Trojan sirefef AA

nanouu13 Messages postés 66 Statut Membre -  
nanouu13 Messages postés 66 Statut Membre -
Bonjour,

Depuis quelques jours mon antivirus détecte le trojan sirefef aa, impossible de le supprimer, de plus dans mes recherches google il me redirige sur un site "abnow.com". L'antivirus le met en quarantaine mais il revient tout le temps. J'espère qu'une personne voudra bien m'aider, c'est assez embêtant...

Merci

<config>Windows 7 / Firefox 10.0.2</config>
A voir également:

47 réponses

Réponse 1 / 47
nanouu13 Messages postés 66 Statut Membre
 
Je voulais rajouter aussi, qu'après "abnow.com" ça m'envoie sur ce site http://senserhythmgames.com/

Merci
0
Réponse 2 / 47
nanouu13 Messages postés 66 Statut Membre
 
quelqu'un pour m'aider svp :(
0
Réponse 3 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
Bonsoir,

1. Télécharge l'utilitaire TDSSKiller (de Kaspersky) sur ton Bureau.

● Lance TDSSKiller.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Clique sur Start scan.
● Laisse l'outil balayer ton système sans l'interrompre et sans utiliser le PC.
Conserve l'action proposée par défaut par l'outil
▸ Pour TDSS.tdl2 : l'option Delete sera cochée.
▸ Pour TDSS.tdl3 ou TDSS.tdl4 : assure toi que Cure est bien cochée.
▸ Pour "Suspicious object" laisse sur "Skip"
▸ Pour Rootkit.Win32.ZAccess : Choisir Cure pour les fichiers .sys et Delete pour le fichier .exe
● Clique sur Continue puis sur Reboot now si le redémarrage est proposé.
● Le rapport se trouve à la racine du disque principal : C:\TDSSKiller.n° de version_date_heure_log.txt

2. Héberge le rapport sur un des sites suivants :
https://www.cjoint.com/
http://pjjoint.malekal.com/
http://threat-rc.com/
https://textup.fr/
Tu obtiendras un lien que tu me donneras dans ton prochain message afin que je puisse le consulter.

A +
0
Réponse 4 / 47
nanouu13 Messages postés 66 Statut Membre
 
Bonsoir,

Merci pour ta réponse, je n'ai pas réussi à héberger en lien donc je post le rapport ici, ça pourra aider j'espère ^^






21:47:12.0686 4856 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:47:12.0874 4856 ============================================================
21:47:12.0874 4856 Current date / time: 2012/03/04 21:47:12.0874
21:47:12.0874 4856 SystemInfo:
21:47:12.0874 4856
21:47:12.0874 4856 OS Version: 6.1.7600 ServicePack: 0.0
21:47:12.0874 4856 Product type: Workstation
21:47:12.0874 4856 ComputerName: PILOUK-PC
21:47:12.0874 4856 UserName: Pilou k
21:47:12.0874 4856 Windows directory: C:\Windows
21:47:12.0874 4856 System windows directory: C:\Windows
21:47:12.0874 4856 Processor architecture: Intel x86
21:47:12.0874 4856 Number of processors: 2
21:47:12.0874 4856 Page size: 0x1000
21:47:12.0874 4856 Boot type: Normal boot
21:47:12.0874 4856 ============================================================
21:47:14.0218 4856 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:47:14.0296 4856 \Device\Harddisk0\DR0:
21:47:14.0296 4856 MBR used
21:47:14.0296 4856 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11763BFD
21:47:14.0311 4856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11763C7B, BlocksNum 0x109768B0
21:47:14.0327 4856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xB, StartLBA 0x220DA56A, BlocksNum 0xE107D7
21:47:14.0452 4856 Initialize success
21:47:14.0452 4856 ============================================================
21:47:27.0843 0848 ============================================================
21:47:27.0843 0848 Scan started
21:47:27.0843 0848 Mode: Manual;
21:47:27.0843 0848 ============================================================
21:47:28.0249 0848 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:47:28.0249 0848 1394ohci - ok
21:47:28.0296 0848 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:47:28.0296 0848 ACPI - ok
21:47:28.0311 0848 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:47:28.0311 0848 AcpiPmi - ok
21:47:28.0374 0848 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:47:28.0374 0848 adp94xx - ok
21:47:28.0405 0848 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:47:28.0421 0848 adpahci - ok
21:47:28.0436 0848 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:47:28.0452 0848 adpu320 - ok
21:47:28.0483 0848 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
21:47:28.0483 0848 AFD - ok
21:47:28.0514 0848 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:47:28.0514 0848 agp440 - ok
21:47:28.0546 0848 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:47:28.0546 0848 aic78xx - ok
21:47:28.0577 0848 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:47:28.0593 0848 aliide - ok
21:47:28.0858 0848 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:47:28.0874 0848 amdagp - ok
21:47:28.0921 0848 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:47:28.0921 0848 amdide - ok
21:47:28.0952 0848 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:47:28.0952 0848 AmdK8 - ok
21:47:29.0139 0848 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
21:47:29.0327 0848 amdkmdag - ok
21:47:29.0389 0848 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys
21:47:29.0389 0848 amdkmdap - ok
21:47:29.0561 0848 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:47:29.0577 0848 AmdPPM - ok
21:47:29.0749 0848 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
21:47:29.0749 0848 amdsata - ok
21:47:29.0796 0848 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:47:29.0796 0848 amdsbs - ok
21:47:29.0827 0848 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
21:47:29.0843 0848 amdxata - ok
21:47:29.0874 0848 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:47:29.0874 0848 AppID - ok
21:47:29.0936 0848 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:47:29.0936 0848 arc - ok
21:47:29.0952 0848 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:47:29.0952 0848 arcsas - ok
21:47:29.0999 0848 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:29.0999 0848 AsyncMac - ok
21:47:30.0018 0848 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:47:30.0019 0848 atapi - ok
21:47:30.0082 0848 AtiHDAudioService (7b4342936a3885cfe18e5d1df6d55bc5) C:\Windows\system32\drivers\AtihdW73.sys
21:47:30.0082 0848 AtiHDAudioService - ok
21:47:30.0269 0848 atikmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
21:47:30.0301 0848 atikmdag - ok
21:47:30.0394 0848 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:47:30.0394 0848 b06bdrv - ok
21:47:30.0441 0848 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:47:30.0441 0848 b57nd60x - ok
21:47:30.0472 0848 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:47:30.0472 0848 Beep - ok
21:47:30.0504 0848 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:47:30.0504 0848 blbdrive - ok
21:47:30.0551 0848 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
21:47:30.0551 0848 bowser - ok
21:47:30.0566 0848 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:47:30.0566 0848 BrFiltLo - ok
21:47:30.0582 0848 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:47:30.0582 0848 BrFiltUp - ok
21:47:30.0613 0848 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:47:30.0613 0848 Brserid - ok
21:47:30.0629 0848 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:30.0629 0848 BrSerWdm - ok
21:47:30.0644 0848 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:30.0660 0848 BrUsbMdm - ok
21:47:30.0676 0848 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:30.0676 0848 BrUsbSer - ok
21:47:30.0691 0848 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:47:30.0691 0848 BTHMODEM - ok
21:47:30.0722 0848 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:47:30.0722 0848 cdfs - ok
21:47:30.0769 0848 cdrom (8420280ff142cd6e5c40e873bd2f696b) C:\Windows\system32\DRIVERS\cdrom.sys
21:47:31.0636 0848 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdrom.sys. md5: 8420280ff142cd6e5c40e873bd2f696b
21:47:31.0652 0848 cdrom ( LockedFile.Multi.Generic ) - warning
21:47:31.0652 0848 cdrom - detected LockedFile.Multi.Generic (1)
21:47:31.0746 0848 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:47:31.0746 0848 circlass - ok
21:47:31.0777 0848 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:47:31.0793 0848 CLFS - ok
21:47:31.0855 0848 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:31.0855 0848 CmBatt - ok
21:47:31.0871 0848 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:47:31.0871 0848 cmdide - ok
21:47:31.0902 0848 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:47:31.0902 0848 CNG - ok
21:47:31.0918 0848 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:47:31.0933 0848 Compbatt - ok
21:47:31.0980 0848 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:47:31.0996 0848 CompositeBus - ok
21:47:32.0027 0848 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:47:32.0027 0848 crcdisk - ok
21:47:32.0074 0848 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:47:32.0105 0848 CSC - ok
21:47:32.0136 0848 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
21:47:32.0136 0848 DfsC - ok
21:47:32.0152 0848 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:47:32.0152 0848 discache - ok
21:47:32.0199 0848 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:47:32.0199 0848 Disk - ok
21:47:32.0293 0848 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
21:47:32.0324 0848 driverhardwarev2 - ok
21:47:32.0433 0848 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:47:32.0433 0848 drmkaud - ok
21:47:32.0496 0848 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:47:32.0496 0848 dtsoftbus01 - ok
21:47:32.0543 0848 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
21:47:32.0558 0848 DXGKrnl - ok
21:47:32.0683 0848 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:47:32.0761 0848 ebdrv - ok
21:47:32.0824 0848 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:47:32.0824 0848 elxstor - ok
21:47:32.0840 0848 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:47:32.0840 0848 ErrDev - ok
21:47:32.0886 0848 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:47:32.0886 0848 exfat - ok
21:47:32.0902 0848 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:47:32.0918 0848 fastfat - ok
21:47:32.0949 0848 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:47:32.0949 0848 fdc - ok
21:47:32.0980 0848 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:47:32.0980 0848 FileInfo - ok
21:47:33.0011 0848 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:47:33.0011 0848 Filetrace - ok
21:47:33.0027 0848 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:33.0027 0848 flpydisk - ok
21:47:33.0075 0848 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:47:33.0075 0848 FltMgr - ok
21:47:33.0106 0848 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:47:33.0122 0848 FsDepends - ok
21:47:33.0137 0848 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:47:33.0137 0848 Fs_Rec - ok
21:47:33.0184 0848 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
21:47:33.0184 0848 fvevol - ok
21:47:33.0216 0848 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:47:33.0216 0848 gagp30kx - ok
21:47:33.0262 0848 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:47:33.0262 0848 GEARAspiWDM - ok
21:47:33.0294 0848 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:47:33.0294 0848 hcw85cir - ok
21:47:33.0341 0848 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:47:33.0356 0848 HdAudAddService - ok
21:47:33.0372 0848 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:47:33.0372 0848 HDAudBus - ok
21:47:33.0403 0848 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:47:33.0403 0848 HidBatt - ok
21:47:33.0419 0848 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:47:33.0419 0848 HidBth - ok
21:47:33.0450 0848 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:47:33.0450 0848 HidIr - ok
21:47:33.0497 0848 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:47:33.0497 0848 HidUsb - ok
21:47:33.0544 0848 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:47:33.0544 0848 HpSAMD - ok
21:47:33.0575 0848 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:47:33.0575 0848 HTTP - ok
21:47:33.0606 0848 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:47:33.0606 0848 hwpolicy - ok
21:47:33.0637 0848 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:47:33.0637 0848 i8042prt - ok
21:47:33.0669 0848 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
21:47:33.0669 0848 iaStorV - ok
21:47:33.0747 0848 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:47:33.0747 0848 iirsp - ok
21:47:33.0887 0848 IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys
21:47:33.0981 0848 IntcAzAudAddService - ok
21:47:34.0012 0848 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:47:34.0012 0848 intelide - ok
21:47:34.0044 0848 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:47:34.0044 0848 intelppm - ok
21:47:34.0075 0848 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:47:34.0075 0848 IpFilterDriver - ok
21:47:34.0106 0848 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:47:34.0106 0848 IPMIDRV - ok
21:47:34.0122 0848 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:47:34.0122 0848 IPNAT - ok
21:47:34.0231 0848 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:47:34.0231 0848 IRENUM - ok
21:47:34.0278 0848 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:47:34.0278 0848 isapnp - ok
21:47:34.0309 0848 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:47:34.0309 0848 iScsiPrt - ok
21:47:34.0341 0848 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:47:34.0341 0848 kbdclass - ok
21:47:34.0387 0848 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:47:34.0387 0848 kbdhid - ok
21:47:34.0419 0848 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
21:47:34.0419 0848 KSecDD - ok
21:47:34.0450 0848 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
21:47:34.0450 0848 KSecPkg - ok
21:47:34.0591 0848 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:47:34.0591 0848 lltdio - ok
21:47:34.0856 0848 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
21:47:34.0856 0848 LMIInfo - ok
21:47:34.0981 0848 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
21:47:34.0981 0848 lmimirr - ok
21:47:35.0012 0848 LMIRfsClientNP - ok
21:47:35.0059 0848 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:47:35.0059 0848 LMIRfsDriver - ok
21:47:35.0122 0848 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:47:35.0122 0848 LSI_FC - ok
21:47:35.0137 0848 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:47:35.0137 0848 LSI_SAS - ok
21:47:35.0153 0848 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:47:35.0153 0848 LSI_SAS2 - ok
21:47:35.0184 0848 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:47:35.0184 0848 LSI_SCSI - ok
21:47:35.0216 0848 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:47:35.0216 0848 luafv - ok
21:47:35.0278 0848 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:47:35.0278 0848 MBAMProtector - ok
21:47:35.0341 0848 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:47:35.0341 0848 megasas - ok
21:47:35.0372 0848 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:47:35.0387 0848 MegaSR - ok
21:47:35.0419 0848 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:47:35.0419 0848 Modem - ok
21:47:35.0434 0848 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:47:35.0434 0848 monitor - ok
21:47:35.0466 0848 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:47:35.0466 0848 mouclass - ok
21:47:35.0497 0848 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:47:35.0497 0848 mouhid - ok
21:47:35.0528 0848 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:47:35.0528 0848 mountmgr - ok
21:47:35.0591 0848 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
21:47:35.0591 0848 MpFilter - ok
21:47:35.0637 0848 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:47:35.0637 0848 mpio - ok
21:47:35.0700 0848 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:47:35.0700 0848 MpNWMon - ok
21:47:35.0716 0848 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:47:35.0716 0848 mpsdrv - ok
21:47:35.0747 0848 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:47:35.0747 0848 MRxDAV - ok
21:47:35.0794 0848 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:47:35.0794 0848 mrxsmb - ok
21:47:35.0809 0848 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:47:35.0809 0848 mrxsmb10 - ok
21:47:35.0841 0848 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:47:35.0841 0848 mrxsmb20 - ok
21:47:35.0872 0848 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:47:35.0872 0848 msahci - ok
21:47:35.0887 0848 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:47:35.0887 0848 msdsm - ok
21:47:35.0919 0848 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:47:35.0919 0848 Msfs - ok
21:47:35.0950 0848 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:47:35.0950 0848 mshidkmdf - ok
21:47:35.0966 0848 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:47:35.0966 0848 msisadrv - ok
21:47:36.0012 0848 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:47:36.0012 0848 MSKSSRV - ok
21:47:36.0075 0848 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:47:36.0075 0848 MSPCLOCK - ok
21:47:36.0091 0848 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:47:36.0091 0848 MSPQM - ok
21:47:36.0106 0848 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:47:36.0106 0848 MsRPC - ok
21:47:36.0122 0848 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:47:36.0122 0848 mssmbios - ok
21:47:36.0153 0848 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:47:36.0153 0848 MSTEE - ok
21:47:36.0169 0848 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:47:36.0169 0848 MTConfig - ok
21:47:36.0200 0848 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:47:36.0200 0848 Mup - ok
21:47:36.0231 0848 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:47:36.0231 0848 NativeWifiP - ok
21:47:36.0278 0848 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
21:47:36.0294 0848 NDIS - ok
21:47:36.0325 0848 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:47:36.0325 0848 NdisCap - ok
21:47:36.0356 0848 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:47:36.0356 0848 NdisTapi - ok
21:47:36.0387 0848 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
21:47:36.0387 0848 Ndisuio - ok
21:47:36.0403 0848 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
21:47:36.0419 0848 NdisWan - ok
21:47:36.0434 0848 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
21:47:36.0434 0848 NDProxy - ok
21:47:36.0466 0848 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:47:36.0466 0848 NetBIOS - ok
21:47:36.0497 0848 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
21:47:36.0497 0848 NetBT - ok
21:47:36.0559 0848 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:47:36.0559 0848 nfrd960 - ok
21:47:36.0606 0848 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:47:36.0622 0848 NisDrv - ok
21:47:36.0684 0848 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:47:36.0684 0848 Npfs - ok
21:47:36.0700 0848 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:47:36.0700 0848 nsiproxy - ok
21:47:36.0762 0848 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
21:47:36.0809 0848 Ntfs - ok
21:47:36.0825 0848 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:47:36.0825 0848 Null - ok
21:47:36.0856 0848 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
21:47:36.0856 0848 nvraid - ok
21:47:36.0887 0848 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
21:47:36.0887 0848 nvstor - ok
21:47:36.0903 0848 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
21:47:36.0919 0848 nv_agp - ok
21:47:36.0934 0848 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
21:47:36.0934 0848 ohci1394 - ok
21:47:36.0997 0848 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:47:36.0997 0848 Parport - ok
21:47:37.0012 0848 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
21:47:37.0012 0848 partmgr - ok
21:47:37.0044 0848 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:47:37.0044 0848 Parvdm - ok
21:47:37.0059 0848 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
21:47:37.0059 0848 pci - ok
21:47:37.0075 0848 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
21:47:37.0091 0848 pciide - ok
21:47:37.0106 0848 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:47:37.0106 0848 pcmcia - ok
21:47:37.0137 0848 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:47:37.0137 0848 pcw - ok
21:47:37.0169 0848 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:47:37.0184 0848 PEAUTH - ok
21:47:37.0262 0848 Ph3xIB32 (8b7aec0aba77de5d2feac1824c15a3fa) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
21:47:37.0309 0848 Ph3xIB32 - ok
21:47:37.0387 0848 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:47:37.0387 0848 PptpMiniport - ok
21:47:37.0434 0848 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:47:37.0434 0848 Processor - ok
21:47:37.0466 0848 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:47:37.0466 0848 Psched - ok
21:47:37.0528 0848 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:47:37.0575 0848 ql2300 - ok
21:47:37.0606 0848 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:47:37.0606 0848 ql40xx - ok
21:47:37.0622 0848 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:47:37.0622 0848 QWAVEdrv - ok
21:47:37.0653 0848 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:47:37.0653 0848 RasAcd - ok
21:47:37.0684 0848 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:47:37.0684 0848 RasAgileVpn - ok
21:47:37.0716 0848 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:47:37.0716 0848 Rasl2tp - ok
21:47:37.0747 0848 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:47:37.0747 0848 RasPppoe - ok
21:47:37.0762 0848 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:47:37.0762 0848 RasSstp - ok
21:47:37.0794 0848 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
21:47:37.0794 0848 rdbss - ok
21:47:37.0809 0848 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:47:37.0809 0848 rdpbus - ok
21:47:37.0841 0848 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:47:37.0841 0848 RDPCDD - ok
21:47:37.0903 0848 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
21:47:37.0903 0848 RDPDR - ok
21:47:37.0934 0848 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:47:37.0934 0848 RDPENCDD - ok
21:47:37.0950 0848 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:47:37.0966 0848 RDPREFMP - ok
21:47:37.0981 0848 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
21:47:37.0981 0848 RDPWD - ok
21:47:38.0012 0848 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
21:47:38.0012 0848 rdyboost - ok
21:47:38.0059 0848 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:47:38.0059 0848 rspndr - ok
21:47:38.0130 0848 RTL8023xp (4e20765744bfbc16f6d6e5bd5598786b) C:\Windows\system32\DRIVERS\Rtnicxp.sys
21:47:38.0145 0848 RTL8023xp - ok
21:47:38.0161 0848 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
21:47:38.0161 0848 s3cap - ok
21:47:38.0208 0848 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
21:47:38.0208 0848 sbp2port - ok
21:47:38.0270 0848 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
21:47:38.0270 0848 scfilter - ok
21:47:38.0302 0848 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:47:38.0302 0848 secdrv - ok
21:47:38.0348 0848 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:47:38.0348 0848 Serenum - ok
21:47:38.0364 0848 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:47:38.0442 0848 Serial - ok
21:47:38.0458 0848 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:47:38.0458 0848 sermouse - ok
21:47:38.0489 0848 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:47:38.0489 0848 sffdisk - ok
21:47:38.0505 0848 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:47:38.0505 0848 sffp_mmc - ok
21:47:38.0520 0848 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:47:38.0520 0848 sffp_sd - ok
21:47:38.0536 0848 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:47:38.0552 0848 sfloppy - ok
21:47:38.0567 0848 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
21:47:38.0567 0848 sisagp - ok
21:47:38.0598 0848 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:47:38.0598 0848 SiSRaid2 - ok
21:47:38.0614 0848 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:47:38.0630 0848 SiSRaid4 - ok
21:47:38.0677 0848 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:47:38.0677 0848 Smb - ok
21:47:38.0708 0848 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:47:38.0708 0848 spldr - ok
21:47:38.0770 0848 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
21:47:38.0770 0848 srv - ok
21:47:38.0802 0848 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
21:47:38.0817 0848 srv2 - ok
21:47:38.0833 0848 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
21:47:38.0833 0848 srvnet - ok
21:47:38.0864 0848 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
21:47:38.0880 0848 sscdbus - ok
21:47:38.0895 0848 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
21:47:38.0895 0848 sscdmdfl - ok
21:47:38.0911 0848 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
21:47:38.0911 0848 sscdmdm - ok
21:47:38.0958 0848 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:47:38.0958 0848 stexstor - ok
21:47:38.0989 0848 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
21:47:39.0005 0848 storflt - ok
21:47:39.0020 0848 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
21:47:39.0036 0848 storvsc - ok
21:47:39.0052 0848 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:47:39.0052 0848 swenum - ok
21:47:39.0130 0848 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
21:47:39.0161 0848 Tcpip - ok
21:47:39.0223 0848 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
21:47:39.0239 0848 TCPIP6 - ok
21:47:39.0270 0848 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
21:47:39.0270 0848 tcpipreg - ok
21:47:39.0302 0848 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
21:47:39.0302 0848 TDPIPE - ok
21:47:39.0317 0848 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
21:47:39.0317 0848 TDTCP - ok
21:47:39.0348 0848 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
21:47:39.0395 0848 tdx - ok
21:47:39.0411 0848 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
21:47:39.0411 0848 TermDD - ok
21:47:39.0489 0848 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:47:39.0489 0848 tssecsrv - ok
21:47:39.0536 0848 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
21:47:39.0536 0848 tunnel - ok
21:47:39.0552 0848 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:47:39.0552 0848 uagp35 - ok
21:47:39.0583 0848 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
21:47:39.0583 0848 udfs - ok
21:47:39.0630 0848 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:47:39.0630 0848 uliagpkx - ok
21:47:39.0645 0848 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
21:47:39.0645 0848 umbus - ok
21:47:39.0677 0848 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:47:39.0677 0848 UmPass - ok
21:47:39.0708 0848 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
21:47:39.0708 0848 USBAAPL - ok
21:47:39.0723 0848 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
21:47:39.0723 0848 usbccgp - ok
21:47:39.0755 0848 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
21:47:39.0755 0848 usbcir - ok
21:47:39.0770 0848 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
21:47:39.0770 0848 usbehci - ok
21:47:39.0817 0848 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
21:47:39.0817 0848 usbhub - ok
21:47:39.0833 0848 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
21:47:39.0833 0848 usbohci - ok
21:47:39.0848 0848 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:47:39.0848 0848 usbprint - ok
21:47:39.0895 0848 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:47:39.0895 0848 USBSTOR - ok
21:47:39.0927 0848 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
21:47:39.0927 0848 usbuhci - ok
21:47:39.0958 0848 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:47:39.0958 0848 vdrvroot - ok
21:47:40.0036 0848 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:47:40.0036 0848 vga - ok
21:47:40.0052 0848 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:47:40.0052 0848 VgaSave - ok
21:47:40.0067 0848 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
21:47:40.0067 0848 vhdmp - ok
21:47:40.0098 0848 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
21:47:40.0098 0848 viaagp - ok
21:47:40.0114 0848 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:47:40.0114 0848 ViaC7 - ok
21:47:40.0130 0848 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
21:47:40.0145 0848 viaide - ok
21:47:40.0177 0848 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
21:47:40.0177 0848 vmbus - ok
21:47:40.0177 0848 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
21:47:40.0192 0848 VMBusHID - ok
21:47:40.0208 0848 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
21:47:40.0208 0848 volmgr - ok
21:47:40.0223 0848 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:47:40.0239 0848 volmgrx - ok
21:47:40.0255 0848 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
21:47:40.0270 0848 volsnap - ok
21:47:40.0302 0848 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:47:40.0302 0848 vsmraid - ok
21:47:40.0333 0848 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:47:40.0333 0848 vwifibus - ok
21:47:40.0380 0848 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:47:40.0380 0848 WacomPen - ok
21:47:40.0411 0848 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:40.0411 0848 WANARP - ok
21:47:40.0427 0848 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
21:47:40.0427 0848 Wanarpv6 - ok
21:47:40.0458 0848 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:47:40.0458 0848 Wd - ok
21:47:40.0489 0848 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:47:40.0489 0848 Wdf01000 - ok
21:47:40.0536 0848 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:40.0552 0848 WfpLwf - ok
21:47:40.0567 0848 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:47:40.0567 0848 WIMMount - ok
21:47:40.0645 0848 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
21:47:40.0645 0848 WinUsb - ok
21:47:40.0692 0848 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:47:40.0692 0848 WmiAcpi - ok
21:47:40.0723 0848 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:47:40.0739 0848 ws2ifsl - ok
21:47:40.0755 0848 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
21:47:40.0770 0848 WudfPf - ok
21:47:40.0786 0848 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:40.0786 0848 WUDFRd - ok
21:47:40.0833 0848 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:47:40.0848 0848 \Device\Harddisk0\DR0 - ok
21:47:40.0864 0848 Boot (0x1200) (2fa6c83f77a470dbb2b03d4d2913681a) \Device\Harddisk0\DR0\Partition0
21:47:40.0864 0848 \Device\Harddisk0\DR0\Partition0 - ok
21:47:40.0880 0848 Boot (0x1200) (fdc8b08aa79862daac6d7a34b7115a30) \Device\Harddisk0\DR0\Partition1
21:47:40.0880 0848 \Device\Harddisk0\DR0\Partition1 - ok
21:47:40.0895 0848 Boot (0x1200) (b17bb409d1d441c68458638eacf0cdb1) \Device\Harddisk0\DR0\Partition2
21:47:40.0895 0848 \Device\Harddisk0\DR0\Partition2 - ok
21:47:40.0895 0848 ============================================================
21:47:40.0895 0848 Scan finished
21:47:40.0895 0848 ============================================================
21:47:40.0927 5756 Detected object count: 1
21:47:40.0927 5756 Actual detected object count: 1
21:47:59.0519 5756 cdrom ( LockedFile.Multi.Generic ) - skipped by user
21:47:59.0519 5756 cdrom ( LockedFile.Multi.Generic ) - User select action: Skip
21:48:21.0381 3828 ============================================================
21:48:21.0381 3828 Scan started
21:48:21.0381 3828 Mode: Manual;
21:48:21.0381 3828 ============================================================
21:48:21.0709 3828 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
21:48:21.0709 3828 1394ohci - ok
21:48:21.0724 3828 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
21:48:21.0724 3828 ACPI - ok
21:48:21.0756 3828 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
21:48:21.0756 3828 AcpiPmi - ok
21:48:21.0787 3828 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:48:21.0787 3828 adp94xx - ok
21:48:21.0818 3828 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:48:21.0818 3828 adpahci - ok
21:48:21.0849 3828 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:48:21.0849 3828 adpu320 - ok
21:48:21.0881 3828 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
21:48:21.0881 3828 AFD - ok
21:48:21.0912 3828 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
21:48:21.0912 3828 agp440 - ok
21:48:21.0927 3828 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:48:21.0943 3828 aic78xx - ok
21:48:21.0959 3828 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
21:48:21.0959 3828 aliide - ok
21:48:21.0990 3828 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
21:48:21.0990 3828 amdagp - ok
21:48:22.0006 3828 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
21:48:22.0006 3828 amdide - ok
21:48:22.0037 3828 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:48:22.0037 3828 AmdK8 - ok
21:48:22.0256 3828 amdkmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
21:48:22.0302 3828 amdkmdag - ok
21:48:22.0318 3828 amdkmdap (31de9b1ceaa9e25b141232f7f1443239) C:\Windows\system32\DRIVERS\atikmpag.sys
21:48:22.0318 3828 amdkmdap - ok
21:48:22.0365 3828 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:48:22.0365 3828 AmdPPM - ok
21:48:22.0381 3828 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
21:48:22.0381 3828 amdsata - ok
21:48:22.0412 3828 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:48:22.0412 3828 amdsbs - ok
21:48:22.0427 3828 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
21:48:22.0427 3828 amdxata - ok
21:48:22.0459 3828 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
21:48:22.0459 3828 AppID - ok
21:48:22.0490 3828 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:48:22.0490 3828 arc - ok
21:48:22.0506 3828 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:48:22.0506 3828 arcsas - ok
21:48:22.0537 3828 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:48:22.0537 3828 AsyncMac - ok
21:48:22.0552 3828 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
21:48:22.0552 3828 atapi - ok
21:48:22.0584 3828 AtiHDAudioService (7b4342936a3885cfe18e5d1df6d55bc5) C:\Windows\system32\drivers\AtihdW73.sys
21:48:22.0584 3828 AtiHDAudioService - ok
21:48:22.0756 3828 atikmdag (8e6bf8e8b78ba958b30b0c0e83c86c87) C:\Windows\system32\DRIVERS\atikmdag.sys
21:48:22.0802 3828 atikmdag - ok
21:48:22.0865 3828 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:48:22.0865 3828 b06bdrv - ok
21:48:22.0881 3828 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:48:22.0881 3828 b57nd60x - ok
21:48:22.0912 3828 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:48:22.0912 3828 Beep - ok
21:48:22.0927 3828 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:48:22.0927 3828 blbdrive - ok
21:48:22.0959 3828 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
21:48:22.0959 3828 bowser - ok
21:48:22.0974 3828 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:48:22.0974 3828 BrFiltLo - ok
21:48:22.0990 3828 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:48:22.0990 3828 BrFiltUp - ok
21:48:23.0021 3828 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:48:23.0021 3828 Brserid - ok
21:48:23.0037 3828 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:48:23.0037 3828 BrSerWdm - ok
21:48:23.0052 3828 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:48:23.0052 3828 BrUsbMdm - ok
21:48:23.0084 3828 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:48:23.0084 3828 BrUsbSer - ok
21:48:23.0099 3828 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:48:23.0099 3828 BTHMODEM - ok
21:48:23.0131 3828 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:48:23.0131 3828 cdfs - ok
21:48:23.0146 3828 cdrom (8420280ff142cd6e5c40e873bd2f696b) C:\Windows\system32\DRIVERS\cdrom.sys
21:48:23.0943 3828 Suspicious file (NoAccess): C:\Windows\system32\DRIVERS\cdrom.sys. md5: 8420280ff142cd6e5c40e873bd2f696b
21:48:23.0943 3828 cdrom ( LockedFile.Multi.Generic ) - warning
21:48:23.0943 3828 cdrom - detected LockedFile.Multi.Generic (1)
21:48:23.0974 3828 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:48:23.0974 3828 circlass - ok
21:48:24.0006 3828 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:48:24.0006 3828 CLFS - ok
21:48:24.0052 3828 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:48:24.0052 3828 CmBatt - ok
21:48:24.0068 3828 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
21:48:24.0068 3828 cmdide - ok
21:48:24.0099 3828 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
21:48:24.0099 3828 CNG - ok
21:48:24.0131 3828 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:48:24.0131 3828 Compbatt - ok
21:48:24.0146 3828 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:48:24.0162 3828 CompositeBus - ok
21:48:24.0177 3828 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:48:24.0177 3828 crcdisk - ok
21:48:24.0209 3828 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
21:48:24.0224 3828 CSC - ok
21:48:24.0256 3828 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
21:48:24.0256 3828 DfsC - ok
21:48:24.0287 3828 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:48:24.0287 3828 discache - ok
21:48:24.0302 3828 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:48:24.0302 3828 Disk - ok
21:48:24.0410 3828 driverhardwarev2 (a694d8db6d360a3bbb0bd1517f1c1aee) C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
21:48:24.0410 3828 driverhardwarev2 - ok
21:48:24.0488 3828 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:48:24.0488 3828 drmkaud - ok
21:48:24.0551 3828 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:48:24.0551 3828 dtsoftbus01 - ok
21:48:24.0597 3828 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
21:48:24.0613 3828 DXGKrnl - ok
21:48:24.0722 3828 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:48:24.0738 3828 ebdrv - ok
21:48:24.0801 3828 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:48:24.0816 3828 elxstor - ok
21:48:24.0832 3828 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
21:48:24.0832 3828 ErrDev - ok
21:48:24.0863 3828 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:48:24.0863 3828 exfat - ok
21:48:24.0894 3828 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:48:24.0894 3828 fastfat - ok
21:48:24.0910 3828 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:48:24.0910 3828 fdc - ok
21:48:24.0941 3828 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:48:24.0941 3828 FileInfo - ok
21:48:24.0957 3828 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:48:24.0957 3828 Filetrace - ok
21:48:24.0972 3828 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:48:24.0972 3828 flpydisk - ok
21:48:25.0004 3828 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:48:25.0004 3828 FltMgr - ok
21:48:25.0019 3828 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:48:25.0019 3828 FsDepends - ok
21:48:25.0035 3828 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
21:48:25.0051 3828 Fs_Rec - ok
21:48:25.0066 3828 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
21:48:25.0066 3828 fvevol - ok
21:48:25.0082 3828 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:48:25.0082 3828 gagp30kx - ok
21:48:25.0129 3828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:48:25.0129 3828 GEARAspiWDM - ok
21:48:25.0176 3828 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:48:25.0176 3828 hcw85cir - ok
21:48:25.0207 3828 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
21:48:25.0207 3828 HdAudAddService - ok
21:48:25.0222 3828 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:48:25.0238 3828 HDAudBus - ok
21:48:25.0238 3828 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:48:25.0238 3828 HidBatt - ok
21:48:25.0269 3828 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:48:25.0269 3828 HidBth - ok
21:48:25.0285 3828 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:48:25.0285 3828 HidIr - ok
21:48:25.0301 3828 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
21:48:25.0301 3828 HidUsb - ok
21:48:25.0332 3828 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:48:25.0332 3828 HpSAMD - ok
21:48:25.0363 3828 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
21:48:25.0363 3828 HTTP - ok
21:48:25.0379 3828 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
21:48:25.0379 3828 hwpolicy - ok
21:48:25.0394 3828 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:48:25.0394 3828 i8042prt - ok
21:48:25.0430 3828 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
21:48:25.0430 3828 iaStorV - ok
21:48:25.0463 3828 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:48:25.0463 3828 iirsp - ok
21:48:25.0572 3828 IntcAzAudAddService (0c36a7de2b4e6ec301b98ae300547701) C:\Windows\system32\drivers\RTKVHDA.sys
21:48:25.0588 3828 IntcAzAudAddService - ok
21:48:25.0619 3828 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
21:48:25.0619 3828 intelide - ok
21:48:25.0635 3828 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:48:25.0635 3828 intelppm - ok
21:48:25.0650 3828 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:48:25.0650 3828 IpFilterDriver - ok
21:48:25.0681 3828 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:48:25.0681 3828 IPMIDRV - ok
21:48:25.0697 3828 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:48:25.0697 3828 IPNAT - ok
21:48:25.0728 3828 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:48:25.0728 3828 IRENUM - ok
21:48:25.0744 3828 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
21:48:25.0744 3828 isapnp - ok
21:48:25.0775 3828 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
21:48:25.0775 3828 iScsiPrt - ok
21:48:25.0791 3828 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:48:25.0791 3828 kbdclass - ok
21:48:25.0822 3828 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
21:48:25.0822 3828 kbdhid - ok
21:48:25.0838 3828 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
21:48:25.0838 3828 KSecDD - ok
21:48:25.0885 3828 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
21:48:25.0885 3828 KSecPkg - ok
21:48:25.0916 3828 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:48:25.0916 3828 lltdio - ok
21:48:26.0010 3828 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
21:48:26.0010 3828 LMIInfo - ok
21:48:26.0056 3828 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
21:48:26.0056 3828 lmimirr - ok
21:48:26.0072 3828 LMIRfsClientNP - ok
21:48:26.0119 3828 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
21:48:26.0119 3828 LMIRfsDriver - ok
21:48:26.0150 3828 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:48:26.0150 3828 LSI_FC - ok
21:48:26.0166 3828 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:48:26.0166 3828 LSI_SAS - ok
21:48:26.0197 3828 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:48:26.0197 3828 LSI_SAS2 - ok
21:48:26.0213 3828 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:48:26.0213 3828 LSI_SCSI - ok
21:48:26.0244 3828 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:48:26.0244 3828 luafv - ok
21:48:26.0291 3828 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
21:48:26.0291 3828 MBAMProtector - ok
21:48:26.0322 3828 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:48:26.0322 3828 megasas - ok
21:48:26.0353 3828 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:48:26.0353 3828 MegaSR - ok
21:48:26.0385 3828 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:48:26.0385 3828 Modem - ok
21:48:26.0400 3828 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:48:26.0400 3828 monitor - ok
21:48:26.0416 3828 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:48:26.0416 3828 mouclass - ok
21:48:26.0455 3828 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:48:26.0455 3828 mouhid - ok
21:48:26.0470 3828 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
21:48:26.0470 3828 mountmgr - ok
21:48:26.0517 3828 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
21:48:26.0517 3828 MpFilter - ok
21:48:26.0564 3828 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
21:48:26.0564 3828 mpio - ok
21:48:26.0580 3828 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
21:48:26.0580 3828 MpNWMon - ok
21:48:26.0595 3828 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:48:26.0595 3828 mpsdrv - ok
21:48:26.0627 3828 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
21:48:26.0627 3828 MRxDAV - ok
21:48:26.0674 3828 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:26.0674 3828 mrxsmb - ok
21:48:26.0689 3828 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:26.0689 3828 mrxsmb10 - ok
21:48:26.0705 3828 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:26.0705 3828 mrxsmb20 - ok
21:48:26.0736 3828 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
21:48:26.0736 3828 msahci - ok
21:48:26.0752 3828 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
21:48:26.0767 3828 msdsm - ok
21:48:26.0783 3828 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:48:26.0783 3828 Msfs - ok
21:48:26.0814 3828 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:48:26.0814 3828 mshidkmdf - ok
21:48:26.0830 3828 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
21:48:26.0830 3828 msisadrv - ok
21:48:26.0861 3828 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:48:26.0861 3828 MSKSSRV - ok
21:48:26.0877 3828 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:26.0877 3828 MSPCLOCK - ok
21:48:26.0892 3828 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:48:26.0892 3828 MSPQM - ok
21:48:26.0924 3828 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:48:26.0924 3828 MsRPC - ok
21:48:26.0955 3828 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:48:26.0955 3828 mssmbios - ok
21:48:26.0970 3828 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:48:26.0970 3828 MSTEE - ok
21:48:26.0986 3828 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:48:26.0986 3828 MTConfig - ok
21:48:27.0017 3828 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:48:27.0017 3828 Mup - ok
21:48:27.0064 3828 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:48:27.0064 3828 NativeWifiP -
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
re,

L'outil n'as pas trouvé de Zaccess, tu as toujours des alertes ?

1. Analyse le fichier cdrom.sys sur https://www.virustotal.com/gui/
Si un message te dit que le fichier à déjà été analysé, ré-analyse le
Copie-colle l'url affichée dans la barre d'adresse dans ta réponse.
tuto : Analyser un fichier avec VirusTotal

2. Télécharge aswMBR sur ton Bureau.

● Lance aswMBR.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
Refuse la demande de mise à jour
● Clique sur le bouton Scan
● Patiente pendant l'analyse
● Clique sur Save log
● Enregistre le rapport sur le Bureau.
● Copie/colle le rapport dans ton prochain message.

A +
0
Réponse 6 / 47
nanouu13 Messages postés 66 Statut Membre
 
re,

Pour la première partie, je n'ai pas réussi à faire ce que tu me demandes, le fichier cdrom.sys est introuvable.

Et pour la deuxième partie mon pc a redémarré tout seul sans que je puisse enregistrer les logs... Il redémarre tout seul depuis le trojan, je vais réessayer pour que tu puisses voir les logs.
0
Réponse 7 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
ok, on fait autrement.

== == == == == == == == == == == == == == == == == == == == == ==

Sauvegarde tes documents les plus importants.

== == == == == == == == == == == == == == == == == == == == == ==

Télécharge ComboFix de sUBs sur ton bureau (et nulle part ailleurs ! )

!! Ferme toutes tes applications en cours et désactive les protections résidentes de ton PC (Antivirus, Antispywares, Firewall, etc...) !!

Regarde attentivement ce tutoriel pour t'aider : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Si besoin, imprime ce dont tu auras besoin, car ensuite toutes les fenêtres doivent être fermés.

● Lance ComboFix
● Accepte la licence d'utilisation et laisse toi guider par le programme.
Accepte d'installer la console de récupération si tu es sous XP
● Autorise ComboFix a se connecter à internet pour les mises à jour si besoin.
● Il est possible que l'outil est besoin de redémarrer l'ordinateur.

!! Surtout ne rien faire et ne rien toucher pendant le travail de l'outil !!
(risque de plantage complet de l'ordinateur)

● A la fin ComboFix indique l'emplacement du rapport et l'ouvre spontanément.
● Héberge le rapport et donne moi le lien.

!! Réactive les protections résidentes de ton PC !!

Note : Le rapport se trouve normalement à la racine du disque: C:\ComboFix.txt

A +
0
Réponse 8 / 47
nanouu13 Messages postés 66 Statut Membre
 
Il me met les logs en fichier dat donc j'ai pris 2 screens que j'ai hébergé

http://imageshack.com/f/7039930635p

http://imageshack.com/f/ni57022790p

Merci
0
Réponse 9 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
aswMBR crée un fichier .dat et un .txt mais on trouve toujours rien.

Fait ceci maintenant : https://forums.commentcamarche.net/forum/affich-24627287-trojan-sirefef-aa#7

A+
0
Réponse 10 / 47
nanouu13 Messages postés 66 Statut Membre
 
J'ai toujours des alertes aussi oui
0
Réponse 11 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
J'avais compris, sauvegarde tes documents et passe à la suite : https://forums.commentcamarche.net/forum/affich-24627287-trojan-sirefef-aa#7
0
Réponse 12 / 47
nanouu13 Messages postés 66 Statut Membre
 
Désolée j'avais pas vu tes réponses, ça vient à peine de les afficher, je me mets au boulot ^^
0
Réponse 13 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
Pas de soucis, prends le temps de bien lire ce qui est demandé, A +
0
Réponse 14 / 47
nanouu13 Messages postés 66 Statut Membre
 
Voilou, le rapport de combofix :




ComboFix 12-03-04.01 - Pilou k 04/03/2012 23:57:01.1.2 - x86
Microsoft Windows 7 Édition Intégrale 6.1.7600.0.1252.33.1036.18.2558.1735 [GMT 1:00]
Lancé depuis: c:\users\Pilou k\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\everest-ultimate_everest_ultimate_5.50.2100_francais_12281 - Copie.exe
c:\program files\openoffice-org_openoffice.org_3.3.0_final_francais_10677.exe
c:\users\Pilou k\AppData\Local\88ca753a\U
c:\users\Pilou k\AppData\Local\88ca753a\U\00000001.$
c:\users\Pilou k\AppData\Local\88ca753a\U\000000cb.$
c:\users\Pilou k\AppData\Local\88ca753a\U\000000cf.$
c:\users\Pilou k\AppData\Local\88ca753a\U\80000000.@
c:\users\Pilou k\AppData\Local\88ca753a\U\800000c0.$
c:\users\Pilou k\AppData\Local\88ca753a\U\800000cb.$
c:\users\Pilou k\errorlog.tmp
c:\users\Pilou k\errorlogmi.tmp
c:\users\Pilou k\Protection.exe
c:\windows\$NtUninstallKB527$
c:\windows\$NtUninstallKB527$\1084739771
c:\windows\$NtUninstallKB527$\2294969658\@
c:\windows\$NtUninstallKB527$\2294969658\L\xadqgnnk
c:\windows\$NtUninstallKB527$\2294969658\loader.tlb
c:\windows\$NtUninstallKB527$\2294969658\U\@00000001
c:\windows\$NtUninstallKB527$\2294969658\U\@000000c0
c:\windows\$NtUninstallKB527$\2294969658\U\@000000cb
c:\windows\$NtUninstallKB527$\2294969658\U\@000000cf
c:\windows\$NtUninstallKB527$\2294969658\U\@80000000
c:\windows\$NtUninstallKB527$\2294969658\U\@800000c0
c:\windows\$NtUninstallKB527$\2294969658\U\@800000cb
c:\windows\$NtUninstallKB527$\2294969658\U\@800000cf
.
c:\windows\system32\drivers\cdrom.sys était absent
Copie restaurée à partir de - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-04 au 2012-03-04 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-04 23:07 . 2012-03-04 23:10 -------- d-----w- c:\users\Pilou k\AppData\Local\temp
2012-03-04 18:50 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1558EE23-AF52-47DB-8154-19FE4CCF26EC}\mpengine.dll
2012-03-01 17:26 . 2012-03-01 17:26 -------- d-----w- c:\users\Pilou k\AppData\Roaming\Malwarebytes
2012-03-01 17:26 . 2012-03-01 17:26 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 17:26 . 2012-03-01 17:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-01 17:26 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 17:02 . 2012-03-01 17:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-01 16:50 . 2012-03-04 20:00 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-03-01 16:17 . 2012-03-04 23:06 -------- d-sh--w- c:\users\Pilou k\AppData\Local\88ca753a
2012-03-01 15:47 . 2012-03-01 15:47 -------- d-----w- c:\program files\iPod
2012-02-22 20:38 . 2012-03-01 15:48 -------- d-----w- c:\program files\iTunes
2012-02-19 07:30 . 2012-02-19 07:30 -------- d-----w- c:\program files\CCleaner
2012-02-17 15:04 . 2012-02-17 15:04 -------- d-----w- c:\users\Pilou k\.swt
2012-02-15 18:19 . 2012-02-15 18:19 -------- d-----w- c:\users\LogMeInRemoteUser
2012-02-15 18:18 . 2012-02-15 18:18 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-02-15 18:18 . 2012-02-15 18:18 575704 ----a-w- c:\windows\system32\wuapi.dll
2012-02-15 18:18 . 2012-02-15 18:18 35552 ----a-w- c:\windows\system32\wups.dll
2012-02-15 18:18 . 2012-02-15 18:18 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-02-15 18:18 . 2012-02-15 18:18 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-02-15 18:18 . 2012-02-15 18:18 53472 ----a-w- c:\windows\system32\wuauclt.exe
2012-02-15 18:18 . 2012-02-15 18:18 44768 ----a-w- c:\windows\system32\wups2.dll
2012-02-15 18:18 . 2012-02-15 18:18 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-02-15 18:18 . 2012-02-15 18:18 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2012-02-15 18:17 . 2012-02-15 18:17 -------- d-----w- c:\users\Pilou k\AppData\Local\LogMeIn
2012-02-15 18:17 . 2012-01-31 20:30 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-02-15 18:17 . 2012-01-31 20:30 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-02-15 18:17 . 2012-01-31 20:30 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-02-15 18:17 . 2011-09-16 13:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-02-15 18:17 . 2012-01-31 20:30 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-02-15 18:16 . 2012-03-04 23:00 -------- d-----w- c:\programdata\LogMeIn
2012-02-15 18:16 . 2012-02-15 18:19 -------- d-----w- c:\program files\LogMeIn
2012-02-10 15:00 . 2012-02-10 15:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49431120-C7FF-452A-9910-BD5741405A54}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 16:49 . 2011-08-06 17:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 17:43 . 2010-12-16 10:09 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-16 17:43 . 2010-12-16 10:09 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-08 06:03 . 2010-09-18 16:57 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2010-09-10 02:55 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 17:06 . 2012-01-06 17:06 2306328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-06 17:06 . 2012-01-06 17:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-06 17:06 . 2010-12-16 10:09 639312 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-19 08:44 . 2011-10-20 19:10 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-09-03 9726568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-03 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Pilou k\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-9-21 0]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Protection.lnk - c:\users\Pilou k\Protection.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-03-10 311744]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Inspection réseau Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-09 232512]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-04 176128]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-01-31 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-04 6096384]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 214016]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-07-15 101904]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
.
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://jerecherche.org?nav=if&zon=Stpie
uDefault_Search_URL = hxxp://www.jerecherche.org/keyword/
uSearchMigratedDefaultURL = hxxp://www.jerecherche.org
uInternet Settings,ProxyOverride = *.local
Trusted Zone: chat-land.org
TCP: DhcpNameServer = 89.2.0.1 89.2.0.2
FF - ProfilePath - c:\users\Pilou k\AppData\Roaming\Mozilla\Firefox\Profiles\k4tl1rrx.default\
FF - prefs.js: browser.startup.homepage - google.fr
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-228566944-1440548765-3280435419-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-228566944-1440548765-3280435419-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2012-03-05 00:16:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-04 23:16
.
Avant-CF: 9 140 916 224 octets libres
Après-CF: 9 098 940 416 octets libres
.
- - End Of File - - FEC7716814F0F70BE421B4FA69C08F8C
0
Réponse 15 / 47
nanouu13 Messages postés 66 Statut Membre
 
Par contre j'ai tapé la commande combofix /uninstall comme dit dans le tuto pour l'effacer (j'ai seven) et le pc ne m'a pas dit si il a été effacé.
0
Réponse 16 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
Pourquoi l'avoir désinstallé ? 

Note importante: Quand vous désinstallez ComboFix, cela supprime aussi toutes les sauvegardes et toutes les quarantaines qui ont été créées lorsque ComboFix a analysé et nettoyé votre ordinateur. Par conséquent, ne désinstallez ComboFix que si vous êtes sûr à 100% que votre ordinateur fonctionne correctement et que vous n'aurez plus besoin des fichiers qui ont été sauvegardés ou mis en quarantaine.

Sans compter qu'il reste des choses à faire, on doit procéder autrement :

Télécharge OTL (de OldTimer) sur ton Bureau.

Ferme toutes tes applications en cours

● Lance OTL.exe
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● L'interface principale s'ouvre :
● Dans la section Rapport en haut à droite de la fenêtre, coche Rapport minimal
● Coche la case également Tous les utilisateurs
Laisse tous les autres paramètres par défaut
● Dans la partie du bas "Personnalisation", copie/colle la liste en citation : 

%temp%\*.exe /s 
%ALLUSERSPROFILE%\Application Data\*.exe /s 
%ALLUSERSPROFILE%\Application Data\*.
%APPDATA%\*.exe /s 
%APPDATA%\*.
%SYSTEMDRIVE%\*.exe 
%systemroot%\Tasks\*.* /s
CREATERESTOREPOINT

● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● 2 rapports vont s'ouvrir au format bloc-note :
OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
Ne les poste pas sur le forum, ils seraient trop long
● Héberge les sur un des sites suivants :
https://www.cjoint.com/
http://pjjoint.malekal.com/
http://threat-rc.com/
https://textup.fr/
● Tu obtiendras 2 liens que tu me donneras dans ton prochain message.

A +
0
Réponse 17 / 47
nanouu13 Messages postés 66 Statut Membre
 
Désolée pour le retard de réponse je me suis endormie.

Sur le tuto, ça disait qu'il fallait le supprimer après, mais de toute façon j'ai pas réussi à l'effacer je crois.

J'ai les 2 rapports :

https://www.cjoint.com/?BCfcjgKb9Ws

https://www.cjoint.com/?BCfclE8ZW3h

Bonne nuit, merci
0
Réponse 18 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
Bonjour,

Si la protection en temps réel de Malwarebytes Anti-Malware est activée (version PRO ou période d'essai de la version gratuite)
Il faut absolument la désactiver temporairement par clic-droit "Quitter" sur son icône prés de l'heure.

1. Relance OTL
- Sous XP double-clic sur l'icône pour lancer l'outil.
- Sous Vista/Seven clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Dans la partie "Personnalisation", copie/colle les instructions hébergées ici
● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.

Tu peux le retrouver le fichier à la racine du disque : C:\_OTL\MovedFiles

2. Désinstalle McAfee Security Scan (inutile)

3. Tu utilises toujours le navigateur Google Chrome ?
Comment se comporte le pc maintenant ?

A +

«La raison et la logique ne peuvent rien contre l'entêtement et la sottise.»
0
Réponse 19 / 47
nanouu13 Messages postés 66 Statut Membre
 
Bonjour,

J'ai désactivé l'antivirus et j'ai effacé McAfee, pour google apparemment il me dirige vers les bonnes pages mais par contre là j'ai eu encore une alerte du trojan quand j'ai lancé OTL.

Je post le rapport :

https://www.cjoint.com/?BCfoOJccNrH

Merci
0
Réponse 20 / 47
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
re,

Quand je parlais de désactiver temporairement la protection résidente de Malwarebytes, c'était pendant la correction de OTL.

Sur quel fichier as tu eu l'alerte ?

A+
0

Discussions similaires

prelevement bizarre
federicoloco -
nat -

64 réponses
prelevement frauduleux
brunch -
Brunch -

2 réponses
prelevement
reneimois -
MaxGix -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses