Probleme rootkit
doudou
-
kalimusic Messages postés 14619 Statut Contributeur sécurité -
kalimusic Messages postés 14619 Statut Contributeur sécurité -
Bonjour, depuis aujourd'hui , avast me trouve un rootkit, je le supprime, et il revient à chaque fois.
J'ai passé un coup de malwarebyte, j'ai enlevé un autre virus, qui correspond a un crack de seven.
Mais le rootkit revient toujours ! Comment le suppr ?
J'ai passé un coup de malwarebyte, j'ai enlevé un autre virus, qui correspond a un crack de seven.
Mais le rootkit revient toujours ! Comment le suppr ?
19 réponses
-
Bonsoir,
Avast! localise le rootkit à quel endroit ?
Ton système d'exploitation est légitime ?
A + -
-
re,
Ouvre l'interface de Avast! et recherche les informations sur l'alerte, cela permettra de mieux cibler les actions futures.
A + -
Nom du fichier
MBR:\\.\PSHYSICALDRIVE0\partition3
Nom du rootkit
Rootkit secteur de démarrage -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Bonjour,
1. Télécharge l'utilitaire TDSSKiller (de Kaspersky) sur ton Bureau.
● Lance TDSSKiller.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Clique sur Start scan.
● Laisse l'outil balayer ton système sans l'interrompre et sans utiliser le PC.
● Conserve l'action proposée par défaut par l'outil
▸ Pour TDSS.tdl2 : l'option Delete sera cochée.
▸ Pour TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure est bien cochée.
▸ Pour "Suspicious object" laisse sur "Skip"
▸ Pour Rootkit.Win32.ZAccess : Choisir Cure pour les fichiers .sys et Delete pour le fichier .exe
● Clique sur Continue puis sur Reboot now si le redémarrage est proposé.
● Le rapport se trouve à la racine du disque principal : C:\TDSSKiller.n° de version_date_heure_log.txt
2. Télécharge MBRScan (de Eric_71) sur ton Bureau.
● Lance MbrScan.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Clique sur le bouton "Report"
Note : cet outil est détecté à tord comme une menace par certains antivirus, désactive temporairement celui-ci si nécéssaire.
3. Héberge les 2 rapports sur un des sites suivants :
https://www.cjoint.com/
http://pjjoint.malekal.com/
http://threat-rc.com/
https://textup.fr/
● Tu obtiendras 2 liens que tu me donneras dans ton prochain message afin que je puisse les consulter.
A +
-
14:58:34.0371 3872 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
14:58:34.0522 3872 ============================================================
14:58:34.0522 3872 Current date / time: 2012/02/11 14:58:34.0522
14:58:34.0522 3872 SystemInfo:
14:58:34.0522 3872
14:58:34.0522 3872 OS Version: 6.1.7600 ServicePack: 0.0
14:58:34.0522 3872 Product type: Workstation
14:58:34.0522 3872 ComputerName: HUGO-PC
14:58:34.0522 3872 UserName: Hugo
14:58:34.0522 3872 Windows directory: C:\Windows
14:58:34.0522 3872 System windows directory: C:\Windows
14:58:34.0522 3872 Running under WOW64
14:58:34.0522 3872 Processor architecture: Intel x64
14:58:34.0522 3872 Number of processors: 4
14:58:34.0522 3872 Page size: 0x1000
14:58:34.0522 3872 Boot type: Normal boot
14:58:34.0522 3872 ============================================================
14:58:36.0895 3872 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:58:37.0086 3872 \Device\Harddisk0\DR0:
14:58:37.0086 3872 MBR used
14:58:37.0086 3872 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3C9B0000
14:58:37.0086 3872 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3C9B0800, BlocksNum 0xDEA7000
14:58:37.0359 3872 Initialize success
14:58:37.0359 3872 ============================================================
14:58:38.0835 3780 ============================================================
14:58:38.0835 3780 Scan started
14:58:38.0835 3780 Mode: Manual;
14:58:38.0835 3780 ============================================================
14:58:42.0112 3780 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:58:42.0116 3780 1394ohci - ok
14:58:42.0144 3780 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:58:42.0148 3780 ACPI - ok
14:58:42.0158 3780 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:58:42.0160 3780 AcpiPmi - ok
14:58:42.0232 3780 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:58:42.0239 3780 adp94xx - ok
14:58:42.0266 3780 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:58:42.0270 3780 adpahci - ok
14:58:42.0293 3780 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:58:42.0296 3780 adpu320 - ok
14:58:42.0355 3780 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
14:58:42.0363 3780 AFD - ok
14:58:42.0426 3780 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:58:42.0428 3780 agp440 - ok
14:58:42.0453 3780 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:58:42.0454 3780 aliide - ok
14:58:42.0464 3780 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:58:42.0466 3780 amdide - ok
14:58:42.0477 3780 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:58:42.0479 3780 AmdK8 - ok
14:58:42.0490 3780 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:58:42.0491 3780 AmdPPM - ok
14:58:42.0523 3780 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:58:42.0526 3780 amdsata - ok
14:58:42.0555 3780 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:58:42.0558 3780 amdsbs - ok
14:58:42.0590 3780 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:58:42.0592 3780 amdxata - ok
14:58:42.0612 3780 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:58:42.0613 3780 AppID - ok
14:58:42.0674 3780 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:58:42.0677 3780 arc - ok
14:58:42.0688 3780 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:58:42.0690 3780 arcsas - ok
14:58:42.0733 3780 asmthub3 (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
14:58:42.0736 3780 asmthub3 - ok
14:58:42.0788 3780 asmtxhci (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
14:58:42.0794 3780 asmtxhci - ok
14:58:42.0848 3780 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
14:58:42.0850 3780 aswFsBlk - ok
14:58:42.0892 3780 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
14:58:42.0894 3780 aswMonFlt - ok
14:58:42.0916 3780 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
14:58:42.0918 3780 aswRdr - ok
14:58:42.0959 3780 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
14:58:43.0011 3780 aswSnx - ok
14:58:43.0069 3780 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
14:58:43.0073 3780 aswSP - ok
14:58:43.0130 3780 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
14:58:43.0132 3780 aswTdi - ok
14:58:43.0186 3780 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:58:43.0187 3780 AsyncMac - ok
14:58:43.0198 3780 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:58:43.0199 3780 atapi - ok
14:58:43.0249 3780 AthBTPort (cbe61b4494165f458bd87e37181ee934) C:\Windows\system32\DRIVERS\btath_flt.sys
14:58:43.0251 3780 AthBTPort - ok
14:58:43.0305 3780 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\system32\Drivers\AthDfu.sys
14:58:43.0307 3780 ATHDFU - ok
14:58:43.0379 3780 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:58:43.0386 3780 b06bdrv - ok
14:58:43.0460 3780 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:58:43.0464 3780 b57nd60a - ok
14:58:43.0478 3780 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:58:43.0480 3780 Beep - ok
14:58:43.0515 3780 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:58:43.0517 3780 blbdrive - ok
14:58:43.0546 3780 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:58:43.0548 3780 bowser - ok
14:58:43.0574 3780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:58:43.0575 3780 BrFiltLo - ok
14:58:43.0586 3780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:58:43.0588 3780 BrFiltUp - ok
14:58:43.0612 3780 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:58:43.0616 3780 Brserid - ok
14:58:43.0628 3780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:58:43.0629 3780 BrSerWdm - ok
14:58:43.0640 3780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:58:43.0641 3780 BrUsbMdm - ok
14:58:43.0652 3780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:58:43.0653 3780 BrUsbSer - ok
14:58:43.0711 3780 BTATH_A2DP (fe70889a85c57a9268101b2db0474509) C:\Windows\system32\drivers\btath_a2dp.sys
14:58:43.0720 3780 BTATH_A2DP - ok
14:58:43.0806 3780 BTATH_BUS (a83a91d07d1fe6bbe7a9db46ca00434b) C:\Windows\system32\DRIVERS\btath_bus.sys
14:58:43.0808 3780 BTATH_BUS - ok
14:58:43.0849 3780 BTATH_HCRP (c864ff85ee16d61c2bdd5ef76824625f) C:\Windows\system32\DRIVERS\btath_hcrp.sys
14:58:43.0852 3780 BTATH_HCRP - ok
14:58:43.0889 3780 BTATH_LWFLT (0dea505efb5d771826d177ef8b8a208f) C:\Windows\system32\DRIVERS\btath_lwflt.sys
14:58:43.0891 3780 BTATH_LWFLT - ok
14:58:43.0945 3780 BTATH_RCP (724c8088c96efe7a3e63fec21d4681c0) C:\Windows\system32\DRIVERS\btath_rcp.sys
14:58:43.0948 3780 BTATH_RCP - ok
14:58:43.0996 3780 BtFilter (aa0f5afcf077c5246589b32eceeae566) C:\Windows\system32\DRIVERS\btfilter.sys
14:58:44.0001 3780 BtFilter - ok
14:58:44.0070 3780 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
14:58:44.0071 3780 BthEnum - ok
14:58:44.0106 3780 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:58:44.0106 3780 BTHMODEM - ok
14:58:44.0156 3780 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
14:58:44.0167 3780 BthPan - ok
14:58:44.0202 3780 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
14:58:44.0209 3780 BTHPORT - ok
14:58:44.0266 3780 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
14:58:44.0268 3780 BTHUSB - ok
14:58:44.0315 3780 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:58:44.0318 3780 cdfs - ok
14:58:44.0353 3780 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:58:44.0357 3780 cdrom - ok
14:58:44.0408 3780 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:58:44.0410 3780 circlass - ok
14:58:44.0750 3780 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:58:44.0756 3780 CLFS - ok
14:58:45.0058 3780 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:58:45.0059 3780 CmBatt - ok
14:58:45.0075 3780 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:58:45.0084 3780 cmdide - ok
14:58:45.0152 3780 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:58:45.0159 3780 CNG - ok
14:58:45.0169 3780 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:58:45.0171 3780 Compbatt - ok
14:58:45.0182 3780 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:58:45.0192 3780 CompositeBus - ok
14:58:45.0221 3780 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:58:45.0222 3780 crcdisk - ok
14:58:45.0256 3780 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
14:58:45.0272 3780 CSC - ok
14:58:45.0312 3780 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:58:45.0315 3780 DfsC - ok
14:58:45.0335 3780 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:58:45.0337 3780 discache - ok
14:58:45.0356 3780 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:58:45.0358 3780 Disk - ok
