Sujet Précédent Sujet Suivant

Infection par TR/Sirefef, trojan...

bachibouzouk -  
Smart91 Messages postés 30146 Statut Contributeur sécurité -
Bonjour,

je viens de récupérer le pc d'un ami qui souhaite se débarrasser d'un tas e virus qui trainent dessus, dont ce trojan...pourriez-vous m'aider?
Merci pour vos réponses!

A voir également:

43 réponses

Réponse 1 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
Bonjour,

* Télécharge TDSSKiller (de Kaspersky Labs) sur ton Bureau.
* Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur")
* Clique sur Start Scan pour démarrer l'analyse.
* Si TDSS.tdl2 : l'option Delete sera cochée.
* Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
* Si "Suspicious object" laisse l'option cochée sur Skip
* Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas
* Ensuite, clique sur Continue puis sur Reboot Now si nécessaire.
* Un rapport s'ouvrira au redémarrage de l'ordinateur.
* Copie/colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt

Smart
0
Réponse 2 / 43
bachibouzouk
 
Bonsoir,j'ai eu deux rapports:

20:29:30.0703 2532 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:29:30.0969 2532 ============================================================
20:29:30.0969 2532 Current date / time: 2012/08/16 20:29:30.0969
20:29:30.0969 2532 SystemInfo:
20:29:30.0969 2532
20:29:30.0969 2532 OS Version: 5.1.2600 ServicePack: 3.0
20:29:30.0969 2532 Product type: Workstation
20:29:30.0969 2532 ComputerName: MON-4F9137BDAF1
20:29:30.0969 2532 UserName: Mon Ordinateur
20:29:30.0969 2532 Windows directory: C:\WINDOWS
20:29:30.0969 2532 System windows directory: C:\WINDOWS
20:29:30.0969 2532 Processor architecture: Intel x86
20:29:30.0969 2532 Number of processors: 2
20:29:30.0969 2532 Page size: 0x1000
20:29:30.0969 2532 Boot type: Normal boot
20:29:30.0969 2532 ============================================================
20:29:33.0000 2532 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:29:33.0016 2532 ============================================================
20:29:33.0016 2532 \Device\Harddisk0\DR0:
20:29:33.0016 2532 MBR partitions:
20:29:33.0016 2532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C64FE, BlocksNum 0x6A671E1
20:29:33.0016 2532 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x742D6DF, BlocksNum 0x6B660E2
20:29:33.0016 2532 ============================================================
20:29:33.0063 2532 C: <-> \Device\Harddisk0\DR0\Partition1
20:29:33.0079 2532 D: <-> \Device\Harddisk0\DR0\Partition2
20:29:33.0141 2532 ============================================================
20:29:33.0141 2532 Initialize success
20:29:33.0141 2532 ============================================================
20:29:37.0501 3228 ============================================================
20:29:37.0501 3228 Scan started
20:29:37.0501 3228 Mode: Manual;
20:29:37.0501 3228 ============================================================
20:29:39.0454 3228 ================ Scan services =============================
20:29:39.0563 3228 3544b - ok
20:29:39.0563 3228 Abiosdsk - ok
20:29:39.0579 3228 abp480n5 - ok
20:29:39.0626 3228 [ e5e6dbfc41ea8aad005cb9a57a96b43b ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:29:39.0626 3228 ACPI - ok
20:29:39.0641 3228 [ e4abc1212b70bb03d35e60681c447210 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:29:39.0673 3228 ACPIEC - ok
20:29:39.0719 3228 [ 67a50e32687d4d5235e2df07e680bc1c ] ACS C:\WINDOWS\system32\acs.exe
20:29:39.0719 3228 ACS - ok
20:29:39.0719 3228 adpu160m - ok
20:29:39.0751 3228 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:29:39.0782 3228 aec - ok
20:29:39.0829 3228 [ 2c5c22990156a1063e19ad162191dc1d ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:29:39.0844 3228 AegisP - ok
20:29:39.0891 3228 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:29:39.0938 3228 AFD - ok
20:29:39.0954 3228 [ 39e435c90c9c4f780fa0ed05ca3c3a1b ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
20:29:39.0969 3228 AgereModemAudio - ok
20:29:40.0016 3228 [ 2e3abaacbf547abbb5e73a504a56d05a ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:29:40.0219 3228 AgereSoftModem - ok
20:29:40.0235 3228 Aha154x - ok
20:29:40.0235 3228 aic78u2 - ok
20:29:40.0251 3228 aic78xx - ok
20:29:40.0298 3228 [ 758fdc60d41716ef889d849989b4b1cd ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:29:40.0329 3228 Alerter - ok
20:29:40.0344 3228 [ 5e9a6658a2a69ae7eb195113b7a2e7a9 ] ALG C:\WINDOWS\System32\alg.exe
20:29:40.0344 3228 ALG - ok
20:29:40.0344 3228 AliIde - ok
20:29:40.0673 3228 AMService - ok
20:29:40.0688 3228 amsint - ok
20:29:40.0782 3228 [ 9015bc03f62940527ec92d45ee89e46f ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:29:40.0782 3228 AntiVirSchedulerService - ok
20:29:40.0813 3228 [ b8720a787c1223492e6f319465e996ce ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:29:40.0829 3228 AntiVirService - ok
20:29:40.0876 3228 [ f36c9f78fc902c8dce4d3b576bb0435a ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
20:29:40.0907 3228 AppMgmt - ok
20:29:40.0907 3228 asc - ok
20:29:40.0923 3228 asc3350p - ok
20:29:40.0923 3228 asc3550 - ok
20:29:40.0969 3228 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:29:40.0985 3228 AsyncMac - ok
20:29:41.0001 3228 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:29:41.0001 3228 atapi - ok
20:29:41.0016 3228 Atdisk - ok
20:29:41.0032 3228 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:29:41.0063 3228 Atmarpc - ok
20:29:41.0095 3228 [ b4005aef7873144634765b570dac466e ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:29:41.0110 3228 AudioSrv - ok
20:29:41.0141 3228 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:29:41.0188 3228 audstub - ok
20:29:41.0204 3228 [ f1d43170fdd7399ee17ea32d4f868b0c ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
20:29:41.0235 3228 avgio - ok
20:29:41.0266 3228 [ 14fe36d8f2c6a2435275338d061a0b66 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:29:41.0313 3228 avgntflt - ok
20:29:41.0345 3228 [ ad9bd66a862116e79cb45bb6be46055f ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:29:41.0376 3228 avipbb - ok
20:29:41.0423 3228 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:29:41.0438 3228 Beep - ok
20:29:41.0501 3228 [ baa0b6e647c1ad593e9bae5cc31bcffb ] BITS C:\WINDOWS\system32\qmgr.dll
20:29:41.0516 3228 BITS - ok
20:29:41.0548 3228 [ 06b54a7b1ef7cb16bfd0e208d343fa71 ] Browser C:\WINDOWS\System32\browser.dll
20:29:41.0548 3228 Browser - ok
20:29:41.0595 3228 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:29:41.0610 3228 cbidf2k - ok
20:29:41.0673 3228 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:29:41.0704 3228 CCDECODE - ok
20:29:41.0720 3228 cd20xrnt - ok
20:29:41.0751 3228 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:29:41.0782 3228 Cdaudio - ok
20:29:41.0798 3228 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:29:41.0829 3228 Cdfs - ok
20:29:41.0845 3228 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:29:41.0876 3228 Cdrom - ok
20:29:41.0891 3228 Changer - ok
20:29:41.0923 3228 [ 793ef38a5fd086c3c8e48a8a861562ed ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:29:41.0938 3228 CiSvc - ok
20:29:41.0954 3228 [ 8b30cbb0c07d49b2658fb190946b0e7e ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:29:41.0985 3228 ClipSrv - ok
20:29:42.0032 3228 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:29:42.0063 3228 CmBatt - ok
20:29:42.0063 3228 CmdIde - ok
20:29:42.0095 3228 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:29:42.0126 3228 Compbatt - ok
20:29:42.0126 3228 COMSysApp - ok
20:29:42.0141 3228 Cpqarray - ok
20:29:42.0188 3228 [ 7a6d0b71035e123fdda2156a25578ad3 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:29:42.0188 3228 CryptSvc - ok
20:29:42.0188 3228 dac2w2k - ok
20:29:42.0204 3228 dac960nt - ok
20:29:42.0266 3228 [ 0203b1aad358f206cb0a3c1f93cce17a ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:29:42.0282 3228 DcomLaunch - ok
20:29:42.0329 3228 [ 318f535dc05551d96deeb90b6d6904de ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:29:42.0329 3228 Dhcp - ok
20:29:42.0376 3228 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:29:42.0391 3228 Disk - ok
20:29:42.0407 3228 dmadmin - ok
20:29:42.0454 3228 [ f5deadd42335fb33edca74ecb2f36cba ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:29:42.0548 3228 dmboot - ok
20:29:42.0563 3228 [ 5a7c47c9b3f9fb92a66410a7509f0c71 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:29:42.0610 3228 dmio - ok
20:29:42.0626 3228 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:29:42.0641 3228 dmload - ok
20:29:42.0688 3228 [ 6797c23d6b79935482d7f0e8ca5e5b67 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:29:42.0688 3228 dmserver - ok
20:29:42.0720 3228 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:29:42.0735 3228 DMusic - ok
20:29:42.0766 3228 [ 1a1e59377fb6cacd711cc5073c4a7d79 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:29:42.0766 3228 Dnscache - ok
20:29:42.0798 3228 [ 3fcf86f03d0302443c21ce6e5bbf7a25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:29:42.0845 3228 Dot3svc - ok
20:29:42.0845 3228 dpti2o - ok
20:29:42.0876 3228 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:29:42.0907 3228 drmkaud - ok
20:29:42.0938 3228 [ 8b5fc9087d2cab110bc2ed5cc5e7b8ac ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:29:42.0985 3228 EapHost - ok
20:29:43.0048 3228 [ 27434c42a13c11f92ca45840b720d671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
20:29:43.0063 3228 ehRecvr - ok
20:29:43.0079 3228 [ 4e1f623fd2dcab00b20bd53d751f6afa ] ehSched C:\WINDOWS\eHome\ehSched.exe
20:29:43.0079 3228 ehSched - ok
20:29:43.0110 3228 [ 94f948cb12c4d35483f1e815deb16c7b ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:29:43.0110 3228 ERSvc - ok
20:29:43.0157 3228 [ c3fb1d70cb88722267949694ba51759e ] Eventlog C:\WINDOWS\system32\services.exe
20:29:43.0157 3228 Eventlog - ok
20:29:43.0235 3228 [ ec16ae9b37eacf871629227a3f3913fd ] EventSystem C:\WINDOWS\system32\es.dll
20:29:43.0251 3228 EventSystem - ok
20:29:43.0298 3228 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:29:43.0345 3228 Fastfat - ok
20:29:43.0391 3228 [ 1b8542f338cdd86929a084a455837158 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:29:43.0391 3228 FastUserSwitchingCompatibility - ok
20:29:43.0423 3228 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
20:29:43.0454 3228 Fdc - ok
20:29:43.0470 3228 [ 31f923eb2170fc172c81abda0045d18c ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:29:43.0485 3228 Fips - ok
20:29:43.0516 3228 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
20:29:43.0548 3228 Flpydisk - ok
20:29:43.0579 3228 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:29:43.0610 3228 FltMgr - ok
20:29:43.0626 3228 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:29:43.0641 3228 Fs_Rec - ok
20:29:43.0657 3228 [ a86859b77b908c18c2657f284aa29fe3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:29:43.0688 3228 Ftdisk - ok
20:29:43.0735 3228 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:29:43.0751 3228 Gpc - ok
20:29:43.0845 3228 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:29:43.0845 3228 gupdate - ok
20:29:43.0860 3228 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:29:43.0860 3228 gupdatem - ok
20:29:43.0876 3228 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:29:43.0876 3228 HDAudBus - ok
20:29:43.0938 3228 [ 1247f83b705af0e796330442f7967cf8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:29:43.0938 3228 helpsvc - ok
20:29:43.0938 3228 HidServ - ok
20:29:43.0985 3228 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:29:44.0001 3228 HidUsb - ok
20:29:44.0032 3228 [ 17b3c3d40cdba40c2e331d28be4de27f ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:29:44.0063 3228 hkmsvc - ok
20:29:44.0079 3228 hpn - ok
20:29:44.0126 3228 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:29:44.0157 3228 HTTP - ok
20:29:44.0188 3228 [ bd31cface38d1800abdb43f4260af0d5 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:29:44.0220 3228 HTTPFilter - ok
20:29:44.0220 3228 i2omgmt - ok
20:29:44.0235 3228 i2omp - ok
20:29:44.0251 3228 [ a09bdc4ed10e3b2e0ec27bb94af32516 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:29:44.0298 3228 i8042prt - ok
20:29:44.0345 3228 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:29:44.0360 3228 Imapi - ok
20:29:44.0392 3228 [ c4221678bbaa55239c23632875759961 ] ImapiService C:\WINDOWS\system32\imapi.exe
20:29:44.0407 3228 ImapiService - ok
20:29:44.0407 3228 ini910u - ok
20:29:44.0610 3228 [ 47f27af890da3e51c633fdd510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:29:44.0907 3228 IntcAzAudAddService - ok
20:29:44.0907 3228 IntelIde - ok
20:29:44.0938 3228 [ ad340800c35a42d4de1641a37feea34c ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:29:44.0938 3228 intelppm - ok
20:29:44.0954 3228 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:29:44.0985 3228 Ip6Fw - ok
20:29:45.0017 3228 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:29:45.0063 3228 IpFilterDriver - ok
20:29:45.0079 3228 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:29:45.0110 3228 IpInIp - ok
20:29:45.0157 3228 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:29:45.0173 3228 IpNat - ok
20:29:45.0188 3228 [ 56b0a5ebffbb841a629c2f0896ddbeea ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:30:00.0267 3228 Suspicious file (NoAccess): C:\WINDOWS\system32\DRIVERS\ipsec.sys. md5: 56b0a5ebffbb841a629c2f0896ddbeea
20:30:00.0267 3228 IPSec ( Virus.Win32.ZAccess.h ) - infected
20:30:00.0267 3228 IPSec - detected Virus.Win32.ZAccess.h (0)
20:30:00.0314 3228 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:30:00.0314 3228 IRENUM - ok
20:30:00.0345 3228 [ 355836975a67b6554bca60328cd6cb74 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:30:00.0377 3228 isapnp - ok
20:30:00.0455 3228 [ 112325f53ab720ca77825726d427fbdc ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
20:30:00.0470 3228 JavaQuickStarterService - ok
20:30:00.0486 3228 [ 16813155807c6881f4bfbf6657424659 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:30:00.0502 3228 Kbdclass - ok
20:30:00.0533 3228 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:30:00.0580 3228 kmixer - ok
20:30:00.0642 3228 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:30:00.0674 3228 KSecDD - ok
20:30:00.0705 3228 [ 1db8078a32e03ac8f5eb5e6dcac2aa34 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:30:00.0720 3228 lanmanserver - ok
20:30:00.0752 3228 [ ad54ead46d92f413be189aabc1c59490 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:30:00.0767 3228 lanmanworkstation - ok
20:30:00.0767 3228 lbrtfdc - ok
20:30:00.0814 3228 [ 0f357c079ac529a844ab5b18e4eef881 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:30:00.0814 3228 LmHosts - ok
20:30:00.0892 3228 [ 9919e66d8e7b0c77b07a0852e1b38834 ] lv321av C:\WINDOWS\system32\DRIVERS\lv321av.sys
20:30:01.0002 3228 lv321av - ok
20:30:01.0127 3228 [ fa974ad25cd6c1fc94380d7dc5271b0d ] lvmvdrv C:\WINDOWS\system32\drivers\lvmvdrv.sys
20:30:01.0283 3228 lvmvdrv - ok
20:30:01.0314 3228 [ b750d805a1e024e42096970ad01434cf ] LVPrcMon C:\WINDOWS\system32\drivers\LVPrcMon.sys
20:30:01.0345 3228 LVPrcMon - ok
20:30:01.0392 3228 [ d31be03b7caaee453d265b20c10744a3 ] LVPrcSrv c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
20:30:01.0392 3228 LVPrcSrv - ok
20:30:01.0439 3228 [ dcc4677c583fb9563e31b565fc28eaa2 ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
20:30:01.0455 3228 LVUSBSta - ok
20:30:01.0502 3228 [ e67a66a3781c1a483f0f8992664cbe0d ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:30:01.0533 3228 Messenger - ok
20:30:01.0564 3228 [ 184a03058c8cc399ea37dbeff6a8365a ] MHN C:\WINDOWS\System32\mhn.dll
20:30:01.0595 3228 MHN - ok
20:30:01.0611 3228 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:30:01.0627 3228 MHNDRV - ok
20:30:01.0674 3228 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:30:01.0689 3228 mnmdd - ok
20:30:01.0720 3228 [ d3a2870cd96cda7bcff3dc54f64087ad ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
20:30:01.0752 3228 mnmsrvc - ok
20:30:01.0783 3228 [ 510ade9327fe84c10254e1902697e25f ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:30:01.0799 3228 Modem - ok
20:30:01.0861 3228 [ 027c01bd7ef3349aaebc883d8a799efb ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:30:01.0908 3228 Mouclass - ok
20:30:01.0939 3228 [ 124d6846040c79b9c997f78ef4b2a4e5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:30:01.0986 3228 mouhid - ok
20:30:02.0002 3228 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:30:02.0049 3228 MountMgr - ok
20:30:02.0064 3228 mraid35x - ok
20:30:02.0127 3228 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:30:02.0267 3228 MRxDAV - ok
20:30:02.0439 3228 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:30:02.0830 3228 MRxSmb - ok
20:30:02.0861 3228 [ 8648d670ae0d95c95e7bbb5b80661796 ] MSDTC C:\WINDOWS\system32\msdtc.exe
20:30:02.0892 3228 MSDTC - ok
20:30:02.0908 3228 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:30:02.0924 3228 Msfs - ok
20:30:02.0939 3228 MSIServer - ok
20:30:02.0939 3228 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:30:02.0970 3228 MSKSSRV - ok
20:30:02.0986 3228 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:30:03.0033 3228 MSPCLOCK - ok
20:30:03.0064 3228 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:30:03.0095 3228 MSPQM - ok
20:30:03.0127 3228 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:30:03.0127 3228 mssmbios - ok
20:30:03.0158 3228 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
20:30:03.0174 3228 MSTEE - ok
20:30:03.0220 3228 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:30:03.0252 3228 Mup - ok
20:30:03.0283 3228 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:30:03.0299 3228 NABTSFEC - ok
20:30:03.0361 3228 [ 69e4fbbabaeee1bff422e091da3171da ] napagent C:\WINDOWS\System32\qagentrt.dll
20:30:03.0439 3228 napagent - ok
20:30:03.0486 3228 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:30:03.0517 3228 NDIS - ok
20:30:03.0549 3228 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:30:03.0564 3228 NdisIP - ok
20:30:03.0596 3228 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:30:03.0627 3228 NdisTapi - ok
20:30:03.0642 3228 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:30:03.0674 3228 Ndisuio - ok
20:30:03.0721 3228 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:30:03.0752 3228 NdisWan - ok
20:30:03.0783 3228 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:30:03.0814 3228 NDProxy - ok
20:30:03.0939 3228 [ 40d7d0a208ee863bca8d89e299216f15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:30:03.0971 3228 Nero BackItUp Scheduler 3 - ok
20:30:03.0986 3228 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:30:04.0017 3228 NetBIOS - ok
20:30:04.0049 3228 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:30:04.0080 3228 NetBT - ok
20:30:04.0111 3228 [ 5c9b1d83755b36237b70f95df3d46a52 ] NetDDE C:\WINDOWS\system32\netdde.exe
20:30:04.0158 3228 NetDDE - ok
20:30:04.0158 3228 [ 5c9b1d83755b36237b70f95df3d46a52 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:30:04.0158 3228 NetDDEdsdm - ok
20:30:04.0205 3228 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] Netlogon C:\WINDOWS\system32\lsass.exe
20:30:04.0205 3228 Netlogon - ok
20:30:04.0236 3228 [ be0cb143fa427d93440ded18db8c918b ] Netman C:\WINDOWS\System32\netman.dll
20:30:04.0267 3228 Netman - ok
20:30:04.0314 3228 [ 6f5f546a92c7b6ae45db1d6910781eb0 ] Nla C:\WINDOWS\System32\mswsock.dll
20:30:04.0346 3228 Nla - ok
20:30:04.0361 3228 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:30:04.0392 3228 Npfs - ok
20:30:04.0424 3228 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:30:04.0486 3228 Ntfs - ok
20:30:04.0502 3228 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] NtLmSsp C:\WINDOWS\system32\lsass.exe
20:30:04.0517 3228 NtLmSsp - ok
20:30:04.0549 3228 [ 037d92b3a7853a183fcab77fb1d13d6c ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:30:04.0627 3228 NtmsSvc - ok
20:30:04.0642 3228 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
20:30:04.0674 3228 Null - ok
20:30:04.0846 3228 [ f23c42377c118c7e6256f030be388fcb ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:30:05.0189 3228 nv - ok
20:30:05.0205 3228 [ 4e96fb9503537e444d1e8a237b50997d ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
20:30:05.0205 3228 NVSvc - ok
20:30:05.0236 3228 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:30:05.0283 3228 NwlnkFlt - ok
20:30:05.0283 3228 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:30:05.0299 3228 NwlnkFwd - ok
20:30:05.0346 3228 [ 8fd0bdbea875d06ccf6c945ca9abaf75 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
20:30:05.0392 3228 Parport - ok
20:30:05.0439 3228 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:30:05.0533 3228 PartMgr - ok
20:30:05.0564 3228 [ 9575c5630db8fb804649a6959737154c ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:30:05.0596 3228 ParVdm - ok
20:30:05.0627 3228 [ 043410877bda580c528f45165f7125bc ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:30:05.0658 3228 PCI - ok
20:30:05.0658 3228 PCIDump - ok
20:30:05.0689 3228 [ f4bfde7209c14a07aaa61e4d6ae69eac ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
20:30:05.0721 3228 PCIIde - ok
20:30:05.0736 3228 [ f0406cbc60bdb0394a0e17ffb04cdd3d ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:30:05.0767 3228 Pcmcia - ok
20:30:05.0767 3228 PDCOMP - ok
20:30:05.0783 3228 PDFRAME - ok
20:30:05.0783 3228 PDRELI - ok
20:30:05.0799 3228 PDRFRAME - ok
20:30:05.0799 3228 perc2 - ok
20:30:05.0814 3228 perc2hib - ok
20:30:05.0861 3228 [ 875e4e0661f3a5994df9e5e3a0a4f96b ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
20:30:05.0861 3228 PLFlash DeviceIoControl Service - ok
20:30:05.0877 3228 [ c3fb1d70cb88722267949694ba51759e ] PlugPlay C:\WINDOWS\system32\services.exe
20:30:05.0892 3228 PlugPlay - ok
20:30:05.0908 3228 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] PolicyAgent C:\WINDOWS\system32\lsass.exe
20:30:05.0908 3228 PolicyAgent - ok
20:30:05.0955 3228 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:30:05.0971 3228 PptpMiniport - ok
20:30:05.0986 3228 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:30:05.0986 3228 ProtectedStorage - ok
20:30:05.0986 3228 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:30:06.0033 3228 PSched - ok
20:30:06.0049 3228 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:30:06.0064 3228 Ptilink - ok
20:30:06.0111 3228 [ 40f2031bd9148d3194353ea7dec97a07 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:30:06.0127 3228 PxHelp20 - ok
20:30:06.0127 3228 ql1080 - ok
20:30:06.0143 3228 Ql10wnt - ok
20:30:06.0143 3228 ql12160 - ok
20:30:06.0143 3228 ql1240 - ok
20:30:06.0158 3228 ql1280 - ok
20:30:06.0205 3228 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:30:06.0221 3228 RasAcd - ok
20:30:06.0252 3228 [ 78da9ccdac683ef5aa87d1c919f6d221 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:30:06.0283 3228 RasAuto - ok
20:30:06.0299 3228 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:30:06.0330 3228 Rasl2tp - ok
20:30:06.0377 3228 [ 0a48df90b4784f9b90a2671af992c914 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:30:06.0393 3228 RasMan - ok
20:30:06.0393 3228 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:30:06.0424 3228 RasPppoe - ok
20:30:06.0439 3228 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:30:06.0471 3228 Raspti - ok
20:30:06.0486 3228 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:30:06.0533 3228 Rdbss - ok
20:30:06.0533 3228 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:30:06.0564 3228 RDPCDD - ok
20:30:06.0596 3228 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:30:06.0643 3228 rdpdr - ok
20:30:06.0705 3228 [ 5b3055daa788bd688594d2f5981f2a83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:30:06.0736 3228 RDPWD - ok
20:30:06.0768 3228 [ 9f63d9c5b238ed1c375d417eff3d5be7 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:30:06.0799 3228 RDSessMgr - ok
20:30:06.0846 3228 [ d8eb2a7904db6c916eb5361878ddcbae ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:30:06.0877 3228 redbook - ok
20:30:06.0924 3228 [ 7da370c31673c99497bd07068ee6e354 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:30:06.0939 3228 RemoteAccess - ok
20:30:06.0986 3228 [ e598d81197e2e0ec42a0c55772bb00e8 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
20:30:06.0986 3228 RemoteRegistry - ok
20:30:07.0002 3228 [ 499c59a2584f6d4ea41e944da571d993 ] RpcLocator C:\WINDOWS\system32\locator.exe
20:30:07.0033 3228 RpcLocator - ok
20:30:07.0064 3228 [ 0203b1aad358f206cb0a3c1f93cce17a ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:30:07.0064 3228 RpcSs - ok
20:30:07.0096 3228 [ 414964844f4793acb868d057e8ed997e ] RSVP C:\WINDOWS\system32\rsvp.exe
20:30:07.0143 3228 RSVP - ok
20:30:07.0174 3228 [ d6e1b1bd04fad422af17fc4b810cb9af ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:30:07.0205 3228 RTL8023xp - ok
20:30:07.0221 3228 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] SamSs C:\WINDOWS\system32\lsass.exe
20:30:07.0221 3228 SamSs - ok
20:30:07.0236 3228 [ 67949cc8a865296c1333c96a4e1a2d66 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:30:07.0252 3228 SCardSvr - ok
20:30:07.0299 3228 [ 55f5c5c1be1a78e285033e432ba01597 ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:30:07.0314 3228 Schedule - ok
20:30:07.0361 3228 [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:30:07.0393 3228 sdbus - ok
20:30:07.0424 3228 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:30:07.0455 3228 Secdrv - ok
20:30:07.0486 3228 [ 5ac311c0af2af5ec221670bb8dc479d3 ] seclogon C:\WINDOWS\System32\seclogon.dll
20:30:07.0486 3228 seclogon - ok
20:30:07.0533 3228 [ 3531366f38f453d08fe72e7b32dfe786 ] SENS C:\WINDOWS\system32\sens.dll
20:30:07.0533 3228 SENS - ok
20:30:07.0549 3228 [ 93d313c31f7ad9ea2b75f26075413c7c ] Serial C:\WINDOWS\system32\drivers\Serial.sys
20:30:07.0580 3228 Serial - ok
20:30:07.0611 3228 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:30:07.0627 3228 Sfloppy - ok
20:30:07.0674 3228 [ f4ce708a7d17a625de6c0fd746d50e88 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:30:07.0705 3228 SharedAccess - ok
20:30:07.0721 3228 [ 1b8542f338cdd86929a084a455837158 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:30:07.0721 3228 ShellHWDetection - ok
20:30:07.0721 3228 Simbad - ok
20:30:07.0752 3228 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:30:07.0768 3228 SLIP - ok
20:30:07.0783 3228 Sparrow - ok
20:30:07.0799 3228 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:30:07.0830 3228 splitter - ok
20:30:07.0861 3228 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:30:07.0861 3228 Spooler - ok
20:30:07.0893 3228 [ 39626e6dc1fb39434ec40c42722b660a ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:30:07.0924 3228 sr - ok
20:30:07.0955 3228 [ 6ed29124a1c83bd0cf6b26bd01ca6f6f ] srservice C:\WINDOWS\system32\srsvc.dll
20:30:07.0955 3228 srservice - ok
20:30:08.0018 3228 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:30:08.0080 3228 Srv - ok
20:30:08.0111 3228 [ ea9e0db8684cef2fd3badd671df5a112 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:30:08.0127 3228 SSDPSRV - ok
20:30:08.0158 3228 [ 3ad0362cf68de3ac500e981700242cca ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:30:08.0189 3228 ssmdrv - ok
20:30:08.0236 3228 [ d76b0e8a4ecad1adcc75fd14a7acc54c ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:30:08.0268 3228 stisvc - ok
20:30:08.0283 3228 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:30:08.0314 3228 streamip - ok
20:30:08.0346 3228 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:30:08.0377 3228 swenum - ok
20:30:08.0393 3228 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:30:08.0424 3228 swmidi - ok
20:30:08.0439 3228 SwPrv - ok
20:30:08.0455 3228 symc810 - ok
20:30:08.0455 3228 symc8xx - ok
20:30:08.0471 3228 sym_hi - ok
20:30:08.0471 3228 sym_u3 - ok
20:30:08.0518 3228 [ f7a4250bb3e3afcd4af100e551509352 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:30:08.0564 3228 SynTP - ok
20:30:08.0596 3228 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:30:08.0627 3228 sysaudio - ok
20:30:08.0658 3228 [ 0899061318a6b1d9596aabfc77f45e44 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:30:08.0705 3228 SysmonLog - ok
20:30:08.0736 3228 [ 8e5231171ad6595ff002e848cc54fcd7 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:30:08.0768 3228 TapiSrv - ok
20:30:08.0814 3228 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:30:08.0893 3228 Tcpip - ok
20:30:08.0924 3228 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:30:08.0940 3228 TDPIPE - ok
20:30:08.0971 3228 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:30:09.0002 3228 TDTCP - ok
20:30:09.0018 3228 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:30:09.0065 3228 TermDD - ok
20:30:09.0096 3228 [ 710bc85a8c22626ee094439e3ea0d38c ] TermService C:\WINDOWS\System32\termsrv.dll
20:30:09.0127 3228 TermService - ok
20:30:09.0143 3228 [ 1b8542f338cdd86929a084a455837158 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:30:09.0158 3228 Themes - ok
20:30:09.0190 3228 [ f779ba4cd37963ab4600c9871b7752a3 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
20:30:09.0221 3228 tifm21 - ok
20:30:09.0268 3228 [ d859a9d2f026ce5804485068ffd6eaf2 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
20:30:09.0283 3228 TlntSvr - ok
20:30:09.0299 3228 TosIde - ok
20:30:09.0330 3228 [ e1a84a5067627407a53c2c4f8d8a1d2e ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:30:09.0346 3228 TrkWks - ok
20:30:09.0361 3228 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:30:09.0393 3228 Udfs - ok
20:30:09.0408 3228 ultra - ok
20:30:09.0440 3228 [ 1977313e362c8732c1af4d1bcb9c06b7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
20:30:09.0486 3228 UMWdf - ok
20:30:09.0533 3228 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:30:09.0596 3228 Update - ok
20:30:09.0643 3228 [ bd8166a495b02308f364b36249475f22 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:30:09.0705 3228 upnphost - ok
20:30:09.0721 3228 [ 1edc93d7bd731b5ca6248ae245099b60 ] UPS C:\WINDOWS\System32\ups.exe
20:30:09.0752 3228 UPS - ok
20:30:09.0799 3228 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:30:09.0846 3228 usbccgp - ok
20:30:09.0877 3228 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:30:09.0893 3228 usbehci - ok
20:30:09.0924 3228 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:30:09.0971 3228 usbhub - ok
20:30:10.0002 3228 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:30:10.0033 3228 usbscan - ok
20:30:10.0065 3228 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:30:10.0096 3228 USBSTOR - ok
20:30:10.0111 3228 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:30:10.0143 3228 usbuhci - ok
20:30:10.0174 3228 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
20:30:10.0205 3228 usbvideo - ok
20:30:10.0236 3228 [ 11028c6a84a967070cb1286550f2058f ] useraccess C:\WINDOWS\system32\RAPIProtocol.dll
20:30:10.0377 3228 Suspicious file (NoAccess): C:\WINDOWS\system32\RAPIProtocol.dll. md5: 11028c6a84a967070cb1286550f2058f
20:30:10.0377 3228 useraccess ( Backdoor.Multi.ZAccess.gen ) - infected
20:30:10.0377 3228 useraccess - detected Backdoor.Multi.ZAccess.gen (0)
20:30:10.0424 3228 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:30:10.0440 3228 VgaSave - ok
20:30:10.0440 3228 ViaIde - ok
20:30:10.0471 3228 [ 46de1126684369bace4849e4fc8c43ca ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:30:10.0502 3228 VolSnap - ok
20:30:10.0549 3228 [ 5a4da252b2c0550ab83d129c02cf6c19 ] VSS C:\WINDOWS\System32\vssvc.exe
20:30:10.0643 3228 VSS - ok
20:30:10.0658 3228 [ c1f726ee0b043b074a68992bc4aef8fd ] W32Time C:\WINDOWS\system32\w32time.dll
20:30:10.0705 3228 W32Time - ok
20:30:10.0783 3228 [ 73395a19fc86461a151d3c330604e8b3 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:30:11.0096 3228 w39n51 - ok
20:30:11.0111 3228 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:30:11.0143 3228 Wanarp - ok
20:30:11.0190 3228 [ 60d2787958b46595d62237ed15b91e94 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:30:11.0252 3228 Wdf01000 - ok
20:30:11.0252 3228 WDICA - ok
20:30:11.0299 3228 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:30:11.0315 3228 wdmaud - ok
20:30:11.0346 3228 [ 714670e64fbe6d28d99871ed9a52a334 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:30:11.0346 3228 WebClient - ok
20:30:11.0424 3228 [ 5e9deae9980ff34bcd6dde2e9e2bf911 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:30:11.0440 3228 winmgmt - ok
20:30:11.0455 3228 wltrysvc - ok
20:30:11.0486 3228 [ b751ce6043b33a2efeabb2d6ba83ec67 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
20:30:11.0533 3228 WmdmPmSN - ok
20:30:11.0580 3228 [ 31c1fd0bbdc5b81c21edba4331edae55 ] Wmi C:\WINDOWS\System32\advapi32.dll
20:30:11.0611 3228 Wmi - ok
20:30:11.0627 3228 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:30:11.0643 3228 WmiAcpi - ok
20:30:11.0674 3228 [ 4e8e8a58f56b25d0795f484e5eb7f898 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:30:11.0690 3228 WmiApSrv - ok
20:30:11.0705 3228 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:30:11.0737 3228 WSTCODEC - ok
20:30:11.0783 3228 [ 75d6c5c3d2c93b1f9931e5dfb693ae2a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:30:11.0799 3228 wuauserv - ok
20:30:11.0862 3228 [ c336e54ee0c291a02f004667db1e66cb ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:30:11.0877 3228 WZCSVC - ok
20:30:11.0908 3228 [ f92a87fdda0c11c8604fbc2b864fa726 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:30:11.0955 3228 xmlprov - ok
20:30:11.0971 3228 ================ Scan global ===============================
20:30:12.0018 3228 (61013ab2e38550619637aa6cc02383d4) C:\WINDOWS\system32\basesrv.dll
20:30:12.0065 3228 (8fb644d08037bb9cf532f697ccc0a8e6) C:\WINDOWS\system32\winsrv.dll
20:30:12.0096 3228 (8fb644d08037bb9cf532f697ccc0a8e6) C:\WINDOWS\system32\winsrv.dll
20:30:12.0127 3228 (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
20:30:12.0127 3228 [Global] - ok
20:30:12.0127 3228 ================ Scan MBR ==================================
20:30:12.0143 3228 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
20:30:12.0408 3228 \Device\Harddisk0\DR0 - ok
20:30:12.0408 3228 ================ Scan VBR ==================================
20:30:12.0424 3228 Boot (0x1200) (a72810530368e37ed26d85680a091418) \Device\Harddisk0\DR0\Partition1
20:30:12.0424 3228 \Device\Harddisk0\DR0\Partition1 - ok
20:30:12.0440 3228 Boot (0x1200) (5098659f1d8511964c83dc7541406ccd) \Device\Harddisk0\DR0\Partition2
20:30:12.0455 3228 \Device\Harddisk0\DR0\Partition2 - ok
20:30:12.0455 3228 ============================================================
20:30:12.0455 3228 Scan finished
20:30:12.0455 3228 ============================================================
20:30:12.0471 3132 Detected object count: 2
20:30:12.0471 3132 Actual detected object count: 2
20:31:25.0037 3132 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
20:31:27.0084 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\@ - copied to quarantine
20:31:27.0177 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\bckfg.tmp - copied to quarantine
20:31:27.0224 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\cfg.ini - copied to quarantine
20:31:27.0365 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\Desktop.ini - copied to quarantine
20:31:27.0412 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\keywords - copied to quarantine
20:31:27.0490 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\kwrd.dll - copied to quarantine
20:31:27.0631 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\L\nadlztna - copied to quarantine
20:31:27.0646 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\oemid - copied to quarantine
20:31:27.0709 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\00000001.@ - copied to quarantine
20:31:27.0849 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\00000002.@ - copied to quarantine
20:31:27.0943 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\00000004.@ - copied to quarantine
20:31:28.0006 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\80000000.@ - copied to quarantine
20:31:28.0068 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\80000004.@ - copied to quarantine
20:31:28.0146 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\80000032.@ - copied to quarantine
20:31:28.0177 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\version - copied to quarantine
20:31:32.0334 3132 Backup copy not found, trying to cure infected file..
20:31:32.0334 3132 C:\WINDOWS\system32\DRIVERS\ipsec.sys - Cure failed (FFFFFFFF)
20:31:32.0334 3132 C:\WINDOWS\system32\DRIVERS\ipsec.sys - processing error
20:31:32.0474 3132 C:\WINDOWS\$NtUninstallKB63241$\2218116107 - will be deleted on reboot
20:31:32.0474 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\@ - will be deleted on reboot
20:31:32.0474 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\bckfg.tmp - will be deleted on reboot
20:31:32.0474 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\cfg.ini - will be deleted on reboot
20:31:32.0474 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\Desktop.ini - will be deleted on reboot
20:31:32.0474 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\keywords - will be deleted on reboot
20:31:32.0646 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\kwrd.dll - will be deleted on reboot
20:31:32.0646 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\oemid - will be deleted on reboot
20:31:32.0678 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\00000001.@ - will be deleted on reboot
20:31:32.0678 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\00000002.@ - will be deleted on reboot
20:31:32.0678 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\00000004.@ - will be deleted on reboot
20:31:32.0678 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\80000000.@ - will be deleted on reboot
20:31:32.0678 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\80000004.@ - will be deleted on reboot
20:31:32.0678 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\U\80000032.@ - will be deleted on reboot
20:31:32.0678 3132 C:\WINDOWS\$NtUninstallKB63241$\3328258408\version - will be deleted on reboot
20:31:32.0693 3132 IPSec ( Virus.Win32.ZAccess.h ) - User select action: Cure
20:31:32.0771 3132 C:\WINDOWS\system32\RAPIProtocol.dll - copied to quarantine
20:31:32.0865 3132 HKLM\SYSTEM\ControlSet002\services\useraccess - will be deleted on reboot
20:31:32.0881 3132 HKLM\SYSTEM\ControlSet003\services\useraccess - will be deleted on reboot
20:31:32.0881 3132 C:\WINDOWS\system32\RAPIProtocol.dll - will be deleted on reboot
20:31:32.0881 3132 useraccess ( Backdoor.Multi.ZAccess.gen ) - User select action: Delete
20:31:40.0819 0852 Deinitialize success

ET

20:36:28.0031 1504 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:36:28.0859 1504 ============================================================
20:36:28.0859 1504 Current date / time: 2012/08/16 20:36:28.0859
20:36:28.0859 1504 SystemInfo:
20:36:28.0859 1504
20:36:28.0859 1504 OS Version: 5.1.2600 ServicePack: 3.0
20:36:28.0859 1504 Product type: Workstation
20:36:28.0859 1504 ComputerName: MON-4F9137BDAF1
20:36:28.0859 1504 UserName: Mon Ordinateur
20:36:28.0859 1504 Windows directory: C:\WINDOWS
20:36:28.0859 1504 System windows directory: C:\WINDOWS
20:36:28.0859 1504 Processor architecture: Intel x86
20:36:28.0859 1504 Number of processors: 2
20:36:28.0859 1504 Page size: 0x1000
20:36:28.0859 1504 Boot type: Normal boot
20:36:28.0859 1504 ============================================================
20:36:33.0890 1504 BG loaded
20:36:34.0765 1504 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:36:34.0781 1504 ============================================================
20:36:34.0781 1504 \Device\Harddisk0\DR0:
20:36:34.0796 1504 MBR partitions:
20:36:34.0796 1504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C64FE, BlocksNum 0x6A671E1
20:36:34.0796 1504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x742D6DF, BlocksNum 0x6B660E2
20:36:34.0796 1504 ============================================================
20:36:34.0968 1504 C: <-> \Device\Harddisk0\DR0\Partition1
20:36:35.0046 1504 D: <-> \Device\Harddisk0\DR0\Partition2
20:36:35.0250 1504 ============================================================
20:36:35.0250 1504 Initialize success
20:36:35.0250 1504 ============================================================
20:38:54.0000 0404 Deinitialize success
0
Réponse 3 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
Le rapport n'est pas complet.
Peu importe tu vas faire ceci:

Va sur ce site https://www.virustotal.com/gui/
- Clique sur "Choose File"
- Dans nom du fichier colle ce fichier : C:\WINDOWS\system32\DRIVERS\ipsec.sys
- Clique sur "Ouvrir" puis sur "Scan It"
- Le Fichier est mis en file d'attente.
- Clique sur Reanalyse si c'est proposé
- Attends la fin du scan ey poste le lien vers le rapport
Le lien se trouve en haut dans la barre d'adresse du navigateur Internet

Ensuite tu fais ceci:

Télécharge sur le bureau RogueKiller (par tigzy)
* Quitte tous les programmes en cours
* Lance RogueKiller.exe.
* Attendre la fin du Prescan ...
* Clique sur Scan.
* A la fin du scan Clique sur Rapport. Copie et colle le rapport dans ta réponse

* Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois. Si cela ne passe toujours pas , (cela peut arriver), renommer RogueKiller.exe en Winlogon.exe

Smart
0
Réponse 4 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Bonjour!

j'ai cru que je n'y arriverais pas pour virustotal, mais l'antivirus bloquait le chemin d'accès en fait!
Bref,voilà le lien: https://www.virustotal.com/file/dfdb6046f297523aeda0c8b558c360fa8c3e0e6676812ff57040158a0d89b02b/analysis/1345193667/

Je vous poste aussi de suite le rapport roguekiller!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Et voilà le rapport:

RogueKiller V7.6.6 [10/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Mon Ordinateur [Droits d'admin]
Mode: Recherche -- Date: 17/08/2012 11:01:15

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : iv39od7ft9 (C:\Documents and Settings\Mon Ordinateur\iv39od7ft9.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-823518204-1960408961-725345543-1003[...]\Run : iv39od7ft9 (C:\Documents and Settings\Mon Ordinateur\iv39od7ft9.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xF7BEC0EE)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xF7BEC0E4)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xF7BEC0F3)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xF7BEC0FD)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xF7BEC102)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xF7BEC0D0)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xF7BEC0D5)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xF7BEC10C)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xF7BEC107)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xF7BEC0F8)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xF7BEC0DF)

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200UE-22KVT0 +++++
--- User ---
[MBR] 1051df38c4b81af0af1c3dce2a6287fb
[BSP] 218810c0c2ad48f408c958d7e20d267a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5004 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10249470 | Size: 54478 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 121820895 | Size: 54988 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
0
Réponse 6 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
Relance RogueKiller refais un scan et clique sur le bouton suppression puis rapport et poste le rapport.

Ensuite tu vas faire ceci:

- Télécharge SEAF (de C_XX) sur ton Bureau.
http://general-changelog-team.fr/fr/downloads/viewdownload/14-outils-de-c-xx/6-seaf
- Lance SEAF
- Dans les options, règle "Calculer le checksum" sur "MD5" puis coche "Informations supplémentaires" et "Chercher également dans le Registre"
- Copie colle la ligne ci dessous dans le champs de recherche, clique sur "Lancer la recherche" et patiente.

ipsec.sys

Poste dans ta prochaine réponse le rapport qui apparait à la fin de la recherche.

Smart
0
Réponse 7 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Voici le rapport de roguekiller:

RogueKiller V7.6.6 [10/08/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: Mon Ordinateur [Droits d'admin]
Mode: Suppression -- Date: 17/08/2012 11:46:12

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 2 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : iv39od7ft9 (C:\Documents and Settings\Mon Ordinateur\iv39od7ft9.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [CHARGE] ¤¤¤
SSDT[41] : NtCreateKey @ 0x806240F0 -> HOOKED (Unknown @ 0xF7BEC0EE)
SSDT[53] : NtCreateThread @ 0x805D1018 -> HOOKED (Unknown @ 0xF7BEC0E4)
SSDT[63] : NtDeleteKey @ 0x8062458C -> HOOKED (Unknown @ 0xF7BEC0F3)
SSDT[65] : NtDeleteValueKey @ 0x8062475C -> HOOKED (Unknown @ 0xF7BEC0FD)
SSDT[98] : NtLoadKey @ 0x80626314 -> HOOKED (Unknown @ 0xF7BEC102)
SSDT[122] : NtOpenProcess @ 0x805CB440 -> HOOKED (Unknown @ 0xF7BEC0D0)
SSDT[128] : NtOpenThread @ 0x805CB6CC -> HOOKED (Unknown @ 0xF7BEC0D5)
SSDT[193] : NtReplaceKey @ 0x806261C4 -> HOOKED (Unknown @ 0xF7BEC10C)
SSDT[204] : NtRestoreKey @ 0x80625AD0 -> HOOKED (Unknown @ 0xF7BEC107)
SSDT[247] : NtSetValueKey @ 0x80622662 -> HOOKED (Unknown @ 0xF7BEC0F8)
SSDT[257] : NtTerminateProcess @ 0x805D29E2 -> HOOKED (Unknown @ 0xF7BEC0DF)

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤

¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: WDC WD1200UE-22KVT0 +++++
--- User ---
[MBR] 1051df38c4b81af0af1c3dce2a6287fb
[BSP] 218810c0c2ad48f408c958d7e20d267a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 5004 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10249470 | Size: 54478 Mo
2 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 121820895 | Size: 54988 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
0
Réponse 8 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Et le rapport Seaf:

1. ========================= SEAF 1.0.1.0 - C_XX
2.
3. Commencé à: 11:47:38 le 17/08/2012
4.
5. Valeur(s) recherchée(s):
6. ipsec.sys
7.
8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès
9.
10. (!) --- Calcul du Hash "MD5"
11. (!) --- Informations supplémentaires
12. (!) --- Recherche registre
13.
14. ====== Fichier(s) ======
15.
16.
17. "C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys" [ COMPRESSED | 75 Ko ]
18. TC: 20/10/2009,14:27:08 | TM: 24/03/2006,14:00:00 | DA: 20/10/2009,14:27:08
19.
20. Hash MD5: 64537AA5C003A6AFEEE1DF819062D0D1
21.
22. CompanyName: Microsoft Corporation
23. ProductName: Microsoft® Windows® Operating System
24. InternalName: ipsec.sys
25. OriginalFileName: ipsec.sys
26. LegalCopyright: © Microsoft Corporation. All rights reserved.
27. ProductVersion: 5.1.2600.2180
28. FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
29.
30. =========================
31.
32.
33. "C:\WINDOWS\ServicePackFiles\i386\ipsec.sys" [ NORMAL | 75 Ko ]
34. TC: 13/04/2008,21:19:42 | TM: 13/04/2008,21:19:42 | DA: 16/08/2012,20:31:30
35.
36. Hash MD5: 23C74D75E36E7158768DD63D92789A91
37.
38. CompanyName: Microsoft Corporation
39. ProductName: Microsoft® Windows® Operating System
40. InternalName: ipsec.sys
41. OriginalFileName: ipsec.sys
42. LegalCopyright: © Microsoft Corporation. All rights reserved.
43. ProductVersion: 5.1.2600.5512
44. FileVersion: 5.1.2600.5512 (xpsp.080413-0852)
45.
46. =========================
47.
48.
49. "C:\WINDOWS\system32\dllcache\ipsec.sys" [ COMPRESSED|ARCHIVE | 75 Ko ]
50. TC: 13/04/2008,21:19:42 | TM: 13/04/2008,21:19:42 | DA: 16/08/2012,20:31:31
51.
52. Hash MD5: 23C74D75E36E7158768DD63D92789A91
53.
54. CompanyName: Microsoft Corporation
55. ProductName: Microsoft® Windows® Operating System
56. InternalName: ipsec.sys
57. OriginalFileName: ipsec.sys
58. LegalCopyright: © Microsoft Corporation. All rights reserved.
59. ProductVersion: 5.1.2600.5512
60. FileVersion: 5.1.2600.5512 (xpsp.080413-0852)
61.
62. =========================
63.
64.
65. "C:\WINDOWS\system32\drivers\ipsec.sys" [ ARCHIVE | 75 Ko ]
66. TC: 13/04/2008,21:19:42 | TM: 13/04/2008,21:19:42 | DA: 17/08/2012,11:46:00
67.
68. Hash MD5: 56B0A5EBFFBB841A629C2F0896DDBEEA
69.
70.
71. =========================
72.
73.
74.
75. ====== Entrée(s) du registre ======
76.
77.
78. [HKLM\System\ControlSet001\Services\IPSec]
79. "ImagePath"="system32\DRIVERS\ipsec.sys" (REG_EXPAND_SZ)
80.
81. [HKLM\System\ControlSet002\Services\IPSec]
82. "ImagePath"="system32\DRIVERS\ipsec.sys" (REG_EXPAND_SZ)
83.
84. [HKLM\System\ControlSet003\Services\IPSec]
85. "ImagePath"="system32\DRIVERS\ipsec.sys" (REG_EXPAND_SZ)
86.
87. [HKLM\System\CurrentControlSet\Services\IPSec]
88. "ImagePath"="system32\DRIVERS\ipsec.sys" (REG_EXPAND_SZ)
89.
90. [HKU\S-1-5-21-823518204-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
91. "g"="C:\WINDOWS\system32\drivers\ipsec.sys" (REG_SZ)
92.
93. [HKU\S-1-5-21-823518204-1960408961-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
94. "a"="C:\WINDOWS\system32\drivers\ipsec.sys" (REG_SZ)
95.
96. =========================
97.
98. Fin à: 11:50:52 le 17/08/2012
99. 178057 Éléments analysés
100.
101. =========================
102. E.O.F
0
Réponse 9 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
On va essayer de remplacer le fichier ipsec.sys infecté par un fichier sain.

Télécharge sur ton bureau ce petit programme ips.bat en faisant un clic droit sur ce lien puis enregistrer la cible
https://dl.dropbox.com/u/50907851/ips.bat

Double clic sur ce fichier qui est sur ton bureau pour le lancer.

Si tu as un message d'erreur, essaie de refaire la manip en mode sans échec:
Démarrer en Mode Sans Echec

Si c'est OK

Relance TDDSKiller
* Clique sur Start Scan pour démarrer l'analyse.
* Si TDSS.tdl2 : l'option Delete sera cochée.
* Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée.
* Si "Suspicious object" laisse l'option cochée sur Skip
* Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas
* Ensuite, clique sur Continue puis sur Reboot Now si nécessaire.
* Un rapport s'ouvrira au redémarrage de l'ordinateur.
* Copie/colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt

Smart
0
Réponse 10 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
J'ai marqué, après le scan, virus.win32.Zaccess.h. Et il est juste mis en quarantaine, pas de rapport ni de redémarrage....
0
Réponse 11 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Edit: j'ai trouvé le rapport sous C:\(...):

12:45:36.0546 2288 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
12:45:37.0046 2288 ============================================================
12:45:37.0046 2288 Current date / time: 2012/08/17 12:45:37.0046
12:45:37.0046 2288 SystemInfo:
12:45:37.0046 2288
12:45:37.0046 2288 OS Version: 5.1.2600 ServicePack: 3.0
12:45:37.0046 2288 Product type: Workstation
12:45:37.0046 2288 ComputerName: MON-4F9137BDAF1
12:45:37.0046 2288 UserName: Mon Ordinateur
12:45:37.0046 2288 Windows directory: C:\WINDOWS
12:45:37.0046 2288 System windows directory: C:\WINDOWS
12:45:37.0046 2288 Processor architecture: Intel x86
12:45:37.0046 2288 Number of processors: 2
12:45:37.0046 2288 Page size: 0x1000
12:45:37.0046 2288 Boot type: Normal boot
12:45:37.0046 2288 ============================================================
12:45:39.0359 2288 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:45:39.0359 2288 ============================================================
12:45:39.0359 2288 \Device\Harddisk0\DR0:
12:45:39.0359 2288 MBR partitions:
12:45:39.0359 2288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C64FE, BlocksNum 0x6A671E1
12:45:39.0359 2288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x742D6DF, BlocksNum 0x6B660E2
12:45:39.0359 2288 ============================================================
12:45:39.0421 2288 C: <-> \Device\Harddisk0\DR0\Partition1
12:45:39.0437 2288 D: <-> \Device\Harddisk0\DR0\Partition2
12:45:39.0437 2288 ============================================================
12:45:39.0437 2288 Initialize success
12:45:39.0437 2288 ============================================================
12:45:59.0687 3780 ============================================================
12:45:59.0687 3780 Scan started
12:45:59.0687 3780 Mode: Manual;
12:45:59.0687 3780 ============================================================
12:46:01.0125 3780 ================ Scan services =============================
12:46:01.0218 3780 3544b - ok
12:46:01.0218 3780 Abiosdsk - ok
12:46:01.0234 3780 abp480n5 - ok
12:46:01.0265 3780 [ e5e6dbfc41ea8aad005cb9a57a96b43b ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:46:01.0281 3780 ACPI - ok
12:46:01.0296 3780 [ e4abc1212b70bb03d35e60681c447210 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:46:01.0296 3780 ACPIEC - ok
12:46:01.0343 3780 [ 67a50e32687d4d5235e2df07e680bc1c ] ACS C:\WINDOWS\system32\acs.exe
12:46:01.0343 3780 ACS - ok
12:46:01.0359 3780 adpu160m - ok
12:46:01.0375 3780 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:46:01.0390 3780 aec - ok
12:46:01.0421 3780 [ 2c5c22990156a1063e19ad162191dc1d ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:46:01.0421 3780 AegisP - ok
12:46:01.0468 3780 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:46:01.0468 3780 AFD - ok
12:46:01.0500 3780 [ 39e435c90c9c4f780fa0ed05ca3c3a1b ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
12:46:01.0500 3780 AgereModemAudio - ok
12:46:01.0562 3780 [ 2e3abaacbf547abbb5e73a504a56d05a ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:46:01.0578 3780 AgereSoftModem - ok
12:46:01.0578 3780 Aha154x - ok
12:46:01.0593 3780 aic78u2 - ok
12:46:01.0593 3780 aic78xx - ok
12:46:01.0718 3780 [ 758fdc60d41716ef889d849989b4b1cd ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:46:01.0734 3780 Alerter - ok
12:46:01.0750 3780 [ 5e9a6658a2a69ae7eb195113b7a2e7a9 ] ALG C:\WINDOWS\System32\alg.exe
12:46:01.0750 3780 ALG - ok
12:46:01.0750 3780 AliIde - ok
12:46:02.0078 3780 AMService - ok
12:46:02.0078 3780 amsint - ok
12:46:02.0171 3780 [ 9015bc03f62940527ec92d45ee89e46f ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:46:02.0171 3780 AntiVirSchedulerService - ok
12:46:02.0218 3780 [ b8720a787c1223492e6f319465e996ce ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:46:02.0218 3780 AntiVirService - ok
12:46:02.0265 3780 [ f36c9f78fc902c8dce4d3b576bb0435a ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:46:02.0265 3780 AppMgmt - ok
12:46:02.0281 3780 asc - ok
12:46:02.0281 3780 asc3350p - ok
12:46:02.0296 3780 asc3550 - ok
12:46:02.0343 3780 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:46:02.0343 3780 AsyncMac - ok
12:46:02.0359 3780 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:46:02.0359 3780 atapi - ok
12:46:02.0375 3780 Atdisk - ok
12:46:02.0390 3780 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:46:02.0390 3780 Atmarpc - ok
12:46:02.0421 3780 [ b4005aef7873144634765b570dac466e ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:46:02.0421 3780 AudioSrv - ok
12:46:02.0468 3780 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:46:02.0468 3780 audstub - ok
12:46:02.0484 3780 [ f1d43170fdd7399ee17ea32d4f868b0c ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
12:46:02.0484 3780 avgio - ok
12:46:02.0500 3780 [ 14fe36d8f2c6a2435275338d061a0b66 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:46:02.0500 3780 avgntflt - ok
12:46:02.0531 3780 [ ad9bd66a862116e79cb45bb6be46055f ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:46:02.0531 3780 avipbb - ok
12:46:02.0578 3780 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:46:02.0578 3780 Beep - ok
12:46:02.0625 3780 [ baa0b6e647c1ad593e9bae5cc31bcffb ] BITS C:\WINDOWS\system32\qmgr.dll
12:46:02.0656 3780 BITS - ok
12:46:02.0687 3780 [ 06b54a7b1ef7cb16bfd0e208d343fa71 ] Browser C:\WINDOWS\System32\browser.dll
12:46:02.0687 3780 Browser - ok
12:46:02.0718 3780 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:46:02.0718 3780 cbidf2k - ok
12:46:02.0781 3780 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:46:02.0781 3780 CCDECODE - ok
12:46:02.0796 3780 cd20xrnt - ok
12:46:02.0812 3780 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:46:02.0812 3780 Cdaudio - ok
12:46:02.0828 3780 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:46:02.0828 3780 Cdfs - ok
12:46:02.0843 3780 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:46:02.0843 3780 Cdrom - ok
12:46:02.0859 3780 Changer - ok
12:46:02.0890 3780 [ 793ef38a5fd086c3c8e48a8a861562ed ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:46:02.0906 3780 CiSvc - ok
12:46:02.0921 3780 [ 8b30cbb0c07d49b2658fb190946b0e7e ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:46:02.0921 3780 ClipSrv - ok
12:46:02.0953 3780 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:46:02.0953 3780 CmBatt - ok
12:46:02.0968 3780 CmdIde - ok
12:46:02.0968 3780 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:46:02.0968 3780 Compbatt - ok
12:46:02.0984 3780 COMSysApp - ok
12:46:03.0000 3780 Cpqarray - ok
12:46:03.0031 3780 [ 7a6d0b71035e123fdda2156a25578ad3 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:46:03.0031 3780 CryptSvc - ok
12:46:03.0031 3780 dac2w2k - ok
12:46:03.0046 3780 dac960nt - ok
12:46:03.0093 3780 [ 0203b1aad358f206cb0a3c1f93cce17a ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:46:03.0109 3780 DcomLaunch - ok
12:46:03.0156 3780 [ 318f535dc05551d96deeb90b6d6904de ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:46:03.0156 3780 Dhcp - ok
12:46:03.0187 3780 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:46:03.0187 3780 Disk - ok
12:46:03.0203 3780 dmadmin - ok
12:46:03.0250 3780 [ f5deadd42335fb33edca74ecb2f36cba ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:46:03.0250 3780 dmboot - ok
12:46:03.0281 3780 [ 5a7c47c9b3f9fb92a66410a7509f0c71 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:46:03.0281 3780 dmio - ok
12:46:03.0296 3780 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:46:03.0296 3780 dmload - ok
12:46:03.0343 3780 [ 6797c23d6b79935482d7f0e8ca5e5b67 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:46:03.0343 3780 dmserver - ok
12:46:03.0375 3780 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:46:03.0375 3780 DMusic - ok
12:46:03.0406 3780 [ 1a1e59377fb6cacd711cc5073c4a7d79 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:46:03.0421 3780 Dnscache - ok
12:46:03.0453 3780 [ 3fcf86f03d0302443c21ce6e5bbf7a25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:46:03.0453 3780 Dot3svc - ok
12:46:03.0453 3780 dpti2o - ok
12:46:03.0484 3780 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:46:03.0484 3780 drmkaud - ok
12:46:03.0515 3780 [ 8b5fc9087d2cab110bc2ed5cc5e7b8ac ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:46:03.0515 3780 EapHost - ok
12:46:03.0593 3780 [ 27434c42a13c11f92ca45840b720d671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:46:03.0593 3780 ehRecvr - ok
12:46:03.0609 3780 [ 4e1f623fd2dcab00b20bd53d751f6afa ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:46:03.0609 3780 ehSched - ok
12:46:03.0656 3780 [ 94f948cb12c4d35483f1e815deb16c7b ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:46:03.0656 3780 ERSvc - ok
12:46:03.0687 3780 [ c3fb1d70cb88722267949694ba51759e ] Eventlog C:\WINDOWS\system32\services.exe
12:46:03.0703 3780 Eventlog - ok
12:46:03.0734 3780 [ ec16ae9b37eacf871629227a3f3913fd ] EventSystem C:\WINDOWS\system32\es.dll
12:46:03.0765 3780 EventSystem - ok
12:46:03.0812 3780 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:46:03.0812 3780 Fastfat - ok
12:46:03.0859 3780 [ 1b8542f338cdd86929a084a455837158 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:46:03.0859 3780 FastUserSwitchingCompatibility - ok
12:46:03.0890 3780 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:46:03.0890 3780 Fdc - ok
12:46:03.0906 3780 [ 31f923eb2170fc172c81abda0045d18c ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:46:03.0906 3780 Fips - ok
12:46:03.0921 3780 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:46:03.0921 3780 Flpydisk - ok
12:46:03.0968 3780 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:46:03.0968 3780 FltMgr - ok
12:46:03.0968 3780 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:46:03.0968 3780 Fs_Rec - ok
12:46:03.0984 3780 [ a86859b77b908c18c2657f284aa29fe3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:46:03.0984 3780 Ftdisk - ok
12:46:04.0031 3780 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:46:04.0031 3780 Gpc - ok
12:46:04.0125 3780 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:46:04.0125 3780 gupdate - ok
12:46:04.0125 3780 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:46:04.0125 3780 gupdatem - ok
12:46:04.0156 3780 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:46:04.0156 3780 HDAudBus - ok
12:46:04.0218 3780 [ 1247f83b705af0e796330442f7967cf8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:46:04.0218 3780 helpsvc - ok
12:46:04.0218 3780 HidServ - ok
12:46:04.0250 3780 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:46:04.0250 3780 HidUsb - ok
12:46:04.0281 3780 [ 17b3c3d40cdba40c2e331d28be4de27f ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:46:04.0281 3780 hkmsvc - ok
12:46:04.0296 3780 hpn - ok
12:46:04.0328 3780 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:46:04.0343 3780 HTTP - ok
12:46:04.0375 3780 [ bd31cface38d1800abdb43f4260af0d5 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:46:04.0375 3780 HTTPFilter - ok
12:46:04.0390 3780 i2omgmt - ok
12:46:04.0390 3780 i2omp - ok
12:46:04.0421 3780 [ a09bdc4ed10e3b2e0ec27bb94af32516 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:46:04.0421 3780 i8042prt - ok
12:46:04.0468 3780 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:46:04.0468 3780 Imapi - ok
12:46:04.0500 3780 [ c4221678bbaa55239c23632875759961 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:46:04.0500 3780 ImapiService - ok
12:46:04.0515 3780 ini910u - ok
12:46:04.0734 3780 [ 47f27af890da3e51c633fdd510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:46:04.0781 3780 IntcAzAudAddService - ok
12:46:04.0781 3780 IntelIde - ok
12:46:04.0890 3780 [ ad340800c35a42d4de1641a37feea34c ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:46:04.0906 3780 intelppm - ok
12:46:04.0921 3780 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:46:04.0921 3780 Ip6Fw - ok
12:46:04.0953 3780 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:46:04.0953 3780 IpFilterDriver - ok
12:46:04.0968 3780 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:46:04.0968 3780 IpInIp - ok
12:46:04.0984 3780 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:46:04.0984 3780 IpNat - ok
12:46:05.0015 3780 [ 56b0a5ebffbb841a629c2f0896ddbeea ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:46:05.0015 3780 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 56b0a5ebffbb841a629c2f0896ddbeea, Fake md5: 23c74d75e36e7158768dd63d92789a91
12:46:05.0015 3780 IPSec ( Virus.Win32.ZAccess.h ) - infected
12:46:05.0015 3780 IPSec - detected Virus.Win32.ZAccess.h (0)
12:46:05.0046 3780 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:46:05.0046 3780 IRENUM - ok
12:46:05.0078 3780 [ 355836975a67b6554bca60328cd6cb74 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:46:05.0078 3780 isapnp - ok
12:46:05.0171 3780 [ 112325f53ab720ca77825726d427fbdc ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:46:05.0171 3780 JavaQuickStarterService - ok
12:46:05.0187 3780 [ 16813155807c6881f4bfbf6657424659 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:46:05.0187 3780 Kbdclass - ok
12:46:05.0218 3780 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:46:05.0218 3780 kmixer - ok
12:46:05.0234 3780 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:46:05.0234 3780 KSecDD - ok
12:46:05.0265 3780 [ 1db8078a32e03ac8f5eb5e6dcac2aa34 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:46:05.0265 3780 lanmanserver - ok
12:46:05.0281 3780 [ ad54ead46d92f413be189aabc1c59490 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:46:05.0296 3780 lanmanworkstation - ok
12:46:05.0296 3780 lbrtfdc - ok
12:46:05.0359 3780 [ 0f357c079ac529a844ab5b18e4eef881 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:46:05.0359 3780 LmHosts - ok
12:46:05.0437 3780 [ 9919e66d8e7b0c77b07a0852e1b38834 ] lv321av C:\WINDOWS\system32\DRIVERS\lv321av.sys
12:46:05.0453 3780 lv321av - ok
12:46:05.0578 3780 [ fa974ad25cd6c1fc94380d7dc5271b0d ] lvmvdrv C:\WINDOWS\system32\drivers\lvmvdrv.sys
12:46:05.0609 3780 lvmvdrv - ok
12:46:05.0640 3780 [ b750d805a1e024e42096970ad01434cf ] LVPrcMon C:\WINDOWS\system32\drivers\LVPrcMon.sys
12:46:05.0640 3780 LVPrcMon - ok
12:46:05.0687 3780 [ d31be03b7caaee453d265b20c10744a3 ] LVPrcSrv c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
12:46:05.0687 3780 LVPrcSrv - ok
12:46:05.0718 3780 [ dcc4677c583fb9563e31b565fc28eaa2 ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
12:46:05.0718 3780 LVUSBSta - ok
12:46:05.0765 3780 [ e67a66a3781c1a483f0f8992664cbe0d ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:46:05.0765 3780 Messenger - ok
12:46:05.0796 3780 [ 184a03058c8cc399ea37dbeff6a8365a ] MHN C:\WINDOWS\System32\mhn.dll
12:46:05.0796 3780 MHN - ok
12:46:05.0812 3780 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:46:05.0812 3780 MHNDRV - ok
12:46:05.0843 3780 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:46:05.0843 3780 mnmdd - ok
12:46:05.0875 3780 [ d3a2870cd96cda7bcff3dc54f64087ad ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:46:05.0875 3780 mnmsrvc - ok
12:46:05.0906 3780 [ 510ade9327fe84c10254e1902697e25f ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:46:05.0921 3780 Modem - ok
12:46:05.0953 3780 [ 027c01bd7ef3349aaebc883d8a799efb ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:46:05.0953 3780 Mouclass - ok
12:46:05.0984 3780 [ 124d6846040c79b9c997f78ef4b2a4e5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:46:05.0984 3780 mouhid - ok
12:46:06.0015 3780 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:46:06.0015 3780 MountMgr - ok
12:46:06.0015 3780 mraid35x - ok
12:46:06.0031 3780 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:46:06.0046 3780 MRxDAV - ok
12:46:06.0093 3780 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:46:06.0093 3780 MRxSmb - ok
12:46:06.0125 3780 [ 8648d670ae0d95c95e7bbb5b80661796 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:46:06.0140 3780 MSDTC - ok
12:46:06.0140 3780 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:46:06.0140 3780 Msfs - ok
12:46:06.0140 3780 MSIServer - ok
12:46:06.0156 3780 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:46:06.0156 3780 MSKSSRV - ok
12:46:06.0187 3780 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:46:06.0187 3780 MSPCLOCK - ok
12:46:06.0218 3780 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:46:06.0218 3780 MSPQM - ok
12:46:06.0250 3780 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:46:06.0250 3780 mssmbios - ok
12:46:06.0265 3780 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:46:06.0265 3780 MSTEE - ok
12:46:06.0312 3780 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:46:06.0312 3780 Mup - ok
12:46:06.0328 3780 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:46:06.0328 3780 NABTSFEC - ok
12:46:06.0375 3780 [ 69e4fbbabaeee1bff422e091da3171da ] napagent C:\WINDOWS\System32\qagentrt.dll
12:46:06.0390 3780 napagent - ok
12:46:06.0437 3780 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:46:06.0437 3780 NDIS - ok
12:46:06.0468 3780 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:46:06.0468 3780 NdisIP - ok
12:46:06.0500 3780 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:46:06.0500 3780 NdisTapi - ok
12:46:06.0515 3780 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:46:06.0515 3780 Ndisuio - ok
12:46:06.0562 3780 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:46:06.0562 3780 NdisWan - ok
12:46:06.0593 3780 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:46:06.0593 3780 NDProxy - ok
12:46:06.0718 3780 [ 40d7d0a208ee863bca8d89e299216f15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
12:46:06.0750 3780 Nero BackItUp Scheduler 3 - ok
12:46:06.0765 3780 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:46:06.0765 3780 NetBIOS - ok
12:46:06.0796 3780 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:46:06.0796 3780 NetBT - ok
12:46:06.0828 3780 [ 5c9b1d83755b36237b70f95df3d46a52 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:46:06.0843 3780 NetDDE - ok
12:46:06.0843 3780 [ 5c9b1d83755b36237b70f95df3d46a52 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:46:06.0843 3780 NetDDEdsdm - ok
12:46:06.0875 3780 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] Netlogon C:\WINDOWS\system32\lsass.exe
12:46:06.0890 3780 Netlogon - ok
12:46:06.0921 3780 [ be0cb143fa427d93440ded18db8c918b ] Netman C:\WINDOWS\System32\netman.dll
12:46:06.0953 3780 Netman - ok
12:46:07.0000 3780 [ 6f5f546a92c7b6ae45db1d6910781eb0 ] Nla C:\WINDOWS\System32\mswsock.dll
12:46:07.0015 3780 Nla - ok
12:46:07.0046 3780 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:46:07.0046 3780 Npfs - ok
12:46:07.0078 3780 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:46:07.0093 3780 Ntfs - ok
12:46:07.0109 3780 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:46:07.0109 3780 NtLmSsp - ok
12:46:07.0140 3780 [ 037d92b3a7853a183fcab77fb1d13d6c ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:46:07.0171 3780 NtmsSvc - ok
12:46:07.0187 3780 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
12:46:07.0187 3780 Null - ok
12:46:07.0359 3780 [ f23c42377c118c7e6256f030be388fcb ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:46:07.0406 3780 nv - ok
12:46:07.0437 3780 [ 4e96fb9503537e444d1e8a237b50997d ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
12:46:07.0437 3780 NVSvc - ok
12:46:07.0468 3780 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:46:07.0468 3780 NwlnkFlt - ok
12:46:07.0484 3780 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:46:07.0484 3780 NwlnkFwd - ok
12:46:07.0531 3780 [ 8fd0bdbea875d06ccf6c945ca9abaf75 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
12:46:07.0531 3780 Parport - ok
12:46:07.0546 3780 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:46:07.0546 3780 PartMgr - ok
12:46:07.0562 3780 [ 9575c5630db8fb804649a6959737154c ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:46:07.0562 3780 ParVdm - ok
12:46:07.0578 3780 [ 043410877bda580c528f45165f7125bc ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:46:07.0578 3780 PCI - ok
12:46:07.0578 3780 PCIDump - ok
12:46:07.0593 3780 [ f4bfde7209c14a07aaa61e4d6ae69eac ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:46:07.0593 3780 PCIIde - ok
12:46:07.0625 3780 [ f0406cbc60bdb0394a0e17ffb04cdd3d ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:46:07.0625 3780 Pcmcia - ok
12:46:07.0625 3780 PDCOMP - ok
12:46:07.0640 3780 PDFRAME - ok
12:46:07.0640 3780 PDRELI - ok
12:46:07.0656 3780 PDRFRAME - ok
12:46:07.0656 3780 perc2 - ok
12:46:07.0671 3780 perc2hib - ok
12:46:07.0718 3780 [ 875e4e0661f3a5994df9e5e3a0a4f96b ] PLFlash DeviceIoControl Service C:\WINDOWS\system32\IoctlSvc.exe
12:46:07.0718 3780 PLFlash DeviceIoControl Service - ok
12:46:07.0734 3780 [ c3fb1d70cb88722267949694ba51759e ] PlugPlay C:\WINDOWS\system32\services.exe
12:46:07.0734 3780 PlugPlay - ok
12:46:07.0765 3780 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:46:07.0765 3780 PolicyAgent - ok
12:46:07.0796 3780 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:46:07.0796 3780 PptpMiniport - ok
12:46:07.0812 3780 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:46:07.0812 3780 ProtectedStorage - ok
12:46:07.0812 3780 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:46:07.0812 3780 PSched - ok
12:46:07.0843 3780 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:46:07.0859 3780 Ptilink - ok
12:46:07.0890 3780 [ 40f2031bd9148d3194353ea7dec97a07 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:46:07.0890 3780 PxHelp20 - ok
12:46:07.0890 3780 ql1080 - ok
12:46:07.0906 3780 Ql10wnt - ok
12:46:07.0906 3780 ql12160 - ok
12:46:07.0921 3780 ql1240 - ok
12:46:07.0921 3780 ql1280 - ok
12:46:07.0968 3780 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:46:07.0968 3780 RasAcd - ok
12:46:08.0062 3780 [ 78da9ccdac683ef5aa87d1c919f6d221 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:46:08.0062 3780 RasAuto - ok
12:46:08.0078 3780 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:46:08.0078 3780 Rasl2tp - ok
12:46:08.0125 3780 [ 0a48df90b4784f9b90a2671af992c914 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:46:08.0140 3780 RasMan - ok
12:46:08.0140 3780 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:46:08.0140 3780 RasPppoe - ok
12:46:08.0171 3780 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:46:08.0171 3780 Raspti - ok
12:46:08.0187 3780 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:46:08.0187 3780 Rdbss - ok
12:46:08.0187 3780 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:46:08.0187 3780 RDPCDD - ok
12:46:08.0218 3780 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:46:08.0218 3780 rdpdr - ok
12:46:08.0281 3780 [ 5b3055daa788bd688594d2f5981f2a83 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:46:08.0281 3780 RDPWD - ok
12:46:08.0312 3780 [ 9f63d9c5b238ed1c375d417eff3d5be7 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:46:08.0312 3780 RDSessMgr - ok
12:46:08.0359 3780 [ d8eb2a7904db6c916eb5361878ddcbae ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:46:08.0359 3780 redbook - ok
12:46:08.0390 3780 [ 7da370c31673c99497bd07068ee6e354 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:46:08.0406 3780 RemoteAccess - ok
12:46:08.0437 3780 [ e598d81197e2e0ec42a0c55772bb00e8 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:46:08.0437 3780 RemoteRegistry - ok
12:46:08.0453 3780 [ 499c59a2584f6d4ea41e944da571d993 ] RpcLocator C:\WINDOWS\system32\locator.exe
12:46:08.0453 3780 RpcLocator - ok
12:46:08.0484 3780 [ 0203b1aad358f206cb0a3c1f93cce17a ] RpcSs C:\WINDOWS\system32\rpcss.dll
12:46:08.0484 3780 RpcSs - ok
12:46:08.0546 3780 [ 414964844f4793acb868d057e8ed997e ] RSVP C:\WINDOWS\system32\rsvp.exe
12:46:08.0546 3780 RSVP - ok
12:46:08.0593 3780 [ d6e1b1bd04fad422af17fc4b810cb9af ] RTL8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:46:08.0593 3780 RTL8023xp - ok
12:46:08.0609 3780 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] SamSs C:\WINDOWS\system32\lsass.exe
12:46:08.0609 3780 SamSs - ok
12:46:08.0625 3780 [ 67949cc8a865296c1333c96a4e1a2d66 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:46:08.0625 3780 SCardSvr - ok
12:46:08.0671 3780 [ 55f5c5c1be1a78e285033e432ba01597 ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:46:08.0703 3780 Schedule - ok
12:46:08.0734 3780 [ 8d04819a3ce51b9eb47e5689b44d43c4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:46:08.0734 3780 sdbus - ok
12:46:08.0765 3780 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:46:08.0765 3780 Secdrv - ok
12:46:08.0796 3780 [ 5ac311c0af2af5ec221670bb8dc479d3 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:46:08.0796 3780 seclogon - ok
12:46:08.0828 3780 [ 3531366f38f453d08fe72e7b32dfe786 ] SENS C:\WINDOWS\system32\sens.dll
12:46:08.0828 3780 SENS - ok
12:46:08.0859 3780 [ 93d313c31f7ad9ea2b75f26075413c7c ] Serial C:\WINDOWS\system32\drivers\Serial.sys
12:46:08.0859 3780 Serial - ok
12:46:08.0890 3780 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:46:08.0890 3780 Sfloppy - ok
12:46:08.0937 3780 [ f4ce708a7d17a625de6c0fd746d50e88 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:46:08.0968 3780 SharedAccess - ok
12:46:08.0984 3780 [ 1b8542f338cdd86929a084a455837158 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:46:08.0984 3780 ShellHWDetection - ok
12:46:08.0984 3780 Simbad - ok
12:46:09.0015 3780 [ 866d538ebe33709a5c9f5c62b73b7d14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:46:09.0015 3780 SLIP - ok
12:46:09.0031 3780 Sparrow - ok
12:46:09.0062 3780 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
12:46:09.0062 3780 splitter - ok
12:46:09.0093 3780 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
12:46:09.0093 3780 Spooler - ok
12:46:09.0125 3780 [ 39626e6dc1fb39434ec40c42722b660a ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
12:46:09.0125 3780 sr - ok
12:46:09.0156 3780 [ 6ed29124a1c83bd0cf6b26bd01ca6f6f ] srservice C:\WINDOWS\system32\srsvc.dll
12:46:09.0171 3780 srservice - ok
12:46:09.0218 3780 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
12:46:09.0234 3780 Srv - ok
12:46:09.0265 3780 [ ea9e0db8684cef2fd3badd671df5a112 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
12:46:09.0265 3780 SSDPSRV - ok
12:46:09.0281 3780 [ 3ad0362cf68de3ac500e981700242cca ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
12:46:09.0281 3780 ssmdrv - ok
12:46:09.0343 3780 [ d76b0e8a4ecad1adcc75fd14a7acc54c ] stisvc C:\WINDOWS\system32\wiaservc.dll
12:46:09.0359 3780 stisvc - ok
12:46:09.0375 3780 [ 77813007ba6265c4b6098187e6ed79d2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:46:09.0375 3780 streamip - ok
12:46:09.0421 3780 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
12:46:09.0421 3780 swenum - ok
12:46:09.0437 3780 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
12:46:09.0437 3780 swmidi - ok
12:46:09.0453 3780 SwPrv - ok
12:46:09.0453 3780 symc810 - ok
12:46:09.0468 3780 symc8xx - ok
12:46:09.0468 3780 sym_hi - ok
12:46:09.0484 3780 sym_u3 - ok
12:46:09.0531 3780 [ f7a4250bb3e3afcd4af100e551509352 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
12:46:09.0531 3780 SynTP - ok
12:46:09.0546 3780 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
12:46:09.0546 3780 sysaudio - ok
12:46:09.0593 3780 [ 0899061318a6b1d9596aabfc77f45e44 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
12:46:09.0593 3780 SysmonLog - ok
12:46:09.0625 3780 [ 8e5231171ad6595ff002e848cc54fcd7 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
12:46:09.0656 3780 TapiSrv - ok
12:46:09.0703 3780 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:46:09.0703 3780 Tcpip - ok
12:46:09.0734 3780 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
12:46:09.0734 3780 TDPIPE - ok
12:46:09.0765 3780 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
12:46:09.0781 3780 TDTCP - ok
12:46:09.0796 3780 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
12:46:09.0796 3780 TermDD - ok
12:46:09.0843 3780 [ 710bc85a8c22626ee094439e3ea0d38c ] TermService C:\WINDOWS\System32\termsrv.dll
12:46:09.0859 3780 TermService - ok
12:46:09.0890 3780 [ 1b8542f338cdd86929a084a455837158 ] Themes C:\WINDOWS\System32\shsvcs.dll
12:46:09.0890 3780 Themes - ok
12:46:09.0921 3780 [ f779ba4cd37963ab4600c9871b7752a3 ] tifm21 C:\WINDOWS\system32\drivers\tifm21.sys
12:46:09.0937 3780 tifm21 - ok
12:46:09.0968 3780 [ d859a9d2f026ce5804485068ffd6eaf2 ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
12:46:09.0968 3780 TlntSvr - ok
12:46:09.0984 3780 TosIde - ok
12:46:10.0015 3780 [ e1a84a5067627407a53c2c4f8d8a1d2e ] TrkWks C:\WINDOWS\system32\trkwks.dll
12:46:10.0015 3780 TrkWks - ok
12:46:10.0046 3780 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
12:46:10.0046 3780 Udfs - ok
12:46:10.0046 3780 ultra - ok
12:46:10.0093 3780 [ 1977313e362c8732c1af4d1bcb9c06b7 ] UMWdf C:\WINDOWS\system32\wdfmgr.exe
12:46:10.0093 3780 UMWdf - ok
12:46:10.0140 3780 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
12:46:10.0140 3780 Update - ok
12:46:10.0187 3780 [ bd8166a495b02308f364b36249475f22 ] upnphost C:\WINDOWS\System32\upnphost.dll
12:46:10.0203 3780 upnphost - ok
12:46:10.0218 3780 [ 1edc93d7bd731b5ca6248ae245099b60 ] UPS C:\WINDOWS\System32\ups.exe
12:46:10.0218 3780 UPS - ok
12:46:10.0265 3780 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:46:10.0265 3780 usbccgp - ok
12:46:10.0281 3780 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:46:10.0281 3780 usbehci - ok
12:46:10.0312 3780 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:46:10.0328 3780 usbhub - ok
12:46:10.0359 3780 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:46:10.0359 3780 usbscan - ok
12:46:10.0390 3780 [ a32426d9b14a089eaa1d922e0c5801a9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:46:10.0390 3780 USBSTOR - ok
12:46:10.0390 3780 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:46:10.0406 3780 usbuhci - ok
12:46:10.0421 3780 [ 63bbfca7f390f4c49ed4b96bfb1633e0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
12:46:10.0421 3780 usbvideo - ok
12:46:10.0453 3780 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
12:46:10.0453 3780 VgaSave - ok
12:46:10.0453 3780 ViaIde - ok
12:46:10.0484 3780 [ 46de1126684369bace4849e4fc8c43ca ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
12:46:10.0484 3780 VolSnap - ok
12:46:10.0703 3780 [ 5a4da252b2c0550ab83d129c02cf6c19 ] VSS C:\WINDOWS\System32\vssvc.exe
12:46:10.0843 3780 VSS - ok
12:46:10.0890 3780 [ c1f726ee0b043b074a68992bc4aef8fd ] W32Time C:\WINDOWS\system32\w32time.dll
12:46:10.0937 3780 W32Time - ok
12:46:11.0359 3780 [ 73395a19fc86461a151d3c330604e8b3 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
12:46:11.0390 3780 w39n51 - ok
12:46:11.0406 3780 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:46:11.0406 3780 Wanarp - ok
12:46:11.0562 3780 [ 60d2787958b46595d62237ed15b91e94 ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:46:11.0578 3780 Wdf01000 - ok
12:46:11.0578 3780 WDICA - ok
12:46:11.0640 3780 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
12:46:11.0640 3780 wdmaud - ok
12:46:11.0703 3780 [ 714670e64fbe6d28d99871ed9a52a334 ] WebClient C:\WINDOWS\System32\webclnt.dll
12:46:11.0718 3780 WebClient - ok
12:46:11.0906 3780 [ 5e9deae9980ff34bcd6dde2e9e2bf911 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
12:46:11.0921 3780 winmgmt - ok
12:46:11.0937 3780 wltrysvc - ok
12:46:12.0031 3780 [ b751ce6043b33a2efeabb2d6ba83ec67 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
12:46:12.0046 3780 WmdmPmSN - ok
12:46:12.0234 3780 [ 31c1fd0bbdc5b81c21edba4331edae55 ] Wmi C:\WINDOWS\System32\advapi32.dll
12:46:12.0484 3780 Wmi - ok
12:46:12.0500 3780 [ c42584fd66ce9e17403aebca199f7bdb ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:46:12.0500 3780 WmiAcpi - ok
12:46:12.0546 3780 [ 4e8e8a58f56b25d0795f484e5eb7f898 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:46:12.0562 3780 WmiApSrv - ok
12:46:12.0593 3780 [ c98b39829c2bbd34e454150633c62c78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:46:12.0593 3780 WSTCODEC - ok
12:46:12.0640 3780 [ 75d6c5c3d2c93b1f9931e5dfb693ae2a ] wuauserv C:\WINDOWS\system32\wuauserv.dll
12:46:12.0640 3780 wuauserv - ok
12:46:12.0703 3780 [ c336e54ee0c291a02f004667db1e66cb ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
12:46:12.0718 3780 WZCSVC - ok
12:46:12.0750 3780 [ f92a87fdda0c11c8604fbc2b864fa726 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
12:46:12.0765 3780 xmlprov - ok
12:46:12.0781 3780 ================ Scan global ===============================
12:46:12.0796 3780 (61013ab2e38550619637aa6cc02383d4) C:\WINDOWS\system32\basesrv.dll
12:46:12.0843 3780 (8fb644d08037bb9cf532f697ccc0a8e6) C:\WINDOWS\system32\winsrv.dll
12:46:12.0890 3780 (8fb644d08037bb9cf532f697ccc0a8e6) C:\WINDOWS\system32\winsrv.dll
12:46:12.0906 3780 (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
12:46:12.0921 3780 [Global] - ok
12:46:12.0921 3780 ================ Scan MBR ==================================
12:46:12.0937 3780 MBR (0x1B8) (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
12:46:13.0171 3780 \Device\Harddisk0\DR0 - ok
12:46:13.0171 3780 ================ Scan VBR ==================================
12:46:13.0187 3780 Boot (0x1200) (a72810530368e37ed26d85680a091418) \Device\Harddisk0\DR0\Partition1
12:46:13.0187 3780 \Device\Harddisk0\DR0\Partition1 - ok
12:46:13.0218 3780 Boot (0x1200) (9561ff3bac8a88f78ae8dde2c21c19ec) \Device\Harddisk0\DR0\Partition2
12:46:13.0218 3780 \Device\Harddisk0\DR0\Partition2 - ok
12:46:13.0218 3780 ============================================================
12:46:13.0218 3780 Scan finished
12:46:13.0218 3780 ============================================================
12:46:13.0234 1444 Detected object count: 1
12:46:13.0234 1444 Actual detected object count: 1
12:47:15.0671 1444 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
12:47:17.0296 1444 Backup copy not found, trying to cure infected file..
12:47:17.0296 1444 C:\WINDOWS\system32\DRIVERS\ipsec.sys - Cure failed (FFFFFFFF)
12:47:17.0296 1444 C:\WINDOWS\system32\DRIVERS\ipsec.sys - processing error
12:47:17.0343 1444 IPSec ( Virus.Win32.ZAccess.h ) - User select action: Cure
12:47:27.0343 1976 ============================================================
12:47:27.0343 1976 Scan started
12:47:27.0343 1976 Mode: Manual;
12:47:27.0343 1976 ============================================================
12:47:28.0328 1976 ================ Scan services =============================
12:47:28.0437 1976 3544b - ok
12:47:28.0453 1976 Abiosdsk - ok
12:47:28.0453 1976 abp480n5 - ok
12:47:28.0515 1976 [ e5e6dbfc41ea8aad005cb9a57a96b43b ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:47:28.0515 1976 ACPI - ok
12:47:28.0531 1976 [ e4abc1212b70bb03d35e60681c447210 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:47:28.0531 1976 ACPIEC - ok
12:47:28.0562 1976 [ 67a50e32687d4d5235e2df07e680bc1c ] ACS C:\WINDOWS\system32\acs.exe
12:47:28.0562 1976 ACS - ok
12:47:28.0578 1976 adpu160m - ok
12:47:28.0593 1976 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:47:28.0593 1976 aec - ok
12:47:28.0609 1976 [ 2c5c22990156a1063e19ad162191dc1d ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
12:47:28.0609 1976 AegisP - ok
12:47:28.0640 1976 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:47:28.0640 1976 AFD - ok
12:47:28.0671 1976 [ 39e435c90c9c4f780fa0ed05ca3c3a1b ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
12:47:28.0671 1976 AgereModemAudio - ok
12:47:28.0734 1976 [ 2e3abaacbf547abbb5e73a504a56d05a ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:47:28.0750 1976 AgereSoftModem - ok
12:47:28.0750 1976 Aha154x - ok
12:47:28.0765 1976 aic78u2 - ok
12:47:28.0765 1976 aic78xx - ok
12:47:28.0796 1976 [ 758fdc60d41716ef889d849989b4b1cd ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:47:28.0796 1976 Alerter - ok
12:47:28.0812 1976 [ 5e9a6658a2a69ae7eb195113b7a2e7a9 ] ALG C:\WINDOWS\System32\alg.exe
12:47:28.0812 1976 ALG - ok
12:47:28.0828 1976 AliIde - ok
12:47:29.0140 1976 AMService - ok
12:47:29.0156 1976 amsint - ok
12:47:29.0234 1976 [ 9015bc03f62940527ec92d45ee89e46f ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:47:29.0250 1976 AntiVirSchedulerService - ok
12:47:29.0281 1976 [ b8720a787c1223492e6f319465e996ce ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:47:29.0281 1976 AntiVirService - ok
12:47:29.0328 1976 [ f36c9f78fc902c8dce4d3b576bb0435a ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:47:29.0328 1976 AppMgmt - ok
12:47:29.0343 1976 asc - ok
12:47:29.0343 1976 asc3350p - ok
12:47:29.0359 1976 asc3550 - ok
12:47:29.0390 1976 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:47:29.0390 1976 AsyncMac - ok
12:47:29.0421 1976 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:47:29.0421 1976 atapi - ok
12:47:29.0437 1976 Atdisk - ok
12:47:29.0453 1976 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:47:29.0453 1976 Atmarpc - ok
12:47:29.0484 1976 [ b4005aef7873144634765b570dac466e ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:47:29.0484 1976 AudioSrv - ok
12:47:29.0515 1976 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:47:29.0515 1976 audstub - ok
12:47:29.0531 1976 [ f1d43170fdd7399ee17ea32d4f868b0c ] avgio C:\Program Files\Avira\AntiVir Desktop\avgio.sys
12:47:29.0531 1976 avgio - ok
12:47:29.0562 1976 [ 14fe36d8f2c6a2435275338d061a0b66 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
12:47:29.0562 1976 avgntflt - ok
12:47:29.0578 1976 [ ad9bd66a862116e79cb45bb6be46055f ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
12:47:29.0578 1976 avipbb - ok
12:47:29.0625 1976 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:47:29.0625 1976 Beep - ok
12:47:29.0671 1976 [ baa0b6e647c1ad593e9bae5cc31bcffb ] BITS C:\WINDOWS\system32\qmgr.dll
12:47:29.0671 1976 BITS - ok
12:47:29.0703 1976 [ 06b54a7b1ef7cb16bfd0e208d343fa71 ] Browser C:\WINDOWS\System32\browser.dll
12:47:29.0703 1976 Browser - ok
12:47:29.0750 1976 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:47:29.0750 1976 cbidf2k - ok
12:47:29.0765 1976 [ 0be5aef125be881c4f854c554f2b025c ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:47:29.0781 1976 CCDECODE - ok
12:47:29.0781 1976 cd20xrnt - ok
12:47:29.0812 1976 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:47:29.0812 1976 Cdaudio - ok
12:47:29.0828 1976 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:47:29.0828 1976 Cdfs - ok
12:47:29.0843 1976 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:47:29.0843 1976 Cdrom - ok
12:47:29.0843 1976 Changer - ok
12:47:29.0890 1976 [ 793ef38a5fd086c3c8e48a8a861562ed ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:47:29.0890 1976 CiSvc - ok
12:47:29.0921 1976 [ 8b30cbb0c07d49b2658fb190946b0e7e ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:47:29.0921 1976 ClipSrv - ok
12:47:29.0953 1976 [ 0f6c187d38d98f8df904589a5f94d411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:47:29.0953 1976 CmBatt - ok
12:47:29.0953 1976 CmdIde - ok
12:47:29.0968 1976 [ 6e4c9f21f0fae8940661144f41b13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:47:29.0968 1976 Compbatt - ok
12:47:29.0968 1976 COMSysApp - ok
12:47:29.0984 1976 Cpqarray - ok
12:47:30.0015 1976 [ 7a6d0b71035e123fdda2156a25578ad3 ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:47:30.0015 1976 CryptSvc - ok
12:47:30.0031 1976 dac2w2k - ok
12:47:30.0031 1976 dac960nt - ok
12:47:30.0078 1976 [ 0203b1aad358f206cb0a3c1f93cce17a ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:47:30.0093 1976 DcomLaunch - ok
12:47:30.0125 1976 [ 318f535dc05551d96deeb90b6d6904de ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:47:30.0125 1976 Dhcp - ok
12:47:30.0140 1976 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:47:30.0140 1976 Disk - ok
12:47:30.0156 1976 dmadmin - ok
12:47:30.0203 1976 [ f5deadd42335fb33edca74ecb2f36cba ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:47:30.0203 1976 dmboot - ok
12:47:30.0234 1976 [ 5a7c47c9b3f9fb92a66410a7509f0c71 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:47:30.0234 1976 dmio - ok
12:47:30.0250 1976 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:47:30.0250 1976 dmload - ok
12:47:30.0281 1976 [ 6797c23d6b79935482d7f0e8ca5e5b67 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:47:30.0281 1976 dmserver - ok
12:47:30.0328 1976 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:47:30.0328 1976 DMusic - ok
12:47:30.0359 1976 [ 1a1e59377fb6cacd711cc5073c4a7d79 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:47:30.0359 1976 Dnscache - ok
12:47:30.0390 1976 [ 3fcf86f03d0302443c21ce6e5bbf7a25 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:47:30.0390 1976 Dot3svc - ok
12:47:30.0406 1976 dpti2o - ok
12:47:30.0421 1976 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:47:30.0421 1976 drmkaud - ok
12:47:30.0468 1976 [ 8b5fc9087d2cab110bc2ed5cc5e7b8ac ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:47:30.0468 1976 EapHost - ok
12:47:30.0531 1976 [ 27434c42a13c11f92ca45840b720d671 ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
12:47:30.0531 1976 ehRecvr - ok
12:47:30.0546 1976 [ 4e1f623fd2dcab00b20bd53d751f6afa ] ehSched C:\WINDOWS\eHome\ehSched.exe
12:47:30.0546 1976 ehSched - ok
12:47:30.0593 1976 [ 94f948cb12c4d35483f1e815deb16c7b ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:47:30.0593 1976 ERSvc - ok
12:47:30.0640 1976 [ c3fb1d70cb88722267949694ba51759e ] Eventlog C:\WINDOWS\system32\services.exe
12:47:30.0640 1976 Eventlog - ok
12:47:30.0687 1976 [ ec16ae9b37eacf871629227a3f3913fd ] EventSystem C:\WINDOWS\system32\es.dll
12:47:30.0687 1976 EventSystem - ok
12:47:30.0734 1976 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:47:30.0734 1976 Fastfat - ok
12:47:30.0781 1976 [ 1b8542f338cdd86929a084a455837158 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:47:30.0781 1976 FastUserSwitchingCompatibility - ok
12:47:30.0796 1976 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
12:47:30.0796 1976 Fdc - ok
12:47:30.0812 1976 [ 31f923eb2170fc172c81abda0045d18c ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:47:30.0812 1976 Fips - ok
12:47:30.0828 1976 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:47:30.0828 1976 Flpydisk - ok
12:47:30.0875 1976 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:47:30.0875 1976 FltMgr - ok
12:47:30.0890 1976 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:47:30.0890 1976 Fs_Rec - ok
12:47:30.0906 1976 [ a86859b77b908c18c2657f284aa29fe3 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:47:30.0906 1976 Ftdisk - ok
12:47:30.0937 1976 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:47:30.0937 1976 Gpc - ok
12:47:31.0015 1976 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:47:31.0015 1976 gupdate - ok
12:47:31.0046 1976 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:47:31.0046 1976 gupdatem - ok
12:47:31.0062 1976 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:47:31.0062 1976 HDAudBus - ok
12:47:31.0125 1976 [ 1247f83b705af0e796330442f7967cf8 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:47:31.0125 1976 helpsvc - ok
12:47:31.0125 1976 HidServ - ok
12:47:31.0156 1976 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:47:31.0156 1976 HidUsb - ok
12:47:31.0187 1976 [ 17b3c3d40cdba40c2e331d28be4de27f ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:47:31.0187 1976 hkmsvc - ok
12:47:31.0203 1976 hpn - ok
12:47:31.0250 1976 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:47:31.0250 1976 HTTP - ok
12:47:31.0296 1976 [ bd31cface38d1800abdb43f4260af0d5 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:47:31.0296 1976 HTTPFilter - ok
12:47:31.0296 1976 i2omgmt - ok
12:47:31.0312 1976 i2omp - ok
12:47:31.0328 1976 [ a09bdc4ed10e3b2e0ec27bb94af32516 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:47:31.0328 1976 i8042prt - ok
12:47:31.0359 1976 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:47:31.0359 1976 Imapi - ok
12:47:31.0406 1976 [ c4221678bbaa55239c23632875759961 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:47:31.0406 1976 ImapiService - ok
12:47:31.0406 1976 ini910u - ok
12:47:31.0609 1976 [ 47f27af890da3e51c633fdd510910115 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:47:31.0656 1976 IntcAzAudAddService - ok
12:47:31.0671 1976 IntelIde - ok
12:47:31.0703 1976 [ ad340800c35a42d4de1641a37feea34c ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:47:31.0718 1976 intelppm - ok
12:47:31.0734 1976 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:47:31.0734 1976 Ip6Fw - ok
12:47:31.0765 1976 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:47:31.0765 1976 IpFilterDriver - ok
12:47:31.0781 1976 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:47:31.0781 1976 IpInIp - ok
12:47:31.0796 1976 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:47:31.0796 1976 IpNat - ok
12:47:31.0828 1976 [ 56b0a5ebffbb841a629c2f0896ddbeea ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:47:31.0828 1976 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: 56b0a5ebffbb841a629c2f0896ddbeea, Fake md5: 23c74d75e36e7158768dd63d92789a91
12:47:31.0828 1976 IPSec ( Virus.Win32.ZAccess.h ) - infected
12:47:31.0828 1976 IPSec - detected Virus.Win32.ZAccess.h (0)
12:47:31.0859 1976 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:47:31.0859 1976 IRENUM - ok
12:47:31.0890 1976 [ 355836975a67b6554bca60328cd6cb74 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:47:31.0890 1976 isapnp - ok
12:47:32.0000 1976 [ 112325f53ab720ca77825726d427fbdc ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:47:32.0000 1976 JavaQuickStarterService - ok
12:47:32.0015 1976 [ 16813155807c6881f4bfbf6657424659 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:47:32.0015 1976 Kbdclass - ok
12:47:32.0031 1976 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:47:32.0031 1976 kmixer - ok
12:47:32.0078 1976 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:47:32.0078 1976 KSecDD - ok
12:47:32.0109 1976 [ 1db8078a32e03ac8f5eb5e6dcac2aa34 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:47:32.0109 1976 lanmanserver - ok
12:47:32.0140 1976 [ ad54ead46d92f413be189aabc1c59490 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:47:32.0156 1976 lanmanworkstation - ok
12:47:32.0156 1976 lbrtfdc - ok
12:47:32.0203 1976 [ 0f357c079ac529a844ab5b18e4eef881 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:47:32.0203 1976 LmHosts - ok
12:47:32.0281 1976 [ 9919e66d8e7b0c77b07a0852e1b38834 ] lv321av C:\WINDOWS\system32\DRIVERS\lv321av.sys
12:47:32.0296 1976 lv321av - ok
12:47:32.0421 1976 [ fa974ad25cd6c1fc94380d7dc5271b0d ] lvmvdrv C:\WINDOWS\system32\drivers\lvmvdrv.sys
12:47:32.0437 1976 lvmvdrv - ok
12:47:32.0468 1976 [ b750d805a1e024e42096970ad01434cf ] LVPrcMon C:\WINDOWS\system32\drivers\LVPrcMon.sys
12:47:32.0468 1976 LVPrcMon - ok
12:47:32.0515 1976 [ d31be03b7caaee453d265b20c10744a3 ] LVPrcSrv c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
12:47:32.0515 1976 LVPrcSrv - ok
12:47:32.0546 1976 [ dcc4677c583fb9563e31b565fc28eaa2 ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys
12:47:32.0546 1976 LVUSBSta - ok
12:47:32.0593 1976 [ e67a66a3781c1a483f0f8992664cbe0d ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:47:32.0593 1976 Messenger - ok
12:47:32.0625 1976 [ 184a03058c8cc399ea37dbeff6a8365a ] MHN C:\WINDOWS\System32\mhn.dll
12:47:32.0625 1976 MHN - ok
12:47:32.0625 1976 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:47:32.0625 1976 MHNDRV - ok
12:47:32.0671 1976 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:47:32.0671 1976 mnmdd - ok
12:47:32.0703 1976 [ d3a2870cd96cda7bcff3dc54f64087ad ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:47:32.0703 1976 mnmsrvc - ok
12:47:32.0734 1976 [ 510ade9327fe84c10254e1902697e25f ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:47:32.0734 1976 Modem - ok
12:47:32.0781 1976 [ 027c01bd7ef3349aaebc883d8a799efb ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:47:32.0781 1976 Mouclass - ok
12:47:32.0812 1976 [ 124d6846040c79b9c997f78ef4b2a4e5 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:47:32.0812 1976 mouhid - ok
12:47:32.0828 1976 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:47:32.0828 1976 MountMgr - ok
12:47:32.0843 1976 mraid35x - ok
12:47:32.0859 1976 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:47:32.0859 1976 MRxDAV - ok
12:47:32.0906 1976 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:47:32.0921 1976 MRxSmb - ok
12:47:32.0953 1976 [ 8648d670ae0d95c95e7bbb5b80661796 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:47:32.0953 1976 MSDTC - ok
12:47:32.0968 1976 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:47:32.0968 1976 Msfs - ok
12:47:32.0968 1976 MSIServer - ok
12:47:32.0984 1976 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:47:32.0984 1976 MSKSSRV - ok
12:47:33.0015 1976 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:47:33.0015 1976 MSPCLOCK - ok
12:47:33.0031 1976 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:47:33.0031 1976 MSPQM - ok
12:47:33.0062 1976 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:47:33.0062 1976 mssmbios - ok
12:47:33.0093 1976 [ e53736a9e30c45fa9e7b5eac55056d1d ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:47:33.0093 1976 MSTEE - ok
12:47:33.0125 1976 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:47:33.0125 1976 Mup - ok
12:47:33.0156 1976 [ 5b50f1b2a2ed47d560577b221da734db ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:47:33.0156 1976 NABTSFEC - ok
12:47:33.0203 1976 [ 69e4fbbabaeee1bff422e091da3171da ] napagent C:\WINDOWS\System32\qagentrt.dll
12:47:33.0203 1976 napagent - ok
12:47:33.0250 1976 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:47:33.0250 1976 NDIS - ok
12:47:33.0265 1976 [ 7ff1f1fd8609c149aa432f95a8163d97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:47:33.0265 1976 NdisIP - ok
12:47:33.0281 1976 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:47:33.0281 1976 NdisTapi - ok
12:47:33.0312 1976 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:47:33.0312 1976 Ndisuio - ok
12:47:33.0343 1976 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:47:33.0359 1976 NdisWan - ok
12:47:33.0390 1976 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:47:33.0390 1976 NDProxy - ok
12:47:33.0515 1976 [ 40d7d0a208ee863bca8d89e299216f15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
12:47:33.0515 1976 Nero BackItUp Scheduler 3 - ok
12:47:33.0546 1976 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:47:33.0546 1976 NetBIOS - ok
12:47:33.0578 1976 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:47:33.0578 1976 NetBT - ok
12:47:33.0609 1976 [ 5c9b1d83755b36237b70f95df3d46a52 ] NetDDE C:\WINDOWS\system32\netdde.exe
12:47:33.0609 1976 NetDDE - ok
12:47:33.0625 1976 [ 5c9b1d83755b36237b70f95df3d46a52 ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:47:33.0625 1976 NetDDEdsdm - ok
12:47:33.0656 1976 [ 91e6024d6d4dcdecdb36c43ecf9bbecb ] Netlogon C:\WINDOWS\system32\lsass.exe
12:47:33.0656 1976 Netlogon - ok
12:47:33.0703 1976 [ be0cb143fa427d93440ded18db8c918b ] Netman C:\WINDOWS\System32\netman.dll
12:47:33.0703 1976 Netman - ok
12:4
0
Réponse 12 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Oui, mais quand je le lance, une fenêtre noire apparaît une fraction de seconde, sans que je puisse la lire.
0
Réponse 13 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
On va faire autrement.
Télécharge ce fichier ipsec.sys sur ton bureau en faisant un clic droit sur le lien ci-dessous puis enregistrer la cible..
https://dl.dropbox.com/u/50907851/ipsec.sys

Démarre le PC en mode sans échec
Copie le fichier ipsec.sys qui se trouve sur ton bureau dans ce dossier:
C:\Windows\system32\Drivers

A la demande voulez remplacer le fichier répond OUI

Redémarre normalement le PC et repasse TDSSKiller en respectant la procédure citée plus haut.
Héberge le rapport sur ce site : http://pjjoint.malekal.com/
et poste le lien pour y accéder

Smart
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)
0
Réponse 14 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Ca n'a rien changé je crois...
Voici l'adresse du rapport quand même: http://pjjoint.malekal.com/files.php?id=20120817_k11j12b7i8l13
0
Réponse 15 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
On va prendre les grands moyens:

Avant de commencer, fais une sauvegarde de tous tes documents personnels si tu ne l'as déjà fait

Attention pour ceux qui parcourent ce sujet, cet outil n'est pas à utiliser à la légère, et doit être recommandé uniquement par une personne formée à cet outil

Imprime la procédure

Télécharge ComboFix de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Tutoriel pour bien utiliser l'outil ==> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

- /!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
- Double-clique sur ComboFix.exe
- Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter
- Surtout si tu es sous XP, accepte d'installer la console de récupération

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

Smart
0
Réponse 16 / 43
rriverais pas avec virustotal,mais en fait l'antivirus
 
Bonjour,

voilà le lien du rapport!
0
rriverais pas avec virustotal,mais en fait l'antivirus
 
http://pjjoint.malekal.com/files.php?id=20120817_o6e77h10m9
0
Réponse 17 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
Est-ce que tu as toujours les alertes depuis l'antivirus ?
J'ai vu également que tu avais des adwares et et des barres d'outils infectieuses. On verra cela plus tard.

Tu vas faire ceci:

* Télécharge et installe Malwarebytes
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme). C'est très important
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet puis "Rechercher"
* Ne t'inquiète pas, l'analyse peut durer plusieurs heures en fonction du nombre de fichiers et infections à analyser
* A la fin de l'analyse, clique sur "Afficher les résultats"
* Coche tous les éléments détectés puis clique sur "Supprimer la sélection"
* Enregistre le rapport
* S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
* Un rapport apparait après la suppression : poste le dans ta prochaine réponse.

Smart
0
Réponse 18 / 43
bachibouzouk
 
J'ai fait, ça a l'air d'avoir plutôt bien marché, par contre je n'ai plus internet...ça m'écrit "problème de dns"...
0
Réponse 19 / 43
Smart91 Messages postés 30146 Statut Contributeur sécurité 2 328
 
Tu as ce pb de dns après avoir pasé MalwareBytes (MBAM) ?
Peux-tu poster le rapport MBAM

Smart
0
Réponse 20 / 43
bachibouzouk
 
Oui, juste après. je vais essayer!
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses