc - ok
01:41:32.0359 0484 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
01:41:32.0359 0484 Fips - ok
01:41:32.0390 0484 FirePM - ok
01:41:32.0484 0484 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:41:32.0546 0484 FLEXnet Licensing Service - ok
01:41:32.0609 0484 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
01:41:32.0609 0484 Flpydisk - ok
01:41:32.0656 0484 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
01:41:32.0656 0484 FltMgr - ok
01:41:32.0781 0484 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
01:41:32.0796 0484 FontCache3.0.0.0 - ok
01:41:32.0875 0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:41:32.0875 0484 Fs_Rec - ok
01:41:32.0953 0484 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:41:32.0968 0484 Ftdisk - ok
01:41:32.0984 0484 ftrtsvc - ok
01:41:33.0015 0484 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
01:41:33.0015 0484 GEARAspiWDM - ok
01:41:33.0015 0484 GMSIPCI - ok
01:41:33.0093 0484 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:41:33.0093 0484 Gpc - ok
01:41:33.0140 0484 HCW88AUD (ce79da76673df8a01e93b2668e3dbbef) C:\WINDOWS\system32\drivers\hcw88aud.sys
01:41:33.0156 0484 HCW88AUD - ok
01:41:33.0203 0484 HCW88BDA (be6f852fb3a7143bdecc83cac0023920) C:\WINDOWS\system32\drivers\hcw88bda.sys
01:41:33.0203 0484 HCW88BDA - ok
01:41:33.0265 0484 HCW88TSE (9e461f4dba9f1343c4c49a12c035c481) C:\WINDOWS\system32\drivers\hcw88tse.sys
01:41:33.0265 0484 HCW88TSE - ok
01:41:33.0312 0484 HCW88TUNE (d837bfe5f2c70a83ce66530816f96d95) C:\WINDOWS\system32\drivers\hcw88tun.sys
01:41:33.0312 0484 HCW88TUNE - ok
01:41:33.0359 0484 hcw88vid (74aa23064b0bb15eac52a3f7bca8f50c) C:\WINDOWS\system32\drivers\hcw88vid.sys
01:41:33.0359 0484 hcw88vid - ok
01:41:33.0390 0484 HCW88XBAR (b58e76d3113ff7ac102709597bc123c7) C:\WINDOWS\system32\drivers\HCW88BAR.sys
01:41:33.0390 0484 HCW88XBAR - ok
01:41:33.0453 0484 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
01:41:33.0468 0484 HDAudBus - ok
01:41:33.0562 0484 helpsvc (f8881957e5fd648f35998f518af0b0af) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:41:33.0562 0484 helpsvc - ok
01:41:33.0640 0484 HidServ (007b1da566d0ae7b8169fde4dc618b70) C:\WINDOWS\System32\hidserv.dll
01:41:33.0640 0484 HidServ - ok
01:41:33.0703 0484 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:41:33.0703 0484 hidusb - ok
01:41:33.0765 0484 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
01:41:33.0765 0484 hkmsvc - ok
01:41:33.0796 0484 hpn - ok
01:41:33.0890 0484 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
01:41:33.0906 0484 HPZid412 - ok
01:41:33.0953 0484 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
01:41:33.0968 0484 HPZipr12 - ok
01:41:34.0015 0484 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
01:41:34.0015 0484 HPZius12 - ok
01:41:34.0093 0484 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
01:41:34.0109 0484 HTTP - ok
01:41:34.0140 0484 HTTPFilter (6effd66fdbaa3fd3908b9388755bf435) C:\WINDOWS\System32\w3ssl.dll
01:41:34.0171 0484 HTTPFilter - ok
01:41:34.0187 0484 i2omgmt - ok
01:41:34.0203 0484 i2omp - ok
01:41:34.0265 0484 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\drivers\i8042prt.sys
01:41:34.0265 0484 i8042prt - ok
01:41:34.0296 0484 icepack - ok
01:41:34.0437 0484 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:41:34.0484 0484 idsvc - ok
01:41:34.0546 0484 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
01:41:34.0562 0484 Imapi - ok
01:41:34.0625 0484 ImapiService (40432437bba5cd10b76a2d3b3cd5ad2d) C:\WINDOWS\system32\imapi.exe
01:41:34.0625 0484 ImapiService - ok
01:41:34.0656 0484 ini910u - ok
01:41:34.0703 0484 inort - ok
01:41:34.0906 0484 IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
01:41:34.0968 0484 IntcAzAudAddService - ok
01:41:35.0015 0484 IntelIde - ok
01:41:35.0093 0484 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
01:41:35.0093 0484 Ip6Fw - ok
01:41:35.0156 0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:41:35.0156 0484 IpFilterDriver - ok
01:41:35.0218 0484 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:41:35.0218 0484 IpInIp - ok
01:41:35.0250 0484 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:41:35.0250 0484 IpNat - ok
01:41:35.0281 0484 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:41:35.0281 0484 IPSec - ok
01:41:35.0312 0484 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
01:41:35.0312 0484 IRENUM - ok
01:41:35.0359 0484 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:41:35.0359 0484 isapnp - ok
01:41:35.0484 0484 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
01:41:35.0484 0484 JavaQuickStarterService - ok
01:41:35.0515 0484 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:41:35.0515 0484 Kbdclass - ok
01:41:35.0546 0484 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
01:41:35.0546 0484 kbdhid - ok
01:41:35.0593 0484 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
01:41:35.0593 0484 kmixer - ok
01:41:35.0625 0484 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
01:41:35.0625 0484 KSecDD - ok
01:41:35.0640 0484 L1e - ok
01:41:35.0703 0484 lanmanserver (aa3959a0e05e7390bfa2fd5bf0e0d2fd) C:\WINDOWS\System32\srvsvc.dll
01:41:35.0718 0484 lanmanserver - ok
01:41:35.0781 0484 lanmanworkstation (1a1a7ace3190224c82f70561fc7a4774) C:\WINDOWS\System32\wkssvc.dll
01:41:35.0812 0484 lanmanworkstation - ok
01:41:35.0843 0484 lbrtfdc - ok
01:41:35.0937 0484 LmHosts (fe6c55d366d48f04df9318605d6ed5a7) C:\WINDOWS\System32\lmhsvc.dll
01:41:35.0937 0484 LmHosts - ok
01:41:35.0953 0484 lxbt_device - ok
01:41:36.0000 0484 maya70docserver - ok
01:41:36.0156 0484 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
01:41:36.0156 0484 McComponentHostService - ok
01:41:36.0218 0484 mcmispupdmgr - ok
01:41:36.0343 0484 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
01:41:36.0343 0484 McrdSvc - ok
01:41:36.0390 0484 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
01:41:36.0390 0484 MDM - ok
01:41:36.0437 0484 Messenger (97939358ed4487cbb4a0d743ce958266) C:\WINDOWS\System32\msgsvc.dll
01:41:36.0453 0484 Messenger - ok
01:41:36.0484 0484 MHN (184a03058c8cc399ea37dbeff6a8365a) C:\WINDOWS\System32\mhn.dll
01:41:36.0484 0484 MHN - ok
01:41:36.0546 0484 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
01:41:36.0546 0484 MHNDRV - ok
01:41:36.0578 0484 midisyn - ok
01:41:36.0656 0484 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
01:41:36.0671 0484 mnmdd - ok
01:41:36.0703 0484 mnmsrvc (75b66eb2a2fb8db29c838f1800cede90) C:\WINDOWS\system32\mnmsrvc.exe
01:41:36.0718 0484 mnmsrvc - ok
01:41:36.0765 0484 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
01:41:36.0765 0484 Modem - ok
01:41:36.0796 0484 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:41:36.0796 0484 Mouclass - ok
01:41:36.0843 0484 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
01:41:36.0843 0484 mouhid - ok
01:41:36.0859 0484 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
01:41:36.0859 0484 MountMgr - ok
01:41:36.0890 0484 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
01:41:36.0890 0484 MPE - ok
01:41:36.0937 0484 mraid35x - ok
01:41:37.0000 0484 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:41:37.0000 0484 MRxDAV - ok
01:41:37.0031 0484 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:41:37.0062 0484 MRxSmb - ok
01:41:37.0125 0484 MSDTC (680639b08040cec24b8bd873b1f02f51) C:\WINDOWS\system32\msdtc.exe
01:41:37.0140 0484 MSDTC - ok
01:41:37.0187 0484 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
01:41:37.0187 0484 Msfs - ok
01:41:37.0203 0484 MSIServer - ok
01:41:37.0234 0484 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:41:37.0234 0484 MSKSSRV - ok
01:41:37.0281 0484 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:41:37.0281 0484 MSPCLOCK - ok
01:41:37.0312 0484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
01:41:37.0312 0484 MSPQM - ok
01:41:37.0343 0484 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:41:37.0359 0484 mssmbios - ok
01:41:37.0421 0484 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
01:41:37.0421 0484 MSTEE - ok
01:41:37.0468 0484 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
01:41:37.0468 0484 Mup - ok
01:41:37.0546 0484 MySQL - ok
01:41:37.0578 0484 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
01:41:37.0578 0484 NABTSFEC - ok
01:41:37.0656 0484 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
01:41:37.0656 0484 napagent - ok
01:41:37.0703 0484 ndassvc - ok
01:41:37.0734 0484 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
01:41:37.0750 0484 NDIS - ok
01:41:37.0812 0484 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
01:41:37.0812 0484 NdisIP - ok
01:41:37.0859 0484 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:41:37.0859 0484 NdisTapi - ok
01:41:37.0890 0484 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:41:37.0890 0484 Ndisuio - ok
01:41:37.0921 0484 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:41:37.0921 0484 NdisWan - ok
01:41:37.0953 0484 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
01:41:37.0953 0484 NDProxy - ok
01:41:38.0000 0484 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
01:41:38.0000 0484 NetBIOS - ok
01:41:38.0015 0484 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
01:41:38.0031 0484 NetBT - ok
01:41:38.0078 0484 NetDDE (9ce77f7a22c27366da628ed4ba7d4ff9) C:\WINDOWS\system32\netdde.exe
01:41:38.0078 0484 NetDDE - ok
01:41:38.0078 0484 NetDDEdsdm (9ce77f7a22c27366da628ed4ba7d4ff9) C:\WINDOWS\system32\netdde.exe
01:41:38.0078 0484 NetDDEdsdm - ok
