Sujet Précédent Sujet Suivant

Infection Trojan Hors Crypt.AQLW

Résolu/Fermé
Sellinger - 6 mai 2012 à 20:46
 Utilisateur anonyme - 8 mai 2012 à 13:53
Bonjour à tous,

Je suis infecté par un trojan répondant au doux nom de : "Trojan Jprse crypt.aqlw", détecté par mon Antivirus AVG.

Pourriez-vous m'aider à le supprimer ?

Merci bcp de votre aide (et j'en ai besoin)!

PS :Je suis sous XP!
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
Utilisateur anonyme
7 mai 2012 à 01:15
a mon avis si :

C:\WINDOWS\system32\drivers\netbt.sys;"Trojan horse ZeroAccess.BF";"Object is white-listed (critical/system file that should not be removed)"
2
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
7 mai 2012 à 01:16
Je me faisais la même réflexion.
0
Réponse 2 / 22
Utilisateur anonyme
6 mai 2012 à 21:00
Bonsoir

# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Télécharge et installe UsbFix de El Desaparecido , C_XX & Chimay8

http://eldesaparecido.com/usbfix.html

Ou ici

http://general-changelog-team.fr/telechargements/logiciels/viewdownload/80-outils-de-el-desaparecido/32-usbfix

Tutoriel de Malekal_Morte si besoin, merci à lui : https://www.malekal.com/usbfix-supprimer-virus-usb/

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir


# Double clic sur le raccourci UsbFix présent sur ton bureau.

# Choisi Recherche

# Laisse travailler l outil.

# Ensuite post le rapport UsbFix.txt qui apparaîtra.

# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. (C:\UsbFix.txt)

(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)


@+
0
Réponse 3 / 22
Sellinger
Modifié par Sellinger le 6/05/2012 à 22:02
Salut Guillaume,

Tout d'abord merci de t'intéresser à mon problème !
Update : merci du conseil :p


############################## | UsbFix V 7.087 | [Research]

User: Administrateur (Administrator) # GROSMANU
Updated 05/04/2012 by El Desaparecido
Started at 21:36:13 | 06/05/2012

Website: https://www.sosvirus.net/
Suspicious file ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com

PC: Dell Inc. (Precision WorkStation 670 ) (X86-based PC) # Desktop Computer
CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992)
CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992)
RAM -> [ Total : 3070 | Free : 1514 ]
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A07
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [ (!) Disabled ]
WU: Windows Update Service [ Enabled ]
FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Fixed drive # 68 Gb (20 Mb free - 30%) [System] # NTFS
D:\ -> Fixed drive # 81 Gb (42 Mb free - 52%) [New Volume] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 466 Gb (229 Mb free - 49%) [HITACHI] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (828)
C:\WINDOWS\system32\winlogon.exe (908)
C:\WINDOWS\system32\services.exe (952)
C:\WINDOWS\system32\lsass.exe (964)
C:\WINDOWS\system32\nvsvc32.exe (1140)
C:\WINDOWS\system32\svchost.exe (1164)
C:\WINDOWS\System32\svchost.exe (1308)
C:\WINDOWS\system32\spoolsv.exe (216)
C:\WINDOWS\Explorer.EXE (328)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (452)
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1576)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (1696)
C:\PROGRA~1\AVG\AVG8\avgtray.exe (1536)
C:\Program Files\Java\jre6\bin\jqs.exe (472)
C:\WINDOWS\system32\svchost.exe (700)
C:\WINDOWS\system32\RUNDLL32.EXE (736)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE (1108)
C:\PROGRA~1\AVG\AVG8\avgemc.exe (1836)
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (1376)
C:\PROGRA~1\AVG\AVG8\avgrsx.exe (3012)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (3140)
C:\Program Files\iTunes\iTunesHelper.exe (2404)
C:\Program Files\AVG\AVG8\avgcsrvx.exe (2532)
C:\Program Files\SuperCopier2\SuperCopier2.exe (3432)
C:\WINDOWS\system32\ctfmon.exe (3492)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (3636)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3780)
C:\Program Files\iPod\bin\iPodService.exe (4064)
C:\Program Files\UltraMon\UltraMon.exe (2188)
C:\Program Files\UltraMon\UltraMonTaskbar.exe (2368)
C:\WINDOWS\System32\svchost.exe (2612)
C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1936)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3068)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3060)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2160)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3304)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3356)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1428)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2336)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2328)
C:\Program Files\Mozilla Firefox\firefox.exe (3620)
C:\Program Files\Mozilla Firefox\plugin-container.exe (2036)
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE (4060)
C:\Program Files\AVG\AVG8\avgui.exe (3996)
C:\Program Files\AVG\AVG8\avgcsrvx.exe (696)
C:\WINDOWS\system32\mmc.exe (3176)
C:\Program Files\Common Files\Java\Java Update\jaucheck.exe (2552)
C:\UsbFix\Go.exe (3368)

################## | Files # Infected Folders |

Found ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ose00000.exe
Found ! G:\syncguid.dat

################## | Registry |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{72d7c762-9011-11de-a576-000f1f90efdf}
Shell\AutoRun\Command = G:\LaunchU3.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{c3530dcb-f18e-11de-98bb-000f1f90efdf}
Shell\AutoRun\Command = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe



################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |


Merci de ton aide!
0
Réponse 4 / 22
Utilisateur anonyme
6 mai 2012 à 21:58
Re

Commence par t'inscrire.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
6 mai 2012 à 22:23
Autre précision, il m'arrive d'être renvoyé sur de mauvaises pages, ex: quand je suis sur google et que je clique sur un lien, j'ai parfois une page chargée qui n'est pas la bonne (par ex site la redoute, ou autre).
Je ne sais pas si cela a un rapport, mais je préfère te l'indiquer aussi!

merci :)
0
Utilisateur anonyme
6 mai 2012 à 22:29
Re

Merci de répondre à la suite.
0
Réponse 6 / 22
Utilisateur anonyme
6 mai 2012 à 22:32
Re

Relance Option suppression et poste moi son rapport.
Merci

@+
0
Réponse 7 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
6 mai 2012 à 22:49
Voilà la suite ! thx

############################## | UsbFix V 7.087 | [Deletion]

User: Administrateur (Administrator) # GROSMANU
Updated 05/04/2012 by El Desaparecido
Started at 22:40:59 | 06/05/2012

Website: https://www.sosvirus.net/
Suspicious file ? : http://eldesaparecido.com/upload.html
Contact: contact@eldesaparecido.com

PC: Dell Inc. (Precision WorkStation 670 ) (X86-based PC) # Desktop Computer
CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992)
CPU: Intel(R) Xeon(TM) CPU 3.00GHz (2992)
RAM -> [ Total : 3070 | Free : 1490 ]
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A07
BOOT: Normal boot

OS: Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 8.0.6001.18702

SC: Security Center Service [ (!) Disabled ]
WU: Windows Update Service [ Enabled ]
FW: Windows FireWall Service [ Enabled ]

C:\ (%systemdrive%) -> Fixed drive # 68 Gb (20 Mb free - 30%) [System] # NTFS
D:\ -> Fixed drive # 81 Gb (42 Mb free - 52%) [New Volume] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 466 Gb (229 Mb free - 49%) [HITACHI] # FAT32

################## | Active Processes |

C:\WINDOWS\System32\smss.exe (828)
C:\WINDOWS\system32\winlogon.exe (908)
C:\WINDOWS\system32\services.exe (952)
C:\WINDOWS\system32\lsass.exe (964)
C:\WINDOWS\system32\nvsvc32.exe (1140)
C:\WINDOWS\system32\svchost.exe (1164)
C:\WINDOWS\System32\svchost.exe (1308)
C:\WINDOWS\system32\spoolsv.exe (216)
C:\WINDOWS\Explorer.EXE (328)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (452)
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1576)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (1696)
C:\Program Files\Java\jre6\bin\jqs.exe (472)
C:\WINDOWS\system32\svchost.exe (700)
C:\WINDOWS\system32\RUNDLL32.EXE (736)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE (1108)
C:\PROGRA~1\AVG\AVG8\avgemc.exe (1836)
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (1376)
C:\PROGRA~1\AVG\AVG8\avgrsx.exe (3012)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (3140)
C:\Program Files\iTunes\iTunesHelper.exe (2404)
C:\Program Files\AVG\AVG8\avgcsrvx.exe (2532)
C:\Program Files\SuperCopier2\SuperCopier2.exe (3432)
C:\WINDOWS\system32\ctfmon.exe (3492)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (3636)
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3780)
C:\Program Files\iPod\bin\iPodService.exe (4064)
C:\Program Files\UltraMon\UltraMon.exe (2188)
C:\Program Files\UltraMon\UltraMonTaskbar.exe (2368)
C:\WINDOWS\System32\svchost.exe (2612)
C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1936)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3068)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3060)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2160)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3304)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3356)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1428)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2336)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2328)
C:\Program Files\Mozilla Firefox\firefox.exe (3620)
C:\Program Files\Mozilla Firefox\plugin-container.exe (2036)
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE (4060)
C:\Program Files\AVG\AVG8\avgui.exe (3996)
C:\Program Files\AVG\AVG8\avgcsrvx.exe (696)
C:\Program Files\Common Files\Java\Java Update\jaucheck.exe (2552)
C:\WINDOWS\system32\NOTEPAD.EXE (3800)
C:\UsbFix\Go.exe (2824)