14:58:45.0502 3780 driverhardwarev2x64 (b28c853770c995552b9f5760d8245f44) C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys
14:58:45.0504 3780 driverhardwarev2x64 - ok
14:58:45.0689 3780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:58:45.0690 3780 drmkaud - ok
14:58:45.0751 3780 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
14:58:45.0756 3780 dtsoftbus01 - ok
14:58:45.0815 3780 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:58:45.0849 3780 DXGKrnl - ok
14:58:45.0906 3780 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
14:58:45.0911 3780 e1cexpress - ok
14:58:45.0947 3780 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:58:45.0951 3780 E1G60 - ok
14:58:46.0068 3780 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:58:46.0158 3780 ebdrv - ok
14:58:46.0200 3780 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:58:46.0205 3780 elxstor - ok
14:58:46.0216 3780 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:58:46.0217 3780 ErrDev - ok
14:58:46.0246 3780 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:58:46.0248 3780 exfat - ok
14:58:46.0259 3780 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:58:46.0261 3780 fastfat - ok
14:58:46.0282 3780 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:58:46.0293 3780 fdc - ok
14:58:46.0317 3780 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:58:46.0319 3780 FileInfo - ok
14:58:46.0330 3780 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:58:46.0332 3780 Filetrace - ok
14:58:46.0342 3780 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:58:46.0344 3780 flpydisk - ok
14:58:46.0362 3780 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:58:46.0366 3780 FltMgr - ok
14:58:46.0389 3780 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:58:46.0403 3780 FsDepends - ok
14:58:46.0420 3780 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
14:58:46.0421 3780 Fs_Rec - ok
14:58:46.0460 3780 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:58:46.0494 3780 fvevol - ok
14:58:46.0681 3780 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:58:46.0683 3780 gagp30kx - ok
14:58:46.0781 3780 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
14:58:46.0784 3780 hamachi - ok
14:58:46.0858 3780 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:58:46.0865 3780 hcw85cir - ok
14:58:46.0900 3780 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:58:46.0905 3780 HdAudAddService - ok
14:58:46.0929 3780 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:58:46.0931 3780 HDAudBus - ok
14:58:46.0943 3780 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:58:46.0944 3780 HidBatt - ok
14:58:46.0956 3780 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:58:46.0958 3780 HidBth - ok
14:58:46.0982 3780 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:58:46.0984 3780 HidIr - ok
14:58:47.0029 3780 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:58:47.0031 3780 HidUsb - ok
14:58:47.0054 3780 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:58:47.0056 3780 HpSAMD - ok
14:58:47.0082 3780 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:58:47.0093 3780 HTTP - ok
14:58:47.0104 3780 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:58:47.0105 3780 hwpolicy - ok
14:58:47.0140 3780 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:58:47.0142 3780 i8042prt - ok
14:58:47.0197 3780 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:58:47.0237 3780 iaStorV - ok
14:58:47.0261 3780 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:58:47.0261 3780 iirsp - ok
14:58:47.0398 3780 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
14:58:47.0489 3780 IntcAzAudAddService - ok
14:58:48.0010 3780 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:58:48.0011 3780 intelide - ok
14:58:48.0423 3780 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:58:48.0425 3780 intelppm - ok
14:58:49.0080 3780 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:58:49.0082 3780 IpFilterDriver - ok
14:58:49.0539 3780 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:58:49.0542 3780 IPMIDRV - ok
14:58:49.0919 3780 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:58:49.0921 3780 IPNAT - ok
14:58:49.0948 3780 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:58:49.0950 3780 IRENUM - ok
14:58:49.0964 3780 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:58:49.0965 3780 isapnp - ok
14:58:49.0991 3780 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:58:49.0995 3780 iScsiPrt - ok
14:58:50.0054 3780 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\DRIVERS\jraid.sys
14:58:50.0070 3780 JRAID - ok
14:58:50.0096 3780 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:58:50.0112 3780 kbdclass - ok
14:58:50.0131 3780 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:58:50.0132 3780 kbdhid - ok
14:58:50.0193 3780 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:58:50.0196 3780 KSecDD - ok
14:58:50.0249 3780 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:58:50.0252 3780 KSecPkg - ok
14:58:50.0277 3780 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:58:50.0278 3780 ksthunk - ok
14:58:50.0328 3780 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:58:50.0330 3780 lltdio - ok
14:58:50.0369 3780 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:58:50.0371 3780 LSI_FC - ok
