Aller au contenu

Fanoz

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    30

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Fanoz

  1. Fanoz
    J'ai finalement formaté mon PC. Le problème semble avoir disparu. Merci Pears pour le temps passé à m'aider.
  2. Fanoz
    J'ai lancé live USB, réussi à faire l'update de la base mais impossible de lancer le scan. J'ai pour erreur "segmentation fault". Je vais donc tenter aswMBR, même si ton oui mais m'intrigue un peu...
  3. Fanoz
    Impossible de lancer cureit. J'ai téléchargé la version 6 mais l'analyse se stoppe en plein milieu... Faut-il formater le PC (si oui la copie de documents telles que des vidéos, images, sons et doc divers peut-elle transmettre le virus ?) Ou y a t-il une solution moins radicale ? Dans tous les cas merci pour l'aide que tu m'as déjà apporté.
  4. Fanoz
    Pas mieux en démarrage normal.
  5. Fanoz
    le rapport Adwcleaner S1 # AdwCleaner v1.408 - Rapport créé le 04/02/2012 à 21:52:05 # Mis à jour le 29/01/2012 par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits) # Nom d'utilisateur : Sophie et Arnaud - NICOLAS (Administrateur) # Exécuté depuis : C:\Documents and Settings\Sophie et Arnaud\Bureau\adwcleaner.exe # Option [suppression] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Supprimé : C:\Documents and Settings\Sophie et Arnaud\Application Data\pdfforge ***** [Registre] ***** Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.DllInfo Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDF Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFLine Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFText Clé Supprimée : HKLM\SOFTWARE\Classes\pdfforge.Tools Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2} Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v9.0.1 (fr) Profil : 2d37i5be.default Fichier : C:\Documents and Settings\Sophie et Arnaud\Application Data\Mozilla\Firefox\Profiles\2d37i5be.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. Profil : qmk1w2dt.default Fichier : C:\Documents and Settings\Sophie et Arnaud\Application Data\Mozilla\Firefox\Profiles\qmk1w2dt.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. -\\ Google Chrome v16.0.912.75 Fichier : C:\Documents and Settings\Sophie et Arnaud\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [2242 octets] - [04/02/2012 21:49:47] AdwCleaner[s1].txt - [2186 octets] - [04/02/2012 21:52:05] ************************* Dossier Temporaire : 262 dossier(s) et 949 fichier(s) supprimés ########## EOF - C:\AdwCleaner[s1].txt - [2410 octets] ##########
  6. Fanoz
    Voici le rapport de AdwCleaner[R1] # AdwCleaner v1.408 - Rapport créé le 04/02/2012 à 21:49:47 # Mis à jour le 29/01/2012 par Xplode # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits) # Nom d'utilisateur : Sophie et Arnaud - NICOLAS (Administrateur) # Exécuté depuis : C:\Documents and Settings\Sophie et Arnaud\Bureau\adwcleaner.exe # Option [Recherche] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Présent : C:\Documents and Settings\Sophie et Arnaud\Application Data\pdfforge ***** [Registre] ***** Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.DllInfo Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDF Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFEncryptor Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFLine Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.PDF.PDFText Clé Présente : HKLM\SOFTWARE\Classes\pdfforge.Tools Clé Présente : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212 Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2} Clé Présente : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe ***** [Navigateurs] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v9.0.1 (fr) Profil : 2d37i5be.default Fichier : C:\Documents and Settings\Sophie et Arnaud\Application Data\Mozilla\Firefox\Profiles\2d37i5be.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. Profil : qmk1w2dt.default Fichier : C:\Documents and Settings\Sophie et Arnaud\Application Data\Mozilla\Firefox\Profiles\qmk1w2dt.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. -\\ Google Chrome v16.0.912.75 Fichier : C:\Documents and Settings\Sophie et Arnaud\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [2113 octets] - [04/02/2012 21:49:47] ########## EOF - C:\AdwCleaner[R1].txt - [2241 octets] ##########
  7. Fanoz
    J'ai reussi à faire l'analyse de ZHPDiag. Voici le rapport : Lien CJoint.com BBdxt7c8MHR
  8. Fanoz
    Voici les differents rapports (je fais plusieurs post avant que le pc plante) SCAN RogueKiller V7.0.2 [30/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Sophie et Arnaud [Droits d'admin] Mode: Recherche -- Date : 03/02/2012 22:24:33 ¤¤¤ Processus malicieux: 1 ¤¤¤ [sUSP PATH] clclean.0001 -- C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\clclean.0001 -> KILLED [TermProc] ¤¤¤ Entrees de registre: 1 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ARRAY +++++ --- User --- [MBR] 28411b833e7651201e91afa012f2e56a [bSP] dd59bbcbdb27dafd51a14e93e4b721f8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 300355 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 615241305 | Size: 4753 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt RogueKiller V7.0.2 [30/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Sophie et Arnaud [Droits d'admin] Mode: HOSTS RAZ -- Date : 03/02/2012 22:37:03 ¤¤¤ Processus malicieux: 1 ¤¤¤ [sUSP PATH] clclean.0001 -- C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\clclean.0001 -> KILLED [TermProc] ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt RogueKiller V7.0.2 [30/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Sophie et Arnaud [Droits d'admin] Mode: HOSTS RAZ -- Date : 03/02/2012 22:38:32 ¤¤¤ Processus malicieux: 1 ¤¤¤ [sUSP PATH] clclean.0001 -- C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\clclean.0001 -> KILLED [TermProc] ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt RogueKiller V7.0.2 [30/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Sophie et Arnaud [Droits d'admin] Mode: Proxy RAZ -- Date : 03/02/2012 22:39:04 ¤¤¤ Processus malicieux: 1 ¤¤¤ [sUSP PATH] clclean.0001 -- C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\clclean.0001 -> KILLED [TermProc] ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ Termine : << RKreport[5].