Virus bloque activation antivir et mises à jo Résolu/Fermé

Question

Bonjour, 

J'ai honteusement chopé une vérole qui empêche Avira de s'activer au démarrage. Je ne peux pas l'activer manuellement. Et les mises à jour windows sont impossibles. 
J'ai réussi apparemment à éliminer un fichier "iy4zowdz16.exe" qui contenait cutwail. Mais les choses doivent être plus profondes, car je ne peux toujours pas activer Avira.

Merci de m'aider !

Configuration: Windows 7 / Firefox 10.0.1

Smart91 · Answer

Bonjour, 

Cutwail, il ya bien longtemps que je ne l'ai vu :-) 

On va faire un diagnostic de ton PC: 

Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau  
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 
ou depuis ce lien si le premier a des soucis: 
http://www.moncompteur.com/compteurclick.php?idLink=18026  

Une fois le téléchargement achevé, double clique sur ZHPDiag.exe et suis les instructions. 
  
/!\Utilisateurs de Vista et Windows 7 : Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur » 

N'oublie pas de cocher la case qui permet de mettre un raccourci sur le Bureau.  
-  Double clique sur le raccourci ZHPDiag sur ton Bureau pour le lancer. 
- Si tu possèdes Avast 6 comme antivirus, à l'alerte choisis "lancer normalement"  
(/!\L'outil a créé 2 icônes ZHPDiag et ZHPFix) 
-  Clique sur la loupe et non pas sur le presonnage avec la loupe pour lancer l'analyse.  
-  Laisse l'outil travailler, il peut être assez long.  
-  Ferme ZHPDiag en fin d'analyse.  
-  Pour transmettre le rapport clique sur ce lien :http://pjjoint.malekal.com/ 
-  Clique sur Parcourir et cherche le répertoire C:\ZHP 
-  Sélectionne le fichier ZHPDiag.txt. puis clique sur "Ouvrir" 
-  Ensuite Clique sur "Envoyer le fichier".  
-  Copie le lien obtenu  dans ta réponse. 

Smart 
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)

Jicé · Answer

Merci pour ton aide !

Voici le lien :

http://pjjoint.malekal.com/files.php?id=ZHPDiag_20120213_y6o15d8c6s7

Smart91 · Answer

Je n'ai pas accés au site de malékal, il est peut-êre indisponible.
Peux-tu utiliser cecui-ci:
https://www.cjoint.com/

Smart

Jicé · Answer

voilà :)

	http://cjoint.com/?BBnryzxK24B

Smart91 · Answer

Le rapport ne montre pas que ton antivirus soit désactivé

Tu as téléchargé un crack pour Adobe  c'est pour cela que tu as été infecté. Lis ce dossier: Les dangers des cracks

Désinstalle également spybot, il est dépassé et ne fait que ralentir ton PC:
https://www.commentcamarche.net/faq/7371-desinstaller-proprement-spybot-search-and-destroy-1-6

Tu vas faire ceci:

- Ferme toutes tes applications en cours
- Lance ZHPFix via le raccourci sur ton Bureau, (Si tu es sous Vista ou Windows 7 noublie pas clic droi ==> en tant qu'administrateur") 
- Si tu ne l'as pas, télécharge le depuis ce lien: https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html
- Copie/colle les lignes en gras suivantes :
 
---------------------------------------------------------- 
M2 - MFEP: prefs.js [Banjo - n1xtfilk.default\cacaoweb@cacaoweb.org] [] cacaoweb v1.0.12 (.http://www.cacaoweb.org/
[HKCU\Software\AppDataLow\Software\PriceGong]
[HKCU\Software\cacaoweb]
O43 - CFD: 16/04/2011 - 20:42:14 - [898,376] ----D- C:\Users\Banjo\AppData\Roaming\cacaoweb
O53 - SMSR:HKLM\...\startupreg\cacaoweb  [Key] . (...) -- C:\Users\Banjo\AppData\Roaming\cacaoweb\cacaoweb.exe
O87 - FAEL: "TCP Query User{E0FF7EA2-C225-42F6-8253-20628138ED83}C:\users\banjo\appdataoaming\cacaoweb\cacaoweb.exe" | In - Private - P6 - TRUE | .(...) -- C:\Users\Banjo\AppData\Roaming\cacaoweb\cacaoweb.exe
O87 - FAEL: "UDP Query User{E1135F70-7527-4125-9726-8742A526CDEB}C:\users\banjo\appdataoaming\cacaoweb\cacaoweb.exe" | In - Private - P17 - TRUE | .(...) -- C:\Users\Banjo\AppData\Roaming\cacaoweb\cacaoweb.exe
O87 - FAEL: "TCP Query User{2179BF17-84A2-4FFD-B591-ABC403BCB5E9}C:\users\banjo\appdataoaming\cacaoweb\cacaoweb.exe" | In - Public - P6 - TRUE | .(...) -- C:\Users\Banjo\AppData\Roaming\cacaoweb\cacaoweb.exe
O87 - FAEL: "UDP Query User{B0A0D62F-D9A8-48AA-83E0-CE92EA08F9D9}C:\users\banjo\appdataoaming\cacaoweb\cacaoweb.exe" | In - Public - P17 - TRUE | .(...) -- C:\Users\Banjo\AppData\Roaming\cacaoweb\cacaoweb.exe
O87 - FAEL: "TCP Query User{FD528E18-041C-4DA7-8657-E4228BC5DB3B}C:\users\banjo\appdataoaming\ciucut\wuba.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\banjo\appdataoaming\ciucut\wuba.exe (.not file.)
O87 - FAEL: "UDP Query User{153D6814-413A-4B26-A4A0-BAC5317A89BC}C:\users\banjo\appdataoaming\ciucut\wuba.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\banjo\appdataoaming\ciucut\wuba.exe (.not file.)
[HKCU\Software\cacaoweb]
[HKCU\Software\AppDataLow\Software\PriceGong]
C:\Users\Banjo\AppData\Roaming\cacaoweb
C:\Users\Banjo\AppData\LocalLow\PriceGong
R3 - URLSearchHook: (no name) [64Bits] - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} . (...) (No version) -- (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{53495B54-46F3-49BB-AC1F-CEE2B31FE8E1}] (...) -- D:\Adobe Premiere Pro CS4 ISO\Adobe Premiere Pro CS4\Xforce Keygen\keygen.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{577D1603-8B77-4FC8-9DBE-5A08DF3332E2}] (...) -- D:\Adobe Premiere Pro CS4 ISO\Adobe Premiere Pro CS4\Xforce Keygen\keygen.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A24A3512-B2DA-42A2-B2E8-75B378F2CDF5}] (...) -- D:\Adobe Premiere Pro CS4 ISO\Adobe Premiere Pro CS4\Xforce Keygen\keygen.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{BF263600-3A00-46DC-8069-FFF371152A09}] (...) -- D:\Adobe Premiere Pro CS4 ISO\Adobe Premiere Pro CS4\Xforce Keygen\keygen.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{DC431711-98B6-4900-AA16-841138F2C043}] (...) -- D:\Adobe Premiere Pro CS4 ISO\Adobe Premiere Pro CS4\Xforce Keygen\keygen.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F1544058-FE00-4B4F-98B7-2D61D255D93E}] (...) -- D:\Adobe Premiere Pro CS4 ISO\Adobe Premiere Pro CS4\Xforce Keygen\keygen.exe (.not file.)
O43 - CFD: 06/08/2011 - 18:29:32 - [0] ----D- C:\Users\Banjo\AppData\Local\{83390E2B-7A27-4178-BD1A-914C63E40B80}
O43 - CFD: 11/02/2012 - 10:15:50 - [0] ----D- C:\Users\Banjo\AppData\Roaming\Ciucut
O43 - CFD: 12/02/2012 - 12:05:12 - [0] ----D- C:\Users\Banjo\AppData\Roaming\Imzeto
O43 - CFD: 02/02/2012 - 18:42:20 - [0] ----D- C:\Users\Banjo\AppData\Roaming\Jyaja
O43 - CFD: 08/02/2012 - 17:25:34 - [0] ----D- C:\Users\Banjo\AppData\Roaming\Lieb
C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles
1xtfilk.default\Extensions\cacaoweb@cacaoweb.org
[HKCU\Software\AppDataLow\Software\BitTorrentBar]
[MD5.197215658B8015182192E1EBCA3BBCC3] [SPRF][11/02/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Banjo\AppData\Local\Temp\AskSLib.dll   [246440]
[HKLM\Software\Classes\Toolbar.CT2790392]
C:\Users\Banjo\AppData\LocalLow\BitTorrentBar
C:\Users\Banjo\AppData\LocalLow\Conduit
EmptyTemp
EmptyFlash
FirewallRAZ
---------------------------------------------------------- 
- Clique sur l'icone représentant la lettre H (« coller les lignes Helper ») 
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes 
- Clique sur le bouton « GO » pour le lancer le nettoyage
- Copie/colle la totalité du rapport dans ta prochaine réponse 

Et redémarre le PC

Smart

Jicé · Answer

C'est fait, mais j'ai pas mal de soucis, l'ordi est lent, et mes applications ne se lancent pas. Je passe par le  mode sans échec pour pouvoir utiliser le navigateur.et là je n'arrive pas à poster mon message quand je colle le rapport

Jicé · Answer

Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011
Fichier d'export Registre : 
Run by Banjo at 13/02/2012 19:54:02
Windows 7 Home Premium Edition, 64-bit  (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Module(s) mémoire ==========
SUPPRIME Memory Module: C:\Users\Banjo\AppData\Local\Temp\AskSLib.dll

========== Clé(s) du Registre ==========
SUPPRIME Key: HKCU\Software\AppDataLow\Software\PriceGong
SUPPRIME Key: HKCU\Software\cacaoweb
SUPPRIME Key**:  StartupReg: cacaoweb
SUPPRIME Key: HKCU\Software\AppDataLow\Software\BitTorrentBar
SUPPRIME Key: HKLM\Software\Classes\Toolbar.CT2790392

========== Valeur(s) du Registre ==========
SUPPRIME TCP Query User{E0FF7EA2-C225-42F6-8253-20628138ED83}C:/users/banjo/appdata/roaming/cacaoweb/cacaoweb.exe
SUPPRIME UDP Query User{E1135F70-7527-4125-9726-8742A526CDEB}C:/users/banjo/appdata/roaming/cacaoweb/cacaoweb.exe
SUPPRIME TCP Query User{2179BF17-84A2-4FFD-B591-ABC403BCB5E9}C:/users/banjo/appdata/roaming/cacaoweb/cacaoweb.exe
SUPPRIME UDP Query User{B0A0D62F-D9A8-48AA-83E0-CE92EA08F9D9}C:/users/banjo/appdata/roaming/cacaoweb/cacaoweb.exe
SUPPRIME TCP Query User{FD528E18-041C-4DA7-8657-E4228BC5DB3B}C:/users/banjo/appdata/roaming/ciucut/wuba.exe
SUPPRIME UDP Query User{153D6814-413A-4B26-A4A0-BAC5317A89BC}C:/users/banjo/appdata/roaming/ciucut/wuba.exe
SUPPRIME URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}
ABSENT Valeur Standard Profile: FirewallRaz : 
ABSENT Valeur Domain Profile: FirewallRaz : 
SUPPRIME FirewallRaz (None) : {67F46CD1-1C00-4F72-8006-C2BE71549C8E}

========== Dossier(s) ==========
SUPPRIME Folder: C:\Users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles
1xtfilk.default\extensions\cacaowebAROBASEcacaoweb.org
SUPPRIME Folder: C:\Users\Banjo\AppData\Roaming\cacaoweb
SUPPRIME Folder: c:\users\banjo\appdata\locallow\pricegong
SUPPRIME Folder: C:\Users\Banjo\AppData\Local\{83390E2B-7A27-4178-BD1A-914C63E40B80}
SUPPRIME Folder: C:\Users\Banjo\AppData\Roaming\Ciucut
SUPPRIME Folder: C:\Users\Banjo\AppData\Roaming\Imzeto
SUPPRIME Folder: C:\Users\Banjo\AppData\Roaming\Jyaja
SUPPRIME Folder: C:\Users\Banjo\AppData\Roaming\Lieb
SUPPRIME Folder: c:\users\banjo\appdata\locallow\bittorrentbar
SUPPRIME Folder: c:\users\banjo\appdata\locallow\conduit
SUPPRIME Temporaires Windows: : 83
SUPPRIME Flash Cookies: 24

========== Fichier(s) ==========
ABSENT File: c:\users\banjo\appdataoaming\cacaoweb\cacaoweb.exe
ABSENT Folder/File: c:\users\banjo\appdataoaming\cacaoweb
ABSENT Folder/File: c:\users\banjo\appdataoaming\mozilla\firefox\profiles
1xtfilk.default\extensions\cacaowebAROBASEcacaoweb.org
SUPPRIME File*: c:\users\banjo\appdata\local	emp\askslib.dll
SUPPRIME Temporaires Windows: : 30
SUPPRIME Flash Cookies: 7

========== Tache planifiée ==========
SUPPRIME Task: {53495B54-46F3-49BB-AC1F-CEE2B31FE8E1}
SUPPRIME Task: {577D1603-8B77-4FC8-9DBE-5A08DF3332E2}
SUPPRIME Task: {A24A3512-B2DA-42A2-B2E8-75B378F2CDF5}
SUPPRIME Task: {BF263600-3A00-46DC-8069-FFF371152A09}
SUPPRIME Task: {DC431711-98B6-4900-AA16-841138F2C043}
SUPPRIME Task: {F1544058-FE00-4B4F-98B7-2D61D255D93E}


========== Récapitulatif ==========
1 : Module(s) mémoire
5 : Clé(s) du Registre
10 : Valeur(s) du Registre
12 : Dossier(s)
6 : Fichier(s)
6 : Tache planifiée


End of clean in 01mn 00s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 13/02/2012 19:54:02 [3484]

Jicé · Answer

ayé j'ai réussi à poster le rapport... c'est les @ contenues dedans qui posaient problème. Je les ai remplacées par AROBASE

Smart91 · Answer

Tu as bien redémarré le PC.

Maintenant tu vas faire ceci:

* Télécharge et installe Malwarebytes
* A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
* Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme). C'est très important
* Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet puis "Rechercher"
* Ne t'inquiète pas, l'analyse peut durer plusieurs heures en fonction du nombre de fichiers et infections à analyser 
* A la fin de l'analyse, clique sur "Afficher les résultats"
* Coche tous les éléments détectés puis clique sur "Supprimer la sélection"
* Enregistre le rapport
* S'il t'est demandé de redémarrer l'ordinateur, clique sur Yes
* Un rapport apparait après la suppression : poste le dans ta prochaine réponse.

Tu peix poster le rapport directement dans ta réponse

Smart

Jicé · Answer

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.02.13.04

Windows 7 x64 NTFS (Mode sans échec/Réseau)
Internet Explorer 9.0.8112.16421
Banjo :: BANJO-PC [administrateur]

13/02/2012 21:42:49
mbam-log-2012-02-13 (21-42-49).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 374123
Temps écoulé: 1 heure(s), 2 minute(s), 55 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Smart91 · Answer

OK. C'est bon
Comment se comporte le PC ?

Refais un scan ZHPDiag et poste le rapport vi cijoint

Smart

Jicé · Answer

Bonjour,

ZHP ne se lance pas. J'essaie en mode sans echec.

Jicé · Answer

http://cjoint.com/?BBor3TCZIrp

Smart91 · Answer

TU peux me dire ce qui se passe exactemet avec ZHDiag en mode normal ? As-tu une erreur, Se bloque-t'il ?

Pourtant la première fois tu l'avais bien passé en mode normal

Smart

Jicé · Answer

en fait il se bloquait vers 45% après un message d'erreur disant qu'il ne pouvait pas se connecter à je ne sais quoi... 