01:41:38.0125 0484 Netlogon (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
01:41:38.0125 0484 Netlogon - ok
01:41:38.0203 0484 Netman (624cf700bbfd8be4097aaa146e6bd363) C:\WINDOWS\System32\netman.dll
01:41:38.0203 0484 Netman - ok
01:41:38.0296 0484 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:41:38.0296 0484 NetTcpPortSharing - ok
01:41:38.0359 0484 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
01:41:38.0359 0484 NIC1394 - ok
01:41:38.0421 0484 Nla (8a52de10680a40ecd04fa2c0fbc34190) C:\WINDOWS\System32\mswsock.dll
01:41:38.0421 0484 Nla - ok
01:41:38.0468 0484 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
01:41:38.0468 0484 Npfs - ok
01:41:38.0531 0484 nsengine (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\nmwcd.dll
01:41:38.0546 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\nmwcd.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:38.0546 0484 nsengine ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:38.0546 0484 nsengine - detected Backdoor.Multi.ZAccess.gen (0)
01:41:38.0593 0484 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
01:41:38.0609 0484 Ntfs - ok
01:41:38.0656 0484 NtLmSsp (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
01:41:38.0656 0484 NtLmSsp - ok
01:41:38.0718 0484 NtmsSvc (3f82a4226289510df300813b9b87f0e5) C:\WINDOWS\system32\ntmssvc.dll
01:41:38.0718 0484 NtmsSvc - ok
01:41:38.0796 0484 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
01:41:38.0796 0484 Null - ok
01:41:39.0078 0484 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:41:39.0328 0484 nv - ok
01:41:39.0406 0484 nvata (7d960340be5b0e008bb94e4c3b991339) C:\WINDOWS\system32\DRIVERS\nvata.sys
01:41:39.0406 0484 nvata - ok
01:41:39.0500 0484 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
01:41:39.0500 0484 NVENETFD - ok
01:41:39.0562 0484 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys
01:41:39.0562 0484 NVHDA - ok
01:41:39.0593 0484 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
01:41:39.0593 0484 nvnetbus - ok
01:41:39.0656 0484 nvsvc (e48c1aa03b6519b51756e3232c093300) C:\WINDOWS\system32\nvsvc32.exe
01:41:39.0656 0484 nvsvc - ok
01:41:39.0718 0484 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:41:39.0718 0484 NwlnkFlt - ok
01:41:39.0781 0484 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:41:39.0781 0484 NwlnkFwd - ok
01:41:39.0843 0484 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
01:41:39.0843 0484 ohci1394 - ok
01:41:39.0937 0484 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
01:41:39.0937 0484 ose - ok
01:41:39.0984 0484 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\drivers\Parport.sys
01:41:40.0000 0484 Parport - ok
01:41:40.0031 0484 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
01:41:40.0046 0484 PartMgr - ok
01:41:40.0078 0484 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
01:41:40.0078 0484 ParVdm - ok
01:41:40.0140 0484 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
01:41:40.0171 0484 PCI - ok
01:41:40.0281 0484 PCIDump - ok
01:41:40.0328 0484 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
01:41:40.0343 0484 PCIIde - ok
01:41:40.0390 0484 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
01:41:40.0406 0484 Pcmcia - ok
01:41:40.0437 0484 pcx1nd5 - ok
01:41:40.0500 0484 PDCOMP - ok
01:41:40.0546 0484 PDFRAME - ok
01:41:40.0593 0484 pdlnsv25 - ok
01:41:40.0640 0484 PDRELI - ok
01:41:40.0703 0484 PDRFRAME - ok
01:41:40.0750 0484 perc2 - ok
01:41:40.0812 0484 perc2hib - ok
01:41:40.0906 0484 PlugPlay (51a24094f076961a7ff73e5f7e991d68) C:\WINDOWS\system32\services.exe
01:41:40.0906 0484 PlugPlay - ok
01:41:40.0968 0484 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
01:41:40.0968 0484 Pml Driver HPZ12 - ok
01:41:41.0046 0484 PolicyAgent (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
01:41:41.0046 0484 PolicyAgent - ok
01:41:41.0109 0484 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:41:41.0125 0484 PptpMiniport - ok
01:41:41.0140 0484 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
01:41:41.0140 0484 Processor - ok
01:41:41.0156 0484 ProtectedStorage (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
01:41:41.0156 0484 ProtectedStorage - ok
01:41:41.0171 0484 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
01:41:41.0171 0484 PSched - ok
01:41:41.0218 0484 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:41:41.0218 0484 Ptilink - ok
01:41:41.0296 0484 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
01:41:41.0296 0484 PxHelp20 - ok
01:41:41.0328 0484 ql1080 - ok
01:41:41.0328 0484 Ql10wnt - ok
01:41:41.0343 0484 ql12160 - ok
01:41:41.0359 0484 ql1240 - ok
01:41:41.0359 0484 ql1280 - ok
01:41:41.0390 0484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:41:41.0390 0484 RasAcd - ok
01:41:41.0453 0484 RasAuto (24ea2ad2f7c2ba4721e35010b97fb4e3) C:\WINDOWS\System32\rasauto.dll
01:41:41.0453 0484 RasAuto - ok
01:41:41.0515 0484 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:41:41.0515 0484 Rasl2tp - ok
01:41:41.0578 0484 RasMan (6cbcbbd8d6dadd5f6fb0994cd67a8679) C:\WINDOWS\System32\rasmans.dll
01:41:41.0578 0484 RasMan - ok
01:41:41.0609 0484 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:41:41.0609 0484 RasPppoe - ok
01:41:41.0640 0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
01:41:41.0640 0484 Raspti - ok
01:41:41.0687 0484 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:41:41.0703 0484 Rdbss - ok
01:41:41.0750 0484 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:41:41.0750 0484 RDPCDD - ok
01:41:41.0781 0484 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:41:41.0796 0484 rdpdr - ok
01:41:41.0828 0484 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
01:41:41.0843 0484 RDPWD - ok
01:41:41.0875 0484 RDSessMgr (3126d9d63cdef5e3244ee2d97fbad59d) C:\WINDOWS\system32\sessmgr.exe
01:41:41.0890 0484 RDSessMgr - ok
01:41:41.0937 0484 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
01:41:41.0937 0484 redbook - ok
01:41:41.0984 0484 RemoteAccess (6e2cbbd6956a605ef98ffd4843928fed) C:\WINDOWS\System32\mprdim.dll
01:41:41.0984 0484 RemoteAccess - ok
01:41:42.0031 0484 RemoteRegistry (345d02087f5696749c6120359b1e2988) C:\WINDOWS\system32\regsvc.dll
01:41:42.0046 0484 RemoteRegistry - ok
01:41:42.0078 0484 roxliveshare9 (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\UBHelper.dll
01:41:42.0109 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\UBHelper.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:42.0109 0484 roxliveshare9 ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:42.0109 0484 roxliveshare9 - detected Backdoor.Multi.ZAccess.gen (0)
01:41:42.0140 0484 RpcLocator (57cf313eb5cb2c9a0b3ff67437becdfa) C:\WINDOWS\system32\locator.exe
01:41:42.0140 0484 RpcLocator - ok
01:41:42.0203 0484 RpcSs (ba1ef616f55210820f6462d033088497) C:\WINDOWS\System32\rpcss.dll
01:41:42.0203 0484 RpcSs - ok
01:41:42.0250 0484 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
01:41:42.0250 0484 RSVP - ok
01:41:42.0312 0484 SamSs (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
01:41:42.0312 0484 SamSs - ok
01:41:42.0328 0484 SbcpHid - ok
01:41:42.0328 0484 SCardSvr (781f04fbbe9e1abc0f4769809ccaefc3) C:\WINDOWS\System32\SCardSvr.exe
01:41:42.0343 0484 SCardSvr - ok
01:41:42.0406 0484 Schedule (4612ec6daf695b87a2529fcbb95b75de) C:\WINDOWS\system32\schedsvc.dll
01:41:42.0406 0484 Schedule - ok
01:41:42.0421 0484 SE2Ebus - ok
01:41:42.0468 0484 se59unic (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\webrootenterpriseupdateservice.dll
01:41:42.0484 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\webrootenterpriseupdateservice.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:42.0484 0484 se59unic ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:42.0484 0484 se59unic - detected Backdoor.Multi.ZAccess.gen (0)
01:41:42.0546 0484 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:41:42.0546 0484 Secdrv - ok
01:41:42.0578 0484 seclogon (775a33a1df28b4a98eeee5da2cdb12d9) C:\WINDOWS\System32\seclogon.dll
01:41:42.0578 0484 seclogon - ok
01:41:42.0593 0484 SENS (50f6f8e01ad2af261af86a3077b6fb6c) C:\WINDOWS\system32\sens.dll
01:41:42.0593 0484 SENS - ok
01:41:42.0671 0484 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\drivers\Serial.sys
01:41:42.0671 0484 Serial - ok
01:41:42.0718 0484 SfCtlCom - ok
01:41:42.0765 0484 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
01:41:42.0765 0484 Sfloppy - ok
01:41:42.0859 0484 SharedAccess (24a66112b3428c237b23efe70d2cf54d) C:\WINDOWS\System32\ipnathlp.dll
01:41:42.0859 0484 SharedAccess - ok
01:41:42.0937 0484 ShellHWDetection (b590e69a45ae8fcbf7ddade89cce3588) C:\WINDOWS\System32\shsvcs.dll
01:41:42.0937 0484 ShellHWDetection - ok
01:41:42.0968 0484 Simbad - ok
01:41:43.0046 0484 SIS163u (4edc881c138e778feb9bd24cbc6b33ed) C:\WINDOWS\system32\DRIVERS\sis163u.sys
01:41:43.0062 0484 SIS163u - ok
01:41:43.0109 0484 SISNICXP - ok
01:41:43.0171 0484 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
01:41:43.0171 0484 SLIP - ok
01:41:43.0218 0484 smstsmgr - ok
01:41:43.0250 0484 snoopfree - ok
01:41:43.0281 0484 Sntnlusb - ok
01:41:43.0328 0484 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
01:41:43.0328 0484 SONYPVU1 - ok
01:41:43.0359 0484 Sparrow - ok
01:41:43.0437 0484 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
01:41:43.0437 0484 splitter - ok
01:41:43.0500 0484 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
01:41:43.0500 0484 Spooler - ok
01:41:43.0562 0484 sprtsvc_smartagent (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\CoolerXPDriver.dll
01:41:43.0578 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\CoolerXPDriver.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:43.0578 0484 sprtsvc_smartagent ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:43.0578 0484 sprtsvc_smartagent - detected Backdoor.Multi.ZAccess.gen (0)
01:41:43.0609 0484 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
01:41:43.0609 0484 sr - ok
01:41:43.0640 0484 srservice (6469c53f4d16fa6055cca265bc03db66) C:\WINDOWS\system32\srsvc.dll
01:41:43.0640 0484 srservice - ok
01:41:43.0656 0484 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
01:41:43.0671 0484 Srv - ok
01:41:43.0703 0484 SSDPSRV (b636478a2569ae69caf003254022a742) C:\WINDOWS\System32\ssdpsrv.dll
01:41:43.0703 0484 SSDPSRV - ok
01:41:43.0734 0484 stisvc (52b7ec594152429daba1261b2b68ca01) C:\WINDOWS\system32\wiaservc.dll
01:41:43.0750 0484 stisvc - ok
01:41:43.0796 0484 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
01:41:43.0796 0484 streamip - ok
01:41:43.0828 0484 stylexpservice - ok
01:41:43.0859 0484 Subsonic - ok
01:41:43.0921 0484 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
01:41:43.0921 0484 swenum - ok
01:41:44.0046 0484 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
01:41:44.0046 0484 SwitchBoard - ok
01:41:44.0109 0484 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
01:41:44.0109 0484 swmidi - ok
01:41:44.0156 0484 SwPrv - ok
01:41:44.0171 0484 symc810 - ok
01:41:44.0187 0484 symc8xx - ok
01:41:44.0250 0484 sym_hi - ok
01:41:44.0265 0484 sym_u3 - ok
01:41:44.0343 0484 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
01:41:44.0359 0484 sysaudio - ok
01:41:44.0437 0484 SysmonLog (0151e81b0e42f55bccbb0136982e360f) C:\WINDOWS\system32\smlogsvc.exe
01:41:44.0437 0484 SysmonLog - ok
01:41:44.0515 0484 TapiSrv (720da0c9db8996ad9b7f5164b2242daa) C:\WINDOWS\System32\tapisrv.dll
01:41:44.0515 0484 TapiSrv - ok
01:41:44.0562 0484 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:41:44.0578 0484 Tcpip - ok
01:41:44.0593 0484 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
01:41:44.0593 0484 TDPIPE - ok
01:41:44.0640 0484 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
01:41:44.0656 0484 TDTCP - ok
01:41:44.0687 0484 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
01:41:44.0703 0484 TermDD - ok
01:41:44.0750 0484 TermService (7d521b8cf926459e270d18c559323815) C:\WINDOWS\System32\termsrv.dll
01:41:44.0765 0484 TermService - ok
01:41:44.0796 0484 Themes (b590e69a45ae8fcbf7ddade89cce3588) C:\WINDOWS\System32\shsvcs.dll
01:41:44.0796 0484 Themes - ok
01:41:44.0843 0484 TlntSvr (3fa7832ec7174f6fd4eff0f567d2ea08) C:\WINDOWS\system32\tlntsvr.exe
01:41:44.0843 0484 TlntSvr - ok
01:41:44.0859 0484 TosIde - ok
01:41:44.0875 0484 tossmbnt - ok
01:41:44.0906 0484 TrkWks (ad69cbd0be5073f52e92737579b79a67) C:\WINDOWS\system32\trkwks.dll
01:41:44.0906 0484 TrkWks - ok
01:41:44.0921 0484 UCTblHid - ok
01:41:45.0000 0484 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
01:41:45.0000 0484 Udfs - ok
01:41:45.0031 0484 ultra - ok
01:41:45.0125 0484 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
01:41:45.0156 0484 UMWdf - ok
01:41:45.0203 0484 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
01:41:45.0203 0484 Update - ok
01:41:45.0296 0484 upnphost (168ae9938f6be31d198af92496ccfa33) C:\WINDOWS\System32\upnphost.dll
01:41:45.0312 0484 upnphost - ok
01:41:45.0312 0484 UPS (55a7273aea6f3160fcfc4aa7394f5047) C:\WINDOWS\System32\ups.exe
01:41:45.0328 0484 UPS - ok
01:41:45.0343 0484 USBCamera - ok
01:41:45.0375 0484 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:41:45.0375 0484 usbccgp - ok
01:41:45.0468 0484 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:41:45.0468 0484 usbehci - ok
01:41:45.0500 0484 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:41:45.0500 0484 usbhub - ok
01:41:45.0531 0484 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
01:41:45.0546 0484 usbohci - ok
01:41:45.0578 0484 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:41:45.0593 0484 usbprint - ok
01:41:45.0656 0484 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
01:41:45.0671 0484 usbscan - ok
01:41:45.0703 0484 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:41:45.0703 0484 usbstor - ok
01:41:45.0734 0484 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
01:41:45.0750 0484 VgaSave - ok
01:41:45.0765 0484 VHidMinidrv - ok
01:41:45.0812 0484 ViaIde - ok
01:41:45.0875 0484 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
01:41:45.0875 0484 VolSnap - ok
01:41:45.0968 0484 VRcore (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\avpnnic.dll
01:41:45.0984 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\avpnnic.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:45.0984 0484 VRcore ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:45.0984 0484 VRcore - detected Backdoor.Multi.ZAccess.gen (0)
01:41:46.0078 0484 VSS (0f5b203240184d34852936696df3e91d) C:\WINDOWS\System32\vssvc.exe
01:41:46.0093 0484 VSS - ok
01:41:46.0171 0484 W32Time (fb89c8b1d6a3c260a39669320c5d5827) C:\WINDOWS\system32\w32time.dll
01:41:46.0171 0484 W32Time - ok
01:41:46.0250 0484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:41:46.0265 0484 Wanarp - ok
01:41:46.0281 0484 WDICA - ok
01:41:46.0375 0484 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
01:41:46.0375 0484 wdmaud - ok
01:41:46.0421 0484 WebClient (f0d5d252e806ad366bfbdec81324e8f7) C:\WINDOWS\System32\webclnt.dll
01:41:46.0421 0484 WebClient - ok
01:41:46.0515 0484 winmgmt (06156f20b90c6866d724d9ee6792044d) C:\WINDOWS\system32\wbem\WMIsvc.dll
01:41:46.0515 0484 winmgmt - ok
01:41:46.0593 0484 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\mspmsnsv.dll
01:41:46.0609 0484 WmdmPmSN - ok
01:41:46.0703 0484 Wmi (f0beb708c3228c699b5f76e743a9422b) C:\WINDOWS\System32\advapi32.dll
01:41:46.0750 0484 Wmi - ok
01:41:46.0828 0484 WmiApSrv (77945ea0bfdd662203f07fe5513a409d) C:\WINDOWS\system32\wbem\wmiapsrv.exe
01:41:46.0828 0484 WmiApSrv - ok
01:41:46.0968 0484 WMPNetworkSvc (c9bea742ce225cc993c9465fddae4656) C:\Program Files\Windows Media Player\WMPNetwk.exe
01:41:47.0031 0484 WMPNetworkSvc - ok
01:41:47.0109 0484 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
01:41:47.0125 0484 WSTCODEC - ok
01:41:47.0218 0484 wuauserv (57fe69b6648e73559552779820fa0827) C:\WINDOWS\system32\wuauserv.dll
01:41:47.0218 0484 wuauserv - ok
01:41:47.0281 0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:41:47.0281 0484 WudfPf - ok
01:41:47.0343 0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:41:47.0343 0484 WudfRd - ok
01:41:47.0390 0484 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
01:41:47.0406 0484 WudfSvc - ok
01:41:47.0468 0484 WZCSVC (17647874e46121728a043bbd8e0e4081) C:\WINDOWS\System32\wzcsvc.dll
01:41:47.0484 0484 WZCSVC - ok
01:41:47.0531 0484 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
01:41:47.0531 0484 X10Hid - ok
01:41:47.0578 0484 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
01:41:47.0578 0484 x10nets - ok
01:41:47.0625 0484 xmlprov (21056aef44322c3e2dd5391b6aefa75a) C:\WINDOWS\System32\xmlprov.dll
01:41:47.0640 0484 xmlprov - ok
01:41:47.0703 0484 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
01:41:47.0703 0484 XUIF - ok
01:41:47.0750 0484 yediex - ok
01:41:47.0765 0484 z800mgmt - ok
01:41:47.0812 0484 ziptoa (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\DynDNS_Updater_Service.dll
01:41:47.0843 0484 Suspicious file (NoAccess): C:\WINDOWS\system32\DynDNS_Updater_Service.dll. md5: 11028c6a84a967070cb1286550f2058f
01:41:47.0843 0484 ziptoa ( Backdoor.Multi.ZAccess.gen ) - infected
01:41:47.0843 0484 ziptoa - detected Backdoor.Multi.ZAccess.gen (0)
01:41:47.0875 0484 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
01:41:48.0062 0484 \Device\Harddisk0\DR0 - ok
01:41:48.0078 0484 Boot (0x1200) (8a3c233f6533ab88c265fb6f913eea96) \Device\Harddisk0\DR0\Partition0
01:41:48.0078 0484 \Device\Harddisk0\DR0\Partition0 - ok
01:41:48.0078 0484 ============================================================
01:41:48.0078 0484 Scan finished
01:41:48.0078 0484 ============================================================
01:41:48.0093 3748 Detected object count: 10
01:41:48.0093 3748 Actual detected object count: 10
01:42:38.0453 3748 C:\WINDOWS\System32\drivers\afd.sys - copied to quarantine
01:42:38.0484 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\@ - copied to quarantine
01:42:38.0484 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\cfg.ini - copied to quarantine
01:42:38.0500 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\Desktop.ini - copied to quarantine
01:42:38.0531 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\L\ganjdnts - copied to quarantine
01:42:38.0546 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\oemid - copied to quarantine
01:42:38.0562 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\00000001.@ - copied to quarantine
01:42:38.0609 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\00000002.@ - copied to quarantine
01:42:38.0625 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\00000004.@ - copied to quarantine
01:42:38.0640 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\80000000.@ - copied to quarantine
01:42:38.0656 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\80000004.@ - copied to quarantine
01:42:38.0687 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\80000032.@ - copied to quarantine
01:42:38.0687 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\version - copied to quarantine
01:42:39.0203 3748 Backup copy found, using it..