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt RogueKiller V7.0.2 [30/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode normal Utilisateur: Sophie et Arnaud [Droits d'admin] Mode: DNS RAZ -- Date : 03/02/2012 22:39:34 ¤¤¤ Processus malicieux: 1 ¤¤¤ [sUSP PATH] clclean.0001 -- C:\DOCUME~1\SOPHIE~1\LOCALS~1\Temp\clclean.0001 -> KILLED [TermProc] ¤¤¤ Driver: [CHARGE] ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ Termine : << RKreport[6].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt RogueKiller V7.0.2 [30/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode sans echec avec prise en charge reseau Utilisateur: Sophie et Arnaud [Droits d'admin] Mode: Recherche -- Date : 03/02/2012 22:45:36 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ARRAY +++++ --- User --- [MBR] 28411b833e7651201e91afa012f2e56a [bSP] dd59bbcbdb27dafd51a14e93e4b721f8 : MBR Code unknown Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 47 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 96390 | Size: 300355 Mo 2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 615241305 | Size: 4753 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: CBM Flash Disk USB Device +++++ --- User --- [MBR] 0f730f6db93f0eaa04c4bd286a0dc75a [bSP] fe75591b410adf391070ed4d842e5fba : MBR Code unknown Partition table: 0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 2019 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[7].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt RogueKiller V7.0.2 [30/01/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/45) Blog: tigzy-RK Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version Demarrage : Mode sans echec avec prise en charge reseau Utilisateur: Sophie et Arnaud [Droits d'admin] Mode: Raccourcis RAZ -- Date : 03/02/2012 22:49:40 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Attributs de fichiers restaures: ¤¤¤ Bureau: Success 0 / Fail 0 Lancement rapide: Success 0 / Fail 0 Programmes: Success 3 / Fail 0 Menu demarrer: Success 0 / Fail 0 Dossier utilisateur: Success 85 / Fail 0 Mes documents: Success 88 / Fail 0 Mes favoris: Success 0 / Fail 0 Mes images: Success 0 / Fail 0 Ma musique: Success 0 / Fail 0 Mes videos: Success 0 / Fail 0 Disques locaux: Success 638 / Fail 0 Sauvegarde: [NOT FOUND] Lecteurs: [C:] \Device\HarddiskVolume2 -- 0x3 --> Restored [D:] \Device\Harddisk2\DP(1)0-0+a -- 0x2 --> Restored [E:] \Device\Harddisk3\DP(1)0-0+b -- 0x2 --> Restored [F:] \Device\Harddisk4\DP(1)0-0+c -- 0x2 --> Restored [G:] \Device\Harddisk5\DP(1)0-0+d -- 0x2 --> Restored [H:] \Device\CdRom0 -- 0x5 --> Skipped [i:] \Device\Harddisk1\DP(1)0-0+5 -- 0x2 --> Restored ¤¤¤ Infection : ¤¤¤ Termine : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
  9. Fanoz
    Impossible de terminer l'analyse de ZHPDiag. J'ai le message suivant pendant l'analyse (dans la barre des tâches) : ZHPDiag: ZHPDiag.exe - fichier endommagé . Il me trouve le fichier dans des répertoires dans rapports (du style mes images) et me dit d'utiliser l'utilitaire CHKDSK.
  10. Fanoz
    Bonjour, Depuis hier sans raison apparente mon PC plante. L'antivirus (kaspersky 2012 à jour) ne se lance plus. Quand je le lance à la main je n'ai que des messages d'erreurs. Idem quand je lance un navigateur (Firefox ou chrome) ça plante. Impossible de faire une analyse en ligne donc. J'ai voulu faire une restauration du système mais la procédure ne marche pas. Ca plante aussi. Que faire ? Merci pour votre aide. Arnaud
  11. Fanoz
    Qu'est ce que le PSI ? Dans tous les cas un très grand merci pour ton aide et tout ce temps passé sur mon PC ! Dernière question, je suis sur Mc Afee pour l'antivirus et le firewall. Visiblement ce n'est pas efficace et en plus je paie pour ça... Que me conseilles tu en remplacement ? A+
  12. Fanoz
    L'analyse de VRT 2010 en mode sans echec m'annonce qu'il n'y a aucun problème. Peut-on considérer que le problème est résolu ou faut-il faire d'autres vérifications ?
  13. Fanoz
    ESET m'affiche une erreur pendant l'installation (décidément...). J'ai donc supprimé VRT 2011, téléchargé le 2010 (comme demandé la 1ère fois) et relancé la machine en mode sans échec. L'analyse est en cours, résultat ce soir (en quelques lignes j'espère ! ) Bonne journée à toi
  14. Fanoz
    Bonjour Apollo, Le rapport de Kaspersky AVP Tool 2011 est ici. Le fichier est lourd (96 Mo). Faut-il refaire une analyse avec la version 2010 ? Sais-tu comment désinstaller cette version demo car il n'y a pas d'uninstall, et elle n'est pas présente dans ajout/suppression de programme. J'ai peur qu'en laissant cette version installée il y ait un conflit avec mon antivirus actuel (mcafee). J'ai également desintallé les différentes versions de java pour ne garder que celle que tu m'as conseillé. Encore un grand merci pour ton aide précieuse.
  15. Fanoz
    J'ai installé la version 2011 de Kaspersky au final. L'analyse est en cours. Je desinstallerai ensuite les vieilles version de Java. Bonne nuit
  16. Fanoz
    Pas de chance le lien ne semble plus fonctionner. Ni sur d'autres sites. J'ai trouvé le setup sur des sites de partage de fichier mais pas sûr que ce soit clean clean...
  17. Fanoz
    bien qu'ayant suivi les instructions pour afficher les fichiers cachés, je n'ai pas de dossier f4 dans application data.
  18. Fanoz
    même problème en mode sans échec. Voici donc les liens pour le fichier info.txt Download info.txt from Sendspace.com - send big files the easy way et l'autre pour le fichier log.txt Download log.txt from Sendspace.com - send big files the easy way
  19. Fanoz
    Bonsoir Apollo, Impossible d'aller au bout de l'analyse de ZHPDiag. Au bout d'un moment je tombe sur un écran bleu. Le message d'erreur n'est pas clair mais voilà ce que j'ai noté (au cas ou): Stop: (0x0000007E (0XC0000005, 0XB7E6FC97, 0XB855FC04, 0CB855F900) iastor.sys - address B7E6FC97 base at B7E6B0000, datestamp 44 ad174b)
  20. Fanoz
    Effectivement l'analyse était plutôt longue (+ de 9h). L'UC ne tourne désormais plus à 100% en continue, c'est donc une première victoire et je t'en remercie grandement ! Il reste désormais des problèmes au démarrage (messages d'erreur) mais on est sur le bon chemin. Voici donc le rapport de Mbam : Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Version de la base de données: 6205 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 30/03/2011 08:46:20 mbam-log-2011-03-30 (08-46-20).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 331669 Temps écoulé: 9 heure(s), 20 minute(s), 1 seconde(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): c:\WINDOWS\Cgufea.exe (Trojan.Downloader) -> 5340 -> Unloaded process successfully. Module(s) mémoire infecté(s): c:\WINDOWS\dmxp50.dll (Trojan.Hiloti) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\OUU6KC5WPX (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Odajipataxu (Trojan.Hiloti) -> Value: Odajipataxu -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BSRURUF55J (Trojan.Downloader) -> Value: BSRURUF55J -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OUU6KC5WPX (Trojan.FakeAlert) -> Value: OUU6KC5WPX -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NtWqIVLZEWZU (Trojan.FakeAlert) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\Documents and Settings\Arnaud Nicolas\Local Settings\temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot. c:\WINDOWS\dmxp50.dll (Trojan.Hiloti) -> Delete on reboot. c:\WINDOWS\Cgufea.exe (Trojan.Downloader) -> Delete on reboot. c:\documents and settings\arnaud nicolas\local settings\temp\xmroanscwe.tmp (Adware.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Cgufeb.exe (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\$ntservicepackuninstall$\userinit.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
  21. Fanoz
    et le second rapport d'Ad-R ======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 01/03/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 20:09:29 le 29/03/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Arnaud Nicolas@ARNAUD_SOPHIE ( ) ============== ACTION(S) ============== Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp Dossier supprimé: C:\Documents and Settings\Arnaud Nicolas\Application Data\Mozilla\FireFox\Profiles\fl4rlnez.default\conduit Dossier supprimé: C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Conduit Dossier supprimé: C:\Documents and Settings\Arnaud Nicolas\Application Data\OfferBox Dossier supprimé: C:\Program Files\OfferBox (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\Conduit.Engine Clé supprimée: HKLM\Software\Classes\Toolbar.CT2737658 Clé supprimée: HKLM\Software\OfferBox Clé supprimée: HKLM\Software\Conduit Clé supprimée: HKCU\Software\OfferBox Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [3.6.13 (fr)] **** Plugins\npdivx32.dll (DivX,Inc.) Plugins\npDivxPlayerPlugin.dll (DivX, Inc) HKLM_MozillaPlugins\@idsoftware.com/QuakeLive (x) HKLM_MozillaPlugins\@movenetworks.com/Quantum Media Player (x) HKLM_MozillaPlugins\@unity3d.com/UnityPlayer (x) HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x) Components\Scriptff.dll (McAfee, Inc.) -- C:\Documents and Settings\Arnaud Nicolas\Application Data\Mozilla\FireFox\Profiles\fl4rlnez.default -- Extensions\battlefieldheroespatcher@ea.com (Battlefield Heroes Updater) Extensions\eafo3fflauncher@ea.com (FIFA Online Web Launcher) Extensions\firebug@software.joehewitt.com (Firebug) Extensions\firegestures@xuldev.org (FireGestures) Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} (Delicious Bookmarks) Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer) Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} (User Agent Switcher) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Arnaud Nicolas\\Bureau Prefs.js - browser.search.defaultenginename, Bing Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q= Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.google.fr/ Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13 -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\pb4sczhd.default -- Extensions\staged-xpis (?) Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3 ======================================== **** Google Chrome Version [10.0.648.204] **** Extension - jfmjfhklogoienhpfnppmbcbjfjnkonk (x) -- C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google France - France" (Activé: true) (hxxp://www.google.fr/search?hl=fr&q={searchTerms}&meta=cr%3DcountryFR) Preferences - homepage: about:blank Preferences - homepage_is_newtabpage: false Plugin - Windows Genuine Advantage (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll) Plugin - RealJukebox NS Plugin (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll) Plugin - Quake Live (Activé: true) (C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll) Plugin - Unity Player (Activé: true) (C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll) Plugin - Veetle TV Player (Activé: true) (C:\Program Files\Veetle\Player\npvlc.dll) Plugin - Veetle TV Core (Activé: true) (C:\Program Files\Veetle\plugins\npVeetle.dll) Plugin - 3DVIA Player (Activé: true) (C:\Program Files\Virtools\3D Life Player\npvirtools.dll) Plugin - "DivX Player" (Activé: true) Plugin - "DivX Player Netscape Plugin" (Activé: true) Plugin - "Windows Genuine Advantage" (Activé: true) Plugin - "Picasa" (Activé: true) Plugin - "Unity Player" (Activé: true) Plugin - "DivX\u00AE Content Upload Plugin" (Activé: true) Plugin - "Veetle TV Core" (Activé: true) Plugin - "Quake Live" (Activé: true) Plugin - "RealJukebox NS Plugin" (Activé: true) Plugin - "3DVIA Player" (Activé: true) Plugin - "Veetle TV Player" (Activé: true) ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896 HKCU_Main|Start Page - hxxp://fr.msn.com/ HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM_Main|Start Page - hxxp://fr.msn.com/ HKCU_SearchScopes\{E1A2548C-95E8-47AD-BA3A-9877AFDDC525} - "Cadremploi.fr" (hxxp://ie8.cadremploi.fr/redirection.php?maSelec={searchTerms}) HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\4c9c91c9-117e-4358-9f16-2a6bc3281cb4 - C:\Program Files\FreeOnlineRadioPlayerRecorder\FreeOnlineRadioPlayerRecorderToolbarHelper.exe (x) HKLM_ElevationPolicy\{1e4fdd89-2c33-4fb3-b884-813f40bc46cf} - C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe (x) HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.) HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar3user.exe (?) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_Extensions\{A573D71B-951B-4BAD-B8CC-708AE84769C9} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{5CA3D70E-1895-11CF-8E15-001234567890} - "DriveLetterAccess" (C:\WINDOWS\System32\DLA\DLASHX_W.DLL) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{7418E5F5-0E48-4144-8F92-5CA791C82396} (?) BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20110127201913.dll) BHO\{bf00e119-21a3-4fd1-b178-3b8537e75c92} - "IeMonitorBho Class" (C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll) BHO\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - "CBrowserHelperObject Object" (C:\Program Files\BAE\BAE.dll) BHO\{DE713078-8012-4B75-92BA-398D4642A64B} (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 9 Fichier(s) C:\Program Files\Ad-Remover\Backup: 2 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 29/03/2011 20:09:49 (1327 Octet(s)) C:\Ad-Report-SCAN[1].txt - 29/03/2011 19:49:08 (8382 Octet(s)) Fin à: 20:10:44, 29/03/2011 ============== E.O.F ==============
  22. Fanoz
    Voici le 1er rapport de Ad-R ======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 01/03/11 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix - SEAF C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 19:48:47 le 29/03/2011, Mode normal Microsoft Windows XP Professionnel Service Pack 3 (X86) Arnaud Nicolas@ARNAUD_SOPHIE ( ) ============== RECHERCHE ============== Fichier trouvé: C:\WINDOWS\system32\ConduitEngine.tmp Dossier trouvé: C:\Documents and Settings\Arnaud Nicolas\Application Data\Mozilla\FireFox\Profiles\fl4rlnez.default\conduit Dossier trouvé: C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Conduit Dossier trouvé: C:\Documents and Settings\Arnaud Nicolas\Application Data\OfferBox Dossier trouvé: C:\Program Files\OfferBox Clé trouvée: HKLM\Software\Classes\Conduit.Engine Clé trouvée: HKLM\Software\Classes\Toolbar.CT2737658 Clé trouvée: HKLM\Software\OfferBox Clé trouvée: HKLM\Software\Conduit Clé trouvée: HKCU\Software\OfferBox Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Clé trouvée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom ============== SCAN ADDITIONNEL ============== **** Mozilla Firefox Version [3.6.13 (fr)] **** Plugins\npdivx32.dll (DivX,Inc.) Plugins\npDivxPlayerPlugin.dll (DivX, Inc) HKLM_MozillaPlugins\@idsoftware.com/QuakeLive (x) HKLM_MozillaPlugins\@movenetworks.com/Quantum Media Player (x) HKLM_MozillaPlugins\@unity3d.com/UnityPlayer (x) HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x) Components\Scriptff.dll (McAfee, Inc.) -- C:\Documents and Settings\Arnaud Nicolas\Application Data\Mozilla\FireFox\Profiles\fl4rlnez.default -- Extensions\battlefieldheroespatcher@ea.com (Battlefield Heroes Updater) Extensions\eafo3fflauncher@ea.com (FIFA Online Web Launcher) Extensions\firebug@software.joehewitt.com (Firebug) Extensions\firegestures@xuldev.org (FireGestures) Extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} (Delicious Bookmarks) Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} (Web Developer) Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1} (User Agent Switcher) Prefs.js - browser.download.lastDir, C:\\Documents and Settings\\Arnaud Nicolas\\Bureau Prefs.js - browser.search.defaultenginename, Bing Prefs.js - browser.search.defaulturl, hxxp://www.bing.com/search?FORM=IEFM1&q= Prefs.js - browser.search.selectedEngine, Google Prefs.js - browser.startup.homepage, hxxp://www.google.fr/ Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13 -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\pb4sczhd.default -- Extensions\staged-xpis (?) Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.3 ======================================== **** Google Chrome Version [10.0.648.204] **** Extension\bjeikeheijdjdfjbmknpefojickbkmom (C:\Program Files\OfferBox\OfferBoxChromeExtension.crx) (x) Extension - jfmjfhklogoienhpfnppmbcbjfjnkonk (x) -- C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\User Data\Default -- Preferences - default_search_provider: "Google France - France" (Activé: true) (hxxp://www.google.fr/search?hl=fr&q={searchTerms}&meta=cr%3DcountryFR) Preferences - homepage: about:blank Preferences - homepage_is_newtabpage: false Plugin - Windows Genuine Advantage (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll) Plugin - RealJukebox NS Plugin (Activé: true) (C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll) Plugin - Quake Live (Activé: true) (C:\Documents and Settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll) Plugin - Unity Player (Activé: true) (C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll) Plugin - Veetle TV Player (Activé: true) (C:\Program Files\Veetle\Player\npvlc.dll) Plugin - Veetle TV Core (Activé: true) (C:\Program Files\Veetle\plugins\npVeetle.dll) Plugin - 3DVIA Player (Activé: true) (C:\Program Files\Virtools\3D Life Player\npvirtools.dll) Plugin - "DivX Player" (Activé: true) Plugin - "DivX Player Netscape Plugin" (Activé: true) Plugin - "Windows Genuine Advantage" (Activé: true) Plugin - "Picasa" (Activé: true) Plugin - "Unity Player" (Activé: true) Plugin - "DivX\u00AE Content Upload Plugin" (Activé: true) Plugin - "Veetle TV Core" (Activé: true) Plugin - "Quake Live" (Activé: true) Plugin - "RealJukebox NS Plugin" (Activé: true) Plugin - "3DVIA Player" (Activé: true) Plugin - "Veetle TV Player" (Activé: true) ======================================== **** Internet