Sujet Précédent Sujet Suivant

Ordinateur lent + bruits intempestifs

Fermé
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011 - 9 août 2011 à 14:16
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 - 19 sept. 2011 à 13:07
Bonjour, je pense avoir un virus sur mon ordinateur car il s'est mis à dsfonctionner du jour au lendemain. L'ordinateur est lent avec toutes les applications, il y a des bruits "windows"
intempestifs et parfois il a du mal à s'éteindre. c'est un ordinateur portable. Si quelqu'un pouvait m'aider ce serait super.
Merci d'avance.


A voir également:

41 réponses

Réponse 1 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
13 août 2011 à 21:18
Ok.
* Télécharger sur le bureau RogueKiller : https://www.luanagames.com/index.fr.html
* Quitter tous les programmes en cours.
* Sous Vista/Seven, clic droit => Éxécuter en tant qu'administrateur.
* Sinon lancer simplement RogueKiller.exe
* Lorsque demandé, tapez 1 et valider.
* Un rapport à dû s'ouvrir (RKreport.txt se trouve également à côté de l'exécutable), colle son contenu dans la réponse sur le forum.
* Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois. Si vraiment cela ne passe pas (ça peut arriver), le renommer en winlogon.exe


Si tu as des questions, n'hésite pas à me les poser !

@+

Gabriel.
2
Réponse 2 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
9 août 2011 à 15:39
Salut,

Bienvenue sur Comment Ça Marche. On va essayer de résoudre ton problème ensemble. Voici quelques régles ==>

-Ici, les helpers sont volontaires, et nous avons également une vie de famille, du travail, comme tout le monde. En conséquences, sois patient en attendant tes réponses de la part du helper.

-Suis la procédure jusqu'au bout, sinon ça ne servira à rien.

-Ne panique pas, n'hésite pas à poser des questions si tu as des doutes, car c'est beaucoup mieux que de planter ton PC si tu ne sais pas quoi faire.

-Avant d'effectuer des manipulations, lis la procédure jusqu'au bout, afin de ne pas faire d'erreur.

-Lors de la désinfection, désactive ton antivirus, afin que la désinfection puisse s'effectuer normalement.

-Si tu es sous Vista/7, éxécute un programme toujours en faisant un clic droit puis ==> Éxécuter en tant qu'administrateur

-Si tu crack (Emule, BiTorrent, etc...) arrête tout de suite, c'est une source d'infection, et la désinfection sera donc inutile.

-N'ouvre pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre).

Si tu es prêt, c'est partit ==>


On va faire un diagnostic de ton PC pour plus de renseignements ==>

=> Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

ou :

http://www.premiumorange.com/zeb-help-process/zhpdiag.html

ou :

https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/


=> Laisse toi guider lors de l'installation, coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag".

/!\Utilisateur de Vista et Seven/!\ : Clic droit sur le logo de ZHPdiag (parchemin) puis « Exécuter en tant qu'Administrateur »

=> Clique sur l'icône, en haut à gauche, représentant une loupe : « Lancer le diagnostic ».
=> Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette.
=> Héberge le rapport ZHPDiag.txt sur un des sites ci-dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum :

https://www.cjoint.com/

ou


http://www.cijoint.fr/

ou :

http://ww38.toofiles.com/fr/documents-upload.html

ou :


http://pjjoint.malekal.com/

ou :

https://www.casimages.com/



Si tu as besoin d'aide, ou quelque chose n'est pas clair, n'hésite pas à poser la question.

@+


Gabriel.
1
Réponse 3 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
11 août 2011 à 23:50
http://ww38.toofiles.com/fr/oip/documents/zip/zhpdiag.html voilà le lien du rapport. j'ai du le compresser parce que le site ne voulait pas l'héberger sinon.

ps : désolé pour la réponse tardive mais je n'ai pas pu faire ça plus tot.
0
Réponse 4 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
12 août 2011 à 00:35
Hello,

- Télécharge TDSSKiller : https://support.kaspersky.com/downloads/utils/tdsskiller.zip

- Lance-le (Utilisateurs de Vista/Seven => Clic droit puis "Exécuter en tant que administrateur")

L'outil va télécharger automatiquement la dernière version de TDSSKiller puis lancera une analyse.

Patiente pendant le scan. À la fin de l'analyse, appuie sur une touche de ton choix. Un rapport va s'ouvrir.

- Copie/Colle son contenu dans ta prochaine réponse sur le forum.

N.B : Le rapport se trouve également sous C:\tdsskiller.txt.


Si tu as des questions sur l'utilisation de TDSSkiller, n'hésite pas à me les poser !

@+

Gabriel.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
Modifié par alicemissmeat le 12/08/2011 à 17:39
bonjour, j'ai rencontré des problemes avec mon ordinateur apres l'execution de TDSSkiller. En effet l'ordinateur s'est bloqué et j'ai du le booter (il m'a fait ça plusieurs fois). J'ai executé en tout, trois fois TDSSkiler. je vous copie colle tous les rapports dans l'ordre chronologique. peut etre que certains sont inutiles mais bon ...

voila le premier rapport :

2011/08/12 02:02:40.0093 6108 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 02:02:40.0375 6108 ================================================================================
2011/08/12 02:02:40.0375 6108 SystemInfo:
2011/08/12 02:02:40.0375 6108
2011/08/12 02:02:40.0375 6108 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/12 02:02:40.0375 6108 Product type: Workstation
2011/08/12 02:02:40.0375 6108 ComputerName: USER-09D5B1B0BD
2011/08/12 02:02:40.0375 6108 UserName: ali
2011/08/12 02:02:40.0375 6108 Windows directory: C:\WINDOWS
2011/08/12 02:02:40.0375 6108 System windows directory: C:\WINDOWS
2011/08/12 02:02:40.0375 6108 Processor architecture: Intel x86
2011/08/12 02:02:40.0375 6108 Number of processors: 2
2011/08/12 02:02:40.0375 6108 Page size: 0x1000
2011/08/12 02:02:40.0375 6108 Boot type: Normal boot
2011/08/12 02:02:40.0375 6108 ================================================================================
2011/08/12 02:02:40.0984 6108 Initialize success
2011/08/12 02:02:46.0671 5268 ================================================================================
2011/08/12 02:02:46.0671 5268 Scan started
2011/08/12 02:02:46.0671 5268 Mode: Manual;
2011/08/12 02:02:46.0671 5268 ================================================================================
2011/08/12 02:02:50.0031 5268 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/12 02:02:50.0171 5268 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/12 02:02:50.0515 5268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/12 02:02:50.0687 5268 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/12 02:02:50.0984 5268 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/12 02:02:51.0546 5268 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/12 02:02:52.0046 5268 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/08/12 02:02:52.0171 5268 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/12 02:02:52.0468 5268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/12 02:02:52.0562 5268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/12 02:02:52.0765 5268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/12 02:02:52.0906 5268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/12 02:02:53.0078 5268 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/12 02:02:53.0140 5268 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/12 02:02:53.0281 5268 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/12 02:02:53.0390 5268 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/12 02:02:53.0468 5268 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/12 02:02:53.0531 5268 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/12 02:02:53.0765 5268 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/12 02:02:53.0906 5268 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/12 02:02:54.0078 5268 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/12 02:02:54.0250 5268 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/12 02:02:54.0343 5268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/12 02:02:54.0437 5268 Suspicious service (NoAccess): bpborw
2011/08/12 02:02:54.0593 5268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/12 02:02:54.0921 5268 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/12 02:02:55.0109 5268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/12 02:02:55.0203 5268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/12 02:02:55.0312 5268 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/12 02:02:55.0593 5268 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/12 02:02:55.0734 5268 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/12 02:02:55.0921 5268 Suspicious service (NoAccess): cpzdodboj
2011/08/12 02:02:56.0109 5268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/12 02:02:56.0296 5268 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/12 02:02:56.0437 5268 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/12 02:02:56.0546 5268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/12 02:02:56.0671 5268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/12 02:02:57.0000 5268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/12 02:02:57.0015 5268 Suspicious service (NoAccess): dwaahsqlr
2011/08/12 02:02:57.0078 5268 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2011/08/12 02:02:57.0078 5268 Suspicious file (Forged): C:\WINDOWS\system32\drivers\es1969.sys. Real md5: b9f03760af557348e17a5bb5ffeb73c0, Fake md5: b5d78bc756e8dec20a1cc438dfffb88e
2011/08/12 02:02:57.0187 5268 es1969 - detected ForgedFile.Multi.Generic (1)
2011/08/12 02:02:57.0328 5268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/12 02:02:57.0421 5268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/12 02:02:57.0484 5268 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/12 02:02:57.0562 5268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/12 02:02:57.0687 5268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/12 02:02:57.0796 5268 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/08/12 02:02:57.0859 5268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/12 02:02:57.0906 5268 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/12 02:02:58.0000 5268 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/12 02:02:58.0125 5268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/12 02:02:58.0171 5268 Suspicious service (NoAccess): gunvlhj
2011/08/12 02:02:58.0250 5268 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/12 02:02:58.0515 5268 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/12 02:02:58.0531 5268 Suspicious service (NoAccess): hrmrmnkuc
2011/08/12 02:02:58.0671 5268 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/12 02:02:58.0734 5268 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/08/12 02:02:58.0859 5268 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/08/12 02:02:59.0031 5268 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/12 02:02:59.0281 5268 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/12 02:02:59.0578 5268 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/12 02:02:59.0640 5268 Suspicious service (NoAccess): idpoxub
2011/08/12 02:02:59.0734 5268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/12 02:03:00.0171 5268 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/12 02:03:00.0468 5268 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/12 02:03:00.0562 5268 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/12 02:03:00.0640 5268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/12 02:03:00.0703 5268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/12 02:03:00.0812 5268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/12 02:03:00.0937 5268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/12 02:03:01.0015 5268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/12 02:03:01.0093 5268 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/12 02:03:01.0156 5268 Suspicious service (NoAccess): jtkmnzuh
2011/08/12 02:03:01.0250 5268 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/12 02:03:01.0312 5268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/12 02:03:01.0484 5268 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/12 02:03:01.0640 5268 Suspicious service (NoAccess): lundedax
2011/08/12 02:03:01.0781 5268 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/08/12 02:03:01.0937 5268 MA8630C (f2aaa3dc599dda3819aa47daf07a393b) C:\WINDOWS\system32\DRIVERS\MA8630C.sys
2011/08/12 02:03:02.0046 5268 MA8630M (a6d160b8485a2b77a25fde1f43edf8fa) C:\WINDOWS\system32\DRIVERS\MA8630M.sys
2011/08/12 02:03:02.0187 5268 MA8630U (a144be1eac6daf909d65a1af71383aa8) C:\WINDOWS\system32\DRIVERS\MA8630U.sys
2011/08/12 02:03:02.0296 5268 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/08/12 02:03:02.0359 5268 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/08/12 02:03:02.0453 5268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/12 02:03:02.0562 5268 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/12 02:03:02.0718 5268 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/12 02:03:02.0843 5268 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/12 02:03:02.0921 5268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/12 02:03:03.0000 5268 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/08/12 02:03:03.0156 5268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/12 02:03:03.0296 5268 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/12 02:03:03.0375 5268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/12 02:03:03.0500 5268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/12 02:03:03.0578 5268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/12 02:03:03.0625 5268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/12 02:03:03.0703 5268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/12 02:03:03.0750 5268 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/12 02:03:03.0828 5268 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/12 02:03:03.0875 5268 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/12 02:03:03.0953 5268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/12 02:03:04.0046 5268 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/12 02:03:04.0093 5268 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/12 02:03:04.0140 5268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/12 02:03:04.0171 5268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/12 02:03:04.0234 5268 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/12 02:03:04.0312 5268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/12 02:03:04.0343 5268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/12 02:03:04.0406 5268 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/12 02:03:04.0468 5268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/12 02:03:04.0515 5268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/12 02:03:04.0609 5268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/12 02:03:04.0640 5268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/12 02:03:04.0671 5268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/12 02:03:04.0734 5268 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/08/12 02:03:04.0750 5268 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/08/12 02:03:04.0796 5268 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/12 02:03:04.0812 5268 Suspicious service (NoAccess): onmwycvyn
2011/08/12 02:03:04.0843 5268 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/12 02:03:04.0921 5268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/12 02:03:05.0046 5268 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/12 02:03:05.0156 5268 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/12 02:03:05.0281 5268 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/12 02:03:05.0390 5268 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/12 02:03:05.0843 5268 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/08/12 02:03:05.0968 5268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/12 02:03:06.0046 5268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/12 02:03:06.0109 5268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/12 02:03:06.0125 5268 Suspicious service (NoAccess): putqiamb
2011/08/12 02:03:06.0187 5268 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/12 02:03:06.0562 5268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/12 02:03:06.0656 5268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/12 02:03:06.0718 5268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/12 02:03:06.0734 5268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/12 02:03:06.0859 5268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/12 02:03:06.0921 5268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/12 02:03:07.0000 5268 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/12 02:03:07.0078 5268 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/12 02:03:07.0156 5268 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/12 02:03:07.0234 5268 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/12 02:03:07.0328 5268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/12 02:03:07.0375 5268 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/12 02:03:07.0421 5268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/12 02:03:07.0468 5268 Suspicious service (NoAccess): skwhjz
2011/08/12 02:03:07.0515 5268 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/12 02:03:07.0562 5268 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/12 02:03:07.0625 5268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/12 02:03:07.0671 5268 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/12 02:03:07.0750 5268 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/12 02:03:07.0812 5268 Suspicious service (NoAccess): stbonseb
2011/08/12 02:03:07.0875 5268 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/12 02:03:07.0984 5268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/12 02:03:08.0015 5268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/12 02:03:08.0281 5268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/12 02:03:08.0359 5268 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/12 02:03:08.0437 5268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/12 02:03:08.0484 5268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/12 02:03:08.0546 5268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/12 02:03:08.0765 5268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/12 02:03:08.0968 5268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/12 02:03:09.0171 5268 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/08/12 02:03:09.0234 5268 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/08/12 02:03:09.0296 5268 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/12 02:03:09.0375 5268 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/12 02:03:09.0453 5268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/12 02:03:09.0500 5268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/12 02:03:09.0562 5268 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/12 02:03:09.0625 5268 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/12 02:03:09.0765 5268 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/12 02:03:09.0828 5268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/12 02:03:09.0890 5268 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/12 02:03:09.0906 5268 Suspicious service (NoAccess): vagsyfx
2011/08/12 02:03:09.0937 5268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/12 02:03:10.0031 5268 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/12 02:03:10.0140 5268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/12 02:03:10.0265 5268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/12 02:03:10.0390 5268 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/12 02:03:10.0515 5268 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/12 02:03:10.0593 5268 Suspicious service (NoAccess): xysqt
2011/08/12 02:03:10.0625 5268 Suspicious service (NoAccess): zhdmdpea
2011/08/12 02:03:10.0640 5268 Suspicious service (NoAccess): zobfk
2011/08/12 02:03:10.0796 5268 MBR (0x1B8) (cbccd2cccc2efc8ec98c0ebff4bbc0e6) \Device\Harddisk0\DR0
2011/08/12 02:03:10.0828 5268 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/12 02:03:10.0828 5268 Boot (0x1200) (bd895713ecd542d456dcb1953a1aa7e3) \Device\Harddisk0\DR0\Partition0
2011/08/12 02:03:10.0843 5268 ================================================================================
2011/08/12 02:03:10.0843 5268 Scan finished
2011/08/12 02:03:10.0843 5268 ================================================================================
2011/08/12 02:03:10.0859 5772 Detected object count: 2
2011/08/12 02:03:10.0859 5772 Actual detected object count: 2
2011/08/12 02:03:22.0046 5772 ForgedFile.Multi.Generic(es1969) - User select action: Skip
2011/08/12 02:03:22.0125 5772 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/12 02:03:22.0125 5772 \Device\Harddisk0\DR0 - ok
2011/08/12 02:03:22.0125 5772 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/12 02:10:00.0437 3356 Deinitialize success



voila le second :


2011/08/12 02:16:17.0921 4060 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 02:16:19.0921 4060 ================================================================================
2011/08/12 02:16:19.0921 4060 SystemInfo:
2011/08/12 02:16:19.0921 4060
2011/08/12 02:16:19.0921 4060 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/12 02:16:19.0921 4060 Product type: Workstation
2011/08/12 02:16:19.0921 4060 ComputerName: USER-09D5B1B0BD
2011/08/12 02:16:19.0921 4060 UserName: ali
2011/08/12 02:16:19.0921 4060 Windows directory: C:\WINDOWS
2011/08/12 02:16:19.0921 4060 System windows directory: C:\WINDOWS
2011/08/12 02:16:19.0921 4060 Processor architecture: Intel x86
2011/08/12 02:16:19.0921 4060 Number of processors: 2
2011/08/12 02:16:19.0921 4060 Page size: 0x1000
2011/08/12 02:16:19.0921 4060 Boot type: Normal boot
2011/08/12 02:16:19.0921 4060 ================================================================================
2011/08/12 02:16:20.0125 4060 Initialize success
2011/08/12 02:16:22.0031 3976 ================================================================================
2011/08/12 02:16:22.0031 3976 Scan started
2011/08/12 02:16:22.0031 3976 Mode: Manual;
2011/08/12 02:16:22.0031 3976 ================================================================================
2011/08/12 02:16:22.0375 3976 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/12 02:16:22.0406 3976 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/12 02:16:22.0500 3976 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/12 02:16:22.0562 3976 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/12 02:16:22.0656 3976 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/12 02:16:22.0859 3976 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/12 02:16:23.0015 3976 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/08/12 02:16:23.0078 3976 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/12 02:16:23.0187 3976 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/12 02:16:23.0218 3976 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/12 02:16:23.0281 3976 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/12 02:16:23.0328 3976 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/12 02:16:23.0375 3976 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/12 02:16:23.0390 3976 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/12 02:16:23.0468 3976 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/12 02:16:23.0484 3976 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/12 02:16:23.0515 3976 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/12 02:16:23.0562 3976 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/12 02:16:23.0609 3976 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/12 02:16:23.0640 3976 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/12 02:16:23.0687 3976 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/12 02:16:23.0750 3976 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/12 02:16:23.0796 3976 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/12 02:16:23.0812 3976 Suspicious service (NoAccess): bpborw
2011/08/12 02:16:23.0843 3976 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/12 02:16:23.0890 3976 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/12 02:16:23.0953 3976 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/12 02:16:23.0968 3976 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/12 02:16:24.0000 3976 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/12 02:16:24.0078 3976 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/12 02:16:24.0125 3976 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/12 02:16:24.0234 3976 Suspicious service (NoAccess): cpzdodboj
2011/08/12 02:16:24.0312 3976 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/12 02:16:24.0359 3976 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/12 02:16:24.0437 3976 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/12 02:16:24.0468 3976 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/12 02:16:24.0515 3976 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/12 02:16:24.0593 3976 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/12 02:16:24.0593 3976 Suspicious service (NoAccess): dwaahsqlr
2011/08/12 02:16:24.0656 3976 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2011/08/12 02:16:24.0656 3976 Suspicious file (Forged): C:\WINDOWS\system32\drivers\es1969.sys. Real md5: b9f03760af557348e17a5bb5ffeb73c0, Fake md5: b5d78bc756e8dec20a1cc438dfffb88e
2011/08/12 02:16:24.0656 3976 es1969 - detected ForgedFile.Multi.Generic (1)
2011/08/12 02:16:24.0734 3976 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/12 02:16:24.0781 3976 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/12 02:16:24.0796 3976 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/12 02:16:24.0828 3976 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/12 02:16:24.0875 3976 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/12 02:16:24.0921 3976 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/08/12 02:16:24.0953 3976 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/12 02:16:24.0968 3976 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/12 02:16:25.0015 3976 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/12 02:16:25.0031 3976 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/12 02:16:25.0046 3976 Suspicious service (NoAccess): gunvlhj
2011/08/12 02:16:25.0078 3976 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/12 02:16:25.0171 3976 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/12 02:16:25.0171 3976 Suspicious service (NoAccess): hrmrmnkuc
2011/08/12 02:16:25.0234 3976 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/12 02:16:25.0281 3976 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/08/12 02:16:25.0343 3976 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/08/12 02:16:25.0406 3976 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/12 02:16:25.0625 3976 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/12 02:16:25.0843 3976 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/12 02:16:25.0859 3976 Suspicious service (NoAccess): idpoxub
2011/08/12 02:16:25.0890 3976 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/12 02:16:26.0125 3976 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/12 02:16:26.0218 3976 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/12 02:16:26.0265 3976 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/12 02:16:26.0312 3976 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/12 02:16:26.0343 3976 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/12 02:16:26.0375 3976 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/12 02:16:26.0437 3976 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/12 02:16:26.0468 3976 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/12 02:16:26.0515 3976 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/12 02:16:26.0531 3976 Suspicious service (NoAccess): jtkmnzuh
2011/08/12 02:16:26.0562 3976 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/12 02:16:26.0593 3976 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/12 02:16:26.0625 3976 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/12 02:16:26.0671 3976 Suspicious service (NoAccess): lundedax
2011/08/12 02:16:26.0734 3976 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/08/12 02:16:26.0781 3976 MA8630C (f2aaa3dc599dda3819aa47daf07a393b) C:\WINDOWS\system32\DRIVERS\MA8630C.sys
2011/08/12 02:16:26.0812 3976 MA8630M (a6d160b8485a2b77a25fde1f43edf8fa) C:\WINDOWS\system32\DRIVERS\MA8630M.sys
2011/08/12 02:16:26.0875 3976 MA8630U (a144be1eac6daf909d65a1af71383aa8) C:\WINDOWS\system32\DRIVERS\MA8630U.sys
2011/08/12 02:16:26.0921 3976 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/08/12 02:16:26.0953 3976 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/08/12 02:16:27.0015 3976 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/12 02:16:27.0078 3976 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/12 02:16:27.0156 3976 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/12 02:16:27.0250 3976 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/12 02:16:27.0281 3976 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/12 02:16:27.0328 3976 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/08/12 02:16:27.0421 3976 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/12 02:16:27.0484 3976 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/12 02:16:27.0546 3976 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/12 02:16:27.0609 3976 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/12 02:16:27.0656 3976 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/12 02:16:27.0687 3976 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/12 02:16:27.0718 3976 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/12 02:16:27.0765 3976 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/12 02:16:27.0796 3976 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/12 02:16:27.0828 3976 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/12 02:16:27.0875 3976 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/12 02:16:27.0937 3976 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/12 02:16:27.0968 3976 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/12 02:16:28.0000 3976 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/12 02:16:28.0031 3976 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/12 02:16:28.0093 3976 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/12 02:16:28.0140 3976 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/12 02:16:28.0171 3976 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/12 02:16:28.0218 3976 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/12 02:16:28.0250 3976 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/12 02:16:28.0281 3976 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/12 02:16:28.0328 3976 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/12 02:16:28.0359 3976 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/12 02:16:28.0375 3976 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/12 02:16:28.0406 3976 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/08/12 02:16:28.0437 3976 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/08/12 02:16:28.0453 3976 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/12 02:16:28.0468 3976 Suspicious service (NoAccess): onmwycvyn
2011/08/12 02:16:28.0500 3976 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/12 02:16:28.0546 3976 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/12 02:16:28.0593 3976 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/12 02:16:28.0625 3976 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/12 02:16:28.0671 3976 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/12 02:16:28.0703 3976 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/12 02:16:28.0875 3976 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/08/12 02:16:28.0953 3976 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/12 02:16:28.0984 3976 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/12 02:16:29.0000 3976 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/12 02:16:29.0015 3976 Suspicious service (NoAccess): putqiamb
2011/08/12 02:16:29.0046 3976 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/12 02:16:29.0171 3976 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/12 02:16:29.0203 3976 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/12 02:16:29.0218 3976 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/12 02:16:29.0234 3976 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/12 02:16:29.0281 3976 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/12 02:16:29.0296 3976 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/12 02:16:29.0359 3976 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/12 02:16:29.0421 3976 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/12 02:16:29.0484 3976 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/12 02:16:29.0562 3976 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/12 02:16:29.0609 3976 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/12 02:16:29.0656 3976 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/12 02:16:29.0703 3976 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/12 02:16:29.0734 3976 Suspicious service (NoAccess): skwhjz
2011/08/12 02:16:29.0765 3976 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/12 02:16:29.0796 3976 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/12 02:16:29.0859 3976 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/12 02:16:29.0890 3976 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/12 02:16:29.0968 3976 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/12 02:16:29.0984 3976 Suspicious service (NoAccess): stbonseb
2011/08/12 02:16:30.0015 3976 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/12 02:16:30.0046 3976 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/12 02:16:30.0078 3976 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/12 02:16:30.0218 3976 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/12 02:16:30.0265 3976 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/12 02:16:30.0296 3976 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/12 02:16:30.0328 3976 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/12 02:16:30.0359 3976 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/12 02:16:30.0468 3976 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/12 02:16:30.0546 3976 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/12 02:16:30.0609 3976 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/08/12 02:16:30.0656 3976 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/08/12 02:16:30.0687 3976 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/12 02:16:30.0734 3976 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/12 02:16:30.0781 3976 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/12 02:16:30.0796 3976 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/12 02:16:30.0859 3976 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/12 02:16:30.0890 3976 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/12 02:16:30.0906 3976 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/12 02:16:30.0937 3976 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/12 02:16:30.0968 3976 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/12 02:16:30.0968 3976 Suspicious service (NoAccess): vagsyfx
2011/08/12 02:16:31.0000 3976 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/12 02:16:31.0078 3976 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/12 02:16:31.0140 3976 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/12 02:16:31.0218 3976 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/12 02:16:31.0296 3976 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/12 02:16:31.0359 3976 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/12 02:16:31.0375 3976 Suspicious service (NoAccess): xysqt
2011/08/12 02:16:31.0390 3976 Suspicious service (NoAccess): zhdmdpea
2011/08/12 02:16:31.0390 3976 Suspicious service (NoAccess): zobfk
2011/08/12 02:16:31.0437 3976 MBR (0x1B8) (cbccd2cccc2efc8ec98c0ebff4bbc0e6) \Device\Harddisk0\DR0
2011/08/12 02:16:31.0437 3976 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/12 02:16:31.0437 3976 Boot (0x1200) (bd895713ecd542d456dcb1953a1aa7e3) \Device\Harddisk0\DR0\Partition0
2011/08/12 02:16:31.0453 3976 ================================================================================
2011/08/12 02:16:31.0453 3976 Scan finished
2011/08/12 02:16:31.0453 3976 ================================================================================
2011/08/12 02:16:31.0468 0828 Detected object count: 2
2011/08/12 02:16:31.0468 0828 Actual detected object count: 2
2011/08/12 02:16:37.0750 0828 ForgedFile.Multi.Generic(es1969) - User select action: Skip
2011/08/12 02:16:37.0796 0828 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/12 02:16:37.0796 0828 \Device\Harddisk0\DR0 - ok
2011/08/12 02:16:37.0796 0828 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/12 02:16:40.0000 0756 Deinitialize success
0
Réponse 6 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
12 août 2011 à 17:41
et voila le dernier (peut etre le plus utile) :