01:42:39.0203 3748 C:\WINDOWS\System32\drivers\afd.sys - will be cured on reboot
01:42:42.0437 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\@ - will be deleted on reboot
01:42:42.0437 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\cfg.ini - will be deleted on reboot
01:42:42.0437 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\Desktop.ini - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\oemid - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\00000001.@ - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\00000002.@ - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\00000004.@ - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\80000000.@ - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\80000004.@ - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\U\80000032.@ - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\127160368\version - will be deleted on reboot
01:42:42.0468 3748 C:\WINDOWS\$NtUninstallKB22436$\3994275098 - will be deleted on reboot
01:42:42.0468 3748 AFD ( Virus.Win32.ZAccess.aml ) - User select action: Cure
01:42:42.0500 3748 HKLM\SYSTEM\ControlSet002\services\ALYac_PZSrv - will be deleted on reboot
01:42:42.0500 3748 HKLM\SYSTEM\ControlSet004\services\ALYac_PZSrv - will be deleted on reboot
01:42:42.0500 3748 C:\WINDOWS\system32\eaphost.dll - will be deleted on reboot
01:42:42.0500 3748 ALYac_PZSrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0531 3748 HKLM\SYSTEM\ControlSet001\services\CBTNDIS5 - will be deleted on reboot
01:42:42.0546 3748 HKLM\SYSTEM\ControlSet002\services\CBTNDIS5 - will be deleted on reboot
01:42:42.0546 3748 HKLM\SYSTEM\ControlSet004\services\CBTNDIS5 - will be deleted on reboot
01:42:42.0546 3748 C:\WINDOWS\system32\ppmoucls.dll - will be deleted on reboot
01:42:42.0546 3748 CBTNDIS5 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0609 3748 HKLM\SYSTEM\ControlSet002\services\e100b - will be deleted on reboot
01:42:42.0609 3748 HKLM\SYSTEM\ControlSet004\services\e100b - will be deleted on reboot
01:42:42.0609 3748 C:\WINDOWS\system32\mcafeeantispyware.dll - will be deleted on reboot
01:42:42.0609 3748 e100b ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0671 3748 HKLM\SYSTEM\ControlSet001\services\nsengine - will be deleted on reboot
01:42:42.0671 3748 HKLM\SYSTEM\ControlSet002\services\nsengine - will be deleted on reboot
01:42:42.0671 3748 HKLM\SYSTEM\ControlSet004\services\nsengine - will be deleted on reboot
01:42:42.0671 3748 C:\WINDOWS\system32\nmwcd.dll - will be deleted on reboot
01:42:42.0671 3748 nsengine ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0718 3748 HKLM\SYSTEM\ControlSet002\services\roxliveshare9 - will be deleted on reboot
01:42:42.0718 3748 C:\WINDOWS\system32\UBHelper.dll - will be deleted on reboot
01:42:42.0718 3748 roxliveshare9 ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0781 3748 HKLM\SYSTEM\ControlSet001\services\se59unic - will be deleted on reboot
01:42:42.0781 3748 HKLM\SYSTEM\ControlSet002\services\se59unic - will be deleted on reboot
01:42:42.0781 3748 HKLM\SYSTEM\ControlSet004\services\se59unic - will be deleted on reboot
01:42:42.0781 3748 C:\WINDOWS\system32\webrootenterpriseupdateservice.dll - will be deleted on reboot
01:42:42.0781 3748 se59unic ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0843 3748 HKLM\SYSTEM\ControlSet002\services\sprtsvc_smartagent - will be deleted on reboot
01:42:42.0843 3748 HKLM\SYSTEM\ControlSet004\services\sprtsvc_smartagent - will be deleted on reboot
01:42:42.0843 3748 C:\WINDOWS\system32\CoolerXPDriver.dll - will be deleted on reboot
01:42:42.0843 3748 sprtsvc_smartagent ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0890 3748 HKLM\SYSTEM\ControlSet001\services\VRcore - will be deleted on reboot
01:42:42.0890 3748 HKLM\SYSTEM\ControlSet002\services\VRcore - will be deleted on reboot
01:42:42.0890 3748 HKLM\SYSTEM\ControlSet004\services\VRcore - will be deleted on reboot
01:42:42.0890 3748 C:\WINDOWS\system32\avpnnic.dll - will be deleted on reboot
01:42:42.0890 3748 VRcore ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:42.0921 3748 HKLM\SYSTEM\ControlSet002\services\ziptoa - will be deleted on reboot
01:42:42.0921 3748 HKLM\SYSTEM\ControlSet004\services\ziptoa - will be deleted on reboot
01:42:42.0921 3748 C:\WINDOWS\system32\DynDNS_Updater_Service.dll - will be deleted on reboot
01:42:42.0921 3748 ziptoa ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
01:42:51.0843 3964 Deinitialize success
0
Réponse 12 / 39
keelin
8 avril 2012 à 02:31
a 2:09, deuxième rapport:
02:09:42.0968 3332 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
02:09:43.0156 3332 ============================================================
02:09:43.0156 3332 Current date / time: 2012/04/08 02:09:43.0156
02:09:43.0156 3332 SystemInfo:
02:09:43.0156 3332
02:09:43.0156 3332 OS Version: 5.1.2600 ServicePack: 2.0
02:09:43.0156 3332 Product type: Workstation
02:09:43.0156 3332 ComputerName: NOM-14AAC46F927
02:09:43.0156 3332 UserName: Dora
02:09:43.0156 3332 Windows directory: C:\WINDOWS
02:09:43.0156 3332 System windows directory: C:\WINDOWS
02:09:43.0156 3332 Processor architecture: Intel x86
02:09:43.0156 3332 Number of processors: 2
02:09:43.0156 3332 Page size: 0x1000
02:09:43.0156 3332 Boot type: Normal boot
02:09:43.0156 3332 ============================================================
02:09:44.0000 3332 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:09:44.0062 3332 \Device\Harddisk0\DR0:
02:09:44.0062 3332 MBR used
02:09:44.0062 3332 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
02:09:44.0093 3332 Initialize success
02:09:44.0093 3332 ============================================================
02:09:50.0625 3860 Deinitialize success
0
Réponse 13 / 39
keelin
8 avril 2012 à 02:32
et voilà le dernier rapport, a 2:13:
02:13:30.0765 3288 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
02:13:30.0953 3288 ============================================================
02:13:30.0953 3288 Current date / time: 2012/04/08 02:13:30.0953
02:13:30.0953 3288 SystemInfo:
02:13:30.0953 3288
02:13:30.0953 3288 OS Version: 5.1.2600 ServicePack: 2.0
02:13:30.0953 3288 Product type: Workstation
02:13:30.0953 3288 ComputerName: NOM-14AAC46F927
02:13:30.0953 3288 UserName: Dora
02:13:30.0953 3288 Windows directory: C:\WINDOWS
02:13:30.0953 3288 System windows directory: C:\WINDOWS
02:13:30.0953 3288 Processor architecture: Intel x86
02:13:30.0953 3288 Number of processors: 2
02:13:30.0953 3288 Page size: 0x1000
02:13:30.0953 3288 Boot type: Normal boot
02:13:30.0953 3288 ============================================================
02:13:31.0390 3288 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
02:13:31.0453 3288 \Device\Harddisk0\DR0:
02:13:31.0453 3288 MBR used
02:13:31.0453 3288 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
02:13:31.0500 3288 Initialize success
02:13:31.0500 3288 ============================================================
02:13:32.0281 3968 ============================================================
02:13:32.0281 3968 Scan started
02:13:32.0281 3968 Mode: Manual;
02:13:32.0281 3968 ============================================================
02:13:32.0500 3968 Abiosdsk - ok
02:13:32.0515 3968 abp480n5 - ok
02:13:32.0609 3968 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:13:32.0609 3968 ACPI - ok
02:13:32.0671 3968 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:13:32.0687 3968 ACPIEC - ok
02:13:32.0796 3968 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:13:32.0796 3968 AdobeFlashPlayerUpdateSvc - ok
02:13:32.0812 3968 adpu160m - ok
02:13:32.0843 3968 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
02:13:32.0843 3968 aec - ok
02:13:32.0875 3968 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
02:13:32.0890 3968 AFD - ok
02:13:32.0921 3968 Aha154x - ok
02:13:32.0953 3968 aic78u2 - ok
02:13:32.0968 3968 aic78xx - ok
02:13:33.0015 3968 Alerter (d1b6794bc9c2fca07378cc2d7afee189) C:\WINDOWS\system32\alrsvc.dll
02:13:33.0031 3968 Alerter - ok
02:13:33.0093 3968 ALG (2fe681d10c5fc343dbbc0610b8dd4d24) C:\WINDOWS\System32\alg.exe
02:13:33.0093 3968 ALG - ok
02:13:33.0109 3968 AliIde - ok
02:13:33.0156 3968 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
02:13:33.0171 3968 AmdK8 - ok
02:13:33.0187 3968 amsint - ok
02:13:33.0234 3968 AppMgmt (ce66077813d83c2d6908cdc64ae7e55a) C:\WINDOWS\System32\appmgmts.dll
02:13:33.0234 3968 AppMgmt - ok
02:13:33.0296 3968 aracpi (c195c48aebcc2891550c1167b3e3f658) C:\WINDOWS\system32\DRIVERS\aracpi.sys
02:13:33.0312 3968 aracpi - ok
02:13:33.0359 3968 arhidfltr (7de52fcde9468ee55c2e9a9492373a08) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
02:13:33.0359 3968 arhidfltr - ok
02:13:33.0390 3968 arkbcfltr (7ecd19a1e174fac4ac14a74910c0433b) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