Explorer Version [8.0.6001.18702] **** HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie HKCU_Main|SearchMigratedDefaultURL - hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 HKCU_Main|Search bar - hxxp://www.google.com/ie HKCU_Main|Search Page - hxxp://www.google.com HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157 HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - "FreeOnlineRadioPlayerRecorder Customized Web Search" (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...) HKCU_SearchScopes\{E1A2548C-95E8-47AD-BA3A-9877AFDDC525} - "Cadremploi.fr" (hxxp://ie8.cadremploi.fr/redirection.php?maSelec={searchTerms}) HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_ElevationPolicy\4c9c91c9-117e-4358-9f16-2a6bc3281cb4 - C:\Program Files\FreeOnlineRadioPlayerRecorder\FreeOnlineRadioPlayerRecorderToolbarHelper.exe (x) HKLM_ElevationPolicy\{1e4fdd89-2c33-4fb3-b884-813f40bc46cf} - C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe (x) HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.) HKLM_ElevationPolicy\{44295CB8-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar3user.exe (?) HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?) HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?) HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.) HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?) HKLM_Extensions\{A573D71B-951B-4BAD-B8CC-708AE84769C9} - "?" (?) HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?) BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll) BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?) BHO\{5CA3D70E-1895-11CF-8E15-001234567890} - "DriveLetterAccess" (C:\WINDOWS\System32\DLA\DLASHX_W.DLL) BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll) BHO\{7418E5F5-0E48-4144-8F92-5CA791C82396} (?) BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20110127201913.dll) BHO\{bf00e119-21a3-4fd1-b178-3b8537e75c92} - "IeMonitorBho Class" (C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll) BHO\{CA6319C0-31B7-401E-A518-A07C3DB8F777} - "CBrowserHelperObject Object" (C:\Program Files\BAE\BAE.dll) BHO\{DE713078-8012-4B75-92BA-398D4642A64B} (?) ======================================== C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files\Ad-Remover\Backup: 1 Fichier(s) C:\Ad-Report-SCAN[1].txt - 29/03/2011 19:49:08 (6186 Octet(s)) Fin à: 19:58:22, 29/03/2011 ============== E.O.F ==============
  23. Fanoz
    Voici le rapport de TDSSKiller 2011/03/29 19:11:53.0612 4352 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/29 19:11:55.0393 4352 ================================================================================ 2011/03/29 19:11:55.0393 4352 SystemInfo: 2011/03/29 19:11:55.0393 4352 2011/03/29 19:11:55.0393 4352 OS Version: 5.1.2600 ServicePack: 3.0 2011/03/29 19:11:55.0393 4352 Product type: Workstation 2011/03/29 19:11:55.0393 4352 ComputerName: ARNAUD_SOPHIE 2011/03/29 19:11:55.0393 4352 UserName: Arnaud Nicolas 2011/03/29 19:11:55.0393 4352 Windows directory: C:\WINDOWS 2011/03/29 19:11:55.0393 4352 System windows directory: C:\WINDOWS 2011/03/29 19:11:55.0393 4352 Processor architecture: Intel x86 2011/03/29 19:11:55.0393 4352 Number of processors: 2 2011/03/29 19:11:55.0393 4352 Page size: 0x1000 2011/03/29 19:11:55.0393 4352 Boot type: Normal boot 2011/03/29 19:11:55.0393 4352 ================================================================================ 2011/03/29 19:11:55.0659 4352 Initialize success 2011/03/29 19:12:01.0565 4768 ================================================================================ 2011/03/29 19:12:01.0565 4768 Scan started 2011/03/29 19:12:01.0565 4768 Mode: Manual; 2011/03/29 19:12:01.0565 4768 ================================================================================ 2011/03/29 19:12:02.0159 4768 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/03/29 19:12:02.0252 4768 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/03/29 19:12:02.0346 4768 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/03/29 19:12:02.0456 4768 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/03/29 19:12:02.0596 4768 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/03/29 19:12:02.0659 4768 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/03/29 19:12:02.0721 4768 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/03/29 19:12:02.0815 4768 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/03/29 19:12:02.0893 4768 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/03/29 19:12:02.0971 4768 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/03/29 19:12:03.0081 4768 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/03/29 19:12:03.0174 4768 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/03/29 19:12:03.0377 4768 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/03/29 19:12:03.0487 4768 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/03/29 19:12:03.0596 4768 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/03/29 19:12:03.0690 4768 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/03/29 19:12:03.0768 4768 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/03/29 19:12:03.0846 4768 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/03/29 19:12:03.0971 4768 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/03/29 19:12:04.0034 4768 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/03/29 19:12:04.0143 4768 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/03/29 19:12:04.0221 4768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/03/29 19:12:04.0268 4768 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/03/29 19:12:04.0518 4768 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/03/29 19:12:04.0549 4768 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/03/29 19:12:04.0643 4768 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/03/29 19:12:04.0690 4768 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/03/29 19:12:04.0752 4768 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/03/29 19:12:04.0815 4768 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/03/29 19:12:04.0893 4768 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys 2011/03/29 19:12:04.0987 4768 CmdIde (e3726ad522d0bdae090671048c991ab3) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/03/29 19:12:05.0096 4768 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/03/29 19:12:05.0252 4768 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 2011/03/29 19:12:05.0284 4768 