Sujet Précédent Sujet Suivant

Virus abnow

Fermé
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012 - 4 mars 2012 à 11:48
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 18 mars 2012 à 21:54
Bonjour,
j'ai détecté le virus abnow et j'aimerai le supprimer sans devoir passer par le pire : le formatage.
Est-ce que quelqu'un pourrait m'aider ?

J'ai déjà lancé un scan avec Malwarebytes qui m'a trouvé deux infections : Rootkit zero access
C'est surement le virus puisque je n'arrive pas à le supprimer.

Merci d'avance.

44 réponses

Réponse 1 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 11:49
Salut,

Télécharge Reload_TDSSKiller

* Lance le

* choisis : lancer le nettoyage

* l'outil va automatiquement télécharger la derniere version puis

* TDSSKiller va s'ouvrir , clique sur "Start Scan"

Clique ici pour l'aide en image
- Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
- Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
- Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
- Si Suspicious file est indiqué, laisse l''option cochée sur Skip
- une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer

sinon , ferme tdssKiller et le rapport s'affichera sur le bureau

* Copie/Colle son contenu dans ta prochaine réponse

@+

0
Réponse 2 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
Modifié par Lie002 le 4/03/2012 à 12:16
Merci beaucoup pour ton aide !

Voici le rapport :

11:59:43.0569 0740 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
11:59:43.0687 0740 ============================================================
11:59:43.0687 0740 Current date / time: 2012/03/04 11:59:43.0687
11:59:43.0687 0740 SystemInfo:
11:59:43.0687 0740
11:59:43.0687 0740 OS Version: 6.1.7601 ServicePack: 1.0
11:59:43.0687 0740 Product type: Workstation
11:59:43.0687 0740 ComputerName: CO-PC
11:59:43.0687 0740 UserName: Co'
11:59:43.0688 0740 Windows directory: C:\Windows
11:59:43.0688 0740 System windows directory: C:\Windows
11:59:43.0688 0740 Running under WOW64
11:59:43.0688 0740 Processor architecture: Intel x64
11:59:43.0688 0740 Number of processors: 2
11:59:43.0688 0740 Page size: 0x1000
11:59:43.0688 0740 Boot type: Normal boot
11:59:43.0688 0740 ============================================================
11:59:44.0529 0740 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:59:44.0535 0740 \Device\Harddisk0\DR0:
11:59:44.0536 0740 MBR used
11:59:44.0536 0740 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
11:59:44.0536 0740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x1B990244
11:59:44.0607 0740 Initialize success
11:59:44.0607 0740 ============================================================
11:59:47.0079 1656 ============================================================
11:59:47.0079 1656 Scan started
11:59:47.0079 1656 Mode: Manual;
11:59:47.0079 1656 ============================================================
11:59:48.0217 1656 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:59:48.0221 1656 1394ohci - ok
11:59:48.0270 1656 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:59:48.0274 1656 ACPI - ok
11:59:48.0387 1656 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:59:48.0389 1656 AcpiPmi - ok
11:59:48.0514 1656 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:59:48.0524 1656 adp94xx - ok
11:59:48.0654 1656 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:59:48.0659 1656 adpahci - ok
11:59:48.0762 1656 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:59:48.0766 1656 adpu320 - ok
11:59:48.0882 1656 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:59:48.0891 1656 AFD - ok
11:59:48.0964 1656 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:59:48.0966 1656 agp440 - ok
11:59:49.0124 1656 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:59:49.0126 1656 aliide - ok
11:59:49.0177 1656 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:59:49.0182 1656 amdide - ok
11:59:49.0257 1656 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:59:49.0260 1656 AmdK8 - ok
11:59:49.0301 1656 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:59:49.0303 1656 AmdPPM - ok
11:59:49.0360 1656 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:59:49.0362 1656 amdsata - ok
11:59:49.0446 1656 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:59:49.0449 1656 amdsbs - ok
11:59:49.0521 1656 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:59:49.0523 1656 amdxata - ok
11:59:49.0611 1656 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:59:49.0613 1656 AppID - ok
11:59:49.0699 1656 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:59:49.0701 1656 arc - ok
11:59:49.0761 1656 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:59:49.0764 1656 arcsas - ok
11:59:49.0848 1656 aswFsBlk (e8184039d57365bee3eaa750375c44ad) C:\Windows\system32\drivers\aswFsBlk.sys
11:59:49.0850 1656 aswFsBlk - ok
11:59:49.0922 1656 aswMonFlt (c671e9548d3d1b4cd15d0b164d9d01c7) C:\Windows\system32\drivers\aswMonFlt.sys
11:59:49.0946 1656 aswMonFlt - ok
11:59:50.0076 1656 aswRdr (dee012d532c3f62ca099961505f41cf6) C:\Windows\system32\drivers\aswRdr.sys
11:59:50.0077 1656 aswRdr - ok
11:59:50.0144 1656 aswSP (56bbd39753b9f7461c4de03c3217249d) C:\Windows\system32\drivers\aswSP.sys
11:59:50.0147 1656 aswSP - ok
11:59:50.0275 1656 aswTdi (193691b35598642a328d880483dc0ed9) C:\Windows\system32\drivers\aswTdi.sys
11:59:50.0276 1656 aswTdi - ok
11:59:50.0344 1656 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:59:50.0345 1656 AsyncMac - ok
11:59:50.0410 1656 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:59:50.0412 1656 atapi - ok
11:59:50.0608 1656 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:59:50.0615 1656 b06bdrv - ok
11:59:50.0733 1656 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:59:50.0737 1656 b57nd60a - ok
11:59:50.0930 1656 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:59:50.0964 1656 BCM43XX - ok
11:59:51.0104 1656 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:59:51.0106 1656 Beep - ok
11:59:51.0205 1656 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:59:51.0207 1656 blbdrive - ok
11:59:51.0255 1656 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:59:51.0289 1656 bowser - ok
11:59:51.0343 1656 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:59:51.0346 1656 BrFiltLo - ok
11:59:51.0400 1656 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:59:51.0402 1656 BrFiltUp - ok
11:59:51.0479 1656 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:59:51.0483 1656 Brserid - ok
11:59:51.0552 1656 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:59:51.0554 1656 BrSerWdm - ok
11:59:51.0624 1656 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:59:51.0625 1656 BrUsbMdm - ok
11:59:51.0662 1656 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:59:51.0663 1656 BrUsbSer - ok
11:59:51.0720 1656 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:59:51.0722 1656 BthEnum - ok
11:59:51.0780 1656 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:59:51.0782 1656 BTHMODEM - ok
11:59:51.0841 1656 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:59:51.0844 1656 BthPan - ok
11:59:51.0924 1656 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:59:51.0931 1656 BTHPORT - ok
11:59:52.0024 1656 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:59:52.0026 1656 BTHUSB - ok
11:59:52.0088 1656 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:59:52.0091 1656 cdfs - ok
11:59:52.0153 1656 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:59:52.0156 1656 cdrom - ok
11:59:52.0247 1656 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:59:52.0249 1656 circlass - ok
11:59:52.0314 1656 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:59:52.0322 1656 CLFS - ok
11:59:52.0445 1656 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:59:52.0447 1656 CmBatt - ok
11:59:52.0494 1656 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:59:52.0496 1656 cmdide - ok
11:59:52.0555 1656 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:59:52.0563 1656 CNG - ok
11:59:52.0681 1656 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:59:52.0683 1656 Compbatt - ok
11:59:52.0784 1656 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:59:52.0786 1656 CompositeBus - ok
11:59:52.0887 1656 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:59:52.0889 1656 crcdisk - ok
11:59:53.0020 1656 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:59:53.0025 1656 DfsC - ok
11:59:53.0057 1656 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:59:53.0059 1656 discache - ok
11:59:53.0135 1656 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:59:53.0137 1656 Disk - ok
11:59:53.0163 1656 DKbFltr - ok
11:59:53.0267 1656 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:59:53.0269 1656 drmkaud - ok
11:59:53.0331 1656 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:59:53.0343 1656 DXGKrnl - ok
11:59:53.0519 1656 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:59:53.0559 1656 ebdrv - ok