02:13:33.0390 3968 arkbcfltr - ok
02:13:33.0421 3968 armoucfltr (cb37867bf77e8e95df759ca7680487e5) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
02:13:33.0421 3968 armoucfltr - ok
02:13:33.0484 3968 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:13:33.0484 3968 Arp1394 - ok
02:13:33.0515 3968 ARPolicy (ef05d0cc4061f790a6e0ffe03b585600) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
02:13:33.0515 3968 ARPolicy - ok
02:13:33.0531 3968 ARSVC (9f9aa480baaf48695b920c425ffe5425) C:\WINDOWS\arservice.exe
02:13:34.0406 3968 ARSVC - ok
02:13:34.0468 3968 asc - ok
02:13:34.0484 3968 asc3350p - ok
02:13:34.0515 3968 asc3550 - ok
02:13:34.0671 3968 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
02:13:34.0703 3968 aspnet_state - ok
02:13:34.0765 3968 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:13:34.0765 3968 AsyncMac - ok
02:13:34.0843 3968 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:13:34.0843 3968 atapi - ok
02:13:34.0890 3968 Atdisk - ok
02:13:34.0984 3968 Ati HotKey Poller (688e49afef3a07fca943250d6a9729aa) C:\WINDOWS\system32\Ati2evxx.exe
02:13:34.0984 3968 Ati HotKey Poller - ok
02:13:35.0125 3968 ati2mtag (86a7a22f3670465ef575614e001159c0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
02:13:35.0203 3968 ati2mtag - ok
02:13:35.0265 3968 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:13:35.0265 3968 Atmarpc - ok
02:13:35.0328 3968 AudioSrv (32957b7b46cbe2066c47febc7e56050e) C:\WINDOWS\System32\audiosrv.dll
02:13:35.0343 3968 AudioSrv - ok
02:13:35.0390 3968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:13:35.0390 3968 audstub - ok
02:13:35.0515 3968 avg9wd (c4d15594db5be042d3346ea58df87d89) C:\Program Files\AVG\AVG9\avgwdsvc.exe
02:13:35.0531 3968 avg9wd - ok
02:13:35.0609 3968 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\system32\Drivers\avgldx86.sys
02:13:35.0625 3968 AvgLdx86 - ok
02:13:35.0656 3968 AvgMfx86 (80ff2b1b7eeda966394f0baa895bbf4b) C:\WINDOWS\system32\Drivers\avgmfx86.sys
02:13:35.0671 3968 AvgMfx86 - ok
02:13:35.0687 3968 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
02:13:35.0687 3968 AvgRkx86 - ok
02:13:35.0718 3968 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\system32\Drivers\avgtdix.sys
02:13:35.0734 3968 AvgTdiX - ok
02:13:35.0734 3968 b57w2k - ok
02:13:35.0781 3968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:13:35.0781 3968 Beep - ok
02:13:35.0796 3968 bgsvcgen - ok
02:13:35.0859 3968 BITS (87424817f82cf6a7f55dac01a20111a3) C:\WINDOWS\system32\qmgr.dll
02:13:35.0984 3968 BITS - ok
02:13:36.0046 3968 bltrust - ok
02:13:36.0109 3968 BlueSoleilCS - ok
02:13:36.0187 3968 Browser (ce9dc7cc6d75515ee62ca341473ec5f3) C:\WINDOWS\System32\browser.dll
02:13:36.0187 3968 Browser - ok
02:13:36.0234 3968 bthpan - ok
02:13:36.0250 3968 btserial - ok
02:13:36.0265 3968 catchme - ok
02:13:36.0312 3968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:13:36.0328 3968 cbidf2k - ok
02:13:36.0421 3968 CCALib8 (5753532c476b83119d85aa43b1b10ab3) C:\Program Files\Canon\CAL\CALMAIN.exe
02:13:36.0421 3968 CCALib8 - ok
02:13:36.0468 3968 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
02:13:36.0468 3968 CCDECODE - ok
02:13:36.0484 3968 cd20xrnt - ok
02:13:36.0500 3968 CdaC15BA - ok
02:13:36.0578 3968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:13:36.0578 3968 Cdaudio - ok
02:13:36.0609 3968 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
02:13:36.0625 3968 Cdfs - ok
02:13:36.0703 3968 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:13:36.0703 3968 Cdrom - ok
02:13:36.0734 3968 Changer - ok
02:13:36.0781 3968 CiSvc (d24f6382f5171b07705364812e9459e2) C:\WINDOWS\system32\cisvc.exe
02:13:36.0781 3968 CiSvc - ok
02:13:36.0828 3968 ClipSrv (711db3a49efde3e2640cdb782d478628) C:\WINDOWS\system32\clipsrv.exe
02:13:36.0843 3968 ClipSrv - ok
02:13:36.0968 3968 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:13:37.0015 3968 clr_optimization_v2.0.50727_32 - ok
02:13:37.0062 3968 CmdIde - ok
02:13:37.0125 3968 COMSysApp - ok
02:13:37.0156 3968 Cpqarray - ok
02:13:37.0187 3968 cpqnicmgmt - ok
02:13:37.0234 3968 cqmghost - ok
02:13:37.0312 3968 CryptSvc (bddf3723d95dc28d78b1e93119e0e6ab) C:\WINDOWS\System32\cryptsvc.dll
02:13:37.0312 3968 CryptSvc - ok
02:13:37.0343 3968 dac2w2k - ok
02:13:37.0375 3968 dac960nt - ok
02:13:37.0406 3968 DCamUSBGrandTek - ok
02:13:37.0484 3968 DcomLaunch (ba1ef616f55210820f6462d033088497) C:\WINDOWS\system32\rpcss.dll
02:13:37.0500 3968 DcomLaunch - ok
02:13:37.0531 3968 DevUpper - ok
02:13:37.0593 3968 Dhcp (b9d04e1839d82a2f512c180177773eec) C:\WINDOWS\System32\dhcpcsvc.dll
02:13:37.0593 3968 Dhcp - ok
02:13:37.0656 3968 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
02:13:37.0656 3968 Disk - ok
02:13:37.0687 3968 dmadmin - ok
02:13:37.0750 3968 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys
02:13:37.0796 3968 dmboot - ok
02:13:37.0890 3968 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\DRIVERS\dmio.sys
02:13:37.0890 3968 dmio - ok
02:13:37.0937 3968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:13:37.0937 3968 dmload - ok
02:13:38.0015 3968 dmserver (316c1bab74ca10613ab2da46a2ef3e47) C:\WINDOWS\System32\dmserver.dll
02:13:38.0015 3968 dmserver - ok
02:13:38.0062 3968 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
02:13:38.0078 3968 DMusic - ok
02:13:38.0125 3968 Dnscache (8d4d8d797cde07a7ec53c8992bf3e95f) C:\WINDOWS\System32\dnsrslvr.dll
02:13:38.0125 3968 Dnscache - ok
02:13:38.0203 3968 Dot3svc (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
02:13:38.0203 3968 Dot3svc - ok
02:13:38.0250 3968 dpti2o - ok
02:13:38.0296 3968 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
02:13:38.0296 3968 drmkaud - ok
02:13:38.0343 3968 EapHost (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
02:13:38.0343 3968 EapHost - ok
02:13:38.0453 3968 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
02:13:38.0453 3968 ehRecvr - ok
02:13:38.0500 3968 ehSched (980eeea91776357518892c5544768e2b) C:\WINDOWS\eHome\ehSched.exe
02:13:38.0500 3968 ehSched - ok
02:13:38.0546 3968 ERSvc (be3ce05230890e1baf8f0dd09d7a00fe) C:\WINDOWS\System32\ersvc.dll
02:13:38.0562 3968 ERSvc - ok
02:13:38.0609 3968 Eventlog (51a24094f076961a7ff73e5f7e991d68) C:\WINDOWS\system32\services.exe
02:13:38.0609 3968 Eventlog - ok
02:13:38.0656 3968 EventSystem (a5b1b7c76134329aa7547f6e6da35410) C:\WINDOWS\system32\es.dll
02:13:38.0687 3968 EventSystem - ok
02:13:38.0703 3968 F700ius - ok
02:13:38.0750 3968 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
02:13:38.0765 3968 Fastfat - ok
02:13:38.0781 3968 FastUserSwitchingCompatibility (b590e69a45ae8fcbf7ddade89cce3588) C:\WINDOWS\System32\shsvcs.dll
02:13:38.0796 3968 FastUserSwitchingCompatibility - ok
02:13:38.0828 3968 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
02:13:38.0828 3968 Fdc - ok
02:13:38.0859 3968 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys
02:13:38.0859 3968 Fips - ok
02:13:38.0890 3968 FirePM - ok
02:13:38.0984 3968 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
02:13:39.0046 3968 FLEXnet Licensing Service - ok
02:13:39.0109 3968 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
02:13:39.0125 3968 Flpydisk - ok
02:13:39.0171 3968 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
02:13:39.0171 3968 FltMgr - ok
02:13:39.0312 3968 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:13:39.0312 3968 FontCache3.0.0.0 - ok
02:13:39.0390 3968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:13:39.0390 3968 Fs_Rec - ok
02:13:39.0468 3968 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:13:39.0468 3968 Ftdisk - ok
02:13:39.0500 3968 ftrtsvc - ok
02:13:39.0578 3968 GEARAspiWDM (ab8a6a87d9d7255c3884d5b9541a6e80) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
02:13:39.0578 3968 GEARAspiWDM - ok
02:13:39.0593 3968 GMSIPCI - ok
02:13:39.0656 3968 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:13:39.0656 3968 Gpc - ok
02:13:39.0703 3968 HCW88AUD (ce79da76673df8a01e93b2668e3dbbef) C:\WINDOWS\system32\drivers\hcw88aud.sys
02:13:39.0703 3968 HCW88AUD - ok
02:13:39.0781 3968 HCW88BDA (be6f852fb3a7143bdecc83cac0023920) C:\WINDOWS\system32\drivers\hcw88bda.sys
02:13:39.0796 3968 HCW88BDA - ok
02:13:39.0859 3968 HCW88TSE (9e461f4dba9f1343c4c49a12c035c481) C:\WINDOWS\system32\drivers\hcw88tse.sys
02:13:39.0875 3968 HCW88TSE - ok
02:13:39.0937 3968 HCW88TUNE (d837bfe5f2c70a83ce66530816f96d95) C:\WINDOWS\system32\drivers\hcw88tun.sys
02:13:39.0937 3968 HCW88TUNE - ok
02:13:40.0000 3968 hcw88vid (74aa23064b0bb15eac52a3f7bca8f50c) C:\WINDOWS\system32\drivers\hcw88vid.sys
02:13:40.0015 3968 hcw88vid - ok
02:13:40.0046 3968 HCW88XBAR (b58e76d3113ff7ac102709597bc123c7) C:\WINDOWS\system32\drivers\HCW88BAR.sys
02:13:40.0046 3968 HCW88XBAR - ok