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys 2011/03/29 19:12:05.0393 4768 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/03/29 19:12:05.0471 4768 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/03/29 19:12:05.0612 4768 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/03/29 19:12:05.0674 4768 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/03/29 19:12:05.0721 4768 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/03/29 19:12:05.0784 4768 DLADResN (bb445bcea5aa6bc695a56eb2fbb4686f) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/03/29 19:12:05.0831 4768 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/03/29 19:12:05.0862 4768 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/03/29 19:12:05.0893 4768 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/03/29 19:12:05.0956 4768 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/03/29 19:12:05.0987 4768 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/03/29 19:12:06.0018 4768 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/03/29 19:12:06.0096 4768 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys 2011/03/29 19:12:06.0159 4768 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys 2011/03/29 19:12:06.0221 4768 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/03/29 19:12:06.0252 4768 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/03/29 19:12:06.0315 4768 DNE (8101650993b2f79118d2bf24402c390d) C:\WINDOWS\system32\DRIVERS\dne2000.sys 2011/03/29 19:12:06.0409 4768 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/03/29 19:12:06.0502 4768 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/03/29 19:12:06.0565 4768 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/03/29 19:12:06.0612 4768 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/03/29 19:12:06.0690 4768 DSproct (2ac2372ffad9adc85672cc8e8ae14be9) C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys 2011/03/29 19:12:06.0768 4768 E100B (1961f8b618e3c20df54c146b294efd2a) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/03/29 19:12:06.0846 4768 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/03/29 19:12:06.0956 4768 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/03/29 19:12:07.0018 4768 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/03/29 19:12:07.0096 4768 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys 2011/03/29 19:12:07.0143 4768 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/03/29 19:12:07.0206 4768 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/03/29 19:12:07.0268 4768 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/03/29 19:12:07.0315 4768 FsVga (b71a69bb9cc88803f455341bd3992e0c) C:\WINDOWS\system32\DRIVERS\fsvga.sys 2011/03/29 19:12:07.0424 4768 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/03/29 19:12:07.0518 4768 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/03/29 19:12:07.0565 4768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/03/29 19:12:07.0627 4768 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/03/29 19:12:07.0706 4768 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/03/29 19:12:07.0752 4768 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/03/29 19:12:07.0815 4768 hnmwrlspkt (55d7308e1437c629d2e52787bda2cb45) C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys 2011/03/29 19:12:07.0831 4768 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/03/29 19:12:07.0877 4768 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/03/29 19:12:07.0940 4768 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/03/29 19:12:07.0987 4768 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/03/29 19:12:08.0096 4768 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/03/29 19:12:08.0206 4768 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/03/29 19:12:08.0284 4768 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/03/29 19:12:08.0362 4768 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/03/29 19:12:08.0440 4768 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys 2011/03/29 19:12:08.0549 4768 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/03/29 19:12:08.0643 4768 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/03/29 19:12:08.0706 4768 IntelIde (4b6da2f0a4095857a9e3f3697399d575) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/03/29 19:12:08.0752 4768 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/03/29 19:12:08.0799 4768 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/03/29 19:12:08.0862 4768 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/03/29 19:12:08.0940 4768 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/03/29 19:12:08.0987 4768 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/03/29 19:12:09.0065 4768 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/03/29 19:12:09.0112 4768 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/03/29 19:12:09.0190 4768 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/03/29 19:12:09.0237 4768 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/03/29 19:12:09.0284 4768 kbdhid (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/03/29 19:12:09.0346 4768 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/03/29 19:12:09.0440 4768 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/03/29 19:12:09.0674 4768 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys 2011/03/29 19:12:09.0737 4768 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys 2011/03/29 19:12:09.0862 4768 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys 2011/03/29 19:12:09.0956 4768 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys 2011/03/29 19:12:10.0096 4768 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys 2011/03/29 19:12:10.0206 4768 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/03/29 19:12:10.0268 4768 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys 2011/03/29 19:12:10.0377 4768 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys 2011/03/29 19:12:10.0471 4768 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys 2011/03/29 19:12:10.0549 4768 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/03/29 19:12:10.0612 4768 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/03/29 19:12:10.0737 4768 MOBKFilter (e896775837a8bce436348df460522394) C:\WINDOWS\system32\DRIVERS\MOBK.sys 2011/03/29 19:12:10.0831 4768 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys 2011/03/29 19:12:11.0034 4768 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys 2011/03/29 19:12:11.0190 4768 