################## | Stopped processes |

Stopped! C:\WINDOWS\system32\nvsvc32.exe (1140)
Stopped! C:\WINDOWS\system32\spoolsv.exe (216)
Stopped! C:\WINDOWS\Explorer.EXE (328)
Stopped! C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (452)
Stopped! C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1576)
Stopped! C:\Program Files\Analog Devices\Core\smax4pnp.exe (1696)
Stopped! C:\Program Files\Java\jre6\bin\jqs.exe (472)
Stopped! C:\WINDOWS\system32\RUNDLL32.EXE (736)
Stopped! C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE (1108)
Stopped! C:\PROGRA~1\AVG\AVG8\avgemc.exe (1836)
Stopped! C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (1376)
Stopped! C:\PROGRA~1\AVG\AVG8\avgrsx.exe (3012)
Stopped! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3140)
Stopped! C:\Program Files\iTunes\iTunesHelper.exe (2404)
Stopped! C:\Program Files\AVG\AVG8\avgcsrvx.exe (2532)
Stopped! C:\Program Files\SuperCopier2\SuperCopier2.exe (3432)
Stopped! C:\WINDOWS\system32\ctfmon.exe (3492)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (3636)
Stopped! C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (3780)
Stopped! C:\Program Files\iPod\bin\iPodService.exe (4064)
Stopped! C:\Program Files\UltraMon\UltraMon.exe (2188)
Stopped! C:\Program Files\UltraMon\UltraMonTaskbar.exe (2368)
Stopped! C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1936)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3068)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3060)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2160)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3304)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (3356)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (1428)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2336)
Stopped! C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (2328)
Stopped! C:\Program Files\Mozilla Firefox\firefox.exe (3620)
Stopped! C:\Program Files\Mozilla Firefox\plugin-container.exe (2036)
Stopped! C:\Program Files\AVG\AVG8\avgui.exe (3996)
Stopped! C:\Program Files\AVG\AVG8\avgcsrvx.exe (696)
Stopped! C:\Program Files\Common Files\Java\Java Update\jaucheck.exe (2552)
Stopped! C:\WINDOWS\system32\NOTEPAD.EXE (3800)

################## | Files # Infected Folders |

Deleted ! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ose00000.exe
Deleted ! C:\Recycler\S-1-5-21-1409082233-1214440339-1417001333-500
Deleted ! D:\Recycler\S-1-5-21-1409082233-1214440339-1417001333-500
Deleted ! G:\syncguid.dat

(!) Temporary files deleted.

################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{72d7c762-9011-11de-a576-000f1f90efdf}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c3530dcb-f18e-11de-98bb-000f1f90efdf}

################## | Listing |

[06/05/2012 - 20:36:27 | D ] C:\$AVG8.VAULT$
[14/03/2010 - 19:50:57 | D ] C:\AHCache
[16/07/2009 - 02:00:15 | N | 0] C:\AUTOEXEC.BAT
[02/05/2012 - 19:29:04 | N | 211] C:\boot.ini
[16/07/2009 - 02:00:15 | N | 0] C:\CONFIG.SYS
[16/07/2009 - 02:16:47 | D ] C:\DELL
[16/07/2009 - 02:04:14 | D ] C:\Documents and Settings
[16/07/2009 - 02:20:55 | D ] C:\drvrtmp
[16/07/2009 - 02:00:15 | N | 0] C:\IO.SYS
[02/09/2011 - 18:30:52 | D ] C:\Jeux
[16/07/2009 - 02:00:15 | N | 0] C:\MSDOS.SYS
[10/08/2009 - 22:08:49 | RHD ] C:\MSOCache
[14/04/2008 - 05:13:04 | N | 47564] C:\NTDETECT.COM
[14/04/2008 - 07:01:44 | N | 250048] C:\ntldr
[16/07/2009 - 02:15:14 | D ] C:\NVIDIA
[06/05/2012 - 20:19:49 | ASH | 2145386496] C:\pagefile.sys
[05/05/2012 - 23:05:34 | D ] C:\Program Files
[20/02/2011 - 14:07:36 | D ] C:\ProgramData
[06/05/2012 - 22:42:46 | SHD ] C:\RECYCLER
[16/07/2009 - 02:03:58 | SHD ] C:\System Volume Information
[06/05/2012 - 22:42:57 | D ] C:\UsbFix
[06/05/2012 - 22:42:58 | A | 7313] C:\UsbFix.txt
[05/05/2012 - 22:47:21 | D ] C:\WINDOWS
[16/03/2010 - 19:40:47 | D ] D:\2c6e74645b2a63073f22ebdc90
[03/05/2012 - 19:56:53 | D ] D:\Jeux
[20/08/2011 - 20:11:29 | D ] D:\Musique
[25/08/2011 - 22:30:15 | D ] D:\Photos+Vidéos
[06/05/2012 - 22:42:55 | SHD ] D:\RECYCLER
[16/11/2009 - 23:18:21 | SHD ] D:\System Volume Information
[12/04/2011 - 18:52:30 | D ] G:\LOST.DIR
[15/08/2010 - 08:32:36 | D ] G:\fscommand
[29/12/2010 - 14:51:08 | SHD ] G:\System Volume Information
[29/12/2010 - 14:54:28 | SHD ] G:\Recycled
[30/12/2010 - 22:12:04 | D ] G:\Musique
[31/12/2010 - 12:17:14 | D ] G:\Film
[16/10/2010 - 11:17:30 | D ] G:\Jeux
[06/01/2011 - 17:34:24 | D ] G:\Sauvegardes
[09/01/2011 - 13:07:12 | D ] G:\Série
[15/01/2011 - 09:21:40 | SHD ] G:\$RECYCLE.BIN
[24/01/2012 - 21:38:36 | D ] G:\Ana
[08/01/2012 - 18:41:44 | D ] G:\Musiques à classer
[22/01/2012 - 23:14:10 | D ] G:\Homeplazza
[04/02/2012 - 15:56:26 | D ] G:\VLCPortable
[02/09/2011 - 14:34:08 | D ] G:\Series à copier sur DDE

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_GROSMANU.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |
0
Réponse 8 / 22
Utilisateur anonyme
6 mai 2012 à 22:54
Re

Relance une analyse avec ton antivirus à jour et poste moi ce rapport.
Merci
@+
0
Réponse 9 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
7 mai 2012 à 01:08
alors voici la suite :

Scan "Scan whole computer" was finished.
Infections;"5";"0";"5"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"dimanche 6 mai 2012, 22:58:41"
Scan finished:;"lundi 7 mai 2012, 00:41:49 (1 hour(s) 43 minute(s) 7 second(s))"
Total object scanned:;"719960"
User who launched the scan:;"Administrateur"

Infections
File;"Infection";"Result"
C:\WINDOWS\system32\drivers\netbt.sys;"Trojan horse ZeroAccess.BF";"Object is white-listed (critical/system file that should not be removed)"
G:\Jeux\Android apps\Android apps\Acronis Disk Director Suite 10.0.2160.zip;"Trojan horse Generic17.BYN";"Infected"
G:\Jeux\Android apps\Android apps\Acronis Disk Director Suite 10.0.2160.zip:\Acronis Disk Director Suite 10.0.2160\crack\Keygen-ZWT.exe;"Trojan horse Generic17.BYN";"Infected"
G:\Sauvegardes\Logiciels\Android apps\Android apps\Acronis Disk Director Suite 10.0.2160.zip;"Trojan horse Generic17.BYN";"Infected"
G:\Sauvegardes\Logiciels\Android apps\Android apps\Acronis Disk Director Suite 10.0.2160.zip:\Acronis Disk Director Suite 10.0.2160\crack\Keygen-ZWT.exe;"Trojan horse Generic17.BYN";"Infected"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\NetworkService\Cookies\202DHZO3.txt;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\202DHZO3.txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\202DHZO3.txt:\advertising.com.82fea56;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\202DHZO3.txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\6IZTVSC0.txt;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\6IZTVSC0.txt:\revsci.net.1ecc4d24;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\NU02YA3H.txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\NU02YA3H.txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\NU02YA3H.txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\NU02YA3H.txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\NU02YA3H.txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\NU02YA3H.txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\NU02YA3H.txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\RIOVZP8F.txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\RIOVZP8F.txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\RIOVZP8F.txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\UP302DN7.txt;"Found Tracking cookie.Weborama";"Moved to Virus Vault"
C:\Documents and Settings\NetworkService\Cookies\UP302DN7.txt:\weborama.fr.30104bcb;"Found Tracking cookie.Weborama";"Moved to Virus Vault"
0
Réponse 10 / 22
Utilisateur anonyme
7 mai 2012 à 01:11
Re

Que de la misère. ;-))

Tu n'as plus de problème?
0
Réponse 11 / 22
Utilisateur anonyme
7 mai 2012 à 01:16
Re

attendons sa réponse;-)

@+
0
Réponse 12 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
7 mai 2012 à 01:40
Bonsoir à vous tous,
Merci de votre aide!

Suis-je sur la bonne voie ?


Et bien je n'ai plus de message d'AVG me trouvant en permanence des pbs donc ca c'est positif, mais j'ai toujours parfois des pages non désirées qui s'affichent (mais qui ne sont pas des pop ups)..
0
Réponse 13 / 22
Utilisateur anonyme
7 mai 2012 à 01:43
Re

Et bien vérifions comme le mentionne g3n-h@ckm@n

Télécharge TDSSKiller

*Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
* Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.


Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau

Sinon il est enregistré ici : C:\TDSSKiller_N°Version_Date_Heure.txt

Poste moi son rapport à l'issue; merci

@+
0
Réponse 14 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
Modifié par Sellinger le 7/05/2012 à 02:28
Re!

Grosse frayeur, je redémarre, tout semble fonctionner puis au moment ou la session s'ouvre écran bleu avec écrit :
"stop C000021a {Fatal system Error] the windows logon process system process terminated unexpectedly with a status of
the system has been shutdown"
Je redemarre (à la sauvage en appuyant sur le bouton d'allumage) car les touches ne fonctionnaient plus. Ca me refait une fois la même chose, et là heureusement à la troisieme tentative la session s'ouvre normalement.