02:13:40.0109 3968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
02:13:40.0109 3968 HDAudBus - ok
02:13:40.0156 3968 helpsvc (f8881957e5fd648f35998f518af0b0af) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:13:40.0156 3968 helpsvc - ok
02:13:40.0187 3968 HidServ (007b1da566d0ae7b8169fde4dc618b70) C:\WINDOWS\System32\hidserv.dll
02:13:40.0203 3968 HidServ - ok
02:13:40.0250 3968 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:13:40.0250 3968 hidusb - ok
02:13:40.0312 3968 hkmsvc (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
02:13:40.0312 3968 hkmsvc - ok
02:13:40.0359 3968 hpn - ok
02:13:40.0390 3968 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
02:13:40.0406 3968 HPZid412 - ok
02:13:40.0468 3968 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
02:13:40.0468 3968 HPZipr12 - ok
02:13:40.0531 3968 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
02:13:40.0531 3968 HPZius12 - ok
02:13:40.0609 3968 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
02:13:40.0656 3968 HTTP - ok
02:13:40.0750 3968 HTTPFilter (6effd66fdbaa3fd3908b9388755bf435) C:\WINDOWS\System32\w3ssl.dll
02:13:40.0765 3968 HTTPFilter - ok
02:13:40.0781 3968 i2omgmt - ok
02:13:40.0796 3968 i2omp - ok
02:13:40.0843 3968 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\drivers\i8042prt.sys
02:13:40.0859 3968 i8042prt - ok
02:13:40.0906 3968 icepack - ok
02:13:41.0031 3968 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:13:41.0093 3968 idsvc - ok
02:13:41.0187 3968 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:13:41.0187 3968 Imapi - ok
02:13:41.0234 3968 ImapiService (40432437bba5cd10b76a2d3b3cd5ad2d) C:\WINDOWS\system32\imapi.exe
02:13:41.0234 3968 ImapiService - ok
02:13:41.0250 3968 ini910u - ok
02:13:41.0265 3968 inort - ok
02:13:41.0437 3968 IntcAzAudAddService (a5d5b8c427f4b67580fb2b511291a89d) C:\WINDOWS\system32\drivers\RtkHDAud.sys
02:13:41.0500 3968 IntcAzAudAddService - ok
02:13:41.0515 3968 IntelIde - ok
02:13:41.0562 3968 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
02:13:41.0562 3968 Ip6Fw - ok
02:13:41.0625 3968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:13:41.0625 3968 IpFilterDriver - ok
02:13:41.0687 3968 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:13:41.0703 3968 IpInIp - ok
02:13:41.0750 3968 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:13:41.0750 3968 IpNat - ok
02:13:41.0812 3968 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:13:41.0828 3968 IPSec - ok
02:13:41.0859 3968 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:13:41.0859 3968 IRENUM - ok
02:13:41.0906 3968 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:13:41.0921 3968 isapnp - ok
02:13:42.0031 3968 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
02:13:42.0031 3968 JavaQuickStarterService - ok
02:13:42.0078 3968 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:13:42.0078 3968 Kbdclass - ok
02:13:42.0109 3968 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:13:42.0125 3968 kbdhid - ok
02:13:42.0156 3968 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
02:13:42.0156 3968 kmixer - ok
02:13:42.0218 3968 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
02:13:42.0218 3968 KSecDD - ok
02:13:42.0250 3968 L1e - ok
02:13:42.0296 3968 lanmanserver (aa3959a0e05e7390bfa2fd5bf0e0d2fd) C:\WINDOWS\System32\srvsvc.dll
02:13:42.0296 3968 lanmanserver - ok
02:13:42.0359 3968 lanmanworkstation (1a1a7ace3190224c82f70561fc7a4774) C:\WINDOWS\System32\wkssvc.dll
02:13:42.0406 3968 lanmanworkstation - ok
02:13:42.0421 3968 lbrtfdc - ok
02:13:42.0484 3968 LmHosts (fe6c55d366d48f04df9318605d6ed5a7) C:\WINDOWS\System32\lmhsvc.dll
02:13:42.0484 3968 LmHosts - ok
02:13:42.0515 3968 lxbt_device - ok
02:13:42.0546 3968 maya70docserver - ok
02:13:42.0671 3968 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
02:13:42.0687 3968 McComponentHostService - ok
02:13:42.0718 3968 mcmispupdmgr - ok
02:13:42.0765 3968 McrdSvc (52404cc76e9d53843bdf97564bb16bed) C:\WINDOWS\ehome\mcrdsvc.exe
02:13:42.0781 3968 McrdSvc - ok
02:13:42.0859 3968 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
02:13:42.0859 3968 MDM - ok
02:13:42.0921 3968 Messenger (97939358ed4487cbb4a0d743ce958266) C:\WINDOWS\System32\msgsvc.dll
02:13:42.0921 3968 Messenger - ok
02:13:43.0000 3968 MHN (184a03058c8cc399ea37dbeff6a8365a) C:\WINDOWS\System32\mhn.dll
02:13:43.0000 3968 MHN - ok
02:13:43.0046 3968 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
02:13:43.0062 3968 MHNDRV - ok
02:13:43.0093 3968 midisyn - ok
02:13:43.0171 3968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:13:43.0171 3968 mnmdd - ok
02:13:43.0218 3968 mnmsrvc (75b66eb2a2fb8db29c838f1800cede90) C:\WINDOWS\system32\mnmsrvc.exe
02:13:43.0234 3968 mnmsrvc - ok
02:13:43.0281 3968 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys
02:13:43.0281 3968 Modem - ok
02:13:43.0328 3968 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:13:43.0343 3968 Mouclass - ok
02:13:43.0421 3968 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:13:43.0421 3968 mouhid - ok
02:13:43.0453 3968 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
02:13:43.0453 3968 MountMgr - ok
02:13:43.0484 3968 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
02:13:43.0500 3968 MPE - ok
02:13:43.0531 3968 mraid35x - ok
02:13:43.0562 3968 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:13:43.0562 3968 MRxDAV - ok
02:13:43.0640 3968 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:13:43.0703 3968 MRxSmb - ok
02:13:43.0750 3968 MSDTC (680639b08040cec24b8bd873b1f02f51) C:\WINDOWS\system32\msdtc.exe
02:13:43.0750 3968 MSDTC - ok
02:13:43.0812 3968 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
02:13:43.0812 3968 Msfs - ok
02:13:43.0843 3968 MSIServer - ok
02:13:43.0890 3968 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:13:43.0906 3968 MSKSSRV - ok
02:13:43.0968 3968 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:13:43.0968 3968 MSPCLOCK - ok
02:13:44.0015 3968 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
02:13:44.0015 3968 MSPQM - ok
02:13:44.0062 3968 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:13:44.0078 3968 mssmbios - ok
02:13:44.0125 3968 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
02:13:44.0125 3968 MSTEE - ok
02:13:44.0171 3968 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
02:13:44.0171 3968 Mup - ok
02:13:44.0250 3968 MySQL - ok
02:13:44.0328 3968 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
02:13:44.0328 3968 NABTSFEC - ok
02:13:44.0406 3968 napagent (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
02:13:44.0421 3968 napagent - ok
02:13:44.0421 3968 ndassvc - ok
02:13:44.0468 3968 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
02:13:44.0484 3968 NDIS - ok
02:13:44.0546 3968 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
02:13:44.0546 3968 NdisIP - ok
02:13:44.0593 3968 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:13:44.0593 3968 NdisTapi - ok
02:13:44.0625 3968 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:13:44.0625 3968 Ndisuio - ok
02:13:44.0640 3968 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:13:44.0640 3968 NdisWan - ok
02:13:44.0671 3968 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
02:13:44.0671 3968 NDProxy - ok
02:13:44.0703 3968 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:13:44.0703 3968 NetBIOS - ok
02:13:44.0718 3968 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:13:44.0734 3968 NetBT - ok
02:13:44.0781 3968 NetDDE (9ce77f7a22c27366da628ed4ba7d4ff9) C:\WINDOWS\system32\netdde.exe
02:13:44.0796 3968 NetDDE - ok
02:13:44.0796 3968 NetDDEdsdm (9ce77f7a22c27366da628ed4ba7d4ff9) C:\WINDOWS\system32\netdde.exe
02:13:44.0796 3968 NetDDEdsdm - ok
02:13:44.0843 3968 Netlogon (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
02:13:44.0843 3968 Netlogon - ok
02:13:44.0906 3968 Netman (624cf700bbfd8be4097aaa146e6bd363) C:\WINDOWS\System32\netman.dll
02:13:44.0921 3968 Netman - ok
02:13:45.0015 3968 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:13:45.0031 3968 NetTcpPortSharing - ok
02:13:45.0093 3968 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:13:45.0109 3968 NIC1394 - ok
02:13:45.0171 3968 Nla (8a52de10680a40ecd04fa2c0fbc34190) C:\WINDOWS\System32\mswsock.dll
02:13:45.0187 3968 Nla - ok
02:13:45.0234 3968 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
02:13:45.0234 3968 Npfs - ok
02:13:45.0281 3968 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
02:13:45.0296 3968 Ntfs - ok
02:13:45.0359 3968 NtLmSsp (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
02:13:45.0359 3968 NtLmSsp - ok
02:13:45.0421 3968 NtmsSvc (3f82a4226289510df300813b9b87f0e5) C:\WINDOWS\system32\ntmssvc.dll
02:13:45.0437 3968 NtmsSvc - ok
02:13:45.0500 3968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:13:45.0500 3968 Null - ok