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/03/29 19:12:11.0237 4768 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/03/29 19:12:11.0471 4768 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/03/29 19:12:11.0581 4768 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/03/29 19:12:11.0674 4768 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/03/29 19:12:11.0831 4768 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/03/29 19:12:12.0018 4768 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/03/29 19:12:12.0159 4768 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/03/29 19:12:12.0346 4768 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/03/29 19:12:12.0471 4768 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/03/29 19:12:12.0596 4768 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/03/29 19:12:12.0737 4768 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/03/29 19:12:12.0846 4768 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys 2011/03/29 19:12:13.0002 4768 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/03/29 19:12:13.0112 4768 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/03/29 19:12:13.0159 4768 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/03/29 19:12:13.0237 4768 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/03/29 19:12:13.0331 4768 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/03/29 19:12:13.0362 4768 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/03/29 19:12:13.0471 4768 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/03/29 19:12:13.0627 4768 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/03/29 19:12:13.0768 4768 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/03/29 19:12:14.0002 4768 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/03/29 19:12:14.0721 4768 nv (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/03/29 19:12:15.0112 4768 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/03/29 19:12:15.0346 4768 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/03/29 19:12:15.0487 4768 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 2011/03/29 19:12:15.0534 4768 Packet (9a7fd6b64e78a8a0d79f372cfcc43e19) C:\WINDOWS\system32\DRIVERS\packet.sys 2011/03/29 19:12:15.0596 4768 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/03/29 19:12:15.0659 4768 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/03/29 19:12:15.0877 4768 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/03/29 19:12:16.0018 4768 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/03/29 19:12:16.0190 4768 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/03/29 19:12:16.0331 4768 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/03/29 19:12:16.0612 4768 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/03/29 19:12:16.0690 4768 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/03/29 19:12:16.0752 4768 PfModNT (ede8241b75dadef090aadb6c81c8e1d7) C:\WINDOWS\system32\drivers\PfModNT.sys 2011/03/29 19:12:16.0862 4768 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/03/29 19:12:16.0971 4768 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/03/29 19:12:17.0081 4768 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/03/29 19:12:17.0237 4768 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/03/29 19:12:17.0315 4768 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/03/29 19:12:17.0377 4768 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/03/29 19:12:17.0440 4768 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/03/29 19:12:17.0502 4768 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/03/29 19:12:17.0534 4768 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/03/29 19:12:17.0627 4768 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/03/29 19:12:17.0706 4768 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/03/29 19:12:17.0768 4768 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/03/29 19:12:17.0846 4768 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/03/29 19:12:17.0940 4768 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/03/29 19:12:17.0987 4768 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/03/29 19:12:18.0081 4768 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/03/29 19:12:18.0159 4768 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/03/29 19:12:18.0237 4768 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/03/29 19:12:18.0331 4768 s116bus (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys 2011/03/29 19:12:18.0409 4768 s116mdfl (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys 2011/03/29 19:12:18.0487 4768 s116mdm (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys 2011/03/29 19:12:18.0549 4768 s116mgmt (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys 2011/03/29 19:12:18.0643 4768 s116nd5 (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys 2011/03/29 19:12:18.0752 4768 s116obex (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys 2011/03/29 19:12:18.0831 4768 s116unic (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys 2011/03/29 19:12:18.0924 4768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/03/29 19:12:19.0018 4768 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/03/29 19:12:19.0081 4768 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/03/29 19:12:19.0237 4768 sfdrv01 (4c0d673281178cb496011a2e28571fc8) C:\WINDOWS\system32\drivers\sfdrv01.sys 2011/03/29 19:12:19.0315 4768 sfhlp02 (15be2b5e4dc5b8623cf167720682abc9) C:\WINDOWS\system32\drivers\sfhlp02.sys 2011/03/29 19:12:19.0393 4768 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/03/29 19:12:19.0518 4768 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys 2011/03/29 19:12:19.0737 4768 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/03/29 19:12:19.0831 4768 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/03/29 19:12:19.0924 4768 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/03/29 19:12:20.0096 4768 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys 2011/03/29 19:12:20.0346 4768 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/03/29 19:12:20.0440 4768 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/03/29 19:12:20.0565 4768 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys 2011/03/29 19:12:20.0627 4768 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/03/29 19:12:20.0690 4768 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/03/29 19:12:20.0799 4768 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/03/29 19:12:20.0862 