Sinon pour le rapport :


02:04:08.0906 1368 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
02:04:09.0093 1368 ============================================================
02:04:09.0093 1368 Current date / time: 2012/05/07 02:04:09.0093
02:04:09.0093 1368 SystemInfo:
02:04:09.0093 1368
02:04:09.0093 1368 OS Version: 5.1.2600 ServicePack: 3.0
02:04:09.0093 1368 Product type: Workstation
02:04:09.0093 1368 ComputerName: GROSMANU
02:04:09.0093 1368 UserName: Administrateur
02:04:09.0093 1368 Windows directory: C:\WINDOWS
02:04:09.0093 1368 System windows directory: C:\WINDOWS
02:04:09.0093 1368 Processor architecture: Intel x86
02:04:09.0093 1368 Number of processors: 4
02:04:09.0093 1368 Page size: 0x1000
02:04:09.0093 1368 Boot type: Normal boot
02:04:09.0093 1368 ============================================================
02:04:16.0609 1368 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:04:16.0625 1368 Drive \Device\Harddisk1\DR11 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:04:19.0421 1368 ============================================================
02:04:19.0421 1368 \Device\Harddisk0\DR0:
02:04:19.0453 1368 MBR partitions:
02:04:19.0468 1368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B50DC
02:04:19.0484 1368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88B515A, BlocksNum 0xA163967
02:04:19.0484 1368 \Device\Harddisk1\DR11:
02:04:19.0484 1368 MBR partitions:
02:04:19.0484 1368 \Device\Harddisk1\DR11\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
02:04:19.0484 1368 ============================================================
02:04:19.0515 1368 C: <-> \Device\Harddisk0\DR0\Partition0
02:04:19.0546 1368 D: <-> \Device\Harddisk0\DR0\Partition1
02:04:19.0562 1368 G: <-> \Device\Harddisk1\DR11\Partition0
02:04:19.0562 1368 ============================================================
02:04:19.0562 1368 Initialize success
02:04:19.0562 1368 ============================================================
02:04:32.0953 3776 ============================================================
02:04:32.0953 3776 Scan started
02:04:32.0953 3776 Mode: Manual;
02:04:32.0953 3776 ============================================================
02:04:35.0671 3776 a320raid (28615e07c5b8803841a038418406b98e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
02:04:35.0718 3776 a320raid - ok
02:04:35.0718 3776 Abiosdsk - ok
02:04:35.0718 3776 abp480n5 - ok
02:04:35.0750 3776 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:04:35.0781 3776 ACPI - ok
02:04:35.0812 3776 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
02:04:35.0812 3776 ACPIEC - ok
02:04:35.0875 3776 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
02:04:35.0875 3776 AdobeFlashPlayerUpdateSvc - ok
02:04:35.0890 3776 adpu160m - ok
02:04:35.0921 3776 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
02:04:35.0921 3776 aec - ok
02:04:35.0968 3776 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
02:04:36.0015 3776 AFD - ok
02:04:36.0031 3776 Aha154x - ok
02:04:36.0031 3776 aic78u2 - ok
02:04:36.0046 3776 aic78xx - ok
02:04:36.0078 3776 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
02:04:36.0109 3776 Alerter - ok
02:04:36.0125 3776 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
02:04:36.0140 3776 ALG - ok
02:04:36.0140 3776 AliIde - ok
02:04:36.0156 3776 amsint - ok
02:04:36.0234 3776 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:04:36.0234 3776 Apple Mobile Device - ok
02:04:36.0265 3776 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
02:04:36.0296 3776 AppMgmt - ok
02:04:36.0390 3776 AR9271 (8dbeb23baf83d7161a69503bd5fc0162) C:\WINDOWS\system32\DRIVERS\athuw.sys
02:04:36.0578 3776 AR9271 - ok
02:04:36.0671 3776 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
02:04:36.0687 3776 Arp1394 - ok
02:04:36.0687 3776 asc - ok
02:04:36.0703 3776 asc3350p - ok
02:04:36.0703 3776 asc3550 - ok
02:04:36.0781 3776 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:04:36.0843 3776 aspnet_state - ok
02:04:36.0859 3776 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:04:36.0875 3776 AsyncMac - ok
02:04:36.0906 3776 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
02:04:36.0906 3776 atapi - ok
02:04:36.0906 3776 Atdisk - ok
02:04:36.0921 3776 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:04:36.0937 3776 Atmarpc - ok
02:04:36.0953 3776 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
02:04:36.0953 3776 AudioSrv - ok
02:04:37.0000 3776 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
02:04:37.0000 3776 audstub - ok
02:04:37.0109 3776 avg8emc (b9ae3c63a53396cd669ef8ae9c9cbd85) C:\PROGRA~1\AVG\AVG8\avgemc.exe
02:04:37.0140 3776 avg8emc - ok
02:04:37.0171 3776 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
02:04:37.0171 3776 avg8wd - ok
02:04:37.0203 3776 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
02:04:37.0234 3776 AvgLdx86 - ok
02:04:37.0250 3776 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
02:04:37.0265 3776 AvgMfx86 - ok
02:04:37.0281 3776 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
02:04:37.0296 3776 AvgTdiX - ok
02:04:37.0328 3776 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
02:04:37.0343 3776 Beep - ok
02:04:37.0390 3776 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
02:04:37.0734 3776 BITS - ok
02:04:37.0765 3776 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
02:04:37.0781 3776 Browser - ok
02:04:37.0781 3776 BVRPMPR5 - ok
02:04:37.0812 3776 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
02:04:37.0828 3776 cbidf2k - ok
02:04:37.0843 3776 cd20xrnt - ok
02:04:37.0875 3776 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
02:04:37.0890 3776 Cdaudio - ok
02:04:37.0921 3776 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
02:04:37.0953 3776 Cdfs - ok
02:04:37.0968 3776 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:04:37.0984 3776 Cdrom - ok
02:04:37.0984 3776 Changer - ok
02:04:38.0000 3776 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
02:04:38.0031 3776 CiSvc - ok
02:04:38.0046 3776 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
02:04:38.0062 3776 ClipSrv - ok
02:04:38.0140 3776 clr_optimization_v2.0.50727_32 (7fa87325900183197bc9710d1ce4c9fa) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:04:38.0218 3776 clr_optimization_v2.0.50727_32 - ok
02:04:38.0281 3776 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:04:38.0343 3776 clr_optimization_v4.0.30319_32 - ok
02:04:38.0359 3776 CmdIde - ok
02:04:38.0359 3776 COMSysApp - ok
02:04:38.0375 3776 Cpqarray - ok
02:04:38.0406 3776 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
02:04:38.0406 3776 CryptSvc - ok
02:04:38.0421 3776 cwcwdm - ok
02:04:38.0421 3776 dac2w2k - ok
02:04:38.0437 3776 dac960nt - ok
02:04:38.0906 3776 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
02:04:38.0921 3776 DcomLaunch - ok
02:04:38.0937 3776 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
02:04:38.0937 3776 Dhcp - ok
02:04:38.0953 3776 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
02:04:38.0968 3776 Disk - ok
02:04:38.0984 3776 dmadmin - ok
02:04:39.0046 3776 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
02:04:39.0109 3776 dmboot - ok
02:04:39.0125 3776 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
02:04:39.0156 3776 dmio - ok
02:04:39.0171 3776 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
02:04:39.0187 3776 dmload - ok
02:04:39.0187 3776 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
02:04:39.0203 3776 dmserver - ok
02:04:39.0234 3776 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
02:04:39.0234 3776 DMusic - ok
02:04:39.0234 3776 dnetc - ok
02:04:39.0265 3776 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
02:04:39.0281 3776 Dnscache - ok
02:04:39.0312 3776 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
02:04:39.0328 3776 Dot3svc - ok
02:04:39.0343 3776 dpti2o - ok
02:04:39.0359 3776 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
02:04:39.0359 3776 drmkaud - ok
02:04:39.0390 3776 E1000 (bb98a47faf8b6a99202290c1e7d49d36) C:\WINDOWS\system32\DRIVERS\e1000325.sys
02:04:39.0406 3776 E1000 - ok
02:04:39.0515 3776 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
02:04:39.0546 3776 EapHost - ok
02:04:39.0562 3776 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
02:04:39.0562 3776 ERSvc - ok
02:04:39.0593 3776 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:04:39.0640 3776 Eventlog - ok
02:04:39.0671 3776 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
02:04:39.0703 3776 EventSystem - ok
02:04:39.0750 3776 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
02:04:39.0765 3776 Fastfat - ok
02:04:39.0796 3776 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:04:39.0843 3776 FastUserSwitchingCompatibility - ok
02:04:39.0859 3776 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
02:04:39.0875 3776 Fdc - ok
02:04:39.0875 3776 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
02:04:39.0890 3776 Fips - ok
02:04:39.0906 3776 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
02:04:39.0921 3776 Flpydisk - ok
02:04:39.0953 3776 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
02:04:40.0000 3776 FltMgr - ok
02:04:40.0062 3776 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
02:04:40.0078 3776 FontCache3.0.0.0 - ok
02:04:40.0093 3776 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:04:40.0109 3776 Fs_Rec - ok
02:04:40.0125 3776 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:04:40.0156 3776 Ftdisk - ok
02:04:40.0187 3776 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
02:04:40.0203 3776 GcKernel - ok
02:04:40.0234 3776 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
02:04:40.0250 3776 GEARAspiWDM - ok
02:04:40.0265 3776 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:04:40.0296 3776 Gpc - ok
02:04:40.0343 3776 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:04:40.0343 3776 helpsvc - ok
02:04:40.0375 3776 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
02:04:40.0390 3776 HidServ - ok
02:04:40.0421 3776 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
02:04:40.0437 3776 HIDSwvd - ok
02:04:40.0593 3776 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:04:40.0609 3776 hidusb - ok
02:04:40.0812 3776 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
02:04:40.0843 3776 hkmsvc - ok
02:04:40.0843 3776 hpn - ok
02:04:40.0890 3776 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
02:04:40.0937 3776 HTTP - ok
02:04:40.0953 3776 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
02:04:40.0968 3776 HTTPFilter - ok
02:04:40.0968 3776 i2omgmt - ok
02:04:40.0984 3776 i2omp - ok
02:04:41.0000 3776 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
02:04:41.0015 3776 i8042prt - ok
02:04:41.0078 3776 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
02:04:41.0171 3776 idsvc - ok
02:04:41.0203 3776 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
02:04:41.0218 3776 Imapi - ok
02:04:41.0234 3776 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
02:04:41.0281 3776 ImapiService - ok
02:04:41.0281 3776 ini910u - ok
02:04:41.0328 3776 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
02:04:41.0343 3776 IntelIde - ok