11:59:53.0671 1656 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:59:53.0677 1656 elxstor - ok
11:59:53.0769 1656 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:59:53.0771 1656 ErrDev - ok
11:59:53.0814 1656 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:59:53.0817 1656 exfat - ok
11:59:53.0943 1656 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:59:53.0946 1656 fastfat - ok
11:59:54.0037 1656 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:59:54.0039 1656 fdc - ok
11:59:54.0061 1656 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:59:54.0065 1656 FileInfo - ok
11:59:54.0086 1656 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:59:54.0088 1656 Filetrace - ok
11:59:54.0200 1656 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:59:54.0201 1656 flpydisk - ok
11:59:54.0252 1656 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:59:54.0260 1656 FltMgr - ok
11:59:54.0388 1656 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:59:54.0390 1656 FsDepends - ok
11:59:54.0425 1656 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:59:54.0427 1656 Fs_Rec - ok
11:59:54.0544 1656 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:59:54.0548 1656 fvevol - ok
11:59:54.0589 1656 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:59:54.0592 1656 gagp30kx - ok
11:59:54.0781 1656 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:59:54.0783 1656 hcw85cir - ok
11:59:54.0838 1656 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:59:54.0843 1656 HdAudAddService - ok
11:59:54.0911 1656 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:59:54.0914 1656 HDAudBus - ok
11:59:54.0946 1656 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:59:54.0948 1656 HidBatt - ok
11:59:54.0972 1656 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:59:54.0974 1656 HidBth - ok
11:59:55.0058 1656 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:59:55.0060 1656 HidIr - ok
11:59:55.0128 1656 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:59:55.0130 1656 HidUsb - ok
11:59:55.0224 1656 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:59:55.0242 1656 HpSAMD - ok
11:59:55.0305 1656 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:59:55.0315 1656 HTTP - ok
11:59:55.0413 1656 hwdatacard - ok
11:59:55.0468 1656 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:59:55.0469 1656 hwpolicy - ok
11:59:55.0600 1656 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:59:55.0603 1656 i8042prt - ok
11:59:55.0657 1656 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
11:59:55.0660 1656 iaStor - ok
11:59:55.0760 1656 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:59:55.0765 1656 iaStorV - ok
11:59:56.0042 1656 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:59:56.0244 1656 igfx - ok
11:59:56.0425 1656 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:59:56.0427 1656 iirsp - ok
11:59:56.0576 1656 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
11:59:56.0598 1656 IntcAzAudAddService - ok
11:59:56.0684 1656 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:59:56.0685 1656 intelide - ok
11:59:56.0748 1656 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:59:56.0749 1656 intelppm - ok
11:59:56.0814 1656 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:59:56.0819 1656 IpFilterDriver - ok
11:59:56.0882 1656 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:59:56.0884 1656 IPMIDRV - ok
11:59:56.0933 1656 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:59:56.0935 1656 IPNAT - ok
11:59:56.0989 1656 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:59:56.0990 1656 IRENUM - ok
11:59:57.0043 1656 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:59:57.0044 1656 isapnp - ok
11:59:57.0106 1656 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:59:57.0110 1656 iScsiPrt - ok
11:59:57.0156 1656 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:59:57.0158 1656 kbdclass - ok
11:59:57.0232 1656 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:59:57.0233 1656 kbdhid - ok
11:59:57.0273 1656 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:59:57.0275 1656 KSecDD - ok
11:59:57.0325 1656 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:59:57.0328 1656 KSecPkg - ok
11:59:57.0377 1656 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:59:57.0378 1656 ksthunk - ok
11:59:57.0449 1656 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
11:59:57.0451 1656 L1C - ok
11:59:57.0562 1656 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:59:57.0564 1656 lltdio - ok
11:59:57.0678 1656 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:59:57.0681 1656 LSI_FC - ok
11:59:57.0774 1656 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:59:57.0776 1656 LSI_SAS - ok
11:59:57.0800 1656 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:59:57.0802 1656 LSI_SAS2 - ok
11:59:57.0895 1656 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:59:57.0898 1656 LSI_SCSI - ok
11:59:58.0001 1656 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:59:58.0004 1656 luafv - ok
11:59:58.0104 1656 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:59:58.0106 1656 megasas - ok
11:59:58.0124 1656 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:59:58.0129 1656 MegaSR - ok
11:59:58.0180 1656 mod7700 - ok
11:59:58.0212 1656 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:59:58.0213 1656 Modem - ok
11:59:58.0263 1656 MODRC (5ce19c66efc23f2ef0997d5e6ff407f9) C:\Windows\system32\DRIVERS\modrc.sys
11:59:58.0264 1656 MODRC - ok
11:59:58.0330 1656 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:59:58.0332 1656 monitor - ok
11:59:58.0384 1656 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:59:58.0386 1656 mouclass - ok
11:59:58.0470 1656 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:59:58.0471 1656 mouhid - ok
11:59:58.0520 1656 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:59:58.0522 1656 mountmgr - ok
11:59:58.0563 1656 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:59:58.0566 1656 mpio - ok
11:59:58.0629 1656 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:59:58.0631 1656 mpsdrv - ok
11:59:58.0699 1656 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:59:58.0701 1656 MRxDAV - ok
11:59:58.0778 1656 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:59:58.0780 1656 mrxsmb - ok
11:59:58.0820 1656 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:59:58.0825 1656 mrxsmb10 - ok
11:59:58.0894 1656 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:59:58.0897 1656 mrxsmb20 - ok
11:59:58.0961 1656 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:59:58.0963 1656 msahci - ok
11:59:59.0015 1656 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:59:59.0017 1656 msdsm - ok
11:59:59.0064 1656 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:59:59.0065 1656 Msfs - ok
11:59:59.0106 1656 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:59:59.0107 1656 mshidkmdf - ok
11:59:59.0140 1656 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:59:59.0142 1656 msisadrv - ok
11:59:59.0214 1656 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:59:59.0215 1656 MSKSSRV - ok
11:59:59.0252 1656 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:59:59.0253 1656 MSPCLOCK - ok
11:59:59.0308 1656 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:59:59.0310 1656 MSPQM - ok
11:59:59.0363 1656 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:59:59.0368 1656 MsRPC - ok
11:59:59.0425 1656 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:59:59.0430 1656 mssmbios - ok
11:59:59.0487 1656 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:59:59.0488 1656 MSTEE - ok
11:59:59.0532 1656 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:59:59.0533 1656 MTConfig - ok
11:59:59.0555 1656 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:59:59.0557 1656 Mup - ok
11:59:59.0610 1656 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
11:59:59.0611 1656 mwlPSDFilter - ok
11:59:59.0653 1656 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
11:59:59.0655 1656 mwlPSDNServ - ok
11:59:59.0672 1656 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
11:59:59.0674 1656 mwlPSDVDisk - ok
11:59:59.0773 1656 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:59:59.0778 1656 NativeWifiP - ok
11:59:59.0868 1656 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:59:59.0879 1656 NDIS - ok
11:59:59.0942 1656 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:59:59.0943 1656 NdisCap - ok
11:59:59.0993 1656 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:59:59.0994 1656 NdisTapi - ok
12:00:00.0071 1656 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:00:00.0073 1656 Ndisuio - ok
12:00:00.0139 1656 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:00:00.0143 1656 NdisWan - ok
12:00:00.0201 1656 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:00:00.0203 1656 NDProxy - ok
12:00:00.0263 1656 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:00:00.0265 1656 NetBIOS - ok