4768 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/03/29 19:12:20.0956 4768 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/03/29 19:12:21.0034 4768 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/03/29 19:12:21.0112 4768 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/03/29 19:12:21.0206 4768 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/03/29 19:12:21.0268 4768 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/03/29 19:12:21.0315 4768 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/03/29 19:12:21.0815 4768 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/03/29 19:12:22.0299 4768 TosIde (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/03/29 19:12:22.0581 4768 TotRec7 (70a99bd4aa891470e70200807b83ea94) C:\WINDOWS\system32\drivers\TotRec7.sys 2011/03/29 19:12:22.0862 4768 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/03/29 19:12:23.0174 4768 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/03/29 19:12:23.0377 4768 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/03/29 19:12:23.0612 4768 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/03/29 19:12:23.0721 4768 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/03/29 19:12:23.0815 4768 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/03/29 19:12:24.0206 4768 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/03/29 19:12:24.0331 4768 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/03/29 19:12:24.0424 4768 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/03/29 19:12:24.0674 4768 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/03/29 19:12:24.0909 4768 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/03/29 19:12:25.0081 4768 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/03/29 19:12:25.0206 4768 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/03/29 19:12:25.0299 4768 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/03/29 19:12:25.0456 4768 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/03/29 19:12:25.0674 4768 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys 2011/03/29 19:12:26.0237 4768 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/03/29 19:12:26.0565 4768 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/03/29 19:12:26.0768 4768 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/03/29 19:12:26.0846 4768 wsppkt (e068d1f5d4abc1111566bcefe85f1ac2) C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys 2011/03/29 19:12:27.0081 4768 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/03/29 19:12:27.0221 4768 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/03/29 19:12:27.0299 4768 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/03/29 19:12:27.0377 4768 ================================================================================ 2011/03/29 19:12:27.0377 4768 Scan finished 2011/03/29 19:12:27.0377 4768 ================================================================================ 2011/03/29 19:12:27.0409 4740 Detected object count: 1 2011/03/29 19:12:46.0487 4740 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/03/29 19:12:46.0487 4740 \HardDisk0 - ok 2011/03/29 19:12:46.0487 4740 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/29 19:12:58.0206 1748 Deinitialize success
  24. Fanoz
    Merci pour ton aide rapide ! Impossible d'uploader une pièce jointe (ca ne fonctionne sur aucun site...) Voici donc un lien google doc dans lequel j'ai fait un copier coller rapport zhpdiag
  25. Fanoz
    Bonjour, Mon UC tourne à 100% en continue et donc mon PC rame terriblement. Bitdefender online me parle d'un trojan.Downloader.Agent.ABHU Voici le rapport hijackthis. Merci d'avance pour votre aide. Arnaud Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:03:59, on 28/03/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\stsystra.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\update\realsched.exe C:\DOCUME~1\ARNAUD~1\LOCALS~1\Temp\clclean.0001 C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\ARNAUD~1\LOCALS~1\Temp\Cf3.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Dell Support Center\gs_agent\dsc.exe C:\mariage\xampplite\apache\bin\httpd.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\McAfee Online Backup\MOBKbackup.exe C:\mariage\xampplite\mysql\bin\mysqld.exe C:\WINDOWS\System32\svchost.exe C:\mariage\xampplite\apache\bin\httpd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\McAfee\SystemCore\mcshield.exe C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\DOCUME~1\ARNAUD~1\LOCALS~1\Temp\Cf6.exe C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\Cgufea.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\Cgufea.exe C:\Documents and Settings\Arnaud Nicolas\Mes documents\Téléchargements\HijackThis.exe C:\WINDOWS\Cgufea.exe C:\WINDOWS\Cgufea.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\Cgufea.exe C:\WINDOWS\Cgufea.exe C:\Program Files\Real\RealPlayer\RealPlay.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3070129 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20110127201913.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - (no file) O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Arnaud Nicolas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [OUU6KC5WPX] C:\DOCUME~1\ARNAUD~1\LOCALS~1\Temp\Cf3.exe O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\DOCUME~1\ARNAUD~1\LOCALS~1\Temp\Cf6.exe O4 - HKCU\..\Run: [Odajipataxu] rundll32.exe "C:\WINDOWS\dmxp50.dll",Startup O4 - HKCU\..\Run: [bSRURUF55J] C:\WINDOWS\Cgufea.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {A573D71B-951B-4BAD-B8CC-708AE84769C9} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab O16 - DPF: {DF9C24D1-030E-49ED-5EB5-D6610086C313} - http://www.superstarracing.net/miniclip/ChatRepublicPlayer.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\mariage\xampplite\apache\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Fichiers communs\Creative Labs Shared\Service\CreativeLicensing.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Unknown owner - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (file missing) O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Service McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: 1% (MOBKbackup) - Unknown owner - C:\Program Files\McAfee Online Backup\MOBKbackup.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe O23 - Service: MySQL - MySQL AB - C:\mariage\xampplite\mysql\bin\mysqld.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 17849 bytes
×
×
  • Créer...