2011/08/12 17:20:49.0859 3412 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/12 17:20:51.0859 3412 ================================================================================
2011/08/12 17:20:51.0859 3412 SystemInfo:
2011/08/12 17:20:51.0859 3412
2011/08/12 17:20:51.0859 3412 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/12 17:20:51.0859 3412 Product type: Workstation
2011/08/12 17:20:51.0859 3412 ComputerName: USER-09D5B1B0BD
2011/08/12 17:20:51.0859 3412 UserName: ali
2011/08/12 17:20:51.0859 3412 Windows directory: C:\WINDOWS
2011/08/12 17:20:51.0859 3412 System windows directory: C:\WINDOWS
2011/08/12 17:20:51.0859 3412 Processor architecture: Intel x86
2011/08/12 17:20:51.0859 3412 Number of processors: 2
2011/08/12 17:20:51.0859 3412 Page size: 0x1000
2011/08/12 17:20:51.0859 3412 Boot type: Normal boot
2011/08/12 17:20:51.0859 3412 ================================================================================
2011/08/12 17:20:52.0109 3412 Initialize success
2011/08/12 17:20:53.0718 2424 ================================================================================
2011/08/12 17:20:53.0718 2424 Scan started
2011/08/12 17:20:53.0718 2424 Mode: Manual;
2011/08/12 17:20:53.0718 2424 ================================================================================
2011/08/12 17:20:54.0093 2424 ACPI (d766e636187b8f240bbfbabcd51eb2c6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/12 17:20:54.0140 2424 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/12 17:20:54.0218 2424 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/12 17:20:54.0281 2424 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/12 17:20:54.0375 2424 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/08/12 17:20:54.0593 2424 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/12 17:20:54.0750 2424 AR5211 (78e15866befe8b940046c36ba92f9eb6) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/08/12 17:20:54.0812 2424 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/12 17:20:54.0937 2424 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/12 17:20:54.0968 2424 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/12 17:20:55.0031 2424 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/12 17:20:55.0093 2424 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/12 17:20:55.0125 2424 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/12 17:20:55.0140 2424 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/08/12 17:20:55.0218 2424 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/12 17:20:55.0250 2424 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/12 17:20:55.0281 2424 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/12 17:20:55.0328 2424 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/12 17:20:55.0375 2424 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/12 17:20:55.0390 2424 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/12 17:20:55.0437 2424 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/12 17:20:55.0500 2424 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/12 17:20:55.0546 2424 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/12 17:20:55.0562 2424 Suspicious service (NoAccess): bpborw
2011/08/12 17:20:55.0609 2424 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/12 17:20:55.0656 2424 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/12 17:20:55.0734 2424 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/12 17:20:55.0750 2424 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/12 17:20:55.0781 2424 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/12 17:20:55.0859 2424 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/12 17:20:55.0906 2424 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/12 17:20:56.0031 2424 Suspicious service (NoAccess): cpzdodboj
2011/08/12 17:20:56.0093 2424 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/12 17:20:56.0156 2424 dmboot (82bc125a8ed33f5f0e75f2aac1065323) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/12 17:20:56.0218 2424 dmio (e959ddc0ea7ac11ee5e5602e2a364310) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/12 17:20:56.0265 2424 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/12 17:20:56.0296 2424 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/12 17:20:56.0390 2424 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/12 17:20:56.0406 2424 Suspicious service (NoAccess): dwaahsqlr
2011/08/12 17:20:56.0468 2424 es1969 (b9f03760af557348e17a5bb5ffeb73c0) C:\WINDOWS\system32\drivers\es1969.sys
2011/08/12 17:20:56.0484 2424 Suspicious file (Forged): C:\WINDOWS\system32\drivers\es1969.sys. Real md5: b9f03760af557348e17a5bb5ffeb73c0, Fake md5: b5d78bc756e8dec20a1cc438dfffb88e
2011/08/12 17:20:56.0500 2424 es1969 - detected ForgedFile.Multi.Generic (1)
2011/08/12 17:20:56.0562 2424 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/12 17:20:56.0656 2424 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/12 17:20:56.0687 2424 Fips (2cfea3326981a18c6baf2bd9be76225b) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/12 17:20:56.0718 2424 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/12 17:20:56.0781 2424 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/12 17:20:56.0843 2424 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/08/12 17:20:56.0875 2424 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/12 17:20:56.0906 2424 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/12 17:20:56.0984 2424 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/12 17:20:57.0031 2424 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/12 17:20:57.0046 2424 Suspicious service (NoAccess): gunvlhj
2011/08/12 17:20:57.0093 2424 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/12 17:20:57.0203 2424 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/12 17:20:57.0218 2424 Suspicious service (NoAccess): hrmrmnkuc
2011/08/12 17:20:57.0281 2424 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/12 17:20:57.0359 2424 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/08/12 17:20:57.0421 2424 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2011/08/12 17:20:57.0515 2424 i8042prt (610726e28af55b95043c5c35a727e320) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/12 17:20:57.0765 2424 ialm (612194abc69a6db0e2c49e1544ca93a0) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/12 17:20:58.0000 2424 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/08/12 17:20:58.0015 2424 Suspicious service (NoAccess): idpoxub
2011/08/12 17:20:58.0078 2424 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/12 17:20:58.0359 2424 IntcAzAudAddService (718f495096df8d94fb66c9c962646372) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/12 17:20:58.0468 2424 intelppm (ebd830a0970c438047006a49c23e287f) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/12 17:20:58.0531 2424 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/12 17:20:58.0593 2424 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/12 17:20:58.0640 2424 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/12 17:20:58.0687 2424 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/12 17:20:58.0765 2424 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/12 17:20:58.0812 2424 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/12 17:20:58.0875 2424 isapnp (0953594beb81cc72fcc62d37921b25a6) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/12 17:20:58.0906 2424 Suspicious service (NoAccess): jtkmnzuh
2011/08/12 17:20:58.0937 2424 Kbdclass (28b6eace513ca7eaba3b809ad4bc274d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/12 17:20:58.0984 2424 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/12 17:20:59.0031 2424 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/12 17:20:59.0109 2424 Suspicious service (NoAccess): lundedax
2011/08/12 17:20:59.0171 2424 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/08/12 17:20:59.0218 2424 MA8630C (f2aaa3dc599dda3819aa47daf07a393b) C:\WINDOWS\system32\DRIVERS\MA8630C.sys
2011/08/12 17:20:59.0265 2424 MA8630M (a6d160b8485a2b77a25fde1f43edf8fa) C:\WINDOWS\system32\DRIVERS\MA8630M.sys
2011/08/12 17:20:59.0296 2424 MA8630U (a144be1eac6daf909d65a1af71383aa8) C:\WINDOWS\system32\DRIVERS\MA8630U.sys
2011/08/12 17:20:59.0343 2424 MaRdPnp (b51e7eab4baf13b492aa3299bcf52a35) C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys
2011/08/12 17:20:59.0375 2424 MaVctrl (8181ceb341cbb2f7f893f85b915d5e15) C:\WINDOWS\system32\DRIVERS\MaVc2K.sys
2011/08/12 17:20:59.0453 2424 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/12 17:20:59.0515 2424 Modem (8cb6636806d76b85fafaee94d75f5129) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/12 17:20:59.0625 2424 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/12 17:20:59.0718 2424 Mouclass (e904ebed608055a2bfb824c07f59766c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/12 17:20:59.0750 2424 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/12 17:20:59.0812 2424 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/08/12 17:20:59.0906 2424 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/12 17:20:59.0984 2424 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/12 17:21:00.0093 2424 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/12 17:21:00.0156 2424 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/12 17:21:00.0218 2424 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/12 17:21:00.0265 2424 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/12 17:21:00.0296 2424 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/12 17:21:00.0343 2424 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/12 17:21:00.0390 2424 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/12 17:21:00.0421 2424 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/12 17:21:00.0484 2424 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/12 17:21:00.0546 2424 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/12 17:21:00.0625 2424 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/12 17:21:00.0671 2424 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/12 17:21:00.0703 2424 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/12 17:21:00.0765 2424 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/12 17:21:00.0812 2424 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/12 17:21:00.0859 2424 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/12 17:21:00.0937 2424 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/12 17:21:00.0984 2424 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/12 17:21:01.0046 2424 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/12 17:21:01.0109 2424 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/12 17:21:01.0156 2424 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/12 17:21:01.0187 2424 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/12 17:21:01.0234 2424 O2MDRDR (36ed541ff0ad27d7f1c1e8f86f026309) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/08/12 17:21:01.0265 2424 O2SDRDR (f3d467025d365a96b5e51c6229562716) C:\WINDOWS\system32\DRIVERS\o2sd.sys
2011/08/12 17:21:01.0296 2424 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/12 17:21:01.0312 2424 Suspicious service (NoAccess): onmwycvyn
2011/08/12 17:21:01.0343 2424 Parport (4e9408a178b2d955871c2cdd278de3c3) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/12 17:21:01.0421 2424 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/12 17:21:01.0484 2424 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/12 17:21:01.0515 2424 PCI (f40a46892afebb0314536b849d57c11e) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/12 17:21:01.0609 2424 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/12 17:21:01.0625 2424 Pcmcia (815c50f2b1d1562800bdce8be895000e) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/12 17:21:01.0875 2424 PID_0928 (d2d2fa02b722336960eeae0ae7107891) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
2011/08/12 17:21:01.0953 2424 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/12 17:21:01.0984 2424 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/12 17:21:02.0031 2424 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/12 17:21:02.0046 2424 Suspicious service (NoAccess): putqiamb
2011/08/12 17:21:02.0078 2424 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/12 17:21:02.0250 2424 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/12 17:21:02.0296 2424 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/12 17:21:02.0343 2424 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/12 17:21:02.0359 2424 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/12 17:21:02.0421 2424 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/12 17:21:02.0453 2424 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/12 17:21:02.0515 2424 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/12 17:21:02.0578 2424 redbook (393fc252593323b624b230eca6b85e63) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/12 17:21:02.0671 2424 RTLE8023xp (bb0ae2171f08129f4f3ff9df20ffbf89) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/12 17:21:02.0750 2424 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/12 17:21:02.0812 2424 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/12 17:21:02.0859 2424 Serial (fdbd9d64e2e03270021d424f0dccf79d) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/12 17:21:02.0921 2424 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/12 17:21:02.0968 2424 Suspicious service (NoAccess): skwhjz
2011/08/12 17:21:03.0015 2424 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/12 17:21:03.0062 2424 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/08/12 17:21:03.0140 2424 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/12 17:21:03.0203 2424 sr (618718cae288bf7cbd8fcbab2577d932) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/12 17:21:03.0281 2424 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/12 17:21:03.0296 2424 Suspicious service (NoAccess): stbonseb
2011/08/12 17:21:03.0328 2424 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/12 17:21:03.0359 2424 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/12 17:21:03.0390 2424 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/12 17:21:03.0562 2424 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/12 17:21:03.0625 2424 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/12 17:21:03.0671 2424 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/12 17:21:03.0703 2424 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/12 17:21:03.0734 2424 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/12 17:21:03.0875 2424 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/12 17:21:03.0968 2424 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/12 17:21:04.0046 2424 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
2011/08/12 17:21:04.0109 2424 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
2011/08/12 17:21:04.0156 2424 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/12 17:21:04.0187 2424 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/12 17:21:04.0234 2424 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/12 17:21:04.0265 2424 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/12 17:21:04.0312 2424 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/12 17:21:04.0343 2424 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/12 17:21:04.0375 2424 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/12 17:21:04.0406 2424 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/12 17:21:04.0421 2424 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/12 17:21:04.0437 2424 Suspicious service (NoAccess): vagsyfx
2011/08/12 17:21:04.0453 2424 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/12 17:21:04.0531 2424 VolSnap (e46c1b5a56da7da603d09dfcc79ec59e) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/12 17:21:04.0609 2424 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/12 17:21:04.0687 2424 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/12 17:21:04.0796 2424 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/08/12 17:21:04.0859 2424 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/12 17:21:04.0890 2424 Suspicious service (NoAccess): xysqt
2011/08/12 17:21:04.0906 2424 Suspicious service (NoAccess): zhdmdpea
2011/08/12 17:21:04.0906 2424 Suspicious service (NoAccess): zobfk
2011/08/12 17:21:04.0953 2424 MBR (0x1B8) (828e02d5c4a4fbe53441ee9dbee51f43) \Device\Harddisk0\DR0
2011/08/12 17:21:05.0109 2424 Boot (0x1200) (bd895713ecd542d456dcb1953a1aa7e3) \Device\Harddisk0\DR0\Partition0
2011/08/12 17:21:05.0125 2424 ================================================================================
2011/08/12 17:21:05.0125 2424 Scan finished
2011/08/12 17:21:05.0125 2424 ================================================================================
2011/08/12 17:21:05.0140 3148 Detected object count: 1
2011/08/12 17:21:05.0140 3148 Actual detected object count: 1
2011/08/12 17:21:08.0312 3148 ForgedFile.Multi.Generic(es1969) - User select action: Skip
2011/08/12 17:21:17.0515 2764 Deinitialize success
0
Réponse 7 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
14 août 2011 à 15:59
bonjour, voici le rapport de rogue killer :


RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: ali [Admin rights]
Mode: Scan -- Date : 08/14/2011 15:55:13

Bad processes: 1
[SUSP PATH] LVPrcInj01.dll -- C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll -> UNLOADED

Registry Entries: 5
[SUSP PATH] HKLM\[...]\Run : MFARestart ("C:\Documents and Settings\All Users\Dati applicazioni\MFAData\pack\avgrunasx.exe" /usereg) -> FOUND
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> FOUND
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

HOSTS File:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 8 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
17 août 2011 à 17:16
Hello,

Fais le en mode 2 (suppression).

Merci,

Gabriel.
0
Réponse 9 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
19 août 2011 à 03:48
voila le rapport en mode suppression :


RogueKiller V5.3.1 [08/06/2011] by Tigzy
contact at https://www.luanagames.com/index.fr.html
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.luanagames.com/index.fr.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: ali [Admin rights]
Mode: Remove -- Date : 08/19/2011 03:44:33

Bad processes: 3
[SUSP PATH] LVPrcInj01.dll -- C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll -> UNLOADED
[SUSP PATH] googletalkplugin.exe -- c:\documents and settings\ali\impostazioni locali\dati applicazioni\google\google talk plugin\googletalkplugin.exe -> KILLED [TermProc]
[RESIDUE] googletalkplugin.exe -- c:\documents and settings\ali\impostazioni locali\dati applicazioni\google\google talk plugin\googletalkplugin.exe -> KILLED [TermProc]

Registry Entries: 5
[SUSP PATH] HKLM\[...]\Run : MFARestart ("C:\Documents and Settings\All Users\Dati applicazioni\MFAData\pack\avgrunasx.exe" /usereg) -> DELETED
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> DELETED
[BLACKLIST] HKLM\[...]\services : 61372074 (61372074.sys) -> DELETED
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

que dois je faire en suivant ?
merci.
0
Réponse 10 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
19 août 2011 à 13:03
Bien ;)

ATTENTION ! Plusieurs heures de scan sont probables !

Télécharge Malwarebytes' Anti-Malware MBAMsur ton bureau : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Si problème essaie avec celui-ci : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

. Enregistre-le sur ton bureau.
. Double clique sur le fichier téléchargé pour lancer le processus d'installation. (Vista et 7 : Éxécuter en tant qu'administrateur)
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte.
. Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour".

Fais le plusieurs fois jusqu'à ce qu'il te dise que tu as la dernière version de base de données.


. Une fois la mise à jour terminée :
. Rends-toi dans l'onglet "Recherche"
. Sélectionne Exécuter un Examen complet.
. Sélectionne Tous les disques si proposé.
. Clique sur Rechercher.
. Le scan démarre. Patiente, cela peut durer plusieurs heures, selon la taille de tes disques.
. À la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement ou autre. Clique sur "Afficher les résultats" pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés<souligne>, clique sur Afficher les résultats.
. <souligne>Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Redemarre le PC si il le fait pas lui même.
. Une fois redémarré double-clique sur Malwarebytes' AntiMalware.
. Rends toi dans l'onglet "rapport/log".
. Tu cliques sur le rapport pour l'afficher.
. Tu cliques sur Edition en haut du boc notes,et puis sur Sélectionner tout.
. Tu recliques sur Edition et puis sur Copier et tu reviens sur le forum et dans ta réponse, colle le rapport (CTRL + V).


=> Si tu as besoin d'aide regarde ce tutoriel :

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Si tu as des questions, n'hésite pas à me les poser !

@+

Gabriel.
0
Réponse 11 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
20 août 2011 à 06:32
voila le rapport de malwarebytes :


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Version de la base de données: 7513

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

20/08/2011 6.23.40
mbam-log-2011-08-20 (06-23-40).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 248581
Temps écoulé: 1 heure(s), 22 minute(s), 41 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MS AntiSpyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADOBETM4 (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\documents and settings\all users\dati applicazioni\crucialsoft ltd (Rogue.AV2009) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\ali\impostazioni locali\Temp\13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\ali\impostazioni locali\Temp\E.tmp (Rogue.MalwareProtection) -> Quarantined and deleted successfully.
c:\documents and settings\ali\dati applicazioni\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.


merci
0
Réponse 12 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
20 août 2011 à 14:02
Merci :)

Tu peux me refaire un ZHPdiag STP ?

@+

Gabriel.
0
Réponse 13 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
20 août 2011 à 15:05
voila le lien du rapport zhpdiag :

http://ww38.toofiles.com/fr/oip/documents/zip/zhpdiagrapport2.html

merci
0
Réponse 14 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
21 août 2011 à 00:57
Re,

Merci :)


- Télécharge AD- Remover sur ton Bureau (Merci à C_XX) :

http://www.teamxscript.org/too/AD-R.exe

OU
domain.be/download/AD- Remover.html


/!\ Ferme toutes applications en cours avant de continuer /!\

- Double- clique sur l'icône Ad- remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Scanner ».
- Confirme le lancement du scan.
- Laisse travailler l'outil.
- Accepte de redémarrer le PC à la fin, si il est demandé..
- Poste le rapport qui apparaît à la fin, dans le forum.

