Probleme Malware Spyware... Virus
Dernière réponse : dans Sécurité
bonjour apres un passage sur le net google chrome a enregistrer "memory fixer " sur mon pc.....
Il s'agirait d'un malware mon anti virus avira en a supprimer des parties mais google chrome ne fonctionne plus
pouvez vous m'aider merci
Il s'agirait d'un malware mon anti virus avira en a supprimer des parties mais google chrome ne fonctionne plus
pouvez vous m'aider merci
Autres pages sur : probleme malware spyware virus
Lassé par la pub ? Créez un compte
Bonsoir
Il est tout neuf ce rogue:
http://forum.malekal.com/memory-fixer-t30773.html
à faire dans l'ordre:
1
Télécharge![]()
DDS et sauvegarde-le sur ton bureau.
Désactive tout script bloquant, tels qu'un antivirus, un logiciel comme ad-block, noscript etc.
Double-clique sur dds.scr pour lancer l'outil.
Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
Clique Oui à la prochaine invite Optional Scan.
Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt.
2
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
Poste ce rapport.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide : Comment utiliser MBAM.
Il est tout neuf ce rogue:
http://forum.malekal.com/memory-fixer-t30773.html
à faire dans l'ordre:
1
Télécharge
DDS et sauvegarde-le sur ton bureau.2
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Une fois l'installation et la mise à jour effectuées :
~ Si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
~~ Si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
Note : Si tu ne parviens à télécharger MBAM à partir de MajorGeeks, tu peux le télécharger ici!
[#FF0000]Aide :
voici le dds txt
DDS (Ver_10-12-12.02) - NTFSx86
Run by fred at 19:51:48,68 on 05/01/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1975.693 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\rpcnet.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\conime.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wuauclt.exe
C:\Users\fred\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: : {cf69d058-b623-4ae9-8514-256f04e08cd3} - c:\windows\system32\ypgvsaym.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [fnvfnfnv] "c:\users\fred\appdata\local\fnvfnfnv.exe" fnvfnfnv
uRun: [Google Update] "c:\users\fred\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FEXeTWLLHYgf.exe] c:\programdata\FEXeTWLLHYgf.exe
uRun: [Akizijiwanomohag] rundll32.exe "c:\users\fred\appdata\local\friapne.dll",Startup
uRun: [Cx5QHgyo] c:\programdata\Cx5QHgyo.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Recherche AOL Toolbar - c:\programdata\aol\ietoolbar\resources\fr-fr\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.lphant.com//web?src=ffb&q=
FF - component: c:\program files\offerbox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\fred\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\fred\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: OfferBox: offerboxffx@offerbox.com - c:\program files\offerbox\offerboxffx@offerbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
============= SERVICES / DRIVERS ===============
R?2 jtltgtbs;NVIDIA nForce RAID Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-3 11608]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-8-3 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-3 185089]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-3 56816]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-7-12 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-7-12 576024]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-6 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-12 193840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2011-01-05 17:13:32 -------- d-----w- c:\users\fred\appdata\roaming\OfferBox
2011-01-05 17:11:35 -------- d-----w- c:\progra~2\Fun4IM
2011-01-05 17:11:21 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2011-01-05 17:11:18 -------- d-----w- c:\program files\Fun4IM
2011-01-05 17:10:38 -------- d-----w- c:\program files\OfferBox
2011-01-05 15:08:23 423424 ----a-w- c:\progra~2\GnGHPNcKObIR.dll
2011-01-04 19:07:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e3be2e81-2690-4bb5-a8c6-c966cce6d0a3}\mpengine.dll
2010-12-30 19:41:32 -------- d-----w- c:\users\fred\appdata\roaming\Local
2010-12-30 19:40:26 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-22 21:44:58 -------- d-----w- c:\program files\Veetle
2010-12-20 19:30:01 -------- d-----w- c:\program files\SearchElf_1.2
2010-12-16 18:37:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 18:36:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-12 14:58:12 -------- d-----w- c:\program files\Conduit
2010-12-12 14:57:46 -------- d-----w- c:\program files\ConduitEngine
2010-12-12 14:57:26 -------- d-----w- c:\program files\BittorrentBar_FR
2010-12-12 14:57:04 -------- d-----w- c:\program files\BitTorrent
==================== Find3M ====================
2011-01-05 18:45:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-01-05 18:45:55 56680 ----a-w- c:\windows\system32\rpcnet.dll
2011-01-05 16:33:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.8909 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86E72555]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e787b0]; MOV EAX, [0x86e7882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E80962] -> \Device\Harddisk0\DR0[0x869D04D0]
3 CLASSPNP[0x8242F8B3] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x869D0C88]
5 hpdskflt[0x88DC3065] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x855EA650]
7 acpi[0x8069C6BC] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x85651028]
\Driver\iaStor[0x86072320] -> IRP_MJ_CREATE -> 0x86E72555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________8909____#4&1bcdc343&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
error: Read Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S.
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 19:54:50,72 ===============
DDS (Ver_10-12-12.02) - NTFSx86
Run by fred at 19:51:48,68 on 05/01/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1975.693 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\rpcnet.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\conime.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wuauclt.exe
C:\Users\fred\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: : {cf69d058-b623-4ae9-8514-256f04e08cd3} - c:\windows\system32\ypgvsaym.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [fnvfnfnv] "c:\users\fred\appdata\local\fnvfnfnv.exe" fnvfnfnv
uRun: [Google Update] "c:\users\fred\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FEXeTWLLHYgf.exe] c:\programdata\FEXeTWLLHYgf.exe
uRun: [Akizijiwanomohag] rundll32.exe "c:\users\fred\appdata\local\friapne.dll",Startup
uRun: [Cx5QHgyo] c:\programdata\Cx5QHgyo.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Recherche AOL Toolbar - c:\programdata\aol\ietoolbar\resources\fr-fr\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.lphant.com//web?src=ffb&q=
FF - component: c:\program files\offerbox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\fred\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\fred\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: OfferBox: offerboxffx@offerbox.com - c:\program files\offerbox\offerboxffx@offerbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
============= SERVICES / DRIVERS ===============
R?2 jtltgtbs;NVIDIA nForce RAID Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-3 11608]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-8-3 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-3 185089]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-3 56816]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-7-12 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-7-12 576024]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-6 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-12 193840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2011-01-05 17:13:32 -------- d-----w- c:\users\fred\appdata\roaming\OfferBox
2011-01-05 17:11:35 -------- d-----w- c:\progra~2\Fun4IM
2011-01-05 17:11:21 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2011-01-05 17:11:18 -------- d-----w- c:\program files\Fun4IM
2011-01-05 17:10:38 -------- d-----w- c:\program files\OfferBox
2011-01-05 15:08:23 423424 ----a-w- c:\progra~2\GnGHPNcKObIR.dll
2011-01-04 19:07:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e3be2e81-2690-4bb5-a8c6-c966cce6d0a3}\mpengine.dll
2010-12-30 19:41:32 -------- d-----w- c:\users\fred\appdata\roaming\Local
2010-12-30 19:40:26 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-22 21:44:58 -------- d-----w- c:\program files\Veetle
2010-12-20 19:30:01 -------- d-----w- c:\program files\SearchElf_1.2
2010-12-16 18:37:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 18:36:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-12 14:58:12 -------- d-----w- c:\program files\Conduit
2010-12-12 14:57:46 -------- d-----w- c:\program files\ConduitEngine
2010-12-12 14:57:26 -------- d-----w- c:\program files\BittorrentBar_FR
2010-12-12 14:57:04 -------- d-----w- c:\program files\BitTorrent
==================== Find3M ====================
2011-01-05 18:45:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-01-05 18:45:55 56680 ----a-w- c:\windows\system32\rpcnet.dll
2011-01-05 16:33:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.8909 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86E72555]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e787b0]; MOV EAX, [0x86e7882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E80962] -> \Device\Harddisk0\DR0[0x869D04D0]
3 CLASSPNP[0x8242F8B3] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x869D0C88]
5 hpdskflt[0x88DC3065] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x855EA650]
7 acpi[0x8069C6BC] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x85651028]
\Driver\iaStor[0x86072320] -> IRP_MJ_CREATE -> 0x86E72555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________8909____#4&1bcdc343&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
error: Read Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S.
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 19:54:50,72 ===============
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5465
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
05/01/2011 22:17:09
mbam-log-2011-01-05 (22-17-09).txt
Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 324833
Temps écoulé: 1 heure(s), 48 minute(s), 27 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Akizijiwanomohag (Trojan.Agent) -> Value: Akizijiwanomohag -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
c:\programdata\gnghpnckobir.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\1073662f-56c99884 (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1758895.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\downloads\vlc-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\~nsuobw.tmp\getofferbox.php (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1818472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Local\Temp\0.9651489844155005.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
www.malwarebytes.org
Version de la base de données: 5465
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
05/01/2011 22:17:09
mbam-log-2011-01-05 (22-17-09).txt
Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 324833
Temps écoulé: 1 heure(s), 48 minute(s), 27 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Akizijiwanomohag (Trojan.Agent) -> Value: Akizijiwanomohag -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
c:\programdata\gnghpnckobir.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\1073662f-56c99884 (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1758895.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\downloads\vlc-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\~nsuobw.tmp\getofferbox.php (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1818472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Local\Temp\0.9651489844155005.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
desole j'ai mis du temps mais voila les rapports
DDS (Ver_10-12-12.02) - NTFSx86
Run by fred at 19:51:48,68 on 05/01/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1975.693 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\rpcnet.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\conime.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wuauclt.exe
C:\Users\fred\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: : {cf69d058-b623-4ae9-8514-256f04e08cd3} - c:\windows\system32\ypgvsaym.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [fnvfnfnv] "c:\users\fred\appdata\local\fnvfnfnv.exe" fnvfnfnv
uRun: [Google Update] "c:\users\fred\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FEXeTWLLHYgf.exe] c:\programdata\FEXeTWLLHYgf.exe
uRun: [Akizijiwanomohag] rundll32.exe "c:\users\fred\appdata\local\friapne.dll",Startup
uRun: [Cx5QHgyo] c:\programdata\Cx5QHgyo.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Recherche AOL Toolbar - c:\programdata\aol\ietoolbar\resources\fr-fr\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.lphant.com//web?src=ffb&q=
FF - component: c:\program files\offerbox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\fred\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\fred\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: OfferBox: offerboxffx@offerbox.com - c:\program files\offerbox\offerboxffx@offerbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
============= SERVICES / DRIVERS ===============
R?2 jtltgtbs;NVIDIA nForce RAID Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-3 11608]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-8-3 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-3 185089]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-3 56816]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-7-12 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-7-12 576024]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-6 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-12 193840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2011-01-05 17:13:32 -------- d-----w- c:\users\fred\appdata\roaming\OfferBox
2011-01-05 17:11:35 -------- d-----w- c:\progra~2\Fun4IM
2011-01-05 17:11:21 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2011-01-05 17:11:18 -------- d-----w- c:\program files\Fun4IM
2011-01-05 17:10:38 -------- d-----w- c:\program files\OfferBox
2011-01-05 15:08:23 423424 ----a-w- c:\progra~2\GnGHPNcKObIR.dll
2011-01-04 19:07:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e3be2e81-2690-4bb5-a8c6-c966cce6d0a3}\mpengine.dll
2010-12-30 19:41:32 -------- d-----w- c:\users\fred\appdata\roaming\Local
2010-12-30 19:40:26 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-22 21:44:58 -------- d-----w- c:\program files\Veetle
2010-12-20 19:30:01 -------- d-----w- c:\program files\SearchElf_1.2
2010-12-16 18:37:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 18:36:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-12 14:58:12 -------- d-----w- c:\program files\Conduit
2010-12-12 14:57:46 -------- d-----w- c:\program files\ConduitEngine
2010-12-12 14:57:26 -------- d-----w- c:\program files\BittorrentBar_FR
2010-12-12 14:57:04 -------- d-----w- c:\program files\BitTorrent
==================== Find3M ====================
2011-01-05 18:45:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-01-05 18:45:55 56680 ----a-w- c:\windows\system32\rpcnet.dll
2011-01-05 16:33:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.8909 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86E72555]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e787b0]; MOV EAX, [0x86e7882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E80962] -> \Device\Harddisk0\DR0[0x869D04D0]
3 CLASSPNP[0x8242F8B3] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x869D0C88]
5 hpdskflt[0x88DC3065] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x855EA650]
7 acpi[0x8069C6BC] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x85651028]
\Driver\iaStor[0x86072320] -> IRP_MJ_CREATE -> 0x86E72555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________8909____#4&1bcdc343&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
error: Read Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S.
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 19:54:50,72 ===============
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5465
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
05/01/2011 22:17:09
mbam-log-2011-01-05 (22-17-09).txt
Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 324833
Temps écoulé: 1 heure(s), 48 minute(s), 27 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Akizijiwanomohag (Trojan.Agent) -> Value: Akizijiwanomohag -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
c:\programdata\gnghpnckobir.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\1073662f-56c99884 (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1758895.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\downloads\vlc-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\~nsuobw.tmp\getofferbox.php (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1818472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Local\Temp\0.9651489844155005.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
DDS (Ver_10-12-12.02) - NTFSx86
Run by fred at 19:51:48,68 on 05/01/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6002.2.1252.33.1036.18.1975.693 [GMT 1:00]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\SLsvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\PDF Complete\pdfsvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskeng.exe
C:\windows\system32\rpcnet.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\windows\system32\conime.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wuauclt.exe
C:\Users\fred\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
uURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
uURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mURLSearchHooks: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: BHO_Startup Class: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
BHO: Programme d'aide de l'Assistant de connexion Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Search Assistant BHO: {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\A5SRCHAS.DLL
BHO: : {cf69d058-b623-4ae9-8514-256f04e08cd3} - c:\windows\system32\ypgvsaym.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
BHO: Ask Toolbar BHO: {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Ask Toolbar: {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\ASKTBAR.DLL
TB: BittorrentBar_FR Toolbar: {ef79f67a-6ad7-4715-a0f8-932fca442023} - c:\program files\bittorrentbar_fr\tbBitt.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Searchqu Toolbar: {7ff99715-3016-4381-84ce-e4e4c9673020} - c:\progra~1\wi9130~1\toolbar\SearchquDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [fnvfnfnv] "c:\users\fred\appdata\local\fnvfnfnv.exe" fnvfnfnv
uRun: [Google Update] "c:\users\fred\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FEXeTWLLHYgf.exe] c:\programdata\FEXeTWLLHYgf.exe
uRun: [Akizijiwanomohag] rundll32.exe "c:\users\fred\appdata\local\friapne.dll",Startup
uRun: [Cx5QHgyo] c:\programdata\Cx5QHgyo.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [File Sanitizer] c:\program files\hewlett-packard\file sanitizer\CoreShredder.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [DATAMNGR] c:\progra~1\wi9130~1\datamngr\DATAMN~1.EXE
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\fred\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Recherche AOL Toolbar - c:\programdata\aol\ietoolbar\resources\fr-fr\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi9130~1\datamngr\datamngr.dll APSHook.dll
LSA: Notification Packages = scecli ASWLNPkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.lphant.com//web?src=ffb&q=
FF - component: c:\program files\offerbox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlp.dll
FF - component: c:\users\fred\appdata\roaming\mozilla\firefox\profiles\lhj2elb3.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\fred\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\fred\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: OfferBox: offerboxffx@offerbox.com - c:\program files\offerbox\offerboxffx@offerbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
============= SERVICES / DRIVERS ===============
R?2 jtltgtbs;NVIDIA nForce RAID Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-3 11608]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\avira\antivir desktop\sched.exe [2009-8-3 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-3 185089]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-3 56816]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-7-12 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 24936]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-7-12 576024]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-6 1153368]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-7-12 193840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 FontCache;Service de cache de police Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2007-7-19 281088]
S3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2011-01-05 17:13:32 -------- d-----w- c:\users\fred\appdata\roaming\OfferBox
2011-01-05 17:11:35 -------- d-----w- c:\progra~2\Fun4IM