02:13:45.0859 3968 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:13:46.0093 3968 nv - ok
02:13:46.0187 3968 nvata (7d960340be5b0e008bb94e4c3b991339) C:\WINDOWS\system32\DRIVERS\nvata.sys
02:13:46.0187 3968 nvata - ok
02:13:46.0218 3968 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
02:13:46.0218 3968 NVENETFD - ok
02:13:46.0281 3968 NVHDA (2d2b7b3ad297c659efa1d02852ca9860) C:\WINDOWS\system32\drivers\nvhda32.sys
02:13:46.0281 3968 NVHDA - ok
02:13:46.0328 3968 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
02:13:46.0328 3968 nvnetbus - ok
02:13:46.0375 3968 nvsvc (e48c1aa03b6519b51756e3232c093300) C:\WINDOWS\system32\nvsvc32.exe
02:13:46.0390 3968 nvsvc - ok
02:13:46.0437 3968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:13:46.0437 3968 NwlnkFlt - ok
02:13:46.0500 3968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:13:46.0500 3968 NwlnkFwd - ok
02:13:46.0562 3968 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:13:46.0562 3968 ohci1394 - ok
02:13:46.0640 3968 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
02:13:46.0656 3968 ose - ok
02:13:46.0718 3968 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\drivers\Parport.sys
02:13:46.0718 3968 Parport - ok
02:13:46.0781 3968 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
02:13:46.0781 3968 PartMgr - ok
02:13:46.0859 3968 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
02:13:46.0859 3968 ParVdm - ok
02:13:46.0906 3968 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys
02:13:46.0906 3968 PCI - ok
02:13:46.0968 3968 PCIDump - ok
02:13:47.0000 3968 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:13:47.0015 3968 PCIIde - ok
02:13:47.0031 3968 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:13:47.0046 3968 Pcmcia - ok
02:13:47.0046 3968 pcx1nd5 - ok
02:13:47.0078 3968 PDCOMP - ok
02:13:47.0093 3968 PDFRAME - ok
02:13:47.0140 3968 pdlnsv25 - ok
02:13:47.0171 3968 PDRELI - ok
02:13:47.0187 3968 PDRFRAME - ok
02:13:47.0234 3968 perc2 - ok
02:13:47.0250 3968 perc2hib - ok
02:13:47.0328 3968 PlugPlay (51a24094f076961a7ff73e5f7e991d68) C:\WINDOWS\system32\services.exe
02:13:47.0328 3968 PlugPlay - ok
02:13:47.0406 3968 Pml Driver HPZ12 (9d84376931440f3679beef2a414fa493) C:\WINDOWS\system32\HPZipm12.exe
02:13:47.0406 3968 Pml Driver HPZ12 - ok
02:13:47.0453 3968 PolicyAgent (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
02:13:47.0453 3968 PolicyAgent - ok
02:13:47.0531 3968 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:13:47.0531 3968 PptpMiniport - ok
02:13:47.0593 3968 Processor (f480712b761e538bc8e44ede60f3a3c3) C:\WINDOWS\system32\DRIVERS\processr.sys
02:13:47.0593 3968 Processor - ok
02:13:47.0625 3968 ProtectedStorage (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
02:13:47.0625 3968 ProtectedStorage - ok
02:13:47.0656 3968 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
02:13:47.0656 3968 PSched - ok
02:13:47.0703 3968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:13:47.0703 3968 Ptilink - ok
02:13:47.0781 3968 PxHelp20 (40f2031bd9148d3194353ea7dec97a07) C:\WINDOWS\system32\Drivers\PxHelp20.sys
02:13:47.0781 3968 PxHelp20 - ok
02:13:47.0812 3968 ql1080 - ok
02:13:47.0828 3968 Ql10wnt - ok
02:13:47.0859 3968 ql12160 - ok
02:13:47.0875 3968 ql1240 - ok
02:13:47.0906 3968 ql1280 - ok
02:13:47.0968 3968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:13:47.0968 3968 RasAcd - ok
02:13:48.0015 3968 RasAuto (24ea2ad2f7c2ba4721e35010b97fb4e3) C:\WINDOWS\System32\rasauto.dll
02:13:48.0015 3968 RasAuto - ok
02:13:48.0093 3968 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:13:48.0093 3968 Rasl2tp - ok
02:13:48.0156 3968 RasMan (6cbcbbd8d6dadd5f6fb0994cd67a8679) C:\WINDOWS\System32\rasmans.dll
02:13:48.0156 3968 RasMan - ok
02:13:48.0171 3968 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:13:48.0171 3968 RasPppoe - ok
02:13:48.0203 3968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:13:48.0203 3968 Raspti - ok
02:13:48.0234 3968 Rdbss (809ca45caa9072b3176ad44579d7f688) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:13:48.0265 3968 Rdbss - ok
02:13:48.0281 3968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:13:48.0281 3968 RDPCDD - ok
02:13:48.0359 3968 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:13:48.0375 3968 rdpdr - ok
02:13:48.0421 3968 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
02:13:48.0453 3968 RDPWD - ok
02:13:48.0515 3968 RDSessMgr (3126d9d63cdef5e3244ee2d97fbad59d) C:\WINDOWS\system32\sessmgr.exe
02:13:48.0515 3968 RDSessMgr - ok
02:13:48.0562 3968 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:13:48.0562 3968 redbook - ok
02:13:48.0625 3968 RemoteAccess (6e2cbbd6956a605ef98ffd4843928fed) C:\WINDOWS\System32\mprdim.dll
02:13:48.0625 3968 RemoteAccess - ok
02:13:48.0703 3968 RemoteRegistry (345d02087f5696749c6120359b1e2988) C:\WINDOWS\system32\regsvc.dll
02:13:48.0703 3968 RemoteRegistry - ok
02:13:48.0796 3968 RpcLocator (57cf313eb5cb2c9a0b3ff67437becdfa) C:\WINDOWS\system32\locator.exe
02:13:48.0796 3968 RpcLocator - ok
02:13:48.0843 3968 RpcSs (ba1ef616f55210820f6462d033088497) C:\WINDOWS\System32\rpcss.dll
02:13:48.0859 3968 RpcSs - ok
02:13:48.0906 3968 RSVP (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
02:13:48.0906 3968 RSVP - ok
02:13:48.0953 3968 s117obex (11028c6a84a967070cb1286550f2058f) C:\WINDOWS\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll
02:13:49.0015 3968 Suspicious file (NoAccess): C:\WINDOWS\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll. md5: 11028c6a84a967070cb1286550f2058f
02:13:49.0015 3968 s117obex ( Backdoor.Multi.ZAccess.gen ) - infected
02:13:49.0015 3968 s117obex - detected Backdoor.Multi.ZAccess.gen (0)
02:13:49.0140 3968 SamSs (9f3744a5c6f49291a7a685040a013399) C:\WINDOWS\system32\lsass.exe
02:13:49.0140 3968 SamSs - ok
02:13:49.0171 3968 SbcpHid - ok
02:13:49.0250 3968 SCardSvr (781f04fbbe9e1abc0f4769809ccaefc3) C:\WINDOWS\System32\SCardSvr.exe
02:13:49.0250 3968 SCardSvr - ok
02:13:49.0312 3968 Schedule (4612ec6daf695b87a2529fcbb95b75de) C:\WINDOWS\system32\schedsvc.dll
02:13:49.0312 3968 Schedule - ok
02:13:49.0328 3968 SE2Ebus - ok
02:13:49.0359 3968 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:13:49.0375 3968 Secdrv - ok
02:13:49.0390 3968 seclogon (775a33a1df28b4a98eeee5da2cdb12d9) C:\WINDOWS\System32\seclogon.dll
02:13:49.0406 3968 seclogon - ok
02:13:49.0421 3968 SENS (50f6f8e01ad2af261af86a3077b6fb6c) C:\WINDOWS\system32\sens.dll
02:13:49.0421 3968 SENS - ok
02:13:49.0437 3968 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\drivers\Serial.sys
02:13:49.0453 3968 Serial - ok
02:13:49.0468 3968 SfCtlCom - ok
02:13:49.0500 3968 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:13:49.0500 3968 Sfloppy - ok
02:13:49.0562 3968 SharedAccess (24a66112b3428c237b23efe70d2cf54d) C:\WINDOWS\System32\ipnathlp.dll
02:13:49.0562 3968 SharedAccess - ok
02:13:49.0625 3968 ShellHWDetection (b590e69a45ae8fcbf7ddade89cce3588) C:\WINDOWS\System32\shsvcs.dll
02:13:49.0625 3968 ShellHWDetection - ok
02:13:49.0640 3968 Simbad - ok
02:13:49.0703 3968 SIS163u (4edc881c138e778feb9bd24cbc6b33ed) C:\WINDOWS\system32\DRIVERS\sis163u.sys
02:13:49.0718 3968 SIS163u - ok
02:13:49.0734 3968 SISNICXP - ok
02:13:49.0796 3968 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
02:13:49.0796 3968 SLIP - ok
02:13:49.0843 3968 smstsmgr - ok
02:13:49.0875 3968 snoopfree - ok
02:13:49.0906 3968 Sntnlusb - ok
02:13:49.0984 3968 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
02:13:49.0984 3968 SONYPVU1 - ok
02:13:50.0015 3968 Sparrow - ok
02:13:50.0062 3968 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
02:13:50.0062 3968 splitter - ok
02:13:50.0140 3968 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
02:13:50.0140 3968 Spooler - ok
02:13:50.0187 3968 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\system32\DRIVERS\sr.sys
02:13:50.0203 3968 sr - ok
02:13:50.0281 3968 srservice (6469c53f4d16fa6055cca265bc03db66) C:\WINDOWS\system32\srsvc.dll
02:13:50.0296 3968 srservice - ok
02:13:50.0406 3968 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
02:13:50.0421 3968 Srv - ok
02:13:50.0515 3968 SSDPSRV (b636478a2569ae69caf003254022a742) C:\WINDOWS\System32\ssdpsrv.dll
02:13:50.0531 3968 SSDPSRV - ok
02:13:50.0687 3968 stisvc (52b7ec594152429daba1261b2b68ca01) C:\WINDOWS\system32\wiaservc.dll
02:13:50.0734 3968 stisvc - ok
02:13:50.0937 3968 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
02:13:50.0953 3968 streamip - ok
02:13:50.0953 3968 stylexpservice - ok
02:13:50.0968 3968 Subsonic - ok
02:13:51.0109 3968 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:13:51.0125 3968 swenum - ok
02:13:51.0343 3968 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Fichiers communs\Adobe\SwitchBoard\SwitchBoard.exe
02:13:51.0406 3968 SwitchBoard - ok
