Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Security warning : application cannot be executed, the file .....exe.is infected

bagneki

Par bagneki
dans Analyses et éradication malwares

 Partager

Messages recommandés

no.ppp Extrem Member

no.ppp

Posté(e)
Posté(e) (modifié)

Salut,

 

Tu peux supprimer rkill et TDSSKiller qui n'ont rien révélé.

 

En revanche, je t'ai donné une instruction "fausse" qui n'a rien supprimé.

 

080821120923886402.pngNote: Pour le téléchargement ci-dessous, si tu utilises Firefox, fais un clic droit sur le lien et choisis "Enregistrer sous"

 

 

Télécharge Scan.txt sur ton Bureau depuis: senduit | Share easily.

 

Fais un double clic sur le fichier OTH pour le lancer, puis clique sur Kill All Processes. Le Bureau va être vidé.

 

OTH_Main.gif

 

Clique ensuite sur Start OTL. OTL va s'exécuter.

 

  • Fais un double clic dans la zone blanche située sous Personnalisation. Il y a ouverture d'une petite fenêtre "OTL" te demandant si tu veux charger une analyse personnalisée depuis un fichier. Clique sur le bouton Ok.
    Dans la fenêtre Ouvrir, navigue jusqu'au fichier Scan.txt que tu as téléchargé et sélectionne-le
     
  • Clique sur le bouton Correction. Ne modifie aucun paramètre sauf indication particulière. L'analyse ne va pas durer longtemps.
  • Lorsque l'analyse est terminée, copie-colle le contenu du rapport.

 

La différence avec mon post précédent est qu'il te faut cliquer sur Correction et non Analyse rapide. :P

 

 

EDIT orthographique

Modifié par no.ppp

bagneki Member

bagneki

Posté(e)
  • Auteur
Posté(e)

bonsoir no.pp et merci pour tous tes conseils.

 

apres avoirs suivis les detail tel que tu l'a dis, a la fin du process de correction un message est apparut me demandant de redemarrer l'ordinateur ; ce que j'ai fais. mais apres cela, un message de windows apparait au demarrage me demandant la cle d'activation de mon windows vista. j'ai acheter cet ordinateur portable dans un magasin il y'a deux ans avec le systeme vista deja preablement installer. je ne sais pas quoi faire maintenant .

quand j'accede a mon bureau je n'arrive pas a trouver le rapport d'analyse que tu demandes. quand je clique sur le fichier OTL j'ai le rapport que je t'ai envoyer precedement dans mon post.de meme qund je clique sur scan note j'ai toujours le rapport precedent. je ne sais pas comment faire pour retrouver les nouveaux rapports

bagneki Member

bagneki

Posté(e)
  • Auteur
Posté(e)

bonjour No.pp et une fois de plus merci.

comme je le disais dans mon precedent post, apres avoir effectuer le process de correction tel que demander, je me retrouve dans cette situation

 

1- au redemerage windows me demande la cle d'activation de mon vista pretestant que c'est qui est installer n'est pas authentique.

l'ecran de mon bureau est devenue noir

 

2- je ne sais pas quoi faire pour retrouver le rapport de scan text effectuer avec OTL correction.

 

 

j'ai fais aussi une analyse avec mbam avec le nouveau compte utulisateur que j'ai ouvert afin d'acceder a internet et de pouvoir communiquer avec vous, voici le rapportt que j'obtiens

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4217

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18928

 

6/22/2010 3:52:52 AM

mbam-log-2010-06-22 (03-52-52).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 343658

Time elapsed: 2 hour(s), 36 minute(s), 43 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 6

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{629cd6c2-e4c5-4554-aeb8-12e4e2cd40ff} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f5b8c69c-9b45-4a6a-9380-df225c546ae7} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{342168f8-ae4a-41e8-a6b5-8fb9fecbef37} (Adware.DoubleD) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Gameztar Toolbar (Adware.Gameztar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\ProgramData\~0\Setup.exe (Adware.DoubleD) -> Quarantined and deleted successfully.

C:\Users\hugues\AppData\Local\Temp\030e1c11.exe (Trojan.Alureon) -> Quarantined and deleted successfully.