Mais en réessayant ça a marché. Il faut tout refaire ?

Smart91 · Answer

Oui je préfère avoir le rapport en mode normal, cela me permet de voir les processus en normal, car en mode sans echec ils sont au minimum

Smart

Jicé · Answer

http://cjoint.com/?BBpn0kBXRkk

Smart91 · Answer

Là le rapport ne montre plus rien comme infection. 
Il y a des mises à jours prioritaires de logiciels à faire et optimiser le PC en supprimant dez choses inutiles.

Tu as toujours les problèmes ?

Smart

Jicé · Answer

Il m'est toujours impossible d'activer la protection temps réel d'Avira. Et je ne peux faire aucune mise à jour de windows. J'ai un message d'erreur quand je recherche les mises à jours dans windows update, impossible de démarrer le service. En passant par msconfig, je vois que plein de services sont arrêtés. Je ne peux pas non plus les démarrer en passant par services.msc

Smart91 · Answer

Tu as surement un rootkit qq part.

* Télécharger sur le bureau RogueKiller (par tigzy) 
* Quitter tous les programmes en cours 
* Lancer RogueKiller.exe. 
* Attendre la fin du Prescan ... 
* Cliquer sur Scan. 
* A la fin du scan  cliquer sur Suppression. Cliquer sur Rapport et copier coller le contenu du notepad 

Smart

Jicé · Answer

RogueKiller V7.1.0 [15/02/2012] par Tigzy mail: tigzyRKgmailcom Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Blog: http://tigzyrk.blogspot.com Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: Banjo [Droits d'admin] Mode: Suppression -- Date: 16/02/2012 13:07:31 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 +++++ --- User --- [MBR] 68a9e35c6719ec184144274918b45528 [BSP] 11a41b59a9c99f64aca46d7af2da7024 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt

Smart91 · Answer

Tu as un fichier Hosts modifié, en particulier par crack que tu avais télécahagé pour Adobe

- Télécharge RstHosts (d'Xplode) sur ton bureau.
- Lance le et appuie sur Restaurer
- Copie/colle le contenu du rapport qui s'ouvrira à l'écran dans ton prochain message.

Note : Le rapport est également sauvegardé à la racine du disque dur ( C:\RstHosts.txt )

Smart

Jicé · Answer

-|x| RstHosts v2.0 - Rapport créé le 16/02/2012 à 18:29:44
-|x| Système d'exploitation : Windows 7 Home Premium  (64 bits)
-|x| Nom d'utilisateur : Banjo - BANJO-PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrateurs - BUILTIN
Taille : 89 bytes
Date de création : 14/07/2009 - 03:34:48
Date de modification : 16/02/2012 - 18:29:39
Date de dernier accès : 16/02/2012 - 18:29:39

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1       localhost
::1             localhost

-|x|- E.O.F - C:\RstHosts.txt - 611 bytes -|x|-

Smart91 · Answer

Est-ce que tu as les pb ?
Si oui tu vas faire ceci:

Avant de commencer, fais une sauvegarde de tous tes documents personnels. D'ailleurs, il faut le faire régulièrement

Attention pour ceux qui parcourent ce sujet, cet outil n'est pas à utiliser à la légère, et doit être recommandé uniquement par une personne formée à cet outil
 
Imprime la procédure

Télécharge ComboFix de sUBs sur ton Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

Tutoriel pour bien utiliser l'outil ==> https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 

-  /!\ Déconnecte-toi du net et DESACTIVE TOUTES LES DEFENSES, antivirus et antispyware y compris /!\
-  Double-clique sur ComboFix.exe 
-  Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter 
-  Surtout si tu es sous XP, accepte d'installer la console de récupération 

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de figer ton PC 
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

Smart

Jicé · Answer

oui j'ai toujours des soucis, je ne peux pas mettre à jour windows, je ne pas activer la protection temps réel d'avira.

je vais lire un peu ce que c'est combofix, parce que là tu me fais peur... :)

Jicé · Answer

ComboFix 12-02-16.02 - Banjo 16/02/2012  19:45:20.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7600.0.1252.33.1036.18.4028.2676 [GMT 1:00]
Lancé depuis: c:\users\Banjo\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Banjo\AppData\Roaming\.#
c:\users\Banjo\AppData\Roaming\Local
c:\users\Banjo\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Banjo\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-01-16 au 2012-02-16  ))))))))))))))))))))))))))))))))))))
.
.
2012-02-16 18:52 . 2012-02-16 18:52	--------	d-----w-	c:\users\Default\AppData\Local	emp
2012-02-14 17:01 . 2012-02-14 17:01	--------	d-----w-	c:\users\Banjo\AppData\Local\ElevatedDiagnostics
2012-02-14 16:51 . 2012-02-14 16:51	--------	d-----w-	c:\users\Banjo\AppData\Roaming\Avira
2012-02-14 16:51 . 2012-02-14 16:51	512	----a-w-	C:\PhysicalDisk0_MBR.bin
2012-02-14 16:46 . 2012-02-16 08:50	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-14 16:46 . 2011-12-16 08:51	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-02-14 16:46 . 2011-12-16 08:51	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-02-14 16:46 . 2012-02-14 16:46	--------	d-----w-	c:\programdata\Avira
2012-02-14 16:46 . 2012-02-14 16:46	--------	d-----w-	c:\program files (x86)\Avira
2012-02-13 10:51 . 2012-02-15 12:50	--------	d-----w-	C:\ZHP
2012-02-13 10:50 . 2012-02-15 12:49	--------	d-----w-	c:\program files (x86)\ZHPDiag
2012-02-12 14:58 . 2012-02-12 14:58	--------	d-----w-	c:\users\Banjo\AppData\Roaming\Malwarebytes
2012-02-12 14:58 . 2012-02-12 14:58	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-12 14:58 . 2012-02-12 14:58	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-12 14:58 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-12 14:49 . 2012-02-12 14:49	--------	d-----w-	c:\users\Banjo\AppData\Roaming\QuickScan
2012-02-11 08:10 . 2012-02-11 08:10	--------	d-----w-	c:\program files\CCleaner
2012-02-08 12:08 . 2012-02-12 08:54	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-08 12:08 . 2012-02-12 08:54	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy
2012-01-31 08:40 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA5D16AB-6DC1-478F-AE4C-0055218EFD86}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:39 . 2010-06-09 05:45	279096	------w-	c:\windows\system32\MpSigStub.exe
2011-11-25 10:14 . 2011-11-25 10:14	158056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
2011-11-24 05:00 . 2011-12-15 20:06	3141632	----a-w-	c:\windows\system32\win32k.sys
2011-11-19 15:07 . 2012-01-11 08:50	77312	----a-w-	c:\windows\system32\packager.dll
2011-11-19 14:06 . 2012-01-11 08:50	67072	----a-w-	c:\windows\SysWow64\packager.dll
2003-11-03 15:07 . 2004-04-23 15:06	499712	----a-w-	c:\program files (x86)\msvcp71.dll
2003-11-03 15:07 . 2004-04-23 15:06	348160	----a-w-	c:\program files (x86)\msvcr71.dll
2003-05-30 07:22 . 2003-09-08 07:09	344064	----a-r-	c:\program files (x86)\msvcr70.dll
2002-01-05 01:40 . 2003-09-08 07:09	487424	----a-w-	c:\program files (x86)\msvcp70.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\SysWOW64
bDX.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-16 258512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"CANAL+ CANALSAT A LA DEMANDE"="c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2010-05-03 163992]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2009-12-27 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 136176]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-05-01 420864]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-09-11 305448]
R3 NETw5s64;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 64 bits ;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planificateur;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-16 86224]
S2 CanalPlus.VOD;CanalPlus.VOD;c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2010-05-03 188416]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-10-02 786976]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-09-04 158240]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - 96d3a22ff13478f7
.
Contenu du dossier 'Tâches planifiées'
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 12:18]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-13 12:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-11 05:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-09 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-09 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-27 200704]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-10-02 496160]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-09-04 221728]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_4810t&r=273606101416l0378z195t4951b44q
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_4810t&r=273606101416l0378z195t4951b44q
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Banjo\AppData\Roaming\Mozilla\Firefox\Profiles
1xtfilk.default\
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DivX Download Manager - c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\96d3a22ff13478f7]
"ImagePath"="\SystemRoot\System32\Drivers\96d3a22ff13478f7.sys"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\Windows\system32\Macromed\Flash\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\Windows\SysWow64\Macromed\Flash\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Canal+\CANAL+ CANALSAT A LA DEMANDE\CANAL+ CANALSAT A LA DEMANDE.EXE
.
**************************************************************************
.
Heure de fin: 2012-02-16  20:10:16 - La machine a redémarré
ComboFix-quarantined-files.txt  2012-02-16 19:10
.
Avant-CF: 107 814 514 688 octets libres
Après-CF: 107 513 159 680 octets libres
.
- - End Of File - - 8815DC8CA4A9EEECC5D7637003EBDDAE

Smart91 · Answer

Est-ce que tu as toujours les mêmes problèmes ?

Smart

Jicé · Answer

oui. Et au démarrage, des applications (firefox par exemple) mettent très longtemps à démarrer. Et même souci pour la protection temps réel impossible à activer, et windows update non plus.

Smart91 · Answer

On va vérifier autre chose:

* Télécharge TDSSKiller (de Kaspersky Labs) sur ton Bureau.
* Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur")
* Clique sur Start Scan pour démarrer l'analyse.
* Si TDSS.tdl2 : l'option Delete sera cochée. 
* Si TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure soit bien cochée. 
* Si "Suspicious object" laisse l'option cochée sur Skip 
* Si Rootkit.Win32.ZAccess.* est détecté règle sur cure en haut , et delete en bas 
* Ensuite, clique sur Continue puis sur Reboot Now si nécessaire.
* Un rapport s'ouvrira au redémarrage de l'ordinateur.
* Copie/colle son contenu dans ta prochaine réponse.
Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt

Smart

Jicé · Answer

12:18:22.0991 4156	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
12:18:23.0111 4156	============================================================
12:18:23.0111 4156	Current date / time: 2012/02/17 12:18:23.0111
12:18:23.0111 4156	SystemInfo:
12:18:23.0111 4156	
12:18:23.0111 4156	OS Version: 6.1.7600 ServicePack: 0.0
12:18:23.0111 4156	Product type: Workstation
12:18:23.0111 4156	ComputerName: BANJO-PC
12:18:23.0118 4156	UserName: Banjo
12:18:23.0118 4156	Windows directory: C:\Windows
12:18:23.0118 4156	System windows directory: C:\Windows
12:18:23.0118 4156	Running under WOW64
12:18:23.0118 4156	Processor architecture: Intel x64
12:18:23.0118 4156	Number of processors: 2
12:18:23.0118 4156	Page size: 0x1000
12:18:23.0118 4156	Boot type: Normal boot
12:18:23.0118 4156	============================================================
12:18:29.0248 4156	!crdlk
12:18:29.0255 4156	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
12:18:29.0310 4156	\Device\Harddisk0\DR0:
12:18:29.0310 4156	MBR used
12:18:29.0310 4156	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
12:18:29.0310 4156	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
12:18:29.0329 4156	Initialize success
12:18:29.0329 4156	============================================================
12:18:33.0335 4612	============================================================
12:18:33.0335 4612	Scan started
12:18:33.0335 4612	Mode: Manual; 
12:18:33.0335 4612	============================================================
12:18:33.0908 4612	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:18:33.0913 4612	1394ohci - ok
12:18:33.0930 4612	Suspicious service (NoAccess): 96d3a22ff13478f7
12:18:34.0007 4612	96d3a22ff13478f7 (3cf7e5b421a18139d013180f6327fa2a) C:\Windows\System32\Drivers\96d3a22ff13478f7.sys
12:18:34.0007 4612	Suspicious file (NoAccess): C:\Windows\System32\Drivers\96d3a22ff13478f7.sys. md5: 3cf7e5b421a18139d013180f6327fa2a
12:18:34.0024 4612	96d3a22ff13478f7 ( LockedService.Multi.Generic ) - warning
12:18:34.0024 4612	96d3a22ff13478f7 - detected LockedService.Multi.Generic (1)
12:18:34.0109 4612	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:18:34.0115 4612	ACPI - ok
12:18:34.0183 4612	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:18:34.0185 4612	AcpiPmi - ok
12:18:34.0268 4612	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
12:18:34.0271 4612	adfs - ok
12:18:34.0340 4612	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:18:34.0350 4612	adp94xx - ok
12:18:34.0394 4612	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:18:34.0401 4612	adpahci - ok
12:18:34.0453 4612	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:18:34.0458 4612	adpu320 - ok
12:18:34.0634 4612	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
12:18:34.0644 4612	AFD - ok
12:18:34.0712 4612	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:18:34.0714 4612	agp440 - ok
12:18:34.0818 4612	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:18:34.0819 4612	aliide - ok
12:18:34.0884 4612	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:18:34.0886 4612	amdide - ok
12:18:34.0952 4612	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:18:34.0954 4612	AmdK8 - ok
12:18:35.0296 4612	amdkmdag        (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:18:35.0527 4612	amdkmdag - ok
12:18:35.0698 4612	amdkmdap        (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
12:18:35.0705 4612	amdkmdap - ok
12:18:35.0768 4612	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:18:35.0770 4612	AmdPPM - ok
12:18:35.0843 4612	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
12:18:35.0846 4612	amdsata - ok
12:18:35.0896 4612	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:18:35.0900 4612	amdsbs - ok
12:18:35.0938 4612	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
12:18:35.0939 4612	amdxata - ok
12:18:36.0104 4612	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:18:36.0106 4612	AppID - ok
12:18:36.0339 4612	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:18:36.0341 4612	arc - ok
12:18:36.0383 4612	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:18:36.0385 4612	arcsas - ok
12:18:36.0435 4612	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:18:36.0437 4612	AsyncMac - ok
12:18:36.0488 4612	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:18:36.0489 4612	atapi - ok
12:18:36.0821 4612	atikmdag        (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
12:18:36.0903 4612	atikmdag - ok
12:18:37.0116 4612	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
12:18:37.0117 4612	avgntflt - ok
12:18:37.0171 4612	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
12:18:37.0173 4612	avipbb - ok
12:18:37.0242 4612	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
12:18:37.0243 4612	avkmgr - ok
12:18:37.0355 4612	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:18:37.0364 4612	b06bdrv - ok
12:18:37.0444 4612	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:18:37.0449 4612	b57nd60a - ok
12:18:37.0553 4612	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:18:37.0601 4612	BCM43XX - ok
12:18:37.0773 4612	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:18:37.0774 4612	Beep - ok
12:18:37.0904 4612	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:18:37.0906 4612	blbdrive - ok
12:18:38.0027 4612	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
12:18:38.0029 4612	bowser - ok
12:18:38.0099 4612	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:18:38.0101 4612	BrFiltLo - ok
12:18:38.0146 4612	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:18:38.0148 4612	BrFiltUp - ok
12:18:38.0214 4612	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:18:38.0217 4612	BridgeMP - ok
12:18:38.0314 4612	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:18:38.0320 4612	Brserid - ok
12:18:38.0362 4612	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:18:38.0364 4612	BrSerWdm - ok
12:18:38.0406 4612	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:18:38.0408 4612	BrUsbMdm - ok
12:18:38.0440 4612	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:18:38.0441 4612	BrUsbSer - ok
12:18:38.0490 4612	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:18:38.0492 4612	BTHMODEM - ok
12:18:38.0577 4612	catchme - ok
12:18:38.0633 4612	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:18:38.0636 4612	cdfs - ok
12:18:38.0699 4612	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
12:18:38.0703 4612	cdrom - ok
12:18:38.0772 4612	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:18:38.0774 4612	circlass - ok
12:18:38.0842 4612	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:18:38.0849 4612	CLFS - ok
12:18:39.0118 4612	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:18:39.0119 4612	CmBatt - ok
12:18:39.0194 4612	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
12:18:39.0195 4612	cmdide - ok
12:18:39.0308 4612	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
12:18:39.0316 4612	CNG - ok
12:18:39.0386 4612	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:18:39.0387 4612	Compbatt - ok
12:18:39.0458 4612	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
12:18:39.0460 4612	CompositeBus - ok
12:18:39.0523 4612	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:18:39.0525 4612	crcdisk - ok
12:18:39.0697 4612	dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
12:18:39.0699 4612	dc3d - ok
12:18:39.0863 4612	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
12:18:39.0866 4612	DfsC - ok
12:18:39.0959 4612	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:18:39.0960 4612	discache - ok
12:18:40.0014 4612	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:18:40.0016 4612	Disk - ok
12:18:40.0044 4612	DKbFltr - ok
12:18:40.0158 4612	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:18:40.0159 4612	drmkaud - ok
12:18:40.0286 4612	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
12:18:40.0321 4612	DXGKrnl - ok
12:18:40.0489 4612	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:18:40.0595 4612	ebdrv - ok
12:18:40.0833 4612	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:18:40.0843 4612	elxstor - ok
12:18:40.0957 4612	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
12:18:40.0958 4612	ErrDev - ok
12:18:41.0091 4612	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:18:41.0096 4612	exfat - ok
12:18:41.0154 4612	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:18:41.0159 4612	fastfat - ok
12:18:41.0231 4612	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:18:41.0233 4612	fdc - ok
12:18:41.0368 4612	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:18:41.0369 4612	FileInfo - ok
12:18:41.0415 4612	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:18:41.0417 4612	Filetrace - ok
12:18:41.0469 4612	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:18:41.0471 4612	flpydisk - ok
12:18:41.0533 4612	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
12:18:41.0539 4612	FltMgr - ok
12:18:41.0643 4612	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:18:41.0645 4612	FsDepends - ok
12:18:41.0703 4612	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:18:41.0704 4612	Fs_Rec - ok
12:18:41.0760 4612	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:18:41.0766 4612	fvevol - ok
12:18:41.0837 4612	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:18:41.0839 4612	gagp30kx - ok
12:18:41.0907 4612	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:18:41.0908 4612	GEARAspiWDM - ok
12:18:42.0173 4612	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:18:42.0176 4612	hcw85cir - ok
12:18:42.0260 4612	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
12:18:42.0267 4612	HdAudAddService - ok
12:18:42.0339 4612	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:18:42.0342 4612	HDAudBus - ok
12:18:42.0396 4612	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:18:42.0397 4612	HidBatt - ok
12:18:42.0443 4612	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:18:42.0445 4612	HidBth - ok
12:18:42.0493 4612	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:18:42.0495 4612	HidIr - ok
12:18:42.0578 4612	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
12:18:42.0580 4612	HidUsb - ok
12:18:42.0723 4612	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
12:18:42.0725 4612	HpSAMD - ok
12:18:42.0798 4612	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
12:18:42.0812 4612	HTTP - ok
12:18:42.0864 4612	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
12:18:42.0865 4612	hwpolicy - ok
12:18:42.0923 4612	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:18:42.0930 4612	i8042prt - ok
12:18:43.0035 4612	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
12:18:43.0043 4612	iaStor - ok
12:18:43.0125 4612	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
12:18:43.0133 4612	iaStorV - ok
12:18:43.0404 4612	igfx            (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:18:43.0594 4612	igfx - ok
12:18:43.0789 4612	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:18:43.0791 4612	iirsp - ok
12:18:43.0949 4612	IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
12:18:43.0985 4612	IntcAzAudAddService - ok
12:18:44.0118 4612	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
12:18:44.0120 4612	intelide - ok
12:18:44.0377 4612	intelkmd        (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys
12:18:44.0545 4612	intelkmd - ok
12:18:44.0703 4612	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:18:44.0705 4612	intelppm - ok
12:18:44.0814 4612	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:18:44.0816 4612	IpFilterDriver - ok
12:18:44.0914 4612	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
12:18:44.0916 4612	IPMIDRV - ok
12:18:44.0966 4612	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:18:44.0969 4612	IPNAT - ok
12:18:45.0065 4612	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:18:45.0067 4612	IRENUM - ok
12:18:45.0112 4612	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
12:18:45.0114 4612	isapnp - ok
12:18:45.0184 4612	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
12:18:45.0189 4612	iScsiPrt - ok
12:18:45.0240 4612	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:18:45.0242 4612	kbdclass - ok
12:18:45.0292 4612	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
12:18:45.0294 4612	kbdhid - ok
12:18:45.0400 4612	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
12:18:45.0402 4612	KSecDD - ok
12:18:45.0446 4612	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
12:18:45.0449 4612	KSecPkg - ok
12:18:45.0507 4612	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:18:45.0508 4612	ksthunk - ok
12:18:45.0597 4612	L1C             (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:18:45.0599 4612	L1C - ok
12:18:45.0664 4612	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
12:18:45.0666 4612	L1E - ok
12:18:45.0813 4612	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:18:45.0816 4612	lltdio - ok
12:18:45.0953 4612	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:18:45.0956 4612	LSI_FC - ok
12:18:46.0000 4612	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:18:46.0003 4612	LSI_SAS - ok
12:18:46.0042 4612	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:18:46.0045 4612	LSI_SAS2 - ok
12:18:46.0099 4612	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:18:46.0102 4612	LSI_SCSI - ok
12:18:46.0171 4612	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:18:46.0173 4612	luafv - ok
12:18:46.0267 4612	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:18:46.0269 4612	megasas - ok
12:18:46.0320 4612	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:18:46.0325 4612	MegaSR - ok
12:18:46.0410 4612	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:18:46.0412 4612	Modem - ok
12:18:46.0461 4612	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:18:46.0462 4612	monitor - ok
12:18:46.0515 4612	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:18:46.0517 4612	mouclass - ok
12:18:46.0573 4612	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:18:46.0575 4612	mouhid - ok
12:18:46.0632 4612	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
12:18:46.0634 4612	mountmgr - ok
12:18:46.0686 4612	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
12:18:46.0690 4612	mpio - ok
12:18:46.0752 4612	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:18:46.0754 4612	mpsdrv - ok
12:18:46.0866 4612	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
12:18:46.0869 4612	MRxDAV - ok
12:18:46.0952 4612	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:18:46.0955 4612	mrxsmb - ok
12:18:47.0021 4612	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:18:47.0027 4612	mrxsmb10 - ok
12:18:47.0104 4612	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:18:47.0107 4612	mrxsmb20 - ok
12:18:47.0173 4612	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
12:18:47.0174 4612	msahci - ok
12:18:47.0227 4612	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
12:18:47.0231 4612	msdsm - ok
12:18:47.0340 4612	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:18:47.0340 4612	Msfs - ok
12:18:47.0384 4612	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:18:47.0386 4612	mshidkmdf - ok
12:18:47.0434 4612	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
12:18:47.0434 4612	msisadrv - ok
12:18:47.0532 4612	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:18:47.0533 4612	MSKSSRV - ok
12:18:47.0578 4612	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:18:47.0579 4612	MSPCLOCK - ok
12:18:47.0619 4612	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:18:47.0620 4612	MSPQM - ok
12:18:47.0674 4612	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
12:18:47.0682 4612	MsRPC - ok
12:18:47.0751 4612	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
12:18:47.0752 4612	mssmbios - ok
12:18:47.0799 4612	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:18:47.0800 4612	MSTEE - ok
12:18:47.0850 4612	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:18:47.0851 4612	MTConfig - ok
12:18:47.0909 4612	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:18:47.0910 4612	Mup - ok
12:18:47.0973 4612	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:18:47.0974 4612	mwlPSDFilter - ok
12:18:48.0013 4612	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:18:48.0015 4612	mwlPSDNServ - ok
12:18:48.0055 4612	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:18:48.0058 4612	mwlPSDVDisk - ok
12:18:48.0237 4612	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
wifi.sys
12:18:48.0244 4612	NativeWifiP - ok
12:18:48.0341 4612	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers
dis.sys
12:18:48.0357 4612	NDIS - ok
12:18:48.0407 4612	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
discap.sys
12:18:48.0409 4612	NdisCap - ok
12:18:48.0470 4612	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
distapi.sys
12:18:48.0472 4612	NdisTapi - ok
12:18:48.0530 4612	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS
disuio.sys
12:18:48.0532 4612	Ndisuio - ok
12:18:48.0588 4612	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS
diswan.sys
12:18:48.0592 4612	NdisWan - ok
12:18:48.0633 4612	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
12:18:48.0636 4612	NDProxy - ok
12:18:48.0696 4612	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
etbios.sys
12:18:48.0697 4612	NetBIOS - ok
12:18:48.0780 4612	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS
etbt.sys
12:18:48.0786 4612	NetBT - ok
12:18:49.0182 4612	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
12:18:49.0373 4612	NETw5s64 - ok
12:18:49.0528 4612	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
frd960.sys
12:18:49.0530 4612	nfrd960 - ok
12:18:49.0610 4612	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:18:49.0611 4612	Npfs - ok
12:18:49.0675 4612	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
siproxy.sys
12:18:49.0677 4612	nsiproxy - ok
12:18:49.0833 4612	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
12:18:49.0877 4612	Ntfs - ok
12:18:50.0049 4612	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
12:18:50.0051 4612	NTIDrvr - ok
12:18:50.0143 4612	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:18:50.0144 4612	Null - ok
12:18:50.0218 4612	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers
vraid.sys
12:18:50.0222 4612	nvraid - ok
12:18:50.0277 4612	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers
vstor.sys
12:18:50.0282 4612	nvstor - ok
12:18:50.0356 4612	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS
v_agp.sys
12:18:50.0359 4612	nv_agp - ok
12:18:50.0469 4612	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
12:18:50.0472 4612	ohci1394 - ok
12:18:50.0663 4612	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:18:50.0666 4612	Parport - ok
12:18:50.0729 4612	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
12:18:50.0731 4612	partmgr - ok
12:18:50.0826 4612	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
12:18:50.0829 4612	pci - ok
12:18:50.0875 4612	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
12:18:50.0876 4612	pciide - ok
12:18:50.0928 4612	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:18:50.0933 4612	pcmcia - ok
12:18:50.0985 4612	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:18:50.0986 4612	pcw - ok
12:18:51.0065 4612	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:18:51.0082 4612	PEAUTH - ok
12:18:51.0420 4612	Point64         (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
12:18:51.0422 4612	Point64 - ok
12:18:51.0564 4612	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERSaspptp.sys
12:18:51.0567 4612	PptpMiniport - ok
12:18:51.0621 4612	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:18:51.0623 4612	Processor - ok
12:18:51.0736 4612	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
12:18:51.0739 4612	Psched - ok
12:18:51.0837 4612	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:18:51.0889 4612	ql2300 - ok
12:18:51.0995 4612	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:18:51.0998 4612	ql40xx - ok
12:18:52.0083 4612	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:18:52.0085 4612	QWAVEdrv - ok
12:18:52.0125 4612	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERSasacd.sys
12:18:52.0127 4612	RasAcd - ok
12:18:52.0192 4612	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:18:52.0194 4612	RasAgileVpn - ok
12:18:52.0263 4612	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERSasl2tp.sys
12:18:52.0266 4612	Rasl2tp - ok
12:18:52.0331 4612	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERSaspppoe.sys
12:18:52.0334 4612	RasPppoe - ok
12:18:52.0396 4612	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERSassstp.sys
12:18:52.0399 4612	RasSstp - ok
12:18:52.0461 4612	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERSdbss.sys
12:18:52.0467 4612	rdbss - ok
12:18:52.0519 4612	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERSdpbus.sys
12:18:52.0520 4612	rdpbus - ok
12:18:52.0567 4612	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:18:52.0568 4612	RDPCDD - ok
12:18:52.0626 4612	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\driversdpencdd.sys
12:18:52.0627 4612	RDPENCDD - ok
12:18:52.0689 4612	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\driversdprefmp.sys
12:18:52.0692 4612	RDPREFMP - ok
12:18:52.0744 4612	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
12:18:52.0748 4612	RDPWD - ok
12:18:52.0819 4612	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\driversdyboost.sys
12:18:52.0824 4612	rdyboost - ok
12:18:53.0015 4612	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERSspndr.sys
12:18:53.0018 4612	rspndr - ok
12:18:53.0084 4612	RSUSBSTOR       (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
12:18:53.0089 4612	RSUSBSTOR - ok
12:18:53.0159 4612	RtsUIR - ok
12:18:53.0258 4612	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
12:18:53.0261 4612	sbp2port - ok
12:18:53.0336 4612	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
12:18:53.0338 4612	scfilter - ok
12:18:53.0444 4612	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:18:53.0446 4612	secdrv - ok
12:18:53.0558 4612	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:18:53.0560 4612	Serenum - ok
12:18:53.0605 4612	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:18:53.0608 4612	Serial - ok
12:18:53.0668 4612	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:18:53.0670 4612	sermouse - ok
12:18:53.0787 4612	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
12:18:53.0788 4612	sffdisk - ok
12:18:53.0824 4612	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
12:18:53.0825 4612	sffp_mmc - ok
12:18:53.0871 4612	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:18:53.0872 4612	sffp_sd - ok
12:18:53.0902 4612	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:18:53.0904 4612	sfloppy - ok
12:18:54.0019 4612	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:18:54.0021 4612	SiSRaid2 - ok
12:18:54.0071 4612	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:18:54.0073 4612	SiSRaid4 - ok
12:18:54.0132 4612	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:18:54.0134 4612	Smb - ok
12:18:54.0245 4612	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:18:54.0246 4612	spldr - ok
12:18:54.0416 4612	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
12:18:54.0425 4612	srv - ok
12:18:54.0496 4612	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
12:18:54.0504 4612	srv2 - ok
12:18:54.0578 4612	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
12:18:54.0581 4612	srvnet - ok
12:18:54.0706 4612	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:18:54.0708 4612	stexstor - ok
12:18:54.0805 4612	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
12:18:54.0807 4612	swenum - ok
12:18:54.0945 4612	SynTP           (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
12:18:54.0951 4612	SynTP - ok
12:18:55.0201 4612	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers	cpip.sys
12:18:55.0248 4612	Tcpip - ok
12:18:55.0467 4612	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS	cpip.sys
12:18:55.0485 4612	TCPIP6 - ok
12:18:55.0605 4612	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers	cpipreg.sys
12:18:55.0607 4612	tcpipreg - ok
12:18:55.0664 4612	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers	dpipe.sys
12:18:55.0666 4612	TDPIPE - ok
12:18:55.0711 4612	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers	dtcp.sys
12:18:55.0712 4612	TDTCP - ok
12:18:55.0763 4612	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS	dx.sys
12:18:55.0766 4612	tdx - ok
12:18:55.0817 4612	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS	ermdd.sys
12:18:55.0820 4612	TermDD - ok
12:18:56.0079 4612	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS	ssecsrv.sys
12:18:56.0081 4612	tssecsrv - ok
12:18:56.0139 4612	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS	unnel.sys
12:18:56.0143 4612	tunnel - ok
12:18:56.0183 4612	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:18:56.0186 4612	uagp35 - ok
12:18:56.0269 4612	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
12:18:56.0271 4612	UBHelper - ok
12:18:56.0350 4612	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
12:18:56.0357 4612	udfs - ok
12:18:56.0454 4612	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
12:18:56.0457 4612	uliagpkx - ok
12:18:56.0519 4612	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
12:18:56.0521 4612	umbus - ok
12:18:56.0566 4612	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:18:56.0568 4612	UmPass - ok
12:18:56.0692 4612	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
12:18:56.0695 4612	usbccgp - ok
12:18:56.0740 4612	USBCCID - ok
12:18:56.0818 4612	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
12:18:56.0821 4612	usbcir - ok
12:18:56.0897 4612	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys
12:18:56.0899 4612	usbehci - ok
12:18:56.0994 4612	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
12:18:57.0001 4612	usbhub - ok
12:18:57.0063 4612	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
12:18:57.0065 4612	usbohci - ok
12:18:57.0140 4612	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:18:57.0142 4612	usbprint - ok
12:18:57.0197 4612	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:18:57.0199 4612	usbscan - ok
12:18:57.0262 4612	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:18:57.0265 4612	USBSTOR - ok
12:18:57.0334 4612	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys
12:18:57.0336 4612	usbuhci - ok
12:18:57.0398 4612	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
12:18:57.0398 4612	Suspicious file (NoAccess): C:\Windows\system32\Drivers\usbvideo.sys. md5: 7cb8c573c6e4a2714402cc0a36eab4fe
12:18:57.0438 4612	usbvideo ( LockedFile.Multi.Generic ) - warning
12:18:57.0438 4612	usbvideo - detected LockedFile.Multi.Generic (1)
12:18:57.0623 4612	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
12:18:57.0623 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vdrvroot.sys. md5: c5c876ccfc083ff3b128f933823e87bd
12:18:57.0642 4612	vdrvroot ( LockedFile.Multi.Generic ) - warning
12:18:57.0642 4612	vdrvroot - detected LockedFile.Multi.Generic (1)
12:18:57.0710 4612	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:18:57.0710 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vgapnp.sys. md5: da4da3f5e02943c2dc8c6ed875de68dd
12:18:57.0724 4612	vga ( LockedFile.Multi.Generic ) - warning
12:18:57.0724 4612	vga - detected LockedFile.Multi.Generic (1)
12:18:57.0782 4612	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:18:57.0782 4612	Suspicious file (NoAccess): C:\Windows\System32\drivers\vga.sys. md5: 53e92a310193cb3c03bea963de7d9cfc
12:18:57.0795 4612	VgaSave ( LockedFile.Multi.Generic ) - warning
12:18:57.0795 4612	VgaSave - detected LockedFile.Multi.Generic (1)
12:18:57.0856 4612	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
12:18:57.0856 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vhdmp.sys. md5: c82e748660f62a242b2dfac1442f22a4
12:18:57.0867 4612	vhdmp ( LockedFile.Multi.Generic ) - warning
12:18:57.0867 4612	vhdmp - detected LockedFile.Multi.Generic (1)
12:18:57.0929 4612	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
12:18:57.0929 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\viaide.sys. md5: e5689d93ffe4e5d66c0178761240dd54
12:18:57.0937 4612	viaide ( LockedFile.Multi.Generic ) - warning
12:18:57.0937 4612	viaide - detected LockedFile.Multi.Generic (1)
12:18:57.0988 4612	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
12:18:57.0988 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volmgr.sys. md5: 2b1a3dae2b4e70dbba822b7a03fbd4a3
12:18:57.0996 4612	volmgr ( LockedFile.Multi.Generic ) - warning
12:18:57.0996 4612	volmgr - detected LockedFile.Multi.Generic (1)
12:18:58.0068 4612	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
12:18:58.0069 4612	Suspicious file (NoAccess): C:\Windows\system32\drivers\volmgrx.sys. md5: 99b0cbb569ca79acaed8c91461d765fb
12:18:58.0077 4612	volmgrx ( LockedFile.Multi.Generic ) - warning
12:18:58.0077 4612	volmgrx - detected LockedFile.Multi.Generic (1)
12:18:58.0131 4612	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
12:18:58.0131 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\volsnap.sys. md5: 58f82eed8ca24b461441f9c3e4f0bf5c
12:18:58.0140 4612	volsnap ( LockedFile.Multi.Generic ) - warning
12:18:58.0140 4612	volsnap - detected LockedFile.Multi.Generic (1)
12:18:58.0193 4612	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:18:58.0193 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vsmraid.sys. md5: 5e2016ea6ebaca03c04feac5f330d997
12:18:58.0204 4612	vsmraid ( LockedFile.Multi.Generic ) - warning
12:18:58.0204 4612	vsmraid - detected LockedFile.Multi.Generic (1)
12:18:58.0279 4612	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:18:58.0279 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifibus.sys. md5: 36d4720b72b5c5d9cb2b9c29e9df67a1
12:18:58.0286 4612	vwifibus ( LockedFile.Multi.Generic ) - warning
12:18:58.0287 4612	vwifibus - detected LockedFile.Multi.Generic (1)
12:18:58.0346 4612	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:18:58.0346 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwififlt.sys. md5: 6a3d66263414ff0d6fa754c646612f3f
12:18:58.0363 4612	vwififlt ( LockedFile.Multi.Generic ) - warning
12:18:58.0363 4612	vwififlt - detected LockedFile.Multi.Generic (1)
12:18:58.0418 4612	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:18:58.0418 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\vwifimp.sys. md5: 6a638fc4bfddc4d9b186c28c91bd1a01
12:18:58.0425 4612	vwifimp ( LockedFile.Multi.Generic ) - warning
12:18:58.0426 4612	vwifimp - detected LockedFile.Multi.Generic (1)
12:18:58.0530 4612	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:18:58.0530 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wacompen.sys. md5: 4e9440f4f152a7b944cb1663d3935a3e
12:18:58.0553 4612	WacomPen ( LockedFile.Multi.Generic ) - warning
12:18:58.0553 4612	WacomPen - detected LockedFile.Multi.Generic (1)
12:18:58.0607 4612	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:58.0607 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47ca49400643effd3f1c9a27e1d69324
12:18:58.0629 4612	WANARP ( LockedFile.Multi.Generic ) - warning
12:18:58.0629 4612	WANARP - detected LockedFile.Multi.Generic (1)
12:18:58.0651 4612	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
12:18:58.0651 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wanarp.sys. md5: 47ca49400643effd3f1c9a27e1d69324
12:18:58.0663 4612	Wanarpv6 ( LockedFile.Multi.Generic ) - warning
12:18:58.0663 4612	Wanarpv6 - detected LockedFile.Multi.Generic (1)
12:18:58.0828 4612	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:18:58.0828 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wd.sys. md5: 72889e16ff12ba0f235467d6091b17dc
12:18:58.0836 4612	Wd ( LockedFile.Multi.Generic ) - warning
12:18:58.0836 4612	Wd - detected LockedFile.Multi.Generic (1)
12:18:58.0920 4612	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:18:58.0920 4612	Suspicious file (NoAccess): C:\Windows\system32\drivers\Wdf01000.sys. md5: 441bd2d7b4f98134c3a4f9fa570fd250
12:18:58.0943 4612	Wdf01000 ( LockedFile.Multi.Generic ) - warning
12:18:58.0943 4612	Wdf01000 - detected LockedFile.Multi.Generic (1)
12:18:59.0197 4612	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:18:59.0197 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wfplwf.sys. md5: 611b23304bf067451a9fdee01fbdd725
12:18:59.0208 4612	WfpLwf ( LockedFile.Multi.Generic ) - warning
12:18:59.0208 4612	WfpLwf - detected LockedFile.Multi.Generic (1)
12:18:59.0285 4612	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:18:59.0285 4612	Suspicious file (NoAccess): C:\Windows\system32\drivers\wimmount.sys. md5: 05ecaec3e4529a7153b3136ceb49f0ec
12:18:59.0310 4612	WIMMount ( LockedFile.Multi.Generic ) - warning
12:18:59.0310 4612	WIMMount - detected LockedFile.Multi.Generic (1)
12:18:59.0596 4612	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
12:18:59.0596 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WinUsb.sys. md5: 817eaff5d38674edd7713b9dfb8e9791
12:18:59.0621 4612	WinUsb ( LockedFile.Multi.Generic ) - warning
12:18:59.0621 4612	WinUsb - detected LockedFile.Multi.Generic (1)
12:18:59.0843 4612	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:18:59.0843 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\wmiacpi.sys. md5: f6ff8944478594d0e414d3f048f0d778
12:18:59.0865 4612	WmiAcpi ( LockedFile.Multi.Generic ) - warning
12:18:59.0865 4612	WmiAcpi - detected LockedFile.Multi.Generic (1)
12:19:00.0079 4612	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:19:00.0079 4612	Suspicious file (NoAccess): C:\Windows\system32\drivers\ws2ifsl.sys. md5: 6bcc1d7d2fd2453957c5479a32364e52
12:19:00.0101 4612	ws2ifsl ( LockedFile.Multi.Generic ) - warning
12:19:00.0101 4612	ws2ifsl - detected LockedFile.Multi.Generic (1)
12:19:00.0340 4612	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
12:19:00.0340 4612	Suspicious file (NoAccess): C:\Windows\system32\drivers\WudfPf.sys. md5: 7cadc74271dd6461c452c271b30bd378
12:19:00.0356 4612	WudfPf ( LockedFile.Multi.Generic ) - warning
12:19:00.0356 4612	WudfPf - detected LockedFile.Multi.Generic (1)
12:19:00.0426 4612	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:19:00.0426 4612	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\WUDFRd.sys. md5: 3b197af0fff08aa66b6b2241ca538d64
12:19:00.0442 4612	WUDFRd ( LockedFile.Multi.Generic ) - warning
12:19:00.0442 4612	WUDFRd - detected LockedFile.Multi.Generic (1)
12:19:00.0597 4612	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:19:00.0665 4612	\Device\Harddisk0\DR0 - ok
12:19:00.0673 4612	Boot (0x1200)   (86d8a28d09e9ff15f45ae564c6258e5d) \Device\Harddisk0\DR0\Partition0
12:19:00.0676 4612	\Device\Harddisk0\DR0\Partition0 - ok
12:19:00.0693 4612	Boot (0x1200)   (4d32885a6886e2e49b29ad5661556949) \Device\Harddisk0\DR0\Partition1
12:19:00.0695 4612	\Device\Harddisk0\DR0\Partition1 - ok
12:19:00.0696 4612	============================================================
12:19:00.0696 4612	Scan finished
12:19:00.0696 4612	============================================================
12:19:00.0711 1716	Detected object count: 26
12:19:00.0712 1716	Actual detected object count: 26
12:21:37.0864 1716	96d3a22ff13478f7 ( LockedService.Multi.Generic ) - skipped by user
12:21:37.0864 1716	96d3a22ff13478f7 ( LockedService.Multi.Generic ) - User select action: Skip 
12:21:37.0868 1716	usbvideo ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0868 1716	usbvideo ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0871 1716	vdrvroot ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0871 1716	vdrvroot ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0874 1716	vga ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0874 1716	vga ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0876 1716	VgaSave ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0876 1716	VgaSave ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0879 1716	vhdmp ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0879 1716	vhdmp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0880 1716	viaide ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0880 1716	viaide ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0883 1716	volmgr ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0883 1716	volmgr ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0886 1716	volmgrx ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0886 1716	volmgrx ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0888 1716	volsnap ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0889 1716	volsnap ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0891 1716	vsmraid ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0891 1716	vsmraid ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0894 1716	vwifibus ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0894 1716	vwifibus ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0897 1716	vwififlt ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0897 1716	vwififlt ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0900 1716	vwifimp ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0900 1716	vwifimp ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0903 1716	WacomPen ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0903 1716	WacomPen ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0905 1716	WANARP ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0906 1716	WANARP ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0908 1716	Wanarpv6 ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0908 1716	Wanarpv6 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0911 1716	Wd ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0911 1716	Wd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0915 1716	Wdf01000 ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0915 1716	Wdf01000 ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0918 1716	WfpLwf ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0918 1716	WfpLwf ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0921 1716	WIMMount ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0921 1716	WIMMount ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0923 1716	WinUsb ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0924 1716	WinUsb ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0926 1716	WmiAcpi ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0926 1716	WmiAcpi ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0930 1716	ws2ifsl ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0930 1716	ws2ifsl ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0931 1716	WudfPf ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0931 1716	WudfPf ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:37.0934 1716	WUDFRd ( LockedFile.Multi.Generic ) - skipped by user
12:21:37.0934 1716	WUDFRd ( LockedFile.Multi.Generic ) - User select action: Skip 
12:21:48.0459 4300	Deinitialize success

Smart91 · Answer

Relance TDSSKiller. Refais un scan.

Et lorque tu vois ce fichier 96d3a22ff13478f7 coche delete et/ou sur cure
Les autres tu laisses sur skip
Et poste le rapport

Smart

Jicé · Answer

13:13:50.0613 4284	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:13:50.0728 4284	============================================================
13:13:50.0728 4284	Current date / time: 2012/02/17 13:13:50.0728
13:13:50.0728 4284	SystemInfo:
13:13:50.0728 4284	
13:13:50.0728 4284	OS Version: 6.1.7600 ServicePack: 0.0
13:13:50.0728 4284	Product type: Workstation
13:13:50.0728 4284	ComputerName: BANJO-PC
13:13:50.0728 4284	UserName: Banjo
13:13:50.0728 4284	Windows directory: C:\Windows
13:13:50.0729 4284	System windows directory: C:\Windows
13:13:50.0729 4284	Running under WOW64
13:13:50.0729 4284	Processor architecture: Intel x64
13:13:50.0729 4284	Number of processors: 2
13:13:50.0729 4284	Page size: 0x1000
13:13:50.0729 4284	Boot type: Normal boot
13:13:50.0729 4284	============================================================
13:13:57.0132 4284	Raw registry subsystem init failed!
13:13:57.0442 4284	!crdlk
13:13:57.0448 4284	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
13:13:57.0457 4284	\Device\Harddisk0\DR0:
13:13:57.0458 4284	MBR used
13:13:57.0458 4284	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
13:13:57.0458 4284	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
13:13:57.0515 4284	Initialize success
13:13:57.0515 4284	============================================================
13:14:02.0764 3932	============================================================
13:14:02.0764 3932	Scan started
13:14:02.0764 3932	Mode: Manual; 
13:14:02.0764 3932	============================================================
13:14:02.0765 3932	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:14:02.0773 3932	\Device\Harddisk0\DR0 - ok
13:14:02.0778 3932	Boot (0x1200)   (86d8a28d09e9ff15f45ae564c6258e5d) \Device\Harddisk0\DR0\Partition0
13:14:02.0780 3932	\Device\Harddisk0\DR0\Partition0 - ok
13:14:02.0786 3932	Boot (0x1200)   (4d32885a6886e2e49b29ad5661556949) \Device\Harddisk0\DR0\Partition1
13:14:02.0788 3932	\Device\Harddisk0\DR0\Partition1 - ok
13:14:02.0791 3932	============================================================
13:14:02.0791 3932	Scan finished
13:14:02.0791 3932	============================================================
13:14:02.0880 3908	Detected object count: 0
13:14:02.0880 3908	Actual detected object count: 0

Jicé · Answer

le scan a été très rapide et il n'a pas remis les mêmes messages qu'au premier scan.

Smart91 · Answer

Je pense que cela vient de ceci: 
13:13:57.0132 4284 Raw registry subsystem init failed!  

Tu l'as bien lancé en tant qu'administrateur ? 
Recommence 

Smart 
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)

Jicé · Answer

oui oui, je l'ai fait. Je vais redémarrer l'ordi et réessayer

Smart91 · Answer

OK. Sinon on le supprimera autrement

Smart

Jicé · Answer

Hourra ! Le parapluie d'Avira s'est enfin ouvert !

Jicé · Answer

13:50:59.0107 4668	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
13:50:59.0278 4668	============================================================
13:50:59.0278 4668	Current date / time: 2012/02/17 13:50:59.0278
13:50:59.0278 4668	SystemInfo:
13:50:59.0278 4668	
13:50:59.0278 4668	OS Version: 6.1.7600 ServicePack: 0.0
13:50:59.0278 4668	Product type: Workstation
13:50:59.0278 4668	ComputerName: BANJO-PC
13:50:59.0278 4668	UserName: Banjo
13:50:59.0278 4668	Windows directory: C:\Windows
13:50:59.0278 4668	System windows directory: C:\Windows
13:50:59.0278 4668	Running under WOW64
13:50:59.0278 4668	Processor architecture: Intel x64
13:50:59.0278 4668	Number of processors: 2
13:50:59.0278 4668	Page size: 0x1000
13:50:59.0278 4668	Boot type: Normal boot
13:50:59.0278 4668	============================================================
13:51:03.0381 4668	!crdlk
13:51:03.0397 4668	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
13:51:03.0412 4668	\Device\Harddisk0\DR0:
13:51:03.0412 4668	MBR used
13:51:03.0412 4668	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
13:51:03.0412 4668	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0
13:51:03.0459 4668	Initialize success
13:51:03.0459 4668	============================================================
13:51:05.0815 3540	============================================================
13:51:05.0815 3540	Scan started
13:51:05.0815 3540	Mode: Manual; 
13:51:05.0815 3540	============================================================
13:51:06.0205 3540	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:51:06.0205 3540	1394ohci - ok
13:51:06.0236 3540	Suspicious service (NoAccess): 96d3a22ff13478f7
13:51:06.0298 3540	96d3a22ff13478f7 (3cf7e5b421a18139d013180f6327fa2a) C:\Windows\System32\Drivers\96d3a22ff13478f7.sys
13:51:06.0298 3540	Suspicious file (NoAccess): C:\Windows\System32\Drivers\96d3a22ff13478f7.sys. md5: 3cf7e5b421a18139d013180f6327fa2a
13:51:06.0345 3540	96d3a22ff13478f7 ( LockedService.Multi.Generic ) - warning
13:51:06.0345 3540	96d3a22ff13478f7 - detected LockedService.Multi.Generic (1)
13:51:06.0439 3540	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:51:06.0454 3540	ACPI - ok
13:51:06.0501 3540	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:51:06.0501 3540	AcpiPmi - ok
13:51:06.0595 3540	adfs            (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
13:51:06.0595 3540	adfs - ok
13:51:06.0673 3540	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:51:06.0688 3540	adp94xx - ok
13:51:06.0735 3540	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:51:06.0751 3540	adpahci - ok
13:51:06.0797 3540	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:51:06.0797 3540	adpu320 - ok
13:51:06.0938 3540	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
13:51:06.0938 3540	AFD - ok
13:51:07.0016 3540	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:51:07.0016 3540	agp440 - ok
13:51:07.0109 3540	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:51:07.0109 3540	aliide - ok
13:51:07.0172 3540	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:51:07.0172 3540	amdide - ok
13:51:07.0234 3540	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:51:07.0234 3540	AmdK8 - ok
13:51:07.0546 3540	amdkmdag        (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:51:07.0624 3540	amdkmdag - ok
13:51:07.0749 3540	amdkmdap        (6b4e9261b613b047a9a145f328889968) C:\Windows\system32\DRIVERS\atikmpag.sys
13:51:07.0749 3540	amdkmdap - ok
13:51:07.0811 3540	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:51:07.0811 3540	AmdPPM - ok
13:51:07.0874 3540	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
13:51:07.0874 3540	amdsata - ok
13:51:07.0952 3540	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:51:07.0952 3540	amdsbs - ok
13:51:08.0014 3540	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
13:51:08.0014 3540	amdxata - ok
13:51:08.0201 3540	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:51:08.0201 3540	AppID - ok
13:51:08.0451 3540	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:51:08.0451 3540	arc - ok
13:51:08.0513 3540	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:51:08.0513 3540	arcsas - ok
13:51:08.0576 3540	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:51:08.0576 3540	AsyncMac - ok
13:51:08.0638 3540	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:51:08.0638 3540	atapi - ok
13:51:08.0981 3540	atikmdag        (60216b0e704584de6d5a9f59e9c34c47) C:\Windows\system32\DRIVERS\atikmdag.sys
13:51:09.0059 3540	atikmdag - ok
13:51:09.0278 3540	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
13:51:09.0278 3540	avgntflt - ok
13:51:09.0340 3540	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
13:51:09.0340 3540	avipbb - ok
13:51:09.0418 3540	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:51:09.0418 3540	avkmgr - ok
13:51:09.0543 3540	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:51:09.0559 3540	b06bdrv - ok
13:51:09.0621 3540	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:51:09.0621 3540	b57nd60a - ok
13:51:09.0746 3540	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
13:51:09.0777 3540	BCM43XX - ok
13:51:09.0949 3540	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:51:09.0949 3540	Beep - ok
13:51:10.0073 3540	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:51:10.0089 3540	blbdrive - ok
13:51:10.0198 3540	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
13:51:10.0198 3540	bowser - ok
13:51:10.0261 3540	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:51:10.0261 3540	BrFiltLo - ok
13:51:10.0307 3540	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:51:10.0307 3540	BrFiltUp - ok
13:51:10.0370 3540	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:51:10.0370 3540	BridgeMP - ok
13:51:10.0463 3540	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:51:10.0479 3540	Brserid - ok
13:51:10.0526 3540	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:51:10.0526 3540	BrSerWdm - ok
13:51:10.0573 3540	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:51:10.0573 3540	BrUsbMdm - ok
13:51:10.0619 3540	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:51:10.0619 3540	BrUsbSer - ok
13:51:10.0651 3540	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:51:10.0651 3540	BTHMODEM - ok
13:51:10.0744 3540	catchme - ok
13:51:10.0807 3540	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:51:10.0807 3540	cdfs - ok
13:51:10.0869 3540	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:51:10.0885 3540	cdrom - ok
13:51:10.0947 3540	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:51:10.0947 3540	circlass - ok
13:51:11.0025 3540	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:51:11.0041 3540	CLFS - ok
13:51:11.0290 3540	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:51:11.0290 3540	CmBatt - ok
13:51:11.0353 3540	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:51:11.0353 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cmdide.sys. md5: e19d3f095812725d88f9001985b94edd
13:51:11.0384 3540	cmdide ( LockedFile.Multi.Generic ) - warning
13:51:11.0384 3540	cmdide - detected LockedFile.Multi.Generic (1)
13:51:11.0477 3540	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
13:51:11.0477 3540	Suspicious file (NoAccess): C:\Windows\system32\Drivers\cng.sys. md5: 937beb186a735aca91d717044a49d17e
13:51:11.0524 3540	CNG ( LockedFile.Multi.Generic ) - warning
13:51:11.0524 3540	CNG - detected LockedFile.Multi.Generic (1)
13:51:11.0633 3540	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:51:11.0633 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\compbatt.sys. md5: 102de219c3f61415f964c88e9085ad14
13:51:11.0649 3540	Compbatt ( LockedFile.Multi.Generic ) - warning
13:51:11.0649 3540	Compbatt - detected LockedFile.Multi.Generic (1)
13:51:11.0758 3540	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:51:11.0758 3540	CompositeBus - ok
13:51:11.0836 3540	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:51:11.0836 3540	crcdisk - ok
13:51:12.0070 3540	dc3d            (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
13:51:12.0070 3540	dc3d - ok
13:51:12.0257 3540	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
13:51:12.0257 3540	DfsC - ok
13:51:12.0335 3540	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:51:12.0335 3540	discache - ok
13:51:12.0398 3540	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:51:12.0398 3540	Disk - ok
13:51:12.0445 3540	DKbFltr - ok
13:51:12.0569 3540	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:51:12.0569 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\drmkaud.sys. md5: 9b19f34400d24df84c858a421c205754
13:51:12.0585 3540	drmkaud ( LockedFile.Multi.Generic ) - warning
13:51:12.0585 3540	drmkaud - detected LockedFile.Multi.Generic (1)
13:51:12.0772 3540	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
13:51:12.0772 3540	Suspicious file (NoAccess): C:\Windows\System32\drivers\dxgkrnl.sys. md5: 1633b9abf52784a1331476397a48cbef
13:51:12.0788 3540	DXGKrnl ( LockedFile.Multi.Generic ) - warning
13:51:12.0788 3540	DXGKrnl - detected LockedFile.Multi.Generic (1)
13:51:13.0006 3540	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:51:13.0006 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\evbda.sys. md5: dc5d737f51be844d8c82c695eb17372f
13:51:13.0022 3540	ebdrv ( LockedFile.Multi.Generic ) - warning
13:51:13.0022 3540	ebdrv - detected LockedFile.Multi.Generic (1)
13:51:13.0178 3540	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:51:13.0178 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\elxstor.sys. md5: 0e5da5369a0fcaea12456dd852545184
13:51:13.0193 3540	elxstor ( LockedFile.Multi.Generic ) - warning
13:51:13.0193 3540	elxstor - detected LockedFile.Multi.Generic (1)
13:51:13.0287 3540	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:51:13.0287 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\errdev.sys. md5: 34a3c54752046e79a126e15c51db409b
13:51:13.0318 3540	ErrDev ( LockedFile.Multi.Generic ) - warning
13:51:13.0318 3540	ErrDev - detected LockedFile.Multi.Generic (1)
13:51:13.0474 3540	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:51:13.0474 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\exfat.sys. md5: a510c654ec00c1e9bdd91eeb3a59823b
13:51:13.0474 3540	exfat ( LockedFile.Multi.Generic ) - warning
13:51:13.0474 3540	exfat - detected LockedFile.Multi.Generic (1)
13:51:13.0537 3540	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:51:13.0537 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\fastfat.sys. md5: 0adc83218b66a6db380c330836f3e36d
13:51:13.0552 3540	fastfat ( LockedFile.Multi.Generic ) - warning
13:51:13.0552 3540	fastfat - detected LockedFile.Multi.Generic (1)
13:51:13.0630 3540	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:51:13.0630 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fdc.sys. md5: d765d19cd8ef61f650c384f62fac00ab
13:51:13.0646 3540	fdc ( LockedFile.Multi.Generic ) - warning
13:51:13.0646 3540	fdc - detected LockedFile.Multi.Generic (1)
13:51:13.0817 3540	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:51:13.0817 3540	FileInfo - ok
13:51:13.0864 3540	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:51:13.0864 3540	Filetrace - ok
13:51:13.0942 3540	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:51:13.0942 3540	flpydisk - ok
13:51:14.0005 3540	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:51:14.0005 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\fltmgr.sys. md5: f7866af72abbaf84b1fa5aa195378c59
13:51:14.0036 3540	FltMgr ( LockedFile.Multi.Generic ) - warning
13:51:14.0036 3540	FltMgr - detected LockedFile.Multi.Generic (1)
13:51:14.0129 3540	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:51:14.0129 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\FsDepends.sys. md5: d43703496149971890703b4b1b723eac
13:51:14.0145 3540	FsDepends ( LockedFile.Multi.Generic ) - warning
13:51:14.0145 3540	FsDepends - detected LockedFile.Multi.Generic (1)
13:51:14.0239 3540	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:51:14.0254 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\Fs_Rec.sys. md5: e95ef8547de20cf0603557c0cf7a9462
13:51:14.0254 3540	Fs_Rec ( LockedFile.Multi.Generic ) - warning
13:51:14.0254 3540	Fs_Rec - detected LockedFile.Multi.Generic (1)
13:51:14.0332 3540	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:51:14.0332 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\fvevol.sys. md5: ae87ba80d0ec3b57126ed2cdc15b24ed
13:51:14.0348 3540	fvevol ( LockedFile.Multi.Generic ) - warning
13:51:14.0348 3540	fvevol - detected LockedFile.Multi.Generic (1)
13:51:14.0426 3540	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:51:14.0426 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\gagp30kx.sys. md5: 8c778d335c9d272cfd3298ab02abe3b6
13:51:14.0441 3540	gagp30kx ( LockedFile.Multi.Generic ) - warning
13:51:14.0441 3540	gagp30kx - detected LockedFile.Multi.Generic (1)
13:51:14.0504 3540	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:51:14.0504 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\GEARAspiWDM.sys. md5: e403aacf8c7bb11375122d2464560311
13:51:14.0535 3540	GEARAspiWDM ( LockedFile.Multi.Generic ) - warning
13:51:14.0535 3540	GEARAspiWDM - detected LockedFile.Multi.Generic (1)
13:51:14.0769 3540	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:51:14.0769 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\hcw85cir.sys. md5: f2523ef6460fc42405b12248338ab2f0
13:51:14.0800 3540	hcw85cir ( LockedFile.Multi.Generic ) - warning
13:51:14.0800 3540	hcw85cir - detected LockedFile.Multi.Generic (1)
13:51:14.0878 3540	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:51:14.0878 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\HdAudio.sys. md5: 6410f6f415b2a5a9037224c41da8bf12
13:51:14.0878 3540	HdAudAddService ( LockedFile.Multi.Generic ) - warning
13:51:14.0878 3540	HdAudAddService - detected LockedFile.Multi.Generic (1)
13:51:14.0925 3540	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:51:14.0925 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HDAudBus.sys. md5: 0a49913402747a0b67de940fb42cbdbb
13:51:14.0956 3540	HDAudBus ( LockedFile.Multi.Generic ) - warning
13:51:14.0956 3540	HDAudBus - detected LockedFile.Multi.Generic (1)
13:51:15.0003 3540	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:51:15.0003 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HidBatt.sys. md5: 78e86380454a7b10a5eb255dc44a355f
13:51:15.0019 3540	HidBatt ( LockedFile.Multi.Generic ) - warning
13:51:15.0019 3540	HidBatt - detected LockedFile.Multi.Generic (1)
13:51:15.0065 3540	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:51:15.0065 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidbth.sys. md5: 7fd2a313f7afe5c4dab14798c48dd104
13:51:15.0081 3540	HidBth ( LockedFile.Multi.Generic ) - warning
13:51:15.0081 3540	HidBth - detected LockedFile.Multi.Generic (1)
13:51:15.0143 3540	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:51:15.0143 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidir.sys. md5: 0a77d29f311b88cfae3b13f9c1a73825
13:51:15.0143 3540	HidIr ( LockedFile.Multi.Generic ) - warning
13:51:15.0143 3540	HidIr - detected LockedFile.Multi.Generic (1)
13:51:15.0268 3540	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:51:15.0268 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\hidusb.sys. md5: b3bf6b5b50006def50b66306d99fcf6f
13:51:15.0284 3540	HidUsb ( LockedFile.Multi.Generic ) - warning
13:51:15.0284 3540	HidUsb - detected LockedFile.Multi.Generic (1)
13:51:15.0409 3540	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:51:15.0409 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\HpSAMD.sys. md5: 0886d440058f203eba0e1825e4355914
13:51:15.0424 3540	HpSAMD ( LockedFile.Multi.Generic ) - warning
13:51:15.0424 3540	HpSAMD - detected LockedFile.Multi.Generic (1)
13:51:15.0502 3540	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:51:15.0502 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\HTTP.sys. md5: cee049cac4efa7f4e1e4ad014414a5d4
13:51:15.0533 3540	HTTP ( LockedFile.Multi.Generic ) - warning
13:51:15.0533 3540	HTTP - detected LockedFile.Multi.Generic (1)
13:51:15.0580 3540	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:51:15.0580 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\hwpolicy.sys. md5: f17766a19145f111856378df337a5d79
13:51:15.0596 3540	hwpolicy ( LockedFile.Multi.Generic ) - warning
13:51:15.0596 3540	hwpolicy - detected LockedFile.Multi.Generic (1)
13:51:15.0658 3540	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:51:15.0658 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\i8042prt.sys. md5: fa55c73d4affa7ee23ac4be53b4592d3
13:51:15.0658 3540	i8042prt ( LockedFile.Multi.Generic ) - warning
13:51:15.0658 3540	i8042prt - detected LockedFile.Multi.Generic (1)
13:51:15.0783 3540	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
13:51:15.0783 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iaStor.sys. md5: 1d004cb1da6323b1f55caef7f94b61d9
13:51:15.0799 3540	iaStor ( LockedFile.Multi.Generic ) - warning
13:51:15.0799 3540	iaStor - detected LockedFile.Multi.Generic (1)
13:51:15.0892 3540	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
13:51:15.0892 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\iaStorV.sys. md5: b75e45c564e944a2657167d197ab29da
13:51:15.0908 3540	iaStorV ( LockedFile.Multi.Generic ) - warning
13:51:15.0908 3540	iaStorV - detected LockedFile.Multi.Generic (1)
13:51:16.0189 3540	igfx            (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:51:16.0189 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdkmd64.sys. md5: 37a65e3d89f6bbf5719ff9585f99eb7d
13:51:16.0235 3540	igfx ( LockedFile.Multi.Generic ) - warning
13:51:16.0235 3540	igfx - detected LockedFile.Multi.Generic (1)
13:51:16.0282 3540	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:51:16.0282 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\iirsp.sys. md5: 5c18831c61933628f5bb0ea2675b9d21
13:51:16.0298 3540	iirsp ( LockedFile.Multi.Generic ) - warning
13:51:16.0298 3540	iirsp - detected LockedFile.Multi.Generic (1)
13:51:16.0454 3540	IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\Windows\system32\drivers\RTKVHD64.sys
13:51:16.0454 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\RTKVHD64.sys. md5: 9aa6a93852e36fe76c3f7fc2904f3b01
13:51:16.0469 3540	IntcAzAudAddService ( LockedFile.Multi.Generic ) - warning
13:51:16.0469 3540	IntcAzAudAddService - detected LockedFile.Multi.Generic (1)
13:51:16.0516 3540	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:51:16.0516 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelide.sys. md5: f00f20e70c6ec3aa366910083a0518aa
13:51:16.0532 3540	intelide ( LockedFile.Multi.Generic ) - warning
13:51:16.0532 3540	intelide - detected LockedFile.Multi.Generic (1)
13:51:16.0766 3540	intelkmd        (37a65e3d89f6bbf5719ff9585f99eb7d) C:\Windows\system32\DRIVERS\igdpmd64.sys
13:51:16.0766 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\igdpmd64.sys. md5: 37a65e3d89f6bbf5719ff9585f99eb7d
13:51:16.0797 3540	intelkmd ( LockedFile.Multi.Generic ) - warning
13:51:16.0797 3540	intelkmd - detected LockedFile.Multi.Generic (1)
13:51:16.0937 3540	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:51:16.0937 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\intelppm.sys. md5: ada036632c664caa754079041cf1f8c1
13:51:16.0953 3540	intelppm ( LockedFile.Multi.Generic ) - warning
13:51:16.0953 3540	intelppm - detected LockedFile.Multi.Generic (1)
13:51:17.0062 3540	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:51:17.0062 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ipfltdrv.sys. md5: 722dd294df62483cecaae6e094b4d695
13:51:17.0078 3540	IpFilterDriver ( LockedFile.Multi.Generic ) - warning
13:51:17.0078 3540	IpFilterDriver - detected LockedFile.Multi.Generic (1)
13:51:17.0203 3540	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:51:17.0203 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\IPMIDrv.sys. md5: e2b4a4494db7cb9b89b55ca268c337c5
13:51:17.0203 3540	IPMIDRV ( LockedFile.Multi.Generic ) - warning
13:51:17.0203 3540	IPMIDRV - detected LockedFile.Multi.Generic (1)
13:51:17.0265 3540	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:51:17.0265 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\ipnat.sys. md5: af9b39a7e7b6caa203b3862582e9f2d0
13:51:17.0265 3540	IPNAT ( LockedFile.Multi.Generic ) - warning
13:51:17.0265 3540	IPNAT - detected LockedFile.Multi.Generic (1)
13:51:17.0359 3540	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:51:17.0359 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\irenum.sys. md5: 3abf5e7213eb28966d55d58b515d5ce9
13:51:17.0374 3540	IRENUM ( LockedFile.Multi.Generic ) - warning
13:51:17.0374 3540	IRENUM - detected LockedFile.Multi.Generic (1)
13:51:17.0421 3540	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:51:17.0421 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\isapnp.sys. md5: 2f7b28dc3e1183e5eb418df55c204f38
13:51:17.0421 3540	isapnp ( LockedFile.Multi.Generic ) - warning
13:51:17.0421 3540	isapnp - detected LockedFile.Multi.Generic (1)
13:51:17.0499 3540	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:51:17.0499 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msiscsi.sys. md5: fa4d2557de56d45b0a346f93564be6e1
13:51:17.0499 3540	iScsiPrt ( LockedFile.Multi.Generic ) - warning
13:51:17.0499 3540	iScsiPrt - detected LockedFile.Multi.Generic (1)
13:51:17.0561 3540	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:51:17.0561 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdclass.sys. md5: bc02336f1cba7dcc7d1213bb588a68a5
13:51:17.0577 3540	kbdclass ( LockedFile.Multi.Generic ) - warning
13:51:17.0577 3540	kbdclass - detected LockedFile.Multi.Generic (1)
13:51:17.0608 3540	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:51:17.0608 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\kbdhid.sys. md5: 6def98f8541e1b5dceb2c822a11f7323
13:51:17.0624 3540	kbdhid ( LockedFile.Multi.Generic ) - warning
13:51:17.0624 3540	kbdhid - detected LockedFile.Multi.Generic (1)
13:51:17.0717 3540	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
13:51:17.0717 3540	Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecdd.sys. md5: 16c1b906fc5ead84769f90b736b6bf0e
13:51:17.0733 3540	KSecDD ( LockedFile.Multi.Generic ) - warning
13:51:17.0733 3540	KSecDD - detected LockedFile.Multi.Generic (1)
13:51:17.0795 3540	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
13:51:17.0795 3540	Suspicious file (NoAccess): C:\Windows\system32\Drivers\ksecpkg.sys. md5: 0b711550c56444879d71c7daabda6c83
13:51:17.0795 3540	KSecPkg ( LockedFile.Multi.Generic ) - warning
13:51:17.0795 3540	KSecPkg - detected LockedFile.Multi.Generic (1)
13:51:17.0858 3540	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:51:17.0858 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\ksthunk.sys. md5: 6869281e78cb31a43e969f06b57347c4
13:51:17.0873 3540	ksthunk ( LockedFile.Multi.Generic ) - warning
13:51:17.0873 3540	ksthunk - detected LockedFile.Multi.Generic (1)
13:51:17.0967 3540	L1C             (9c46a5421de9d116c47155317cabb522) C:\Windows\system32\DRIVERS\L1C62x64.sys
13:51:17.0967 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\L1C62x64.sys. md5: 9c46a5421de9d116c47155317cabb522
13:51:17.0983 3540	L1C ( LockedFile.Multi.Generic ) - warning
13:51:17.0983 3540	L1C - detected LockedFile.Multi.Generic (1)
13:51:18.0045 3540	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
13:51:18.0045 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\L1E62x64.sys. md5: 2ac603c3188c704cfce353659aa7ad71
13:51:18.0061 3540	L1E ( LockedFile.Multi.Generic ) - warning
13:51:18.0061 3540	L1E - detected LockedFile.Multi.Generic (1)
13:51:18.0217 3540	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:51:18.0217 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lltdio.sys. md5: 1538831cf8ad2979a04c423779465827
13:51:18.0248 3540	lltdio ( LockedFile.Multi.Generic ) - warning
13:51:18.0248 3540	lltdio - detected LockedFile.Multi.Generic (1)
13:51:18.0373 3540	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:51:18.0373 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_fc.sys. md5: 1a93e54eb0ece102495a51266dcdb6a6
13:51:18.0404 3540	LSI_FC ( LockedFile.Multi.Generic ) - warning
13:51:18.0404 3540	LSI_FC - detected LockedFile.Multi.Generic (1)
13:51:18.0451 3540	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:51:18.0451 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas.sys. md5: 1047184a9fdc8bdbff857175875ee810
13:51:18.0451 3540	LSI_SAS ( LockedFile.Multi.Generic ) - warning
13:51:18.0451 3540	LSI_SAS - detected LockedFile.Multi.Generic (1)
13:51:18.0497 3540	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:51:18.0497 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_sas2.sys. md5: 30f5c0de1ee8b5bc9306c1f0e4a75f93
13:51:18.0513 3540	LSI_SAS2 ( LockedFile.Multi.Generic ) - warning
13:51:18.0513 3540	LSI_SAS2 - detected LockedFile.Multi.Generic (1)
13:51:18.0560 3540	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:51:18.0560 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\lsi_scsi.sys. md5: 0504eacaff0d3c8aed161c4b0d369d4a
13:51:18.0560 3540	LSI_SCSI ( LockedFile.Multi.Generic ) - warning
13:51:18.0560 3540	LSI_SCSI - detected LockedFile.Multi.Generic (1)
13:51:18.0607 3540	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:51:18.0607 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\luafv.sys. md5: 43d0f98e1d56ccddb0d5254cff7b356e
13:51:18.0638 3540	luafv ( LockedFile.Multi.Generic ) - warning
13:51:18.0638 3540	luafv - detected LockedFile.Multi.Generic (1)
13:51:18.0716 3540	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:51:18.0716 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\megasas.sys. md5: a55805f747c6edb6a9080d7c633bd0f4
13:51:18.0716 3540	megasas ( LockedFile.Multi.Generic ) - warning
13:51:18.0716 3540	megasas - detected LockedFile.Multi.Generic (1)
13:51:18.0778 3540	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:51:18.0778 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MegaSR.sys. md5: baf74ce0072480c3b6b7c13b2a94d6b3
13:51:18.0809 3540	MegaSR ( LockedFile.Multi.Generic ) - warning
13:51:18.0809 3540	MegaSR - detected LockedFile.Multi.Generic (1)
13:51:18.0856 3540	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:51:18.0872 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\modem.sys. md5: 800ba92f7010378b09f9ed9270f07137
13:51:18.0872 3540	Modem ( LockedFile.Multi.Generic ) - warning
13:51:18.0872 3540	Modem - detected LockedFile.Multi.Generic (1)
13:51:18.0934 3540	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:51:18.0934 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\monitor.sys. md5: b03d591dc7da45ece20b3b467e6aadaa
13:51:18.0934 3540	monitor ( LockedFile.Multi.Generic ) - warning
13:51:18.0934 3540	monitor - detected LockedFile.Multi.Generic (1)
13:51:18.0981 3540	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:51:18.0981 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouclass.sys. md5: 7d27ea49f3c1f687d357e77a470aea99
13:51:18.0997 3540	mouclass ( LockedFile.Multi.Generic ) - warning
13:51:18.0997 3540	mouclass - detected LockedFile.Multi.Generic (1)
13:51:19.0043 3540	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:51:19.0043 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mouhid.sys. md5: d3bf052c40b0c4166d9fd86a4288c1e6
13:51:19.0059 3540	mouhid ( LockedFile.Multi.Generic ) - warning
13:51:19.0059 3540	mouhid - detected LockedFile.Multi.Generic (1)
13:51:19.0121 3540	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:51:19.0121 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\mountmgr.sys. md5: 791af66c4d0e7c90a3646066386fb571
13:51:19.0153 3540	mountmgr ( LockedFile.Multi.Generic ) - warning
13:51:19.0153 3540	mountmgr - detected LockedFile.Multi.Generic (1)
13:51:19.0184 3540	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:51:19.0184 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mpio.sys. md5: 609d1d87649ecc19796f4d76d4c15cea
13:51:19.0199 3540	mpio ( LockedFile.Multi.Generic ) - warning
13:51:19.0199 3540	mpio - detected LockedFile.Multi.Generic (1)
13:51:19.0246 3540	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:51:19.0246 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\mpsdrv.sys. md5: 6c38c9e45ae0ea2fa5e551f2ed5e978f
13:51:19.0246 3540	mpsdrv ( LockedFile.Multi.Generic ) - warning
13:51:19.0246 3540	mpsdrv - detected LockedFile.Multi.Generic (1)
13:51:19.0371 3540	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:51:19.0371 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\mrxdav.sys. md5: 30524261bb51d96d6fcbac20c810183c
13:51:19.0387 3540	MRxDAV ( LockedFile.Multi.Generic ) - warning
13:51:19.0387 3540	MRxDAV - detected LockedFile.Multi.Generic (1)
13:51:19.0480 3540	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:51:19.0480 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb.sys. md5: 040d62a9d8ad28922632137acdd984f2
13:51:19.0496 3540	mrxsmb ( LockedFile.Multi.Generic ) - warning
13:51:19.0496 3540	mrxsmb - detected LockedFile.Multi.Generic (1)
13:51:19.0558 3540	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:51:19.0558 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb10.sys. md5: f0067552f8f9b33d7c59403ab808a3cb
13:51:19.0589 3540	mrxsmb10 ( LockedFile.Multi.Generic ) - warning
13:51:19.0589 3540	mrxsmb10 - detected LockedFile.Multi.Generic (1)
13:51:19.0652 3540	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:51:19.0652 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mrxsmb20.sys. md5: 3c142d31de9f2f193218a53fe2632051
13:51:19.0667 3540	mrxsmb20 ( LockedFile.Multi.Generic ) - warning
13:51:19.0667 3540	mrxsmb20 - detected LockedFile.Multi.Generic (1)
13:51:19.0730 3540	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:51:19.0730 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msahci.sys. md5: 5c37497276e3b3a5488b23a326a754b7
13:51:19.0745 3540	msahci ( LockedFile.Multi.Generic ) - warning
13:51:19.0745 3540	msahci - detected LockedFile.Multi.Generic (1)
13:51:19.0792 3540	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:51:19.0792 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msdsm.sys. md5: 8d27b597229aed79430fb9db3bcbfbd0
13:51:19.0808 3540	msdsm ( LockedFile.Multi.Generic ) - warning
13:51:19.0808 3540	msdsm - detected LockedFile.Multi.Generic (1)
13:51:19.0964 3540	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:51:19.0964 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\Msfs.sys. md5: aa3fb40e17ce1388fa1bedab50ea8f96
13:51:19.0979 3540	Msfs ( LockedFile.Multi.Generic ) - warning
13:51:19.0979 3540	Msfs - detected LockedFile.Multi.Generic (1)
13:51:20.0026 3540	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:51:20.0026 3540	Suspicious file (NoAccess): C:\Windows\System32\drivers\mshidkmdf.sys. md5: f9d215a46a8b9753f61767fa72a20326
13:51:20.0042 3540	mshidkmdf ( LockedFile.Multi.Generic ) - warning
13:51:20.0042 3540	mshidkmdf - detected LockedFile.Multi.Generic (1)
13:51:20.0089 3540	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:51:20.0089 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\msisadrv.sys. md5: d916874bbd4f8b07bfb7fa9b3ccae29d
13:51:20.0104 3540	msisadrv ( LockedFile.Multi.Generic ) - warning
13:51:20.0104 3540	msisadrv - detected LockedFile.Multi.Generic (1)
13:51:20.0260 3540	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:51:20.0260 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSKSSRV.sys. md5: 49ccf2c4fea34ffad8b1b59d49439366
13:51:20.0276 3540	MSKSSRV ( LockedFile.Multi.Generic ) - warning
13:51:20.0276 3540	MSKSSRV - detected LockedFile.Multi.Generic (1)
13:51:20.0323 3540	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:51:20.0323 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPCLOCK.sys. md5: bdd71ace35a232104ddd349ee70e1ab3
13:51:20.0338 3540	MSPCLOCK ( LockedFile.Multi.Generic ) - warning
13:51:20.0338 3540	MSPCLOCK - detected LockedFile.Multi.Generic (1)
13:51:20.0369 3540	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:51:20.0369 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSPQM.sys. md5: 4ed981241db27c3383d72092b618a1d0
13:51:20.0385 3540	MSPQM ( LockedFile.Multi.Generic ) - warning
13:51:20.0385 3540	MSPQM - detected LockedFile.Multi.Generic (1)
13:51:20.0432 3540	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:51:20.0432 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\MsRPC.sys. md5: 89cb141aa8616d8c6a4610fa26c60964
13:51:20.0447 3540	MsRPC ( LockedFile.Multi.Generic ) - warning
13:51:20.0447 3540	MsRPC - detected LockedFile.Multi.Generic (1)
13:51:20.0510 3540	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:51:20.0510 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mssmbios.sys. md5: 0eed230e37515a0eaee3c2e1bc97b288
13:51:20.0525 3540	mssmbios ( LockedFile.Multi.Generic ) - warning
13:51:20.0525 3540	mssmbios - detected LockedFile.Multi.Generic (1)
13:51:20.0588 3540	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:51:20.0588 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\MSTEE.sys. md5: 2e66f9ecb30b4221a318c92ac2250779
13:51:20.0619 3540	MSTEE ( LockedFile.Multi.Generic ) - warning
13:51:20.0619 3540	MSTEE - detected LockedFile.Multi.Generic (1)
13:51:20.0666 3540	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:51:20.0666 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\MTConfig.sys. md5: 7ea404308934e675bffde8edf0757bcd
13:51:20.0666 3540	MTConfig ( LockedFile.Multi.Generic ) - warning
13:51:20.0666 3540	MTConfig - detected LockedFile.Multi.Generic (1)
13:51:20.0728 3540	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:51:20.0728 3540	Suspicious file (NoAccess): C:\Windows\system32\Drivers\mup.sys. md5: f9a18612fd3526fe473c1bda678d61c8
13:51:20.0744 3540	Mup ( LockedFile.Multi.Generic ) - warning
13:51:20.0744 3540	Mup - detected LockedFile.Multi.Generic (1)
13:51:20.0806 3540	mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
13:51:20.0806 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mwlPSDFilter.sys. md5: 6ffecc25b39dc7652a0cec0ada9db589
13:51:20.0822 3540	mwlPSDFilter ( LockedFile.Multi.Generic ) - warning
13:51:20.0822 3540	mwlPSDFilter - detected LockedFile.Multi.Generic (1)
13:51:20.0869 3540	mwlPSDNServ     (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
13:51:20.0869 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mwlPSDNServ.sys. md5: 0befe32ca56d6ee89d58175725596a85
13:51:20.0884 3540	mwlPSDNServ ( LockedFile.Multi.Generic ) - warning
13:51:20.0884 3540	mwlPSDNServ - detected LockedFile.Multi.Generic (1)
13:51:20.0915 3540	mwlPSDVDisk     (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
13:51:20.0915 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys. md5: d43bc633b8660463e446e28e14a51262
13:51:20.0931 3540	mwlPSDVDisk ( LockedFile.Multi.Generic ) - warning
13:51:20.0931 3540	mwlPSDVDisk - detected LockedFile.Multi.Generic (1)
13:51:21.0103 3540	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS
wifi.sys
13:51:21.0103 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