02:04:41.0359 3776 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:04:41.0375 3776 intelppm - ok
02:04:41.0390 3776 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
02:04:41.0406 3776 Ip6Fw - ok
02:04:41.0421 3776 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:04:41.0437 3776 IpFilterDriver - ok
02:04:41.0437 3776 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:04:41.0453 3776 IpInIp - ok
02:04:41.0640 3776 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:04:41.0671 3776 IpNat - ok
02:04:41.0750 3776 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
02:04:41.0875 3776 iPod Service - ok
02:04:41.0906 3776 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:04:41.0921 3776 IPSec - ok
02:04:41.0937 3776 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
02:04:41.0953 3776 IRENUM - ok
02:04:41.0984 3776 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:04:41.0984 3776 isapnp - ok
02:04:42.0046 3776 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
02:04:42.0093 3776 JavaQuickStarterService - ok
02:04:42.0125 3776 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:04:42.0140 3776 Kbdclass - ok
02:04:42.0156 3776 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
02:04:42.0156 3776 kbdhid - ok
02:04:42.0187 3776 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
02:04:42.0203 3776 kmixer - ok
02:04:42.0218 3776 KMWDFilter - ok
02:04:42.0250 3776 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
02:04:42.0281 3776 KSecDD - ok
02:04:42.0312 3776 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
02:04:42.0343 3776 LanmanServer - ok
02:04:42.0375 3776 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
02:04:42.0406 3776 lanmanworkstation - ok
02:04:42.0406 3776 lbrtfdc - ok
02:04:42.0421 3776 LKbdFlt2 - ok
02:04:42.0515 3776 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
02:04:42.0531 3776 LmHosts - ok
02:04:42.0531 3776 mcdbus - ok
02:04:42.0578 3776 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
02:04:42.0609 3776 Messenger - ok
02:04:42.0625 3776 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
02:04:42.0640 3776 mnmdd - ok
02:04:42.0671 3776 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
02:04:42.0687 3776 mnmsrvc - ok
02:04:42.0703 3776 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
02:04:42.0718 3776 Modem - ok
02:04:42.0734 3776 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:04:42.0750 3776 Mouclass - ok
02:04:42.0765 3776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
02:04:42.0781 3776 mouhid - ok
02:04:42.0781 3776 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
02:04:42.0796 3776 MountMgr - ok
02:04:42.0796 3776 mraid35x - ok
02:04:42.0828 3776 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:04:42.0843 3776 MRxDAV - ok
02:04:42.0890 3776 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:04:42.0921 3776 MRxSmb - ok
02:04:42.0953 3776 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
02:04:42.0968 3776 MSDTC - ok
02:04:43.0000 3776 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
02:04:43.0015 3776 Msfs - ok
02:04:43.0015 3776 MSIServer - ok
02:04:43.0046 3776 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:04:43.0046 3776 MSKSSRV - ok
02:04:43.0078 3776 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:04:43.0093 3776 MSPCLOCK - ok
02:04:43.0109 3776 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
02:04:43.0109 3776 MSPQM - ok
02:04:43.0140 3776 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:04:43.0140 3776 mssmbios - ok
02:04:43.0171 3776 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
02:04:43.0203 3776 Mup - ok
02:04:43.0250 3776 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
02:04:43.0281 3776 napagent - ok
02:04:43.0312 3776 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
02:04:43.0343 3776 NDIS - ok
02:04:43.0375 3776 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:04:43.0390 3776 NdisTapi - ok
02:04:43.0390 3776 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:04:43.0390 3776 Ndisuio - ok
02:04:43.0406 3776 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:04:43.0437 3776 NdisWan - ok
02:04:43.0453 3776 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
02:04:43.0515 3776 NDProxy - ok
02:04:43.0656 3776 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
02:04:43.0671 3776 NetBIOS - ok
02:04:43.0687 3776 NetBT (830c2c3b6bed255f9717dd29713dcfd8) C:\WINDOWS\system32\DRIVERS\netbt.sys
02:04:43.0828 3776 NetBT ( Virus.Win32.ZAccess.k ) - infected
02:04:43.0828 3776 NetBT - detected Virus.Win32.ZAccess.k (0)
02:04:44.0125 3776 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:04:44.0156 3776 NetDDE - ok
02:04:44.0156 3776 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
02:04:44.0156 3776 NetDDEdsdm - ok
02:04:44.0187 3776 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:04:44.0203 3776 Netlogon - ok
02:04:44.0250 3776 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
02:04:44.0265 3776 Netman - ok
02:04:44.0328 3776 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
02:04:44.0375 3776 NetTcpPortSharing - ok
02:04:44.0375 3776 NETw4v32 - ok
02:04:44.0609 3776 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
02:04:44.0625 3776 NIC1394 - ok
02:04:44.0640 3776 nimcdlbk - ok
02:04:44.0671 3776 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
02:04:44.0687 3776 Nla - ok
02:04:44.0703 3776 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
02:04:44.0703 3776 Npfs - ok
02:04:44.0750 3776 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
02:04:44.0781 3776 Ntfs - ok
02:04:44.0796 3776 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:04:44.0796 3776 NtLmSsp - ok
02:04:44.0828 3776 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
02:04:44.0890 3776 NtmsSvc - ok
02:04:44.0906 3776 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
02:04:44.0921 3776 Null - ok
02:04:45.0265 3776 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:04:45.0890 3776 nv - ok
02:04:46.0000 3776 nvsvc (ce8cce2b9f96aca02e5ded4298a7796d) C:\WINDOWS\system32\nvsvc32.exe
02:04:46.0031 3776 nvsvc - ok
02:04:46.0078 3776 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:04:46.0093 3776 NwlnkFlt - ok
02:04:46.0109 3776 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:04:46.0125 3776 NwlnkFwd - ok
02:04:46.0265 3776 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:04:46.0375 3776 odserv - ok
02:04:46.0406 3776 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
02:04:46.0421 3776 ohci1394 - ok
02:04:46.0421 3776 oracleorahome92pagingserver - ok
02:04:46.0734 3776 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:04:46.0843 3776 ose - ok
02:04:46.0875 3776 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
02:04:46.0890 3776 Parport - ok
02:04:46.0890 3776 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
02:04:46.0906 3776 PartMgr - ok
02:04:46.0921 3776 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
02:04:46.0937 3776 ParVdm - ok
02:04:46.0953 3776 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
02:04:46.0984 3776 PCI - ok
02:04:46.0984 3776 PCIDump - ok
02:04:47.0015 3776 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
02:04:47.0031 3776 PCIIde - ok
02:04:47.0062 3776 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
02:04:47.0093 3776 Pcmcia - ok
02:04:47.0093 3776 PDCOMP - ok
02:04:47.0093 3776 PDFRAME - ok
02:04:47.0109 3776 PDRELI - ok
02:04:47.0109 3776 PDRFRAME - ok
02:04:47.0125 3776 perc2 - ok
02:04:47.0125 3776 perc2hib - ok
02:04:47.0171 3776 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
02:04:47.0171 3776 PlugPlay - ok
02:04:47.0187 3776 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:04:47.0187 3776 PolicyAgent - ok
02:04:47.0187 3776 ppped - ok
02:04:47.0203 3776 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:04:47.0234 3776 PptpMiniport - ok
02:04:47.0234 3776 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:04:47.0234 3776 ProtectedStorage - ok
02:04:47.0250 3776 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
02:04:47.0265 3776 PSched - ok
02:04:47.0296 3776 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:04:47.0312 3776 Ptilink - ok
02:04:47.0312 3776 ql1080 - ok
02:04:47.0312 3776 Ql10wnt - ok
02:04:47.0328 3776 ql12160 - ok
02:04:47.0328 3776 ql1240 - ok
02:04:47.0343 3776 ql1280 - ok
02:04:47.0359 3776 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:04:47.0375 3776 RasAcd - ok
02:04:47.0390 3776 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
02:04:47.0421 3776 RasAuto - ok
02:04:47.0421 3776 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:04:47.0437 3776 Rasl2tp - ok
02:04:47.0734 3776 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
02:04:47.0765 3776 RasMan - ok
02:04:47.0781 3776 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:04:47.0796 3776 RasPppoe - ok
02:04:47.0921 3776 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
02:04:47.0953 3776 Raspti - ok
02:04:48.0296 3776 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:04:48.0328 3776 Rdbss - ok
02:04:48.0343 3776 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:04:48.0359 3776 RDPCDD - ok
02:04:48.0390 3776 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:04:48.0421 3776 rdpdr - ok
02:04:48.0515 3776 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
02:04:48.0656 3776 RDPWD - ok
02:04:48.0734 3776 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
02:04:48.0796 3776 RDSessMgr - ok
02:04:48.0828 3776 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
02:04:48.0843 3776 redbook - ok
02:04:48.0875 3776 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
02:04:48.0890 3776 RemoteAccess - ok
02:04:48.0906 3776 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
02:04:48.0921 3776 RemoteRegistry - ok
02:04:48.0921 3776 RimUsb - ok
02:04:48.0937 3776 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
02:04:48.0968 3776 RpcLocator - ok
02:04:49.0015 3776 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
02:04:49.0015 3776 RpcSs - ok
02:04:49.0046 3776 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
02:04:49.0078 3776 RSVP - ok
02:04:49.0109 3776 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
02:04:49.0109 3776 SamSs - ok
02:04:49.0125 3776 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
02:04:49.0140 3776 SCardSvr - ok
02:04:49.0171 3776 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
02:04:49.0187 3776 Schedule - ok
02:04:49.0203 3776 sdbus - ok
02:04:49.0218 3776 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:04:49.0218 3776 Secdrv - ok
02:04:49.0234 3776 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
02:04:49.0234 3776 seclogon - ok
02:04:49.0296 3776 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
02:04:49.0406 3776 senfilt - ok
02:04:49.0421 3776 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
02:04:49.0437 3776 SENS - ok
02:04:49.0640 3776 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
02:04:49.0656 3776 Serenum - ok
02:04:49.0671 3776 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
02:04:49.0687 3776 Serial - ok
02:04:49.0734 3776 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