C:\Users\hugues\AppData\Local\Temp\6ed50c20.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\hugues\Documents\hugo\attachments.13zip\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

C:\Users\hugues\Documents\hugo - Copy\attachments.13zip\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

 

merci une fois de plus pour votre aide.

no.ppp Extrem Member

no.ppp

Posté(e)
Posté(e)

Salut,

 

Le rapport MBAM signale la présence de Alureon, ce qui ne présage rien de bien bon. Afin de confirmer ceci, passe ces 2 outils.

 

080821120923886402.png Télécharge TDSSKiller.zip de Kaspersky sur ton Bureau.

 


  •  
  • Décompresse-le. (clic droit/extraire ici).
  • Ouvre le dossier si la décompression a donné un répertoire TDSSKiller.
  • Double-clique sur TDSSKiller.exe
  • A la fin de l'exécution, appuie sur une touche comme demandé pour fermer la fenêtre.
  • Si un reboot est demandé, accepte en tapant Y (yes) et valide avec Enter.

 

NB: Pendant la procédure, si TDSSKiller fait apparaître ce message:

 

  Citation
Hidden service detected: nom du service caché:

Type "delete" (without quotes) to delete it: 14:30:08:000 0256

 

Tape delete et valide par la touche Enter.

 

Il y aura un rapport TDSSKiller.txt sur le C:\

Ouvre le fichier texte et copie l'entièreté du contenu; colle-le dans ta réponse.

 

 

080821120923886402.png Télécharge gmer sur ton Bureau et dézippe-le (clic droit et extraire ici).


  •  
  • Double-clique sur gmer.exe sur le Bureau. Si ton antivirus réagit, ne t'inquiète et ignore l'alerte.
  • Clique sur l'onglet "rootkit", puis coche Sections et Files
  • Clique sur scan.
  • A la fin du scan, clique sur le bouton copy.
  • Ouvre le Bloc-notes et clique sur CTRL+V afin de coller le rapport. Enregistre-le.
  • Édite ce rapport dans ta prochaine réponse.

bagneki Member

bagneki

Posté(e)
  • Auteur
Posté(e)

merci No.pp pour tes conseils.

je pense que j'ai retrouver le rapport du scan text dans OTL moved file

 

le voici

 

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-1286651634-2638253971-3409342703-1000\Software\Microsoft\Windows\CurrentVersion\Run\\imediacentral.com not found.

File C:\Windows\System32\recctrl2.exe not found.

Registry value HKEY_USERS\S-1-5-21-1286651634-2638253971-3409342703-1000\Software\Microsoft\Windows\CurrentVersion\Run\\luduvupf not found.

File C:\Users\hugues\AppData\Local\owddcxwut\kvqrbxgtssd.exe not found.

Folder C:\Users\hugues\AppData\Local\owddcxwut\ not found.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2BCE8-EC1F-44C5-A187-5CFE9A09D893}}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2BCE8-EC1F-44C5-A187-5CFE9A09D893}}\ not found.

Registry value HKEY_USERS\S-1-5-21-1286651634-2638253971-3409342703-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry value HKEY_USERS\S-1-5-21-1286651634-2638253971-3409342703-1000\Software\Microsoft\Windows\CurrentVersion\Run\\imediacentral.com not found.

File C:\Windows\System32\recctrl2.exe not found.

Registry value HKEY_USERS\S-1-5-21-1286651634-2638253971-3409342703-1000\Software\Microsoft\Windows\CurrentVersion\Run\\luduvupf not found.

File C:\Users\hugues\AppData\Local\owddcxwut\kvqrbxgtssd.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: b

->Temp folder emptied: 181070 bytes

->Temporary Internet Files folder emptied: 11763791 bytes

->Flash cache emptied: 635 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: hugues

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 69264 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 823800 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 12.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: b

->Flash cache emptied: 0 bytes

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Guest

->Flash cache emptied: 0 bytes

 

User: hugues

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.6.0 log created on 06212010_222449

 

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

C:\Users\b\AppData\Local\Temp\Low\~DF4314.tmp moved successfully.

C:\Users\b\AppData\Local\Temp\Low\~DFADB4.tmp moved successfully.

C:\Users\b\AppData\Local\Temp\Low\~DFF3C9.tmp moved successfully.

File\Folder C:\Users\b\AppData\Local\Temp\~DF8AB9.tmp not found!

File\Folder C:\Users\b\AppData\Local\Temp\~DF8B08.tmp not found!

File\Folder C:\Users\b\AppData\Local\Temp\~DF8CE1.tmp not found!

File\Folder C:\Users\b\AppData\Local\Temp\~DF8CF1.tmp not found!

File\Folder C:\Users\b\AppData\Local\Temp\~DF8D4D.tmp not found!

File\Folder C:\Users\b\AppData\Local\Temp\~DF8D5D.tmp not found!

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3H0925M\6eacf79a[1].txt moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3H0925M\img[2].txt moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W3H0925M\img[3].txt moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U5TLSIFY\229f14[1].txt moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U5TLSIFY\AP_ADV_300x250[1].htm moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U5TLSIFY\AP_ADV_728x90[1].htm moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TL1A01F\ads[2].txt moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TL1A01F\afr[1].php moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TL1A01F\afr[2].php moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TL1A01F\ban_home_728x90[1].htm moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TL1A01F\povh[1].htm moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TL1A01F\rectangle_300x250[1].htm moved successfully.

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3TL1A01F\security-warning-application-cannot-be-executed-the-file-t177544[1].html moved successfully.

File\Folder C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\fla1DD1.tmp not found!

C:\Users\b\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8NUGQAA\data[1].aspx moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

File\Folder C:\Windows\temp\JETC8CA.tmp not found!

 

Registry entries deleted on Reboot...

 

des que je finis d'effectuer les tests avec TDS KILLER ET GMER je te poste le

 

@+++++++++++++++++++++++++

bagneki Member

bagneki

Posté(e)
  • Auteur
Posté(e)

merci NO.PP pour tous les conseils et tout ce quevous faites pour m'aider a resoudre mon probleme.

je m'excuse pour avoir attendu si longtemps avant de poster mon rapport. voici les rapports demandes.

 

voici le rapport de TDSSKILLER

 

06:05:13:664 4372 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

06:05:13:664 4372 ================================================================================

06:05:13:664 4372 SystemInfo:

 

06:05:13:664 4372 OS Version: 6.0.6002 ServicePack: 2.0

06:05:13:664 4372 Product type: Workstation

06:05:13:665 4372 ComputerName: HUGUES-PC

06:05:13:665 4372 UserName: hugues

06:05:13:665 4372 Windows directory: C:\Windows

06:05:13:665 4372 Processor architecture: Intel x86

06:05:13:665 4372 Number of processors: 2

06:05:13:665 4372 Page size: 0x1000

06:05:13:668 4372 Boot type: Normal boot

06:05:13:668 4372 ================================================================================

06:05:14:541 4372 Initialize success

06:05:14:542 4372

06:05:14:543 4372 Scanning Services ...

06:05:15:602 4372 Raw services enum returned 486 services

06:05:15:617 4372

06:05:15:617 4372 Scanning Drivers ...

06:05:16:980 4372 Accelerometer (5c41679e1a2e0830069e45d288fa8499) C:\Windows\system32\DRIVERS\Accelerometer.sys

06:05:17:026 4372 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

06:05:17:071 4372 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

06:05:17:103 4372 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

06:05:17:135 4372 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

06:05:17:163 4372 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

06:05:17:225 4372 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

06:05:17:344 4372 AgereSoftModem (3712986cc3abf0dc656b43525b9d1279) C:\Windows\system32\DRIVERS\AGRSM.sys

06:05:17:410 4372 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

06:05:17:454 4372 ahcix86s (e331924fdf522cd7cea1b647503784e8) C:\Windows\system32\DRIVERS\ahcix86s.sys

06:05:17:484 4372 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

06:05:17:514 4372 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

06:05:17:552 4372 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

06:05:17:580 4372 Amddfltr (bafec23fc76ab781dfe9169f9b8dbebb) C:\Windows\system32\DRIVERS\Amddfltr.sys

06:05:17:596 4372 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

06:05:17:629 4372 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

06:05:17:657 4372 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys

06:05:17:682 4372 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

06:05:17:698 4372 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

06:05:17:744 4372 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys

06:05:17:791 4372 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys

06:05:17:817 4372 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys

06:05:17:840 4372 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys

06:05:17:862 4372 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys

06:05:17:889 4372 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

06:05:17:917 4372 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

06:05:17:967 4372 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys

06:05:18:126 4372 atikmdag (5000e60040e45b3e72791b19e1ced1e9) C:\Windows\system32\DRIVERS\atikmdag.sys

06:05:18:246 4372 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys

06:05:18:290 4372 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys

06:05:18:332 4372 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

06:05:18:360 4372 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

06:05:18:397 4372 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

06:05:18:437 4372 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

06:05:18:460 4372 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

06:05:18:491 4372 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

06:05:18:513 4372 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

06:05:18:537 4372 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

06:05:18:562 4372 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

06:05:18:617 4372 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

06:05:18:649 4372 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

06:05:18:720 4372 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

06:05:18:780 4372 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys

06:05:18:840 4372 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys

06:05:18:870 4372 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

06:05:18:915 4372 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

06:05:18:943 4372 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

06:05:19:004 4372 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

06:05:19:066 4372 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

06:05:19:114 4372 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

06:05:19:155 4372 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys

06:05:19:180 4372 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

06:05:19:216 4372 CO_Mon (73f5d6835bfa66019c03e316d99649da) C:\Windows\system32\drivers\CO_Mon.sys

06:05:19:251 4372 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

06:05:19:291 4372 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

06:05:19:346 4372 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

06:05:19:400 4372 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

06:05:19:450 4372 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

06:05:19:530 4372 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

06:05:19:575 4372 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

06:05:19:625 4372 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

06:05:19:710 4372 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

06:05:19:813 4372 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

06:05:19:878 4372 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys

06:05:19:965 4372 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

06:05:20:028 4372 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

06:05:20:085 4372 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

06:05:20:158 4372 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

06:05:20:190 4372 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

06:05:20:218 4372 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

06:05:20:250 4372 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

06:05:20:282 4372 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

06:05:20:329 4372 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

06:05:20:362 4372 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

06:05:20:397 4372 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

06:05:20:472 4372 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

06:05:20:549 4372 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

06:05:20:618 4372 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

06:05:20:665 4372 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

06:05:20:709 4372 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

06:05:20:747 4372 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

06:05:20:788 4372 hpdskflt (cc2148a432c351b9b0d289cde198b530) C:\Windows\system32\DRIVERS\hpdskflt.sys

06:05:20:838 4372 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

06:05:20:884 4372 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys

06:05:20:940 4372 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

06:05:21:028 4372 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

06:05:21:150 4372 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

06:05:21:218 4372 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

06:05:21:254 4372 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

06:05:21:288 4372 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

06:05:21:395 4372 IDSvix86 (ce5d5aaba62949b9bfa44d0eaf2d93e5) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081106.001\IDSvix86.sys

06:05:21:477 4372 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

06:05:21:506 4372 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

06:05:21:548 4372 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

06:05:21:594 4372 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

06:05:21:651 4372 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

06:05:21:690 4372 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

06:05:21:732 4372 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

06:05:21:760 4372 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

06:05:21:810 4372 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

06:05:21:842 4372 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

06:05:21:862 4372 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

06:05:21:889 4372 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

06:05:21:943 4372 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

06:05:22:029 4372 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys

06:05:22:094 4372 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

06:05:22:182 4372 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

06:05:22:218 4372 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

06:05:22:245 4372 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

06:05:22:304 4372 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

06:05:22:324 4372 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

06:05:22:366 4372 MBAMSwissArmy (c7dd7d9739785bd3a6b8499eec1dee7e) C:\Windows\system32\drivers\mbamswissarmy.sys

06:05:22:391 4372 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

06:05:22:426 4372 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

06:05:22:464 4372 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

06:05:22:492 4372 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

06:05:22:515 4372 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

06:05:22:535 4372 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

06:05:22:564 4372 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

06:05:22:585 4372 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

06:05:22:613 4372 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

06:05:22:652 4372 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

06:05:22:697 4372 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

06:05:22:756 4372 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

06:05:22:789 4372 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

06:05:22:814 4372 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

06:05:22:847 4372 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

06:05:22:868 4372 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

06:05:22:898 4372 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

06:05:22:926 4372 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

06:05:22:965 4372 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

06:05:22:989 4372 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

06:05:23:019 4372 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

06:05:23:071 4372 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

06:05:23:114 4372 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

06:05:23:150 4372 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

06:05:23:189 4372 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

06:05:23:250 4372 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

06:05:23:393 4372 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090930.002\NAVENG.SYS

06:05:23:464 4372 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20090930.002\NAVEX15.SYS

06:05:23:683 4372 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

06:05:23:746 4372 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

06:05:23:780 4372 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

06:05:23:836 4372 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

06:05:23:878 4372 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

06:05:23:916 4372 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

06:05:23:980 4372 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

06:05:24:053 4372 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

06:05:24:104 4372 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

06:05:24:149 4372 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

06:05:24:248 4372 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

06:05:24:315 4372 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

06:05:24:350 4372 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

06:05:24:404 4372 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys

06:05:24:471 4372 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

06:05:24:496 4372 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

06:05:24:530 4372 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

06:05:24:597 4372 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

06:05:24:633 4372 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

06:05:24:667 4372 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

06:05:24:702 4372 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

06:05:24:756 4372 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

06:05:24:806 4372 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

06:05:24:848 4372 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

06:05:24:916 4372 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

06:05:24:990 4372 pelmouse (670824151bf5a291d395f57ef2999cbf) C:\Windows\system32\DRIVERS\pelmouse.sys

06:05:25:029 4372 pelusblf (ee8c61ce8a018a6ad1dfbd90b452e845) C:\Windows\system32\DRIVERS\pelusblf.sys

06:05:25:072 4372 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

06:05:25:111 4372 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys

06:05:25:166 4372 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

06:05:25:202 4372 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

06:05:25:251 4372 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

06:05:25:304 4372 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

06:05:25:328 4372 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

06:05:25:348 4372 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

06:05:25:367 4372 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

06:05:25:400 4372 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

06:05:25:418 4372 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

06:05:25:474 4372 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

06:05:25:500 4372 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

06:05:25:540 4372 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

06:05:25:566 4372 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

06:05:25:600 4372 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

06:05:25:674 4372 Revoflt (b9bb8e2093c1615ad6ea55ad96214354) C:\Windows\system32\DRIVERS\revoflt.sys

06:05:25:792 4372 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

06:05:25:833 4372 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

06:05:25:913 4372 RTL8169 (a1adc7b4c074744662207da6edcdfbb0) C:\Windows\system32\DRIVERS\Rtlh86.sys

06:05:25:951 4372 RTSTOR (e64fe039c7b35ccdc0fff05db544ee58) C:\Windows\system32\drivers\RTSTOR.SYS

06:05:25:987 4372 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

06:05:26:018 4372 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

06:05:26:053 4372 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

06:05:26:085 4372 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

06:05:26:122 4372 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

06:05:26:158 4372 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

06:05:26:187 4372 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

06:05:26:223 4372 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

06:05:26:251 4372 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

06:05:26:278 4372 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

06:05:26:309 4372 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

06:05:26:333 4372 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

06:05:26:378 4372 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

06:05:26:468 4372 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

06:05:26:534 4372 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

06:05:26:592 4372 SRTSP (e0e54a571d4323567e95e11fe76a5ff3) C:\Windows\system32\Drivers\SRTSP.SYS

06:05:26:647 4372 SRTSPL (4e44f0e22df824d318988caa6f321c30) C:\Windows\system32\Drivers\SRTSPL.SYS

06:05:26:683 4372 SRTSPX (d3bb40427cf3d02e56bba97feda0a3aa) C:\Windows\system32\Drivers\SRTSPX.SYS

06:05:26:738 4372 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys

06:05:26:783 4372 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys

06:05:26:843 4372 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

06:05:26:909 4372 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys

06:05:26:956 4372 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys

06:05:26:984 4372 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys

06:05:27:051 4372 ssm_bus (14622ae81c72b08691eedaabc1d4a129) C:\Windows\system32\DRIVERS\ssm_bus.sys

06:05:27:113 4372 ssm_mdfl (43ee5e9fda61a5e0eac4c1de699e6e4d) C:\Windows\system32\DRIVERS\ssm_mdfl.sys

06:05:27:216 4372 ssm_mdm (918cfd32c7feb174f356a0a6fad11f4b) C:\Windows\system32\DRIVERS\ssm_mdm.sys

06:05:27:292 4372 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys

06:05:27:351 4372 STHDA (2449940565c8590961b4b1e9402ea43e) C:\Windows\system32\DRIVERS\stwrt.sys

06:05:27:398 4372 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

06:05:27:425 4372 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

06:05:27:477 4372 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\Windows\System32\Drivers\SYMDNS.SYS

06:05:27:530 4372 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS

06:05:27:565 4372 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\Windows\System32\Drivers\SYMFW.SYS

06:05:27:588 4372 SymIM (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys

06:05:27:616 4372 SYMNDISV (c94eaca4b522012ee0691f1e79c42a7d) C:\Windows\System32\Drivers\SYMNDISV.SYS

06:05:27:678 4372 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS

06:05:27:750 4372 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS

06:05:27:794 4372 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

06:05:27:813 4372 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

06:05:27:860 4372 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys

06:05:27:998 4372 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys

06:05:28:087 4372 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys

06:05:28:159 4372 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

06:05:28:208 4372 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

06:05:28:238 4372 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

06:05:28:287 4372 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

06:05:28:333 4372 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

06:05:28:391 4372 TIEHDUSB (a1124ebc672aa3ae1b327096c1dcc346) C:\Windows\system32\drivers\tiehdusb.sys

06:05:28:423 4372 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

06:05:28:444 4372 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

06:05:28:493 4372 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

06:05:28:539 4372 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

06:05:28:597 4372 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

06:05:28:663 4372 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

06:05:28:708 4372 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

06:05:28:748 4372 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

06:05:28:783 4372 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

06:05:28:824 4372 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

06:05:28:886 4372 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

06:05:28:934 4372 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

06:05:28:998 4372 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

06:05:29:039 4372 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

06:05:29:085 4372 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

06:05:29:143 4372 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

06:05:29:175 4372 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

06:05:29:206 4372 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

06:05:29:251 4372 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

06:05:29:290 4372 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

06:05:29:320 4372 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

06:05:29:357 4372 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

06:05:29:383 4372 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

06:05:29:416 4372 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

06:05:29:452 4372 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

06:05:29:502 4372 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

06:05:29:557 4372 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

06:05:29:601 4372 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

06:05:29:637 4372 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

06:05:29:666 4372 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

06:05:29:674 4372 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

06:05:29:713 4372 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

06:05:29:760 4372 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

06:05:29:855 4372 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

06:05:29:935 4372 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

06:05:30:013 4372 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

06:05:30:047 4372 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

06:05:30:080 4372 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

06:05:30:088 4372

06:05:30:089 4372 Completed

06:05:30:090 4372

06:05:30:092 4372 Results:

06:05:30:093 4372 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

06:05:30:094 4372 File objects infected / cured / cured on reboot: 0 / 0 / 0

06:05:30:095 4372

06:05:30:109 4372 KLMD(ARK) unloaded successfully

 

 

 

et voici celui de Gmer

 

 

 

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover

Rootkit scan 2010-06-22 23:02:37

Windows 6.0.6002 Service Pack 2

Running: gmer.exe; Driver: C:\Users\hugues\AppData\Local\Temp\uwryrpog.sys

 

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!KeSetEvent + 11D 828FE880 8 Bytes [08, 30, 6E, 88, 58, 92, 6D, ...]

.text ntkrnlpa.exe!KeSetEvent + 131 828FE894 4 Bytes [98, 87, 6B, 88] {CWDE ; XCHG [EBX-0x78], EBP}

.text ntkrnlpa.exe!KeSetEvent + 13D 828FE8A0 4 Bytes [F8, 54, 5E, 88]

.text ntkrnlpa.exe!KeSetEvent + 1F5 828FE958 4 Bytes [08, A7, 6D, 88]

.text ntkrnlpa.exe!KeSetEvent + 221 828FE984 4 Bytes [F0, 88, 6B, 88]

.text ...

PAGE ntkrnlpa.exe!ZwLoadDriver 829BDDF0 7 Bytes JMP A0EEEA28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A2928F 5 Bytes JMP A0EEA536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ObInsertObject 82A82038 5 Bytes JMP A0EEBEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!NtCreateSection 82A838C3 7 Bytes JMP A0EEE8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AE3892 7 Bytes JMP A0EEEACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9F80F000, 0x1FA4DA, 0xE8000020]

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!CreateWindowExW 767E1305 5 Bytes JMP 6E6DDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxParamW 768010B0 5 Bytes JMP 6E6054C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxIndirectParamW 76802EF5 5 Bytes JMP 6E7D480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxParamA 76818152 5 Bytes JMP 6E7D47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!DialogBoxIndirectParamA 7681847D 5 Bytes JMP 6E7D4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxIndirectA 7682D4D9 5 Bytes JMP 6E7D4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxIndirectW 7682D5D3 5 Bytes JMP 6E7D46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxExA 7682D639 5 Bytes JMP 6E7D4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4828] USER32.dll!MessageBoxExW 7682D65D 5 Bytes JMP 6E7D4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!CreateWindowExW 767E1305 5 Bytes JMP 6E6DDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxParamW 768010B0 5 Bytes JMP 6E6054C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxIndirectParamW 76802EF5 5 Bytes JMP 6E7D480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxParamA 76818152 5 Bytes JMP 6E7D47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!DialogBoxIndirectParamA 7681847D 5 Bytes JMP 6E7D4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxIndirectA 7682D4D9 5 Bytes JMP 6E7D4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxIndirectW 7682D5D3 5 Bytes JMP 6E7D46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxExA 7682D639 5 Bytes JMP 6E7D4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[4844] USER32.dll!MessageBoxExW 7682D65D 5 Bytes JMP 6E7D4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!CreateDialogParamW 767D72A2 5 Bytes JMP 6E6DDEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!GetAsyncKeyState 767D863C 5 Bytes JMP 6E5F8EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 6E6D9AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!CallNextHookEx 767D8E3B 5 Bytes JMP 6E6CD0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 6E64467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!EnableWindow 767DCD8B 5 Bytes JMP 6E6DDD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!CreateWindowExW 767E1305 5 Bytes JMP 6E6DDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!GetKeyState 767E8CB1 5 Bytes JMP 6E6DD2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!IsDialogMessageW 767F0745 5 Bytes JMP 6E6059D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!CreateDialogParamA 767F17AA 5 Bytes JMP 6E7D547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!IsDialogMessage 767F1847 5 Bytes JMP 6E7D4D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!CreateDialogIndirectParamA 767F26F1 5 Bytes JMP 6E7D54B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!CreateDialogIndirectParamW 767F9A62 5 Bytes JMP 6E7D54E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!SetKeyboardState 76800987 5 Bytes JMP 6E7D5086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxParamW 768010B0 5 Bytes JMP 6E6054C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxIndirectParamW 76802EF5 5 Bytes JMP 6E7D480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!SendInput 76802F75 5 Bytes JMP 6E7D5C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!EndDialog 7680326E 5 Bytes JMP 6E607E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!SetCursorPos 76816FB2 5 Bytes JMP 6E7D5C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxParamA 76818152 5 Bytes JMP 6E7D47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxIndirectParamA 7681847D 5 Bytes JMP 6E7D4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxIndirectA 7682D4D9 5 Bytes JMP 6E7D4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxIndirectW 7682D5D3 5 Bytes JMP 6E7D46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxExA 7682D639 5 Bytes JMP 6E7D4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxExW 7682D65D 5 Bytes JMP 6E7D4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!keybd_event 7682D972 5 Bytes JMP 6E7D5FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] SHELL32.dll!SHRestricted + D95 75BC8988 4 Bytes [4D, 30, 51, 65] {DEC EBP; XOR [ECX+0x65], DL}