wifi.sys. md5: 1ea3749c4114db3e3161156ffffa6b33
13:51:21.0134 3540	NativeWifiP ( LockedFile.Multi.Generic ) - warning
13:51:21.0134 3540	NativeWifiP - detected LockedFile.Multi.Generic (1)
13:51:21.0274 3540	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers
dis.sys
13:51:21.0274 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers
dis.sys. md5: cad515dbd07d082bb317d9928ce8962c
13:51:21.0305 3540	NDIS ( LockedFile.Multi.Generic ) - warning
13:51:21.0305 3540	NDIS - detected LockedFile.Multi.Generic (1)
13:51:21.0352 3540	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS
discap.sys
13:51:21.0352 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
discap.sys. md5: 9f9a1f53aad7da4d6fef5bb73ab811ac
13:51:21.0368 3540	NdisCap ( LockedFile.Multi.Generic ) - warning
13:51:21.0368 3540	NdisCap - detected LockedFile.Multi.Generic (1)
13:51:21.0415 3540	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS
distapi.sys
13:51:21.0415 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
distapi.sys. md5: 30639c932d9fef22b31268fe25a1b6e5
13:51:21.0430 3540	NdisTapi ( LockedFile.Multi.Generic ) - warning
13:51:21.0430 3540	NdisTapi - detected LockedFile.Multi.Generic (1)
13:51:21.0477 3540	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS
disuio.sys
13:51:21.0477 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
disuio.sys. md5: f105ba1e22bf1f2ee8f005d4305e4bec
13:51:21.0477 3540	Ndisuio ( LockedFile.Multi.Generic ) - warning
13:51:21.0477 3540	Ndisuio - detected LockedFile.Multi.Generic (1)
13:51:21.0524 3540	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS
diswan.sys
13:51:21.0539 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
diswan.sys. md5: 557dfab9ca1fcb036ac77564c010dad3
13:51:21.0555 3540	NdisWan ( LockedFile.Multi.Generic ) - warning
13:51:21.0555 3540	NdisWan - detected LockedFile.Multi.Generic (1)
13:51:21.0586 3540	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:51:21.0586 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\NDProxy.sys. md5: 659b74fb74b86228d6338d643cd3e3cf
13:51:21.0602 3540	NDProxy ( LockedFile.Multi.Generic ) - warning
13:51:21.0602 3540	NDProxy - detected LockedFile.Multi.Generic (1)
13:51:21.0649 3540	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS
etbios.sys
13:51:21.0649 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
etbios.sys. md5: 86743d9f5d2b1048062b14b1d84501c4
13:51:21.0664 3540	NetBIOS ( LockedFile.Multi.Generic ) - warning
13:51:21.0664 3540	NetBIOS - detected LockedFile.Multi.Generic (1)
13:51:21.0789 3540	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS
etbt.sys
13:51:21.0789 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
etbt.sys. md5: 9162b273a44ab9dce5b44362731d062a
13:51:21.0836 3540	NetBT ( LockedFile.Multi.Generic ) - warning
13:51:21.0836 3540	NetBT - detected LockedFile.Multi.Generic (1)
13:51:22.0241 3540	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
13:51:22.0241 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\NETw5s64.sys. md5: 4d85a450edef10c38882182753a49aae
13:51:22.0304 3540	NETw5s64 ( LockedFile.Multi.Generic ) - warning
13:51:22.0304 3540	NETw5s64 - detected LockedFile.Multi.Generic (1)
13:51:22.0366 3540	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS
frd960.sys
13:51:22.0366 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
frd960.sys. md5: 77889813be4d166cdab78ddba990da92
13:51:22.0366 3540	nfrd960 ( LockedFile.Multi.Generic ) - warning
13:51:22.0366 3540	nfrd960 - detected LockedFile.Multi.Generic (1)
13:51:22.0460 3540	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:51:22.0460 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\Npfs.sys. md5: 1e4c4ab5c9b8dd13179bbdc75a2a01f7
13:51:22.0475 3540	Npfs ( LockedFile.Multi.Generic ) - warning
13:51:22.0475 3540	Npfs - detected LockedFile.Multi.Generic (1)
13:51:22.0538 3540	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers
siproxy.sys
13:51:22.0538 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers
siproxy.sys. md5: e7f5ae18af4168178a642a9247c63001
13:51:22.0553 3540	nsiproxy ( LockedFile.Multi.Generic ) - warning
13:51:22.0553 3540	nsiproxy - detected LockedFile.Multi.Generic (1)
13:51:22.0694 3540	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
13:51:22.0694 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\Ntfs.sys. md5: 378e0e0dfea67d98ae6ea53adbbd76bc
13:51:22.0725 3540	Ntfs ( LockedFile.Multi.Generic ) - warning
13:51:22.0725 3540	Ntfs - detected LockedFile.Multi.Generic (1)
13:51:22.0865 3540	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
13:51:22.0865 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\NTIDrvr.sys. md5: 64ddd0dee976302f4bd93e5efcc2f013
13:51:22.0865 3540	NTIDrvr ( LockedFile.Multi.Generic ) - warning
13:51:22.0865 3540	NTIDrvr - detected LockedFile.Multi.Generic (1)
13:51:22.0959 3540	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:51:22.0959 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\Null.sys. md5: 9899284589f75fa8724ff3d16aed75c1
13:51:22.0975 3540	Null ( LockedFile.Multi.Generic ) - warning
13:51:22.0975 3540	Null - detected LockedFile.Multi.Generic (1)
13:51:23.0037 3540	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers
vraid.sys
13:51:23.0037 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers
vraid.sys. md5: a4d9c9a608a97f59307c2f2600edc6a4
13:51:23.0053 3540	nvraid ( LockedFile.Multi.Generic ) - warning
13:51:23.0053 3540	nvraid - detected LockedFile.Multi.Generic (1)
13:51:23.0115 3540	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers
vstor.sys
13:51:23.0115 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers
vstor.sys. md5: 6c1d5f70e7a6a3fd1c90d840edc048b9
13:51:23.0115 3540	nvstor ( LockedFile.Multi.Generic ) - warning
13:51:23.0115 3540	nvstor - detected LockedFile.Multi.Generic (1)
13:51:23.0177 3540	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS
v_agp.sys
13:51:23.0177 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS
v_agp.sys. md5: 270d7cd42d6e3979f6dd0146650f0e05
13:51:23.0209 3540	nv_agp ( LockedFile.Multi.Generic ) - warning
13:51:23.0209 3540	nv_agp - detected LockedFile.Multi.Generic (1)
13:51:23.0287 3540	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:51:23.0287 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ohci1394.sys. md5: 3589478e4b22ce21b41fa1bfc0b8b8a0
13:51:23.0302 3540	ohci1394 ( LockedFile.Multi.Generic ) - warning
13:51:23.0302 3540	ohci1394 - detected LockedFile.Multi.Generic (1)
13:51:23.0489 3540	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:51:23.0489 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\parport.sys. md5: 0086431c29c35be1dbc43f52cc273887
13:51:23.0505 3540	Parport ( LockedFile.Multi.Generic ) - warning
13:51:23.0505 3540	Parport - detected LockedFile.Multi.Generic (1)
13:51:23.0567 3540	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:51:23.0567 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\partmgr.sys. md5: 7daa117143316c4a1537e074a5a9eaf0
13:51:23.0567 3540	partmgr ( LockedFile.Multi.Generic ) - warning
13:51:23.0567 3540	partmgr - detected LockedFile.Multi.Generic (1)
13:51:23.0692 3540	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:51:23.0692 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pci.sys. md5: f36f6504009f2fb0dfd1b17a116ad74b
13:51:23.0708 3540	pci ( LockedFile.Multi.Generic ) - warning
13:51:23.0708 3540	pci - detected LockedFile.Multi.Generic (1)
13:51:23.0801 3540	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:51:23.0801 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pciide.sys. md5: b5b8b5ef2e5cb34df8dcf8831e3534fa
13:51:23.0801 3540	pciide ( LockedFile.Multi.Generic ) - warning
13:51:23.0801 3540	pciide - detected LockedFile.Multi.Generic (1)
13:51:23.0848 3540	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:51:23.0848 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pcmcia.sys. md5: b2e81d4e87ce48589f98cb8c05b01f2f
13:51:23.0864 3540	pcmcia ( LockedFile.Multi.Generic ) - warning
13:51:23.0864 3540	pcmcia - detected LockedFile.Multi.Generic (1)
13:51:23.0911 3540	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:51:23.0911 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\pcw.sys. md5: d6b9c2e1a11a3a4b26a182ffef18f603
13:51:23.0926 3540	pcw ( LockedFile.Multi.Generic ) - warning
13:51:23.0926 3540	pcw - detected LockedFile.Multi.Generic (1)
13:51:24.0004 3540	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:51:24.0004 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\peauth.sys. md5: 68769c3356b3be5d1c732c97b9a80d6e
13:51:24.0004 3540	PEAUTH ( LockedFile.Multi.Generic ) - warning
13:51:24.0004 3540	PEAUTH - detected LockedFile.Multi.Generic (1)
13:51:24.0347 3540	Point64         (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys
13:51:24.0347 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\point64.sys. md5: b23f79e41e30ed500586151a9ef27d8f
13:51:24.0363 3540	Point64 ( LockedFile.Multi.Generic ) - warning
13:51:24.0363 3540	Point64 - detected LockedFile.Multi.Generic (1)
13:51:24.0503 3540	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERSaspptp.sys
13:51:24.0503 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSaspptp.sys. md5: 27cc19e81ba5e3403c48302127bda717
13:51:24.0503 3540	PptpMiniport ( LockedFile.Multi.Generic ) - warning
13:51:24.0503 3540	PptpMiniport - detected LockedFile.Multi.Generic (1)
13:51:24.0550 3540	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:51:24.0550 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\processr.sys. md5: 0d922e23c041efb1c3fac2a6f943c9bf
13:51:24.0566 3540	Processor ( LockedFile.Multi.Generic ) - warning
13:51:24.0566 3540	Processor - detected LockedFile.Multi.Generic (1)
13:51:24.0722 3540	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:51:24.0722 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\pacer.sys. md5: ee992183bd8eaefd9973f352e587a299
13:51:24.0737 3540	Psched ( LockedFile.Multi.Generic ) - warning
13:51:24.0737 3540	Psched - detected LockedFile.Multi.Generic (1)
13:51:24.0862 3540	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:51:24.0862 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql2300.sys. md5: a53a15a11ebfd21077463ee2c7afeef0
13:51:24.0893 3540	ql2300 ( LockedFile.Multi.Generic ) - warning
13:51:24.0893 3540	ql2300 - detected LockedFile.Multi.Generic (1)
13:51:24.0940 3540	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:51:24.0940 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\ql40xx.sys. md5: 4f6d12b51de1aaeff7dc58c4d75423c8
13:51:24.0956 3540	ql40xx ( LockedFile.Multi.Generic ) - warning
13:51:24.0956 3540	ql40xx - detected LockedFile.Multi.Generic (1)
13:51:25.0034 3540	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:51:25.0034 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\qwavedrv.sys. md5: 76707bb36430888d9ce9d705398adb6c
13:51:25.0065 3540	QWAVEdrv ( LockedFile.Multi.Generic ) - warning
13:51:25.0065 3540	QWAVEdrv - detected LockedFile.Multi.Generic (1)
13:51:25.0096 3540	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERSasacd.sys
13:51:25.0096 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSasacd.sys. md5: 5a0da8ad5762fa2d91678a8a01311704
13:51:25.0112 3540	RasAcd ( LockedFile.Multi.Generic ) - warning
13:51:25.0112 3540	RasAcd - detected LockedFile.Multi.Generic (1)
13:51:25.0159 3540	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:51:25.0159 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\AgileVpn.sys. md5: 7ecff9b22276b73f43a99a15a6094e90
13:51:25.0159 3540	RasAgileVpn ( LockedFile.Multi.Generic ) - warning
13:51:25.0159 3540	RasAgileVpn - detected LockedFile.Multi.Generic (1)
13:51:25.0252 3540	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERSasl2tp.sys
13:51:25.0252 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSasl2tp.sys. md5: 87a6e852a22991580d6d39adc4790463
13:51:25.0252 3540	Rasl2tp ( LockedFile.Multi.Generic ) - warning
13:51:25.0252 3540	Rasl2tp - detected LockedFile.Multi.Generic (1)
13:51:25.0315 3540	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERSaspppoe.sys
13:51:25.0315 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSaspppoe.sys. md5: 855c9b1cd4756c5e9a2aa58a15f58c25
13:51:25.0330 3540	RasPppoe ( LockedFile.Multi.Generic ) - warning
13:51:25.0330 3540	RasPppoe - detected LockedFile.Multi.Generic (1)
13:51:25.0361 3540	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERSassstp.sys
13:51:25.0361 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSassstp.sys. md5: e8b1e447b008d07ff47d016c2b0eeecb
13:51:25.0377 3540	RasSstp ( LockedFile.Multi.Generic ) - warning
13:51:25.0377 3540	RasSstp - detected LockedFile.Multi.Generic (1)
13:51:25.0424 3540	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERSdbss.sys
13:51:25.0424 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSdbss.sys. md5: 3bac8142102c15d59a87757c1d41dce5
13:51:25.0439 3540	rdbss ( LockedFile.Multi.Generic ) - warning
13:51:25.0439 3540	rdbss - detected LockedFile.Multi.Generic (1)
13:51:25.0533 3540	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERSdpbus.sys
13:51:25.0533 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSdpbus.sys. md5: 302da2a0539f2cf54d7c6cc30c1f2d8d
13:51:25.0549 3540	rdpbus ( LockedFile.Multi.Generic ) - warning
13:51:25.0549 3540	rdpbus - detected LockedFile.Multi.Generic (1)
13:51:25.0611 3540	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:51:25.0611 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\RDPCDD.sys. md5: cea6cc257fc9b7715f1c2b4849286d24
13:51:25.0627 3540	RDPCDD ( LockedFile.Multi.Generic ) - warning
13:51:25.0627 3540	RDPCDD - detected LockedFile.Multi.Generic (1)
13:51:25.0689 3540	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\driversdpencdd.sys
13:51:25.0689 3540	Suspicious file (NoAccess): C:\Windows\system32\driversdpencdd.sys. md5: bb5971a4f00659529a5c44831af22365
13:51:25.0705 3540	RDPENCDD ( LockedFile.Multi.Generic ) - warning
13:51:25.0705 3540	RDPENCDD - detected LockedFile.Multi.Generic (1)
13:51:25.0767 3540	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\driversdprefmp.sys
13:51:25.0767 3540	Suspicious file (NoAccess): C:\Windows\system32\driversdprefmp.sys. md5: 216f3fa57533d98e1f74ded70113177a
13:51:25.0783 3540	RDPREFMP ( LockedFile.Multi.Generic ) - warning
13:51:25.0783 3540	RDPREFMP - detected LockedFile.Multi.Generic (1)
13:51:25.0814 3540	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:51:25.0814 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\RDPWD.sys. md5: 8a3e6bea1c53ea6177fe2b6eba2c80d7
13:51:25.0829 3540	RDPWD ( LockedFile.Multi.Generic ) - warning
13:51:25.0829 3540	RDPWD - detected LockedFile.Multi.Generic (1)
13:51:25.0892 3540	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\driversdyboost.sys
13:51:25.0892 3540	Suspicious file (NoAccess): C:\Windows\system32\driversdyboost.sys. md5: 634b9a2181d98f15941236886164ec8b
13:51:25.0939 3540	rdyboost ( LockedFile.Multi.Generic ) - warning
13:51:25.0939 3540	rdyboost - detected LockedFile.Multi.Generic (1)
13:51:26.0188 3540	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERSspndr.sys
13:51:26.0188 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERSspndr.sys. md5: ddc86e4f8e7456261e637e3552e804ff
13:51:26.0204 3540	rspndr ( LockedFile.Multi.Generic ) - warning
13:51:26.0204 3540	rspndr - detected LockedFile.Multi.Generic (1)
13:51:26.0282 3540	RSUSBSTOR       (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
13:51:26.0282 3540	Suspicious file (NoAccess): C:\Windows\system32\Drivers\RtsUStor.sys. md5: 2db8116d52b19216812c4e6d5d837810
13:51:26.0313 3540	RSUSBSTOR ( LockedFile.Multi.Generic ) - warning
13:51:26.0313 3540	RSUSBSTOR - detected LockedFile.Multi.Generic (1)
13:51:26.0407 3540	RtsUIR - ok
13:51:26.0531 3540	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:51:26.0531 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sbp2port.sys. md5: e3bbb89983daf5622c1d50cf49f28227
13:51:26.0547 3540	sbp2port ( LockedFile.Multi.Generic ) - warning
13:51:26.0547 3540	sbp2port - detected LockedFile.Multi.Generic (1)
13:51:26.0625 3540	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:51:26.0625 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\scfilter.sys. md5: c94da20c7e3ba1dca269bc8460d98387
13:51:26.0641 3540	scfilter ( LockedFile.Multi.Generic ) - warning
13:51:26.0641 3540	scfilter - detected LockedFile.Multi.Generic (1)
13:51:26.0797 3540	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:51:26.0797 3540	Suspicious file (NoAccess): C:\Windows\system32\drivers\secdrv.sys. md5: 3ea8a16169c26afbeb544e0e48421186
13:51:26.0812 3540	secdrv ( LockedFile.Multi.Generic ) - warning
13:51:26.0812 3540	secdrv - detected LockedFile.Multi.Generic (1)
13:51:26.0953 3540	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:51:26.0953 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serenum.sys. md5: cb624c0035412af0debec78c41f5ca1b
13:51:26.0953 3540	Serenum ( LockedFile.Multi.Generic ) - warning
13:51:26.0953 3540	Serenum - detected LockedFile.Multi.Generic (1)
13:51:26.0999 3540	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:51:26.0999 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\serial.sys. md5: c1d8e28b2c2adfaec4ba89e9fda69bd6
13:51:27.0015 3540	Serial ( LockedFile.Multi.Generic ) - warning
13:51:27.0015 3540	Serial - detected LockedFile.Multi.Generic (1)
13:51:27.0077 3540	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:51:27.0077 3540	Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\sermouse.sys. md5: 1c545a7d0691cc4a027396535691