14:58:50.0398 3780 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:58:50.0400 3780 LSI_SAS - ok
14:58:50.0412 3780 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:58:50.0414 3780 LSI_SAS2 - ok
14:58:50.0427 3780 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:58:50.0429 3780 LSI_SCSI - ok
14:58:50.0453 3780 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:58:50.0455 3780 luafv - ok
14:58:50.0478 3780 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:58:50.0480 3780 megasas - ok
14:58:50.0510 3780 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:58:50.0552 3780 MegaSR - ok
14:58:50.0658 3780 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
14:58:50.0695 3780 MEIx64 - ok
14:58:50.0708 3780 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:58:50.0711 3780 Modem - ok
14:58:50.0730 3780 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:58:50.0732 3780 monitor - ok
14:58:50.0768 3780 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:58:50.0770 3780 mouclass - ok
14:58:50.0787 3780 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:58:50.0789 3780 mouhid - ok
14:58:50.0812 3780 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:58:50.0822 3780 mountmgr - ok
14:58:50.0846 3780 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:58:50.0849 3780 mpio - ok
14:58:50.0861 3780 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:58:50.0863 3780 mpsdrv - ok
14:58:50.0877 3780 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:58:50.0880 3780 MRxDAV - ok
14:58:50.0916 3780 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:58:50.0920 3780 mrxsmb - ok
14:58:50.0956 3780 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:58:50.0962 3780 mrxsmb10 - ok
14:58:51.0046 3780 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:58:51.0048 3780 mrxsmb20 - ok
14:58:51.0075 3780 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:58:51.0077 3780 msahci - ok
14:58:51.0090 3780 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:58:51.0100 3780 msdsm - ok
14:58:51.0117 3780 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:58:51.0118 3780 Msfs - ok
14:58:51.0140 3780 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:58:51.0153 3780 mshidkmdf - ok
14:58:51.0161 3780 MSICDSetup - ok
14:58:51.0174 3780 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:58:51.0175 3780 msisadrv - ok
14:58:51.0213 3780 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:58:51.0214 3780 MSKSSRV - ok
14:58:51.0225 3780 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:58:51.0227 3780 MSPCLOCK - ok
14:58:51.0238 3780 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:58:51.0254 3780 MSPQM - ok
14:58:51.0284 3780 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:58:51.0290 3780 MsRPC - ok
14:58:51.0303 3780 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:58:51.0304 3780 mssmbios - ok
14:58:51.0316 3780 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:58:51.0317 3780 MSTEE - ok
14:58:51.0328 3780 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:58:51.0344 3780 MTConfig - ok
14:58:51.0356 3780 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:58:51.0358 3780 Mup - ok
14:58:51.0394 3780 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:58:51.0399 3780 NativeWifiP - ok
14:58:51.0447 3780 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:58:51.0481 3780 NDIS - ok
14:58:51.0499 3780 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:58:51.0501 3780 NdisCap - ok
14:58:51.0524 3780 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:58:51.0528 3780 NdisTapi - ok
14:58:51.0540 3780 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:58:51.0542 3780 Ndisuio - ok
14:58:51.0554 3780 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:58:51.0558 3780 NdisWan - ok
14:58:51.0569 3780 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:58:51.0571 3780 NDProxy - ok
14:58:51.0583 3780 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:58:51.0584 3780 NetBIOS - ok
14:58:51.0605 3780 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:58:51.0605 3780 NetBT - ok
14:58:51.0677 3780 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:58:51.0679 3780 nfrd960 - ok
14:58:51.0693 3780 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:58:51.0695 3780 Npfs - ok
14:58:51.0709 3780 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:58:51.0721 3780 nsiproxy - ok
14:58:51.0790 3780 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:58:51.0860 3780 Ntfs - ok
14:58:51.0882 3780 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:58:51.0895 3780 Null - ok
14:58:51.0943 3780 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
14:58:51.0947 3780 NVHDA - ok
14:58:52.0288 3780 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:58:52.0689 3780 nvlddmkm - ok
14:58:52.0831 3780 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:58:52.0834 3780 nvraid - ok
14:58:52.0888 3780 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:58:52.0892 3780 nvstor - ok
14:58:53.0020 3780 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:58:53.0023 3780 nv_agp - ok
14:58:53.0034 3780 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:58:53.0036 3780 ohci1394 - ok
14:58:53.0070 3780 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:58:53.0072 3780 Parport - ok
14:58:53.0085 3780 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:58:53.0087 3780 partmgr - ok
14:58:53.0102 3780 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:58:53.0105 3780 pci - ok
14:58:53.0123 3780 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:58:53.0124 3780 pciide - ok
14:58:53.0145 3780 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:58:53.0148 3780 pcmcia - ok
14:58:53.0158 3780 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:58:53.0160 3780 pcw - ok
14:58:53.0182 3780 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:58:53.0194 3780 PEAUTH - ok
14:58:53.0375 3780 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:58:53.0388 3780 PptpMiniport - ok
14:58:53.0401 3780 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:58:53.0403 3780 Processor - ok
14:58:53.0444 3780 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:58:53.0447 3780 Psched - ok
14:58:53.0511 3780 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:58:53.0559 3780 ql2300 - ok
14:58:53.0584 3780 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:58:53.0587 3780 ql40xx - ok
14:58:53.0601 3780 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:58:53.0603 3780 QWAVEdrv - ok
14:58:53.0614 3780 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:58:53.0616 3780 RasAcd - ok
14:58:53.0647 3780 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:58:53.0649 3780 RasAgileVpn - ok
14:58:53.0663 3780 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:58:53.0666 3780 Rasl2tp - ok
14:58:53.0705 3780 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:58:53.0707 3780 RasPppoe - ok
14:58:53.0720 3780 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:58:53.0723 3780 RasSstp - ok
14:58:53.0755 3780 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:58:53.0760 3780 rdbss - ok
14:58:53.0773 3780 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:58:53.0774 3780 rdpbus - ok
14:58:53.0805 3780 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:58:53.0807 3780 RDPCDD - ok
14:58:53.0837 3780 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
14:58:53.0840 3780 RDPDR - ok
14:58:53.0852 3780 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:58:53.0853 3780 RDPENCDD - ok
14:58:53.0893 3780 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:58:53.0894 3780 RDPREFMP - ok
14:58:53.0918 3780 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
14:58:53.0922 3780 RDPWD - ok
14:58:53.0936 3780 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:58:53.0939 3780 rdyboost - ok
14:58:53.0989 3780 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
14:58:53.0993 3780 RFCOMM - ok
14:58:54.0074 3780 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
14:58:54.0076 3780 RimUsb - ok
14:58:54.0094 3780 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:58:54.0096 3780 rspndr - ok
14:58:54.0117 3780 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
14:58:54.0118 3780 s3cap - ok
14:58:54.0144 3780 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:58:54.0146 3780 sbp2port - ok
14:58:54.0160 3780 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:58:54.0162 3780 scfilter - ok
14:58:54.0186 3780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:58:54.0188 3780 secdrv - ok
14:58:54.0208 3780 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:58:54.0210 3780 Serenum - ok
14:58:54.0234 3780 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:58:54.0237 3780 Serial - ok
14:58:54.0255 3780 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:58:54.0257 3780 sermouse - ok
14:58:54.0275 3780 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:58:54.0277 3780 sffdisk - ok
14:58:54.0288 3780 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:58:54.0289 3780 sffp_mmc - ok
14:58:54.0300 3780 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:58:54.0302 3780 sffp_sd - ok
14:58:54.0313 3780 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:58:54.0314 3780 sfloppy - ok
14:58:54.0330 3780 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:58:54.0332 3780 SiSRaid2 - ok
14:58:54.0353 3780 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:58:54.0355 3780 SiSRaid4 - ok
14:58:54.0378 3780 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:58:54.0381 3780 Smb - ok
14:58:54.0398 3780 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:58:54.0400 3780 spldr - ok
14:58:54.0445 3780 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:58:54.0452 3780 srv - ok
14:58:54.0503 3780 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:58:54.0509 3780 srv2 - ok
14:58:54.0541 3780 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:58:54.0544 3780 srvnet - ok
14:58:54.0624 3780 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:58:54.0626 3780 stexstor - ok
14:58:54.0653 3780 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
14:58:54.0656 3780 storflt - ok
14:58:54.0668 3780 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
14:58:54.0669 3780 storvsc - ok
14:58:54.0681 3780 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:58:54.0682 3780 swenum - ok
14:58:54.0768 3780 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:58:54.0848 3780 Tcpip - ok
14:58:54.0916 3780 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:58:54.0931 3780 TCPIP6 - ok
14:58:55.0123 3780 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:58:55.0125 3780 tcpipreg - ok
14:58:55.0758 3780 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:58:55.0760 3780 TDPIPE - ok
14:58:56.0045 3780 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
14:58:56.0046 3780 TDTCP - ok
14:58:56.0058 3780 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:58:56.0061 3780 tdx - ok
14:58:56.0081 3780 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:58:56.0082 3780 TermDD - ok
14:58:56.0127 3780 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:58:56.0128 3780 tssecsrv - ok
14:58:56.0180 3780 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:58:56.0183 3780 tunnel - ok
14:58:56.0216 3780 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:58:56.0218 3780 uagp35 - ok
14:58:56.0261 3780 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:58:56.0266 3780 udfs - ok
14:58:56.0296 3780 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:58:56.0298 3780 uliagpkx - ok
14:58:56.0319 3780 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:58:56.0321 3780 umbus - ok
14:58:56.0333 3780 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:58:56.0335 3780 UmPass - ok
14:58:56.0386 3780 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:58:56.0389 3780 usbccgp - ok
14:58:56.0413 3780 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:58:56.0415 3780 usbcir - ok
14:58:56.0438 3780 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
14:58:56.0440 3780 usbehci - ok
14:58:56.0492 3780 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:58:56.0499 3780 usbhub - ok
14:58:56.0526 3780 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:58:56.0527 3780 usbohci - ok
14:58:56.0563 3780 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:58:56.0566 3780 usbprint - ok
14:58:56.0603 3780 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:58:56.0605 3780 usbscan - ok
14:58:56.0653 3780 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
14:58:56.0656 3780 USBSTOR - ok
14:58:56.0694 3780 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
14:58:56.0696 3780 usbuhci - ok
14:58:56.0723 3780 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:58:56.0725 3780 vdrvroot - ok
14:58:56.0744 3780 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:58:56.0746 3780 vga - ok
14:58:56.0757 3780 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:58:56.0759 3780 VgaSave - ok
14:58:56.0779 3780 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:58:56.0783 3780 vhdmp - ok
14:58:56.0795 3780 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:58:56.0797 3780 viaide - ok
14:58:56.0816 3780 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
14:58:56.0820 3780 vmbus - ok
14:58:56.0831 3780 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
14:58:56.0833 3780 VMBusHID - ok
14:58:56.0855 3780 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:58:56.0858 3780 volmgr - ok
14:58:56.0880 3780 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:58:56.0886 3780 volmgrx - ok
14:58:56.0912 3780 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:58:56.0917 3780 volsnap - ok
14:58:56.0949 3780 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:58:56.0952 3780 vsmraid - ok
14:58:56.0966 3780 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:58:56.0967 3780 vwifibus - ok
14:58:56.0992 3780 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:58:56.0994 3780 WacomPen - ok
14:58:57.0054 3780 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:58:57.0057 3780 WANARP - ok
14:58:57.0070 3780 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:58:57.0072 3780 Wanarpv6 - ok
14:58:57.0101 3780 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:58:57.0103 3780 Wd - ok
14:58:57.0138 3780 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:58:57.0147 3780 Wdf01000 - ok
14:58:57.0172 3780 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:58:57.0173 3780 WfpLwf - ok
14:58:57.0185 3780 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:58:57.0187 3780 WIMMount - ok
14:58:57.0247 3780 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:58:57.0248 3780 WmiAcpi - ok
14:58:57.0284 3780 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:58:57.0286 3780 ws2ifsl - ok
14:58:57.0307 3780 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:58:57.0310 3780 WudfPf - ok
14:58:57.0332 3780 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:58:57.0336 3780 WUDFRd - ok
14:58:57.0384 3780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
14:58:57.0426 3780 \Device\Harddisk0\DR0 - ok
14:58:57.0707 3780 Boot (0x1200) (b38455d13a1341bd74640c68622deb05) \Device\Harddisk0\DR0\Partition0
14:58:57.0708 3780 \Device\Harddisk0\DR0\Partition0 - ok
14:58:57.0711 3780 Boot (0x1200) (6de2b6f9e592700844c605e72af13a2f) \Device\Harddisk0\DR0\Partition1
14:58:57.0712 3780 \Device\Harddisk0\DR0\Partition1 - ok
14:58:57.0713 3780 ============================================================
14:58:57.0713 3780 Scan finished
14:58:57.0713 3780 ============================================================
14:58:57.0723 4856 Detected object count: 0
14:58:57.0723 4856 Actual detected object count: 0
14:59:05.0597 4116 Deinitialize success
Pour MBRScan, ca marche pas -
re,
Fait ceci à la place :
Télécharge aswMBR sur ton Bureau.
● Lance aswMBR.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Refuse la demande de mise à jour
● Clique sur le bouton Scan
● Patiente pendant l'analyse
● Clique sur Save log
● Enregistre le rapport sur le Bureau.
● Copie/colle le rapport dans ton prochain message.
A + -
-----------------------------
16:03:47.147 OS Version: Windows x64 6.1.7600
16:03:47.147 Number of processors: 4 586 0x2A07
16:03:47.148 ComputerName: HUGO-PC UserName: Hugo
16:03:48.744 Initialize success
16:03:49.370 AVAST engine defs: 12021100
16:03:57.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:03:57.054 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 11
16:03:57.075 Disk 0 MBR read successfully
16:03:57.077 Disk 0 MBR scan
16:03:57.079 Disk 0 Windows 7 default MBR code
16:03:57.086 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 496480 MB offset 2048
16:03:57.105 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 113998 MB offset 1016793088
16:03:57.122 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 1250260992
16:03:57.125 Disk 0 Partition 3 **INFECTED** MBR:Alureon-K [Rtk]
16:03:57.128 Service scanning
16:04:00.202 Modules scanning
16:04:00.207 Disk 0 trace - called modules:
16:04:00.230 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:04:00.237 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004738060]
16:04:00.242 3 CLASSPNP.SYS[fffff8800196d43f] -> nt!IofCallDriver -> [0xfffffa80044c1200]
16:04:00.246 5 ACPI.sys[fffff88000d54781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80044c1550]
16:04:00.596 AVAST engine scan C:\Windows
16:04:02.077 AVAST engine scan C:\Windows\system32
16:05:40.095 AVAST engine scan C:\Windows\system32\drivers
16:05:46.469 AVAST engine scan C:\Users\Hugo
16:06:15.332 Disk 0 MBR has been saved successfully to "C:\Users\Hugo\Desktop\MBR.dat"
16:06:15.336 The log file has been saved successfully to "C:\Users\Hugo\Desktop\aswMBR.txt"
16:07:37.904 AVAST engine scan C:\ProgramData
16:07:53.232 Scan finished successfully
16:08:12.374 Disk 0 MBR has been saved successfully to "C:\Users\Hugo\Desktop\MBR.dat"
16:08:12.378 The log file has been saved successfully to "C:\Users\Hugo\Desktop\aswMBR.txt"
Apperement il a trouvé l'infection, mais n'a rien fait ? -
C'est normal, l'infection se trouve sur une partition cachée qu'elle a crée.
Ce serait dangereux de le faire sous Windows. Il faut passer par un CD Live.
Télécharge Ubuntu ici => https://ubuntu.com/
Et grave le CD au format .ISO et modifie l'ordre du démarrage du BIOS
tuto : http://www.01audio-video.com/live-cd-linux-ubuntu.htm
Choisir d'essayer Ubuntu
Une fois sur le bureau, lance Gparted :
Application > Système > Administration > Éditeur de partition
Fait une copie d'écran, héberge l'image et donne le lien.
A + -
-
re,
Sélectionne la ligne /dev/sda3
Choisir Delete > Apply
Referme tout et redémarre sur Windows en enlevant le CD
Relance aswMBR et copie/colle le rapport.
A + -
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-11 18:10:49
-----------------------------
18:10:49.964 OS Version: Windows x64 6.1.7600
18:10:49.964 Number of processors: 4 586 0x2A07
18:10:49.964 ComputerName: HUGO-PC UserName: Hugo
18:10:51.821 Initialize success
18:10:51.977 AVAST engine defs: 12021100
18:10:54.551 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:10:54.551 Disk 0 Vendor: WDC_WD6400AACS-00G8B1 05.04C05 Size: 610480MB BusType: 11
18:10:54.566 Disk 0 MBR read successfully
18:10:54.566 Disk 0 MBR scan
18:10:54.566 Disk 0 Windows 7 default MBR code
18:10:54.613 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 496480 MB offset 2048
18:10:54.769 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 113998 MB offset 1016793088
18:10:54.769 Service scanning
18:11:00.276 Service MSICDSetup E:\CDriver64.sys **LOCKED** 21
18:11:01.384 Modules scanning
18:11:01.524 Disk 0 trace - called modules:
18:11:01.555 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:11:01.555 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800473c060]
18:11:01.555 3 CLASSPNP.SYS[fffff880019a543f] -> nt!IofCallDriver -> [0xfffffa80044d09b0]
18:11:01.555 5 ACPI.sys[fffff88000f3d781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800416b060]
18:11:02.741 AVAST engine scan C:\Windows
18:11:04.706 AVAST engine scan C:\Windows\system32
18:13:31.720 AVAST engine scan C:\Windows\system32\drivers
18:13:40.237 AVAST engine scan C:\Users\Hugo
18:15:41.361 AVAST engine scan C:\ProgramData
18:15:54.035 Scan finished successfully
18:16:03.503 Disk 0 MBR has been saved successfully to "C:\Users\Hugo\Desktop\MBR.dat"
18:16:03.509 The log file has been saved successfully to "C:\Users\Hugo\Desktop\aswMBR2.txt"
Voilà chef, j'ai mis en gras, ce qui était en jaune dans le scan. -
Je pense que nous avons fait le plus dur, tu te débrouilles très bien
Nous allons utiliser cet outil de diagnostic afin d'identifier les problèmes restants.
Télécharge OTL (de OldTimer) sur ton Bureau.
Ferme toutes tes applications en cours
● Lance OTL.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● L'interface principale s'ouvre :
● Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
● Coche la case également Tous les utilisateurs
● Laisse tous les autres paramètres par défaut
● Dans la partie du bas "Personnalisation", copie/colle la liste en citation :
msconfig safebootminimal safebootnetwork /md5start volsnap.* explorer.exe winlogon.exe userinit.exe svchost.exe /md5stop %temp%\*.exe /s %ALLUSERSPROFILE%\Application Data\*.exe /s %ALLUSERSPROFILE%\Application Data\*. %APPDATA%\*.exe /s %APPDATA%\*. %SYSTEMDRIVE%\*.exe %systemroot%\Tasks\*.* /s hklm\system\CurrentControlSet\Services\lanmanserver\parameters /s hklm\system\CurrentControlSet\Control\Session Manager\SubSystems /s hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT
● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● 2 rapports vont s'ouvrir au format bloc-note :
OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
● Ne les poste pas sur le forum, ils seraient trop long
● Héberge les sur un des sites suivants :
https://www.cjoint.com/
http://pjjoint.malekal.com/
http://threat-rc.com/
https://textup.fr/
● Tu obtiendras 2 liens que tu me donneras dans ton prochain message.
A + -
-
re,
Analyse le fichier C:\Windows\SysWow64\QQVistaHelper.dll sur https://www.virustotal.com/gui/
Si un message te dit que le fichier à déjà été analysé, ré-analyse le
Copie-colle l'url affichée dans la barre d'adresse dans ta réponse.
tuto : Analyser un fichier avec VirusTotal
A + -
https://www.virustotal.com/file/99867fd6a42101eebaa2c1d0dbacd3d859bc4d472c1c163aee65ba969da0d38b/analysis/1328984470/
-
re,
1. Relance OTL
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Dans la partie "Personnalisation", copie/colle les instructions suivantes :
:OTL [2012/02/04 19:26:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent [2012/02/04 19:26:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Tencent [2012/02/04 19:26:05 | 000,000,000 | ---D | C] -- C:\Users\Hugo\Documents\Tencent Files [2012/02/04 19:25:41 | 000,000,000 | ---D | C] -- C:\Users\Hugo\AppData\Roaming\Tencent O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found [115 C:\Users\Hugo\AppData\Local\Temp\*.tmp files -> C:\Users\Hugo\AppData\Local\Temp\*.tmp -> ] :Files ipconfig /flushdns /c :Commands [emptytemp]
● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.
Tu peux le retrouver le fichier à la racine du disque : C:\_OTL\MovedFiles
2. Télécharge MBAM et installe le selon l'emplacement par défaut.
(l'essai de la version pro est facultative)
● Effectue la mise à jour et lance Malwarebytes' Anti-Malware
● Clique dans l'onglet du haut "Recherche"
● Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
● Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"
A la fin de l'analyse, si MBAM n'a rien trouvé :
● Clique sur OK, le rapport s'ouvre spontanément
Si des menaces ont été détectées :
● Clique sur OK puis "Afficher les résultats"
● Choisis l'option "Supprimer la sélection"
● Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
● Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
● Sinon le rapport s'ouvre automatiquement après la suppression.
3. Héberge les rapports et donne moi les liens.
A + -
-
Bonjour,
1. Lance OTL
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Dans la partie "Personnalisation", copie/colle:
:commands [clearallrestorepoints]
● Clique sur le bouton Correction.
2. Relance OTL en tant qu'administrateur
● Clique sur le bouton Purge outils
● Puis sur OK dans la boite de dialogue qui t'invite à redémarrer le système.
● Supprime les outils et les rapports restants éventuellement sur ton Bureau
3. Tu peux garder Malwarebytes Anti-Malware comme logiciel complémentaire à ton antivirus et t'en servir contrôler ton PC avec un scan rapide de temps en temps sans oublier de le mettre à jour avant
4. Vérifie que les logiciels pouvant présenter des failles de sécurité sont à jour :
Tutoriel SX Check&Update
== == == == == == == == == == == == == == == == == == == == == ==
La sécurité de son PC, c'est quoi ? (par Malekal)
== == == == == == == == == == == == == == == == == == == == == ==
Bonne continuation