02:13:51.0500 3968 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
02:13:51.0515 3968 swmidi - ok
02:13:51.0531 3968 SwPrv - ok
02:13:51.0546 3968 symc810 - ok
02:13:51.0562 3968 symc8xx - ok
02:13:51.0578 3968 sym_hi - ok
02:13:51.0593 3968 sym_u3 - ok
02:13:51.0625 3968 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
02:13:51.0625 3968 sysaudio - ok
02:13:51.0671 3968 SysmonLog (0151e81b0e42f55bccbb0136982e360f) C:\WINDOWS\system32\smlogsvc.exe
02:13:51.0687 3968 SysmonLog - ok
02:13:51.0718 3968 TapiSrv (720da0c9db8996ad9b7f5164b2242daa) C:\WINDOWS\System32\tapisrv.dll
02:13:51.0734 3968 TapiSrv - ok
02:13:51.0828 3968 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:13:51.0828 3968 Tcpip - ok
02:13:51.0906 3968 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:13:51.0906 3968 TDPIPE - ok
02:13:51.0968 3968 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
02:13:51.0968 3968 TDTCP - ok
02:13:52.0015 3968 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:13:52.0015 3968 TermDD - ok
02:13:52.0062 3968 TermService (7d521b8cf926459e270d18c559323815) C:\WINDOWS\System32\termsrv.dll
02:13:52.0078 3968 TermService - ok
02:13:52.0171 3968 Themes (b590e69a45ae8fcbf7ddade89cce3588) C:\WINDOWS\System32\shsvcs.dll
02:13:52.0171 3968 Themes - ok
02:13:52.0218 3968 TlntSvr (3fa7832ec7174f6fd4eff0f567d2ea08) C:\WINDOWS\system32\tlntsvr.exe
02:13:52.0218 3968 TlntSvr - ok
02:13:52.0265 3968 TosIde - ok
02:13:52.0281 3968 tossmbnt - ok
02:13:52.0359 3968 TrkWks (ad69cbd0be5073f52e92737579b79a67) C:\WINDOWS\system32\trkwks.dll
02:13:52.0359 3968 TrkWks - ok
02:13:52.0390 3968 UCTblHid - ok
02:13:52.0468 3968 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
02:13:52.0468 3968 Udfs - ok
02:13:52.0515 3968 ultra - ok
02:13:52.0593 3968 UMWdf (9651e5d850b6f6bd7c77c70aa06f02bf) C:\WINDOWS\system32\wdfmgr.exe
02:13:52.0625 3968 UMWdf - ok
02:13:52.0687 3968 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
02:13:52.0687 3968 Update - ok
02:13:52.0765 3968 upnphost (168ae9938f6be31d198af92496ccfa33) C:\WINDOWS\System32\upnphost.dll
02:13:52.0781 3968 upnphost - ok
02:13:52.0828 3968 UPS (55a7273aea6f3160fcfc4aa7394f5047) C:\WINDOWS\System32\ups.exe
02:13:52.0828 3968 UPS - ok
02:13:52.0875 3968 USBCamera - ok
02:13:52.0921 3968 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:13:52.0921 3968 usbccgp - ok
02:13:52.0953 3968 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:13:52.0968 3968 usbehci - ok
02:13:53.0015 3968 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:13:53.0031 3968 usbhub - ok
02:13:53.0062 3968 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
02:13:53.0062 3968 usbohci - ok
02:13:53.0109 3968 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:13:53.0109 3968 usbprint - ok
02:13:53.0171 3968 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:13:53.0187 3968 usbscan - ok
02:13:53.0265 3968 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:13:53.0265 3968 usbstor - ok
02:13:53.0312 3968 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
02:13:53.0328 3968 VgaSave - ok
02:13:53.0375 3968 VHidMinidrv - ok
02:13:53.0406 3968 ViaIde - ok
02:13:53.0437 3968 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys
02:13:53.0437 3968 VolSnap - ok
02:13:53.0531 3968 VSS (0f5b203240184d34852936696df3e91d) C:\WINDOWS\System32\vssvc.exe
02:13:53.0546 3968 VSS - ok
02:13:53.0609 3968 W32Time (fb89c8b1d6a3c260a39669320c5d5827) C:\WINDOWS\system32\w32time.dll
02:13:53.0625 3968 W32Time - ok
02:13:53.0656 3968 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:13:53.0656 3968 Wanarp - ok
02:13:53.0687 3968 WDICA - ok
02:13:53.0718 3968 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
02:13:53.0734 3968 wdmaud - ok
02:13:53.0796 3968 WebClient (f0d5d252e806ad366bfbdec81324e8f7) C:\WINDOWS\System32\webclnt.dll
02:13:53.0796 3968 WebClient - ok
02:13:53.0875 3968 winmgmt (06156f20b90c6866d724d9ee6792044d) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:13:53.0875 3968 winmgmt - ok
02:13:53.0984 3968 WmdmPmSN (b9715b9c18bc6c8f4b66733d208cc9f7) C:\WINDOWS\system32\mspmsnsv.dll
02:13:54.0046 3968 WmdmPmSN - ok
02:13:54.0156 3968 Wmi (f0beb708c3228c699b5f76e743a9422b) C:\WINDOWS\System32\advapi32.dll
02:13:54.0203 3968 Wmi - ok
02:13:54.0281 3968 WmiApSrv (77945ea0bfdd662203f07fe5513a409d) C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:13:54.0281 3968 WmiApSrv - ok
02:13:54.0437 3968 WMPNetworkSvc (c9bea742ce225cc993c9465fddae4656) C:\Program Files\Windows Media Player\WMPNetwk.exe
02:13:54.0500 3968 WMPNetworkSvc - ok
02:13:54.0562 3968 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
02:13:54.0578 3968 WSTCODEC - ok
02:13:54.0640 3968 wuauserv (57fe69b6648e73559552779820fa0827) C:\WINDOWS\system32\wuauserv.dll
02:13:54.0656 3968 wuauserv - ok
02:13:54.0703 3968 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:13:54.0718 3968 WudfPf - ok
02:13:54.0765 3968 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:13:54.0781 3968 WudfRd - ok
02:13:54.0828 3968 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:13:54.0843 3968 WudfSvc - ok
02:13:54.0906 3968 WZCSVC (17647874e46121728a043bbd8e0e4081) C:\WINDOWS\System32\wzcsvc.dll
02:13:54.0937 3968 WZCSVC - ok
02:13:55.0015 3968 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
02:13:55.0015 3968 X10Hid - ok
02:13:55.0062 3968 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
02:13:55.0062 3968 x10nets - ok
02:13:55.0109 3968 xmlprov (21056aef44322c3e2dd5391b6aefa75a) C:\WINDOWS\System32\xmlprov.dll
02:13:55.0125 3968 xmlprov - ok
02:13:55.0187 3968 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
02:13:55.0187 3968 XUIF - ok
02:13:55.0203 3968 yediex - ok
02:13:55.0234 3968 z800mgmt - ok
02:13:55.0281 3968 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
02:13:55.0406 3968 \Device\Harddisk0\DR0 - ok
02:13:55.0406 3968 Boot (0x1200) (8a3c233f6533ab88c265fb6f913eea96) \Device\Harddisk0\DR0\Partition0
02:13:55.0406 3968 \Device\Harddisk0\DR0\Partition0 - ok
02:13:55.0406 3968 ============================================================
02:13:55.0406 3968 Scan finished
02:13:55.0406 3968 ============================================================
02:13:55.0421 2020 Detected object count: 1
02:13:55.0421 2020 Actual detected object count: 1
02:14:06.0593 2020 HKLM\SYSTEM\ControlSet002\services\s117obex - will be deleted on reboot
02:14:06.0593 2020 HKLM\SYSTEM\ControlSet004\services\s117obex - will be deleted on reboot
02:14:06.0593 2020 C:\WINDOWS\system32\{eda5f5d3-9e0f-4f4d-8a13-1d1cf469c9cc}.dll - will be deleted on reboot
02:14:06.0593 2020 s117obex ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
02:14:08.0421 3204 Deinitialize success
0
Réponse 14 / 39
hyuga59 Messages postés 287 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 25 mai 2012 53
8 avril 2012 à 02:36
Re,

Tu peux me dire le nom de l'infection que detecte AVG

Merci
0
Réponse 15 / 39
keelin
8 avril 2012 à 02:39
Qrypt.AQLW
0
Réponse 16 / 39
keelin
8 avril 2012 à 02:40
tu veux les chemins d'accès?
0
Réponse 17 / 39
hyuga59 Messages postés 287 Date d'inscription mardi 27 mars 2012 Statut Membre Dernière intervention 25 mai 2012 53
8 avril 2012 à 02:43
Re,

Oui, s'il te plait

Tu as lancé le diagnostic PC avec ZHP diag ? Le lien est donné plus haut
0
Réponse 18 / 39
keelin
8 avril 2012 à 02:57
mince alors, je voulais faire une impression ecran pour que tu puisse voir les differents chemin d'accès iniqués dans l'historique d'avg mais il ne se passe rien quand je clique dessus, alors je recopie, donc dans system 32 il me marque:
à 2:13:53 le cheval de troie à été trouvé dans {eda5f5d3-9e0f-4f4d-8a13-1d1cf469cc puis {dans l'autre sens que je ne trouve pas sur le clavier puis .dll
avant ca, à 01:41:51 il a été trouvé dans
DynDNS_Updater_Service.dll
avpnnic.dll
CoolexXPDriver.dll
UBHelper.dll
webrooterentrepriseupdateservice.dll
y en a d'autres ultérieurs a ceux-là, si tu veux que je te les donne, dis le moi, en attendant je vais faire le scan ZHP diag, il a finit de télécharger
merci!
0
Réponse 19 / 39
keelin
8 avril 2012 à 03:24
l'ordi a plante (alerte du bouclier resident en meme temps que le scan). je retente. entretemp j'ai finit de restaurer le systeme sur un portable qu'on m'a prete (et qui etait tellement bourre de merdes qu'il ne demarat meme plus), du coup je peux te tenir au courant en meme temps. La il a l'air de replanter, alerte du bouclier a nouveau:
toujours Crypt.AQLW chemin d'acces system32\deltafw.dll
et system32\dktknsrw.dll
0
Réponse 20 / 39
keelin
Modifié par keelin le 8/04/2012 à 03:26
en effet, il a bien plante, est ce que je desactive avg le temps de faire le scan avec ZHP diag?
ps j'ai pas d'accent sur le portable, dsl pour l'orthographe
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses