Sujet Précédent Sujet Suivant

Une infection...

Fermé
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 - 17 juil. 2009 à 10:16
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 - 1 août 2009 à 01:36
Bonjour,
je crois que je suis infecté, mais je ne sais pas trop par quoi. ma machine devient lente et les disques dur s'affichent avec une icone de dossier. j'ai pourtant mon antivirus à jour
je vous poste mon hijackthis,
merci d'avance a tous pour votre analyse


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:04, on 17/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Nokia\NCLTools\NCLConf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\DOCUME~1\Nuza\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\MediaDICO38.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\Rac38.EXE
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Nuza\Bureau\HiJackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Nokia Connection Monitor] "C:\Program Files\Fichiers communs\Nokia\NCLTools\NCLConf.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MediaDICO38] C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\LanceMediaDICO38.exe Lancement
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-D41D8CD9.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user')
O4 - .DEFAULT Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe (User 'Default user')
O4 - .DEFAULT Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-D41D8CD9.EXE (User 'Default user')
O4 - Startup: Logitech . Enregistrement du produit.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-D41D8CD9.EXE
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Exif Launcher S.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Hyperappel du Petit Larousse 2009.lnk = C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45DA6C67-4D48-4360-827B-4886E0057D8D}: NameServer = 192.168.0.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

36 réponses

Précédent
  • 1
  • 2
Réponse 21 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
20 juil. 2009 à 01:07
depuis que j'ai fais la manip que vous m'avez demandé de faire j'ai toujours cette boite de dialogue erreur d'application svchost.exe qui apparait et de temps en temps ma machine plante
0
Réponse 22 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
20 juil. 2009 à 08:13
Bonjour,

Télécharge SysProt ( de swatkat ) sur ton bureau :

http://homepages.slingshot.co.nz/~crutches/SysProt/SysProt.e­xe


!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


* double clique sur "SysProt.exe" pour lancer l'outil .

* clique sur l'onglet "log" :

> coche toutes les cases présentes dans l'encadré "Write to log" .

* Puis clique sur le bouton en bas à droite [Create Log] .

* le scan démarre , laisse travailler l'outil ( même si il semble avoir planté ...)

> Au bout d'un moment, une fenêtre va apparaitre : laisse bien "Scan all drives " coché et clique sur [Start] .

> patiente de nouveau ... attends le message de fin indiquant la creation du rapport et clique sur "OK"


* ferme SysProt et copie/colle le contenu du rapport "SysProtLog.txt" qui a été sauvegardé sur ton bureau dans ta prochaine réponse ...
0
Réponse 23 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
21 juil. 2009 à 21:24
je veux bien faire ça mais svp aidez moi a retrouver ma machine, ça ne va plus depuis que je fais vos manipulations, ça ne fait que empirer.
la machine plante dès que je demarre, avec la boite erreur d'application svchost.exe, surtout quand j'essaye de lancer ma connexion internet par modem. meme lorsque je ne fais rien, a peine 5min après avoir lancé la machine, la boite apparait et tout se bloque
SVP JE VOUDRAIS RETROUVER MA MACHINE.
de plus le lien ci dessus ne fonctionne pas
j'ai voulu reinstaller windows xp (mise a jour) mais dès que la mise a jour veut commencer, c'est l'écran bleu.
j'ai voulu passer par le CD de demarrage pour faire chkdsk puis fixboot, mais le système dit qu'il ne voit pas de disque, pourtant tout demarre sans problèmes
en ce moment meme ou j'écris, la fenetre est affichée, si je clique ok ou annuler, tout vas se planter.
merci encore.
0
Réponse 24 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
22 juil. 2009 à 00:24
Bonjour,

le bon lien

http://homepages.slingshot.co.nz/~crutches/SysProt/SysProt.exe

=========

Ton antivirus est peut être à jour mais ton Windows ne l'est pas.

Pourquoi ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
22 juil. 2009 à 02:45
VOICI LE RAPPORT, MERCI

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 540
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 716
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1084
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1128
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1140
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1284
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1364
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1400
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1436
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1548
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1720
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 2020
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PID: 232
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PID: 1016
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 1024
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PID: 1056
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.exe
PID: 1488
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxtray.exe
PID: 1444
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 1564
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 1596
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PID: 1620
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PID: 1628
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PID: 1668
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PID: 1692
Hidden: No
Window Visible: No

Name: C:\Program Files\Launch Manager\LManager.exe
PID: 1712
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 1736
Hidden: No
Window Visible: No

Name: C:\Program Files\Fichiers communs\Nokia\NCLTools\NclConf.exe
PID: 1812
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PID: 1832
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PID: 1844
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PID: 1852
Hidden: No
Window Visible: No

Name: C:\Program Files\QuickTime\QTTask.exe
PID: 1880
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxsrvc.exe
PID: 1900
Hidden: No
Window Visible: No

Name: C:\WINDOWS\vsnpstd.exe
PID: 1940
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 316
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 444
Hidden: No
Window Visible: No

Name: C:\Program Files\SuperCopier2\SuperCopier2.exe
PID: 452
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PID: 480
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\Mctray.exe
PID: 604
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Download Manager\IDMan.exe
PID: 668
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\agrsmsvc.exe
PID: 752
Hidden: No
Window Visible: No

Name: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PID: 1184
Hidden: No
Window Visible: No

Name: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 876
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1316
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PID: 1308
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1540
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PID: 1840
Hidden: No
Window Visible: No

Name: C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
PID: 2072
Hidden: No
Window Visible: No

Name: C:\Program Files\FinePixViewerS\QuickDCF2.exe
PID: 2096
Hidden: No
Window Visible: No

Name: C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\MediaDico38.exe
PID: 2156
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 2164
Hidden: No
Window Visible: No

Name: C:\Program Files\Larousse\Petit Larousse 2009\bin\Hyperappel.exe
PID: 2204
Hidden: No
Window Visible: No

Name: C:\Program Files\WinZip\WZQKPICK.EXE
PID: 2240
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
PID: 2248
Hidden: No
Window Visible: No

Name: C:\Program Files\Micro Application\38 Dictionnaires et Recueils de Correspondance\RAC38.exe
PID: 2404
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PID: 2484
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PID: 2684
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PID: 2728
Hidden: No
Window Visible: No

Name: C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PID: 3116
Hidden: No
Window Visible: No

Name: C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PID: 3160
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Webshots\Webshots.scr
PID: 3240
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxext.exe
PID: 3316
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 3692
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 3748
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 3856
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiapsrv.exe
PID: 3964
Hidden: No
Window Visible: No

Name: C:\DOCUME~1\Nuza\LOCALS~1\Temp\RtkBtMnt.exe
PID: 1664
Hidden: No
Window Visible: No

Name: C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PID: 2656
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 756
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 1888
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PID: 3176
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\wbem\unsecapp.exe
PID: 3212
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 3080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2516
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Download Manager\IEMonitor.exe
PID: 2936
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 6040
Hidden: No
Window Visible: Yes

Name: C:\Documents and Settings\Nuza\Bureau\SysProt.exe
PID: 3100
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Nuza\Bureau\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A8842000
Module End: A884D000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806E2000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806E2000
Module End: 80702C80
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7B3D000
Module End: F7B3F000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7A4D000
Module End: F7A50000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\a347bus.sys
Service Name: a347bus
Module Base: F7515000
Module End: F753C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F74E6000
Module End: F7515000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7B3F000
Module End: F7B41000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F74D5000
Module End: F74E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F763D000
Module End: F7646000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F764D000
Module End: F765C000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F765D000
Module End: F766A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7A51000
Module End: F7A54000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F7A55000
Module End: F7A59000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7C05000
Module End: F7C06000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F78BD000
Module End: F78C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: F7B41000
Module End: F7B43000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: F7B43000
Module End: F7B45000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\toside.sys
Service Name: TosIde
Module Base: F7B45000
Module End: F7B47000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: F7B47000
Module End: F7B49000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmdide.sys
Service Name: CmdIde
Module Base: F7B49000
Module End: F7B4B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: F74B7000
Module End: F74D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F766D000
Module End: F7678000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F7498000
Module End: F74B7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7B4B000
Module End: F7B4D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F7472000
Module End: F7498000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys
Service Name: ACPIEC
Module Base: F7A59000
Module End: F7A5C000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
Service Name: ---
Module Base: F7C06000
Module End: F7C07000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F78C5000
Module End: F78CA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\UBHelper.sys
Service Name: UBHelper
Module Base: F7A5D000
Module End: F7A61000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F767D000
Module End: F768B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cpqarray.sys
Service Name: Cpqarray
Module Base: F7A61000
Module End: F7A65000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
Service Name: ---
Module Base: F745A000
Module End: F7472000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iaStor.sys
Service Name: iaStor
Module Base: F7393000
Module End: F745A000
Hidden: No

Module Name:
Service Name: ---
Module Base: F737B000
Module End: F7393000
Hidden: Yes

Module Name: C:\WINDOWS\system32\drivers\aha154x.sys
Service Name: Aha154x
Module Base: F7A65000
Module End: F7A69000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sparrow.sys
Service Name: Sparrow
Module Base: F78CD000
Module End: F78D2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc810.sys
Service Name: symc810
Module Base: F7A69000
Module End: F7A6D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78xx.sys
Service Name: aic78xx
Module Base: F768D000
Module End: F769B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac960nt.sys
Service Name: dac960nt
Module Base: F7A6D000
Module End: F7A71000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql10wnt.sys
Service Name: Ql10wnt
Module Base: F769D000
Module End: F76A6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amsint.sys
Service Name: amsint
Module Base: F7A71000
Module End: F7A74000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc.sys
Service Name: asc
Module Base: F78D5000
Module End: F78DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3550.sys
Service Name: asc3550
Module Base: F7A75000
Module End: F7A79000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mraid35x.sys
Service Name: mraid35x
Module Base: F78DD000
Module End: F78E2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\i2omp.sys
Service Name: i2omp
Module Base: F78E5000
Module End: F78EA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ini910u.sys
Service Name: ini910u
Module Base: F7A79000
Module End: F7A7D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1240.sys
Service Name: ql1240
Module Base: F76AD000
Module End: F76B7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78u2.sys
Service Name: aic78u2
Module Base: F76BD000
Module End: F76CB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc8xx.sys
Service Name: symc8xx
Module Base: F78ED000
Module End: F78F5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_hi.sys
Service Name: sym_hi
Module Base: F78F5000
Module End: F78FC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_u3.sys
Service Name: sym_u3
Module Base: F78FD000
Module End: F7905000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Service Name: abp480n5
Module Base: F7905000
Module End: F790B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3350p.sys
Service Name: asc3350p
Module Base: F790D000
Module End: F7913000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Service Name: cd20xrnt
Module Base: F7B4D000
Module End: F7B4F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ultra.sys
Service Name: ultra
Module Base: F76CD000
Module End: F76D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\adpu160m.sys
Service Name: adpu160m
Module Base: F7362000
Module End: F737B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dpti2o.sys
Service Name: dpti2o
Module Base: F7915000
Module End: F791A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1080.sys
Service Name: ql1080
Module Base: F76DD000
Module End: F76E7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1280.sys
Service Name: ql1280
Module Base: F76ED000
Module End: F76F9000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql12160.sys
Service Name: ql12160
Module Base: F76FD000
Module End: F7709000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2.sys
Service Name: perc2
Module Base: F791D000
Module End: F7924000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2hib.sys
Service Name: perc2hib
Module Base: F7B4F000
Module End: F7B51000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\hpn.sys
Service Name: hpn
Module Base: F7925000
Module End: F792C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cbidf2k.sys
Service Name: cbidf
Module Base: F7A7D000
Module End: F7A81000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac2w2k.sys
Service Name: dac2w2k
Module Base: F7336000
Module End: F7362000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\a347scsi.sys
Service Name: a347scsi
Module Base: F7B51000
Module End: F7B53000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F770D000
Module End: F7716000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F771D000
Module End: F772A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltMgr.sys
Service Name: FltMgr
Module Base: F7317000
Module End: F7336000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F772D000
Module End: F7736000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7300000
Module End: F7317000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WudfPf.sys
Service Name: WudfPf
Module Base: F72ED000
Module End: F7300000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F7260000
Module End: F72ED000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F7233000
Module End: F7260000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sisagp.sys
Service Name: sisagp
Module Base: F773D000
Module End: F7748000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaagp.sys
Service Name: viaagp
Module Base: F774D000
Module End: F7758000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F7218000
Module End: F7233000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\gagp30kx.sys
Service Name: gagp30kx
Module Base: F775D000
Module End: F7769000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\alim1541.sys
Service Name: alim1541
Module Base: F776D000
Module End: F7778000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amdagp.sys
Service Name: amdagp
Module Base: F777D000
Module End: F7788000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: F778D000
Module End: F7798000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agpCPQ.sys
Service Name: agpCPQ
Module Base: F779D000
Module End: F77A8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F77FD000
Module End: F7807000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: F7154000
Module End: F7157000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
Service Name: ialm
Module Base: F5561000
Module End: F5AE0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F554D000
Module End: F5561000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F798D000
Module End: F7993000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F552A000
Module End: F554D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7995000
Module End: F799D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F5505000
Module End: F552A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\b57xp32.sys
Service Name: b57w2k
Module Base: F54DA000
Module End: F5505000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
Service Name: BCM43XX
Module Base: F5446000
Module End: F54DA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys
Service Name: NIC1394
Module Base: F782D000
Module End: F783D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tifm21.sys
Service Name: tifm21
Module Base: F53FA000
Module End: F5446000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: F53E9000
Module End: F53FA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F7150000
Module End: F7154000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7188000
Module End: F7196000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
Service Name: DKbFltr
Module Base: F5C13000
Module End: F5C18000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F5C0B000
Module End: F5C12000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: F4F7A000
Module End: F4FA9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7BAD000
Module End: F7BAF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F5C03000
Module End: F5C09000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nscirda.sys
Service Name: irda
Module Base: F5BFB000
Module End: F5C02000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\irenum.sys
Service Name: IRENUM
Module Base: F7138000
Module End: F713B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F5B10000
Module End: F5B1B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F5B00000
Module End: F5B0D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F5AF0000
Module End: F5AFF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F4F57000
Module End: F4F7A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
Service Name: NTIDrvr
Module Base: F7BAF000
Module End: F7BB1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7D36000
Module End: F7D37000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\RootMdm.sys
Service Name: ROOTMODEM
Module Base: F7BB1000
Module End: F7BB3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F5BF3000
Module End: F5BFB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasirda.sys
Service Name: Rasirda
Module Base: F5BEB000
Module End: F5BF0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F79DD000
Module End: F79E2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F5AE0000
Module End: F5AED000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F7117000
Module End: F711A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F4F18000
Module End: F4F2F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F780D000
Module End: F7818000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F781D000
Module End: F7829000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F4F07000
Module End: F4F18000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F783D000
Module End: F7846000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: EF546000
Module End: EF54B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: EF53E000
Module End: EF543000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: EE43B000
Module End: EE46C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: EFA7B000
Module End: EFA85000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7B83000
Module End: F7B85000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: EE3CE000
Module End: EE427000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F097D000
Module End: F0981000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F22AF000
Module End: F22B9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F228F000
Module End: F229E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: AA323000
Module End: AA780000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: AA301000
Module End: AA323000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F222F000
Module End: F223E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Service Name: AgereSoftModem
Module Base: AA1E4000
Module End: AA301000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: F2E6C000
Module End: F2E6E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F2E6A000
Module End: F2E6C000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F1E80000
Module End: F1E86000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F2E68000
Module End: F2E6A000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F2E66000
Module End: F2E68000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F303B000
Module End: F3040000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F3033000
Module End: F303B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: EF5FB000
Module End: EF5FE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AA1B1000
Module End: AA1C4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AA159000
Module End: AA1B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfetdik.sys
Service Name: mfetdik
Module Base: F2FD8000
Module End: F2FE4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AA138000
Module End: AA159000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AA110000
Module End: AA138000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AA0EE000
Module End: AA110000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F2FC8000
Module End: F2FD1000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\truecrypt.sys
Service Name: truecrypt
Module Base: AA0BB000
Module End: AA0EE000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Service Name: ssmdrv
Module Base: F2E1F000
Module End: F2E25000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AA08F000
Module End: AA0BB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\PQNTDrv.SYS
Service Name: PQNTDrv
Module Base: F7D6D000
Module End: F7D6E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AA020000
Module End: AA08F000
Hidden: No

Module Name: \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Service Name: mferkdk
Module Base: F2E17000
Module End: F2E1E000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F2FA8000
Module End: F2FB1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Service Name: avipbb
Module Base: AA00F000
Module End: AA020000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
Service Name: avgio
Module Base: F0475000
Module End: F0477000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Service Name: Fastfat
Module Base: A9FEC000
Module End: AA00F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: F2E07000
Module End: F2E0E000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: A9F25000
Module End: A9FEC000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: ED024000
Module End: ED027000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F2DFF000
Module End: F2E04000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F2EC5000
Module End: F2EC6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F5B20000
Module End: F5B29000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys
Service Name: Arp1394
Module Base: F784D000
Module End: F785C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\irda.sys
Service Name: ---
Module Base: A9F0F000
Module End: A9F25000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Service Name: NwlnkIpx
Module Base: A9EF9000
Module End: A9F0F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Service Name: NwlnkNb
Module Base: F2F68000
Module End: F2F78000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: F713C000
Module End: F7140000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nwrdr.sys
Service Name: NWRDR
Module Base: A9E31000
Module End: A9E59000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: A9E04000
Module End: A9E31000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: A9D9F000
Module End: A9DB4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: F4298000
Module End: F42A7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NokiaSuite3.SYS
Service Name: NokiaSuite3
Module Base: A98CF000
Module End: A9940000
Hidden: No

Module Name: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
Service Name: avgntflt
Module Base: A97CB000
Module End: A97DF000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\int15.sys
Service Name: int15
Module Base: ED9AF000
Module End: ED9B6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: A9721000
Module End: A9773000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: ED67E000
Module End: ED68E000
Hidden: No

Module Name: \??\C:\DOCUME~1\Nuza\LOCALS~1\Temp\mc21.tmp
Service Name: mchInjDrv
Module Base: F7D0F000
Module End: F7D10000
Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Service Name: NwlnkSpx
Module Base: A93F1000
Module End: A93FF000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\tvicport.sys
Service Name: tvicport
Module Base: A91D3000
Module End: A91D6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys
Service Name: mfehidk
Module Base: A90BD000
Module End: A90E5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfebopk.sys
Service Name: mfebopk
Module Base: ECE0A000
Module End: ECE11000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfeapfk.sys
Service Name: mfeapfk
Module Base: A9421000
Module End: A9430000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mfeavfk.sys
Service Name: mfeavfk
Module Base: A9441000
Module End: A9451000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\zntport.sys
Service Name: zntport
Module Base: F7D94000
Module End: F7D95000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: A88A5000
Module End: A88E6000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\psdfilter.sys
Service Name: psdfilter
Module Base: F2DDF000
Module End: F2DE7000
Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
Service Name: psdvdisk
Module Base: A8892000
Module End: A88A5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Service Name: AsyncMac
Module Base: A8A76000
Module End: A8A7A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: ED050000
Module End: ED053000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: A983F000
Module End: A9848000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: A9D87000
Module End: A9D8A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ccdcmb.sys
Service Name: nmwcd
Module Base: F211F000
Module End: F2124000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\WDFLDR.SYS
Service Name: ---
Module Base: A87AA000
Module End: A87B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
Service Name: Wdf01000
Module Base: A83FE000
Module End: A8479000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ccdcmbo.sys
Service Name: nmwcdc
Module Base: ED5B0000
Module End: ED5B6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
Service Name: UsbserFilt
Module Base: F7B87000
Module End: F7B89000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\usbser.sys
Service Name: usbser
Module Base: F5C23000
Module End: F5C2A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
Service Name: upperdev
Module Base: F1500000
Module End: F1502000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwClose
Address: F7522AF8
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwCreateKey
Address: F7522AB0
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwCreatePagingFile
Address: F7516B00
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwCreateThread
Address: F7C29424
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwEnumerateKey
Address: F7517388
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwEnumerateValueKey
Address: F7522BF0
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwOpenKey
Address: F7522A74
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwOpenProcess
Address: F7C29410
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwOpenThread
Address: F7C29415
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwQueryKey
Address: F75173A8
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwQueryValueKey
Address: F7522B46
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwSetSystemPowerState
Address: F7522390
Driver Base: F7515000
Driver End: F753C000
Driver Name: a347bus.sys

Function Name: ZwTerminateProcess
Address: F7C2941F
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

Function Name: ZwWriteVirtualMemory
Address: F7C2941A
Driver Base: 0
Driver End: 0
Driver Name: _unknown_

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwSetValueKey
At Address: 80620C3E
Jump To: A90D0556
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwRenameKey
At Address: 80621FA4
Jump To: A90D052A
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteValueKey
At Address: 80622BDE
Jump To: A90D0540
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

Hooked Function: ZwDeleteKey
At Address: 80622A0E
Jump To: A90D0514
Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\a347scsi.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8607CDD8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_READ
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_WRITE
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_EA
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_POWER
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module:
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 85D554B8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 85E1B008
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 85E1B008
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************
Ports:
Local Address: KAMMI:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: KAMMI:20416
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
State: LISTENING

Local Address: KAMMI:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: KAMMI:5152
Remote Address: LOCALHOST:1117
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: KAMMI:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: KAMMI:1076
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: KAMMI:1026
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
State: LISTENING

Local Address: KAMMI:2869
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: KAMMI:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: KAMMI:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: KAMMI:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KAMMI:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KAMMI:1082
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KAMMI:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KAMMI:65216
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KAMMI:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KAMMI:1562
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KAMMI:1560
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KAMMI:1081
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: KAMMI:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: KAMMI:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: KAMMI:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: F:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: F:\System Volume Information\tracking.log
Status: Access denied
0
Réponse 26 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
26 juil. 2009 à 14:04
plus personne?
0
Réponse 27 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
28 juil. 2009 à 16:22
Bonjour,

tu n'as pas dit pourquoi ton Windows n'est pas à jour.

Fais un scan se ton poste de travail avec Antivir et poste le rapport.
0
Réponse 28 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
29 juil. 2009 à 00:10
BONJOUR lyonnais,
merci d'être revenu a ma rescousse,
mon ordinateur n'est pas à jour parce que j'avais désactivé les mises à jour, et en plus de cela, je n'ai pas fréquemment l'accès a internet.
je fais le scan antivir et je te donne le rapport ( antivir est à jour dans ma machine.)
0
Réponse 29 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
30 juil. 2009 à 08:17
voila, j'ai relancé plusieurs fois le scan depuis ce jour et ça cale à chaque fois sur
c:\windows\system32\drivers\null.sys,, à 30.6%
0
Réponse 30 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
30 juil. 2009 à 09:30
Bonjour,

========================================
->Affiche tous les fichiers et dossiers :
clique sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage

[Coche] « afficher les dossiers et fichiers cachés »

[Décoche] la case « Masquer les fichiers protégés du système d'exploitation (recommandé) »

[Décoche] « masquer les extensions dont le type est connu »

Puis fais [appliquer] pour valider les changements.

Et [Ok]
========================================

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur parcourir et cherche ce fichier : c:\windows\system32\drivers\null.sys

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta réponse.

Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
0
Réponse 31 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
30 juil. 2009 à 22:39
bonsoir,
je n'ai pas trop su comment enregistrer dans le bloc note, j'ai juste copié et collé, le voila, mercii!!


Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.24 2009.07.30 -
AhnLab-V3 5.0.0.2 2009.07.30 -
AntiVir 7.9.0.236 2009.07.30 TR/Trash.Gen
Antiy-AVL 2.0.3.7 2009.07.30 -
Authentium 5.1.2.4 2009.07.30 -
Avast 4.8.1335.0 2009.07.30 -
AVG 8.5.0.406 2009.07.30 -
BitDefender 7.2 2009.07.30 -
CAT-QuickHeal 10.00 2009.07.30 -
ClamAV 0.94.1 2009.07.30 -
Comodo 1815 2009.07.30 -
DrWeb 5.0.0.12182 2009.07.30 -
eSafe 7.0.17.0 2009.07.30 -
eTrust-Vet 31.6.6648 2009.07.30 -
F-Prot 4.4.4.56 2009.07.30 -
F-Secure 8.0.14470.0 2009.07.30 -
Fortinet 3.120.0.0 2009.07.30 -
GData 19 2009.07.30 -
Ikarus T3.1.1.64.0 2009.07.30 -
Jiangmin 11.0.800 2009.07.30 -
K7AntiVirus 7.10.806 2009.07.30 -
Kaspersky 7.0.0.125 2009.07.30 -
McAfee 5692 2009.07.29 -
McAfee+Artemis 5692 2009.07.29 -
McAfee-GW-Edition 6.8.5 2009.07.30 Heuristic.BehavesLike.Exploit.CodeExec.EBOP
Microsoft 1.4903 2009.07.30 -
NOD32 4292 2009.07.30 -
Norman 6.01.09 2009.07.30 Smalltroj.NBRB
nProtect 2009.1.8.0 2009.07.30 -
Panda 10.0.0.14 2009.07.30 -
PCTools 4.4.2.0 2009.07.29 -
Prevx 3.0 2009.07.30 -
Rising 21.40.34.00 2009.07.30 -
Sophos 4.44.0 2009.07.30 -
Sunbelt 3.2.1858.2 2009.07.30 -
Symantec 1.4.4.12 2009.07.30 -
TheHacker 6.3.4.3.374 2009.07.30 -
TrendMicro 8.950.0.1094 2009.07.30 -
VBA32 3.12.10.9 2009.07.30 -
ViRobot 2009.7.30.1861 2009.07.30 -
VirusBuster 4.6.5.0 2009.07.30 -
Information additionnelle
File size: 2944 bytes
MD5...: fb41649b612fd60b8e1b768474ee40a3
SHA1..: 723917a3a69d4b10ae38e2c8e83e1f578f40a224
SHA256: ff9834afcad853eb803cb955d92760cc2917d675254f835198ad49f65db58ea0
ssdeep: 48:q/w53pqaIBletto0JisjIZWQJ2RZ5WwGi:yw5E8tbiMEWJRHWw
PEiD..: -
TrID..: File type identification
Autodesk FLIC Image File (extensions: flc, fli, cel) (100.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
0
Réponse 32 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
31 juil. 2009 à 10:24
Bonjour,

pas probant.

1) tu as un répertoire i386 (probablement sous C:) ?

2) tu as une sauvegarde de tes fichiers persos sur un autre support ? ( y compris courriels, contacts, ...)

3) quel est l'ordre de Boot (dans le Bios) ?
0
Réponse 33 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
31 juil. 2009 à 20:25
BONSOIR,
1) oui, sous c:\i386

2) pas vraiment, j'utilise un disque dur externe, où il y a des données aussi. mon disque de laptop est partitionné en 3

3) l'ordre de boot dans le bios est CD-Disque dur-disquette

merci
0
Réponse 34 / 36
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
31 juil. 2009 à 22:51
Re,

scanne avec antivir les 2 autres partitions (pas C: puisque le scan bloque).

Pour C:, regarde si tu ne trouves pas un mécanisme qui permet d'exclure un fichier de l'analyse. Si oui, exclus le fichier null.sys qui semble bloquer.
0
Réponse 35 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
1 août 2009 à 01:23
bon je vais scanner les disques, mais pour exclure le fichier null.sys,je sais pas si c'est faisable, en tout cas j'ai fouillé et je vois pas comment le faire/.

pour la fenetre svchost.exe qui fait que s'afficher comment faire?
0
Réponse 36 / 36
zanu Messages postés 1175 Date d'inscription samedi 16 août 2008 Statut Membre Dernière intervention 14 janvier 2020 38
1 août 2009 à 01:36
voila le scan de D et E
Avira AntiVir Personal
Report file date: samedi 1 août 2009 00:09

Scanning for 1519894 virus strains and unwanted programs.

Licensed to: Avira AntiVir Personal - FREE Antivirus
Serial number: 0000149996-ADJIE-0000001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Nuza
Computer name: KAMMI

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 15/05/2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 05/01/2009 04:37:13
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:29:38
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 13:42:45
ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 12/07/2009 22:41:02
ANTIVIR3.VDF : 7.1.4.227 53760 Bytes 13/07/2009 22:36:46
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 12/05/2009 00:53:24
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 04/07/2009 22:37:18
AESCN.DLL : 8.1.2.3 127347 Bytes 05/06/2009 12:19:26
AERDL.DLL : 8.1.2.2 438642 Bytes 04/07/2009 22:36:57
AEPACK.DLL : 8.1.3.18 401783 Bytes 05/06/2009 12:19:08
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 29/06/2009 13:46:39
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 29/06/2009 13:46:19
AEHELP.DLL : 8.1.3.6 205174 Bytes 29/06/2009 13:44:43
AEGEN.DLL : 8.1.1.48 348532 Bytes 04/07/2009 22:36:30
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 10:49:36
AECORE.DLL : 8.1.6.12 180599 Bytes 05/06/2009 12:16:53
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 10:49:34
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 12/05/2009 00:50:02
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\DOCUME~1\Nuza\LOCALS~1\Temp\6e24989c.avp
Logging..........................: low
Primary action...................: repair
Secondary action.................: delete
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:, D:,
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 1 août 2009 00:09

Starting the file scan:

Begin scan in 'F:\' <DATA>
F:\NeroExpress\Installation\Cab\1A8309D8.cab
[0] Archive type: CAB (Microsoft)
--> msvcp71346249B2.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'D:\' <ACERDATA>


End of the scan: samedi 1 août 2009 00:25
Used time: 15:35 Minute(s)

The scan has been done completely.

757 Scanning directories
147387 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
147387 Files not concerned
1400 Archives were scanned
1 Warnings
0 Notes
0

Discussions similaires

Infection ?
Tomy -
MisteryBean -

10 réponses
suppose une infection
Shiva_0119 -
bazfile -

7 réponses
Infection d'une URL.blacklist
marina41 -
Malekal_morte- -

6 réponses
Infection ou pas ???
karissia -
helpcenter -

1 réponse
infection ou pas?
jpn1000 -
mcvivien2 -

5 réponses