Smart91 · Answer

Le rapport n'est pas complet. Comme il est trop long utilise pjjpont pour le poster.
Le rapport se trouve ici: C:\TDSSKiller.N°deversion_Date_Heure_log.txt 

Super pour la protection temps réel d'Antivir. 
Est-ce que pour Windows update c'est OK ? 

Smart  
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)

Jicé · Answer

http://pjjoint.malekal.com/files.php?id=20120217_n10b9w7d10v14

Jicé · Answer

C'est bon pour Windows update.

Smart91 · Answer

Super, 

Il se cachait bien celui- la j'aurais dû penser TDSSKiller bien avant 
On va passer à la phase finale. Il nous reste à faire: 
- les mises à jour prioritaires 
- l'optimisation du PC 
- la désinstallation des outils de désinfection 
- les conseils de prévention quand on surfe sur Internet 

Fais les mises à jour suivantes: 

Mise à jour SP1 Windows 7: 
http://www.microsoft.com/downloads/fr-fr/details.aspx?FamilyID=c3202ce6-4056-4059-8a1b-3a9b77cdfdda ou alors par Windows update 

Mise à jour Java 6 update 31 ==> https://www.java.com/fr/download/ 
Décoche la case "Installer la barre d'outils Ask" avant de cliquer sur suivant. 
Ensuite désinstalle par ajout/suppression de programmes toutes les versions de Java 6 dont l'update est infèrieurs à 31 

Mise à jour vers Adobe Reader 10.1.2 
Lance Adobe Reader > Clique sur Aide puis recherche des mises à jour 

Mise à jour flashplayer vers la version 11.1.102.62 
https://get.adobe.com/flashplayer/?loc=fr 
N'oublie pas de décocher la case pour l'installation de la barre d'outil ou tout autre logiciel proposé avec l'installation de FlashPlayer  

Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : https://www.commentcamarche.net/faq/9908-filehippo-app-manager-vos-logiciels-sont-ils-a-jour 
et lis ceci: Pourquoi tenir ses programmes a jour 

Optimisation: 

- Ferme toutes tes applications en cours 
- Lance ZHPFix via le raccourci sur ton Bureau, (Si tu es sous Vista ou Windows 7 noublie pas clic droi ==> en tant qu'administrateur")  
- Si tu ne l'as pas, télécharge le depuis ce lien: https://www.zebulon.fr/telechargements/securite/systeme/zhpfix.html 
- Copie/colle les lignes en gras suivantes : 
  
----------------------------------------------------------  
OPT:O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe 
OPT:O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files (x86)\Launch Manager\LManager.exe 
OPT:O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe 
[HKLM\Software\BrowserChoice] 
OPT:SR - | Auto 27/07/2010 345376 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe 
O43 - CFD: 25/11/2010 - 13:46:46 - [0,002] ----D- C:\ProgramData\Partner 
O43 - CFD: 12/02/2012 - 09:54:46 - [0,024] ----D- C:\ProgramData\Spybot - Search & Destroy 
O43 - CFD: 12/02/2012 - 09:54:46 - [2,214] ----D- C:\Program Files (x86)\Spybot - Search & Destroy     

----------------------------------------------------------  
- Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)  
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes  
- Clique sur le bouton « GO » pour le lancer le nettoyage 
- Copie/colle la totalité du rapport dans ta prochaine réponse  

1. Désinstallation des outils 

- Télécharge DelFix (d'Xplode) sur ton bureau.  
- Lance le, (avec Vista/Seven, clic droit dessus, et sur exécuter en tant qu'administrateur)  
- Sélectionne Suppression  
- Copie/colle le contenu du rapport qui s'ouvrira à l'écran dans ton prochain message.  

Note : Le rapport est également sauvegardé à la racine du disque dur ( C:\DelFixSuppr.txt )  
Une fois le rapport posté sur le forum, relance DelFix en sélectionnant Désinstallation.  

2. Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :  
Avec ce logiciel on va supprimer les fichiers temporaires et inutiles sur ton PC. Ce n'est pas un logiciel qui supprime les infections 
- Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....  
- Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.  
- Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs (Sauvegarde la base de registre).  

3. Il est nécessaire de désactiver puis réactiver la restauration système de Windows 7 pour la purger 

Quelques conseils de Prévention 

- Réactive l'UAC si ce n'est pas déjà fait.  

- Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement. Mais n'oublie pas de faire la mise à jour avant de lancer le scan.  

Installe l'extension de sécurité adblock plus pour bloquer les publicités  
==> http://www.clubic.com/telecharger-fiche45912-adblock-plus.html 

WOT - Extension pour ton navigateur internet :  
Voici une extension à télécharger qui te permettra, en faisant tes recherches sur google, de savoir si le site proposé lors de tes recherches est un site de confiance ou un site à éviter car il pourrait infecter ton PC :  
Pour Firefox : https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/  
Pour internet explorer : https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp  

Ci-dessous un tutoriel pour t'aider à installer WOT: 
==> https://www.commentcamarche.net/faq/15620-wot-web-of-trust-essentiel-pour-l-internaute-avise 

- Installe également ce programme quiva bolque tous les sites qui proposent  des adwares HOSTS Anti-PUPs/Adware 
Clique sur OK pour l'installer.  
Si tu souhaites désinstaller  HOSTS_Anti-PUPs/Adware, lance le raccourci qui a été créé sur le bureau. 
Tu  peus  aussi lancer la commande : %windir%system32HOSTS_Anti-Adware.exe -uninstal en invite de commandel 

- Par rapport au P2P : http://www.libellules.ch/phpBB2/les-risques-securitaires-du-peer-to-peer-en-10-points-t28947.html  

- Les logiciels gratuits à éviter 

- Ouvertures Pop-Up publicitaires 

- Voici un dossier complet sur le prévention et protection, il est absolument à lire (avec Adobe Reader ou Foxit Reader) :  
Prévention et Protection 

- Un autre dossier sur: 
Comment se protéger des logiciels potentiellement indésirables (PUP) 

Sois plus vigilant(e) sur Internet à l'avenir 

Voilà pour moi c'est terminé. Si tu as des questions n'hésite pas 

Smart 
"Si tu n'as pas d'ambitions, tu t'installes au bord de la chute" (Kundera)

Jicé · Answer

Rapport de ZHPFix 1.12.3380 par Nicolas Coolman, Update du 05/02/2011
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-17-02-2012-19-46-26.txt
Run by Banjo at 17/02/2012 19:46:26
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Clé(s) du Registre ==========
SUPPRIME Key: Service: Bonjour Service
SUPPRIME Key**: HKLM\Software\BrowserChoice
ABSENT Key: Service: Bonjour Service

========== Valeur(s) du Registre ==========
SUPPRIME RunValue: Adobe Reader Speed Launcher
SUPPRIME RunValue: LManager

========== Dossier(s) ==========
SUPPRIME Folder: C:\ProgramData\Partner
SUPPRIME Folder: C:\ProgramData\Spybot - Search & Destroy
SUPPRIME Folder: C:\Program Files (x86)\Spybot - Search & Destroy


========== Récapitulatif ==========
3 : Clé(s) du Registre
2 : Valeur(s) du Registre
3 : Dossier(s)


End of clean in 00mn 02s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 13/02/2012 19:54:02 [3536]
C:\ZHP\ZHPFix[R2].txt - 17/02/2012 19:46:26 [1058]

Jicé · Answer

delfix est détecté par avira comme un virus, je dois autoriser le programme ?

Jicé · Answer

# DelFix v8.8 - Rapport créé le 17/02/2012 à 19:58:51
# Mis à jour le 12/02/12 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Banjo - BANJO-PC (Administrateur)
# Exécuté depuis : C:\Users\Banjo\Downloads\delfix.exe
# Option [Suppression]


~~~~~~ Dossiers(s) ~~~~~~

Supprimé : C:\Qoobox
Supprimé : C:\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Users\Banjo\Desktop\RK_Quarantine
Supprimé : C:\Program Files (x86)\ZHPDiag

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\ComboFix.txt
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\RstHosts.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_12.18.22_log.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_13.10.58_log.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_13.12.00_log.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_13.13.50_log.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_13.17.26_log.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_13.32.36_log.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_13.44.22_log.txt
Supprimé : C:\TDSSKiller.2.7.13.0_17.02.2012_13.50.59_log.txt
Supprimé : C:\Users\Banjo\Desktop\RKreport[1].txt
Supprimé : C:\Users\Banjo\Desktop\RKreport[2].txt
Supprimé : C:\Users\Banjo\Desktop\ZHPDiag.txt
Supprimé : C:\Users\Banjo\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\Banjo\Downloads\ComboFix.exe
Supprimé : C:\Users\Banjo\Downloads\Extras.Txt
Supprimé : C:\Users\Banjo\Downloads\OTL.Txt
Supprimé : C:\Users\Banjo\Downloads\RogueKiller.exe
Supprimé : C:\Users\Banjo\Downloadssthosts.exe
Supprimé : C:\Users\Banjo\Downloads	dsskiller.exe
Supprimé : C:\Users\Banjo\Downloads	dsskiller.zip
Supprimé : C:\Users\Banjo\Downloads\ZHPDiag2.exe
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKLM\SOFTWARE\OldTimer Tools
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autres ~~~~~~

-> Prefetch Vidé

*************************

DelFix[S1].txt - [2566 octets] - [17/02/2012 19:58:51]

########## EOF - C:\DelFix[S1].txt - [2690 octets] ##########

Jicé · Answer

J'ai tout fini, sauf la mise à jour des logiciels (qui prend du temps). Mais sinon tout fonctionne très bien pour l'instant.

Merci beaucoup pour ton aide, ta patience et ta persévérance. J'apprécie énormément.

Smart91 · Answer

Heureux de t'avoir aidé

Smart

Virus bloque activation antivir et mises à jo

47 réponses

Discussions similaires

Newsletters