Ver W32/Blaster.vorm

Résolu
Benchris -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

Depuis ce matin, j'ai attrapé un virus dénommé W32/blaster.vorm. Je suis allé sur plusieurs forum afin de tenter de remédier à mon problème mais rien n'y fait. Je ne peux plus accéder à internet. Je ne peux plus exécuter les divers antivirus que je télécharger sur le net. Tout é=est bloqué par sécurité protection. Je suis désespéré, d'autant plus que mes différents fichiers comptables se trouvent sur mon ordi et je ne peux plus les ouvrir. Quelqu'un aurait il une solution ????
Merci et bonne journée
Benoit

55 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Le problème porte sur une infection W32/blaster.vorm sous Windows XP / Internet Explorer 8 qui bloque l’accès à Internet et empêche l’exécution des antivirus. Plusieurs solutions proposées impliquent des outils de nettoyage comme RogueKiller et ComboFix et suivent des étapes : désactiver les programmes, lancer les scans, puis supprimer les éléments détectés et réinitialiser les paramètres réseau. Le processus conseille notamment le téléchargement sur le bureau, l’exécution en mode administrateur selon le système, puis la génération de rapports (par exemple RKreport1.txt) et le recours aux outils de réinitialisation (Hosts, DNS, proxies). Certaines étapes nécessitent de répéter le scan et de vérifier les répertoires temporaires, avec la remise en route du système et la vérification des rapports (par exemple ComboFix.txt ou RKreport1.txt) pour confirmer la remise en état.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Bonjour,

    Nous allons essayer de régler ton problème ensemble. D'abord, quelques rappels :

    ▶ N'ouvres pas d'autres sujets pour le même problème (que ce soit sur ce forum ou sur un autre)
    ▶ N'hésites pas à poser des questions en cas de besoin ;)
    ▶ Sois patient(e) quand tu postes un message, je ne réponds pas instantanément : je suis bénévole et je ne suis pas en permanence devant mon ordinateur. Mais rassure toi, je ne laisse jamais tomber personne ;)
    ▶ La désinfection va se dérouler en plusieurs étapes. Même si les symptômes de l'infection disparaissent, la désinfection ne sera terminée que quand je te le confirmerai --> Merci de revenir jusqu'au bout, sinon ce qu''on a fait n'aura servi à rien /!\

    ▶ Télécharge sur le bureau RogueKiller (par tigzy)

    ▶ ▶ Sous Windows XP, double clic gauche

    ▶ ▶ Sous Vista/Seven, clique droit, lancer en tant qu'administrateur

    ▶ Quitte tous tes programmes en cours
    ▶ Lance RogueKiller.exe.
    ▶ Un scan se lance, puis tu verra d''indiqué dans la fenêtre
    ▶ ▶ 1. Recherche (écrit en vert)
    ▶ ▶ 2. Suppression(écrit en rouge)
    ▶ ▶ 3. Hosts RAZ (écrit en rouge)
    ▶ ▶ 4. Proxy RAZ (écrit en rouge)
    ▶ ▶ 5. DNS RAZ (écrit en rouge)
    ▶ ▶ 6. Raccourcis RAZ (écrit en rouge)
    ▶ ▶ 0. Quitter (écrit en vert)
    A ce moment tape 1 et valide

    ▶ Un rapport (RKreport1.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
    ▶ Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois ou a changer son nom en winlogon.exe
    1
  2. benchris
     
    Tout d'abord MERCI pour l'aide.
    Le souci c'est que je dois passer par un autre ordinateur car celui infecté ne m'ouvre plus rien même plus la connection internet.

    RogueKiller V5.3.4 [30/08/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

    Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Duhem Aurélie [Droits d'admin]
    Mode: Recherche -- Date : 02/09/2011 16:07:49

    Processus malicieux: 3
    [SUSP PATH] urerfg12.dll -- C:\WINDOWS\urerfg12.dll -> UNLOADED
    [SUSP PATH] urerfg12.dll -- C:\WINDOWS\urerfg12.dll -> KILLED [TermProc]
    [SUSP PATH] DEFENDER.EXE -- c:\documents and settings\all users\application data\defender.exe -> KILLED [TermProc]

    Entrees de registre: 6
    [BLACKLIST DLL] HKCU\[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> FOUND
    [SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> FOUND
    [BLACKLIST DLL] HKUS\S-1-5-21-3710026804-835709013-520328069-1009[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> FOUND
    [SUSP PATH] HKUS\S-1-5-21-3710026804-835709013-520328069-1009[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> FOUND
    [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Fichiers / Dossiers particuliers:
    [FOLDER] plugs : c:\documents and settings\duhem aurélie\application data\adobe\plugs --> FOUND
    [FOLDER] shed : c:\documents and settings\duhem aurélie\application data\adobe\shed --> FOUND

    Fichier HOSTS:
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    [...]

    Termine : << RKreport[1].txt >>
    RKreport[1].txt
    0
  3. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Eh ben c est du propre ^^

    relance RogueKiller options 2 3 et 6 et poste les 3 rapports
    désinstalle spybot

    puis :

    ▶ Télécharge MBAM et installe le selon l'emplacement par défaut
    https://www.malwarebytes.com/mwb-download/
    ▶ Effectue la mise à jour et lance Malwarebytes' Anti-Malware

    ▶ ▶ Si tu n''arrive pas à le mettre à jour, télécharge ce fichier , ferme MBAM, et exécute le

    ▶ Clique dans l'onglet du haut "Recherche"
    ▶ Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
    ▶ Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

    A la fin de l'analyse, si MBAM n'a rien trouvé :

    ▶ Clique sur OK, le rapport s'ouvre spontanément

    Si des menaces ont été détectées :

    ▶ Clique sur OK puis "Afficher les résultats"
    ▶ Choisis l'option "Supprimer la sélection"
    ▶ Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
    ▶ Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs"
    ▶ Sinon le rapport s'ouvre automatiquement après la suppression

    Quelque soit le résultat, copie/colle le rapport dans le prochain message
    0
  4. benchris
     
    Voilà, qu'entends tu par : c'est du propre ??? Personnellement, je n'y connais rien en informatique. Dois je mieux protéger mon ordinateur ???

    Rapport 2
    RogueKiller V5.3.4 [30/08/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

    Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Duhem Aurélie [Droits d'admin]
    Mode: Suppression -- Date : 02/09/2011 16:29:27

    Processus malicieux: 0
    Entrees de registre: 4
    [BLACKLIST DLL] HKCU\[...]\Run : Jhovegefixipu (rundll32.exe "C:\WINDOWS\urerfg12.dll",Startup) -> DELETED
    [SUSP PATH] HKCU\[...]\Run : Security Protection (C:\Documents and Settings\All Users\Application Data\defender.exe) -> DELETED
    [HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    Fichiers / Dossiers particuliers:
    [FILE] KB7791578.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791578.exe --> REMOVED
    [FILE] KB7791781.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791781.exe --> REMOVED
    [FILE] KB7791578 : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791578 --> REMOVED
    [FILE] KB7791640 : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7791640 --> REMOVED
    [FILE] KB7821718.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7821718.exe --> REMOVED
    [FILE] KB7821781.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7821781.exe --> REMOVED
    [FILE] KB7823125.exe : c:\documents and settings\duhem aurélie\application data\adobe\plugs\KB7823125.exe --> REMOVED
    [FOLDER] plugs : c:\documents and settings\duhem aurélie\application data\adobe\plugs --> REMOVED
    [FOLDER] shed : c:\documents and settings\duhem aurélie\application data\adobe\shed --> REMOVED

    Fichier HOSTS:
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    [...]

    Termine : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt

    Rapport 3
    RogueKiller V5.3.4 [30/08/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

    Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Duhem Aurélie [Droits d'admin]
    Mode: HOSTS RAZ -- Date : 02/09/2011 16:31:12

    Processus malicieux: 0

    Fichier HOSTS:
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.1001-search.info
    127.0.0.1 1001-search.info
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.10sek.com
    127.0.0.1 10sek.com
    127.0.0.1 www.123topsearch.com
    [...]

    Nouveau fichier HOSTS:
    127.0.0.1 localhost

    Termine : << RKreport[3].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

    Rapport 6
    RogueKiller V5.3.4 [30/08/2011] par Tigzy
    contact sur http://www.sur-la-toile.com
    mail: tigzyRK<at>gmail<dot>com
    Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

    Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Duhem Aurélie [Droits d'admin]
    Mode: Raccourcis RAZ -- Date : 02/09/2011 16:32:57

    Processus malicieux: 0

    Attributs de fichiers restaures:
    Bureau: Success 0 / Fail 0
    Lancement rapide: Success 0 / Fail 0
    Programmes: Success 24 / Fail 0
    Menu demarrer: Success 0 / Fail 0
    Dossier utilisateur: Success 283 / Fail 0
    Mes documents: Success 23 / Fail 0
    Mes favoris: Success 0 / Fail 0
    Mes images: Success 0 / Fail 0
    Ma musique: Success 0 / Fail 0
    Mes videos: Success 0 / Fail 0
    Disques locaux: Success 1195 / Fail 0
    Sauvegarde: [NOT FOUND]

    Lecteurs:
    [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
    [D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [E:] \Device\CdRom0 -- 0x5 --> Skipped
    [F:] \Device\CdRom1 -- 0x5 --> Skipped
    [G:] \Device\HarddiskVolume10 -- 0x3 --> Restored

    Termine : << RKreport[4].txt >>
    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

    Rapport Malwarebytes
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Version de la base de données: 7637

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    02/09/2011 16:47:01
    mbam-log-2011-09-02 (16-47-01).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 205569
    Temps écoulé: 5 minute(s), 22 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 21
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 16
    Fichier(s) infecté(s): 117

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\adfadcpdpr.adfadcpdpr (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBD5F519-1E51-44C7-BBB9-354719A7751E} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm.1.0 (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\brumadcpdgrm.brumadcpdgrm (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF664F2B-438F-4107-B440-CCD774A286DE} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD} (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095} (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086} (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ACM.ACMFactory.1 (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ACM.ACMFactory (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenU) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bipro (Adware.BHO) -> Value: bipro -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    c:\program files\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\program files\EoRezo\EoAdv (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\program files\EoRezo\EoAdv\tmp (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\program files\EoRezo\eoweather (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\program files\starware393 (Adware.Starware) -> Quarantined and deleted successfully.
    c:\program files\starware393\Setup.exe (Adware.Starware) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU (Adware.WhenU) -> Quarantined and deleted successfully.
    c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\db (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoStats (Adware.EoRezo) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\WINDOWS\$xntuninstall643$\wzrel.dll (Adware.BHO) -> Quarantined and deleted successfully.
    c:\WINDOWS\$xntuninstall643$\qpeji.dll (Adware.BHO) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\application data\defender.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\local settings\Temp\arscomenwx.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\local settings\Temp\msxercwaon.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem benoit\local settings\Temp\regincd2.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\E3.tmp (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
    c:\WINDOWS\urerfg12.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\program files\EoRezo\EoAdv\eoAdv.url (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.3959 (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.5544 (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\program files\EoRezo\EoAdv\tmp\eorezobho.dll.4529 (Rogue.Eorezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\learn more about whenu save.url (Adware.WhenU) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\learn more about whenu savenow.url (Adware.WhenU) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\whenu.com website.url (Adware.WhenU) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\uninstall instructions.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem benoit\menu démarrer\programmes\WhenU\customer support.lnk (Adware.WhenU) -> Quarantined and deleted successfully.
    c:\WINDOWS\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\cmhost.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\user.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\host.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\confmedia.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\towns.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\eoweatherval_02ec282.cfg (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\next.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\nextpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\reflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\txt_14x13.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_station_meteo\about.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\back.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_2days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_7days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\backpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\close.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\closepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\dayprevisionclose.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\fonds_écran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\help.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\helppressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\minimise.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\minimisepressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\next.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\nextpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\option.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\optionpressed.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\reflet_ecran.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\earth.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\Thumbs.db (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\dayprevisionbackground.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_1days.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background_1.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\small_background.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\85_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\67_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\69_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\69_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\67_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\70_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\70_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\82_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\82_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\78_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\78_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\84_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\84_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\83_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\83_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\85_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\89_day.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\89_night.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\band.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoweather\images_classic\band_small.png (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\db\cat.cyp (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\eodesktop.html (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\userconfig.xml (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eodesktop\config.xml (Adware.EoRezo) -> Quarantined and deleted successfully.
    c:\documents and settings\duhem aurélie\application data\EoRezo\eoStats\eoStats.txt (Adware

    MERCI, est terminée ??? Toujours est il quec'est agréable de pouvoir compter sur d'autres personnes pour palier à vos erreurs.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Re,

    Non pas terminé :P

    Tu as installé des programmes EoRezo ou PCTuto, sais-tu que le service transmet certaines informations ? comme par exemple ton adresse, numéro de télephone qui ont été saisis lors de l'inscription ?
    EoRezo modifie aussi ta page de démarrge vers lo.st, il se peux aussi que ce site transmettent certaines informations.
    Enfin il ouvre des popups de publicités vers regiedepub.com
    Bref ça installe un adware.

    Pour plus d'informations se reporter à cette page : https://forum.malekal.com/viewtopic.php?t=18245&start=

    Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
    Lance le, clique sur [Recherche] puis patiente le temps du scan.
    Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[R1].txt
    0
  7. benchris
     
    Hello.
    As tu reçu le rapport adwcleaner que je t'ai adressé????

    Tiens au fait qu'est qu'un URL malveillant, j'en ai de bloqué par avast...

    Merci
    0
  8. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello

    Non, je ne l'ai pas recu...

    ♦ Pour me transmettre le rapport

    clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier C:\AdwCleaner[Rx].txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    0
  9. benchris
     
    Re bonjour. Voilà, je pense qu'il s'aagit du lien concerné.

    http://www.cijoint.fr/cjlink.php?file=cj201109/cijZrFXN0B.txt

    J'ai vraiment du mal.......
    0
  10. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Prends ton temps, rien ne presse ;)
    Si tu ne comprends pas quelque chose, n'hésites pas à demander ;)

    AdwCleaner a bien bossé :)

    Pour les URL malveillantes détectées par Avast, on va contrôler ça !

    Nous allons effectuer un diagnostic de ton PC:
    Télécharge ZHPDiag

    ▶ Laisse toi guider lors de l''installation,coche "Ajouter une icône sur le bureau" et "Exécuter ZHPDiag"

    ▶ Clique sur l''icône représentant une loupe (« Lancer le diagnostic »)

    ▶ Une fois le scan aux 100%, ferme ZHPDiag. Héberge le rapport ZHPDiag.txt présent sur ton bureau :

    Voici comment procéder

    ▶ Rends toi sur pjjoint.malekal.com
    ▶ Clique sur le bouton Parcourir
    ▶ Sélectionne le fichier que tu veux heberger et clique sur Ouvrir
    ▶ Clique sur le bouton Envoyer
    ▶ Un message de confirmation s''affiche (L''upload a réussi ! - Le lien à transmettre à vos correspondant pour visualiser le fichier est : https://pjjoint.malekal.com/files.php?id=df5ea299241015 Copie le lien dans ta prochaine réponse.

    A bientôt.
    0
  11. benchris
     
    J'ai envoyé le fichier mais internet explorer ne peut pas afficher la page web..
    0
  12. benchris
     
    Voilà, j'ai réussi

    http://pjjoint.malekal.com/files.php?id=ZHPDiag_e10g5y7h5s12b12t10d10x8h9z5c15s7c6i8k9m9p12x11o14
    0
  13. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    le rapport largement incomplet :s
    0
  14. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    si possible ...
    ZHPDiag était bien arrivé aux 100% du scan ?
    0
  15. benchris
     
    Voilà, je dois m'absenter un petit quart d'heure.

    http://www.cijoint.fr/cjlink.php?file=cj201109/cijKDkjvCT.txt

    A toute à l'heure
    0
  16. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ok pas de problèmes ;)

    Tu es infecté d'un rootkit. A mon avis il est venu avec ton rogue (celui qui te bloquait tout au début)

    ▶ Télécharge Reload_TDSSKiller

    ▶ Lance le

    choisis : lancer le nettoyage

    l'outil va automatiquement télécharger la derniere version puis

    TDSSKiller va s'ouvrir , clique sur "Start Scan" Clique ici pour l'aide en image

    Si TDSS.tdl2 est détecté l''option delete sera cochée par défaut.
    Si TDSS.tdl3 est détecté assure toi que Cure est bien cochée.
    Si TDSS.tdl4(\HardDisk0\MBR) est détecté assure toi que Cure est bien cochée.
    Si Suspicious file est indiqué, laisse l''option cochée sur Skip
    une fois qu'il a terminé , redemarre s'il te le demande pour finir de nettoyer

    sinon , ferme tdssKiller et le rapport s'affichera sur le bureau

    ▶ Copie/Colle son contenu dans ta prochaine réponse.
    0
  17. benchris
     
    Voilà.. Au fait, aurais tu un antivirus à me conseiller ??
    2011/09/03 14:53:36.0015 5752 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
    2011/09/03 14:53:36.0156 5752 ================================================================================
    2011/09/03 14:53:36.0156 5752 SystemInfo:
    2011/09/03 14:53:36.0156 5752
    2011/09/03 14:53:36.0156 5752 OS Version: 5.1.2600 ServicePack: 3.0
    2011/09/03 14:53:36.0156 5752 Product type: Workstation
    2011/09/03 14:53:36.0156 5752 ComputerName: ACER-2201BA61D4
    2011/09/03 14:53:36.0156 5752 UserName: Duhem Aurélie
    2011/09/03 14:53:36.0156 5752 Windows directory: C:\WINDOWS
    2011/09/03 14:53:36.0156 5752 System windows directory: C:\WINDOWS
    2011/09/03 14:53:36.0156 5752 Processor architecture: Intel x86
    2011/09/03 14:53:36.0156 5752 Number of processors: 1
    2011/09/03 14:53:36.0156 5752 Page size: 0x1000
    2011/09/03 14:53:36.0156 5752 Boot type: Normal boot
    2011/09/03 14:53:36.0156 5752 ================================================================================
    2011/09/03 14:53:37.0062 5752 Initialize success
    2011/09/03 14:53:48.0093 4352 ================================================================================
    2011/09/03 14:53:48.0093 4352 Scan started
    2011/09/03 14:53:48.0093 4352 Mode: Manual;
    2011/09/03 14:53:48.0093 4352 ================================================================================
    2011/09/03 14:53:49.0140 4352 Aavmker4 (dfcdd5936cad0138775d5a105d4c7716) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/09/03 14:53:49.0765 4352 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/09/03 14:53:49.0968 4352 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/09/03 14:53:50.0078 4352 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/09/03 14:53:50.0281 4352 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/09/03 14:53:50.0531 4352 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/09/03 14:53:50.0718 4352 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/09/03 14:53:50.0890 4352 AFS2K (b34b1ab0a7690a0e2301fec6d17b2fc1) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/09/03 14:53:51.0187 4352 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2011/09/03 14:53:51.0515 4352 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/09/03 14:53:51.0781 4352 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/09/03 14:53:52.0062 4352 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/09/03 14:53:52.0343 4352 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/09/03 14:53:52.0546 4352 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/09/03 14:53:52.0921 4352 alcan5ln (e8a3f72f644c0b57f8ab894d04b289d7) C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
    2011/09/03 14:53:53.0265 4352 alcaudsl (4c9577888c53243e2991456f510488a1) C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
    2011/09/03 14:53:53.0531 4352 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/09/03 14:53:53.0734 4352 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/09/03 14:53:53.0875 4352 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/09/03 14:53:54.0109 4352 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/09/03 14:53:54.0343 4352 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/09/03 14:53:54.0562 4352 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/09/03 14:53:54.0781 4352 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/09/03 14:53:55.0171 4352 aswFsBlk (861cb512e4e850e87dd2316f88d69330) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/09/03 14:53:55.0546 4352 aswMon2 (7857e0b4c817f69ff463eea2c63e56f9) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/09/03 14:53:55.0875 4352 aswRdr (8db043bf96bb6d334e5b4888e709e1c7) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/09/03 14:53:56.0234 4352 aswSnx (17230708a2028cd995656df455f2e303) C:\WINDOWS\system32\drivers\aswSnx.sys
    2011/09/03 14:53:56.0593 4352 aswSP (dbedd9d43b00630966ef05d2d8d04cee) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/09/03 14:53:56.0937 4352 aswTdi (984cfce2168286c2511695c2f9621475) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/09/03 14:53:57.0046 4352 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/09/03 14:53:57.0203 4352 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/09/03 14:53:57.0750 4352 ati2mtag (221f0a33229cce7bf2f7640d3bb8845d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/09/03 14:53:58.0062 4352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/09/03 14:53:58.0296 4352 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/09/03 14:53:58.0671 4352 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    2011/09/03 14:53:59.0031 4352 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    2011/09/03 14:53:59.0390 4352 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    2011/09/03 14:53:59.0718 4352 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    2011/09/03 14:54:00.0078 4352 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    2011/09/03 14:54:00.0453 4352 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    2011/09/03 14:54:00.0765 4352 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    2011/09/03 14:54:01.0109 4352 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    2011/09/03 14:54:01.0359 4352 BCM43XX (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    2011/09/03 14:54:01.0453 4352 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/09/03 14:54:03.0015 4352 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
    2011/09/03 14:54:03.0968 4352 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
    2011/09/03 14:54:04.0281 4352 BTHPORT (ef26202fee56f7607c6b794059df347a) C:\WINDOWS\system32\Drivers\BTHport.sys
    2011/09/03 14:54:04.0625 4352 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
    2011/09/03 14:54:04.0984 4352 Cam5603D (18a1c728d04f071b9ec178496542117a) C:\WINDOWS\system32\Drivers\BisonCam.sys
    2011/09/03 14:54:05.0328 4352 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/09/03 14:54:05.0546 4352 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/09/03 14:54:05.0687 4352 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/09/03 14:54:05.0984 4352 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/09/03 14:54:06.0109 4352 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/09/03 14:54:06.0218 4352 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/09/03 14:54:06.0328 4352 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/09/03 14:54:06.0687 4352 ce6230 (ed49c07c591298e546545ef79b529f41) C:\WINDOWS\system32\DRIVERS\CE6230StandaloneDriver.sys
    2011/09/03 14:54:07.0031 4352 ce6230BDACAP (21bcea4a57d7818a252f51674e2605dd) C:\WINDOWS\system32\DRIVERS\CE6230BDA.sys
    2011/09/03 14:54:07.0578 4352 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/09/03 14:54:07.0875 4352 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/09/03 14:54:08.0000 4352 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/09/03 14:54:08.0234 4352 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/09/03 14:54:08.0484 4352 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/09/03 14:54:08.0718 4352 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/09/03 14:54:08.0921 4352 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/09/03 14:54:09.0203 4352 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    2011/09/03 14:54:09.0359 4352 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/09/03 14:54:09.0609 4352 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
    2011/09/03 14:54:09.0671 4352 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/09/03 14:54:09.0906 4352 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/09/03 14:54:10.0156 4352 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/09/03 14:54:10.0265 4352 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/09/03 14:54:10.0406 4352 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/09/03 14:54:10.0500 4352 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/09/03 14:54:10.0625 4352 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
    2011/09/03 14:54:10.0781 4352 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/09/03 14:54:11.0062 4352 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/09/03 14:54:12.0687 4352 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
    2011/09/03 14:54:12.0859 4352 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/09/03 14:54:12.0968 4352 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/09/03 14:54:13.0187 4352 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/09/03 14:54:13.0421 4352 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/09/03 14:54:13.0625 4352 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/09/03 14:54:13.0875 4352 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/09/03 14:54:14.0250 4352 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/09/03 14:54:14.0578 4352 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/09/03 14:54:14.0953 4352 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/09/03 14:54:15.0296 4352 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/09/03 14:54:15.0515 4352 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/09/03 14:54:15.0687 4352 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/09/03 14:54:15.0828 4352 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/09/03 14:54:15.0937 4352 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/09/03 14:54:16.0203 4352 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/09/03 14:54:16.0468 4352 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys
    2011/09/03 14:54:16.0828 4352 IntcAzAudAddService (3b63ff522b0ebe4e685860b18ccb8e22) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/09/03 14:54:17.0312 4352 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/09/03 14:54:17.0468 4352 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/09/03 14:54:17.0750 4352 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/09/03 14:54:17.0828 4352 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/09/03 14:54:18.0046 4352 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/09/03 14:54:18.0203 4352 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/09/03 14:54:18.0375 4352 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/09/03 14:54:18.0531 4352 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/09/03 14:54:18.0609 4352 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/09/03 14:54:18.0828 4352 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/09/03 14:54:19.0187 4352 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/09/03 14:54:20.0468 4352 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/09/03 14:54:21.0437 4352 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/09/03 14:54:21.0625 4352 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
    2011/09/03 14:54:21.0750 4352 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/09/03 14:54:22.0062 4352 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/09/03 14:54:22.0250 4352 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/09/03 14:54:22.0484 4352 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/09/03 14:54:22.0718 4352 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/09/03 14:54:22.0906 4352 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/09/03 14:54:23.0093 4352 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/09/03 14:54:23.0234 4352 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/09/03 14:54:23.0375 4352 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/09/03 14:54:23.0531 4352 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/09/03 14:54:23.0750 4352 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/09/03 14:54:24.0031 4352 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/09/03 14:54:24.0156 4352 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/09/03 14:54:24.0328 4352 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/09/03 14:54:24.0453 4352 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/09/03 14:54:24.0546 4352 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/09/03 14:54:24.0750 4352 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/09/03 14:54:24.0890 4352 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/09/03 14:54:25.0000 4352 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/09/03 14:54:25.0062 4352 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/09/03 14:54:25.0375 4352 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/09/03 14:54:25.0515 4352 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/09/03 14:54:25.0671 4352 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/09/03 14:54:25.0828 4352 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
    2011/09/03 14:54:26.0000 4352 nmwcd (f526ece21635b47efa6ecb5697abf03c) C:\WINDOWS\system32\drivers\nmwcd.sys
    2011/09/03 14:54:26.0328 4352 nmwcdc (f36f557d3804c05479662ee246d4bdd0) C:\WINDOWS\system32\drivers\nmwcdc.sys
    2011/09/03 14:54:26.0609 4352 nmwcdcj (19dbcbf6a00c92ba79564400ab082b61) C:\WINDOWS\system32\drivers\nmwcdcj.sys
    2011/09/03 14:54:26.0984 4352 nmwcdcm (19dbcbf6a00c92ba79564400ab082b61) C:\WINDOWS\system32\drivers\nmwcdcm.sys
    2011/09/03 14:54:27.0125 4352 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys
    2011/09/03 14:54:27.0328 4352 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/09/03 14:54:27.0515 4352 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/09/03 14:54:27.0734 4352 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
    2011/09/03 14:54:27.0828 4352 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/09/03 14:54:27.0921 4352 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/09/03 14:54:27.0984 4352 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/09/03 14:54:28.0078 4352 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
    2011/09/03 14:54:28.0265 4352 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/09/03 14:54:28.0359 4352 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/09/03 14:54:29.0859 4352 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
    2011/09/03 14:54:30.0031 4352 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2011/09/03 14:54:30.0234 4352 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/09/03 14:54:30.0609 4352 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/09/03 14:54:30.0781 4352 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/09/03 14:54:32.0265 4352 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/09/03 14:54:32.0484 4352 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/09/03 14:54:32.0734 4352 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/09/03 14:54:32.0890 4352 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/09/03 14:54:32.0953 4352 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/09/03 14:54:33.0187 4352 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/09/03 14:54:33.0390 4352 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/09/03 14:54:33.0625 4352 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/09/03 14:54:33.0859 4352 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/09/03 14:54:34.0078 4352 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/09/03 14:54:34.0156 4352 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/09/03 14:54:34.0281 4352 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/09/03 14:54:34.0406 4352 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/09/03 14:54:34.0468 4352 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/09/03 14:54:34.0625 4352 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/09/03 14:54:34.0718 4352 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/09/03 14:54:34.0921 4352 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/09/03 14:54:35.0093 4352 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/09/03 14:54:35.0265 4352 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/09/03 14:54:35.0546 4352 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
    2011/09/03 14:54:35.0671 4352 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/09/03 14:54:35.0953 4352 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/09/03 14:54:36.0312 4352 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/09/03 14:54:36.0468 4352 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/09/03 14:54:36.0625 4352 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
    2011/09/03 14:54:36.0843 4352 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    2011/09/03 14:54:37.0437 4352 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/09/03 14:54:37.0609 4352 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/09/03 14:54:37.0781 4352 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/09/03 14:54:38.0296 4352 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/09/03 14:54:38.0484 4352 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/09/03 14:54:38.0484 4352 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/09/03 14:54:38.0500 4352 sptd - detected LockedFile.Multi.Generic (1)
    2011/09/03 14:54:38.0703 4352 sp_rsdrv2 (ccd6e6c387e3efa3ba5fe0e7883821c1) C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2011/09/03 14:54:38.0921 4352 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/09/03 14:54:39.0515 4352 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/09/03 14:54:39.0734 4352 ss_bbus (eaa66218cd39f5bb1b4853a78c67c787) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
    2011/09/03 14:54:40.0062 4352 ss_bmdfl (91765f99914ed8693d8bc76524f21581) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
    2011/09/03 14:54:40.0359 4352 ss_bmdm (840e7b738b03c10ee91d9b7d3d6eff15) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
    2011/09/03 14:54:40.0687 4352 StillCam (3f669c9fc6411bdbc0155544aa876e46) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2011/09/03 14:54:40.0890 4352 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/09/03 14:54:41.0078 4352 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/09/03 14:54:41.0265 4352 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/09/03 14:54:41.0500 4352 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/09/03 14:54:41.0734 4352 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/09/03 14:54:41.0953 4352 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/09/03 14:54:42.0171 4352 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/09/03 14:54:42.0375 4352 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    2011/09/03 14:54:42.0562 4352 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/09/03 14:54:42.0703 4352 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/09/03 14:54:42.0890 4352 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/09/03 14:54:43.0031 4352 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/09/03 14:54:43.0171 4352 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/09/03 14:54:43.0281 4352 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
    2011/09/03 14:54:43.0515 4352 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/09/03 14:54:43.0828 4352 tvicport (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
    2011/09/03 14:54:44.0015 4352 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
    2011/09/03 14:54:44.0156 4352 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/09/03 14:54:44.0375 4352 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/09/03 14:54:44.0625 4352 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/09/03 14:54:44.0828 4352 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/09/03 14:54:45.0078 4352 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/09/03 14:54:45.0187 4352 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/09/03 14:54:45.0296 4352 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    2011/09/03 14:54:45.0421 4352 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/09/03 14:54:45.0750 4352 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/09/03 14:54:45.0859 4352 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/09/03 14:54:45.0953 4352 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    2011/09/03 14:54:46.0000 4352 USB_RNDIS_51 (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
    2011/09/03 14:54:46.0687 4352 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/09/03 14:54:46.0937 4352 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/09/03 14:54:47.0265 4352 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/09/03 14:54:47.0562 4352 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/09/03 14:54:47.0968 4352 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/09/03 14:54:48.0281 4352 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    2011/09/03 14:54:48.0984 4352 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/09/03 14:54:49.0375 4352 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/09/03 14:54:49.0687 4352 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/09/03 14:54:50.0062 4352 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/09/03 14:54:50.0796 4352 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/09/03 14:54:51.0343 4352 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/09/03 14:54:51.0593 4352 yukonwxp (c25bfca4b997859f4857e396507838d9) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    2011/09/03 14:54:51.0890 4352 zntport (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
    2011/09/03 14:54:52.0031 4352 MBR (0x1B8) (0c523de221afdce53b8be886a6514650) \Device\Harddisk0\DR0
    2011/09/03 14:54:52.0046 4352 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/09/03 14:54:52.0062 4352 Boot (0x1200) (b80be2ce5fa35092dc4470ff5d79927d) \Device\Harddisk0\DR0\Partition0
    2011/09/03 14:54:52.0093 4352 Boot (0x1200) (b023885310a42ebd494fef12feed24f5) \Device\Harddisk0\DR0\Partition1
    2011/09/03 14:54:52.0093 4352 ================================================================================
    2011/09/03 14:54:52.0093 4352 Scan finished
    2011/09/03 14:54:52.0093 4352 ================================================================================
    2011/09/03 14:54:52.0125 5440 Detected object count: 2
    2011/09/03 14:54:52.0125 5440 Actual detected object count: 2
    2011/09/03 14:56:54.0187 5440 LockedFile.Multi.Generic(sptd) - User select action: Skip
    2011/09/03 14:56:54.0187 5440 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
    2011/09/03 14:56:54.0187 5440 \Device\Harddisk0\DR0 - ok
    2011/09/03 14:56:54.0187 5440 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
    2011/09/03 14:57:01.0468 1948 Deinitialize success
    0
  18. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Bah AVG est très bon ;)
    TDSS Killer a bien travaillé, ton système doit être un peu plus stable et rapide non ? :)

    Reste encore pas mal de ménage à effectuer !

    Télécharge AD-Remover sur ton Bureau : (TeamXScript)

    http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
    OU
    https://www.androidworld.fr/ ( Miroir )

    /!\ Ferme toutes applications en cours /!\

    ▶ Double-clique sur l'icône Ad-remover située sur ton Bureau.
    ▶ Sur la page, clique sur le bouton « Scanner »
    ▶ Confirme le lancement du scan
    ▶ Laisse travailler l'outil.
    ▶ Quand il a fini, un rapport s'ouvrira : ferme le.

    ♦ Pour me transmettre le rapport

    clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier C:\Ad-Report-SCAN[1].txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    Bonne soirée.
    0
  19. benchris
     
    Merci pour tout le temps que tu passes à résoudre mon problème.

    Bonne soirée également. Dis moi simplement si c'est fini pour ce soir ou s'il y a encore du boulot.
    Bonne soirée

    http://www.cijoint.fr/cjlink.php?file=cj201109/cij7YCBPq0.txt
    0
  20. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Non, c'est pas encore fini :P

    enfin t'es pas obligé de faire ça ce soir si tu n'as pas envie !

    ▶ Relance AD-Remover, clique sur [ Nettoyer ]
    ▶ Laisse le pc redémarrer.
    ▶ Une fois revenu sur le bureau, le rapport devrait s'ouvrir : ferme-le

    ♦ Pour me transmettre le rapport

    clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier C:\Ad-Report-CLEAN[1].txt

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.
    0
  • 1
  • 2
  • 3