Aller au contenu

Toum_

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    58

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Toum_

  1. Toum_
    Bonsoir Mark et Pear. Je publie à nouveau le lien sur senduit avant d'envisager une restauration totale si je n'ai toujours pas de réponse. http://senduit.com/2775d7 Merci pour votre aide. A bientôt.
  2. Toum_
    Salut Mark, je suis toujours là je ne sais pas si tu a eu le fichier que tu m'a demander alors je le re-publie voilà le nouveau lien: http://senduit.com/e32e6e Merci à bientôt.
  3. Toum_
    Hello, voilà le lien: http://senduit.com/6a8d39 Merci A tte
  4. Toum_
    So allons-y de toutes façon sinon c'est la restauration totale... Nageons dans ces fameuses eaux inconnues, quoi de plus rigolo pour un informaticien en herbe en mal de sensations fortes (je parle de moi lol)... A bientôt
  5. Toum_
    Et voilà le rapport: http://senduit.com/d38a7f Merci a+
  6. Toum_
    Hello Mark, Me revoilà , navré pour mon absence prolongé, petit imprévu... Voila j'ai suivi tes consigne, l'URL: http://senduit.com/039ed9 Merci a+
  7. Toum_
    Non je n'ai pas modifié les permission, la dernière chose que j'ai installé est le pilote de carte graphique (je me suis rendu conte plus tard que nvidia déconseiller de l'installé sur un acer ressemblant au mien) et plus anciennement j'ai installé un jeu. Pour l'écran aucun choc violent je l'ai cassé en le portant. Les problèmes ne corresponde avec aucun évènement je crois. lol A+ tard
  8. Toum_
    Hello Mark, Pour la restauration j'ai essayé à plusieurs date n'a marché qu'une fois et n'a rien changer, ça aurai été trop facile, en fait c'est la première chose que j'avais essayé lol. Merci a+
  9. Toum_
    Et voilà Subs.txt: ------ REGISTRY: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] - LocalService - nsi, lltdsvc, SSDPSRV, upnphost, SCardSvr, w32time, EventSystem, RemoteRegistry, WinHttpAutoProxySvc, lanmanworkstation, TBS, SLUINotify, THREADORDER, fdrespub, netprofm, fdphost, wcncsvc, QWAVE, Mcx2Svc, WebClient, SstpSvc - LocalSystemNetworkRestricted - hidserv, UxSms, WdiSystemHost, Netman, trkwks, AudioEndpointBuilder, WUDFSvc, irmon, sysmain, IPBusEnum, dot3svc, PcaSvc, EMDMgmt, TabletInputService, wlansvc, WPDBusEnum - NetworkServiceNetworkRestricted - PolicyAgent - LocalServiceNoNetwork - PLA, DPS, BFE, mpssvc, ehstart - NetworkService - CryptSvc, DHCP, TermService, KtmRm, DNSCache, NapAgent, nlasvc, WinRM, WECSVC, Tapisrv - termsvcs - TermService - WerSvcGroup - wersvc - swprv - swprv - LocalServiceNetworkRestricted - DHCP, eventlog, AudioSrv, LmHosts, wscsvc, p2pimsvc, PNRPSvc, p2psvc, WPCSvc, PnrpAutoReg - rpcss - RpcSs - regsvc - RemoteRegistry - wcssvc - WcsPlugInService - DcomLaunch - PlugPlay, DcomLaunch - wdisvc - WdiServiceHost - sdrsvc - sdrsvc - imgsvc - StiSvc - secsvcs - WinDefend - bthsvcs - BthServ - iissvcs - w3svc, was - apphost - apphostsvc - netsvcs - AeLookupSvc, wercplsupport, Themes, CertPropSvc, SCPolicySvc, lanmanserver, gpsvc, IKEEXT, AudioSrv, FastUserSwitchingCompatibility, Ias, Irmon, Nla, Ntmssvc, NWCWorkstation, Nwsapagent, Rasauto, Rasman, Remoteaccess, SENS, Sharedaccess, SRService, Tapisrv, Wmi, WmdmPmSp, TermService, wuauserv, BITS, ShellHWDetection, LogonHours, PCAudit, helpsvc, uploadmgr, iphlpsvc, seclogon, AppInfo, msiscsi, MMCSS, ProfSvc, EapHost, winmgmt, schedule, SessionEnv, browser, hkmsvc HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\iissvcs CoInitializeSecurityParam REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService AuthenticationCapabilities REG_DWORD 8192 (0x2000) CoInitializeSecurityParam REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted CoInitializeSecurityParam REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs AuthenticationCapabilities REG_DWORD 12320 (0x3020) CoInitializeSecurityParam REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService CoInitializeSecurityParam REG_DWORD 1 (0x1) DefaultRpcStackSize REG_DWORD 28 (0x1c) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC CoInitializeSecurityParam REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv CoInitializeSecurityParam REG_DWORD 0 (0x0) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs CoInitializeSecurityParam REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc CoInitializeSecurityParam REG_DWORD 1 (0x1) CoInitializeSecurityAppID REG_SZ {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607} HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport AuthenticationCapabilities REG_DWORD 12320 (0x3020) CoInitializeSecurityParam REG_DWORD 1 (0x1) HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Notification Packages REG_MULTI_SZ scecli\0C:\Program Files\Acer\Acer Bio Protection\PwdFilter\0\0 Authentication Packages REG_MULTI_SZ msv1_0\0\0 ------ SVCHOST SERVICES NOT RUNNING STOPPED: AUTO_START: BITS : Service de transfert intelligent en arrière-plan STOPPED: AUTO_START: Dnscache : Client DNS STOPPED: AUTO_START: dot3svc : Configuration automatique de réseau câblé STOPPED: AUTO_START: Eventlog : Journal d’événements Windows STOPPED: AUTO_START: FDResPub : Publication des ressources de découverte de fonctions STOPPED: AUTO_START: IKEEXT : Modules de génération de clés IKE et AuthIP STOPPED: AUTO_START: iphlpsvc : Assistance IP STOPPED: AUTO_START: MpsSvc : Pare-feu Windows STOPPED: AUTO_START: netprofm : Service Liste des réseaux STOPPED: AUTO_START: NlaSvc : Connaissance des emplacements réseau STOPPED: AUTO_START: PolicyAgent : Agent de stratégie IPsec STOPPED: AUTO_START: RasAuto : Gestionnaire de connexion automatique d'accès distant STOPPED: AUTO_START: RasMan : Gestionnaire de connexions d'accès distant STOPPED: AUTO_START: Schedule : Planificateur de tâches STOPPED: AUTO_START: SharedAccess : Partage de connexion Internet (ICS) STOPPED: AUTO_START: SSDPSRV : Découverte SSDP STOPPED: AUTO_START: TBS : Services de base de module de plateforme sécurisée STOPPED: AUTO_START: W32Time : Horloge Windows STOPPED: AUTO_START: WebClient : WebClient STOPPED: AUTO_START: Wlansvc : Service de configuration automatique WLAN STOPPED: DEMAND_START: Appinfo : Informations d'application STOPPED: DEMAND_START: CertPropSvc : Propagation du certificat STOPPED: DEMAND_START: CryptSvc : Services de chiffrement STOPPED: DEMAND_START: hkmsvc : Gestion des clés et des certificats d'intégrité STOPPED: DEMAND_START: IPBusEnum : Énumérateur de bus IP PnP-X STOPPED: DEMAND_START: lltdsvc : Mappage de découverte de topologie de la couche de liaison STOPPED: DEMAND_START: MSiSCSI : Service Initiateur iSCSI de Microsoft STOPPED: DEMAND_START: napagent : Agent de protection d’accès réseau STOPPED: DEMAND_START: p2pimsvc : Gestionnaire d'identité réseau homologue STOPPED: DEMAND_START: p2psvc : Groupement de mise en réseau de pairs STOPPED: DEMAND_START: pla : Journaux & alertes de performance STOPPED: DEMAND_START: PNRPAutoReg : Service de publication des noms d’ordinateurs PNRP STOPPED: DEMAND_START: PNRPsvc : Protocole de résolution de noms d'homologues STOPPED: DEMAND_START: QWAVE : Expérience audio-vidéo haute qualité Windows STOPPED: DEMAND_START: RemoteRegistry : Registre à distance STOPPED: DEMAND_START: SCardSvr : Carte à puce STOPPED: DEMAND_START: SCPolicySvc : Stratégie de retrait de la carte à puce STOPPED: DEMAND_START: SDRSVC : Sauvegarde Windows STOPPED: DEMAND_START: SessionEnv : Configuration des services Terminal Server STOPPED: DEMAND_START: SLUINotify : Service de notification de l’interface utilisateur SL STOPPED: DEMAND_START: SstpSvc : Service SSTP (Secure Socket Tunneling Protocol) STOPPED: DEMAND_START: swprv : Fournisseur de cliché instantané de logiciel Microsoft STOPPED: DEMAND_START: THREADORDER : Serveur de priorités des threads STOPPED: DEMAND_START: upnphost : Hôte de périphérique UPnP STOPPED: DEMAND_START: wcncsvc : Windows Connect Now - Registre de configuration STOPPED: DEMAND_START: WcsPlugInService : Système de couleurs Windows STOPPED: DEMAND_START: WdiServiceHost : Service hôte WDIServiceHost STOPPED: DEMAND_START: Wecsvc : Collecteur d'événements de Windows STOPPED: DEMAND_START: wercplsupport : Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration STOPPED: DEMAND_START: WinHttpAutoProxySvc : Service de découverte automatique de Proxy Web pour les services HTTP Windows STOPPED: DEMAND_START: WinRM : Gestion à distance de Windows (Gestion WSM) STOPPED: DEMAND_START: WPCSvc : Contrôle parental STOPPED: DISABLED: Mcx2Svc : Service Windows Media Center Extender STOPPED: DISABLED: RemoteAccess : Routage et accès distant ------ SVCHOST CURRENTLY RUNNING: 808- C:\Windows\system32\svchost.exe -k DcomLaunch - DcomLaunch : Lanceur de processus serveur DCOM - PlugPlay : Plug-and-Play 880- C:\Windows\system32\svchost.exe -k rpcss - RpcSs : Appel de procédure distante (RPC) 932- C:\Windows\System32\svchost.exe -k secsvcs - WinDefend : Windows Defender 964- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted - Audiosrv : Audio Windows - Dhcp : Client DHCP - lmhosts : Assistance NetBIOS sur TCP/IP - wscsvc : Centre de sécurité 996- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted - AudioEndpointBuilder : Générateur de points de terminaison du service Audio Windows - EMDMgmt : Service ReadyBoost - hidserv : Accès du périphérique d'interface utilisateur - Netman : Connexions réseau - PcaSvc : Service de l’Assistant Compatibilité des programmes - SysMain : Superfetch - TabletInputService : Service Panneau de saisie Tablet PC - TrkWks : Client de suivi de lien distribué - UxSms : Gestionnaire de sessions du Gestionnaire de fenêtrage - WdiSystemHost : Hôte système de diagnostics - WPDBusEnum : Service Énumérateur d’appareil mobile - wudfsvc : Windows Driver Foundation - Infrastructure de pilote mode-utilisateur 1052- C:\Windows\system32\svchost.exe -k netsvcs - AeLookupSvc : Expérience d’application - Browser : Explorateur d'ordinateurs - EapHost : Protocole EAP (Extensible Authentication Protocol) - gpsvc : Client de stratégie de groupe - LanmanServer : Serveur - MMCSS : Planificateur de classes multimédias - ProfSvc : Service de profil utilisateur - seclogon : Ouverture de session secondaire - SENS : Service de notification d’événements système - ShellHWDetection : Détection matériel noyau - Themes : Thèmes - Winmgmt : Infrastructure de gestion Windows 1180- C:\Windows\system32\svchost.exe -k LocalService - EventSystem : Système d'événement COM+ - fdPHost : Hôte du fournisseur de découverte de fonctions - LanmanWorkstation : Station de travail - nsi : Service Interface du magasin réseau 1968- C:\Windows\system32\svchost.exe -k NetworkService - TapiSrv : Téléphonie - TermService : Services Terminal Server 1196- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork - BFE : Moteur de filtrage de base - DPS : Service de stratégie de diagnostic - ehstart : Lanceur des services Windows Media Center 1756- C:\Windows\system32\svchost.exe -k apphost - AppHostSvc : Application Host Helper Service 1996- C:\Windows\system32\svchost.exe -k bthsvcs - BthServ : Service de prise en charge Bluetooth 2392- C:\Windows\system32\svchost.exe -k imgsvc - stisvc : Acquisition d'image Windows (WIA) 2448- C:\Windows\system32\svchost.exe -k iissvcs - W3SVC : Service de publication World Wide Web - WAS : Service d'activation des processus Windows 2460- C:\Windows\System32\svchost.exe -k WerSvcGroup - WerSvc : Service de rapport d'erreurs Windows ------ SVCHOST SUB-DEPENDENTS nsi = 12 RUNNING: Browser: Explorateur d'ordinateurs RUNNING: LanmanWorkstation: Station de travail RUNNING: Netman: Connexions réseau START_PENDING: Dhcp: Client DHCP STOPPED: iphlpsvc: Assistance IP STOPPED: Netlogon: Netlogon STOPPED: netprofm: Service Liste des réseaux STOPPED: NlaSvc: Connaissance des emplacements réseau STOPPED: SessionEnv: Configuration des services Terminal Server STOPPED: SharedAccess: Partage de connexion Internet (ICS) STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL STOPPED: WinHttpAutoProxySvc: Service de découverte automatique de Proxy Web pour les services HTTP Windows SSDPSRV = 3 STOPPED: Mcx2Svc: Service Windows Media Center Extender STOPPED: upnphost: Hôte de périphérique UPnP STOPPED: WMPNetworkSvc: Service Partage réseau du Lecteur Windows Media upnphost = 1 STOPPED: WMPNetworkSvc: Service Partage réseau du Lecteur Windows Media EventSystem = 5 START_PENDING: SENS: Service de notification d’événements système STOPPED: BITS: Service de transfert intelligent en arrière-plan STOPPED: COMSysApp: Application système COM+ STOPPED: DFSR: Réplication DFS STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL lanmanworkstation = 3 RUNNING: Browser: Explorateur d'ordinateurs STOPPED: Netlogon: Netlogon STOPPED: SessionEnv: Configuration des services Terminal Server netprofm = 1 STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL fdphost = 2 STOPPED: IPBusEnum: Énumérateur de bus IP PnP-X STOPPED: Mcx2Svc: Service Windows Media Center Extender SstpSvc = 4 STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RasMan: Gestionnaire de connexions d'accès distant STOPPED: RemoteAccess: Routage et accès distant STOPPED: SharedAccess: Partage de connexion Internet (ICS) Netman = 1 STOPPED: SharedAccess: Partage de connexion Internet (ICS) AudioEndpointBuilder = 1 RUNNING: Audiosrv: Audio Windows IPBusEnum = 1 STOPPED: Mcx2Svc: Service Windows Media Center Extender BFE = 6 STOPPED: IKEEXT: Modules de génération de clés IKE et AuthIP STOPPED: MpsSvc: Pare-feu Windows STOPPED: PolicyAgent: Agent de stratégie IPsec STOPPED: RemoteAccess: Routage et accès distant STOPPED: SharedAccess: Partage de connexion Internet (ICS) STOPPED: Wecsvc: Collecteur d'événements de Windows mpssvc = 1 STOPPED: Wecsvc: Collecteur d'événements de Windows DHCP = 1 STOPPED: WinHttpAutoProxySvc: Service de découverte automatique de Proxy Web pour les services HTTP Windows TermService = 1 STOPPED: Mcx2Svc: Service Windows Media Center Extender nlasvc = 2 STOPPED: netprofm: Service Liste des réseaux STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL Tapisrv = 4 STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RasMan: Gestionnaire de connexions d'accès distant STOPPED: RemoteAccess: Routage et accès distant STOPPED: SharedAccess: Partage de connexion Internet (ICS) TermService = 1 STOPPED: Mcx2Svc: Service Windows Media Center Extender lanmanserver = 1 RUNNING: Browser: Explorateur d'ordinateurs Rasman = 3 STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RemoteAccess: Routage et accès distant STOPPED: SharedAccess: Partage de connexion Internet (ICS) SENS = 1 STOPPED: COMSysApp: Application système COM+ Tapisrv = 4 STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RasMan: Gestionnaire de connexions d'accès distant STOPPED: RemoteAccess: Routage et accès distant STOPPED: SharedAccess: Partage de connexion Internet (ICS) TermService = 1 STOPPED: Mcx2Svc: Service Windows Media Center Extender ShellHWDetection = 1 RUNNING: stisvc: Acquisition d'image Windows (WIA) MMCSS = 1 RUNNING: Audiosrv: Audio Windows ProfSvc = 1 STOPPED: Appinfo: Informations d'application EapHost = 2 STOPPED: dot3svc: Configuration automatique de réseau câblé STOPPED: Wlansvc: Service de configuration automatique WLAN winmgmt = 3 RUNNING: wscsvc: Centre de sécurité STOPPED: iphlpsvc: Assistance IP STOPPED: SharedAccess: Partage de connexion Internet (ICS) DHCP = 1 STOPPED: WinHttpAutoProxySvc: Service de découverte automatique de Proxy Web pour les services HTTP Windows eventlog = 3 STOPPED: Schedule: Planificateur de tâches STOPPED: usnjsvc: Service Messenger Sharing Folders USN Journal Reader STOPPED: Wecsvc: Collecteur d'événements de Windows p2pimsvc = 3 STOPPED: p2psvc: Groupement de mise en réseau de pairs STOPPED: PNRPAutoReg: Service de publication des noms d’ordinateurs PNRP STOPPED: PNRPsvc: Protocole de résolution de noms d'homologues PNRPSvc = 2 STOPPED: p2psvc: Groupement de mise en réseau de pairs STOPPED: PNRPAutoReg: Service de publication des noms d’ordinateurs PNRP RpcSs = 86 RUNNING: Audiosrv: Audio Windows RUNNING: BFE: Moteur de filtrage de base RUNNING: Browser: Explorateur d'ordinateurs RUNNING: BthServ: Service de prise en charge Bluetooth RUNNING: CLHNService: CLHNService RUNNING: EapHost: Protocole EAP (Extensible Authentication Protocol) RUNNING: EMDMgmt: Service ReadyBoost RUNNING: EventSystem: Système d'événement COM+ RUNNING: fdPHost: Hôte du fournisseur de découverte de fonctions RUNNING: gpsvc: Client de stratégie de groupe RUNNING: gusvc: Google Software Updater RUNNING: KeyIso: Isolation de clé CNG RUNNING: KtmRm: Service KtmRm pour Distributed Transaction Coordinator RUNNING: LanmanServer: Serveur RUNNING: Nero BackItUp Scheduler 4.0: Nero BackItUp Scheduler 4.0 RUNNING: Netman: Connexions réseau RUNNING: PcaSvc: Service de l’Assistant Compatibilité des programmes RUNNING: ProfSvc: Service de profil utilisateur RUNNING: RichVideo: Cyberlink RichVideo Service(CRVS) RUNNING: SamSs: Gestionnaire de comptes de sécurité RUNNING: ShellHWDetection: Détection matériel noyau RUNNING: slsvc: Licence du logiciel RUNNING: Spooler: Spouleur d'impression RUNNING: stisvc: Acquisition d'image Windows (WIA) RUNNING: SysMain: Superfetch RUNNING: TabletInputService: Service Panneau de saisie Tablet PC RUNNING: TapiSrv: Téléphonie RUNNING: TermService: Services Terminal Server RUNNING: TrkWks: Client de suivi de lien distribué RUNNING: W3SVC: Service de publication World Wide Web RUNNING: WAS: Service d'activation des processus Windows RUNNING: WinDefend: Windows Defender RUNNING: Winmgmt: Infrastructure de gestion Windows RUNNING: WPDBusEnum: Service Énumérateur d’appareil mobile RUNNING: wscsvc: Centre de sécurité RUNNING: WSearch: Windows Search START_PENDING: SENS: Service de notification d’événements système STOPPED: Appinfo: Informations d'application STOPPED: BITS: Service de transfert intelligent en arrière-plan STOPPED: CertPropSvc: Propagation du certificat STOPPED: COMSysApp: Application système COM+ STOPPED: CryptSvc: Services de chiffrement STOPPED: DFSR: Réplication DFS STOPPED: dot3svc: Configuration automatique de réseau câblé STOPPED: ehRecvr: Service de réception Windows Media Center STOPPED: ehSched: Service de planification Windows Media Center STOPPED: ehstart: Lanceur des services Windows Media Center STOPPED: FDResPub: Publication des ressources de découverte de fonctions STOPPED: gupdate1c9e234d8a4de30: Service Google Update (gupdate1c9e234d8a4de30) STOPPED: hkmsvc: Gestion des clés et des certificats d'intégrité STOPPED: IKEEXT: Modules de génération de clés IKE et AuthIP STOPPED: IPBusEnum: Énumérateur de bus IP PnP-X STOPPED: iphlpsvc: Assistance IP STOPPED: iPod Service: Service de l’iPod STOPPED: lltdsvc: Mappage de découverte de topologie de la couche de liaison STOPPED: Mcx2Svc: Service Windows Media Center Extender STOPPED: MpsSvc: Pare-feu Windows STOPPED: MSDTC: Coordinateur de transactions distribuées STOPPED: msiserver: Windows Installer STOPPED: napagent: Agent de protection d’accès réseau STOPPED: netprofm: Service Liste des réseaux STOPPED: NlaSvc: Connaissance des emplacements réseau STOPPED: pla: Journaux & alertes de performance STOPPED: PolicyAgent: Agent de stratégie IPsec STOPPED: ProtectedStorage: Emplacement protégé STOPPED: QWAVE: Expérience audio-vidéo haute qualité Windows STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RasMan: Gestionnaire de connexions d'accès distant STOPPED: RemoteAccess: Routage et accès distant STOPPED: RemoteRegistry: Registre à distance STOPPED: Schedule: Planificateur de tâches STOPPED: SCPolicySvc: Stratégie de retrait de la carte à puce STOPPED: SDRSVC: Sauvegarde Windows STOPPED: SessionEnv: Configuration des services Terminal Server STOPPED: SharedAccess: Partage de connexion Internet (ICS) STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL STOPPED: swprv: Fournisseur de cliché instantané de logiciel Microsoft STOPPED: usnjsvc: Service Messenger Sharing Folders USN Journal Reader STOPPED: vds: Disque virtuel STOPPED: VSS: Cliché instantané de volume STOPPED: wcncsvc: Windows Connect Now - Registre de configuration STOPPED: WcsPlugInService: Système de couleurs Windows STOPPED: Wecsvc: Collecteur d'événements de Windows STOPPED: WinRM: Gestion à distance de Windows (Gestion WSM) STOPPED: Wlansvc: Service de configuration automatique WLAN STOPPED: WPCSvc: Contrôle parental PlugPlay = 11 RUNNING: AudioEndpointBuilder: Générateur de points de terminaison du service Audio Windows RUNNING: Audiosrv: Audio Windows RUNNING: TabletInputService: Service Panneau de saisie Tablet PC RUNNING: TapiSrv: Téléphonie RUNNING: wudfsvc: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RasMan: Gestionnaire de connexions d'accès distant STOPPED: RemoteAccess: Routage et accès distant STOPPED: SCardSvr: Carte à puce STOPPED: SharedAccess: Partage de connexion Internet (ICS) STOPPED: vds: Disque virtuel DcomLaunch = 87 RUNNING: Audiosrv: Audio Windows RUNNING: BFE: Moteur de filtrage de base RUNNING: Browser: Explorateur d'ordinateurs RUNNING: BthServ: Service de prise en charge Bluetooth RUNNING: CLHNService: CLHNService RUNNING: EapHost: Protocole EAP (Extensible Authentication Protocol) RUNNING: EMDMgmt: Service ReadyBoost RUNNING: EventSystem: Système d'événement COM+ RUNNING: fdPHost: Hôte du fournisseur de découverte de fonctions RUNNING: gpsvc: Client de stratégie de groupe RUNNING: gusvc: Google Software Updater RUNNING: KeyIso: Isolation de clé CNG RUNNING: KtmRm: Service KtmRm pour Distributed Transaction Coordinator RUNNING: LanmanServer: Serveur RUNNING: Nero BackItUp Scheduler 4.0: Nero BackItUp Scheduler 4.0 RUNNING: Netman: Connexions réseau RUNNING: PcaSvc: Service de l’Assistant Compatibilité des programmes RUNNING: ProfSvc: Service de profil utilisateur RUNNING: RichVideo: Cyberlink RichVideo Service(CRVS) RUNNING: RpcSs: Appel de procédure distante (RPC) RUNNING: SamSs: Gestionnaire de comptes de sécurité RUNNING: ShellHWDetection: Détection matériel noyau RUNNING: slsvc: Licence du logiciel RUNNING: Spooler: Spouleur d'impression RUNNING: stisvc: Acquisition d'image Windows (WIA) RUNNING: SysMain: Superfetch RUNNING: TabletInputService: Service Panneau de saisie Tablet PC RUNNING: TapiSrv: Téléphonie RUNNING: TermService: Services Terminal Server RUNNING: TrkWks: Client de suivi de lien distribué RUNNING: W3SVC: Service de publication World Wide Web RUNNING: WAS: Service d'activation des processus Windows RUNNING: WinDefend: Windows Defender RUNNING: Winmgmt: Infrastructure de gestion Windows RUNNING: WPDBusEnum: Service Énumérateur d’appareil mobile RUNNING: wscsvc: Centre de sécurité RUNNING: WSearch: Windows Search START_PENDING: SENS: Service de notification d’événements système STOPPED: Appinfo: Informations d'application STOPPED: BITS: Service de transfert intelligent en arrière-plan STOPPED: CertPropSvc: Propagation du certificat STOPPED: COMSysApp: Application système COM+ STOPPED: CryptSvc: Services de chiffrement STOPPED: DFSR: Réplication DFS STOPPED: dot3svc: Configuration automatique de réseau câblé STOPPED: ehRecvr: Service de réception Windows Media Center STOPPED: ehSched: Service de planification Windows Media Center STOPPED: ehstart: Lanceur des services Windows Media Center STOPPED: FDResPub: Publication des ressources de découverte de fonctions STOPPED: gupdate1c9e234d8a4de30: Service Google Update (gupdate1c9e234d8a4de30) STOPPED: hkmsvc: Gestion des clés et des certificats d'intégrité STOPPED: IKEEXT: Modules de génération de clés IKE et AuthIP STOPPED: IPBusEnum: Énumérateur de bus IP PnP-X STOPPED: iphlpsvc: Assistance IP STOPPED: iPod Service: Service de l’iPod STOPPED: lltdsvc: Mappage de découverte de topologie de la couche de liaison STOPPED: Mcx2Svc: Service Windows Media Center Extender STOPPED: MpsSvc: Pare-feu Windows STOPPED: MSDTC: Coordinateur de transactions distribuées STOPPED: msiserver: Windows Installer STOPPED: napagent: Agent de protection d’accès réseau STOPPED: netprofm: Service Liste des réseaux STOPPED: NlaSvc: Connaissance des emplacements réseau STOPPED: pla: Journaux & alertes de performance STOPPED: PolicyAgent: Agent de stratégie IPsec STOPPED: ProtectedStorage: Emplacement protégé STOPPED: QWAVE: Expérience audio-vidéo haute qualité Windows STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant STOPPED: RasMan: Gestionnaire de connexions d'accès distant STOPPED: RemoteAccess: Routage et accès distant STOPPED: RemoteRegistry: Registre à distance STOPPED: Schedule: Planificateur de tâches STOPPED: SCPolicySvc: Stratégie de retrait de la carte à puce STOPPED: SDRSVC: Sauvegarde Windows STOPPED: SessionEnv: Configuration des services Terminal Server STOPPED: SharedAccess: Partage de connexion Internet (ICS) STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL STOPPED: swprv: Fournisseur de cliché instantané de logiciel Microsoft STOPPED: usnjsvc: Service Messenger Sharing Folders USN Journal Reader STOPPED: vds: Disque virtuel STOPPED: VSS: Cliché instantané de volume STOPPED: wcncsvc: Windows Connect Now - Registre de configuration STOPPED: WcsPlugInService: Système de couleurs Windows STOPPED: Wecsvc: Collecteur d'événements de Windows STOPPED: WinRM: Gestion à distance de Windows (Gestion WSM) STOPPED: Wlansvc: Service de configuration automatique WLAN STOPPED: WPCSvc: Contrôle parental was = 1 RUNNING: W3SVC: Service de publication World Wide Web et log1.txt: SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 © ******************************************************************************* Folder: C:\Windows Permissions: ******************************************************************************* Username Type Permissions Inheritance ******************************************************************************* PC-DE-TOUM\Administrateurs Allowed Full Control This Folder/File Only (Inherited) PC-DE-TOUM\Administrateurs Allowed Special (Unknown) Subfolders and Files only (Inherited) AUTORITE NT\SYSTEM Allowed Full Control This Folder/File Only (Inherited) AUTORITE NT\SYSTEM Allowed Special (Unknown) Subfolders and Files only (Inherited) PC-DE-TOUM\Utilisateurs Allowed Read and Execute This Folder, Subfolders and Files (Inherited) AUTORITE NT\Utilisateurs authentifiés Allowed Modify This Folder/File Only (Inherited) AUTORITE NT\Utilisateurs authentifiés Allowed Special (A) Subfolders and Files only (Inherited) No Auditing set Owner: S-1-5-21-1715567821-1500820517-839522115-1003 (\S-1-5-21-1715567821-1500820517-839522115-1003) Merci A+
  10. Toum_
    Salut Mark, ravi de faire parti des premiers privilégiés infectés, lol... Non sans blague merci pour ton aide, bon courage et à bientôt. Toum
  11. Toum_
    Bonjour Mark, Voici le rapport générer: SteelWerX Extended Configuration Access Control Lists Written by Bobbi Flekman 2006 © ******************************************************************************* File: C:\Windows\System32\svchost.exe Permissions: ******************************************************************************* Username Type Permissions Inheritance ******************************************************************************* NT SERVICE\TrustedInstaller Allowed Full Control This Folder/File Only PC-DE-TOUM\Administrateurs Allowed Read and Execute This Folder/File Only AUTORITE NT\SYSTEM Allowed Read and Execute This Folder/File Only PC-DE-TOUM\Utilisateurs Allowed Read and Execute This Folder/File Only Auditing: ******************************************************************************* Username Type Access Inheritance ******************************************************************************* \Tout le monde All Special (DCA9532) This Folder/File Only Owner: TrustedInstaller (NT SERVICE\TrustedInstaller) Merci A+ Toum
  12. Toum_
    Ça marche. Merci beaucoup pour ton aide.
  13. Toum_
    J'ai désinstaller Avast et suivi tes instruction toujours le même message d'erreur pour combofix. Je n'ai que ce disque externe pour les transferts. Les services qui ne démarre pas sont par exemple celui qui gère internet ou celui qui gère le centre de sécurité il n'y à pas de messages d'erreur car le services qui gère ces messages ne démarre pas non plus. Merci à plus tard
  14. Toum_
    J'ai trouvé comment restaurer l'ordi mais aux parametres usines.
  15. Toum_
    Oh fait je ne sais pas ce qu'est la partition de recouvrement acer, elle est dans les outils systèmes? A+ merci
  16. Toum_
    Hello Mark, Oui je n'ai toujours pas de connexion ni avast et plein de services windows n'arrive pas à démarer, j'ai juste changer le pilotes de la carte graphique mais je ne crois pas avoir fais d'autres grosse modifications (ormis avoir pété l'écran ). Tu m'a parlé de problemss dans ton dernier messages genre Starforce, dois-je suprimer certain fichier ou autres? Merci, soigne toi bien.
  17. Toum_
    Bonsoir Mark, merci pour ton aide, alors voici le rapport exehelper: exeHelper by Raktor Build 20091021 Run at 19:55:05 on 10/23/09 Now searching... Checking for numerical processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- Concernat combofix toujours le meme message d'erreur: some instalation files are corrupt, please download a fresh version and retry" et concernant les cd de windows je n'avais pas gravé les cd quand windows me l'a proposé mais je n'ai pas eu de cd windows avec l'ordi quand je l'ai acheté légalement avec une version de windows tout aussi légale (lol). Merci à plus tard
  18. Toum_
    Y aurai t'il un autre moyens pour suprimer ce processus? Merci
  19. Toum_
    je n'arrive pas a supprimer le processus dans sysprot. Message: Failed to disable driver/service
  20. Toum_
    voila: Running from: C:\Users\Toum\Desktop\win32kdiag.exe Log file at : C:\Users\Toum\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\bthservsdp.dat Attempting to restore permissions of : C:\Windows\bthservsdp.dat Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Finished!
  21. Toum_
    Il ne parvient pas à désactiver "ajj01e9s.SYS Comment faire? Merci
  22. Toum_
    Pour sysprot je clique sur disable pour tous les "kernel modules" en rouge?
  23. Toum_
    Le rapport win32kdiag: unning from: C:\Users\Toum\Desktop\Win32kDiag.exe Log file at : C:\Users\Toum\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\Windows'... Cannot access: C:\Windows\bthservsdp.dat [1] 2009-10-22 15:06:18 12 C:\Windows\bthservsdp.dat () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl [1] 2009-10-22 18:16:20 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl [1] 2009-10-22 18:17:06 21896 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl [1] 2009-10-22 18:22:12 274960 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl [1] 2009-10-22 18:25:39 525368 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl () Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl [1] 2009-10-22 18:13:47 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl () Finished! A priori ça n'a pas marché non plus...
  24. Toum_
    voila le rapport sysprot, je crois qu'il à planter aussi je fais l'analyse win32kdiag. a plus tard. SysProt AntiRootkit v1.0.1.0 by swatkat ******************************************************************************** ********** ******************************************************************************** ********** No Hidden Processes found ******************************************************************************** ********** ******************************************************************************** ********** Kernel Modules: Module Name: \SystemRoot\System32\Drivers\spqn.sys Service Name: --- Module Base: 80698000 Module End: 80798000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\ajj01e9s.SYS Service Name: --- Module Base: 8F366000 Module End: 8F39C000 Hidden: Yes Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys Service Name: --- Module Base: 8AD0B000 Module End: 8ADD3000 Hidden: Yes ******************************************************************************** ********** ******************************************************************************** ********** No SSDT Hooks found ******************************************************************************** ********** ******************************************************************************** ********** No Kernel Hooks found ******************************************************************************** ********** ******************************************************************************** ********** IRP Hooks: Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_CREATE Jump To: 85F241F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 85F241F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 85F241F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8349095C Hooking Module: C:\Windows\System32\drivers\sfsync03.sys Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_POWER Jump To: 85F241F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\atapi.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 85F241F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 905A3478 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 905A3478 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_READ Jump To: 905A3478 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_WRITE Jump To: 905A3478 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 905A3478 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8349095C Hooking Module: C:\Windows\System32\drivers\sfsync03.sys Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_POWER Jump To: 905A3478 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 905A3478 Hooking Module: _unknown_ Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLOSE Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_READ Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_WRITE Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_EA Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_EA Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CLEANUP Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_SECURITY Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_POWER Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\sptd Hooked IRP: IRP_MJ_SET_QUOTA Jump To: 80699000 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 8798A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 8798A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 8798A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8798A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_POWER Jump To: 8798A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 8798A1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_CREATE Jump To: 834EA580 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 834EA580 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 834EA580 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8349095C Hooking Module: C:\Windows\System32\drivers\sfsync03.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_POWER Jump To: 834EA580 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 834EA580 Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_CREATE Jump To: 904631F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 904631F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 904631F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 904631F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\smb.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 904631F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CREATE Jump To: 9045F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 9045F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 9045F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 9045F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 9045F1F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_CREATE Jump To: 87B861F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 87B861F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 87B861F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 87B861F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_POWER Jump To: 87B861F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 87B861F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CREATE Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_READ Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_WRITE Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_POWER Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 87A33500 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS Hooked IRP: IRP_MJ_CREATE Jump To: 87B831F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS Hooked IRP: IRP_MJ_CLOSE Jump To: 87B831F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 87B831F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 8349095C Hooking Module: C:\Windows\System32\drivers\sfsync03.sys Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS Hooked IRP: IRP_MJ_POWER Jump To: 87B831F8 Hooking Module: _unknown_ Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 87B831F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_CREATE Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_READ Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_WRITE Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_CLEANUP Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_POWER Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\volmgr.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 855951F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CREATE Jump To: 879771F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_CLOSE Jump To: 879771F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 879771F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 879771F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_POWER Jump To: 879771F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 879771F8 Hooking Module: _unknown_ Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_CREATE Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_CLOSE Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_READ Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_WRITE Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_QUERY_INFORMATION Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_SET_INFORMATION Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_QUERY_EA Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_SET_EA Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_FLUSH_BUFFERS Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_DIRECTORY_CONTROL Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_DEVICE_CONTROL Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_SHUTDOWN Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_LOCK_CONTROL Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_CLEANUP Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_CREATE_MAILSLOT Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_QUERY_SECURITY Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_SET_SECURITY Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_POWER Jump To: 806A0E1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 806B5514 Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_DEVICE_CHANGE Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_QUERY_QUOTA Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: \Driver\PCI_PNP3543 Hooked IRP: IRP_MJ_SET_QUOTA Jump To: 806DCB1C Hooking Module: \SystemRoot\System32\Drivers\spqn.sys Hooked Module: C:\Windows\system32\drivers\msahci.sys Hooked IRP: IRP_MJ_POWER Jump To: 85F251F8 Hooking Module: _unknown_ Hooked Module: C:\Windows\system32\drivers\msahci.sys Hooked IRP: IRP_MJ_SYSTEM_CONTROL Jump To: 85F251F8 Hooking Module: _unknown_ ******************************************************************************** ********** ******************************************************************************** ********** No Ports found ******************************************************************************** ********** ******************************************************************************** ********** Hidden files/folders: Object: C:\System Volume Information\MountPointManagerRemoteDatabase Status: Access denied Object: C:\System Volume Information\SPP Status: Access denied Object: C:\System Volume Information\SystemRestore Status: Access denied Object: C:\System Volume Information\tracking.log Status: Access denied Object: C:\Users\Toum\AppData\Local\Microsoft\Messenger\toum_sthil@hotmail.fr\SharingMetadata\v_boch@msn.com\DFSR\Staging\CS{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}\01\10-{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}-v1-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v10-Downloade Status: Hidden Object: C:\Users\Toum\AppData\Local\Microsoft\Messenger\toum_sthil@hotmail.fr\SharingMetadata\v_boch@msn.com\DFSR\Staging\CS{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}\11\11-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v11-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v11-Download Status: Hidden Object: C:\Users\Toum\AppData\Local\Microsoft\Messenger\toum_sthil@hotmail.fr\SharingMetadata\v_boch@msn.com\DFSR\Staging\CS{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}\12\12-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v12-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v12-Download Status: Hidden Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl Status: Access denied Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl Status: Access denied
  25. Toum_
    Bon étant donner que rootrepeal plant sur le scan de fichier j'ai fait le reste, voici le rapport: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/22 16:01 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x85f251f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x85f231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x85f231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x85f231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x85f231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x85f231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85f231f8 Size: 121 Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x85f231f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_CREATE] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_CLOSE] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_READ] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_WRITE] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_SHUTDOWN] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_POWER] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_PNP] Process: System Address: 0x8702b1f8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: System Address: 0x86f72500 Size: 121 Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_CREATE] Process: System Address: 0x86f241f8 Size: 121 Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_CLOSE] Process: System Address: 0x86f241f8 Size: 121 Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f241f8 Size: 121 Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86f241f8 Size: 121 Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_POWER] Process: System Address: 0x86f241f8 Size: 121 Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86f241f8 Size: 121 Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_PNP] Process: System Address: 0x86f241f8 Size: 121 Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_CREATE] Process: System Address: 0x870611f8 Size: 121 Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_CLOSE] Process: System Address: 0x870611f8 Size: 121 Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x870611f8 Size: 121 Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x870611f8 Size: 121 Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_POWER] Process: System Address: 0x870611f8 Size: 121 Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x870611f8 Size: 121 Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_PNP] Process: System Address: 0x870611f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_CREATE] Process: System Address: 0x870c61f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_CLOSE] Process: System Address: 0x870c61f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x870c61f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x870c61f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_POWER] Process: System Address: 0x870c61f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x870c61f8 Size: 121 Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_PNP] Process: System Address: 0x870c61f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_READ] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP] Process: System Address: 0x851631f8 Size: 121 Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_CREATE] Process: System Address: 0x86f251f8 Size: 121 Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_CLOSE] Process: System Address: 0x86f251f8 Size: 121 Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f251f8 Size: 121 Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86f251f8 Size: 121 Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_POWER] Process: System Address: 0x86f251f8 Size: 121 Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86f251f8 Size: 121 Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_PNP] Process: System Address: 0x86f251f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_POWER] Process: System Address: 0x85f241f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x85f241f8 Size: 121 Object: Hidden Code [Driver: msahci, IRP_MJ_PNP] Process: System Address: 0x85f241f8 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CREATE] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLOSE] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_READ] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_WRITE] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SHUTDOWN] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLEANUP] Process: System Address: 0x8767a500 Size: 121 Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_PNP] Process: System Address: 0x8767a500 Size: 121 ==EOF== Merci à plus tard.
×
×
  • Créer...