02:04:49.0750 3776 Sfloppy - ok
02:04:49.0796 3776 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
02:04:49.0812 3776 SharedAccess - ok
02:04:49.0843 3776 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:04:49.0843 3776 ShellHWDetection - ok
02:04:49.0843 3776 Simbad - ok
02:04:49.0875 3776 slabbus (886dbe1e6de104591e8b7334b6d42ed8) C:\WINDOWS\system32\DRIVERS\slabbus.sys
02:04:49.0890 3776 slabbus - ok
02:04:49.0906 3776 slabser (2f3a6eebbbbb158caaa78790fd49e7c3) C:\WINDOWS\system32\DRIVERS\slabser.sys
02:04:49.0921 3776 slabser - ok
02:04:49.0921 3776 slapd-data52 - ok
02:04:49.0984 3776 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
02:04:50.0000 3776 smwdm - ok
02:04:50.0015 3776 Sparrow - ok
02:04:50.0046 3776 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
02:04:50.0046 3776 splitter - ok
02:04:50.0078 3776 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
02:04:50.0078 3776 Spooler - ok
02:04:50.0125 3776 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
02:04:50.0125 3776 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
02:04:50.0140 3776 sptd ( LockedFile.Multi.Generic ) - warning
02:04:50.0140 3776 sptd - detected LockedFile.Multi.Generic (1)
02:04:50.0171 3776 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
02:04:50.0187 3776 sr - ok
02:04:50.0218 3776 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
02:04:50.0234 3776 srservice - ok
02:04:50.0281 3776 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
02:04:50.0328 3776 Srv - ok
02:04:50.0343 3776 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
02:04:50.0359 3776 SSDPSRV - ok
02:04:50.0406 3776 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
02:04:50.0453 3776 stisvc - ok
02:04:50.0468 3776 svcwrsssdk - ok
02:04:50.0781 3776 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
02:04:50.0796 3776 swenum - ok
02:04:50.0953 3776 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
02:04:50.0968 3776 swmidi - ok
02:04:50.0984 3776 SwPrv - ok
02:04:50.0984 3776 symc810 - ok
02:04:50.0984 3776 symc8xx - ok
02:04:51.0000 3776 sym_hi - ok
02:04:51.0000 3776 sym_u3 - ok
02:04:51.0031 3776 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
02:04:51.0031 3776 sysaudio - ok
02:04:51.0062 3776 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
02:04:51.0078 3776 SysmonLog - ok
02:04:51.0093 3776 tandpl - ok
02:04:51.0125 3776 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
02:04:51.0156 3776 TapiSrv - ok
02:04:51.0203 3776 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:04:51.0234 3776 Tcpip - ok
02:04:51.0265 3776 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
02:04:51.0281 3776 TDPIPE - ok
02:04:51.0296 3776 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
02:04:51.0312 3776 TDTCP - ok
02:04:51.0328 3776 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
02:04:51.0343 3776 TermDD - ok
02:04:51.0375 3776 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
02:04:51.0406 3776 TermService - ok
02:04:51.0421 3776 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
02:04:51.0437 3776 Themes - ok
02:04:51.0687 3776 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
02:04:51.0718 3776 TlntSvr - ok
02:04:51.0734 3776 TosIde - ok
02:04:51.0750 3776 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
02:04:51.0750 3776 TrkWks - ok
02:04:51.0781 3776 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
02:04:51.0796 3776 Udfs - ok
02:04:51.0796 3776 ultra - ok
02:04:51.0859 3776 UltraMonUtility (65b91dc137297451ab29f609da510fd9) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
02:04:51.0875 3776 UltraMonUtility - ok
02:04:51.0921 3776 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
02:04:51.0953 3776 Update - ok
02:04:51.0968 3776 UpdateCenterService - ok
02:04:51.0984 3776 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
02:04:52.0031 3776 upnphost - ok
02:04:52.0031 3776 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
02:04:52.0046 3776 UPS - ok
02:04:52.0078 3776 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
02:04:52.0093 3776 USBAAPL - ok
02:04:52.0109 3776 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:04:52.0125 3776 usbccgp - ok
02:04:52.0156 3776 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:04:52.0171 3776 usbehci - ok
02:04:52.0218 3776 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:04:52.0234 3776 usbhub - ok
02:04:52.0265 3776 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:04:52.0281 3776 usbprint - ok
02:04:52.0296 3776 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
02:04:52.0312 3776 usbscan - ok
02:04:52.0343 3776 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:04:52.0343 3776 USBSTOR - ok
02:04:52.0390 3776 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:04:52.0390 3776 usbuhci - ok
02:04:52.0406 3776 useraccess7 - ok
02:04:52.0437 3776 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
02:04:52.0453 3776 VgaSave - ok
02:04:52.0453 3776 ViaIde - ok
02:04:52.0875 3776 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
02:04:52.0875 3776 VolSnap - ok
02:04:52.0906 3776 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
02:04:52.0953 3776 VSS - ok
02:04:52.0968 3776 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
02:04:52.0984 3776 W32Time - ok
02:04:53.0000 3776 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:04:53.0015 3776 Wanarp - ok
02:04:53.0062 3776 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
02:04:53.0093 3776 Wdf01000 - ok
02:04:53.0093 3776 WDICA - ok
02:04:53.0125 3776 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
02:04:53.0140 3776 wdmaud - ok
02:04:53.0156 3776 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
02:04:53.0156 3776 WebClient - ok
02:04:53.0203 3776 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
02:04:53.0218 3776 winmgmt - ok
02:04:53.0296 3776 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
02:04:53.0343 3776 WinVNC4 - ok
02:04:53.0375 3776 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
02:04:53.0406 3776 WmdmPmSN - ok
02:04:53.0796 3776 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
02:04:53.0812 3776 Wmi - ok
02:04:53.0859 3776 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
02:04:53.0890 3776 WmiApSrv - ok
02:04:54.0000 3776 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:04:54.0093 3776 WPFFontCache_v0400 - ok
02:04:54.0125 3776 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
02:04:54.0140 3776 wuauserv - ok
02:04:54.0171 3776 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:04:54.0187 3776 WudfPf - ok
02:04:54.0203 3776 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:04:54.0234 3776 WudfRd - ok
02:04:54.0250 3776 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
02:04:54.0312 3776 WudfSvc - ok
02:04:54.0359 3776 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
02:04:54.0375 3776 WZCSVC - ok
02:04:54.0390 3776 x10nets - ok
02:04:54.0390 3776 XDva004 - ok
02:04:54.0421 3776 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
02:04:54.0640 3776 xmlprov - ok
02:04:55.0000 3776 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
02:04:55.0015 3776 xusb21 - ok
02:04:55.0046 3776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
02:04:55.0187 3776 \Device\Harddisk0\DR0 - ok
02:04:55.0218 3776 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR11
02:04:55.0218 3776 \Device\Harddisk1\DR11 - ok
02:04:55.0234 3776 Boot (0x1200) (2b2053adc912a3d382bc834d164c62d7) \Device\Harddisk0\DR0\Partition0
02:04:55.0234 3776 \Device\Harddisk0\DR0\Partition0 - ok
02:04:55.0250 3776 Boot (0x1200) (9c6f35e56104d6667fa1d9215d7cb43d) \Device\Harddisk0\DR0\Partition1
02:04:55.0250 3776 \Device\Harddisk0\DR0\Partition1 - ok
02:04:55.0250 3776 Boot (0x1200) (0ef17cf7396f907177be0d4966eb4a8c) \Device\Harddisk1\DR11\Partition0
02:04:55.0250 3776 \Device\Harddisk1\DR11\Partition0 - ok
02:04:55.0265 3776 ============================================================
02:04:55.0265 3776 Scan finished
02:04:55.0265 3776 ============================================================
02:04:55.0265 1832 Detected object count: 2
02:04:55.0265 1832 Actual detected object count: 2
02:06:25.0656 1832 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
02:06:26.0296 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\@ - copied to quarantine
02:06:26.0312 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\cfg.ini - copied to quarantine
02:06:26.0312 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\Desktop.ini - copied to quarantine
02:06:26.0359 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\L\oixszxzn - copied to quarantine
02:06:26.0359 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\oemid - copied to quarantine
02:06:26.0375 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\00000001.@ - copied to quarantine
02:06:26.0406 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\00000002.@ - copied to quarantine
02:06:26.0421 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\00000004.@ - copied to quarantine
02:06:26.0437 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\80000000.@ - copied to quarantine
02:06:26.0562 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\80000004.@ - copied to quarantine
02:06:26.0671 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\80000032.@ - copied to quarantine
02:06:26.0703 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\version - copied to quarantine
02:06:27.0406 1832 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
02:06:29.0671 1832 Backup copy found, using it..
02:06:29.0859 1832 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
02:06:31.0156 1832 C:\WINDOWS\$NtUninstallKB3362$\2536294762 - will be deleted on reboot
02:06:31.0156 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\@ - will be deleted on reboot
02:06:31.0156 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\cfg.ini - will be deleted on reboot
02:06:31.0156 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\Desktop.ini - will be deleted on reboot
02:06:31.0203 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\oemid - will be deleted on reboot
02:06:31.0203 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\00000001.@ - will be deleted on reboot
02:06:31.0203 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\00000002.@ - will be deleted on reboot
02:06:31.0203 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\00000004.@ - will be deleted on reboot
02:06:31.0218 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\80000000.@ - will be deleted on reboot
02:06:31.0218 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\80000004.@ - will be deleted on reboot
02:06:31.0218 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\U\80000032.@ - will be deleted on reboot
02:06:31.0218 1832 C:\WINDOWS\$NtUninstallKB3362$\3852724353\version - will be deleted on reboot
02:06:31.0218 1832 NetBT ( Virus.Win32.ZAccess.k ) - User select action: Cure
02:06:31.0218 1832 sptd ( LockedFile.Multi.Generic ) - skipped by user
02:06:31.0218 1832 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
02:08:56.0546 4048 Deinitialize success
0
Réponse 15 / 22
Utilisateur anonyme
7 mai 2012 à 02:30
Re

Bien vu ;-)

Remet un nouveau scan TDSSkiller;merci

@+
0
Réponse 16 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
7 mai 2012 à 02:39
Je refais ça demain et je t'indique le résultat du rapport !

En tout cas merci beaucoup de ton temps.

Mais à ton avis est-ce un problème grave ? Car je suis un peu perdu dans ce que je fais!
0
Réponse 17 / 22
Utilisateur anonyme
7 mai 2012 à 02:41
Re

Ton problème grave est quasiment résolu.

Bonne nuit et @ plus tard

0
Réponse 18 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
7 mai 2012 à 18:45
Bonjour Guillaume5188,
Merci de me rassurer :p


Voici le nouveau scan :


18:44:00.0500 3612 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
18:44:00.0703 3612 ============================================================
18:44:00.0703 3612 Current date / time: 2012/05/07 18:44:00.0703
18:44:00.0703 3612 SystemInfo:
18:44:00.0703 3612
18:44:00.0703 3612 OS Version: 5.1.2600 ServicePack: 3.0
18:44:00.0703 3612 Product type: Workstation
18:44:00.0703 3612 ComputerName: GROSMANU
18:44:00.0703 3612 UserName: Administrateur
18:44:00.0703 3612 Windows directory: C:\WINDOWS
18:44:00.0703 3612 System windows directory: C:\WINDOWS
18:44:00.0703 3612 Processor architecture: Intel x86
18:44:00.0703 3612 Number of processors: 4
18:44:00.0703 3612 Page size: 0x1000
18:44:00.0703 3612 Boot type: Normal boot
18:44:00.0703 3612 ============================================================
18:44:06.0031 3612 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:44:06.0031 3612 Drive \Device\Harddisk1\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:44:06.0062 3612 ============================================================
18:44:06.0062 3612 \Device\Harddisk0\DR0:
18:44:06.0062 3612 MBR partitions:
18:44:06.0062 3612 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x88B50DC
18:44:06.0078 3612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x88B515A, BlocksNum 0xA163967
18:44:06.0078 3612 \Device\Harddisk1\DR3:
18:44:06.0078 3612 MBR partitions:
18:44:06.0078 3612 \Device\Harddisk1\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
18:44:06.0078 3612 ============================================================
18:44:06.0125 3612 C: <-> \Device\Harddisk0\DR0\Partition0
18:44:06.0156 3612 D: <-> \Device\Harddisk0\DR0\Partition1
18:44:06.0156 3612 G: <-> \Device\Harddisk1\DR3\Partition0
18:44:06.0156 3612 ============================================================
18:44:06.0156 3612 Initialize success
18:44:06.0156 3612 ============================================================
18:44:10.0031 4064 ============================================================
18:44:10.0031 4064 Scan started
18:44:10.0031 4064 Mode: Manual;
18:44:10.0031 4064 ============================================================
18:44:13.0703 4064 a320raid (28615e07c5b8803841a038418406b98e) C:\WINDOWS\system32\DRIVERS\a320raid.sys
18:44:13.0734 4064 a320raid - ok
18:44:13.0750 4064 Abiosdsk - ok
18:44:13.0750 4064 abp480n5 - ok
18:44:13.0781 4064 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:44:13.0796 4064 ACPI - ok
18:44:13.0812 4064 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:44:13.0828 4064 ACPIEC - ok
18:44:13.0875 4064 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:44:13.0875 4064 AdobeFlashPlayerUpdateSvc - ok
18:44:13.0890 4064 adpu160m - ok
18:44:13.0921 4064 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:44:13.0937 4064 aec - ok
18:44:13.0968 4064 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:44:14.0015 4064 AFD - ok
18:44:14.0015 4064 Aha154x - ok
18:44:14.0031 4064 aic78u2 - ok
18:44:14.0031 4064 aic78xx - ok
18:44:14.0062 4064 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:44:14.0093 4064 Alerter - ok
18:44:14.0125 4064 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:44:14.0125 4064 ALG - ok
18:44:14.0125 4064 AliIde - ok
18:44:14.0140 4064 amsint - ok
18:44:14.0218 4064 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:44:14.0218 4064 Apple Mobile Device - ok
18:44:14.0250 4064 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:44:14.0281 4064 AppMgmt - ok
18:44:14.0375 4064 AR9271 (8dbeb23baf83d7161a69503bd5fc0162) C:\WINDOWS\system32\DRIVERS\athuw.sys
18:44:14.0421 4064 AR9271 - ok
18:44:14.0656 4064 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:44:14.0671 4064 Arp1394 - ok
18:44:14.0671 4064 asc - ok
18:44:14.0687 4064 asc3350p - ok
18:44:14.0687 4064 asc3550 - ok
18:44:14.0781 4064 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:44:14.0828 4064 aspnet_state - ok
18:44:14.0843 4064 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:44:14.0859 4064 AsyncMac - ok
18:44:14.0875 4064 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:44:14.0875 4064 atapi - ok
18:44:14.0890 4064 Atdisk - ok
18:44:14.0906 4064 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:44:14.0921 4064 Atmarpc - ok
18:44:14.0937 4064 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:44:14.0937 4064 AudioSrv - ok
18:44:14.0968 4064 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:44:14.0984 4064 audstub - ok
18:44:15.0093 4064 avg8emc (b9ae3c63a53396cd669ef8ae9c9cbd85) C:\PROGRA~1\AVG\AVG8\avgemc.exe
18:44:15.0093 4064 avg8emc - ok
18:44:15.0125 4064 avg8wd (db338a6bd3976904eb0f8343f51e64eb) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
18:44:15.0125 4064 avg8wd - ok
18:44:15.0156 4064 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
18:44:15.0171 4064 AvgLdx86 - ok
18:44:15.0187 4064 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
18:44:15.0203 4064 AvgMfx86 - ok
18:44:15.0218 4064 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
18:44:15.0234 4064 AvgTdiX - ok
18:44:15.0265 4064 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:44:15.0281 4064 Beep - ok
18:44:15.0328 4064 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:44:15.0437 4064 BITS - ok
18:44:15.0453 4064 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:44:15.0453 4064 Browser - ok
18:44:15.0468 4064 BVRPMPR5 - ok
18:44:15.0484 4064 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:44:15.0515 4064 cbidf2k - ok
18:44:15.0515 4064 cd20xrnt - ok
18:44:15.0812 4064 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:44:15.0812 4064 Cdaudio - ok
18:44:15.0828 4064 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:44:15.0843 4064 Cdfs - ok
18:44:15.0859 4064 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:44:15.0875 4064 Cdrom - ok
18:44:15.0890 4064 Changer - ok
18:44:15.0906 4064 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:44:15.0921 4064 CiSvc - ok
18:44:15.0921 4064 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:44:15.0953 4064 ClipSrv - ok
18:44:16.0015 4064 clr_optimization_v2.0.50727_32 (7fa87325900183197bc9710d1ce4c9fa) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:16.0078 4064 clr_optimization_v2.0.50727_32 - ok
18:44:16.0125 4064 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:44:16.0171 4064 clr_optimization_v4.0.30319_32 - ok
18:44:16.0171 4064 CmdIde - ok
18:44:16.0171 4064 COMSysApp - ok
18:44:16.0187 4064 Cpqarray - ok
18:44:16.0234 4064 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:44:16.0234 4064 CryptSvc - ok
18:44:16.0234 4064 cwcwdm - ok
18:44:16.0250 4064 dac2w2k - ok
18:44:16.0250 4064 dac960nt - ok
18:44:16.0312 4064 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:44:16.0312 4064 DcomLaunch - ok
18:44:16.0328 4064 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:44:16.0328 4064 Dhcp - ok
18:44:16.0343 4064 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:44:16.0359 4064 Disk - ok
18:44:16.0359 4064 dmadmin - ok
18:44:16.0421 4064 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:44:16.0515 4064 dmboot - ok
18:44:16.0656 4064 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:44:16.0671 4064 dmio - ok
18:44:16.0703 4064 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:44:16.0718 4064 dmload - ok
18:44:16.0734 4064 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:44:16.0734 4064 dmserver - ok
18:44:16.0781 4064 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:44:16.0781 4064 DMusic - ok
18:44:16.0781 4064 dnetc - ok
18:44:16.0812 4064 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:44:16.0843 4064 Dnscache - ok
18:44:16.0859 4064 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:44:16.0890 4064 Dot3svc - ok
18:44:16.0890 4064 dpti2o - ok
18:44:16.0921 4064 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:44:16.0921 4064 drmkaud - ok
18:44:16.0953 4064 E1000 (bb98a47faf8b6a99202290c1e7d49d36) C:\WINDOWS\system32\DRIVERS\e1000325.sys
18:44:16.0968 4064 E1000 - ok
18:44:16.0984 4064 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:44:17.0000 4064 EapHost - ok
18:44:17.0015 4064 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:44:17.0031 4064 ERSvc - ok
18:44:17.0046 4064 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:44:17.0062 4064 Eventlog - ok
18:44:17.0078 4064 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:44:17.0093 4064 EventSystem - ok
18:44:17.0109 4064 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:44:17.0109 4064 Fastfat - ok
18:44:17.0125 4064 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:44:17.0156 4064 FastUserSwitchingCompatibility - ok
18:44:17.0171 4064 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:44:17.0187 4064 Fdc - ok
18:44:17.0203 4064 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:44:17.0218 4064 Fips - ok
18:44:17.0218 4064 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:44:17.0234 4064 Flpydisk - ok
18:44:17.0359 4064 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:44:17.0390 4064 FltMgr - ok
18:44:17.0453 4064 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:44:17.0468 4064 FontCache3.0.0.0 - ok
18:44:17.0500 4064 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:44:17.0500 4064 Fs_Rec - ok
18:44:17.0890 4064 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:44:17.0906 4064 Ftdisk - ok
18:44:17.0937 4064 GcKernel (72fe2bea6863d4eb93442a1c4fb5ca48) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
18:44:17.0953 4064 GcKernel - ok
18:44:17.0984 4064 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:44:18.0000 4064 GEARAspiWDM - ok
18:44:18.0031 4064 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:44:18.0046 4064 Gpc - ok
18:44:18.0093 4064 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:44:18.0093 4064 helpsvc - ok
18:44:18.0109 4064 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:44:18.0125 4064 HidServ - ok
18:44:18.0156 4064 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
18:44:18.0156 4064 HIDSwvd - ok
18:44:18.0187 4064 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:44:18.0203 4064 hidusb - ok
18:44:18.0218 4064 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:44:18.0250 4064 hkmsvc - ok
18:44:18.0250 4064 hpn - ok
18:44:18.0296 4064 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:44:18.0296 4064 HTTP - ok
18:44:18.0312 4064 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:44:18.0328 4064 HTTPFilter - ok
18:44:18.0328 4064 i2omgmt - ok
18:44:18.0328 4064 i2omp - ok
18:44:18.0343 4064 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
18:44:18.0375 4064 i8042prt - ok
18:44:18.0453 4064 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:44:18.0500 4064 idsvc - ok
18:44:18.0703 4064 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:44:18.0718 4064 Imapi - ok
18:44:19.0421 4064 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:44:19.0531 4064 ImapiService - ok
18:44:19.0546 4064 ini910u - ok
18:44:20.0218 4064 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:44:20.0250 4064 IntelIde - ok
18:44:20.0328 4064 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:44:20.0343 4064 intelppm - ok
18:44:20.0359 4064 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:44:20.0375 4064 Ip6Fw - ok
18:44:20.0390 4064 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:44:20.0406 4064 IpFilterDriver - ok
18:44:20.0406 4064 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:44:20.0421 4064 IpInIp - ok
18:44:20.0453 4064 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:44:20.0453 4064 IpNat - ok
18:44:20.0531 4064 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
18:44:20.0546 4064 iPod Service - ok
18:44:20.0718 4064 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:44:20.0734 4064 IPSec - ok
18:44:20.0750 4064 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:44:20.0765 4064 IRENUM - ok
18:44:20.0796 4064 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:44:20.0812 4064 isapnp - ok
18:44:20.0875 4064 JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
18:44:20.0875 4064 JavaQuickStarterService - ok
18:44:20.0906 4064 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:44:20.0906 4064 Kbdclass - ok
18:44:20.0921 4064 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:44:20.0937 4064 kbdhid - ok
18:44:20.0968 4064 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:44:20.0984 4064 kmixer - ok
18:44:20.0984 4064 KMWDFilter - ok
18:44:21.0031 4064 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:44:21.0062 4064 KSecDD - ok
18:44:21.0093 4064 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:44:21.0109 4064 LanmanServer - ok
18:44:21.0125 4064 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:44:21.0140 4064 lanmanworkstation - ok
18:44:21.0140 4064 lbrtfdc - ok
18:44:21.0156 4064 LKbdFlt2 - ok
18:44:21.0187 4064 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:44:21.0187 4064 LmHosts - ok
18:44:21.0203 4064 mcdbus - ok
18:44:21.0234 4064 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:44:21.0250 4064 Messenger - ok
18:44:21.0281 4064 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:44:21.0296 4064 mnmdd - ok
18:44:21.0328 4064 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:44:21.0343 4064 mnmsrvc - ok
18:44:21.0359 4064 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:44:21.0375 4064 Modem - ok
18:44:21.0390 4064 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:44:21.0406 4064 Mouclass - ok
18:44:21.0421 4064 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:44:21.0437 4064 mouhid - ok
18:44:21.0453 4064 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:44:21.0468 4064 MountMgr - ok
18:44:21.0468 4064 mraid35x - ok
18:44:21.0500 4064 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:44:21.0515 4064 MRxDAV - ok
18:44:21.0765 4064 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:44:21.0796 4064 MRxSmb - ok
18:44:21.0828 4064 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:44:21.0843 4064 MSDTC - ok
18:44:21.0890 4064 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:44:21.0906 4064 Msfs - ok
18:44:21.0906 4064 MSIServer - ok
18:44:21.0937 4064 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:44:21.0953 4064 MSKSSRV - ok
18:44:21.0968 4064 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:44:21.0984 4064 MSPCLOCK - ok
18:44:22.0000 4064 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:44:22.0015 4064 MSPQM - ok
18:44:22.0031 4064 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:44:22.0031 4064 mssmbios - ok
18:44:22.0046 4064 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:44:22.0093 4064 Mup - ok
18:44:22.0125 4064 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:44:22.0171 4064 napagent - ok
18:44:22.0203 4064 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:44:22.0218 4064 NDIS - ok
18:44:22.0328 4064 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:44:22.0328 4064 NdisTapi - ok
18:44:22.0343 4064 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:44:22.0343 4064 Ndisuio - ok
18:44:22.0359 4064 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:44:22.0375 4064 NdisWan - ok
18:44:22.0406 4064 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:44:22.0421 4064 NDProxy - ok
18:44:22.0421 4064 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:44:22.0437 4064 NetBIOS - ok
18:44:22.0468 4064 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:44:22.0500 4064 NetBT - ok
18:44:22.0515 4064 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:44:22.0656 4064 NetDDE - ok
18:44:22.0656 4064 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:44:22.0656 4064 NetDDEdsdm - ok
18:44:22.0703 4064 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:22.0703 4064 Netlogon - ok
18:44:22.0734 4064 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:44:22.0734 4064 Netman - ok
18:44:22.0812 4064 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:44:22.0859 4064 NetTcpPortSharing - ok
18:44:22.0859 4064 NETw4v32 - ok
18:44:22.0890 4064 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:44:22.0890 4064 NIC1394 - ok
18:44:22.0906 4064 nimcdlbk - ok
18:44:22.0937 4064 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:44:22.0953 4064 Nla - ok
18:44:22.0968 4064 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:44:22.0984 4064 Npfs - ok
18:44:23.0015 4064 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:44:23.0062 4064 Ntfs - ok
18:44:23.0062 4064 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:23.0062 4064 NtLmSsp - ok
18:44:23.0109 4064 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:44:23.0156 4064 NtmsSvc - ok
18:44:23.0187 4064 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:44:23.0187 4064 Null - ok
18:44:23.0562 4064 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:44:23.0828 4064 nv - ok
18:44:23.0921 4064 nvsvc (ce8cce2b9f96aca02e5ded4298a7796d) C:\WINDOWS\system32\nvsvc32.exe
18:44:23.0921 4064 nvsvc - ok
18:44:23.0953 4064 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:44:23.0968 4064 NwlnkFlt - ok
18:44:23.0984 4064 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:44:24.0000 4064 NwlnkFwd - ok
18:44:24.0125 4064 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:44:24.0234 4064 odserv - ok
18:44:24.0265 4064 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:44:24.0265 4064 ohci1394 - ok
18:44:24.0265 4064 oracleorahome92pagingserver - ok
18:44:24.0296 4064 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:44:24.0343 4064 ose - ok
18:44:24.0375 4064 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:44:24.0390 4064 Parport - ok
18:44:24.0421 4064 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:44:24.0421 4064 PartMgr - ok
18:44:24.0453 4064 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:44:24.0453 4064 ParVdm - ok
18:44:24.0484 4064 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:44:24.0515 4064 PCI - ok
18:44:24.0515 4064 PCIDump - ok
18:44:24.0734 4064 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:44:24.0765 4064 PCIIde - ok
18:44:24.0890 4064 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:44:24.0906 4064 Pcmcia - ok
18:44:24.0906 4064 PDCOMP - ok
18:44:24.0921 4064 PDFRAME - ok
18:44:24.0937 4064 PDRELI - ok
18:44:24.0937 4064 PDRFRAME - ok
18:44:24.0953 4064 perc2 - ok
18:44:24.0953 4064 perc2hib - ok
18:44:25.0000 4064 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:44:25.0000 4064 PlugPlay - ok
18:44:25.0031 4064 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:25.0031 4064 PolicyAgent - ok
18:44:25.0031 4064 ppped - ok
18:44:25.0046 4064 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:44:25.0062 4064 PptpMiniport - ok
18:44:25.0078 4064 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:25.0078 4064 ProtectedStorage - ok
18:44:25.0093 4064 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:44:25.0109 4064 PSched - ok
18:44:25.0140 4064 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:44:25.0140 4064 Ptilink - ok
18:44:25.0156 4064 ql1080 - ok
18:44:25.0156 4064 Ql10wnt - ok
18:44:25.0171 4064 ql12160 - ok
18:44:25.0171 4064 ql1240 - ok
18:44:25.0187 4064 ql1280 - ok
18:44:25.0203 4064 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:44:25.0218 4064 RasAcd - ok
18:44:25.0250 4064 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:44:25.0281 4064 RasAuto - ok
18:44:25.0296 4064 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:44:25.0312 4064 Rasl2tp - ok
18:44:25.0328 4064 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:44:25.0328 4064 RasMan - ok
18:44:25.0343 4064 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:44:25.0343 4064 RasPppoe - ok
18:44:25.0390 4064 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:44:25.0406 4064 Raspti - ok
18:44:25.0437 4064 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:44:25.0484 4064 Rdbss - ok
18:44:25.0500 4064 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:44:25.0500 4064 RDPCDD - ok
18:44:25.0968 4064 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:44:26.0000 4064 rdpdr - ok
18:44:26.0109 4064 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:44:26.0140 4064 RDPWD - ok
18:44:26.0187 4064 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:44:26.0234 4064 RDSessMgr - ok
18:44:26.0250 4064 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:44:26.0281 4064 redbook - ok
18:44:26.0312 4064 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:44:26.0328 4064 RemoteAccess - ok
18:44:26.0359 4064 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:44:26.0359 4064 RemoteRegistry - ok
18:44:26.0359 4064 RimUsb - ok
18:44:26.0390 4064 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:44:26.0421 4064 RpcLocator - ok
18:44:26.0468 4064 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:44:26.0468 4064 RpcSs - ok
18:44:26.0500 4064 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:44:26.0546 4064 RSVP - ok
18:44:26.0656 4064 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:44:26.0656 4064 SamSs - ok
18:44:26.0671 4064 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:44:26.0703 4064 SCardSvr - ok
18:44:26.0734 4064 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:44:26.0734 4064 Schedule - ok
18:44:26.0734 4064 sdbus - ok
18:44:26.0750 4064 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:44:26.0765 4064 Secdrv - ok
18:44:26.0781 4064 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:44:26.0781 4064 seclogon - ok
18:44:26.0843 4064 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:44:26.0843 4064 senfilt - ok
18:44:26.0859 4064 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:44:26.0859 4064 SENS - ok
18:44:26.0875 4064 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:44:26.0890 4064 Serenum - ok
18:44:26.0937 4064 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:44:26.0953 4064 Serial - ok
18:44:26.0984 4064 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:44:27.0000 4064 Sfloppy - ok
18:44:27.0031 4064 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:44:27.0046 4064 SharedAccess - ok
18:44:27.0062 4064 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:44:27.0062 4064 ShellHWDetection - ok
18:44:27.0078 4064 Simbad - ok
18:44:27.0093 4064 slabbus (886dbe1e6de104591e8b7334b6d42ed8) C:\WINDOWS\system32\DRIVERS\slabbus.sys
18:44:27.0109 4064 slabbus - ok
18:44:27.0250 4064 slabser (2f3a6eebbbbb158caaa78790fd49e7c3) C:\WINDOWS\system32\DRIVERS\slabser.sys
18:44:27.0265 4064 slabser - ok
18:44:27.0265 4064 slapd-data52 - ok
18:44:27.0312 4064 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
18:44:27.0312 4064 smwdm - ok
18:44:27.0328 4064 Sparrow - ok
18:44:27.0406 4064 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:44:27.0406 4064 splitter - ok
18:44:27.0453 4064 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:44:27.0453 4064 Spooler - ok
18:44:27.0500 4064 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
18:44:27.0531 4064 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
18:44:27.0578 4064 sptd ( LockedFile.Multi.Generic ) - warning
18:44:27.0578 4064 sptd - detected LockedFile.Multi.Generic (1)
18:44:28.0125 4064 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:44:28.0140 4064 sr - ok
18:44:28.0171 4064 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:44:28.0171 4064 srservice - ok
18:44:28.0218 4064 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:44:28.0250 4064 Srv - ok
18:44:28.0265 4064 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:44:28.0265 4064 SSDPSRV - ok
18:44:28.0328 4064 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:44:28.0343 4064 stisvc - ok
18:44:28.0343 4064 svcwrsssdk - ok
18:44:28.0359 4064 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:44:28.0375 4064 swenum - ok
18:44:28.0406 4064 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:44:28.0406 4064 swmidi - ok
18:44:28.0406 4064 SwPrv - ok
18:44:28.0421 4064 symc810 - ok
18:44:28.0421 4064 symc8xx - ok
18:44:28.0437 4064 sym_hi - ok
18:44:28.0437 4064 sym_u3 - ok
18:44:28.0453 4064 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:44:28.0453 4064 sysaudio - ok
18:44:28.0484 4064 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:44:28.0515 4064 SysmonLog - ok
18:44:28.0515 4064 tandpl - ok
18:44:28.0718 4064 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:44:28.0734 4064 TapiSrv - ok
18:44:28.0781 4064 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:44:28.0812 4064 Tcpip - ok
18:44:28.0843 4064 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:44:28.0859 4064 TDPIPE - ok
18:44:28.0875 4064 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:44:28.0890 4064 TDTCP - ok
18:44:28.0906 4064 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:44:28.0937 4064 TermDD - ok
18:44:28.0953 4064 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:44:28.0968 4064 TermService - ok
18:44:29.0000 4064 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:44:29.0000 4064 Themes - ok
18:44:29.0031 4064 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:44:29.0046 4064 TlntSvr - ok
18:44:29.0062 4064 TosIde - ok
18:44:29.0078 4064 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:44:29.0093 4064 TrkWks - ok
18:44:29.0109 4064 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:44:29.0125 4064 Udfs - ok
18:44:29.0125 4064 ultra - ok
18:44:29.0187 4064 UltraMonUtility (65b91dc137297451ab29f609da510fd9) C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
18:44:29.0203 4064 UltraMonUtility - ok
18:44:29.0250 4064 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:44:29.0281 4064 Update - ok
18:44:29.0296 4064 UpdateCenterService - ok
18:44:29.0328 4064 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:44:29.0359 4064 upnphost - ok
18:44:29.0375 4064 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:44:29.0390 4064 UPS - ok
18:44:29.0421 4064 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:44:29.0437 4064 USBAAPL - ok
18:44:29.0453 4064 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:44:29.0468 4064 usbccgp - ok
18:44:29.0890 4064 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:44:29.0890 4064 usbehci - ok
18:44:29.0921 4064 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:44:29.0937 4064 usbhub - ok
18:44:29.0968 4064 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:44:29.0984 4064 usbprint - ok
18:44:30.0000 4064 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:44:30.0078 4064 usbscan - ok
18:44:30.0250 4064 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:44:30.0312 4064 USBSTOR - ok
18:44:30.0343 4064 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:44:30.0343 4064 usbuhci - ok
18:44:30.0359 4064 useraccess7 - ok
18:44:30.0390 4064 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:44:30.0406 4064 VgaSave - ok
18:44:30.0421 4064 ViaIde - ok
18:44:30.0437 4064 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:44:30.0453 4064 VolSnap - ok
18:44:30.0484 4064 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:44:30.0828 4064 VSS - ok
18:44:30.0843 4064 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:44:30.0859 4064 W32Time - ok
18:44:30.0875 4064 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:44:30.0890 4064 Wanarp - ok
18:44:31.0000 4064 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:44:31.0046 4064 Wdf01000 - ok
18:44:31.0046 4064 WDICA - ok
18:44:31.0078 4064 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:44:31.0093 4064 wdmaud - ok
18:44:31.0125 4064 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:44:31.0140 4064 WebClient - ok
18:44:31.0187 4064 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:44:31.0187 4064 winmgmt - ok
18:44:31.0281 4064 WinVNC4 (f3edc9909a02e6bca863eb702d37b505) C:\Program Files\RealVNC\VNC4\WinVNC4.exe
18:44:31.0343 4064 WinVNC4 - ok
18:44:31.0390 4064 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:44:31.0421 4064 WmdmPmSN - ok
18:44:31.0484 4064 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:44:31.0500 4064 Wmi - ok
18:44:32.0140 4064 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:44:32.0187 4064 WmiApSrv - ok
18:44:32.0328 4064 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:44:32.0390 4064 WPFFontCache_v0400 - ok
18:44:32.0468 4064 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:44:32.0484 4064 wuauserv - ok
18:44:32.0812 4064 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:44:32.0828 4064 WudfPf - ok
18:44:32.0843 4064 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:44:32.0859 4064 WudfRd - ok
18:44:32.0875 4064 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:44:32.0937 4064 WudfSvc - ok
18:44:33.0046 4064 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:44:33.0062 4064 WZCSVC - ok
18:44:33.0062 4064 x10nets - ok
18:44:33.0078 4064 XDva004 - ok
18:44:33.0109 4064 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:44:33.0156 4064 xmlprov - ok
18:44:33.0187 4064 xusb21 (09e5340bd9b2cb730bf4dc6be7721291) C:\WINDOWS\system32\DRIVERS\xusb21.sys
18:44:33.0218 4064 xusb21 - ok
18:44:33.0250 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:44:33.0484 4064 \Device\Harddisk0\DR0 - ok
18:44:33.0500 4064 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR3
18:44:33.0515 4064 \Device\Harddisk1\DR3 - ok
18:44:33.0625 4064 Boot (0x1200) (2b2053adc912a3d382bc834d164c62d7) \Device\Harddisk0\DR0\Partition0
18:44:33.0625 4064 \Device\Harddisk0\DR0\Partition0 - ok
18:44:33.0656 4064 Boot (0x1200) (9c6f35e56104d6667fa1d9215d7cb43d) \Device\Harddisk0\DR0\Partition1
18:44:33.0656 4064 \Device\Harddisk0\DR0\Partition1 - ok
18:44:33.0656 4064 Boot (0x1200) (0ef17cf7396f907177be0d4966eb4a8c) \Device\Harddisk1\DR3\Partition0
18:44:33.0656 4064 \Device\Harddisk1\DR3\Partition0 - ok
18:44:33.0656 4064 ============================================================
18:44:33.0656 4064 Scan finished
18:44:33.0656 4064 ============================================================
18:44:33.0671 1504 Detected object count: 1
18:44:33.0687 1504 Actual detected object count: 1
18:44:40.0625 1504 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:44:40.0625 1504 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
18:44:54.0718 0464 Deinitialize success
0
Réponse 19 / 22
Sellinger Messages postés 23 Date d'inscription dimanche 6 mai 2012 Statut Membre Dernière intervention 12 octobre 2012
7 mai 2012 à 23:47
J'ai également passé l'antivirus, voici le rapport:



Scan "Scan whole computer" was finished.
Infections;"2";"0";"2"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"lundi 7 mai 2012, 18:46:56"
Scan finished:;"lundi 7 mai 2012, 20:22:40 (1 hour(s) 35 minute(s) 44 second(s))"
Total object scanned:;"723513"
User who launched the scan:;"Administrateur"

Infections
File;"Infection";"Result"
G:\Recycled\Dg1.zip;"Trojan horse Generic17.BYN";"Infected"
G:\Recycled\Dg1.zip:\Acronis Disk Director Suite 10.0.2160\crack\Keygen-ZWT.exe;"Trojan horse Generic17.BYN";"Infected"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Administrateur\Cookies\4KNAH2LO.txt;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\4KNAH2LO.txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\4KNAH2LO.txt:\fastclick.net.c38980e4;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\838GR2K1.txt;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\838GR2K1.txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\838GR2K1.txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\838GR2K1.txt:\ad.yieldmanager.com.8a47878;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\838GR2K1.txt:\ad.yieldmanager.com.b68f2b7b;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\838GR2K1.txt:\ad.yieldmanager.com.e626e6be;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\838GR2K1.txt:\ad.yieldmanager.com.ff92306;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\8I34KYBV.txt;"Found Tracking cookie.Dealtime";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\8I34KYBV.txt:\dealtime.com.48a2428c;"Found Tracking cookie.Dealtime";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\JAA3F616.txt;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\JAA3F616.txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\JAA3F616.txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\MZ0GHA1K.txt;"Found Tracking cookie.Dealtime";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\MZ0GHA1K.txt:\stat.dealtime.com.f58c396a;"Found Tracking cookie.Dealtime";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\NYYV9NV3.txt;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\NYYV9NV3.txt:\adtech.de.ad6ccd26;"Found Tracking cookie.Adtech";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\YNGLYAB3.txt;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"
C:\Documents and Settings\Administrateur\Cookies\YNGLYAB3.txt:\smartadserver.com.671d732f;"Found Tracking cookie.Smartadserver";"Moved to Virus Vault"


Merci de ton retour pour finaliser l'éradication!!
0
Réponse 20 / 22
Utilisateur anonyme
8 mai 2012 à 09:28
Bonjour

1)Purge la quarantaine de ton antivirus.


2)Purge la restauration comme ceci :
http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

Cela supprime toutes traces des diverses infections ;et permettra une éventuelle restauration sans infections

@+
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses