Sujet Précédent Sujet Suivant

J ai choper un virus sur facebook

Résolu/Fermé
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011 - 5 oct. 2011 à 22:20
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011 - 12 oct. 2011 à 15:27
Bonjour,




Salut à tous,

depuis que jai choper ce virus sur facebook qui a pirater mon compte fb que j ai ete obliger de supprimer. sur mon ordi les probleme ce succede fenetre intempestive qui s'ouvre toute seule page internete constament rediriger et deconexion soudaine quand je surf. Mon par feu est desactiver impossible de le reactiver sa m affiche un code erreur 0x8007042c mon windows deffender et aussi desactiver et lorsque j essaie de l activer cela m affiche le meme code erreur !!!J ai essayer ccleaner,malwarebyte anti malware,vundofix sans succes malwarebyte ma trouver un trentaine d infection que j ai supprimer mais les probleme persite je compte sur votre aide pour trouver une solution car mon niveau en informatique est très faible merci d'avance et bonne soirer a vous
A voir également:

76 réponses

Précédent
Réponse 21 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
7 oct. 2011 à 00:19
bizarre ...

y'a rien sur OTL.

Essaye de télécharger zhpdiag de là : ftp://zebulon.fr/ZHPDiag2.exe
0
Réponse 22 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
7 oct. 2011 à 06:05
non je n arive toujour pas a le telecharger mon ordi va un peu mieux je surf plus rapidement mais je n arive toujour pas a activer le par feu et windows defender... il i a toujoure des fenetre intenpestive mais beaucoup moins et je suis toujour rediriger lorsque je surf mais sa aussi sa ses calmer un peu
0
Réponse 23 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
7 oct. 2011 à 07:48
▶ Télécharge Reload_TDSSKiller

▶ Lance le

choisis : lancer le nettoyage

l'outil va automatiquement télécharger la derniere version puis

TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image

Si TDSS.tdl2 est détecté: l'option delete sera cochée par défaut.
Si TDSS.tdl3 est détecté: assure toi que Cure est bien cochée.
Si TDSS.tdl4(\HardDisk0\MBR) est détecté: assure toi que Cure est bien cochée.
Si Rootkit.Win32.ZAccess.* est détecté : règle sur "cure" en haut , et "delete" en bas
Si Suspicious file est indiqué, laisse l''option cochée sur Skip
une fois qu'il a terminé , redémarre s'il te le demande pour finir de nettoyer

sinon , ferme TDSSKiller et le rapport s'affichera sur le bureau

▶ Copie/Colle son contenu dans ta prochaine réponse.
0
Réponse 24 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
7 oct. 2011 à 14:25
14:20:35.0623 3532 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
14:20:35.0810 3532 ============================================================
14:20:35.0810 3532 Current date / time: 2011/10/07 14:20:35.0810
14:20:35.0810 3532 SystemInfo:
14:20:35.0810 3532
14:20:35.0810 3532 OS Version: 6.1.7600 ServicePack: 0.0
14:20:35.0810 3532 Product type: Workstation
14:20:35.0810 3532 ComputerName: LISA-PC
14:20:35.0810 3532 UserName: Lisa
14:20:35.0810 3532 Windows directory: C:\Windows
14:20:35.0810 3532 System windows directory: C:\Windows
14:20:35.0810 3532 Running under WOW64
14:20:35.0810 3532 Processor architecture: Intel x64
14:20:35.0810 3532 Number of processors: 2
14:20:35.0810 3532 Page size: 0x1000
14:20:35.0810 3532 Boot type: Normal boot
14:20:35.0810 3532 ============================================================
14:20:36.0262 3532 Initialize success
14:20:51.0816 3908 ============================================================
14:20:51.0816 3908 Scan started
14:20:51.0816 3908 Mode: Manual;
14:20:51.0816 3908 ============================================================
14:20:52.0362 3908 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:20:52.0362 3908 1394ohci - ok
14:20:52.0393 3908 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:20:52.0393 3908 ACPI - ok
14:20:52.0424 3908 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:20:52.0424 3908 AcpiPmi - ok
14:20:52.0564 3908 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:20:52.0564 3908 adp94xx - ok
14:20:52.0674 3908 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:20:52.0689 3908 adpahci - ok
14:20:52.0705 3908 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:20:52.0705 3908 adpu320 - ok
14:20:52.0798 3908 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:20:52.0798 3908 AFD - ok
14:20:52.0876 3908 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:20:52.0892 3908 agp440 - ok
14:20:52.0986 3908 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:20:52.0986 3908 aliide - ok
14:20:53.0017 3908 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:20:53.0017 3908 amdide - ok
14:20:53.0048 3908 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:20:53.0048 3908 AmdK8 - ok
14:20:53.0064 3908 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:20:53.0064 3908 AmdPPM - ok
14:20:53.0188 3908 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:20:53.0188 3908 amdsata - ok
14:20:53.0251 3908 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:20:53.0251 3908 amdsbs - ok
14:20:53.0376 3908 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:20:53.0376 3908 amdxata - ok
14:20:53.0422 3908 ApfiltrService (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
14:20:53.0422 3908 ApfiltrService - ok
14:20:53.0532 3908 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:20:53.0532 3908 AppID - ok
14:20:53.0688 3908 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:20:53.0703 3908 arc - ok
14:20:53.0734 3908 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:20:53.0750 3908 arcsas - ok
14:20:53.0797 3908 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:20:53.0797 3908 AsyncMac - ok
14:20:53.0875 3908 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:20:53.0890 3908 atapi - ok
14:20:53.0968 3908 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
14:20:53.0984 3908 athr - ok
14:20:54.0109 3908 aymxxmup - ok
14:20:54.0171 3908 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:20:54.0171 3908 b06bdrv - ok
14:20:54.0280 3908 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:20:54.0296 3908 b57nd60a - ok
14:20:54.0374 3908 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
14:20:54.0390 3908 BCM43XX - ok
14:20:54.0483 3908 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:20:54.0483 3908 Beep - ok
14:20:54.0514 3908 bezsanoj - ok
14:20:54.0733 3908 BHDrvx64 (4d7f8401eae7eaa4ef702fa6f4153269) C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys
14:20:54.0733 3908 BHDrvx64 - ok
14:20:54.0842 3908 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:20:54.0842 3908 blbdrive - ok
14:20:54.0936 3908 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:20:54.0936 3908 bowser - ok
14:20:55.0029 3908 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:20:55.0029 3908 BrFiltLo - ok
14:20:55.0060 3908 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:20:55.0060 3908 BrFiltUp - ok
14:20:55.0123 3908 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:20:55.0138 3908 Brserid - ok
14:20:55.0154 3908 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:20:55.0154 3908 BrSerWdm - ok
14:20:55.0248 3908 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:20:55.0263 3908 BrUsbMdm - ok
14:20:55.0279 3908 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:20:55.0279 3908 BrUsbSer - ok
14:20:55.0341 3908 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:20:55.0357 3908 BTHMODEM - ok
14:20:55.0497 3908 ccHP (1b79efc84b924a6932bb9d2a549de5c9) C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys
14:20:55.0497 3908 ccHP - ok
14:20:55.0591 3908 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:20:55.0606 3908 cdfs - ok
14:20:55.0653 3908 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:20:55.0653 3908 cdrom - ok
14:20:55.0747 3908 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:20:55.0747 3908 circlass - ok
14:20:55.0794 3908 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:20:55.0809 3908 CLFS - ok
14:20:55.0934 3908 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:20:55.0950 3908 CmBatt - ok
14:20:55.0965 3908 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:20:55.0965 3908 cmdide - ok
14:20:55.0996 3908 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
14:20:56.0012 3908 CNG - ok
14:20:56.0121 3908 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
14:20:56.0121 3908 CnxtHdAudService - ok
14:20:56.0199 3908 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:20:56.0199 3908 Compbatt - ok
14:20:56.0246 3908 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:20:56.0246 3908 CompositeBus - ok
14:20:56.0324 3908 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:20:56.0324 3908 crcdisk - ok
14:20:56.0418 3908 csifvqmb - ok
14:20:56.0433 3908 ctxddxqn - ok
14:20:56.0449 3908 dciqsihg - ok
14:20:56.0589 3908 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:20:56.0589 3908 DfsC - ok
14:20:56.0683 3908 dgderdrv (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
14:20:56.0683 3908 dgderdrv - ok
14:20:56.0730 3908 dijxivil - ok
14:20:56.0776 3908 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:20:56.0776 3908 discache - ok
14:20:56.0808 3908 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:20:56.0808 3908 Disk - ok
14:20:56.0823 3908 DKbFltr - ok
14:20:56.0932 3908 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:20:56.0932 3908 drmkaud - ok
14:20:56.0995 3908 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:20:57.0010 3908 DXGKrnl - ok
14:20:57.0151 3908 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:20:57.0229 3908 ebdrv - ok
14:20:57.0354 3908 eeCtrl (8ecb5d35f400706016931bd25ae1b554) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:20:57.0354 3908 eeCtrl - ok
14:20:57.0478 3908 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:20:57.0494 3908 elxstor - ok
14:20:57.0619 3908 EraserUtilRebootDrv (8adb1fab20d285088ceb1215f5d22080) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:20:57.0619 3908 EraserUtilRebootDrv - ok
14:20:57.0681 3908 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:20:57.0681 3908 ErrDev - ok
14:20:57.0712 3908 excxwqxu - ok
14:20:57.0744 3908 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:20:57.0744 3908 exfat - ok
14:20:57.0822 3908 ezohrrnb - ok
14:20:57.0868 3908 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:20:57.0868 3908 fastfat - ok
14:20:57.0962 3908 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:20:57.0962 3908 fdc - ok
14:20:58.0009 3908 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:20:58.0009 3908 FileInfo - ok
14:20:58.0087 3908 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:20:58.0087 3908 Filetrace - ok
14:20:58.0196 3908 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:20:58.0196 3908 flpydisk - ok
14:20:58.0243 3908 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:20:58.0243 3908 FltMgr - ok
14:20:58.0336 3908 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:20:58.0336 3908 FsDepends - ok
14:20:58.0352 3908 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:20:58.0352 3908 Fs_Rec - ok
14:20:58.0477 3908 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:20:58.0477 3908 fvevol - ok
14:20:58.0492 3908 fyopmjcu - ok
14:20:58.0539 3908 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:20:58.0539 3908 gagp30kx - ok
14:20:58.0648 3908 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:20:58.0648 3908 GEARAspiWDM - ok
14:20:58.0680 3908 hctsalog - ok
14:20:58.0758 3908 hcuvnluj - ok
14:20:58.0789 3908 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:20:58.0789 3908 hcw85cir - ok
14:20:58.0820 3908 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:20:58.0836 3908 HdAudAddService - ok
14:20:58.0914 3908 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:20:58.0929 3908 HDAudBus - ok
14:20:58.0945 3908 hdayhfhn - ok
14:20:58.0976 3908 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:20:58.0976 3908 HidBatt - ok
14:20:59.0054 3908 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:20:59.0054 3908 HidBth - ok
14:20:59.0070 3908 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:20:59.0070 3908 HidIr - ok
14:20:59.0194 3908 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:20:59.0194 3908 HidUsb - ok
14:20:59.0241 3908 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:20:59.0241 3908 HpSAMD - ok
14:20:59.0304 3908 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:20:59.0319 3908 HTTP - ok
14:20:59.0366 3908 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:20:59.0366 3908 hwpolicy - ok
14:20:59.0491 3908 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:20:59.0491 3908 i8042prt - ok
14:20:59.0569 3908 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
14:20:59.0569 3908 iaStor - ok
14:20:59.0647 3908 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:20:59.0647 3908 iaStorV - ok
14:20:59.0740 3908 IDSVia64 - ok
14:21:00.0037 3908 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
14:21:00.0255 3908 igfx - ok
14:21:00.0349 3908 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:21:00.0349 3908 iirsp - ok
14:21:00.0442 3908 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
14:21:00.0442 3908 IntcHdmiAddService - ok
14:21:00.0489 3908 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:21:00.0489 3908 intelide - ok
14:21:00.0536 3908 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:21:00.0536 3908 intelppm - ok
14:21:00.0567 3908 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:21:00.0567 3908 IpFilterDriver - ok
14:21:00.0614 3908 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:21:00.0614 3908 IPMIDRV - ok
14:21:00.0661 3908 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:21:00.0661 3908 IPNAT - ok
14:21:00.0739 3908 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:21:00.0739 3908 IRENUM - ok
14:21:00.0801 3908 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:21:00.0801 3908 isapnp - ok
14:21:00.0832 3908 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:21:00.0832 3908 iScsiPrt - ok
14:21:00.0942 3908 jclrdktk - ok
14:21:00.0973 3908 jordkvso - ok
14:21:01.0020 3908 k57nd60a (249ee2d26cb1530f3bede0ac8b9e3099) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:21:01.0020 3908 k57nd60a - ok
14:21:01.0113 3908 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:21:01.0113 3908 kbdclass - ok
14:21:01.0129 3908 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:21:01.0129 3908 kbdhid - ok
14:21:01.0222 3908 kodklbsx - ok
14:21:01.0254 3908 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
14:21:01.0254 3908 KSecDD - ok
14:21:01.0300 3908 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
14:21:01.0316 3908 KSecPkg - ok
14:21:01.0410 3908 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:21:01.0410 3908 ksthunk - ok
14:21:01.0519 3908 L1E (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
14:21:01.0519 3908 L1E - ok
14:21:01.0566 3908 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:21:01.0566 3908 lltdio - ok
14:21:01.0690 3908 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:21:01.0690 3908 LSI_FC - ok
14:21:01.0706 3908 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:21:01.0706 3908 LSI_SAS - ok
14:21:01.0722 3908 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:21:01.0722 3908 LSI_SAS2 - ok
14:21:01.0831 3908 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:21:01.0831 3908 LSI_SCSI - ok
14:21:01.0878 3908 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:21:01.0878 3908 luafv - ok
14:21:01.0956 3908 luxbslfu - ok
14:21:01.0987 3908 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:21:01.0987 3908 megasas - ok
14:21:02.0034 3908 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:21:02.0034 3908 MegaSR - ok
14:21:02.0127 3908 mnnfggzm - ok
14:21:02.0158 3908 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:21:02.0158 3908 Modem - ok
14:21:02.0190 3908 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:21:02.0190 3908 monitor - ok
14:21:02.0283 3908 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:21:02.0283 3908 mouclass - ok
14:21:02.0392 3908 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:21:02.0392 3908 mouhid - ok
14:21:02.0424 3908 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:21:02.0424 3908 mountmgr - ok
14:21:02.0455 3908 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:21:02.0455 3908 mpio - ok
14:21:02.0548 3908 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:21:02.0548 3908 mpsdrv - ok
14:21:02.0580 3908 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:21:02.0580 3908 MRxDAV - ok
14:21:02.0626 3908 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:21:02.0626 3908 mrxsmb - ok
14:21:02.0736 3908 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:21:02.0736 3908 mrxsmb10 - ok
14:21:02.0767 3908 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:21:02.0767 3908 mrxsmb20 - ok
14:21:02.0798 3908 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:21:02.0798 3908 msahci - ok
14:21:02.0892 3908 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:21:02.0892 3908 msdsm - ok
14:21:02.0938 3908 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:21:02.0938 3908 Msfs - ok
14:21:03.0032 3908 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:21:03.0032 3908 mshidkmdf - ok
14:21:03.0048 3908 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:21:03.0048 3908 msisadrv - ok
14:21:03.0141 3908 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:21:03.0141 3908 MSKSSRV - ok
14:21:03.0157 3908 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:21:03.0157 3908 MSPCLOCK - ok
14:21:03.0188 3908 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:21:03.0188 3908 MSPQM - ok
14:21:03.0219 3908 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:21:03.0219 3908 MsRPC - ok
14:21:03.0313 3908 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:21:03.0313 3908 mssmbios - ok
14:21:03.0328 3908 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:21:03.0328 3908 MSTEE - ok
14:21:03.0360 3908 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:21:03.0360 3908 MTConfig - ok
14:21:03.0438 3908 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:21:03.0453 3908 Mup - ok
14:21:03.0469 3908 mzrvdwzf - ok
14:21:03.0562 3908 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:21:03.0578 3908 NativeWifiP - ok
14:21:03.0656 3908 NAVENG - ok
14:21:03.0656 3908 NAVEX15 - ok
14:21:03.0718 3908 nbyhbrke - ok
14:21:03.0828 3908 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:21:03.0828 3908 NDIS - ok
14:21:03.0906 3908 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:21:03.0906 3908 NdisCap - ok
14:21:03.0952 3908 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:21:03.0952 3908 NdisTapi - ok
14:21:04.0030 3908 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:21:04.0030 3908 Ndisuio - ok
14:21:04.0077 3908 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:21:04.0077 3908 NdisWan - ok
14:21:04.0155 3908 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:21:04.0155 3908 NDProxy - ok
14:21:04.0264 3908 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:21:04.0264 3908 NetBIOS - ok
14:21:04.0296 3908 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:21:04.0296 3908 NetBT - ok
14:21:04.0592 3908 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
14:21:04.0701 3908 netw5v64 - ok
14:21:04.0795 3908 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:21:04.0795 3908 nfrd960 - ok
14:21:04.0826 3908 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:21:04.0826 3908 Npfs - ok
14:21:04.0888 3908 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:21:04.0888 3908 nsiproxy - ok
14:21:04.0982 3908 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:21:04.0998 3908 Ntfs - ok
14:21:05.0107 3908 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
14:21:05.0107 3908 NTIDrvr - ok
14:21:05.0122 3908 ntnubkpj - ok
14:21:05.0138 3908 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:21:05.0138 3908 Null - ok
14:21:05.0247 3908 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:21:05.0247 3908 nvraid - ok
14:21:05.0278 3908 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:21:05.0294 3908 nvstor - ok
14:21:05.0325 3908 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:21:05.0325 3908 nv_agp - ok
14:21:05.0434 3908 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:21:05.0434 3908 ohci1394 - ok
14:21:05.0497 3908 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:21:05.0497 3908 Parport - ok
14:21:05.0590 3908 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:21:05.0590 3908 partmgr - ok
14:21:05.0622 3908 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:21:05.0622 3908 pci - ok
14:21:05.0653 3908 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:21:05.0653 3908 pciide - ok
14:21:05.0746 3908 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:21:05.0746 3908 pcmcia - ok
14:21:05.0778 3908 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:21:05.0778 3908 pcw - ok
14:21:05.0809 3908 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:21:05.0824 3908 PEAUTH - ok
14:21:05.0965 3908 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:21:05.0980 3908 PptpMiniport - ok
14:21:05.0996 3908 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:21:05.0996 3908 Processor - ok
14:21:06.0121 3908 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:21:06.0121 3908 Psched - ok
14:21:06.0168 3908 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
14:21:06.0168 3908 PxHlpa64 - ok
14:21:06.0246 3908 qgrydpfv - ok
14:21:06.0261 3908 qkgdubnp - ok
14:21:06.0339 3908 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:21:06.0355 3908 ql2300 - ok
14:21:06.0464 3908 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:21:06.0464 3908 ql40xx - ok
14:21:06.0495 3908 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:21:06.0495 3908 QWAVEdrv - ok
14:21:06.0589 3908 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:21:06.0589 3908 RasAcd - ok
14:21:06.0636 3908 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:21:06.0636 3908 RasAgileVpn - ok
14:21:06.0714 3908 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:21:06.0714 3908 Rasl2tp - ok
14:21:06.0760 3908 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:21:06.0760 3908 RasPppoe - ok
14:21:06.0854 3908 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:21:06.0854 3908 RasSstp - ok
14:21:06.0885 3908 rdbsifcx - ok
14:21:06.0916 3908 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:21:06.0932 3908 rdbss - ok
14:21:07.0026 3908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:21:07.0026 3908 rdpbus - ok
14:21:07.0057 3908 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:21:07.0057 3908 RDPCDD - ok
14:21:07.0166 3908 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:21:07.0166 3908 RDPENCDD - ok
14:21:07.0197 3908 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:21:07.0197 3908 RDPREFMP - ok
14:21:07.0228 3908 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:21:07.0244 3908 RDPWD - ok
14:21:07.0338 3908 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:21:07.0353 3908 rdyboost - ok
14:21:07.0431 3908 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:21:07.0431 3908 RimUsb - ok
14:21:07.0572 3908 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
14:21:07.0572 3908 RimVSerPort - ok
14:21:07.0603 3908 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
14:21:07.0603 3908 ROOTMODEM - ok
14:21:07.0728 3908 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:21:07.0728 3908 rspndr - ok
14:21:07.0774 3908 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
14:21:07.0774 3908 RSUSBSTOR - ok
14:21:07.0852 3908 RtsUIR - ok
14:21:07.0868 3908 rznbkyey - ok
14:21:07.0915 3908 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:21:07.0915 3908 sbp2port - ok
14:21:07.0930 3908 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:21:07.0930 3908 scfilter - ok
14:21:08.0055 3908 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:21:08.0055 3908 secdrv - ok
14:21:08.0102 3908 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:21:08.0102 3908 Serenum - ok
14:21:08.0196 3908 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:21:08.0211 3908 Serial - ok
14:21:08.0227 3908 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:21:08.0227 3908 sermouse - ok
14:21:08.0258 3908 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:21:08.0258 3908 sffdisk - ok
14:21:08.0336 3908 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:21:08.0336 3908 sffp_mmc - ok
14:21:08.0352 3908 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:21:08.0352 3908 sffp_sd - ok
14:21:08.0367 3908 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:21:08.0367 3908 sfloppy - ok
14:21:08.0461 3908 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:21:08.0461 3908 SiSRaid2 - ok
14:21:08.0492 3908 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:21:08.0492 3908 SiSRaid4 - ok
14:21:08.0508 3908 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:21:08.0508 3908 Smb - ok
14:21:08.0601 3908 smtjzfrn - ok
14:21:08.0648 3908 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:21:08.0648 3908 spldr - ok
14:21:08.0742 3908 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS
14:21:08.0757 3908 SRTSP - ok
14:21:08.0898 3908 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS
14:21:08.0898 3908 SRTSPX - ok
14:21:08.0960 3908 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:21:08.0960 3908 srv - ok
14:21:09.0069 3908 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:21:09.0069 3908 srv2 - ok
14:21:09.0116 3908 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
14:21:09.0132 3908 SrvHsfHDA - ok
14:21:09.0241 3908 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
14:21:09.0272 3908 SrvHsfV92 - ok
14:21:09.0381 3908 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
14:21:09.0397 3908 SrvHsfWinac - ok
14:21:09.0490 3908 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:21:09.0506 3908 srvnet - ok
14:21:09.0553 3908 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
14:21:09.0553 3908 ssadbus - ok
14:21:09.0662 3908 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
14:21:09.0662 3908 ssadmdfl - ok
14:21:09.0709 3908 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
14:21:09.0709 3908 ssadmdm - ok
14:21:09.0802 3908 sscdbus (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
14:21:09.0818 3908 sscdbus - ok
14:21:09.0849 3908 sscdmdfl (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
14:21:09.0849 3908 sscdmdfl - ok
14:21:09.0943 3908 sscdmdm (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
14:21:09.0943 3908 sscdmdm - ok
14:21:10.0005 3908 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:21:10.0005 3908 stexstor - ok
14:21:10.0083 3908 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:21:10.0083 3908 swenum - ok
14:21:10.0224 3908 SymEFA (4f87bb5389a93778ebc363b28271a65b) C:\Windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS
14:21:10.0224 3908 SymEFA - ok
14:21:10.0302 3908 SymEvent (7e4d281982e19abd06728c7ee9ac40a8) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:21:10.0302 3908 SymEvent - ok
14:21:10.0473 3908 SYMFW (6320bf296b62d324890866a13a296fc0) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS
14:21:10.0473 3908 SYMFW - ok
14:21:10.0504 3908 SymIM (212bbf5a964513980d5de9397381534f) C:\Windows\system32\DRIVERS\SymIMv.sys
14:21:10.0504 3908 SymIM - ok
14:21:10.0645 3908 SYMNDISV (21dcc664a1e0af7bf4c8aded8c9ff9d5) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS
14:21:10.0645 3908 SYMNDISV - ok
14:21:10.0707 3908 SYMTDI (56a1cb71b8bb7ba9c41d2c9706df43cd) C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS
14:21:10.0723 3908 SYMTDI - ok
14:21:10.0879 3908 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\drivers\tcpip.sys
14:21:10.0910 3908 Tcpip - ok
14:21:11.0082 3908 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\Windows\system32\DRIVERS\tcpip.sys
14:21:11.0097 3908 TCPIP6 - ok
14:21:11.0175 3908 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:21:11.0175 3908 tcpipreg - ok
14:21:11.0206 3908 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:21:11.0206 3908 TDPIPE - ok
14:21:11.0222 3908 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:21:11.0222 3908 TDTCP - ok
14:21:11.0284 3908 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:21:11.0284 3908 tdx - ok
14:21:11.0347 3908 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:21:11.0347 3908 TermDD - ok
14:21:11.0456 3908 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
14:21:11.0472 3908 TFsExDisk - ok
14:21:11.0534 3908 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:21:11.0534 3908 tssecsrv - ok
14:21:11.0628 3908 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:21:11.0628 3908 tunnel - ok
14:21:11.0659 3908 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:21:11.0659 3908 uagp35 - ok
14:21:11.0690 3908 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
14:21:11.0706 3908 UBHelper - ok
14:21:11.0799 3908 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:21:11.0815 3908 udfs - ok
14:21:11.0846 3908 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:21:11.0846 3908 uliagpkx - ok
14:21:11.0893 3908 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:21:11.0893 3908 umbus - ok
14:21:11.0940 3908 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:21:11.0940 3908 UmPass - ok
14:21:12.0033 3908 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
14:21:12.0033 3908 USBAAPL64 - ok
14:21:12.0111 3908 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:21:12.0111 3908 usbccgp - ok
14:21:12.0111 3908 USBCCID - ok
14:21:12.0189 3908 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:21:12.0189 3908 usbcir - ok
14:21:12.0267 3908 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
14:21:12.0267 3908 usbehci - ok
14:21:12.0345 3908 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:21:12.0345 3908 usbhub - ok
14:21:12.0423 3908 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:21:12.0423 3908 usbohci - ok
14:21:12.0501 3908 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:21:12.0501 3908 usbprint - ok
14:21:12.0595 3908 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:21:12.0610 3908 usbscan - ok
14:21:12.0688 3908 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:21:12.0688 3908 USBSTOR - ok
14:21:12.0735 3908 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:21:12.0735 3908 usbuhci - ok
14:21:12.0829 3908 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
14:21:12.0829 3908 usbvideo - ok
14:21:12.0922 3908 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:21:12.0922 3908 vdrvroot - ok
14:21:12.0969 3908 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:21:12.0985 3908 vga - ok
14:21:13.0047 3908 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:21:13.0047 3908 VgaSave - ok
14:21:13.0110 3908 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:21:13.0110 3908 vhdmp - ok
14:21:13.0188 3908 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:21:13.0188 3908 viaide - ok
14:21:13.0234 3908 vipnytye - ok
14:21:13.0312 3908 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:21:13.0312 3908 volmgr - ok
14:21:13.0344 3908 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:21:13.0344 3908 volmgrx - ok
14:21:13.0375 3908 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:21:13.0375 3908 volsnap - ok
14:21:13.0422 3908 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:21:13.0437 3908 vsmraid - ok
14:21:13.0515 3908 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
14:21:13.0515 3908 vwifibus - ok
14:21:13.0531 3908 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
14:21:13.0531 3908 vwififlt - ok
14:21:13.0593 3908 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
14:21:13.0609 3908 vwifimp - ok
14:21:13.0671 3908 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:21:13.0671 3908 WacomPen - ok
14:21:13.0687 3908 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:13.0687 3908 WANARP - ok
14:21:13.0702 3908 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:21:13.0702 3908 Wanarpv6 - ok
14:21:13.0812 3908 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:21:13.0812 3908 Wd - ok
14:21:13.0874 3908 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:21:13.0890 3908 Wdf01000 - ok
14:21:13.0999 3908 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:21:13.0999 3908 WfpLwf - ok
14:21:14.0014 3908 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:21:14.0014 3908 WIMMount - ok
14:21:14.0186 3908 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
14:21:14.0186 3908 WinUsb - ok
14:21:14.0233 3908 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:21:14.0233 3908 WmiAcpi - ok
14:21:14.0358 3908 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:21:14.0358 3908 ws2ifsl - ok
14:21:14.0389 3908 wsroveqn - ok
14:21:14.0420 3908 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:21:14.0420 3908 WudfPf - ok
14:21:14.0529 3908 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:21:14.0545 3908 WUDFRd - ok
14:21:14.0576 3908 xbcmrtws - ok
14:21:14.0592 3908 xeyaofwz - ok
14:21:14.0607 3908 yhmuwxqe - ok
14:21:14.0685 3908 zifvtszj - ok
14:21:14.0716 3908 zqzrthao - ok
14:21:14.0748 3908 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:21:14.0763 3908 \Device\Harddisk0\DR0 - ok
14:21:14.0779 3908 Boot (0x1200) (867503342184678cd8707e38d3e00214) \Device\Harddisk0\DR0\Partition0
14:21:14.0779 3908 \Device\Harddisk0\DR0\Partition0 - ok
14:21:14.0779 3908 Boot (0x1200) (2d3a316a5dd3e761ea7a3f45d84fc0ab) \Device\Harddisk0\DR0\Partition1
14:21:14.0794 3908 \Device\Harddisk0\DR0\Partition1 - ok
14:21:14.0794 3908 ============================================================
14:21:14.0794 3908 Scan finished
14:21:14.0794 3908 ============================================================
14:21:14.0810 4400 Detected object count: 0
14:21:14.0810 4400 Actual detected object count: 0
14:22:34.0214 1228 Deinitialize success
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
7 oct. 2011 à 14:26
il n a rien trouver aparament !!
tu pense que ma machine est beaucoup infecter ???
0
Réponse 26 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
7 oct. 2011 à 20:56
Hmmmm....


Ben le fait que zhpdiag soit bloqué j'aime pas ...

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEREUX /!\

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

▶ Télécharge Defogger (de jpshortstuff) sur ton Bureau
▶ Lance le
▶ Une fenêtre apparait : clique sur "Disable"
▶ Fais redémarrer l''ordinateur si l''outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"
_______________________________________________________________

/!\ IMPORTANT /!\
Désactive ton Antivirus, antispyware et Pare feu avant le scan avec Combofix :
Protections résidentes : https://forum.pcastuces.com/default.asp
et https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
~~
Pare feu Windows XP : http://support.microsoft.com/kb/283673/fr
Pare feu Windows Vista/7 : https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
~~
Windows Defender : https://support.microsoft.com/en-us/windows?ui=en-US&rs=en-001&ad=US
_______________________________________________________________

▶ Fais un clic droit sur le lien ci dessous, choisi "Enregistrer la cible du lien sous", comme destination : ton Bureau, change son nom (ton_pseudo.exe par exemple) :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

▶ Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

▶ ▶ SI TU ES SOUS WINDOWS XP, SURTOUT INSTALLES LA CONSOLE DE RÉCUPÉRATION [Si tu travailles avec Vista ou seven ne tiens pas compte de cet avertissement]
▶ ▶ Ne touche à rien (souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

▶ En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
▶ Une fois le scan achevé, un rapport va s''afficher : Poste son contenu
▶ ▶ /!\ Réactive la protection en temps réel de ton antivirus avant de te reconnecter à Internet. /!\

Notes:
-> Le rapport se trouve également là : C:\ComboFix.txt
-> tutoriel combofix
0
Réponse 27 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
7 oct. 2011 à 21:44
ComboFix 11-10-07.04 - Lisa 07/10/2011 21:25:07.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4025.2930 [GMT 2:00]
Lancé depuis: c:\users\Lisa\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\google\common\google updater\googleupdaterservice.exe
c:\programdata\FullRemove.exe
c:\programdata\ntuser.dat
c:\users\Lisa\AppData\Roaming\.#
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer.rar
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\System64
c:\windows\SysWow64\comct332.ocx
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-09-07 au 2011-10-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-10-07 19:34 . 2011-10-07 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-06 18:43 . 2011-10-06 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-06 18:01 . 2011-10-06 18:01 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-10-05 16:30 . 2011-10-05 16:30 -------- d-----w- C:\VundoFix Backups
2011-10-05 16:13 . 2011-10-05 16:13 -------- d-----w- c:\users\Lisa\AppData\Local\ElevatedDiagnostics
2011-10-02 02:58 . 2011-10-06 19:46 -------- d-----w- c:\users\Lisa\AppData\Roaming\Zuus
2011-10-02 02:58 . 2011-10-06 17:10 -------- d-----w- c:\users\Lisa\AppData\Roaming\Bitiak
2011-09-26 12:02 . 2011-09-26 12:02 -------- d--h--w- c:\programdata\CanonBJ
2011-09-26 12:02 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-09-24 16:13 . 2011-09-24 16:13 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-09-24 16:13 . 2011-09-24 16:17 -------- d-----w- c:\users\Lisa\AppData\Local\NPE
2011-09-24 15:41 . 2011-09-25 02:27 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-09-24 15:39 . 2011-09-24 16:13 -------- d-----w- c:\programdata\Norton
2011-09-24 15:39 . 2011-09-24 15:39 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-09-10 23:39 . 2011-09-10 23:39 -------- d-----w- c:\users\Lisa\AppData\Local\Apps
2011-09-10 23:39 . 2011-09-10 23:39 -------- d-----w- c:\users\Lisa\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 15:00 . 2010-10-13 13:54 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 22:32 . 2011-08-22 22:13 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 05:35 . 2011-08-11 18:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-11 18:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26 . 2011-08-11 18:31 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-11 18:31 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-11 18:31 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-11 18:31 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-11 18:31 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-11 18:31 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-11 18:31 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-11 18:31 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-11 18:31 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-11 18:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-11 18:31 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-11 18:31 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-11 18:31 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-11 18:31 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-11 18:31 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-11 18:31 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-11 18:31 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files (x86)\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Messenger_Plus_Live\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files (x86)\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-08-11 1507410]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DeskTask.lnk - c:\program files (x86)\DeskTask\DeskTask.exe [2010-2-14 1128960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100429.001\IDSvia64.sys [x]
R2 aymxxmup;aymxxmup; [x]
R2 bezsanoj;bezsanoj; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 csifvqmb;csifvqmb; [x]
R2 ctxddxqn;ctxddxqn; [x]
R2 dciqsihg;dciqsihg; [x]
R2 dijxivil;dijxivil; [x]
R2 excxwqxu;excxwqxu; [x]
R2 ezohrrnb;ezohrrnb; [x]
R2 fyopmjcu;fyopmjcu; [x]
R2 hctsalog;hctsalog; [x]
R2 hcuvnluj;hcuvnluj; [x]
R2 hdayhfhn;hdayhfhn; [x]
R2 jclrdktk;jclrdktk; [x]
R2 jordkvso;jordkvso; [x]
R2 kodklbsx;kodklbsx; [x]
R2 luxbslfu;luxbslfu; [x]
R2 mnnfggzm;mnnfggzm; [x]
R2 mzrvdwzf;mzrvdwzf; [x]
R2 nbyhbrke;nbyhbrke; [x]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
R2 ntnubkpj;ntnubkpj; [x]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
R2 qgrydpfv;qgrydpfv; [x]
R2 qkgdubnp;qkgdubnp; [x]
R2 rdbsifcx;rdbsifcx; [x]
R2 rznbkyey;rznbkyey; [x]
R2 smtjzfrn;smtjzfrn; [x]
R2 vipnytye;vipnytye; [x]
R2 wsroveqn;wsroveqn; [x]
R2 xbcmrtws;xbcmrtws; [x]
R2 xeyaofwz;xeyaofwz; [x]
R2 yhmuwxqe;yhmuwxqe; [x]
R2 zifvtszj;zifvtszj; [x]
R2 zqzrthao;zqzrthao; [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-06 132656]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022027075-1454751703-2702398426-1001Core.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 23:40]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022027075-1454751703-2702398426-1001UA.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 23:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"combofix"="c:\combofix\CF7105.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Toolbar-Locked - (no file)
WebBrowser-{9B339F6E-DDCD-401B-8764-230ADBD01761} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Heure de fin: 2011-10-07 21:41:43 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-10-07 19:41
.
Avant-CF: 213 278 400 512 octets libres
Après-CF: 212 809 371 648 octets libres
.
- - End Of File - - E9F26BF4913C6650ECFDAB5B7578208C
0
Réponse 28 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
7 oct. 2011 à 21:48
a la fin dde l analyse combifix pendant qu il fesais le rapport
une fenettre est aparu qui disai
c:\windoxs\system32\GHUL.exe
un peripherique attaché au systeme ne fonctionne pas correctement
0
Réponse 29 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
7 oct. 2011 à 23:45
Je me suis apercu que mon par feu s ete reactiver tout seul window defender est toujour desactiver par contre
j attend ta reponse pour s avoir si je peut aller sur deffoger pour fair Re-enable
0
Réponse 30 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
8 oct. 2011 à 10:28
salut,

oui tu peux retourner sur defogger.

Peux-tu réessayer ZHPDiag ?
0
Réponse 31 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
8 oct. 2011 à 14:08
jai reussi a le telecharger du premier coup t un geni :):)
voici le lien

https://pjjoint.malekal.com/files.php?id=ZHPDiag_m6j12w5o7x10m7g12o14h6p11d12x13r14s15c11i9l12h11n13m10
0
Réponse 32 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
8 oct. 2011 à 16:10
:)

▶ ▶ DÉSACTIVE TES PROTECTIONS DURANT LA PROCÉDURE

▶ ▶ SCRIPT PERSONNALISE A CET ORDINATEUR, NE PAS REPRODUIRE : DANGEREUX !!!!

▶ Créé un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 

KillAll::

Rootkit::
C:\Windows\SysWOW64\drivers\aymxxmup.sys     
C:\Windows\SysWOW64\drivers\bezsanoj.sys        
C:\Windows\SysWOW64\drivers\csifvqmb.sys       
C:\Windows\SysWOW64\drivers\ctxddxqn.sys        
C:\Windows\SysWOW64\drivers\dciqsihg.sys       
C:\Windows\SysWOW64\drivers\dijxivil.sys       
C:\Windows\SysWOW64\drivers\excxwqxu.sys      
C:\Windows\SysWOW64\drivers\ezohrrnb.sys       
C:\Windows\SysWOW64\drivers\fyopmjcu.sys     
C:\Windows\SysWOW64\drivers\hctsalog.sys     
C:\Windows\SysWOW64\drivers\hcuvnluj.sys   
C:\Windows\SysWOW64\drivers\hdayhfhn.sys    
C:\Windows\SysWOW64\drivers\jclrdktk.sys      
C:\Windows\SysWOW64\drivers\jordkvso.sys       
C:\Windows\SysWOW64\drivers\kodklbsx.sys        
C:\Windows\SysWOW64\drivers\luxbslfu.sys      
C:\Windows\SysWOW64\drivers\mnnfggzm.sys      
C:\Windows\SysWOW64\drivers\mzrvdwzf.sys      
C:\Windows\SysWOW64\drivers\nbyhbrke.sys        
C:\Windows\SysWOW64\drivers\ntnubkpj.sys   
C:\Windows\SysWOW64\drivers\qgrydpfv.sys       
C:\Windows\SysWOW64\drivers\qkgdubnp.sys   
C:\Windows\SysWOW64\drivers\rdbsifcx.sys     
C:\Windows\SysWOW64\drivers\rznbkyey.sys    
C:\Windows\SysWOW64\drivers\smtjzfrn.sys      
C:\Windows\SysWOW64\drivers\vipnytye.sys       
C:\Windows\SysWOW64\drivers\wsroveqn.sys      
C:\Windows\SysWOW64\drivers\xbcmrtws.sys        
C:\Windows\SysWOW64\drivers\xeyaofwz.sys     
C:\Windows\SysWOW64\drivers\yhmuwxqe.sys    
C:\Windows\SysWOW64\drivers\zifvtszj.sys     
C:\Windows\SysWOW64\drivers\zqzrthao.sys   

Driver::
aymxxmup       
bezsanoj  
csifvqmb       
ctxddxqn       
dciqsihg      
dijxivil      
excxwqxu      
ezohrrnb      
fyopmjcu      
hctsalog       
hcuvnluj     
hdayhfhn     
jclrdktk       
jordkvso   
kodklbsx      
luxbslfu     
mnnfggzm     
mzrvdwzf      
nbyhbrke      
ntnubkpj       
qgrydpfv    
qkgdubnp      
rdbsifcx       
rznbkyey       
smtjzfrn 
vipnytye      
wsroveqn      
xbcmrtws     
xeyaofwz       
yhmuwxqe   
zifvtszj    
zqzrthao


▶ Enregistre ce fichier sous le nom CFScript

▶ Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :http://i261.photobucket.com/albums/ii49/Malekal_morte/CFScript-2.gif

▶ Combofix se lance, laisse toi guider..

▶ Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

▶ Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 33 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
8 oct. 2011 à 21:00
ComboFix 11-10-07.04 - Lisa 08/10/2011 20:19:52.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4025.2900 [GMT 2:00]
Lancé depuis: c:\users\Lisa\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Lisa\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_aymxxmup
-------\Service_bezsanoj
-------\Service_csifvqmb
-------\Service_ctxddxqn
-------\Service_dciqsihg
-------\Service_dijxivil
-------\Service_excxwqxu
-------\Service_ezohrrnb
-------\Service_fyopmjcu
-------\Service_hctsalog
-------\Service_hcuvnluj
-------\Service_hdayhfhn
-------\Service_jclrdktk
-------\Service_jordkvso
-------\Service_kodklbsx
-------\Service_luxbslfu
-------\Service_mnnfggzm
-------\Service_mzrvdwzf
-------\Service_nbyhbrke
-------\Service_ntnubkpj
-------\Service_qgrydpfv
-------\Service_qkgdubnp
-------\Service_rdbsifcx
-------\Service_rznbkyey
-------\Service_smtjzfrn
-------\Service_vipnytye
-------\Service_wsroveqn
-------\Service_xbcmrtws
-------\Service_xeyaofwz
-------\Service_yhmuwxqe
-------\Service_zifvtszj
-------\Service_zqzrthao
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-09-08 au 2011-10-08 ))))))))))))))))))))))))))))))))))))
.
.
2011-10-08 18:48 . 2011-10-08 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-08 12:02 . 2011-10-08 12:02 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-10-08 12:00 . 2011-10-08 12:02 -------- d-----w- C:\ZHP
2011-10-08 11:59 . 2011-10-08 12:02 -------- d-----w- c:\program files (x86)\ZHPDiag
2011-10-06 18:43 . 2011-10-06 18:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-06 18:01 . 2011-10-06 18:01 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-10-05 16:30 . 2011-10-05 16:30 -------- d-----w- C:\VundoFix Backups
2011-10-05 16:13 . 2011-10-05 16:13 -------- d-----w- c:\users\Lisa\AppData\Local\ElevatedDiagnostics
2011-10-02 02:58 . 2011-10-06 19:46 -------- d-----w- c:\users\Lisa\AppData\Roaming\Zuus
2011-10-02 02:58 . 2011-10-06 17:10 -------- d-----w- c:\users\Lisa\AppData\Roaming\Bitiak
2011-09-26 12:02 . 2011-09-26 12:02 -------- d--h--w- c:\programdata\CanonBJ
2011-09-26 12:02 . 2009-07-14 01:40 84992 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP4.DLL
2011-09-24 16:13 . 2011-09-24 16:13 96376 ----a-w- c:\windows\system32\drivers\SMR210.SYS
2011-09-24 16:13 . 2011-09-24 16:17 -------- d-----w- c:\users\Lisa\AppData\Local\NPE
2011-09-24 15:41 . 2011-09-25 02:27 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-09-24 15:39 . 2011-09-24 16:13 -------- d-----w- c:\programdata\Norton
2011-09-24 15:39 . 2011-09-24 15:39 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-09-10 23:39 . 2011-09-10 23:39 -------- d-----w- c:\users\Lisa\AppData\Local\Apps
2011-09-10 23:39 . 2011-09-10 23:39 -------- d-----w- c:\users\Lisa\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 15:00 . 2010-10-13 13:54 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 22:32 . 2011-08-22 22:13 246272 ----a-w- c:\windows\unrar.exe
2011-07-22 05:35 . 2011-08-11 18:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 04:56 . 2011-08-11 18:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-20 07:46 . 2011-09-08 16:51 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2011-07-20 07:46 . 2011-09-08 16:51 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2011-07-20 07:46 . 2011-09-08 16:51 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2011-07-20 07:46 . 2011-09-08 16:51 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2011-07-20 07:46 . 2011-09-08 16:51 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2011-07-20 07:46 . 2011-09-08 16:51 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2011-07-20 07:46 . 2011-09-08 16:51 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2011-07-20 07:45 . 2011-09-08 16:51 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-07-20 07:45 . 2011-09-08 16:51 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-07-20 07:45 . 2011-09-08 16:51 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-07-20 07:45 . 2011-09-08 16:51 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-07-20 07:45 . 2011-09-08 16:51 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-07-20 07:45 . 2011-09-08 16:51 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-07-20 07:45 . 2011-09-08 16:51 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-07-16 05:26 . 2011-08-11 18:31 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:26 . 2011-08-11 18:31 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:26 . 2011-08-11 18:31 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:26 . 2011-08-11 18:31 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 05:24 . 2011-08-11 18:31 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:21 . 2011-08-11 18:31 422400 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:17 . 2011-08-11 18:31 338432 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 05:04 . 2011-08-11 18:31 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:04 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:36 . 2011-08-11 18:31 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32 . 2011-08-11 18:31 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:31 . 2011-08-11 18:31 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2011-07-16 04:30 . 2011-08-11 18:31 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2011-07-16 04:30 . 2011-08-11 18:31 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
2011-07-16 04:19 . 2011-08-11 18:31 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 04:19 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2011-07-16 02:26 . 2011-08-11 18:31 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2011-07-16 02:26 . 2011-08-11 18:31 2048 ----a-w- c:\windows\SysWow64\user.exe
2011-07-16 02:21 . 2011-08-11 18:31 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:31 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:31 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21 . 2011-08-11 18:31 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-07_19.36.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2011-10-08 18:52 49950 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-07 19:16 49950 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-06 22:23 . 2011-10-08 18:52 20042 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3022027075-1454751703-2702398426-1001_UserData.bin
- 2009-12-09 05:11 . 2011-10-07 19:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-09 05:11 . 2011-10-08 17:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-09 05:11 . 2011-10-07 19:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-09 05:11 . 2011-10-08 17:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-07 19:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-08 17:17 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-06 22:22 . 2011-10-07 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-06 22:22 . 2011-10-08 18:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-06 22:22 . 2011-10-08 18:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-06 22:22 . 2011-10-07 19:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-06 22:22 . 2011-10-07 19:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-06 22:22 . 2011-10-08 18:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-06 19:24 . 2011-10-08 18:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-06 19:24 . 2011-10-07 19:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-06 19:24 . 2011-10-07 19:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-06 19:24 . 2011-10-08 18:51 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-07 19:35 . 2011-10-07 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-08 18:49 . 2011-10-08 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-07 19:35 . 2011-10-07 19:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-08 18:49 . 2011-10-08 18:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-18 17:08 . 2011-10-08 11:42 249158 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2010-03-07 19:05 . 2011-10-07 12:17 296038 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-03-07 19:05 . 2011-10-08 18:17 296038 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 04:46 . 2011-10-08 12:00 116032 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2011-10-07 19:35 314664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-08 18:49 314664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-10-07 13:53 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-10-08 12:02 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files (x86)\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Messenger_Plus_Live\prxtbMes0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files (x86)\Messenger_Plus_Live\prxtbMes0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-08-11 1507410]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DeskTask.lnk - c:\program files (x86)\DeskTask\DeskTask.exe [2010-2-14 1128960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100429.001\IDSvia64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-03-06 132656]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1008000.029\SYMEFA64.SYS [x]
S1 BHDrvx64;Symantec Heuristics Driver;c:\windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys [x]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022027075-1454751703-2702398426-1001Core.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 23:40]
.
2011-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022027075-1454751703-2702398426-1001UA.job
- c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-10 23:40]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"combofix"="c:\combofix\CF14198.3XE" [2009-07-14 344576]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{9B339F6E-DDCD-401B-8764-230ADBD01761} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Heure de fin: 2011-10-08 20:56:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-10-08 18:56
ComboFix2.txt 2011-10-07 19:41
.
Avant-CF: 212 711 215 104 octets libres
Après-CF: 212 614 242 304 octets libres
.
- - End Of File - - FC12127C209B2D4A882177178984E572
0
Réponse 34 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
8 oct. 2011 à 21:04
l ordi a l air de bien fonctioner je nai pas trop ete sur internet mais rien que pour venir sur le forum s ete beaucoup plus rapide que d abitude le seul probleme qui persiste ses windows defender il est desactiver et quand je l active une fenettre s ouvre et me di qu il est bloquer par une strategi de groupe
0
Réponse 35 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
9 oct. 2011 à 01:06
Fais analyser le fichier suivant sur virustotal.com et colle le lien vers l analyse une fois qu'elle sera finie :


c:\windows\unrar.exe

~~

▶ Télécharger SystemLook à partir d''un des liens ci dessous sur ton Bureau.
Download Mirror
Download Mirror #2

▶ Double-click SystemLook.exe pour le lançer.
▶ Clic droit|copier le texte dans la balise code ci dessous ,et clic droit|coller dans le cadre blanc de SystemLook: 

  
:dir  
c:\users\Lisa\AppData\Roaming\Zuus /S /MD5
c:\users\Lisa\AppData\Roaming\Bitiak /S /MD5


▶ Click le bouton Look pour commencer le scan.
▶ Copie-colle dans ta prochaine réponse le rapport contenu du fichier texte qui s''affiche

▶ Note: Le rapport peut aussi être trouvé sur ton Bureau nommé SystemLook.tx
0
Réponse 36 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
9 oct. 2011 à 02:26
raport virustotal


MD5: 49710e363e4c247716508672f909d5ba
Date first seen: 2010-03-15 19:33:27 (UTC)
Date last seen: 2011-10-03 04:24:26 (UTC)
Detection ratio: 0/43
0
Réponse 37 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
9 oct. 2011 à 02:29
raport system look


SystemLook 30.07.11 by jpshortstuff
Log created at 02:27 on 09/10/2011 by Lisa
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

c:\users\Lisa\AppData\Roaming\Zuus - Parameters: "/S /MD5"

---Files---
None found.

No folders found.

c:\users\Lisa\AppData\Roaming\Bitiak - Parameters: "/S /MD5 "

---Files---
None found.

No folders found.

-= EOF =-
0
Réponse 38 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
9 oct. 2011 à 02:33
ok ça va.

refais un zhpdiag (rapport à héberger) pour voir ce qu'il reste à faire. :>
0
Réponse 39 / 76
TUCO1911 Messages postés 47 Date d'inscription mercredi 5 octobre 2011 Statut Membre Dernière intervention 12 octobre 2011
9 oct. 2011 à 02:46
raport zhpdiag


https://pjjoint.malekal.com/files.php?id=ZHPDiag_u14e5s15k15y5v129d10l13g14i11r12v6z12x12w12z11k7e13d12
0
Réponse 40 / 76
juju666 Messages postés 35446 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 21 avril 2024 4 796
9 oct. 2011 à 02:56
Désactive ton antivirus le temps de l'utilisation de l'outil car l'outil est détecté à tort comme infectieux

Télécharge ForceMove de Juju666

Exécute le.
Colle ça dans le fichier texte INSTRUCTIONS_SVP qui s'ouvre: 

C:\Windows\SysWOW64\drivers\aymxxmup.sys     
C:\Windows\SysWOW64\drivers\bezsanoj.sys        
C:\Windows\SysWOW64\drivers\csifvqmb.sys       
C:\Windows\SysWOW64\drivers\ctxddxqn.sys        
C:\Windows\SysWOW64\drivers\dciqsihg.sys       
C:\Windows\SysWOW64\drivers\dijxivil.sys       
C:\Windows\SysWOW64\drivers\excxwqxu.sys      
C:\Windows\SysWOW64\drivers\ezohrrnb.sys       
C:\Windows\SysWOW64\drivers\fyopmjcu.sys     
C:\Windows\SysWOW64\drivers\hctsalog.sys     
C:\Windows\SysWOW64\drivers\hcuvnluj.sys   
C:\Windows\SysWOW64\drivers\hdayhfhn.sys    
C:\Windows\SysWOW64\drivers\jclrdktk.sys      
C:\Windows\SysWOW64\drivers\jordkvso.sys       
C:\Windows\SysWOW64\drivers\kodklbsx.sys        
C:\Windows\SysWOW64\drivers\luxbslfu.sys      
C:\Windows\SysWOW64\drivers\mnnfggzm.sys      
C:\Windows\SysWOW64\drivers\mzrvdwzf.sys      
C:\Windows\SysWOW64\drivers\nbyhbrke.sys        
C:\Windows\SysWOW64\drivers\ntnubkpj.sys   
C:\Windows\SysWOW64\drivers\qgrydpfv.sys       
C:\Windows\SysWOW64\drivers\qkgdubnp.sys   
C:\Windows\SysWOW64\drivers\rdbsifcx.sys     
C:\Windows\SysWOW64\drivers\rznbkyey.sys    
C:\Windows\SysWOW64\drivers\smtjzfrn.sys      
C:\Windows\SysWOW64\drivers\vipnytye.sys       
C:\Windows\SysWOW64\drivers\wsroveqn.sys      
C:\Windows\SysWOW64\drivers\xbcmrtws.sys        
C:\Windows\SysWOW64\drivers\xeyaofwz.sys     
C:\Windows\SysWOW64\drivers\yhmuwxqe.sys    
C:\Windows\SysWOW64\drivers\zifvtszj.sys     
C:\Windows\SysWOW64\drivers\zqzrthao.sys


Ferme le fichier texte. Accepte la modification par Oui.

Une infobulle t'avertira que tout sera fermé. Accepte par Ok

Poste le contenu du rapport qui s'ouvrira à terme (s'il ne s'ouvre pas, il se trouve à C:\forcemovelog.txt)

Si ton bureau ne réapparait pas fais ceci :
Ctrl + Alt + Delete > Fichier > Nouvelle tache > Exécuter > tape explorer.exe et valide
0

Discussions similaires

Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Facebook rencontre introuvable
Gourami -
vinz -

7 réponses