12:00:00.0326 1656 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:00:00.0330 1656 NetBT - ok
12:00:00.0411 1656 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:00:00.0413 1656 nfrd960 - ok
12:00:00.0446 1656 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:00:00.0447 1656 Npfs - ok
12:00:00.0473 1656 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:00:00.0474 1656 nsiproxy - ok
12:00:00.0574 1656 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:00:00.0592 1656 Ntfs - ok
12:00:00.0683 1656 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
12:00:00.0684 1656 NTIDrvr - ok
12:00:00.0717 1656 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:00:00.0718 1656 Null - ok
12:00:00.0802 1656 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:00:00.0805 1656 nvraid - ok
12:00:00.0843 1656 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:00:00.0846 1656 nvstor - ok
12:00:01.0060 1656 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:00:01.0062 1656 nv_agp - ok
12:00:01.0200 1656 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:00:01.0202 1656 ohci1394 - ok
12:00:01.0322 1656 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:00:01.0323 1656 Parport - ok
12:00:01.0369 1656 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:00:01.0371 1656 partmgr - ok
12:00:01.0406 1656 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:00:01.0410 1656 pci - ok
12:00:01.0483 1656 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:00:01.0498 1656 pciide - ok
12:00:01.0527 1656 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:00:01.0531 1656 pcmcia - ok
12:00:01.0605 1656 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:00:01.0607 1656 pcw - ok
12:00:01.0660 1656 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:00:01.0669 1656 PEAUTH - ok
12:00:01.0816 1656 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:00:01.0819 1656 PptpMiniport - ok
12:00:01.0844 1656 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:00:01.0849 1656 Processor - ok
12:00:01.0964 1656 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:00:01.0966 1656 Psched - ok
12:00:02.0027 1656 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:00:02.0045 1656 ql2300 - ok
12:00:02.0139 1656 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:00:02.0142 1656 ql40xx - ok
12:00:02.0170 1656 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:00:02.0171 1656 QWAVEdrv - ok
12:00:02.0248 1656 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:00:02.0249 1656 RasAcd - ok
12:00:02.0291 1656 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:00:02.0293 1656 RasAgileVpn - ok
12:00:02.0354 1656 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:00:02.0356 1656 Rasl2tp - ok
12:00:02.0445 1656 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:00:02.0447 1656 RasPppoe - ok
12:00:02.0500 1656 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:00:02.0503 1656 RasSstp - ok
12:00:02.0558 1656 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:00:02.0562 1656 rdbss - ok
12:00:02.0602 1656 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:00:02.0603 1656 rdpbus - ok
12:00:02.0647 1656 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:00:02.0648 1656 RDPCDD - ok
12:00:02.0682 1656 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:00:02.0700 1656 RDPENCDD - ok
12:00:02.0727 1656 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:00:02.0728 1656 RDPREFMP - ok
12:00:02.0796 1656 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:00:02.0800 1656 RDPWD - ok
12:00:02.0862 1656 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:00:02.0865 1656 rdyboost - ok
12:00:02.0936 1656 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:00:02.0938 1656 RFCOMM - ok
12:00:02.0996 1656 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:00:02.0997 1656 rspndr - ok
12:00:03.0072 1656 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\System32\Drivers\RtsUStor.sys
12:00:03.0075 1656 RSUSBSTOR - ok
12:00:03.0127 1656 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:00:03.0130 1656 sbp2port - ok
12:00:03.0180 1656 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:00:03.0181 1656 scfilter - ok
12:00:03.0242 1656 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:00:03.0243 1656 secdrv - ok
12:00:03.0290 1656 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:00:03.0292 1656 Serenum - ok
12:00:03.0352 1656 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:00:03.0354 1656 Serial - ok
12:00:03.0416 1656 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:00:03.0418 1656 sermouse - ok
12:00:03.0492 1656 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:00:03.0511 1656 sffdisk - ok
12:00:03.0556 1656 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:00:03.0557 1656 sffp_mmc - ok
12:00:03.0732 1656 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:00:03.0733 1656 sffp_sd - ok
12:00:03.0868 1656 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:00:03.0869 1656 sfloppy - ok
12:00:04.0037 1656 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:00:04.0039 1656 SiSRaid2 - ok
12:00:04.0140 1656 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:00:04.0142 1656 SiSRaid4 - ok
12:00:04.0263 1656 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:00:04.0265 1656 Smb - ok
12:00:04.0370 1656 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:00:04.0378 1656 spldr - ok
12:00:04.0546 1656 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:00:04.0552 1656 srv - ok
12:00:04.0833 1656 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:00:04.0852 1656 srv2 - ok
12:00:04.0973 1656 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:00:04.0976 1656 srvnet - ok
12:00:05.0187 1656 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:00:05.0188 1656 stexstor - ok
12:00:05.0376 1656 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:00:05.0378 1656 swenum - ok
12:00:05.0692 1656 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
12:00:05.0696 1656 SynTP - ok
12:00:06.0075 1656 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:00:06.0136 1656 Tcpip - ok
12:00:06.0519 1656 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:00:06.0532 1656 TCPIP6 - ok
12:00:06.0719 1656 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:00:06.0720 1656 tcpipreg - ok
12:00:06.0867 1656 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:00:06.0869 1656 TDPIPE - ok
12:00:07.0029 1656 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:00:07.0030 1656 TDTCP - ok
12:00:07.0157 1656 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:00:07.0160 1656 tdx - ok
12:00:07.0314 1656 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:00:07.0315 1656 TermDD - ok
12:00:07.0435 1656 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:00:07.0436 1656 tssecsrv - ok
12:00:07.0523 1656 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:00:07.0525 1656 TsUsbFlt - ok
12:00:07.0691 1656 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:00:07.0694 1656 tunnel - ok
12:00:07.0728 1656 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:00:07.0730 1656 uagp35 - ok
12:00:07.0897 1656 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
12:00:07.0899 1656 UBHelper - ok
12:00:08.0099 1656 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:00:08.0104 1656 udfs - ok
12:00:08.0213 1656 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:00:08.0215 1656 uliagpkx - ok
12:00:08.0293 1656 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:00:08.0295 1656 umbus - ok
12:00:08.0409 1656 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:00:08.0410 1656 UmPass - ok
12:00:08.0539 1656 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:00:08.0542 1656 usbaudio - ok
12:00:08.0571 1656 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:00:08.0574 1656 usbccgp - ok
12:00:08.0727 1656 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:00:08.0729 1656 usbcir - ok
12:00:08.0974 1656 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:00:08.0976 1656 usbehci - ok
12:00:09.0128 1656 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:00:09.0133 1656 usbhub - ok
12:00:09.0198 1656 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:00:09.0200 1656 usbohci - ok
12:00:09.0349 1656 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:00:09.0350 1656 usbprint - ok
12:00:09.0448 1656 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:00:09.0449 1656 usbscan - ok
12:00:09.0520 1656 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:00:09.0522 1656 USBSTOR - ok
12:00:09.0717 1656 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
12:00:09.0718 1656 usbuhci - ok
12:00:09.0870 1656 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
12:00:09.0873 1656 usbvideo - ok
12:00:10.0066 1656 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:00:10.0067 1656 vdrvroot - ok
12:00:10.0222 1656 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:00:10.0224 1656 vga - ok
12:00:10.0325 1656 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:00:10.0327 1656 VgaSave - ok
12:00:10.0428 1656 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:00:10.0431 1656 vhdmp - ok
12:00:10.0575 1656 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:00:10.0577 1656 viaide - ok
12:00:10.0702 1656 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:00:10.0704 1656 volmgr - ok
12:00:10.0878 1656 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:00:10.0883 1656 volmgrx - ok
12:00:11.0050 1656 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:00:11.0054 1656 volsnap - ok
12:00:11.0155 1656 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:00:11.0157 1656 vsmraid - ok
12:00:11.0223 1656 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:00:11.0225 1656 vwifibus - ok
12:00:11.0368 1656 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:00:11.0369 1656 vwififlt - ok
12:00:11.0604 1656 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:00:11.0605 1656 WacomPen - ok
12:00:11.0856 1656 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:00:11.0858 1656 WANARP - ok
12:00:11.0863 1656 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:00:11.0865 1656 Wanarpv6 - ok
12:00:12.0042 1656 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:00:12.0043 1656 Wd - ok
12:00:12.0205 1656 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:00:12.0214 1656 Wdf01000 - ok
12:00:12.0386 1656 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:00:12.0387 1656 WfpLwf - ok
12:00:12.0582 1656 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:00:12.0584 1656 WIMMount - ok
12:00:12.0877 1656 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
12:00:12.0878 1656 WinUsb - ok
12:00:13.0122 1656 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:00:13.0123 1656 WmiAcpi - ok
12:00:13.0271 1656 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:00:13.0273 1656 ws2ifsl - ok
12:00:13.0389 1656 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:00:13.0392 1656 WudfPf - ok
12:00:13.0677 1656 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:00:13.0680 1656 WUDFRd - ok
12:00:13.0784 1656 X6va003 - ok
12:00:13.0844 1656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:00:13.0913 1656 \Device\Harddisk0\DR0 - ok
12:00:13.0917 1656 Boot (0x1200) (9379b89905f16cb60fa9eb7c4be744fc) \Device\Harddisk0\DR0\Partition0
12:00:13.0919 1656 \Device\Harddisk0\DR0\Partition0 - ok
12:00:13.0936 1656 Boot (0x1200) (91ec9487b97d47534d250a96e65895eb) \Device\Harddisk0\DR0\Partition1
12:00:13.0938 1656 \Device\Harddisk0\DR0\Partition1 - ok
12:00:13.0939 1656 ============================================================
12:00:13.0939 1656 Scan finished
12:00:13.0939 1656 ============================================================
12:00:13.0956 3508 Detected object count: 0
12:00:13.0956 3508 Actual detected object count: 0
12:01:05.0988 4264 ============================================================
12:01:05.0988 4264 Scan started
12:01:05.0988 4264 Mode: Manual;
12:01:05.0988 4264 ============================================================
12:01:06.0683 4264 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:01:06.0685 4264 1394ohci - ok
12:01:06.0813 4264 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:01:06.0815 4264 ACPI - ok
12:01:06.0965 4264 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:01:06.0965 4264 AcpiPmi - ok
12:01:07.0114 4264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:01:07.0117 4264 adp94xx - ok
12:01:07.0275 4264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:01:07.0277 4264 adpahci - ok
12:01:07.0440 4264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:01:07.0441 4264 adpu320 - ok
12:01:07.0569 4264 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:01:07.0573 4264 AFD - ok
12:01:07.0740 4264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:01:07.0740 4264 agp440 - ok
12:01:07.0890 4264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:01:07.0890 4264 aliide - ok
12:01:07.0932 4264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:01:07.0933 4264 amdide - ok
12:01:08.0035 4264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:01:08.0036 4264 AmdK8 - ok
12:01:08.0134 4264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:01:08.0134 4264 AmdPPM - ok
12:01:08.0182 4264 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:01:08.0183 4264 amdsata - ok
12:01:08.0368 4264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:01:08.0370 4264 amdsbs - ok
12:01:08.0521 4264 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:01:08.0521 4264 amdxata - ok
12:01:08.0611 4264 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:01:08.0612 4264 AppID - ok
12:01:08.0743 4264 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:01:08.0744 4264 arc - ok
12:01:08.0961 4264 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:01:08.0962 4264 arcsas - ok
12:01:09.0148 4264 aswFsBlk (e8184039d57365bee3eaa750375c44ad) C:\Windows\system32\drivers\aswFsBlk.sys
12:01:09.0149 4264 aswFsBlk - ok
12:01:09.0421 4264 aswMonFlt (c671e9548d3d1b4cd15d0b164d9d01c7) C:\Windows\system32\drivers\aswMonFlt.sys
12:01:09.0422 4264 aswMonFlt - ok
12:01:09.0620 4264 aswRdr (dee012d532c3f62ca099961505f41cf6) C:\Windows\system32\drivers\aswRdr.sys
12:01:09.0620 4264 aswRdr - ok
12:01:09.0988 4264 aswSP (56bbd39753b9f7461c4de03c3217249d) C:\Windows\system32\drivers\aswSP.sys
12:01:09.0991 4264 aswSP - ok
12:01:10.0175 4264 aswTdi (193691b35598642a328d880483dc0ed9) C:\Windows\system32\drivers\aswTdi.sys
12:01:10.0175 4264 aswTdi - ok
12:01:10.0333 4264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:01:10.0334 4264 AsyncMac - ok
12:01:10.0444 4264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:01:10.0444 4264 atapi - ok
12:01:10.0596 4264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:01:10.0599 4264 b06bdrv - ok
12:01:10.0744 4264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:01:10.0746 4264 b57nd60a - ok
12:01:10.0961 4264 BCM43XX (b44879610f2dc4a046b14befa3ae72de) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:01:10.0979 4264 BCM43XX - ok
12:01:11.0082 4264 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:01:11.0082 4264 Beep - ok
12:01:11.0105 4264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:01:11.0106 4264 blbdrive - ok
12:01:11.0177 4264 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:01:11.0178 4264 bowser - ok
12:01:11.0343 4264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:01:11.0344 4264 BrFiltLo - ok
12:01:11.0434 4264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:01:11.0434 4264 BrFiltUp - ok
12:01:11.0512 4264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:01:11.0514 4264 Brserid - ok
12:01:11.0641 4264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:01:11.0642 4264 BrSerWdm - ok
12:01:11.0769 4264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:01:11.0770 4264 BrUsbMdm - ok
12:01:11.0819 4264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:01:11.0819 4264 BrUsbSer - ok
12:01:11.0932 4264 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:01:11.0933 4264 BthEnum - ok
12:01:12.0015 4264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:01:12.0015 4264 BTHMODEM - ok
12:01:12.0087 4264 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:01:12.0088 4264 BthPan - ok
12:01:12.0270 4264 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:01:12.0274 4264 BTHPORT - ok
12:01:12.0403 4264 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:01:12.0404 4264 BTHUSB - ok
12:01:12.0545 4264 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:01:12.0546 4264 cdfs - ok
12:01:12.0654 4264 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:01:12.0655 4264 cdrom - ok
12:01:12.0748 4264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:01:12.0748 4264 circlass - ok
12:01:12.0837 4264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:01:12.0839 4264 CLFS - ok
12:01:12.0946 4264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:01:12.0946 4264 CmBatt - ok
12:01:12.0995 4264 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:01:12.0996 4264 cmdide - ok
12:01:13.0122 4264 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:01:13.0125 4264 CNG - ok
12:01:13.0238 4264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:01:13.0238 4264 Compbatt - ok
12:01:13.0274 4264 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:01:13.0275 4264 CompositeBus - ok
12:01:13.0421 4264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:01:13.0421 4264 crcdisk - ok
12:01:13.0499 4264 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:01:13.0501 4264 DfsC - ok
12:01:13.0625 4264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:01:13.0626 4264 discache - ok
12:01:13.0792 4264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:01:13.0792 4264 Disk - ok
12:01:13.0796 4264 DKbFltr - ok
12:01:13.0879 4264 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:01:13.0880 4264 drmkaud - ok
12:01:13.0965 4264 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:01:13.0971 4264 DXGKrnl - ok
12:01:14.0285 4264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:01:14.0306 4264 ebdrv - ok
12:01:14.0494 4264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:01:14.0498 4264 elxstor - ok
12:01:14.0614 4264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:01:14.0615 4264 ErrDev - ok
12:01:14.0759 4264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:01:14.0761 4264 exfat - ok
12:01:14.0900 4264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:01:14.0901 4264 fastfat - ok
12:01:15.0094 4264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:01:15.0095 4264 fdc - ok
12:01:15.0206 4264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:01:15.0207 4264 FileInfo - ok
12:01:15.0232 4264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:01:15.0232 4264 Filetrace - ok
12:01:15.0423 4264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:01:15.0423 4264 flpydisk - ok
12:01:15.0653 4264 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:01:15.0656 4264 FltMgr - ok
12:01:15.0834 4264 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:01:15.0835 4264 FsDepends - ok
12:01:15.0982 4264 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:01:15.0983 4264 Fs_Rec - ok
12:01:16.0111 4264 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:01:16.0114 4264 fvevol - ok
12:01:16.0224 4264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:01:16.0225 4264 gagp30kx - ok
12:01:16.0304 4264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:01:16.0306 4264 hcw85cir - ok
12:01:16.0373 4264 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:01:16.0378 4264 HdAudAddService - ok
12:01:16.0512 4264 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:01:16.0514 4264 HDAudBus - ok
12:01:16.0736 4264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:01:16.0737 4264 HidBatt - ok
12:01:16.0829 4264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:01:16.0831 4264 HidBth - ok
12:01:16.0893 4264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:01:16.0895 4264 HidIr - ok
12:01:17.0085 4264 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
12:01:17.0087 4264 HidUsb - ok
12:01:17.0214 4264 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:01:17.0216 4264 HpSAMD - ok
12:01:17.0284 4264 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:01:17.0292 4264 HTTP - ok
12:01:17.0392 4264 hwdatacard - ok
12:01:17.0503 4264 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:01:17.0504 4264 hwpolicy - ok
12:01:17.0590 4264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:01:17.0592 4264 i8042prt - ok
12:01:17.0736 4264 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
12:01:17.0742 4264 iaStor - ok
12:01:17.0938 4264 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:01:17.0944 4264 iaStorV - ok
12:01:18.0522 4264 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:01:18.0734 4264 igfx - ok
12:01:18.0915 4264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:01:18.0917 4264 iirsp - ok
12:01:19.0199 4264 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
12:01:19.0219 4264 IntcAzAudAddService - ok
12:01:19.0396 4264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:01:19.0397 4264 intelide - ok
12:01:19.0482 4264 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:01:19.0484 4264 intelppm - ok
12:01:19.0638 4264 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:01:19.0639 4264 IpFilterDriver - ok
12:01:19.0757 4264 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:01:19.0759 4264 IPMIDRV - ok
12:01:19.0900 4264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:01:19.0902 4264 IPNAT - ok
12:01:20.0046 4264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:01:20.0047 4264 IRENUM - ok
12:01:20.0188 4264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:01:20.0189 4264 isapnp - ok
12:01:20.0330 4264 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:01:20.0333 4264 iScsiPrt - ok
12:01:20.0468 4264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
12:01:20.0469 4264 kbdclass - ok
12:01:20.0611 4264 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:01:20.0612 4264 kbdhid - ok
12:01:20.0741 4264 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:01:20.0743 4264 KSecDD - ok
12:01:20.0904 4264 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:01:20.0907 4264 KSecPkg - ok
12:01:21.0056 4264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:01:21.0057 4264 ksthunk - ok
12:01:21.0162 4264 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
12:01:21.0163 4264 L1C - ok
12:01:21.0285 4264 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:01:21.0287 4264 lltdio - ok
12:01:21.0402 4264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:01:21.0404 4264 LSI_FC - ok
12:01:21.0486 4264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:01:21.0488 4264 LSI_SAS - ok
12:01:21.0612 4264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:01:21.0614 4264 LSI_SAS2 - ok
12:01:21.0763 4264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:01:21.0765 4264 LSI_SCSI - ok
12:01:21.0847 4264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:01:21.0849 4264 luafv - ok
12:01:21.0939 4264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:01:21.0940 4264 megasas - ok
12:01:22.0059 4264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:01:22.0062 4264 MegaSR - ok
12:01:22.0092 4264 mod7700 - ok
12:01:22.0202 4264 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:01:22.0203 4264 Modem - ok
12:01:22.0286 4264 MODRC (5ce19c66efc23f2ef0997d5e6ff407f9) C:\Windows\system32\DRIVERS\modrc.sys
12:01:22.0288 4264 MODRC - ok
12:01:22.0442 4264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:01:22.0443 4264 monitor - ok
12:01:22.0585 4264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
12:01:22.0587 4264 mouclass - ok
12:01:22.0616 4264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:01:22.0617 4264 mouhid - ok
12:01:22.0766 4264 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:01:22.0768 4264 mountmgr - ok
12:01:22.0898 4264 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:01:22.0901 4264 mpio - ok
12:01:23.0052 4264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:01:23.0053 4264 mpsdrv - ok
12:01:23.0222 4264 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:01:23.0225 4264 MRxDAV - ok
12:01:23.0390 4264 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:01:23.0393 4264 mrxsmb - ok
12:01:23.0489 4264 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:01:23.0492 4264 mrxsmb10 - ok
12:01:23.0584 4264 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:01:23.0587 4264 mrxsmb20 - ok
12:01:23.0763 4264 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:01:23.0764 4264 msahci - ok
12:01:23.0927 4264 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:01:23.0929 4264 msdsm - ok
12:01:24.0065 4264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:01:24.0066 4264 Msfs - ok
12:01:24.0140 4264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:01:24.0141 4264 mshidkmdf - ok
12:01:24.0197 4264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:01:24.0198 4264 msisadrv - ok
12:01:24.0348 4264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:01:24.0349 4264 MSKSSRV - ok
12:01:24.0464 4264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:01:24.0466 4264 MSPCLOCK - ok
12:01:24.0474 4264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:01:24.0475 4264 MSPQM - ok
12:01:24.0654 4264 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:01:24.0658 4264 MsRPC - ok
12:01:24.0782 4264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:01:24.0784 4264 mssmbios - ok
12:01:24.0877 4264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:01:24.0878 4264 MSTEE - ok
12:01:24.0911 4264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:01:24.0912 4264 MTConfig - ok
12:01:24.0945 4264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:01:24.0947 4264 Mup - ok
12:01:25.0055 4264 mwlPSDFilter (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
12:01:25.0057 4264 mwlPSDFilter - ok
12:01:25.0188 4264 mwlPSDNServ (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
12:01:25.0189 4264 mwlPSDNServ - ok
12:01:25.0240 4264 mwlPSDVDisk (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
12:01:25.0241 4264 mwlPSDVDisk - ok
12:01:25.0375 4264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:01:25.0379 4264 NativeWifiP - ok
12:01:25.0579 4264 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:01:25.0592 4264 NDIS - ok
12:01:25.0699 4264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:01:25.0700 4264 NdisCap - ok
12:01:25.0727 4264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:01:25.0729 4264 NdisTapi - ok
12:01:25.0917 4264 Ndisuio (136185f9fb2cc61e573e676aa5402356)
0
Réponse 3 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 13:51
Re,

Avant d'utiliser ComboFix :

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

si tu as ce genre de d'outils sur ton pc Utilise Defogger pour les désactiver temporairement : sinon passe directement à combofix

* Télécharge Defogger (de jpshortstuff) sur ton Bureau
* Lance le

* Une fenêtre apparait : clique sur "Disable"

* Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

===================================================

Attention, avant de commencer, lis attentivement la procédure

********************************************************

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\

* Fais un clic droit sur ce lien, enregistre le dans ton bureau sous un autre nom exemple « ton pseudo.exe »
Voici Aide combofix

* /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\


*Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven)

Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

** SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)

? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

*En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

** /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

*Note : Le rapport se trouve également là : C:\ComboFix.txt


@+

0
Réponse 4 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
4 mars 2012 à 14:09
Re
Je n'arrive pas à télécharger Combofix, même en essayant d'enregistrer sous, les fenêtres se ferment...
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
4 mars 2012 à 14:20
Ah oui, aussi, faut-il désactiver MalwareBytes ? Si oui, comment ?
Merci
0
Réponse 6 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 14:56
Re,

Supprime combofix téléchargé et fais ceci stp :

Lance Combofix en mode sans échec avec prise en charge du réseau : en suivant les instructions déjà citées : >>> ICI <<<

======================================

Démarrage en Mode sans échec avec prise en charge réseau

Pour cela, tu tapotes la touche F8 dès le début de l'allumage du pc sans t'arrêter
Une fenêtre va s'ouvrir tu te déplaces avec les flèches du clavier sur >> démarrer enMode sans échec avec prise en charge réseau
puis tape entrée.
Une fois sur le bureau s'il n'y a pas toutes les couleurs et autres c'est normal !
(Si F8 ne marche pas utilise la touche F5)

=================================
Pourquoi tu veux désinstaller Malwarebytes ? laisse le, il est efficace :-)

@+


0
Réponse 7 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
4 mars 2012 à 15:02
Mais je n'ai pas réussi à télécharger ComboFix, les fenêtres se ferment toutes seules...

Pour Malwarebytes, je ne dois pas le désactiver une fois que j'aurai télécharger ComboFix ?
0
Réponse 8 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 15:25
Re,

Avant de télécharger et d'exécuter combofix :
- Lance défogger puis clique sur : "Disable"
- tous les logiciels de sécurité doivent être désactivé !! (Antivirus, Malwarebytes, pare-feu... ) .

Refais l'opération stp en mode normal

@+

0
Réponse 9 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
Modifié par Lie002 le 4/03/2012 à 15:53
J'ai fait l'opération avec défogger, j'ai cliqué sur Disable, il l'a fait.
Ensuite, J'ai désactiver Malwarebytes et Avast!.
Maintenant, j'aimerai télécharger ComboFix mais ça ne marche pas, je clique droit sur le lien que tu as posté plus haut mais la fenêtre se ferme...
Que faire ?

J'ai peut-être la possibilité de télécharger ComboFix sur 01net.com, est-ce que je le fais ?
0
Réponse 10 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 16:55
Re,
Le lien que je t'ai donné, c'est le lien officiel!
Clique sur : Ce lien, enregistre le fichier sur le bureau de ton PC sous le nom de : Titi.exe puis tu termines le reste des procédures, si le mode normal ne fonctionne pas fais le en mode sans échec avec prise en charge du réseau surtout en suivant les instructions!

==============================

@+

0
Réponse 11 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
4 mars 2012 à 17:06
Ca ne marche pas en mode sans echec avec prise en charge réseau, ça fait exactement la même chose, la fenêtre se ferme...
0
Réponse 12 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 17:16
Re,

1/
Tu peux passer ceci : http://www.malwarecity.com/community/index.php?app=downloads&showfile=34

2/
* Lance Malwarebytes' Anti-Malware
* Fais la mise à jour
* Clique dans l'onglet "Recherche"
* Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
* Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

* Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

* Clique sur OK puis "Afficher les résultats"
*Vérifie que toutes les lignes sont cochées
* Choisis l'option "Supprimer la sélection"
* Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
* Le rapport s'ouvre automatiquement après la suppression, il se trouve aussi dans l'onglet "Rapports/Logs"

* Copie/colle le rapport dans le prochain message


Remarque :
- S'il y'a un problème de mise à jour de mbam, tu peux la faire manuellement en téléchargeant ce fichier puis en l'exécutant.

@+
0
Réponse 13 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
4 mars 2012 à 17:25
1/ J'ai passé ce que tu m'a donné.

2/ J'ai lancé le scan, je poste ça dès que c'est terminé.

Merci
0
Réponse 14 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 17:32
Re,

En attendant le rapport ...

@+


0
Réponse 15 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
4 mars 2012 à 18:20
Re,
Voilà le rapport de Malwarebytes :

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.04.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Co' :: CO-PC [administrateur]

4/03/2012 17:23:16
mbam-log-2012-03-04 (17-23-16).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 352291
Temps écoulé: 52 minute(s), 18 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 6
C:\Windows\assembly\tmp\U\00000001.@ (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\assembly\tmp\U\000000cf.@ (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\assembly\tmp\U\800000c0.@ (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\assembly\tmp\U\800000cb.@ (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\assembly\tmp\U\800000cf.@ (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.

(fin)
0
Réponse 16 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
4 mars 2012 à 19:17
Re,

On a avancé :-) , Vide la quarantaine de Malwarebytes puis lance Combofix comme déjà expliqué .. et poste le rapport stp

@+

0
Réponse 17 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
5 mars 2012 à 17:02
Bonjour,
Voilà le rapport de ComboFix :

ComboFix 12-03-04.02 - Co' 05/03/2012 16:05:54.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.3002.1861 [GMT 1:00]
Lancé depuis: c:\users\Co'\Desktop\lie.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Co'\00Belote.002
c:\users\Co'\AppData\Roaming\cacaoweb
c:\users\Co'\AppData\Roaming\cacaoweb\npdfile.dat
c:\users\Co'\AppData\Roaming\cacaoweb\storage.db
c:\users\Co'\Desktop\Internet Explorer.lnk
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\dds_log_trash.cmd
c:\windows\system32\mqdmmdm.dll
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ossrv
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-05 au 2012-03-05 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-05 15:16 . 2012-03-05 15:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-04 16:22 . 2012-03-04 16:22 335504 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys
2012-03-04 16:21 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 16:21 . 2012-03-04 16:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-04 14:41 . 2012-03-04 14:41 -------- d-----w- C:\TDSSKiller
2012-03-03 22:49 . 2012-03-03 22:49 -------- d-----w- c:\users\Co'\AppData\Roaming\Malwarebytes
2012-03-03 22:49 . 2012-03-03 22:49 -------- d-----w- c:\programdata\Malwarebytes
2012-02-26 17:52 . 2012-03-03 19:49 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-26 17:47 . 2012-03-01 18:52 -------- d-sh--w- c:\users\Co'\AppData\Local\eab8884d
2012-02-24 10:31 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5169FCF1-28C1-4629-BCC6-D2F743C29B7F}\mpengine.dll
2012-02-22 17:51 . 2012-02-22 17:51 -------- d-----w- c:\users\Co'\AppData\Local\Mozilla
2012-02-15 13:06 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 13:06 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 13:06 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 13:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:06 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 13:06 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 13:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-06 16:52 . 2012-02-06 17:00 -------- d-----w- c:\users\Co'\AppData\Roaming\Media Finder
2012-02-06 16:52 . 2012-02-06 16:52 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-02-06 16:52 . 2012-02-06 16:52 1492 ----a-w- C:\user.js
2012-02-06 16:52 . 2012-02-06 16:52 -------- d-----w- c:\users\Co'\AppData\Local\Babylon
2012-02-06 16:52 . 2012-02-06 16:52 -------- d-----w- c:\users\Co'\AppData\Roaming\Babylon
2012-02-06 16:52 . 2012-02-06 16:52 -------- d-----w- c:\programdata\Babylon
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 23:49 . 2012-02-02 18:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2010-08-23 12:25 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files (x86)\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files (x86)\Softonic_France\tbSoft.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58 3913000 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]
2009-11-09 16:38 2331672 ----a-w- c:\program files (x86)\mywebsites.pro-FR\tbmywe.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
2010-11-13 20:58 3913000 ----a-w- c:\program files (x86)\Softonic_France\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{33727f97-486d-4d19-97c3-23f432ef93fc}"= "c:\program files (x86)\mywebsites.pro-FR\tbmywe.dll" [2009-11-09 2331672]
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"= "c:\program files (x86)\Softonic_France\tbSoft.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
.
[HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]
.
[HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Co'\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"Facebook Update"="c:\users\Co'\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-04 137536]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"CardDetectorICON225"="c:\program files (x86)\CardDetector\ICON225\CardDetector.exe" [2008-04-21 270336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Co'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 MODRC;Ultima Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 X6va003;X6va003;c:\users\Co'\AppData\Local\Temp\0036ECA.tmp [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1578313994-4242442387-990387699-1000Core.job
- c:\users\Co'\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 22:17]
.
2012-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1578313994-4242442387-990387699-1000UA.job
- c:\users\Co'\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 22:17]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 18:51]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 18:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"combofix"="c:\lie\CF7437.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
psimsvc
acermemusagecheckservice
backupexecjobengine
ar5211
nmwcd
nimcdldu
freebsd
outpostfirewall
softfax
se44obex
EhttpSrv
BootScreen
dlaifs_m
USBDongle
persfw
zpaction
ossrv
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Co'\AppData\Roaming\Mozilla\Firefox\Profiles\gxuyprkv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{90b49673-5506-483e-b92b-ca0265bd9ca8} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe
Toolbar-Locked - (no file)
WebBrowser-{33727F97-486D-4D19-97C3-23F432EF93FC} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Co'\AppData\Local\Temp\0036ECA.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1578313994-4242442387-990387699-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,3f,7b,60,d9,e3,5c,40,62,60,f5,91,08,d2,50,b5,76,15,00,2e,fe,
50,e4,c7,ec,0e,d6,8d,b0,14,ad,ef,91,52,e6,74,3d,11,0c,2e,1d,67,3f,7b,f0,68,\
"rkeysecu"=hex:fe,73,68,b8,ac,d3,45,6e,e4,5d,54,7b,53,97,55,af
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Heure de fin: 2012-03-05 16:31:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-05 15:31
.
Avant-CF: 117.521.145.856 octets libres
Après-CF: 117.946.925.056 octets libres
.
- - End Of File - - 9D44D34CE452E0D3563A6DD69ED8F1E7
0
Réponse 18 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
5 mars 2012 à 20:00
Re,

=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
-----------------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

* Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
* Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
* Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
__________________________________________________

KillAll::


Folder::
c:\users\Co'\AppData\Roaming\Media Finder
c:\users\Co'\AppData\Local\Babylon
c:\users\Co'\AppData\Roaming\Babylon
c:\programdata\Babylon
c:\program files (x86)\mywebsites.pro-FR

File::
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\users\Co'\AppData\Local\Temp\0036ECA.tmp

Driver::
X6va003

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{33727f97-486d-4d19-97c3-23f432ef93fc}"=-
"{4daac69c-cba7-45e2-9bc8-1044483d3352}"=-
[-HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]
[-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}]
[-HKEY_CLASSES_ROOT\clsid\{33727f97-486d-4d19-97c3-23f432ef93fc}]
[-HKEY_CLASSES_ROOT\clsid\{4daac69c-cba7-45e2-9bc8-1044483d3352}]




__________________________________________________

* Enregistre ce fichier sous le nom CFScript
* Fait un glisser/déposer de ce fichier CFScript sur le fichier
ComboFix.exe comme sur : cette capture
* Combofix se lance, laisse toi guider..

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
Réponse 19 / 44
Lie002 Messages postés 24 Date d'inscription dimanche 4 mars 2012 Statut Membre Dernière intervention 18 mars 2012
5 mars 2012 à 20:45
Re,
Voici le rapport de ComboFix,
Pour mes soucis, je pense que le Virus est supprimé car quand je vais sur Google et que je clique sur un lien, il ne m'envoie plus vers Abnow.com. Maintenant, j'espère qu'il est bien supprimé ^^

Rapport :

ComboFix 12-03-04.02 - Co' 05/03/2012 20:08:07.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.32.1036.18.3002.1655 [GMT 1:00]
Lancé depuis: c:\users\Co'\Desktop\lie.exe
Commutateurs utilisés :: c:\users\Co'\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\ConduitEngine\ConduitEngine.dll"
"c:\users\Co'\AppData\Local\Temp\0036ECA.tmp"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\mywebsites.pro-FR
c:\program files (x86)\mywebsites.pro-FR\INSTALL.LOG
c:\program files (x86)\mywebsites.pro-FR\mywebsites.pro-FRToolbarHelper.exe
c:\program files (x86)\mywebsites.pro-FR\tbmywe.dll
c:\program files (x86)\mywebsites.pro-FR\toolbar.cfg
c:\program files (x86)\mywebsites.pro-FR\UNWISE.EXE
c:\program files (x86)\mywebsites.pro-FR\UNWISE.INI
c:\programdata\Babylon
c:\users\Co'\AppData\Local\Babylon
c:\users\Co'\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Co'\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Co'\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\common.js
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\page2.js
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\page9.html
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\title2.png
c:\users\Co'\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Co'\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.19.zpb
c:\users\Co'\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Co'\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Co'\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Co'\AppData\Roaming\Babylon
c:\users\Co'\AppData\Roaming\Babylon\log_file.txt
c:\users\Co'\AppData\Roaming\Media Finder
c:\users\Co'\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
c:\users\Co'\AppData\Roaming\Media Finder\Temp\downloads.xml
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA003
-------\Service_X6va003
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-05 au 2012-03-05 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-05 19:21 . 2012-03-05 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 18:56 . 2012-03-05 19:04 -------- d-----w- c:\users\Co'\.gimp-2.6
2012-03-05 18:56 . 2012-03-05 18:56 -------- d-----w- c:\program files (x86)\GIMP-2.0
2012-03-04 16:22 . 2012-03-04 16:22 335504 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys
2012-03-04 16:21 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 16:21 . 2012-03-04 16:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-04 14:41 . 2012-03-04 14:41 -------- d-----w- C:\TDSSKiller
2012-03-03 22:49 . 2012-03-03 22:49 -------- d-----w- c:\users\Co'\AppData\Roaming\Malwarebytes
2012-03-03 22:49 . 2012-03-03 22:49 -------- d-----w- c:\programdata\Malwarebytes
2012-02-26 17:52 . 2012-03-03 19:49 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-02-26 17:47 . 2012-03-01 18:52 -------- d-sh--w- c:\users\Co'\AppData\Local\eab8884d
2012-02-24 10:31 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5169FCF1-28C1-4629-BCC6-D2F743C29B7F}\mpengine.dll
2012-02-22 17:51 . 2012-02-22 17:51 -------- d-----w- c:\users\Co'\AppData\Local\Mozilla
2012-02-15 13:06 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 13:06 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 13:06 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 13:06 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:06 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 13:06 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 13:06 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:06 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-06 16:52 . 2012-02-06 16:52 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-02-06 16:52 . 2012-02-06 16:52 1492 ----a-w- C:\user.js
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 23:49 . 2012-02-02 18:53 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2010-08-23 12:25 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-05_15.18.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-29 10:13 . 2012-03-05 15:58 57374 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-05 19:25 47202 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-29 15:55 . 2012-03-05 19:25 19286 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1578313994-4242442387-990387699-1000_UserData.bin
- 2009-07-14 05:30 . 2012-02-26 11:23 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-03-05 15:58 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-07-18 21:24 . 2012-03-05 15:56 3022 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-03-05 15:18 . 2012-03-05 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-05 19:23 . 2012-03-05 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-05 19:23 . 2012-03-05 19:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-05 15:18 . 2012-03-05 15:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-03 12:53 . 2012-03-05 18:52 709086 c:\windows\system32\perfh00C.dat
- 2010-04-03 12:53 . 2012-03-04 16:56 709086 c:\windows\system32\perfh00C.dat
- 2009-07-14 02:36 . 2012-03-04 16:56 620384 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-05 18:52 620384 c:\windows\system32\perfh009.dat
+ 2010-04-03 12:53 . 2012-03-05 18:52 133068 c:\windows\system32\perfc00C.dat
- 2010-04-03 12:53 . 2012-03-04 16:56 133068 c:\windows\system32\perfc00C.dat
- 2009-07-14 02:36 . 2012-03-04 16:56 108566 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-03-05 18:52 108566 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-02-26 11:23 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-03-05 15:58 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-02-26 11:23 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-03-05 15:58 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-03-05 15:17 528788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-05 19:22 528788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-09-28 19:32 . 2012-03-05 19:22 10297715 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1578313994-4242442387-990387699-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Co'\AppData\Local\Akamai\netsession_win.exe" [2012-02-02 3329824]
"Facebook Update"="c:\users\Co'\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-04 137536]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"CardDetectorICON225"="c:\program files (x86)\CardDetector\ICON225\CardDetector.exe" [2008-04-21 270336]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\users\Co'\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'écran et lancement.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 136176]
R3 MODRC;Ultima Infrared Receiver;c:\windows\system32\DRIVERS\modrc.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSP;aswSP; [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1578313994-4242442387-990387699-1000Core.job
- c:\users\Co'\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 22:17]
.
2012-03-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1578313994-4242442387-990387699-1000UA.job
- c:\users\Co'\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-04 22:17]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 18:51]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 18:51]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"combofix"="c:\lie\CF22108.3XE" [2010-11-20 345088]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
psimsvc
acermemusagecheckservice
backupexecjobengine
ar5211
nmwcd
nimcdldu
freebsd
outpostfirewall
softfax
se44obex
EhttpSrv
BootScreen
dlaifs_m
USBDongle
persfw
zpaction
ossrv
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Co'\AppData\Roaming\Mozilla\Firefox\Profiles\gxuyprkv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
Toolbar-Locked - (no file)
Toolbar-{4daac69c-cba7-45e2-9bc8-1044483d3352} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{4DAAC69C-CBA7-45E2-9BC8-1044483D3352} - (no file)
AddRemove-mywebsites.pro-FR Toolbar - c:\progra~2\MYWEBS~1.PRO\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-1578313994-4242442387-990387699-1000\Software\SecuROM\License information*]
"datasecu"=hex:c3,3f,7b,60,d9,e3,5c,40,62,60,f5,91,08,d2,50,b5,76,15,00,2e,fe,
50,e4,c7,ec,0e,d6,8d,b0,14,ad,ef,91,52,e6,74,3d,11,0c,2e,1d,67,3f,7b,f0,68,\
"rkeysecu"=hex:fe,73,68,b8,ac,d3,45,6e,e4,5d,54,7b,53,97,55,af
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Heure de fin: 2012-03-05 20:36:21 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-05 19:36
ComboFix2.txt 2012-03-05 15:31
.
Avant-CF: 117.422.526.464 octets libres
Après-CF: 117.346.226.176 octets libres
.
- - End Of File - - CC7AC1A57331B4B8AD80BC7AF9F51B89
0
Réponse 20 / 44
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
5 mars 2012 à 21:23
Re,

Redémarre ton PC, on va voir ce qui nous reste :

Nous allons effectuer un diagnostic de ton PC:
*Télécharge ZHPDiag sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

* Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag"

/!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »

* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : http://pjjoint.malekal.com/
Si indisponible, tu peux essayer avec l'un de ces liens:
https://www.terafiles.net/
https://www.casimages.com/

* Tuto zhpdiag :
http://www.premiumorange.com/zeb-help-process/zhpdiag.html

Hébergement de rapport sur pjjoint.malekal.com

Rends toi sur pjjoint.malekal.com
* Clique sur le bouton Parcourir
* Sélectionne le fichier que tu veux héberger et clique sur Ouvrir
* Clique sur le bouton Envoyer
* Un message de confirmation s'affiche (L'upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015

* Copie le lien dans ta prochaine réponse.

A demain

Bonne soirée
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses