Liens Google envoyant sur des PUBs

Grob' -  
 Grob -
Bonjour,

Depuis peu, j'ai quelques problèmes sur Google Chrome et Firefox : les liens google renvoient sur des sites de PUB.
(je tourne sous Windows 7)

Je me suis renseigné, c'est apparemment un problème avec un spyware.


J'ai fait un scan Hijack, mais je comprends rien derrière :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:53:41, on 30/05/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\Downloads\PhotoFiltre\photofiltre.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Victor\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
R3 - URLSearchHook: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf0.dll
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Elf 1.13 - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf0.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Elf 1.13 Toolbar - {b80f591e-fe9a-46cf-a13e-180377240586} - C:\Program Files (x86)\Elf_1.13\prxtbElf0.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Victor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe -update plugin
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Akamai NetSession Interface (Akamai) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: HsfXAudioService - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\x64\maconfservice.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe
A voir également:

18 réponses

Réponse 1 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Bonsoir,

Télécharge TDSSKiller sur ton Bureau.

# Décompresse le (clic droit sur le fichier et extraire) sur le bureau.
# dans le dossier crée, déplacer le fichier TDSSKiller.exe pour le mettre sur le Bureau
# Faire un double clic sur TDSSKiller.exe pour le lancer.
# Cliquer sur Start scan pour lancer l'analyse,

# Lorsque l'outil a terminé son travail d'inspection, si des nuisibles ("Malicious objects") ont été trouvés, vérifier que l'option Cure est sélectionnée,
# Si des objects suspects "Suspicious objects" ont été détectés, sur l'écran de demande de confirmation, laisser l'option sur Skip.
# Puis cliquer sur le bouton Continue.
# Attendre l'affichage du fichier rapport.
# Si l'outil a besoin d'un redémarrage pour finaliser le nettoyage, cliquer sur le bouton Reboot computer.

Envoyer en réponse le rapport de TDSSKiller

Note : Il se trouve aussi en C:\TDSSKiller.Version_Date_Heure_log.txt

A+
0
Réponse 2 / 18
Grob'
 
Hello !

J'ai fait tout comme dit, jusqu'au scan

après : Infection : not found, et ça me met uniquement "close" comme bouton

le rapport :


2011/05/30 22:36:28.0512 5556 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/30 22:36:28.0837 5556 ================================================================================
2011/05/30 22:36:28.0837 5556 SystemInfo:
2011/05/30 22:36:28.0837 5556
2011/05/30 22:36:28.0837 5556 OS Version: 6.1.7600 ServicePack: 0.0
2011/05/30 22:36:28.0837 5556 Product type: Workstation
2011/05/30 22:36:28.0837 5556 ComputerName: MON_ORDI
2011/05/30 22:36:28.0838 5556 UserName: Victor
2011/05/30 22:36:28.0838 5556 Windows directory: C:\Windows
2011/05/30 22:36:28.0838 5556 System windows directory: C:\Windows
2011/05/30 22:36:28.0838 5556 Running under WOW64
2011/05/30 22:36:28.0838 5556 Processor architecture: Intel x64
2011/05/30 22:36:28.0838 5556 Number of processors: 2
2011/05/30 22:36:28.0838 5556 Page size: 0x1000
2011/05/30 22:36:28.0838 5556 Boot type: Normal boot
2011/05/30 22:36:28.0838 5556 ================================================================================
2011/05/30 22:36:29.0350 5556 Initialize success
2011/05/30 22:36:51.0015 1156 ================================================================================
2011/05/30 22:36:51.0015 1156 Scan started
2011/05/30 22:36:51.0015 1156 Mode: Manual;
2011/05/30 22:36:51.0015 1156 ================================================================================
2011/05/30 22:36:51.0337 1156 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/05/30 22:36:51.0447 1156 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/05/30 22:36:51.0556 1156 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/05/30 22:36:51.0683 1156 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/05/30 22:36:51.0823 1156 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/05/30 22:36:51.0938 1156 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/05/30 22:36:52.0098 1156 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/05/30 22:36:52.0222 1156 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/05/30 22:36:52.0367 1156 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/05/30 22:36:52.0428 1156 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/05/30 22:36:52.0484 1156 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/30 22:36:52.0517 1156 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/05/30 22:36:52.0557 1156 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/05/30 22:36:52.0601 1156 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/05/30 22:36:52.0637 1156 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/05/30 22:36:52.0680 1156 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/05/30 22:36:52.0735 1156 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/05/30 22:36:52.0761 1156 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/05/30 22:36:52.0811 1156 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/30 22:36:52.0853 1156 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/05/30 22:36:52.0937 1156 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
2011/05/30 22:36:53.0153 1156 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/05/30 22:36:53.0265 1156 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/05/30 22:36:53.0373 1156 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/05/30 22:36:53.0501 1156 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/05/30 22:36:53.0568 1156 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/30 22:36:53.0645 1156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/05/30 22:36:53.0676 1156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/05/30 22:36:53.0757 1156 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/05/30 22:36:53.0791 1156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/05/30 22:36:53.0840 1156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/05/30 22:36:53.0882 1156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/05/30 22:36:53.0952 1156 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/05/30 22:36:54.0062 1156 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/30 22:36:54.0170 1156 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/30 22:36:54.0255 1156 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/30 22:36:54.0319 1156 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/05/30 22:36:54.0405 1156 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/30 22:36:54.0449 1156 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/05/30 22:36:54.0504 1156 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/05/30 22:36:54.0599 1156 CnxtHdAudService (20f3f8674d7dee5d90a352b775d5d5ba) C:\Windows\system32\drivers\CHDRT64.sys
2011/05/30 22:36:54.0670 1156 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/30 22:36:54.0725 1156 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/05/30 22:36:54.0774 1156 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/05/30 22:36:54.0881 1156 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/05/30 22:36:54.0925 1156 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/05/30 22:36:54.0979 1156 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/05/30 22:36:55.0169 1156 driverhardwarev2x64 (3f9933fac064a84a293207f039860de7) C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys
2011/05/30 22:36:55.0257 1156 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/05/30 22:36:55.0363 1156 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/30 22:36:55.0582 1156 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/05/30 22:36:55.0756 1156 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/05/30 22:36:55.0804 1156 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/05/30 22:36:55.0892 1156 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/05/30 22:36:55.0937 1156 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/05/30 22:36:55.0987 1156 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/30 22:36:56.0052 1156 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/05/30 22:36:56.0095 1156 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/05/30 22:36:56.0148 1156 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/30 22:36:56.0254 1156 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/05/30 22:36:56.0317 1156 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/05/30 22:36:56.0352 1156 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/30 22:36:56.0380 1156 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/30 22:36:56.0423 1156 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/05/30 22:36:56.0528 1156 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/30 22:36:56.0610 1156 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/05/30 22:36:56.0657 1156 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/05/30 22:36:56.0697 1156 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/30 22:36:56.0714 1156 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/05/30 22:36:56.0762 1156 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/05/30 22:36:56.0805 1156 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/30 22:36:56.0861 1156 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/30 22:36:56.0903 1156 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/05/30 22:36:56.0975 1156 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/05/30 22:36:57.0034 1156 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/05/30 22:36:57.0070 1156 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/30 22:36:57.0125 1156 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/30 22:36:57.0168 1156 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/05/30 22:36:57.0198 1156 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/05/30 22:36:57.0232 1156 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/30 22:36:57.0268 1156 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/30 22:36:57.0294 1156 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/30 22:36:57.0333 1156 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/05/30 22:36:57.0363 1156 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/05/30 22:36:57.0409 1156 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/05/30 22:36:57.0442 1156 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/05/30 22:36:57.0482 1156 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/30 22:36:57.0530 1156 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/05/30 22:36:57.0572 1156 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/30 22:36:57.0613 1156 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/30 22:36:57.0656 1156 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/30 22:36:57.0678 1156 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/05/30 22:36:57.0708 1156 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/05/30 22:36:57.0777 1156 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/30 22:36:57.0829 1156 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/05/30 22:36:57.0862 1156 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/05/30 22:36:57.0893 1156 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/05/30 22:36:57.0928 1156 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/05/30 22:36:57.0979 1156 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/05/30 22:36:58.0046 1156 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/30 22:36:58.0096 1156 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/05/30 22:36:58.0147 1156 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/05/30 22:36:58.0177 1156 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/05/30 22:36:58.0252 1156 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/30 22:36:58.0297 1156 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/30 22:36:58.0335 1156 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/30 22:36:58.0365 1156 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/05/30 22:36:58.0402 1156 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/05/30 22:36:58.0438 1156 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/30 22:36:58.0468 1156 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/30 22:36:58.0494 1156 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/30 22:36:58.0528 1156 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/30 22:36:58.0559 1156 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/30 22:36:58.0593 1156 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/05/30 22:36:58.0613 1156 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/05/30 22:36:58.0666 1156 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/05/30 22:36:58.0693 1156 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/05/30 22:36:58.0723 1156 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/05/30 22:36:58.0792 1156 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/30 22:36:58.0829 1156 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/30 22:36:58.0856 1156 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/05/30 22:36:58.0908 1156 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/05/30 22:36:58.0965 1156 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/30 22:36:58.0998 1156 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/05/30 22:36:59.0026 1156 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/05/30 22:36:59.0064 1156 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/05/30 22:36:59.0141 1156 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/30 22:36:59.0206 1156 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/05/30 22:36:59.0263 1156 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/05/30 22:36:59.0303 1156 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/30 22:36:59.0342 1156 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/30 22:36:59.0371 1156 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/30 22:36:59.0423 1156 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/05/30 22:36:59.0477 1156 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/30 22:36:59.0520 1156 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/30 22:36:59.0809 1156 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/05/30 22:37:00.0226 1156 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/05/30 22:37:00.0400 1156 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/05/30 22:37:00.0469 1156 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/05/30 22:37:00.0571 1156 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/30 22:37:00.0661 1156 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/05/30 22:37:00.0734 1156 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/05/30 22:37:00.0828 1156 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
2011/05/30 22:37:01.0279 1156 nvlddmkm (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/30 22:37:01.0709 1156 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/05/30 22:37:01.0752 1156 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/05/30 22:37:01.0851 1156 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/05/30 22:37:01.0885 1156 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/30 22:37:01.0963 1156 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/05/30 22:37:02.0014 1156 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/05/30 22:37:02.0079 1156 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/05/30 22:37:02.0121 1156 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/05/30 22:37:02.0161 1156 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/30 22:37:02.0202 1156 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/05/30 22:37:02.0236 1156 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/05/30 22:37:02.0399 1156 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/30 22:37:02.0432 1156 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/05/30 22:37:02.0548 1156 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/30 22:37:02.0594 1156 PSINAflt (118603a97cd639d25f4448dd25273173) C:\Windows\system32\DRIVERS\PSINAflt.sys
2011/05/30 22:37:02.0643 1156 PSINFile (bf625c0afaf796c80e3b75be2284fde8) C:\Windows\system32\DRIVERS\PSINFile.sys
2011/05/30 22:37:02.0675 1156 PSINKNC (18487175ba65c66acc6f94354f0552de) C:\Windows\system32\DRIVERS\psinknc.sys
2011/05/30 22:37:02.0708 1156 PSINProc (44f40ccaca74dcb1915398712fad8342) C:\Windows\system32\DRIVERS\PSINProc.sys
2011/05/30 22:37:02.0742 1156 PSINProt (38474fbd900a9e3199438fb372db8e36) C:\Windows\system32\DRIVERS\PSINProt.sys
2011/05/30 22:37:02.0792 1156 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/30 22:37:02.0880 1156 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/05/30 22:37:02.0950 1156 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/05/30 22:37:03.0016 1156 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/30 22:37:03.0042 1156 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/30 22:37:03.0096 1156 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/05/30 22:37:03.0141 1156 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/30 22:37:03.0196 1156 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/30 22:37:03.0227 1156 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/30 22:37:03.0294 1156 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/30 22:37:03.0348 1156 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/05/30 22:37:03.0379 1156 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/30 22:37:03.0427 1156 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/30 22:37:03.0459 1156 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/05/30 22:37:03.0496 1156 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/05/30 22:37:03.0538 1156 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/05/30 22:37:03.0622 1156 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/30 22:37:03.0689 1156 RSUSBSTOR (a5df2f732a6c95554e548fcb6932bd31) C:\Windows\system32\Drivers\RtsUStor.sys
2011/05/30 22:37:03.0751 1156 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/05/30 22:37:03.0792 1156 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/05/30 22:37:03.0856 1156 ScreamBAudioSvc (490b0b68bb938d5c628ec4a67277be75) C:\Windows\system32\drivers\ScreamingBAudio64.sys
2011/05/30 22:37:03.0913 1156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/30 22:37:03.0969 1156 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/05/30 22:37:04.0003 1156 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/05/30 22:37:04.0027 1156 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/05/30 22:37:04.0085 1156 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/05/30 22:37:04.0109 1156 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/05/30 22:37:04.0133 1156 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/05/30 22:37:04.0165 1156 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/05/30 22:37:04.0198 1156 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/05/30 22:37:04.0232 1156 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/05/30 22:37:04.0257 1156 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/05/30 22:37:04.0309 1156 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/05/30 22:37:04.0362 1156 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/05/30 22:37:04.0401 1156 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/30 22:37:04.0446 1156 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/05/30 22:37:04.0506 1156 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/05/30 22:37:04.0577 1156 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/05/30 22:37:04.0624 1156 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/30 22:37:04.0676 1156 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/05/30 22:37:04.0720 1156 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/30 22:37:04.0777 1156 SynTP (ed6d1424e5b0c21a57b28dd8508d6843) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/30 22:37:04.0892 1156 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/05/30 22:37:05.0063 1156 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/30 22:37:05.0118 1156 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/30 22:37:05.0169 1156 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/05/30 22:37:05.0203 1156 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/05/30 22:37:05.0250 1156 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/30 22:37:05.0287 1156 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/30 22:37:05.0382 1156 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/30 22:37:05.0442 1156 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/30 22:37:05.0491 1156 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/05/30 22:37:05.0530 1156 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/30 22:37:05.0600 1156 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/05/30 22:37:05.0643 1156 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/30 22:37:05.0683 1156 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/30 22:37:05.0732 1156 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/30 22:37:05.0808 1156 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/05/30 22:37:05.0856 1156 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/30 22:37:05.0907 1156 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/30 22:37:05.0952 1156 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/30 22:37:05.0984 1156 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/30 22:37:06.0041 1156 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/30 22:37:06.0094 1156 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/30 22:37:06.0145 1156 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/30 22:37:06.0212 1156 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/05/30 22:37:06.0260 1156 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/30 22:37:06.0285 1156 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/05/30 22:37:06.0314 1156 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/05/30 22:37:06.0363 1156 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/05/30 22:37:06.0400 1156 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/05/30 22:37:06.0444 1156 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/05/30 22:37:06.0479 1156 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/05/30 22:37:06.0526 1156 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/05/30 22:37:06.0569 1156 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/05/30 22:37:06.0598 1156 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/05/30 22:37:06.0659 1156 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/05/30 22:37:06.0712 1156 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/05/30 22:37:06.0756 1156 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 22:37:06.0780 1156 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/30 22:37:06.0855 1156 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/05/30 22:37:06.0918 1156 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/30 22:37:07.0057 1156 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/05/30 22:37:07.0092 1156 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/05/30 22:37:07.0225 1156 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/30 22:37:07.0319 1156 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/30 22:37:07.0408 1156 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/05/30 22:37:07.0473 1156 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/30 22:37:07.0659 1156 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
2011/05/30 22:37:07.0752 1156 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/05/30 22:37:07.0775 1156 ================================================================================
2011/05/30 22:37:07.0775 1156 Scan finished
2011/05/30 22:37:07.0775 1156 ================================================================================
2011/05/30 22:37:07.0808 8864 Detected object count: 0
2011/05/30 22:37:07.0809 8864 Actual detected object count: 0
0
Réponse 3 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Re,

Dans la plupart des cas, cette infection est détecté par cet outil. :-(

--------------------------------------------

Pour plus d'infos,

1/ Télécharge gmer sur ton bureau ( IMPORTANT )
http://www.gmer.net/#files

Précautions d'usage :
- Commence par désactiver ou arrêter des logiciels comme Alcolhol Soft ou Daemon tools car ils biaisent le rapport de gmer.
- Durant l'utilisation du logiciel, désactive tes protections actives ( antivirus, parefeu ). IMPORTANT.
- Ferme également toutes les applications actives dont ton navigateur.

# Double-clique sur l'exécutable téléchargé .
Si sous Vista , click droit sur l'exécutable et choisir exécuter en tant qu'administrateur.
# Le scan va se lancer de lui-même.

Si tu reçois un message t'indiquant la présence de rootkits, choisis oui pour effectuer une analyse complète du PC mais ne supprime rien.

# A la fin de l'analyse, clique sur save pour enregistrer le rapport
# Enregistre-le sur le bureau ( fichier .log )

Édite ce rapport dans ta prochaine réponse


2/ Télécharge OTL (de OldTimer) sur ton Bureau.
http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/

Prends le soin de fermer toutes les autres fenêtres Windows afin de ne pas interrompre le scan.

* Double-clique sur OTL.exe pour le lancer.
Si Sous Vista/seven, , click droit sur sur le fichier et choisir Exécuter en tant qu'administrateur.
* Sélectionne l'option tous les utilisateurs.
* Dans la partie Personnalisation, copie/colle la liste suivante. 

netsvcs 
Drivers32
msconfig  
activex
/md5start   
winlogon.exe 
explorer.exe
wininit.exe
/md5stop
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*. 
%ALLUSERSPROFILE%\Application Data\*.exe /s
%appdata%\*.exe /s 
%APPDATA%\*.  
%systemroot%\*. /mp /s 
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
hklm\software\clients\startmenuinternet|command /rs 
CREATERESTOREPOINT


* Enfin, clique sur le bouton Analyse rapide.

* Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)

Utilise un site comme https://www.cjoint.com/ pour les déposer.
indique ensuite les deux liens crées.

A+
0
Réponse 4 / 18
Grob'
 
Hello !
Merci ^^


Alors :
"gmer hasn't fount any system modification" ou un texte du genre, quite à l'analyse de gmer
http://cjoint.com/?AEFlvtXtdmV

Liens de l'analyse OTL :

http://cjoint.com/?AEFlyLaACKM

http://cjoint.com/?AEFlycrWQB9


Concernant le problème :
Il est toujours présent.
J'ai regardé attentivement :
Je clique sur un lien google, suite à une recherche
J'ai le droit à un lien de ce type pendant une demi seconde (j'ai pas eu le temps de copier-coller, j'ai juste pu screener)
http://cjoint.com/?AEFlHICmt44

Je précise que j'avais tapé en recherche google "nothine else matters cello III"

Ensuite, juste après, je suis sur un site de PUB !


Sinon, à un autre moment, j'ai eu le droit à plusieurs "adresse (2 ou 3) dont ceci :
http://cjoint.com/?AEFlJu1Ylrc
(c'est rapide, je n'ai pas eu le temps de screener les autres)



Voilà, j'espère que ça pourra aider...

Merci de votre aide ^^
A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Désinstalle

Vuze Remote Toolbar
Elf 1.13 Toolbar

------------------------------

Il faudrait analyser un fichier.
Ce fichier est caché.
Il te faut donc les faire apparaitre .

Démarrer --> ordinateur --> organiser --> options des dossiers et de recherche

Dans la fenêtre ouverte,

Vérifier que " Afficher les fichiers et dossiers cachés" est coché.
Vérifier que " Masquer les fichiers protégés du système d'exploitation ( recommandé )" est décoché.


Tu vas sur le site de VirusTotal et tu vas pouvoir analyser un fichier.
https://www.virustotal.com/gui/

# Clique sur parcourir et sélectionne le fichier indiqué ci-dessous :

Chemin : C:\Windows\SysWow64\SyncHosts.dll

# Tu cliques ensuite sur envoyer le fichier.
# Copie l'adresse de la page une fois les résultats affichés.

Indique moi le lien de cette page.

A+
0
Réponse 6 / 18
Grob'
 
Hello o/

Bon, quand je vais sur désinstaller un programme, dans le panneau de config', puis que je clique sur l'un des fichiers, il ne se passe rien !

Des fois, j'ai le droit à un petit message, mais c'est tout

Sinon :
(j'ai du bidouiller les acces du fichier en question, maus j'ai finalement réussi ^^)

http://www.virustotal.com/file-scan/report.html?id=6072b914f70076ad00b1e38bda90674915a362f11c4727909d2b053943a405c4-1306843817

Merci ;)
0
Réponse 7 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Re,

Bon. on verra à nettoyer ce qu'il reste de ces barres d'outils.

------------------------------

Tu vas télécharger ComBoFix et enregistre le sur ton bureau ( IMPORTANT )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

# Désactive les protections résidentes de ton ordinateur ( antivirus, antispyware et parefeu )
# Branche tes différents supports amovibles ( clés USB, disque dur externe ) sans les ouvrir.

# Lance Combofix.exe et suis les invites.

Il est possible que ComBoFix redémarre l'ordinateur pour supprimer certains fichiers.

# Une fois le scan fini, un rapport va apparaitre.

Copie/colle ce rapport dans ta prochaine réponse.

Note : Si tu ne le trouves pas, il est à C:\ComboFix.txt.

A+
0
Réponse 8 / 18
Grob'
 
Hello o/

voilà le rapport :


ComboFix 11-05-30.08 - Victor 31/05/2011 16:02:16.1.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4061.1653 [GMT 2:00]
Lancé depuis: c:\users\Victor\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA_hpk.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\users\Public\Documents\dll
c:\users\Victor\AppData\Roaming\Microsoft\Iso64
c:\users\Victor\AppData\Roaming\Microsoft\Iso64\l.txt
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-04-28 au 2011-05-31 ))))))))))))))))))))))))))))))))))))
.
.
2011-05-31 15:35 . 2011-05-31 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 19:22 . 2011-05-29 19:23 -------- d-----w- c:\program files\CCleaner
2011-05-26 21:23 . 2011-05-26 21:23 -------- d-----w- c:\program files (x86)\Jmgr.info
2011-05-26 18:48 . 2011-05-26 18:48 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-05-24 21:41 . 2011-05-24 21:41 -------- d-----w- c:\program files (x86)\MultiProxy
2011-05-24 21:24 . 2011-05-24 21:24 102912 --sha-w- c:\windows\SysWow64\SyncHosts.dll
2011-05-24 20:34 . 2011-05-24 20:34 -------- d-----w- c:\users\Victor\AppData\Roaming\Thinstall
2011-05-24 20:34 . 2011-05-24 20:34 -------- d-----w- c:\users\Victor\AppData\Local\Thinstall
2011-05-24 20:19 . 2011-05-24 20:19 -------- d-----w- c:\programdata\AutoHideIP
2011-05-24 20:19 . 2011-05-24 20:19 -------- d-----w- c:\users\Victor\AppData\Roaming\AutoHideIP
2011-05-24 20:13 . 2011-05-24 20:14 -------- d-----w- c:\programdata\RealHideIP
2011-05-24 20:13 . 2011-05-24 20:13 -------- d-----w- c:\users\Victor\AppData\Roaming\RealHideIP
2011-05-24 19:56 . 2011-05-24 20:08 -------- d-----w- c:\program files (x86)\Hide IP Platinum
2011-05-22 20:03 . 2011-05-30 10:02 -------- d-----w- c:\programdata\Skype Extras
2011-05-22 20:03 . 2011-05-22 20:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-15 10:11 . 2011-05-15 10:11 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-15 10:11 . 2011-05-15 10:11 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-15 10:11 . 2011-05-15 10:11 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-15 10:11 . 2011-05-15 10:11 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-15 10:11 . 2011-05-15 10:11 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-15 10:11 . 2011-05-15 10:11 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-15 10:11 . 2011-05-15 10:11 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-15 10:11 . 2011-05-15 10:11 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-04 01:53 . 2011-05-04 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-03 21:34 . 2011-05-03 21:35 -------- d-----w- c:\program files (x86)\LaBoiteACouleurs
2011-05-02 14:10 . 2011-05-02 14:10 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2011-05-02 14:10 . 2011-05-02 14:10 -------- d-----w- c:\program files (x86)\Hero Fighter
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2011-01-05 20:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-08 05:14 . 2011-04-27 13:29 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2011-04-27 13:29 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-27 13:29 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-04-27 13:29 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-08 05:14 . 2011-04-27 13:29 20700264 ----a-w- c:\windows\system32\nvoglv64.dll
2011-04-08 05:14 . 2011-04-27 13:29 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll
2011-04-08 05:14 . 2011-04-27 13:29 15227496 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-04-08 05:14 . 2011-04-27 13:29 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll
2011-04-08 05:14 . 2011-04-27 13:29 13262184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-27 13:29 6974056 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-27 13:29 5183080 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-04-08 05:14 . 2011-04-27 13:29 2893416 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-27 13:29 2765928 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-04-08 05:14 . 2011-04-27 13:29 2204264 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-27 13:29 2074216 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-27 13:29 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2011-04-27 13:29 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2011-04-27 13:29 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2011-04-27 13:29 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2011-04-27 13:29 18578536 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-27 13:29 13007464 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-04-07 21:19 . 2011-04-07 21:19 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-04-07 21:19 . 2011-04-07 21:19 318056 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 21:19 . 2011-04-07 21:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-10 00:04 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-06 16:18 . 2011-03-06 16:18 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-03-06 16:18 . 2011-03-06 16:18 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-03-06 16:18 . 2011-03-06 16:18 29908992 ----a-w- c:\program files (x86)\CFP_Setup.msi
2011-03-06 16:18 . 2011-03-06 16:18 8338160 ----a-w- c:\program files (x86)\geekbuddy.exe
2011-03-03 15:59 . 2011-04-27 13:29 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-03-03 15:59 . 2011-04-27 13:29 70760 ----a-w- c:\windows\system32\nvapo64v.dll
2011-03-03 15:59 . 2011-04-27 13:29 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-03-03 15:59 . 2011-04-27 13:29 1359976 ----a-w- c:\windows\system32\nvhdagenco642040.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files (x86)\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Elf_1.13\prxtbElf0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-03 09:16 175400 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files (x86)\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-12-18 1541472]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-04-12 420864]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 X6va003;X6va003;c:\users\Victor\AppData\Local\Temp\0031BB7.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 PsBoot;Panda boot driver;c:\windows\system32\Drivers\PsBoot.sys [x]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - 29758006
*NewlyCreated* - PSBOOT
*Deregistered* - 29758006
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2606641316-3178829439-242991252-1000Core.job
- c:\users\Victor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:48]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2606641316-3178829439-242991252-1000UA.job
- c:\users\Victor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 17:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 17:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-08-20 504888]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\z771dyud.default\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Victor\AppData\Local\Temp\0031BB7.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2606641316-3178829439-242991252-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2606641316-3178829439-242991252-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-05-31 18:26:06
ComboFix-quarantined-files.txt 2011-05-31 16:25
.
Avant-CF: 348 439 760 896 octets libres
Après-CF: 348 747 907 072 octets libres
.
- - End Of File - - 502BA7DD0F66B305B8599837B0556728













A+
0
Réponse 9 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Re,

Tu vas réutiliser Combofix.

1/ Télécharge le fichier Cfscript.TXT et enregistre-le sur ton bureau.
http://ww38.toofiles.com/fr/oip/documents/txt/cfscript.html

2) Glisse/dépose le script sur ComBoFix comme indiqué sur ce lien
http://img399.imageshack.us/img399/7183/img210914jjufmoj0.gif

Suis les invites.

# Ton bureau va disparaître à plusieurs reprises. Normal.
# L'ordinateur va redémarrer et un rapport sera crée.
# Poste le contenu dans ton prochain message.

Note : Si tu ne le trouves pas, il est en C:\Combofix.txt

-----------------------------------------------------------

Télécharge AD-Remover de C_XX sur ton bureau :
http://www.teamxscript.org/too/AD-R.exe

Tu te déconnectes du net et ferme toutes les applications en cours.

Sous Vista, il faut nécessairement désactiver l'UAC ou contrôle de compte utilisateur.
Tuto : https://www.pcastuces.com/pratique/windows/vista/astuces/desactiver_uac.htm

* Double-clique sur AD-R.exe .
* Au menu principal, choisis l'option "nettoyer" pour effectuer le nettoyage .
* Suis les invites.
* Le PC va te demander de redémarrer pour procéder au nettoyage. Accepte

Après redémarrage, un rapport va apparaitre. Poste le contenu dans ton prochain message.

<ital>Note : Il se trouve en C:\AD-Report-Clean.log</ital


A+
0
Réponse 10 / 18
Grob'
 
Bonjour o/


Rapport de Combofix :


ComboFix 11-05-30.08 - Victor 01/06/2011 2:39.2.2 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7600.0.1252.33.1036.18.4061.2979 [GMT 2:00]
Lancé depuis: c:\users\Victor\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Victor\Desktop\cfscript.txt
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
FILE ::
"c:\users\Victor\Desktop\enfzlo8y.exe"
"c:\users\Victor\Desktop\hjojgc4z.exe"
"c:\windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job"
"c:\windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job"
"c:\windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job"
"c:\windows\tasks\SKWLLKM.job"
.
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Victor\AppData\Roaming\Microsoft\Windows\Recent\robinet-2.mp3.url
c:\users\Victor\Desktop\enfzlo8y.exe
c:\users\Victor\Desktop\hjojgc4z.exe
c:\windows\SysWow64\SyncHosts.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-05-01 au 2011-06-01 ))))))))))))))))))))))))))))))))))))
.
.
2011-06-01 00:54 . 2011-06-01 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-29 19:22 . 2011-05-29 19:23 -------- d-----w- c:\program files\CCleaner
2011-05-26 21:23 . 2011-05-26 21:23 -------- d-----w- c:\program files (x86)\Jmgr.info
2011-05-26 18:48 . 2011-05-26 18:48 -------- d-----w- c:\program files (x86)\Ad-Remover
2011-05-24 21:41 . 2011-05-24 21:41 -------- d-----w- c:\program files (x86)\MultiProxy
2011-05-24 20:34 . 2011-05-24 20:34 -------- d-----w- c:\users\Victor\AppData\Roaming\Thinstall
2011-05-24 20:34 . 2011-05-24 20:34 -------- d-----w- c:\users\Victor\AppData\Local\Thinstall
2011-05-24 20:19 . 2011-05-24 20:19 -------- d-----w- c:\programdata\AutoHideIP
2011-05-24 20:19 . 2011-05-24 20:19 -------- d-----w- c:\users\Victor\AppData\Roaming\AutoHideIP
2011-05-24 20:13 . 2011-05-24 20:14 -------- d-----w- c:\programdata\RealHideIP
2011-05-24 20:13 . 2011-05-24 20:13 -------- d-----w- c:\users\Victor\AppData\Roaming\RealHideIP
2011-05-24 19:56 . 2011-05-24 20:08 -------- d-----w- c:\program files (x86)\Hide IP Platinum
2011-05-22 20:03 . 2011-05-31 16:31 -------- d-----w- c:\programdata\Skype Extras
2011-05-22 20:03 . 2011-05-22 20:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-05-15 10:11 . 2011-05-15 10:11 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-15 10:11 . 2011-05-15 10:11 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-15 10:11 . 2011-05-15 10:11 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-15 10:11 . 2011-05-15 10:11 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-15 10:11 . 2011-05-15 10:11 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-15 10:11 . 2011-05-15 10:11 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-15 10:11 . 2011-05-15 10:11 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-15 10:11 . 2011-05-15 10:11 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-04 01:53 . 2011-05-04 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-05-03 21:34 . 2011-05-03 21:35 -------- d-----w- c:\program files (x86)\LaBoiteACouleurs
2011-05-02 14:10 . 2011-05-02 14:10 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
2011-05-02 14:10 . 2011-05-02 14:10 -------- d-----w- c:\program files (x86)\Hero Fighter
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 03:07 . 2011-01-05 20:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-04-08 05:14 . 2011-04-27 13:29 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-04-08 05:14 . 2011-04-27 13:29 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-08 05:14 . 2011-04-27 13:29 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-04-08 05:14 . 2011-04-27 13:29 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-04-08 05:14 . 2011-04-27 13:29 20700264 ----a-w- c:\windows\system32\nvoglv64.dll
2011-04-08 05:14 . 2011-04-27 13:29 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll
2011-04-08 05:14 . 2011-04-27 13:29 15227496 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-04-08 05:14 . 2011-04-27 13:29 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll
2011-04-08 05:14 . 2011-04-27 13:29 13262184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-08 05:14 . 2011-04-27 13:29 6974056 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-08 05:14 . 2011-04-27 13:29 5183080 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-04-08 05:14 . 2011-04-27 13:29 2893416 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-08 05:14 . 2011-04-27 13:29 2765928 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-04-08 05:14 . 2011-04-27 13:29 2204264 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-27 13:29 2074216 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-04-08 05:14 . 2011-04-27 13:29 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-04-08 05:14 . 2011-04-27 13:29 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-04-08 05:14 . 2011-04-27 13:29 2273896 ----a-w- c:\windows\system32\nvapi64.dll
2011-04-08 05:14 . 2011-04-27 13:29 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-04-08 05:14 . 2011-04-27 13:29 18578536 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-08 05:14 . 2011-04-27 13:29 13007464 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-04-07 21:19 . 2011-04-07 21:19 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-04-07 21:19 . 2011-04-07 21:19 318056 ----a-w- c:\windows\system32\nvhotkey.dll
2011-04-07 21:19 . 2011-04-07 21:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-07 21:19 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 21:19 . 2011-04-07 21:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 21:19 . 2011-04-07 21:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-07 21:19 . 2011-04-07 21:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 21:18 . 2011-04-07 21:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-03-10 00:04 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-06 16:18 . 2011-03-06 16:18 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-03-06 16:18 . 2011-03-06 16:18 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2011-03-06 16:18 . 2011-03-06 16:18 29908992 ----a-w- c:\program files (x86)\CFP_Setup.msi
2011-03-06 16:18 . 2011-03-06 16:18 8338160 ----a-w- c:\program files (x86)\geekbuddy.exe
2011-03-03 15:59 . 2011-04-27 13:29 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-03-03 15:59 . 2011-04-27 13:29 70760 ----a-w- c:\windows\system32\nvapo64v.dll
2011-03-03 15:59 . 2011-04-27 13:29 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-03-03 15:59 . 2011-04-27 13:29 1359976 ----a-w- c:\windows\system32\nvhdagenco642040.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-31_15.38.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-01 09:30 . 2011-06-01 09:30 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2011-06-01 09:30 . 2011-06-01 09:30 32768 c:\windows\temp\Fichiers Internet temporaires\Content.IE5\index.dat
+ 2011-06-01 09:30 . 2011-06-01 09:30 16384 c:\windows\temp\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-01 00:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-26 18:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-06-01 00:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-26 18:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-01 00:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-26 18:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-29 16:35 . 2011-06-01 00:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-29 16:35 . 2011-05-26 18:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-29 16:35 . 2011-06-01 00:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-29 16:35 . 2011-05-26 18:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-29 16:35 . 2011-06-01 00:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-29 16:35 . 2011-05-26 18:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-25 11:05 . 2011-05-26 18:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 11:05 . 2011-06-01 00:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-25 22:07 . 2011-06-01 09:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2010-12-25 22:07 . 2011-05-31 15:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat
- 2010-12-25 11:05 . 2011-05-26 18:15 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-25 11:05 . 2011-06-01 00:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-26 18:12 . 2011-05-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-01 00:56 . 2011-06-01 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-26 18:12 . 2011-05-26 18:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-01 00:56 . 2011-06-01 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-26 18:11 370132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-06-01 00:55 370132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-25 19:29 . 2011-06-01 00:56 10728337 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2606641316-3178829439-242991252-1000-8192.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files (x86)\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b80f591e-fe9a-46cf-a13e-180377240586}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Elf_1.13\prxtbElf0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-03 09:16 175400 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-03 175400]
"{b80f591e-fe9a-46cf-a13e-180377240586}"= "c:\program files (x86)\Elf_1.13\prxtbElf0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{b80f591e-fe9a-46cf-a13e-180377240586}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-27 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-18 15146376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2009-12-18 1541472]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-9-30 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Service Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-08-30 15872]
R3 gupdatem;Service Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\x64\maconfservice.exe [2011-04-12 420864]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 X6va003;X6va003;c:\users\Victor\AppData\Local\Temp\0031BB7.tmp [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 2111368]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenu du dossier 'Tâches planifiées'
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 11:51]
.
2011-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2606641316-3178829439-242991252-1000Core.job
- c:\users\Victor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:48]
.
2011-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2606641316-3178829439-242991252-1000UA.job
- c:\users\Victor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-25 11:48]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2010-12-16 17:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2010-12-16 17:17 473408 ----a-w- c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-08-20 504888]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-12-16 206208]
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\z771dyud.default\
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Victor\AppData\Local\Temp\0031BB7.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2606641316-3178829439-242991252-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2606641316-3178829439-242991252-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
c:\users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Victor\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Heure de fin: 2011-06-01 11:54:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-06-01 09:54
ComboFix2.txt 2011-05-31 16:26
.
Avant-CF: 349 147 656 192 octets libres
Après-CF: 349 122 379 776 octets libres
.
- - End Of File - - D08FE815F848B2547B9406B66609FEA9
L'envoi a r'ussi
0
Réponse 11 / 18
Grob'
 
Pour le rapport d'Ad-Remover, je ne comprends pas, j'ai du mal à le poster en copier-coller

http://cjoint.com/?AFbnstFyBET

Sinon, j'ai testé quelques liens google, qui semblent marcher sans PUB (sur une dizaine de liens)

Par contre, Explorer.exe et le bureau rament à mort (genre 5 minutes hier pour créer un nouveau dossier, le renommer, et y déplacer des fichiers)



Merci ^^
0
Réponse 12 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
grob,

Pour le PC qui rame, c'est avant ou après avoir passé AD-Remover ?

A+
0
Réponse 13 / 18
Grob'
 
Avant ^^
0
Réponse 14 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
grob',

On verra mais les choses devraient s'arranger.
Redémarre le Pc pour vérifier si oui ou non il rame encore.

---------------------------------

Il ne reste que les barres d'outils à nettoyer.
Reessaie de les désinstaller.
Quand tu sélectionnes le logiciel, tu cliques ensuite sur désinstaller .

----------------------------------

Tu vas utiliser un outil que tu pourras garder ensuite sur le PC.
C'est un bon complément à un antivirus.

Tu télécharges MalwareBytes .

Tu l'installes. Choisis les options par défaut.
# A la fin de l'installation, il te sera demandé de mettre à jour MalwareBytes et de l'éxecuter .
# Accepte. Après la, mise à jour, le logiciel va s'ouvrir.

# Dans l'onglet Recherche, sélectionne Exécuter un examen complet.
# Clique sur recherche. Tu ne sélectionnes que les disques durs de l'ordinateur.
# Clique sur lancer l'examen.

# A la fin de la recherche, comme il est demandé, clique sur afficher les résultats.
# Si des infections sont trouvées, clique sur Supprimer la sélection.
Tu postes le rapport dans ton prochain message.

Si tu ne retrouves pas le rapport, ouvre MalwareBytes et regarde dans l'onglet Rapport/logs. Il y est. Clique dessus et choisir ouvrir.

Le scan est assez long ( géneralement aux environs d'une heure )

A+
0
Réponse 15 / 18
Grob'
 
Hello o/

ça a l'air de ramer un peu moins...

J'ai réessayé de désinstaller : toujours la même chose !

j suis en train de DL MalwareBytes

Sinon, je serais absent de ce soir à dimanche

A+
0
Réponse 16 / 18
verni29 Messages postés 6805 Statut Contributeur sécurité 180
 
Re,

Pas de soucis, on poursuivra la semaine prochaine.

A+
0
Réponse 17 / 18
Grob
 
Coucou o/

De retour des vacances... J'ai un petit probleme avec le téléchargement et l'installation de MalwareBytes.... u_u

Je ferais une observation détaillée... Demain surement ^^
0
Réponse 18 / 18
Grob
 
Hello o/

Désolé j'ai une notion très relative du lendemain !

Alors, j'ai pu régler mon bug de téléchargement, tout va bien, toussa toussa !

Au passage, j'ai plus de liens renvoyant sur des PUBs depuis longtemps ^^
Merci beaucoup =D

Le rapport :

http://cjoint.com/?AFpuMKCBuVE

Sinon j'arrive toujours pas à supprimer mes deux toolbars...


Au fait, je peux supprimer Combofix, TDSSKiller, OTL etc. maintenant ?


Merci encore pour tout =D
A+
0