(Le rapport est sauvegardé aussi sous C:\Ad- Report- SCAN[1].txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

@+

Gabriel.
0
Réponse 15 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
21 août 2011 à 15:48
voila le rapport de ad-remover :



======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Programmi\Ad-Remover\main.exe (SCAN [1]) -> Launched at 15:43:58 on 21/08/2011, Normal boot

Microsoft Windows XP Home Edition Service Pack 3 (X86)
ali@USER-09D5B1B0BD ( )

============== SEARCH ==============

Service: "Viewpoint Manager Service" Service found

File found: C:\Documents and Settings\All Users\Menu Avvio\Programmi\OfferBox Browser.lnk
File found: C:\WINDOWS\system32\ConduitEngine.tmp
File found: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder found: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\extensions\toolbar@ask.com
Folder found: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\conduit
Folder found: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\ConduitEngine
Folder found: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\extensions\engine@conduit.com
File found: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\searchplugins\conduit.xml
Folder found: C:\Programmi\Ask.com
Folder found: C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\AskToolbar
Folder found: C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\Conduit
Folder found: C:\Programmi\Conduit
Folder found: C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\ConduitEngine
Folder found: C:\Programmi\ConduitEngine
Folder found: C:\Documents and Settings\ali\Dati applicazioni\PriceGong
Folder found: C:\Documents and Settings\All Users\Dati applicazioni\Viewpoint
Folder found: C:\Programmi\Viewpoint
Folder found: C:\Documents and Settings\ali\Dati applicazioni\OfferBox
Folder found: C:\Programmi\OfferBox

-- File opened: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\Prefs.js --
Line found: user_pref("CT2530241.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253...
Line found: user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/FR", "\"0\"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/IT", "\"0\"")...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923244/919035/DEFAULT", "\"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923244/919035/FR", "\"0\"")...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923244/919035/IT", "\"0\"")...
Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2530241", ...
Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", ...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2530241&octid=...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012...
Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",...
Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=it", "\"634...
Line found: user_pref("CommunityToolbar.EngineOwner", "CT2530241");
Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "{e3393495-8103-46a0-8181-270273eddd60}");
Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-it");
Line found: user_pref("CommunityToolbar.IsEngineShown", true);
Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2530241");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e3393495-8103-46a0-8181-270273eddd60}");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-it");
Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bdb3b3f&...
Line found: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2530241");
Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2530241");
Line found: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 15:34:11 GMT+02...
Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 14 2011 16:53:11 GMT+0200 (ora l...
Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line found: user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Line found: user_pref("CommunityToolbar.alert.locale", "en");
Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 14:58:23 GMT+0200 (ora legal...
Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line found: user_pref("CommunityToolbar.alert.userId", "8437caeb-5081-4b83-ab37-7fb5bdf6e4eb");
Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.twitter.user_16409683.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line found: user_pref("CommunityToolbar.twitter.user_16727535.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line found: user_pref("CommunityToolbar.twitter.user_18863815.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line found: user_pref("CommunityToolbar.twitter.user_19058681.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line found: user_pref("CommunityToolbar.twitter.user_19248106.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line found: user_pref("CommunityToolbar.twitter.user_19554706.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line found: user_pref("CommunityToolbar.twitter.user_19757371.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line found: user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100 (...
Line found: user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100 (...
Line found: user_pref("CommunityToolbar.twitter.user_813286.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100 (...
Line found: user_pref("ConduitEngine.FirstServerDate", "11/26/2010 12");
Line found: user_pref("ConduitEngine.FirstTime", true);
Line found: user_pref("ConduitEngine.FirstTimeFF3", true);
Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line found: user_pref("ConduitEngine.Initialize", true);
Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line found: user_pref("ConduitEngine.InstalledDate", "Fri Nov 26 2010 10:27:51 GMT+0100 (ora solare Europa occid...
Line found: user_pref("ConduitEngine.IsMulticommunity", false);
Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line found: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Nov 26 2010 10:27:51 GMT+0100 (ora solare ...
Line found: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Fri Nov 26 2010 10:27:51 GMT+0100 (ora solare Europa o...
Line found: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Nov 26 2010 10:27:49 GMT+0100 (ora solare Euro...
Line found: user_pref("ConduitEngine.UserID", "UN36457948877813184");
Line found: user_pref("ConduitEngine.engineLocale", "it");
Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Nov 26 2010 10:27:50 GMT+0100 (ora s...
Line found: user_pref("ConduitEngine.initDone", true);
Line found: user_pref("extensions.asktb.abar-war-timeout", "4000");
Line found: user_pref("extensions.asktb.cbid", "RV");
Line found: user_pref("extensions.asktb.config-updated", true);
Line found: user_pref("extensions.asktb.crumb", "2011.01.09+02.11.28-toolbar007iad-FR-UGFyaXMsRnJhbmNl");
Line found: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...
Line found: user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
Line found: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Line found: user_pref("extensions.asktb.fresh-install", false);
Line found: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...
Line found: user_pref("extensions.asktb.l", "dis");
Line found: user_pref("extensions.asktb.last-config-req", "1313904362768");
Line found: user_pref("extensions.asktb.last-v", "3.11.3.100005");
Line found: user_pref("extensions.asktb.locale", "en_US");
Line found: user_pref("extensions.asktb.o", "15863");
Line found: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line found: user_pref("extensions.asktb.qsrc", "2871");
Line found: user_pref("extensions.asktb.r", "4");
Line found: user_pref("extensions.asktb.search-suggestions-enabled", true);
Line found: user_pref("extensions.asktb.silent-upgrade", true);
Line found: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Line found: user_pref("extensions.asktb.socialmini-first", true);
Line found: user_pref("extensions.asktb.socialmini-interval", "1200000");
Line found: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line found: user_pref("extensions.asktb.socialmini-max-items", "30");
Line found: user_pref("extensions.asktb.socialmini-native-on", true);
Line found: user_pref("extensions.asktb.socialmini-speed", "5000");
Line found: user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line found: user_pref("extensions.asktb.v", "3.12.2.100006");
Line found: user_pref("extensions.enabledAddons", "{e3393495-8103-46a0-8181-270273eddd60}:3.6.0.10,jqs@sun.com:1...
Line found: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0...
Line found: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-...
-- File closed --


Key found: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key found: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key found: HKLM\Software\Classes\CLSID\{160F29DC-1A8C-4F4E-8F4A-73DCA6FDA877}
Key found: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key found: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key found: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key found: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key found: HKLM\Software\Classes\CLSID\{8D0661E4-A918-4B24-9A3D-C466C220B3CE}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D0661E4-A918-4B24-9A3D-C466C220B3CE}
Key found: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key found: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key found: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key found: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key found: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key found: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key found: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key found: HKLM\Software\Classes\Interface\{D6094FC6-821F-474C-8D73-C13066CD178D}
Key found: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key found: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Key found: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Key found: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Key found: HKLM\Software\Classes\OfferBox.OfferBoxServer
Key found: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Key found: HKLM\Software\Classes\Toolbar.CT2102507
Key found: HKLM\Software\Classes\Toolbar.CT2530241
Key found: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Key found: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key found: HKLM\Software\AskToolbar
Key found: HKLM\Software\Conduit
Key found: HKLM\Software\conduitEngine
Key found: HKLM\Software\MetaStream
Key found: HKLM\Software\OfferBox
Key found: HKLM\Software\Viewpoint
Key found: HKCU\Software\Ask.com
Key found: HKCU\Software\AskToolbar
Key found: HKCU\Software\Conduit
Key found: HKCU\Software\conduitEngine
Key found: HKCU\Software\OfferBox
Key found: HKCU\Software\PriceGong
Key found: HKCU\Software\AppDataLow\AskToolbarInfo
Key found: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key found: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFA5CC85-DF9F-4DE3-BA2F-A5CDF06096A3}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key found: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key found: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key found: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key found: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP

Value found: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value found: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [6.0 (it)] ****

Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\npdnu.dll (AOL LLC)
Plugins\npViewpoint.dll (?)
HKLM_MozillaPlugins\@viewpoint.com/VMP (x)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=$isYahoo$&ychte=$ychte$ /)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/)
Searchplugins\eBay-it.xml (hxxp://rover.ebay.com/rover/1/724-51951-19398-1/4)
Searchplugins\hoepli.xml (hxxp://dizionari.hoepli.it/Dizionario_Italiano/cerca.aspx?idD=1&utm_source=mozilla-firefox&query={searchTerms})
Searchplugins\wikipedia-it.xml (hxxp://it.wikipedia.org/wiki/Speciale:Ricerca)
Searchplugins\yahoo-it.xml (hxxp://it.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|offerboxffx@offerbox.com - C:\Programmi\OfferBox\offerboxffx@offerbox.com
HKLM_Extensions|{1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Programmi\AVG\AVG10\Firefox4\

-- C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default --
Extensions\engine@conduit.com (Conduit Engine )
Extensions\toolbar@ask.com (MP3 Rocket Toolbar)
Extensions\{e3393495-8103-46a0-8181-270273eddd60} (Softonic-IT Community Toolbar)
Searchplugins\aim-search.xml (?)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2102507&SearchSource=3&q={searchTerms} /)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\ali\\Desktop
Prefs.js - browser.search.defaultenginename, Yahoo! Search
Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.startup.homepage, hxxp://search.findeer.it/
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0
Prefs.js - keyword.URL, hxxp://search.avg.com/route/?d=4bdb3b3f&v=6.103.018.001&i=23&tp=ab&iy=&ychte=it&lng=it&q=

========================================

**** Internet Explorer Version [6.0.2900.5512] ****

HKCU_Main|Search bar - hxxp://search.live.com/sphome.aspx
HKCU_Main|Search Page - hxxp://search.live.com
HKCU_Main|Start Page - hxxp://search.findeer.it/
HKLM_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} (x)
HKCU_URLSearchHooks|{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - "PHPNukeIT Toolbar" (C:\Programmi\PHPNukeIT\tbPHP2.dll)
HKCU_URLSearchHooks|{e3393495-8103-46a0-8181-270273eddd60} - "Softonic-IT Toolbar" (C:\Programmi\Softonic-IT\prxtbSof0.dll)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "PHPNukeIT Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=4bdb3b3f&v=6.103.18.1&i=23&tp=chrome&q={searchTer...)
HKCU_Toolbar\ShellBrowser|{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} (C:\Programmi\PHPNukeIT\tbPHP2.dll)
HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
HKCU_Toolbar\WebBrowser|{E3393495-8103-46A0-8181-270273EDDD60} (C:\Programmi\Softonic-IT\prxtbSof0.dll)
HKCU_Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Programmi\Ask.com\GenericAskToolbar.dll)
HKLM_Toolbar|{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} (C:\Programmi\PHPNukeIT\tbPHP2.dll)
HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
HKLM_Toolbar|{e3393495-8103-46a0-8181-270273eddd60} (C:\Programmi\Softonic-IT\prxtbSof0.dll)
HKLM_Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D} (C:\Programmi\ConduitEngine\prxConduitEngine.dll)
HKLM_Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440} (C:\Programmi\Ask.com\GenericAskToolbar.dll)
HKCU_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Programmi\Ask.com\SaUpdate.exe (?)
HKLM_ElevationPolicy\4c77b32e-6d37-4714-8206-72d5b3d6bee1 - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\d0ba60d1-bab7-4698-85ec-6d003f01a737 - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\da15321f-94ea-486f-b7cd-b8af17b8fa6b - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\da178af1-0c56-49f9-8e4e-1a3edef9b5e8 - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\{350A1F57-1421-446A-B6EA-0DBBD6E0F709} - C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\Conduit\CT2530241\Softonic-ITAutoUpdaterHelper.exe (?)
HKLM_ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB} - C:\Programmi\OfferBox\OfferBox.exe (Secure Digital Services Limited)
HKLM_ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} - C:\Programmi\Ask.com\SaUpdate.exe (?)
HKLM_ElevationPolicy\{EFA5CC85-DF9F-4DE3-BA2F-A5CDF06096A3} - C:\Programmi\ConduitEngine\ConduitEngineHelper.exe (?)
HKLM_ElevationPolicy\{F499B549-3192-46FE-B0C8-6650861EE6E3} - C:\Programmi\Softonic-IT\Softonic-ITToolbarHelper.exe (?)
HKLM_ElevationPolicy\{F5B611C4-4F9F-4F99-8526-607F1F6F5A70} - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper1.exe (Conduit Ltd.)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - "PHPNukeIT Toolbar" (C:\Programmi\PHPNukeIT\tbPHP2.dll)
BHO\{30F9B915-B755-4826-820B-08FBA6BD249D} - "Conduit Engine " (C:\Programmi\ConduitEngine\prxConduitEngine.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Guida per l'accesso a Windows Live" (C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
BHO\{D4027C7F-154A-4066-A1AD-4243D8127440} - "MP3 Rocket Toolbar" (C:\Programmi\Ask.com\GenericAskToolbar.dll)
BHO\{e3393495-8103-46a0-8181-270273eddd60} - "Softonic-IT Toolbar" (C:\Programmi\Softonic-IT\prxtbSof0.dll)
BHO\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} - "OfferBox" (C:\Programmi\OfferBox\OfferBoxBHO.dll)

========================================

C:\Programmi\Ad-Remover\Quarantine: 0 File(s)
C:\Programmi\Ad-Remover\Backup: 0 File(s)

C:\Ad-Report-SCAN[1].txt - 21/08/2011 15:44:05 (18730 Byte(s))

End at: 15:44:40, 21/08/2011

============== E.O.F ==============



merci
0
Réponse 16 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
21 août 2011 à 21:03
Re,


/!\ Ferme toutes applications en cours avant de continuer /!\

- Double- clique sur l'icône Ad- remover située sur ton Bureau.
- Sur la page, clique sur le bouton « Nettoyer ».
- Confirme le lancement du nettoyage.
- Laisse travailler l'outil.
- Accepte de redémarrer le PC à la fin, si il est demandé. Cela est nécessaire pour finaliser le nettoyage.
- Poste le rapport qui apparaît à la fin, dans le forum.

(Le rapport est sauvegardé aussi sous C:\Ad- Report- CLEAN[1].txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

@+

Gabriel.
0
Réponse 17 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
22 août 2011 à 13:21
bonjour, voila le rapport de ADremover.




======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Programmi\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 13:13:13 on 22/08/2011, Normal boot

Microsoft Windows XP Home Edition Service Pack 3 (X86)
ali@USER-09D5B1B0BD ( )

============== ACTION(S) ==============

Service: "Viewpoint Manager Service" Service stopped and deleted

File deleted: C:\Documents and Settings\All Users\Menu Avvio\Programmi\OfferBox Browser.lnk
File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
File deleted: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder deleted: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\extensions\toolbar@ask.com
Folder deleted: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\conduit
Folder deleted: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\ConduitEngine
Folder deleted: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\extensions\engine@conduit.com
File deleted: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\searchplugins\conduit.xml
Folder deleted: C:\Programmi\Ask.com
Folder deleted: C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\AskToolbar
Folder deleted: C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\Conduit
Folder deleted: C:\Programmi\Conduit
Folder deleted: C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\ConduitEngine
Folder deleted: C:\Programmi\ConduitEngine
Folder deleted: C:\Documents and Settings\ali\Dati applicazioni\PriceGong
Folder deleted: C:\Documents and Settings\All Users\Dati applicazioni\Viewpoint
Folder deleted: C:\Programmi\Viewpoint
Folder deleted: C:\Documents and Settings\ali\Dati applicazioni\OfferBox
Folder deleted: C:\Programmi\OfferBox

(!) -- Temporary files deleted.


-- File opened: C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default\Prefs.js --
Line deleted: user_pref("CT2530241.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT253...
Line deleted: user_pref("CT2653012.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1045667/1041378/FR", "\"0\"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/IT", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923244/919035/DEFAULT", "\"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923244/919035/FR", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/923244/919035/IT", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2530241", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2653012", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63425009534667...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2530241&octid=...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2653012/CT2653012...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=it", "\"634...
Line deleted: user_pref("CommunityToolbar.EngineOwner", "CT2530241");
Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "{e3393495-8103-46a0-8181-270273eddd60}");
Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-it");
Line deleted: user_pref("CommunityToolbar.IsEngineShown", true);
Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "CT2530241");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{e3393495-8103-46a0-8181-270273eddd60}");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-it");
Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bdb3b3f&...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2530241");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2530241");
Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 08 2011 15:34:11 GMT+02...
Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 14 2011 16:53:11 GMT+0200 (ora l...
Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Line deleted: user_pref("CommunityToolbar.alert.locale", "en");
Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Jun 26 2011 14:58:23 GMT+0200 (ora legal...
Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line deleted: user_pref("CommunityToolbar.alert.userId", "8437caeb-5081-4b83-ab37-7fb5bdf6e4eb");
Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.twitter.user_16409683.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line deleted: user_pref("CommunityToolbar.twitter.user_16727535.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line deleted: user_pref("CommunityToolbar.twitter.user_18863815.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line deleted: user_pref("CommunityToolbar.twitter.user_19058681.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line deleted: user_pref("CommunityToolbar.twitter.user_19248106.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line deleted: user_pref("CommunityToolbar.twitter.user_19554706.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line deleted: user_pref("CommunityToolbar.twitter.user_19757371.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100...
Line deleted: user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100 (...
Line deleted: user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100 (...
Line deleted: user_pref("CommunityToolbar.twitter.user_813286.LastCheckTime", "Tue Nov 16 2010 15:55:31 GMT+0100 (...
Line deleted: user_pref("ConduitEngine.FirstServerDate", "11/26/2010 12");
Line deleted: user_pref("ConduitEngine.FirstTime", true);
Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);
Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line deleted: user_pref("ConduitEngine.Initialize", true);
Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line deleted: user_pref("ConduitEngine.InstalledDate", "Fri Nov 26 2010 10:27:51 GMT+0100 (ora solare Europa occid...
Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);
Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Nov 26 2010 10:27:51 GMT+0100 (ora solare ...
Line deleted: user_pref("ConduitEngine.LastLogin_3.2.1.3", "Fri Nov 26 2010 10:27:51 GMT+0100 (ora solare Europa o...
Line deleted: user_pref("ConduitEngine.PublisherContainerWidth", 0);
Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Nov 26 2010 10:27:49 GMT+0100 (ora solare Euro...
Line deleted: user_pref("ConduitEngine.UserID", "UN36457948877813184");
Line deleted: user_pref("ConduitEngine.engineLocale", "it");
Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Nov 26 2010 10:27:50 GMT+0100 (ora s...
Line deleted: user_pref("ConduitEngine.initDone", true);
Line deleted: user_pref("extensions.asktb.abar-war-timeout", "4000");
Line deleted: user_pref("extensions.asktb.cbid", "RV");
Line deleted: user_pref("extensions.asktb.config-updated", true);
Line deleted: user_pref("extensions.asktb.crumb", "2011.01.09+02.11.28-toolbar007iad-FR-UGFyaXMsRnJhbmNl");
Line deleted: user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}...
Line deleted: user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
Line deleted: user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
Line deleted: user_pref("extensions.asktb.first-restart-after-config-update", true);
Line deleted: user_pref("extensions.asktb.fresh-install", false);
Line deleted: user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com...
Line deleted: user_pref("extensions.asktb.l", "dis");
Line deleted: user_pref("extensions.asktb.last-config-req", "1314011388814");
Line deleted: user_pref("extensions.asktb.last-v", "3.11.3.100005");
Line deleted: user_pref("extensions.asktb.locale", "en_US");
Line deleted: user_pref("extensions.asktb.o", "15863");
Line deleted: user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line deleted: user_pref("extensions.asktb.qsrc", "2871");
Line deleted: user_pref("extensions.asktb.r", "4");
Line deleted: user_pref("extensions.asktb.search-suggestions-enabled", true);
Line deleted: user_pref("extensions.asktb.silent-upgrade", true);
Line deleted: user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Line deleted: user_pref("extensions.asktb.socialmini-first", true);
Line deleted: user_pref("extensions.asktb.socialmini-interval", "1200000");
Line deleted: user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line deleted: user_pref("extensions.asktb.socialmini-max-items", "30");
Line deleted: user_pref("extensions.asktb.socialmini-native-on", true);
Line deleted: user_pref("extensions.asktb.socialmini-speed", "5000");
Line deleted: user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line deleted: user_pref("extensions.asktb.v", "3.12.2.100006");
Line deleted: user_pref("extensions.enabledAddons", "{e3393495-8103-46a0-8181-270273eddd60}:3.6.0.10,jqs@sun.com:1...
Line deleted: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0...
Line deleted: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-...
-- File closed --


Key deleted: HKLM\Software\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key deleted: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key deleted: HKLM\Software\Classes\CLSID\{160F29DC-1A8C-4F4E-8F4A-73DCA6FDA877}
Key deleted: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key deleted: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key deleted: HKLM\Software\Classes\CLSID\{601ac3dc-786a-4eb0-bf40-ee3521e70bfb}
Key deleted: HKLM\Software\Classes\CLSID\{72b3882f-453a-4633-aac9-8c3dced62aff}
Key deleted: HKLM\Software\Classes\CLSID\{8D0661E4-A918-4B24-9A3D-C466C220B3CE}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8D0661E4-A918-4B24-9A3D-C466C220B3CE}
Key deleted: HKLM\Software\Classes\CLSID\{A7E8C343-7860-4A95-9AA8-AAF30D0F6D1E}
Key deleted: HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key deleted: HKLM\Software\Classes\CLSID\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}
Key deleted: HKLM\Software\Classes\Interface\{6612AFDD-34AD-4B89-A236-7E6D07C3FDCD}
Key deleted: HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key deleted: HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key deleted: HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key deleted: HKLM\Software\Classes\Interface\{D6094FC6-821F-474C-8D73-C13066CD178D}
Key deleted: HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key deleted: HKLM\Software\Classes\TypeLib\{ED85AEBE-F834-4088-B5D3-97EB2478A6CD}
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
Key deleted: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd
Key deleted: HKLM\Software\Classes\GenericAskToolbar.ToolbarWnd.1
Key deleted: HKLM\Software\Classes\OfferBox.OfferBoxServer
Key deleted: HKLM\Software\Classes\OfferBox.OfferBoxServer.1
Key deleted: HKLM\Software\Classes\Toolbar.CT2102507
Key deleted: HKLM\Software\Classes\Toolbar.CT2530241
Key deleted: HKLM\Software\Classes\AppID\GenericAskToolbar.DLL
Key deleted: HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key deleted: HKLM\Software\AskToolbar
Key deleted: HKLM\Software\Conduit
Key deleted: HKLM\Software\conduitEngine
Key deleted: HKLM\Software\MetaStream
Key deleted: HKLM\Software\OfferBox
Key deleted: HKLM\Software\Viewpoint
Key deleted: HKCU\Software\Ask.com
Key deleted: HKCU\Software\AskToolbar
Key deleted: HKCU\Software\Conduit
Key deleted: HKCU\Software\conduitEngine
Key deleted: HKCU\Software\OfferBox
Key deleted: HKCU\Software\PriceGong
Key deleted: HKCU\Software\AppDataLow\AskToolbarInfo
Key deleted: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{37F4A335-D085-423e-A425-0370799166FB}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFA5CC85-DF9F-4DE3-BA2F-A5CDF06096A3}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox Browser
Key deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key deleted: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key deleted: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key deleted: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP

Value deleted: HKLM\Software\Mozilla\Firefox\Extensions|offerboxffx@offerbox.com
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{D4027C7F-154A-4066-A1AD-4243D8127440}
Value deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [6.0 (it)] ****

Plugins\npdivx32.dll (DivX,Inc.)
Plugins\npDivxPlayerPlugin.dll (DivX, Inc)
Plugins\npdnu.dll (AOL LLC)
Plugins\npViewpoint.dll (?)
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\avg_igeared.xml (hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=$isYahoo$&ychte=$ychte$ /)
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/)
Searchplugins\eBay-it.xml (hxxp://rover.ebay.com/rover/1/724-51951-19398-1/4)
Searchplugins\hoepli.xml (hxxp://dizionari.hoepli.it/Dizionario_Italiano/cerca.aspx?idD=1&utm_source=mozilla-firefox&query={searchTerms})
Searchplugins\wikipedia-it.xml (hxxp://it.wikipedia.org/wiki/Speciale:Ricerca)
Searchplugins\yahoo-it.xml (hxxp://it.search.yahoo.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|{1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Programmi\AVG\AVG10\Firefox4\

-- C:\Documents and Settings\ali\Dati applicazioni\Mozilla\FireFox\Profiles\sfty7fdx.default --
Extensions\{e3393495-8103-46a0-8181-270273eddd60} (Softonic-IT Community Toolbar)
Searchplugins\aim-search.xml (?)
Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\ali\\Desktop
Prefs.js - browser.search.defaultenginename, Yahoo! Search
Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q=
Prefs.js - browser.startup.homepage, hxxp://search.findeer.it/
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0
Prefs.js - keyword.URL, hxxp://search.avg.com/route/?d=4bdb3b3f&v=6.103.018.001&i=23&tp=ab&iy=&ychte=it&lng=it&q=

========================================

**** Internet Explorer Version [6.0.2900.5512] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{A3BC75A2-1F87-4686-AA43-5347D756017C} (x)
HKCU_URLSearchHooks|{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - "PHPNukeIT Toolbar" (C:\Programmi\PHPNukeIT\tbPHP2.dll)
HKCU_URLSearchHooks|{e3393495-8103-46a0-8181-270273eddd60} - "Softonic-IT Toolbar" (C:\Programmi\Softonic-IT\prxtbSof0.dll)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "?" (?)
HKCU_SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=4bdb3b3f&v=6.103.18.1&i=23&tp=chrome&q={searchTer...)
HKCU_Toolbar\ShellBrowser|{2C965F3F-8EFD-4BFC-A2C5-1672845FDBBF} (C:\Programmi\PHPNukeIT\tbPHP2.dll)
HKCU_Toolbar\WebBrowser|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
HKCU_Toolbar\WebBrowser|{E3393495-8103-46A0-8181-270273EDDD60} (C:\Programmi\Softonic-IT\prxtbSof0.dll)
HKLM_Toolbar|{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} (C:\Programmi\PHPNukeIT\tbPHP2.dll)
HKLM_Toolbar|{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (x)
HKLM_Toolbar|{e3393495-8103-46a0-8181-270273eddd60} (C:\Programmi\Softonic-IT\prxtbSof0.dll)
HKLM_ElevationPolicy\4c77b32e-6d37-4714-8206-72d5b3d6bee1 - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\d0ba60d1-bab7-4698-85ec-6d003f01a737 - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\da15321f-94ea-486f-b7cd-b8af17b8fa6b - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\da178af1-0c56-49f9-8e4e-1a3edef9b5e8 - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper.exe (?)
HKLM_ElevationPolicy\{350A1F57-1421-446A-B6EA-0DBBD6E0F709} - C:\Documents and Settings\ali\Impostazioni locali\Dati applicazioni\Conduit\CT2530241\Softonic-ITAutoUpdaterHelper.exe (x)
HKLM_ElevationPolicy\{F499B549-3192-46FE-B0C8-6650861EE6E3} - C:\Programmi\Softonic-IT\Softonic-ITToolbarHelper.exe (?)
HKLM_ElevationPolicy\{F5B611C4-4F9F-4F99-8526-607F1F6F5A70} - C:\Programmi\PHPNukeIT\PHPNukeITToolbarHelper1.exe (Conduit Ltd.)
HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{2c965f3f-8efd-4bfc-a2c5-1672845fdbbf} - "PHPNukeIT Toolbar" (C:\Programmi\PHPNukeIT\tbPHP2.dll)
BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)
BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Guida per l'accesso a Windows Live" (C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
BHO\{e3393495-8103-46a0-8181-270273eddd60} - "Softonic-IT Toolbar" (C:\Programmi\Softonic-IT\prxtbSof0.dll)

========================================

C:\Programmi\Ad-Remover\Quarantine: 442 File(s)
C:\Programmi\Ad-Remover\Backup: 14 File(s)

C:\Ad-Report-CLEAN[1].txt - 22/08/2011 13:13:27 (23244 Byte(s))
C:\Ad-Report-SCAN[1].txt - 21/08/2011 15:44:05 (25006 Byte(s))

End at: 13:14:28, 22/08/2011

============== E.O.F ==============





merci!
0
Réponse 18 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
28 août 2011 à 23:30
bonjour,
comme je n'ai pas eu de réponse depuis un moment je me demandais si la désinfection de mon ordinateur était terminée.

Merci.
0
Réponse 19 / 41
2011N2 Messages postés 13352 Date d'inscription samedi 29 janvier 2011 Statut Contributeur sécurité Dernière intervention 24 décembre 2016 917
28 août 2011 à 23:31
Tu as bien fait de relancer, je n'avais pas vu ta réponse :)

Refais moi un ZHPdiag STP ;)

Merci,

Gabriel.
0
Réponse 20 / 41
alicemissmeat Messages postés 21 Date d'inscription mardi 9 août 2011 Statut Membre Dernière intervention 19 septembre 2011
29 août 2011 à 14:42
Voila le rapport de ZHPdiag :

http://ww38.toofiles.com/fr/oip/documents/zip/zhpdiag3.html

merci
0

Discussions similaires

j'ai renversé de l'eau sur mon pc portable
sardine -
moudubulbe -

14 réponses
Comment taper l'arobase sur un pc hp ?
kadem -
Tatopoulosse -

5 réponses