Toum_
-
Compteur de contenus
58 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par Toum_
-
-
Salut Mark,
je suis toujours là je ne sais pas si tu a eu le fichier que tu m'a demander alors je le re-publie voilà le nouveau lien:
Merci à bientôt.
-
-
So allons-y de toutes façon sinon c'est la restauration totale...
Nageons dans ces fameuses eaux inconnues, quoi de plus rigolo pour un informaticien en herbe en mal de sensations fortes (je parle de moi lol)...
A bientôt
-
-
Hello Mark,
Me revoilà , navré pour mon absence prolongé, petit imprévu...
Voila j'ai suivi tes consigne, l'URL:
Merci a+
-
Non je n'ai pas modifié les permission, la dernière chose que j'ai installé est le pilote de carte graphique (je me suis rendu conte plus tard que nvidia déconseiller de l'installé sur un acer ressemblant au mien) et plus anciennement j'ai installé un jeu. Pour l'écran aucun choc violent je l'ai cassé en le portant. Les problèmes ne corresponde avec aucun évènement je crois.
lolA+ tard
-
Hello Mark,
Pour la restauration j'ai essayé à plusieurs date n'a marché qu'une fois et n'a rien changer, ça aurai été trop facile, en fait c'est la première chose que j'avais essayé lol.
Merci a+
-
Et voilà Subs.txt:
------ REGISTRY:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
- LocalService - nsi, lltdsvc, SSDPSRV, upnphost, SCardSvr, w32time, EventSystem, RemoteRegistry, WinHttpAutoProxySvc, lanmanworkstation, TBS, SLUINotify, THREADORDER, fdrespub, netprofm, fdphost, wcncsvc, QWAVE, Mcx2Svc, WebClient, SstpSvc
- LocalSystemNetworkRestricted - hidserv, UxSms, WdiSystemHost, Netman, trkwks, AudioEndpointBuilder, WUDFSvc, irmon, sysmain, IPBusEnum, dot3svc, PcaSvc, EMDMgmt, TabletInputService, wlansvc, WPDBusEnum
- NetworkServiceNetworkRestricted - PolicyAgent
- LocalServiceNoNetwork - PLA, DPS, BFE, mpssvc, ehstart
- NetworkService - CryptSvc, DHCP, TermService, KtmRm, DNSCache, NapAgent, nlasvc, WinRM, WECSVC, Tapisrv
- termsvcs - TermService
- WerSvcGroup - wersvc
- swprv - swprv
- LocalServiceNetworkRestricted - DHCP, eventlog, AudioSrv, LmHosts, wscsvc, p2pimsvc, PNRPSvc, p2psvc, WPCSvc, PnrpAutoReg
- rpcss - RpcSs
- regsvc - RemoteRegistry
- wcssvc - WcsPlugInService
- DcomLaunch - PlugPlay, DcomLaunch
- wdisvc - WdiServiceHost
- sdrsvc - sdrsvc
- imgsvc - StiSvc
- secsvcs - WinDefend
- bthsvcs - BthServ
- iissvcs - w3svc, was
- apphost - apphostsvc
- netsvcs - AeLookupSvc, wercplsupport, Themes, CertPropSvc, SCPolicySvc, lanmanserver, gpsvc, IKEEXT, AudioSrv, FastUserSwitchingCompatibility, Ias, Irmon, Nla, Ntmssvc, NWCWorkstation, Nwsapagent, Rasauto, Rasman, Remoteaccess, SENS, Sharedaccess, SRService, Tapisrv, Wmi, WmdmPmSp, TermService, wuauserv, BITS, ShellHWDetection, LogonHours, PCAudit, helpsvc, uploadmgr, iphlpsvc, seclogon, AppInfo, msiscsi, MMCSS, ProfSvc, EapHost, winmgmt, schedule, SessionEnv, browser, hkmsvc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\iissvcs
CoInitializeSecurityParam REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalService
AuthenticationCapabilities REG_DWORD 8192 (0x2000)
CoInitializeSecurityParam REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\LocalSystemNetworkRestricted
CoInitializeSecurityParam REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\netsvcs
AuthenticationCapabilities REG_DWORD 12320 (0x3020)
CoInitializeSecurityParam REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\NetworkService
CoInitializeSecurityParam REG_DWORD 1 (0x1)
DefaultRpcStackSize REG_DWORD 28 (0x1c)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\SDRSVC
CoInitializeSecurityParam REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\swprv
CoInitializeSecurityParam REG_DWORD 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\termsvcs
CoInitializeSecurityParam REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wcssvc
CoInitializeSecurityParam REG_DWORD 1 (0x1)
CoInitializeSecurityAppID REG_SZ {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\wercplsupport
AuthenticationCapabilities REG_DWORD 12320 (0x3020)
CoInitializeSecurityParam REG_DWORD 1 (0x1)
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0C:\Program Files\Acer\Acer Bio Protection\PwdFilter\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0
------ SVCHOST SERVICES NOT RUNNING
STOPPED: AUTO_START: BITS : Service de transfert intelligent en arrière-plan
STOPPED: AUTO_START: Dnscache : Client DNS
STOPPED: AUTO_START: dot3svc : Configuration automatique de réseau câblé
STOPPED: AUTO_START: Eventlog : Journal d’événements Windows
STOPPED: AUTO_START: FDResPub : Publication des ressources de découverte de fonctions
STOPPED: AUTO_START: IKEEXT : Modules de génération de clés IKE et AuthIP
STOPPED: AUTO_START: iphlpsvc : Assistance IP
STOPPED: AUTO_START: MpsSvc : Pare-feu Windows
STOPPED: AUTO_START: netprofm : Service Liste des réseaux
STOPPED: AUTO_START: NlaSvc : Connaissance des emplacements réseau
STOPPED: AUTO_START: PolicyAgent : Agent de stratégie IPsec
STOPPED: AUTO_START: RasAuto : Gestionnaire de connexion automatique d'accès distant
STOPPED: AUTO_START: RasMan : Gestionnaire de connexions d'accès distant
STOPPED: AUTO_START: Schedule : Planificateur de tâches
STOPPED: AUTO_START: SharedAccess : Partage de connexion Internet (ICS)
STOPPED: AUTO_START: SSDPSRV : Découverte SSDP
STOPPED: AUTO_START: TBS : Services de base de module de plateforme sécurisée
STOPPED: AUTO_START: W32Time : Horloge Windows
STOPPED: AUTO_START: WebClient : WebClient
STOPPED: AUTO_START: Wlansvc : Service de configuration automatique WLAN
STOPPED: DEMAND_START: Appinfo : Informations d'application
STOPPED: DEMAND_START: CertPropSvc : Propagation du certificat
STOPPED: DEMAND_START: CryptSvc : Services de chiffrement
STOPPED: DEMAND_START: hkmsvc : Gestion des clés et des certificats d'intégrité
STOPPED: DEMAND_START: IPBusEnum : Énumérateur de bus IP PnP-X
STOPPED: DEMAND_START: lltdsvc : Mappage de découverte de topologie de la couche de liaison
STOPPED: DEMAND_START: MSiSCSI : Service Initiateur iSCSI de Microsoft
STOPPED: DEMAND_START: napagent : Agent de protection d’accès réseau
STOPPED: DEMAND_START: p2pimsvc : Gestionnaire d'identité réseau homologue
STOPPED: DEMAND_START: p2psvc : Groupement de mise en réseau de pairs
STOPPED: DEMAND_START: pla : Journaux & alertes de performance
STOPPED: DEMAND_START: PNRPAutoReg : Service de publication des noms d’ordinateurs PNRP
STOPPED: DEMAND_START: PNRPsvc : Protocole de résolution de noms d'homologues
STOPPED: DEMAND_START: QWAVE : Expérience audio-vidéo haute qualité Windows
STOPPED: DEMAND_START: RemoteRegistry : Registre à distance
STOPPED: DEMAND_START: SCardSvr : Carte à puce
STOPPED: DEMAND_START: SCPolicySvc : Stratégie de retrait de la carte à puce
STOPPED: DEMAND_START: SDRSVC : Sauvegarde Windows
STOPPED: DEMAND_START: SessionEnv : Configuration des services Terminal Server
STOPPED: DEMAND_START: SLUINotify : Service de notification de l’interface utilisateur SL
STOPPED: DEMAND_START: SstpSvc : Service SSTP (Secure Socket Tunneling Protocol)
STOPPED: DEMAND_START: swprv : Fournisseur de cliché instantané de logiciel Microsoft
STOPPED: DEMAND_START: THREADORDER : Serveur de priorités des threads
STOPPED: DEMAND_START: upnphost : Hôte de périphérique UPnP
STOPPED: DEMAND_START: wcncsvc : Windows Connect Now - Registre de configuration
STOPPED: DEMAND_START: WcsPlugInService : Système de couleurs Windows
STOPPED: DEMAND_START: WdiServiceHost : Service hôte WDIServiceHost
STOPPED: DEMAND_START: Wecsvc : Collecteur d'événements de Windows
STOPPED: DEMAND_START: wercplsupport : Prise en charge de l’application Rapports et solutions aux problèmes du Panneau de configuration
STOPPED: DEMAND_START: WinHttpAutoProxySvc : Service de découverte automatique de Proxy Web pour les services HTTP Windows
STOPPED: DEMAND_START: WinRM : Gestion à distance de Windows (Gestion WSM)
STOPPED: DEMAND_START: WPCSvc : Contrôle parental
STOPPED: DISABLED: Mcx2Svc : Service Windows Media Center Extender
STOPPED: DISABLED: RemoteAccess : Routage et accès distant
------ SVCHOST CURRENTLY RUNNING:
808- C:\Windows\system32\svchost.exe -k DcomLaunch
- DcomLaunch : Lanceur de processus serveur DCOM
- PlugPlay : Plug-and-Play
880- C:\Windows\system32\svchost.exe -k rpcss
- RpcSs : Appel de procédure distante (RPC)
932- C:\Windows\System32\svchost.exe -k secsvcs
- WinDefend : Windows Defender
964- C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
- Audiosrv : Audio Windows
- Dhcp : Client DHCP
- lmhosts : Assistance NetBIOS sur TCP/IP
- wscsvc : Centre de sécurité
996- C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
- AudioEndpointBuilder : Générateur de points de terminaison du service Audio Windows
- EMDMgmt : Service ReadyBoost
- hidserv : Accès du périphérique d'interface utilisateur
- Netman : Connexions réseau
- PcaSvc : Service de l’Assistant Compatibilité des programmes
- SysMain : Superfetch
- TabletInputService : Service Panneau de saisie Tablet PC
- TrkWks : Client de suivi de lien distribué
- UxSms : Gestionnaire de sessions du Gestionnaire de fenêtrage
- WdiSystemHost : Hôte système de diagnostics
- WPDBusEnum : Service Énumérateur d’appareil mobile
- wudfsvc : Windows Driver Foundation - Infrastructure de pilote mode-utilisateur
1052- C:\Windows\system32\svchost.exe -k netsvcs
- AeLookupSvc : Expérience d’application
- Browser : Explorateur d'ordinateurs
- EapHost : Protocole EAP (Extensible Authentication Protocol)
- gpsvc : Client de stratégie de groupe
- LanmanServer : Serveur
- MMCSS : Planificateur de classes multimédias
- ProfSvc : Service de profil utilisateur
- seclogon : Ouverture de session secondaire
- SENS : Service de notification d’événements système
- ShellHWDetection : Détection matériel noyau
- Themes : Thèmes
- Winmgmt : Infrastructure de gestion Windows
1180- C:\Windows\system32\svchost.exe -k LocalService
- EventSystem : Système d'événement COM+
- fdPHost : Hôte du fournisseur de découverte de fonctions
- LanmanWorkstation : Station de travail
- nsi : Service Interface du magasin réseau
1968- C:\Windows\system32\svchost.exe -k NetworkService
- TapiSrv : Téléphonie
- TermService : Services Terminal Server
1196- C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
- BFE : Moteur de filtrage de base
- DPS : Service de stratégie de diagnostic
- ehstart : Lanceur des services Windows Media Center
1756- C:\Windows\system32\svchost.exe -k apphost
- AppHostSvc : Application Host Helper Service
1996- C:\Windows\system32\svchost.exe -k bthsvcs
- BthServ : Service de prise en charge Bluetooth
2392- C:\Windows\system32\svchost.exe -k imgsvc
- stisvc : Acquisition d'image Windows (WIA)
2448- C:\Windows\system32\svchost.exe -k iissvcs
- W3SVC : Service de publication World Wide Web
- WAS : Service d'activation des processus Windows
2460- C:\Windows\System32\svchost.exe -k WerSvcGroup
- WerSvc : Service de rapport d'erreurs Windows
------ SVCHOST SUB-DEPENDENTS
nsi = 12
RUNNING: Browser: Explorateur d'ordinateurs
RUNNING: LanmanWorkstation: Station de travail
RUNNING: Netman: Connexions réseau
START_PENDING: Dhcp: Client DHCP
STOPPED: iphlpsvc: Assistance IP
STOPPED: Netlogon: Netlogon
STOPPED: netprofm: Service Liste des réseaux
STOPPED: NlaSvc: Connaissance des emplacements réseau
STOPPED: SessionEnv: Configuration des services Terminal Server
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL
STOPPED: WinHttpAutoProxySvc: Service de découverte automatique de Proxy Web pour les services HTTP Windows
SSDPSRV = 3
STOPPED: Mcx2Svc: Service Windows Media Center Extender
STOPPED: upnphost: Hôte de périphérique UPnP
STOPPED: WMPNetworkSvc: Service Partage réseau du Lecteur Windows Media
upnphost = 1
STOPPED: WMPNetworkSvc: Service Partage réseau du Lecteur Windows Media
EventSystem = 5
START_PENDING: SENS: Service de notification d’événements système
STOPPED: BITS: Service de transfert intelligent en arrière-plan
STOPPED: COMSysApp: Application système COM+
STOPPED: DFSR: Réplication DFS
STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL
lanmanworkstation = 3
RUNNING: Browser: Explorateur d'ordinateurs
STOPPED: Netlogon: Netlogon
STOPPED: SessionEnv: Configuration des services Terminal Server
netprofm = 1
STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL
fdphost = 2
STOPPED: IPBusEnum: Énumérateur de bus IP PnP-X
STOPPED: Mcx2Svc: Service Windows Media Center Extender
SstpSvc = 4
STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant
STOPPED: RasMan: Gestionnaire de connexions d'accès distant
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
Netman = 1
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
AudioEndpointBuilder = 1
RUNNING: Audiosrv: Audio Windows
IPBusEnum = 1
STOPPED: Mcx2Svc: Service Windows Media Center Extender
BFE = 6
STOPPED: IKEEXT: Modules de génération de clés IKE et AuthIP
STOPPED: MpsSvc: Pare-feu Windows
STOPPED: PolicyAgent: Agent de stratégie IPsec
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
STOPPED: Wecsvc: Collecteur d'événements de Windows
mpssvc = 1
STOPPED: Wecsvc: Collecteur d'événements de Windows
DHCP = 1
STOPPED: WinHttpAutoProxySvc: Service de découverte automatique de Proxy Web pour les services HTTP Windows
TermService = 1
STOPPED: Mcx2Svc: Service Windows Media Center Extender
nlasvc = 2
STOPPED: netprofm: Service Liste des réseaux
STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL
Tapisrv = 4
STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant
STOPPED: RasMan: Gestionnaire de connexions d'accès distant
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
TermService = 1
STOPPED: Mcx2Svc: Service Windows Media Center Extender
lanmanserver = 1
RUNNING: Browser: Explorateur d'ordinateurs
Rasman = 3
STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
SENS = 1
STOPPED: COMSysApp: Application système COM+
Tapisrv = 4
STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant
STOPPED: RasMan: Gestionnaire de connexions d'accès distant
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
TermService = 1
STOPPED: Mcx2Svc: Service Windows Media Center Extender
ShellHWDetection = 1
RUNNING: stisvc: Acquisition d'image Windows (WIA)
MMCSS = 1
RUNNING: Audiosrv: Audio Windows
ProfSvc = 1
STOPPED: Appinfo: Informations d'application
EapHost = 2
STOPPED: dot3svc: Configuration automatique de réseau câblé
STOPPED: Wlansvc: Service de configuration automatique WLAN
winmgmt = 3
RUNNING: wscsvc: Centre de sécurité
STOPPED: iphlpsvc: Assistance IP
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
DHCP = 1
STOPPED: WinHttpAutoProxySvc: Service de découverte automatique de Proxy Web pour les services HTTP Windows
eventlog = 3
STOPPED: Schedule: Planificateur de tâches
STOPPED: usnjsvc: Service Messenger Sharing Folders USN Journal Reader
STOPPED: Wecsvc: Collecteur d'événements de Windows
p2pimsvc = 3
STOPPED: p2psvc: Groupement de mise en réseau de pairs
STOPPED: PNRPAutoReg: Service de publication des noms d’ordinateurs PNRP
STOPPED: PNRPsvc: Protocole de résolution de noms d'homologues
PNRPSvc = 2
STOPPED: p2psvc: Groupement de mise en réseau de pairs
STOPPED: PNRPAutoReg: Service de publication des noms d’ordinateurs PNRP
RpcSs = 86
RUNNING: Audiosrv: Audio Windows
RUNNING: BFE: Moteur de filtrage de base
RUNNING: Browser: Explorateur d'ordinateurs
RUNNING: BthServ: Service de prise en charge Bluetooth
RUNNING: CLHNService: CLHNService
RUNNING: EapHost: Protocole EAP (Extensible Authentication Protocol)
RUNNING: EMDMgmt: Service ReadyBoost
RUNNING: EventSystem: Système d'événement COM+
RUNNING: fdPHost: Hôte du fournisseur de découverte de fonctions
RUNNING: gpsvc: Client de stratégie de groupe
RUNNING: gusvc: Google Software Updater
RUNNING: KeyIso: Isolation de clé CNG
RUNNING: KtmRm: Service KtmRm pour Distributed Transaction Coordinator
RUNNING: LanmanServer: Serveur
RUNNING: Nero BackItUp Scheduler 4.0: Nero BackItUp Scheduler 4.0
RUNNING: Netman: Connexions réseau
RUNNING: PcaSvc: Service de l’Assistant Compatibilité des programmes
RUNNING: ProfSvc: Service de profil utilisateur
RUNNING: RichVideo: Cyberlink RichVideo Service(CRVS)
RUNNING: SamSs: Gestionnaire de comptes de sécurité
RUNNING: ShellHWDetection: Détection matériel noyau
RUNNING: slsvc: Licence du logiciel
RUNNING: Spooler: Spouleur d'impression
RUNNING: stisvc: Acquisition d'image Windows (WIA)
RUNNING: SysMain: Superfetch
RUNNING: TabletInputService: Service Panneau de saisie Tablet PC
RUNNING: TapiSrv: Téléphonie
RUNNING: TermService: Services Terminal Server
RUNNING: TrkWks: Client de suivi de lien distribué
RUNNING: W3SVC: Service de publication World Wide Web
RUNNING: WAS: Service d'activation des processus Windows
RUNNING: WinDefend: Windows Defender
RUNNING: Winmgmt: Infrastructure de gestion Windows
RUNNING: WPDBusEnum: Service Énumérateur d’appareil mobile
RUNNING: wscsvc: Centre de sécurité
RUNNING: WSearch: Windows Search
START_PENDING: SENS: Service de notification d’événements système
STOPPED: Appinfo: Informations d'application
STOPPED: BITS: Service de transfert intelligent en arrière-plan
STOPPED: CertPropSvc: Propagation du certificat
STOPPED: COMSysApp: Application système COM+
STOPPED: CryptSvc: Services de chiffrement
STOPPED: DFSR: Réplication DFS
STOPPED: dot3svc: Configuration automatique de réseau câblé
STOPPED: ehRecvr: Service de réception Windows Media Center
STOPPED: ehSched: Service de planification Windows Media Center
STOPPED: ehstart: Lanceur des services Windows Media Center
STOPPED: FDResPub: Publication des ressources de découverte de fonctions
STOPPED: gupdate1c9e234d8a4de30: Service Google Update (gupdate1c9e234d8a4de30)
STOPPED: hkmsvc: Gestion des clés et des certificats d'intégrité
STOPPED: IKEEXT: Modules de génération de clés IKE et AuthIP
STOPPED: IPBusEnum: Énumérateur de bus IP PnP-X
STOPPED: iphlpsvc: Assistance IP
STOPPED: iPod Service: Service de l’iPod
STOPPED: lltdsvc: Mappage de découverte de topologie de la couche de liaison
STOPPED: Mcx2Svc: Service Windows Media Center Extender
STOPPED: MpsSvc: Pare-feu Windows
STOPPED: MSDTC: Coordinateur de transactions distribuées
STOPPED: msiserver: Windows Installer
STOPPED: napagent: Agent de protection d’accès réseau
STOPPED: netprofm: Service Liste des réseaux
STOPPED: NlaSvc: Connaissance des emplacements réseau
STOPPED: pla: Journaux & alertes de performance
STOPPED: PolicyAgent: Agent de stratégie IPsec
STOPPED: ProtectedStorage: Emplacement protégé
STOPPED: QWAVE: Expérience audio-vidéo haute qualité Windows
STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant
STOPPED: RasMan: Gestionnaire de connexions d'accès distant
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: RemoteRegistry: Registre à distance
STOPPED: Schedule: Planificateur de tâches
STOPPED: SCPolicySvc: Stratégie de retrait de la carte à puce
STOPPED: SDRSVC: Sauvegarde Windows
STOPPED: SessionEnv: Configuration des services Terminal Server
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL
STOPPED: swprv: Fournisseur de cliché instantané de logiciel Microsoft
STOPPED: usnjsvc: Service Messenger Sharing Folders USN Journal Reader
STOPPED: vds: Disque virtuel
STOPPED: VSS: Cliché instantané de volume
STOPPED: wcncsvc: Windows Connect Now - Registre de configuration
STOPPED: WcsPlugInService: Système de couleurs Windows
STOPPED: Wecsvc: Collecteur d'événements de Windows
STOPPED: WinRM: Gestion à distance de Windows (Gestion WSM)
STOPPED: Wlansvc: Service de configuration automatique WLAN
STOPPED: WPCSvc: Contrôle parental
PlugPlay = 11
RUNNING: AudioEndpointBuilder: Générateur de points de terminaison du service Audio Windows
RUNNING: Audiosrv: Audio Windows
RUNNING: TabletInputService: Service Panneau de saisie Tablet PC
RUNNING: TapiSrv: Téléphonie
RUNNING: wudfsvc: Windows Driver Foundation - Infrastructure de pilote mode-utilisateur
STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant
STOPPED: RasMan: Gestionnaire de connexions d'accès distant
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: SCardSvr: Carte à puce
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
STOPPED: vds: Disque virtuel
DcomLaunch = 87
RUNNING: Audiosrv: Audio Windows
RUNNING: BFE: Moteur de filtrage de base
RUNNING: Browser: Explorateur d'ordinateurs
RUNNING: BthServ: Service de prise en charge Bluetooth
RUNNING: CLHNService: CLHNService
RUNNING: EapHost: Protocole EAP (Extensible Authentication Protocol)
RUNNING: EMDMgmt: Service ReadyBoost
RUNNING: EventSystem: Système d'événement COM+
RUNNING: fdPHost: Hôte du fournisseur de découverte de fonctions
RUNNING: gpsvc: Client de stratégie de groupe
RUNNING: gusvc: Google Software Updater
RUNNING: KeyIso: Isolation de clé CNG
RUNNING: KtmRm: Service KtmRm pour Distributed Transaction Coordinator
RUNNING: LanmanServer: Serveur
RUNNING: Nero BackItUp Scheduler 4.0: Nero BackItUp Scheduler 4.0
RUNNING: Netman: Connexions réseau
RUNNING: PcaSvc: Service de l’Assistant Compatibilité des programmes
RUNNING: ProfSvc: Service de profil utilisateur
RUNNING: RichVideo: Cyberlink RichVideo Service(CRVS)
RUNNING: RpcSs: Appel de procédure distante (RPC)
RUNNING: SamSs: Gestionnaire de comptes de sécurité
RUNNING: ShellHWDetection: Détection matériel noyau
RUNNING: slsvc: Licence du logiciel
RUNNING: Spooler: Spouleur d'impression
RUNNING: stisvc: Acquisition d'image Windows (WIA)
RUNNING: SysMain: Superfetch
RUNNING: TabletInputService: Service Panneau de saisie Tablet PC
RUNNING: TapiSrv: Téléphonie
RUNNING: TermService: Services Terminal Server
RUNNING: TrkWks: Client de suivi de lien distribué
RUNNING: W3SVC: Service de publication World Wide Web
RUNNING: WAS: Service d'activation des processus Windows
RUNNING: WinDefend: Windows Defender
RUNNING: Winmgmt: Infrastructure de gestion Windows
RUNNING: WPDBusEnum: Service Énumérateur d’appareil mobile
RUNNING: wscsvc: Centre de sécurité
RUNNING: WSearch: Windows Search
START_PENDING: SENS: Service de notification d’événements système
STOPPED: Appinfo: Informations d'application
STOPPED: BITS: Service de transfert intelligent en arrière-plan
STOPPED: CertPropSvc: Propagation du certificat
STOPPED: COMSysApp: Application système COM+
STOPPED: CryptSvc: Services de chiffrement
STOPPED: DFSR: Réplication DFS
STOPPED: dot3svc: Configuration automatique de réseau câblé
STOPPED: ehRecvr: Service de réception Windows Media Center
STOPPED: ehSched: Service de planification Windows Media Center
STOPPED: ehstart: Lanceur des services Windows Media Center
STOPPED: FDResPub: Publication des ressources de découverte de fonctions
STOPPED: gupdate1c9e234d8a4de30: Service Google Update (gupdate1c9e234d8a4de30)
STOPPED: hkmsvc: Gestion des clés et des certificats d'intégrité
STOPPED: IKEEXT: Modules de génération de clés IKE et AuthIP
STOPPED: IPBusEnum: Énumérateur de bus IP PnP-X
STOPPED: iphlpsvc: Assistance IP
STOPPED: iPod Service: Service de l’iPod
STOPPED: lltdsvc: Mappage de découverte de topologie de la couche de liaison
STOPPED: Mcx2Svc: Service Windows Media Center Extender
STOPPED: MpsSvc: Pare-feu Windows
STOPPED: MSDTC: Coordinateur de transactions distribuées
STOPPED: msiserver: Windows Installer
STOPPED: napagent: Agent de protection d’accès réseau
STOPPED: netprofm: Service Liste des réseaux
STOPPED: NlaSvc: Connaissance des emplacements réseau
STOPPED: pla: Journaux & alertes de performance
STOPPED: PolicyAgent: Agent de stratégie IPsec
STOPPED: ProtectedStorage: Emplacement protégé
STOPPED: QWAVE: Expérience audio-vidéo haute qualité Windows
STOPPED: RasAuto: Gestionnaire de connexion automatique d'accès distant
STOPPED: RasMan: Gestionnaire de connexions d'accès distant
STOPPED: RemoteAccess: Routage et accès distant
STOPPED: RemoteRegistry: Registre à distance
STOPPED: Schedule: Planificateur de tâches
STOPPED: SCPolicySvc: Stratégie de retrait de la carte à puce
STOPPED: SDRSVC: Sauvegarde Windows
STOPPED: SessionEnv: Configuration des services Terminal Server
STOPPED: SharedAccess: Partage de connexion Internet (ICS)
STOPPED: SLUINotify: Service de notification de l’interface utilisateur SL
STOPPED: swprv: Fournisseur de cliché instantané de logiciel Microsoft
STOPPED: usnjsvc: Service Messenger Sharing Folders USN Journal Reader
STOPPED: vds: Disque virtuel
STOPPED: VSS: Cliché instantané de volume
STOPPED: wcncsvc: Windows Connect Now - Registre de configuration
STOPPED: WcsPlugInService: Système de couleurs Windows
STOPPED: Wecsvc: Collecteur d'événements de Windows
STOPPED: WinRM: Gestion à distance de Windows (Gestion WSM)
STOPPED: Wlansvc: Service de configuration automatique WLAN
STOPPED: WPCSvc: Contrôle parental
was = 1
RUNNING: W3SVC: Service de publication World Wide Web
et log1.txt:
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
Folder: C:\Windows
Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
PC-DE-TOUM\Administrateurs
Allowed Full Control This Folder/File Only (Inherited)
PC-DE-TOUM\Administrateurs
Allowed Special (Unknown) Subfolders and Files only (Inherited)
AUTORITE NT\SYSTEM
Allowed Full Control This Folder/File Only (Inherited)
AUTORITE NT\SYSTEM
Allowed Special (Unknown) Subfolders and Files only (Inherited)
PC-DE-TOUM\Utilisateurs
Allowed Read and Execute This Folder, Subfolders and Files (Inherited)
AUTORITE NT\Utilisateurs authentifiés
Allowed Modify This Folder/File Only (Inherited)
AUTORITE NT\Utilisateurs authentifiés
Allowed Special (A) Subfolders and Files only (Inherited)
No Auditing set
Owner: S-1-5-21-1715567821-1500820517-839522115-1003 (\S-1-5-21-1715567821-1500820517-839522115-1003)
Merci A+
-
Salut Mark,
ravi de faire parti des premiers privilégiés infectés, lol...
Non sans blague merci pour ton aide, bon courage et à bientôt.
Toum
-
Bonjour Mark,
Voici le rapport générer:
SteelWerX Extended Configuration Access Control Lists
Written by Bobbi Flekman 2006 ©
*******************************************************************************
File: C:\Windows\System32\svchost.exe
Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NT SERVICE\TrustedInstaller
Allowed Full Control This Folder/File Only
PC-DE-TOUM\Administrateurs
Allowed Read and Execute This Folder/File Only
AUTORITE NT\SYSTEM
Allowed Read and Execute This Folder/File Only
PC-DE-TOUM\Utilisateurs
Allowed Read and Execute This Folder/File Only
Auditing:
*******************************************************************************
Username
Type Access Inheritance
*******************************************************************************
\Tout le monde
All Special (DCA9532) This Folder/File Only
Owner: TrustedInstaller (NT SERVICE\TrustedInstaller)
Merci A+
Toum
-
Ça marche.
Merci beaucoup pour ton aide.
-
J'ai désinstaller Avast et suivi tes instruction toujours le même message d'erreur pour combofix.
Je n'ai que ce disque externe pour les transferts.
Les services qui ne démarre pas sont par exemple celui qui gère internet ou celui qui gère le centre de sécurité il n'y à pas de messages d'erreur car le services qui gère ces messages ne démarre pas non plus.
Merci à plus tard
-
J'ai trouvé comment restaurer l'ordi mais aux parametres usines.
-
Oh fait je ne sais pas ce qu'est la partition de recouvrement acer, elle est dans les outils systèmes?
A+ merci
-
Hello Mark,
Oui je n'ai toujours pas de connexion ni avast et plein de services windows n'arrive pas à démarer, j'ai juste changer le pilotes de la carte graphique mais je ne crois pas avoir fais d'autres grosse modifications (ormis avoir pété l'écran
).Tu m'a parlé de problemss dans ton dernier messages genre Starforce, dois-je suprimer certain fichier ou autres?
Merci, soigne toi bien.
-
Bonsoir Mark, merci pour ton aide,
alors voici le rapport exehelper:
exeHelper by Raktor
Build 20091021
Run at 19:55:05 on 10/23/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Concernat combofix toujours le meme message d'erreur: some instalation files are corrupt, please download a fresh version and retry"
et concernant les cd de windows je n'avais pas gravé les cd quand windows me l'a proposé mais je n'ai pas eu de cd windows avec l'ordi quand je l'ai acheté légalement avec une version de windows tout aussi légale (lol).
Merci à plus tard
-
Y aurai t'il un autre moyens pour suprimer ce processus?
Merci
-
je n'arrive pas a supprimer le processus dans sysprot.
Message:
Failed to disable driver/service
-
voila:
Running from: C:\Users\Toum\Desktop\win32kdiag.exe
Log file at : C:\Users\Toum\Desktop\Win32kDiag.txt
Removing all found mount points.
Attempting to reset file permissions.
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\bthservsdp.dat
Attempting to restore permissions of : C:\Windows\bthservsdp.dat
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Finished!
-
Il ne parvient pas à désactiver "ajj01e9s.SYS
Comment faire?
Merci
-
Pour sysprot je clique sur disable pour tous les "kernel modules" en rouge?
-
Le rapport win32kdiag:
unning from: C:\Users\Toum\Desktop\Win32kDiag.exe
Log file at : C:\Users\Toum\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\Windows'...
Cannot access: C:\Windows\bthservsdp.dat
[1] 2009-10-22 15:06:18 12 C:\Windows\bthservsdp.dat ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
[1] 2009-10-22 18:16:20 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
[1] 2009-10-22 18:17:06 21896 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
[1] 2009-10-22 18:22:12 274960 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
[1] 2009-10-22 18:25:39 525368 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()
Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
[1] 2009-10-22 18:13:47 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()
Finished!
A priori ça n'a pas marché non plus...
-
voila le rapport sysprot, je crois qu'il à planter aussi je fais l'analyse win32kdiag.
a plus tard.
SysProt AntiRootkit v1.0.1.0
by swatkat
********************************************************************************
**********
********************************************************************************
**********
No Hidden Processes found
********************************************************************************
**********
********************************************************************************
**********
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\spqn.sys
Service Name: ---
Module Base: 80698000
Module End: 80798000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\ajj01e9s.SYS
Service Name: ---
Module Base: 8F366000
Module End: 8F39C000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: 8AD0B000
Module End: 8ADD3000
Hidden: Yes
********************************************************************************
**********
********************************************************************************
**********
No SSDT Hooks found
********************************************************************************
**********
********************************************************************************
**********
No Kernel Hooks found
********************************************************************************
**********
********************************************************************************
**********
IRP Hooks:
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 85F241F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 85F241F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 85F241F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8349095C
Hooking Module: C:\Windows\System32\drivers\sfsync03.sys
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85F241F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\atapi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85F241F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 905A3478
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 905A3478
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 905A3478
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 905A3478
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 905A3478
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8349095C
Hooking Module: C:\Windows\System32\drivers\sfsync03.sys
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 905A3478
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 905A3478
Hooking Module: _unknown_
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLOSE
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_READ
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_WRITE
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_EA
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_POWER
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\sptd
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 80699000
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8798A1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8798A1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8798A1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8798A1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8798A1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbuhci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8798A1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 834EA580
Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 834EA580
Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 834EA580
Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8349095C
Hooking Module: C:\Windows\System32\drivers\sfsync03.sys
Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 834EA580
Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 834EA580
Hooking Module: C:\Windows\system32\DRIVERS\iaStor.sys
Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 904631F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 904631F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 904631F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 904631F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\smb.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 904631F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 9045F1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 9045F1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 9045F1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 9045F1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\System32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 9045F1F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 87B861F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87B861F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87B861F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87B861F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 87B861F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\msiscsi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87B861F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87A33500
Hooking Module: _unknown_
Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 87B831F8
Hooking Module: _unknown_
Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 87B831F8
Hooking Module: _unknown_
Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 87B831F8
Hooking Module: _unknown_
Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8349095C
Hooking Module: C:\Windows\System32\drivers\sfsync03.sys
Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 87B831F8
Hooking Module: _unknown_
Hooked Module: \SystemRoot\System32\Drivers\ajj01e9s.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 87B831F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_READ
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\volmgr.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 855951F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 879771F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 879771F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 879771F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 879771F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 879771F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 879771F8
Hooking Module: _unknown_
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_CREATE
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_CLOSE
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_READ
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_WRITE
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_SET_EA
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_POWER
Jump To: 806A0E1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 806B5514
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: \Driver\PCI_PNP3543
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 806DCB1C
Hooking Module: \SystemRoot\System32\Drivers\spqn.sys
Hooked Module: C:\Windows\system32\drivers\msahci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 85F251F8
Hooking Module: _unknown_
Hooked Module: C:\Windows\system32\drivers\msahci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 85F251F8
Hooking Module: _unknown_
********************************************************************************
**********
********************************************************************************
**********
No Ports found
********************************************************************************
**********
********************************************************************************
**********
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied
Object: C:\System Volume Information\SPP
Status: Access denied
Object: C:\System Volume Information\SystemRestore
Status: Access denied
Object: C:\System Volume Information\tracking.log
Status: Access denied
Object: C:\Users\Toum\AppData\Local\Microsoft\Messenger\toum_sthil@hotmail.fr\SharingMetadata\v_boch@msn.com\DFSR\Staging\CS{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}\01\10-{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}-v1-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v10-Downloade
Status: Hidden
Object: C:\Users\Toum\AppData\Local\Microsoft\Messenger\toum_sthil@hotmail.fr\SharingMetadata\v_boch@msn.com\DFSR\Staging\CS{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}\11\11-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v11-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v11-Download
Status: Hidden
Object: C:\Users\Toum\AppData\Local\Microsoft\Messenger\toum_sthil@hotmail.fr\SharingMetadata\v_boch@msn.com\DFSR\Staging\CS{EB1CC4E6-EB02-4ED2-5449-412DC1D34BEE}\12\12-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v12-{BB6EA45E-8854-4F87-959E-9C9E70D3A236}-v12-Download
Status: Hidden
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl
Status: Access denied
-
Bon étant donner que rootrepeal plant sur le scan de fichier j'ai fait le reste, voici le rapport:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/22 16:01
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================
Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x85f251f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x85f231f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x85f231f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85f231f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85f231f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x85f231f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85f231f8 Size: 121
Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x85f231f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_CREATE]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_CLOSE]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_READ]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_WRITE]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_POWER]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: cdrom贼梑贼, IRP_MJ_PNP]
Process: System Address: 0x8702b1f8 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86f72500 Size: 121
Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_CREATE]
Process: System Address: 0x86f241f8 Size: 121
Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_CLOSE]
Process: System Address: 0x86f241f8 Size: 121
Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f241f8 Size: 121
Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f241f8 Size: 121
Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_POWER]
Process: System Address: 0x86f241f8 Size: 121
Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f241f8 Size: 121
Object: Hidden Code [Driver: usbuhcinП牄朰譧뒈贱, IRP_MJ_PNP]
Process: System Address: 0x86f241f8 Size: 121
Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_CREATE]
Process: System Address: 0x870611f8 Size: 121
Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_CLOSE]
Process: System Address: 0x870611f8 Size: 121
Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x870611f8 Size: 121
Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x870611f8 Size: 121
Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_POWER]
Process: System Address: 0x870611f8 Size: 121
Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x870611f8 Size: 121
Object: Hidden Code [Driver: alk4amooП牄朰譧誈譧, IRP_MJ_PNP]
Process: System Address: 0x870611f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_CREATE]
Process: System Address: 0x870c61f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_CLOSE]
Process: System Address: 0x870c61f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x870c61f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x870c61f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_POWER]
Process: System Address: 0x870c61f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x870c61f8 Size: 121
Object: Hidden Code [Driver: iScsiPrtЃ潉†TermDD, IRP_MJ_PNP]
Process: System Address: 0x870c61f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x851631f8 Size: 121
Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_CREATE]
Process: System Address: 0x86f251f8 Size: 121
Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_CLOSE]
Process: System Address: 0x86f251f8 Size: 121
Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f251f8 Size: 121
Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f251f8 Size: 121
Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_POWER]
Process: System Address: 0x86f251f8 Size: 121
Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f251f8 Size: 121
Object: Hidden Code [Driver: Ѕ瑎硦, IRP_MJ_PNP]
Process: System Address: 0x86f251f8 Size: 121
Object: Hidden Code [Driver: msahci, IRP_MJ_POWER]
Process: System Address: 0x85f241f8 Size: 121
Object: Hidden Code [Driver: msahci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85f241f8 Size: 121
Object: Hidden Code [Driver: msahci, IRP_MJ_PNP]
Process: System Address: 0x85f241f8 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CREATE]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLOSE]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_READ]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_WRITE]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_CLEANUP]
Process: System Address: 0x8767a500 Size: 121
Object: Hidden Code [Driver: cdfsІ癅, IRP_MJ_PNP]
Process: System Address: 0x8767a500 Size: 121
==EOF==
Merci à plus tard.
Gros problèmes, Virus?
dans Analyses et éradication malwares
Posté(e)
Bonsoir Mark et Pear.
Je publie à nouveau le lien sur senduit avant d'envisager une restauration totale si je n'ai toujours pas de réponse.
http://senduit.com/2775d7
Merci pour votre aide.
A bientôt.