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] SHELL32.dll!SHRestricted + D9D 75BC8990 8 Bytes [57, 2F, 51, 65, 9C, 5B, 50, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] ole32.dll!OleLoadFromStream 76B71E12 5 Bytes JMP 6E7D4B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5136] ole32.dll!CoCreateInstance 76BA9EA6 5 Bytes JMP 6E6DDB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CreateDialogParamW 767D72A2 5 Bytes JMP 6E6DDEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!GetAsyncKeyState 767D863C 5 Bytes JMP 6E5F8EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!SetWindowsHookExW 767D87AD 5 Bytes JMP 6E6D9AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CallNextHookEx 767D8E3B 5 Bytes JMP 6E6CD0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!UnhookWindowsHookEx 767D98DB 5 Bytes JMP 6E64467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!EnableWindow 767DCD8B 5 Bytes JMP 6E6DDD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CreateWindowExW 767E1305 5 Bytes JMP 6E6DDB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!GetKeyState 767E8CB1 5 Bytes JMP 6E6DD2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!IsDialogMessageW 767F0745 5 Bytes JMP 6E6059D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CreateDialogParamA 767F17AA 5 Bytes JMP 6E7D547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!IsDialogMessage 767F1847 5 Bytes JMP 6E7D4D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CreateDialogIndirectParamA 767F26F1 5 Bytes JMP 6E7D54B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!CreateDialogIndirectParamW 767F9A62 5 Bytes JMP 6E7D54E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!SetKeyboardState 76800987 5 Bytes JMP 6E7D5086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxParamW 768010B0 5 Bytes JMP 6E6054C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxIndirectParamW 76802EF5 5 Bytes JMP 6E7D480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!SendInput 76802F75 5 Bytes JMP 6E7D5C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!EndDialog 7680326E 5 Bytes JMP 6E607E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!SetCursorPos 76816FB2 5 Bytes JMP 6E7D5C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxParamA 76818152 5 Bytes JMP 6E7D47AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!DialogBoxIndirectParamA 7681847D 5 Bytes JMP 6E7D4872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxIndirectA 7682D4D9 5 Bytes JMP 6E7D4741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxIndirectW 7682D5D3 5 Bytes JMP 6E7D46D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxExA 7682D639 5 Bytes JMP 6E7D4674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!MessageBoxExW 7682D65D 5 Bytes JMP 6E7D4612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] USER32.dll!keybd_event 7682D972 5 Bytes JMP 6E7D5FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] SHELL32.dll!SHRestricted + D95 75BC8988 4 Bytes [4D, 30, 51, 65] {DEC EBP; XOR [ECX+0x65], DL}

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] SHELL32.dll!SHRestricted + D9D 75BC8990 8 Bytes [57, 2F, 51, 65, 9C, 5B, 50, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] ole32.dll!OleLoadFromStream 76B71E12 5 Bytes JMP 6E7D4B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5148] ole32.dll!CoCreateInstance 76BA9EA6 5 Bytes JMP 6E6DDB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

 

---- EOF - GMER 1.0.15 ----

 

une fois de plus merci beaucoup NO.PP.

@++++++++++++

bagneki Member

bagneki

Posté(e)
  • Auteur
Posté(e)

salut et merci beaucoup NO.PP POUR TOUT

 

consernant le le message de security warning, il apparaissait dans mon compte administrateur et avait completement tout bloquer. j'ai ete obliger de creer un nouveau compte afin de pouvoir effectuer toutes les operations que vous me demandier de faire.

maintenant quand je rentre de nouveau dans ma section administrateur qui etait infecter, ce message de security warning n'apparait plus; mais je ne peux pas acceder a internet. aucune page web ne s'ouvre; ce qui fait que je suis obliger de repasser par un autre compte afin de pouvoir acceder sur internet.

l'autre probleme reveler c'est celui de windows qui me redemande d'activer a nouveau mon windows vista avec un message qui apparait " an unautorized change was made to windows. you must retype your windows vista home to activate it"

 

voila ou j'en suis.

 

concernant l'antivirus je le fais maintenant ou j'attends que la fin du probleme?

 

merci beaucoup NO.PP

@++++++++++++++++

no.ppp Extrem Member

no.ppp

Posté(e)
Posté(e) (modifié)

Salut,

 

L'activation de Vista est "normale", 2 fichiers se sont glissés dans le script sans que je m'en rende compte. Il faudra donc les restaurer.

 

080821120923886402.png Télécharger SEAF sur ton Bureau.


  •  
  • Double-clique sur le fichier SEAF.exe
  • Suis les instructions à cocher sur cette fenêtre:
  • img-13211200p4x.jpg


  •  
  • Occurrences à rechercher : Tape :
     

    •  
    • owddcxwut
    • kvqrbxgtssd
    • luduvupf

    [*]Coche "Chercher également dans le registre"

    [*]Calculer le cheksum.

    [*]Coche Informations suppémentaires

    [*]La recherche dure quelques minutes et produit un rapport C:\SEAFlog.txt à copier-coller dans ta prochaine réponse.

 

 

Afin de connaître exactement l'emplacement du dossier supprimé par mégarde, fais ceci_.

080821120923886402.png Relance OTL.exe.

 

  • Coche "Aucun"
  • Copie-colle le code suivant dans la fenêtre Personnalisation
     
      Citation

    :OTL
    dir /s C:\_OTL\MovedFiles /c
     
  • Clique ensuite sur Analyse et patiente.
  • Copie-colle le contenu du rapport qui s'ouvre dans ta prochaine réponse.

 

 

EDIT : Rajout d'une procédure.

Modifié par no.ppp

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...