2011-01-05 17:11:21 -------- d-----w- c:\program files\Windows Searchqu Toolbar
2011-01-05 17:11:18 -------- d-----w- c:\program files\Fun4IM
2011-01-05 17:10:38 -------- d-----w- c:\program files\OfferBox
2011-01-05 15:08:23 423424 ----a-w- c:\progra~2\GnGHPNcKObIR.dll
2011-01-04 19:07:47 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{e3be2e81-2690-4bb5-a8c6-c966cce6d0a3}\mpengine.dll
2010-12-30 19:41:32 -------- d-----w- c:\users\fred\appdata\roaming\Local
2010-12-30 19:40:26 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-22 21:44:58 -------- d-----w- c:\program files\Veetle
2010-12-20 19:30:01 -------- d-----w- c:\program files\SearchElf_1.2
2010-12-16 18:37:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 18:36:38 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-12 14:58:12 -------- d-----w- c:\program files\Conduit
2010-12-12 14:57:46 -------- d-----w- c:\program files\ConduitEngine
2010-12-12 14:57:26 -------- d-----w- c:\program files\BittorrentBar_FR
2010-12-12 14:57:04 -------- d-----w- c:\program files\BitTorrent
==================== Find3M ====================
2011-01-05 18:45:57 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2011-01-05 18:45:55 56680 ----a-w- c:\windows\system32\rpcnet.dll
2011-01-05 16:33:49 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-11-12 00:44:54 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-21 20:08:42 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-21 18:30:50 389632 ----a-w- c:\windows\system32\html.iec
2010-10-20 17:41:28 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-19 09:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: FUJITSU_ rev.8909 -> Harddisk0\DR0 -> \Device\Ide\iaStor0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x86E72555]<<
c:\windows\system32\drivers\hpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86e787b0]; MOV EAX, [0x86e7882c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E80962] -> \Device\Harddisk0\DR0[0x869D04D0]
3 CLASSPNP[0x8242F8B3] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x869D0C88]
5 hpdskflt[0x88DC3065] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x855EA650]
7 acpi[0x8069C6BC] -> ntkrnlpa!IofCallDriver[0x81E80962] -> [0x85651028]
\Driver\iaStor[0x86072320] -> IRP_MJ_CREATE -> 0x86E72555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskFUJITSU_MHZ2160BH_G2____________________8909____#4&1bcdc343&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
error: Read Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S.
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 19:54:50,72 ===============
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 5465
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
05/01/2011 22:17:09
mbam-log-2011-01-05 (22-17-09).txt
Type d'examen: Examen complet (C:\|D:\|F:\|)
Elément(s) analysé(s): 324833
Temps écoulé: 1 heure(s), 48 minute(s), 27 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Akizijiwanomohag (Trojan.Agent) -> Value: Akizijiwanomohag -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Users\fred\AppData\Local\friapne.dll (Trojan.Agent) -> Delete on reboot.
c:\programdata\gnghpnckobir.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47\1073662f-56c99884 (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1758895.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\downloads\vlc-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\wsget.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\~nsuobw.tmp\getofferbox.php (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Roaming\Adobe\plugs\kb1818472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\fred\AppData\Local\Temp\0.9651489844155005.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Bonsoir
Bien infecté... faut arrêter de cliquer n'importe-où.![:o]( ":o")
Lire: Les toolbars c'est pas obligatoire!
1
Télécharge ![]()
Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
Double-clique sur AD-R situé sur ton Bureau pour le lancer.
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
Choisis la langue F pour français.
Au menu principal, choisis l'option Scanner.
/!\ Laisse travailler l'outil /!\
Poste le rapport qui apparaît à la fin (C:\Ad-Report-CLEAN.log).
/!\ Pense à réactiver ton antivirus /!\
2
Télécharge TDSSKiller de Kaspersky sur ton bureau.
Décompresse-le en faisant clic-droit dessus -> extraire tout... (clique sur "suivant", "suivant" et "Terminer".)
Double clique sur "TDSSKiller.exe" pour lancer l'outil.
(Utilisateur de Vista/Windows 7 : effectue un clic droit sur TDSSKiller.exe et sélectionne "Exécuter en tant qu'administrateur".)
Clique alors sur le bouton "Start Scan".
Laisse le scan s'effectuer.
Dans la fenêtre de résultat, assures-toi que "Malicious objects" ait le statut "Cure"
Pour la partie "Suspicious object" clique sur "Skip" et choisi "Quarantine"
Clique enfin sur "Continue"
Il te sera surement demandé de redémarrer ton pc, fait-le en cliquant sur "Reboot now"
Au redémarrage va chercher le rapport de suppression, il se trouve ici :
C:\ TDSSKiller.x.x.x.x_date_heure_log.txt
Poste son contenu dans ta prochaine réponse.
Bien infecté... faut arrêter de cliquer n'importe-où.
Lire: Les toolbars c'est pas obligatoire!
1
Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau./!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
/!\ Laisse travailler l'outil /!\
/!\ Pense à réactiver ton antivirus /!\
2
Télécharge TDSSKiller de Kaspersky sur ton bureau.
(Utilisateur de Vista/Windows 7 : effectue un clic droit sur TDSSKiller.exe et sélectionne "Exécuter en tant qu'administrateur".)
C:\ TDSSKiller.x.x.x.x_date_heure_log.txt
Poste son contenu dans ta prochaine réponse.
bonsoir oui j'ai de grosse lacune en informatique en tout cas voici les rapports
2011/01/06 20:57:45.0637 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/06 20:57:45.0637 ================================================================================
2011/01/06 20:57:45.0637 SystemInfo:
2011/01/06 20:57:45.0637
2011/01/06 20:57:45.0637 OS Version: 6.0.6002 ServicePack: 2.0
2011/01/06 20:57:45.0637 Product type: Workstation
2011/01/06 20:57:45.0637 ComputerName: PC-DE-FRED
2011/01/06 20:57:45.0653 UserName: fred
2011/01/06 20:57:45.0653 Windows directory: C:\windows
2011/01/06 20:57:45.0653 System windows directory: C:\windows
2011/01/06 20:57:45.0653 Processor architecture: Intel x86
2011/01/06 20:57:45.0653 Number of processors: 2
2011/01/06 20:57:45.0653 Page size: 0x1000
2011/01/06 20:57:45.0653 Boot type: Normal boot
2011/01/06 20:57:45.0653 ================================================================================
2011/01/06 20:57:46.0761 Initialize success
2011/01/06 20:57:49.0413 ================================================================================
2011/01/06 20:57:49.0413 Scan started
2011/01/06 20:57:49.0444 Mode: Manual;
2011/01/06 20:57:49.0444 ================================================================================
2011/01/06 20:57:50.0692 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/01/06 20:57:50.0848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
2011/01/06 20:57:51.0019 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
2011/01/06 20:57:51.0191 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
2011/01/06 20:57:51.0331 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
2011/01/06 20:57:51.0503 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
2011/01/06 20:57:51.0581 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
2011/01/06 20:57:51.0862 AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
2011/01/06 20:57:52.0033 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
2011/01/06 20:57:52.0252 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
2011/01/06 20:57:52.0330 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
2011/01/06 20:57:52.0501 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
2011/01/06 20:57:52.0673 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
2011/01/06 20:57:52.0798 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
2011/01/06 20:57:53.0344 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
2011/01/06 20:57:53.0562 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/06 20:57:53.0765 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
2011/01/06 20:57:53.0905 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
2011/01/06 20:57:54.0186 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/06 20:57:54.0358 atapi (2d9c903dc76a66813d350a562de40ed9) C:\windows\system32\drivers\atapi.sys
2011/01/06 20:57:54.0529 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/06 20:57:54.0639 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\windows\system32\DRIVERS\avgntflt.sys
2011/01/06 20:57:54.0810 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\windows\system32\DRIVERS\avipbb.sys
2011/01/06 20:57:54.0951 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/01/06 20:57:55.0200 BCM43XX (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/01/06 20:57:55.0419 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
2011/01/06 20:57:55.0637 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
2011/01/06 20:57:55.0731 bowser (74b442b2be1260b7588c136177ceac66) C:\windows\system32\DRIVERS\bowser.sys
2011/01/06 20:57:55.0855 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
2011/01/06 20:57:56.0011 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
2011/01/06 20:57:56.0136 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
2011/01/06 20:57:56.0245 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
2011/01/06 20:57:56.0386 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
2011/01/06 20:57:56.0495 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
2011/01/06 20:57:56.0651 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
2011/01/06 20:57:56.0823 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/06 20:57:56.0979 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/06 20:57:57.0088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
2011/01/06 20:57:57.0228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
2011/01/06 20:57:57.0400 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/06 20:57:57.0525 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
2011/01/06 20:57:57.0649 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/06 20:57:57.0759 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
2011/01/06 20:57:57.0899 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
2011/01/06 20:57:58.0305 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
2011/01/06 20:57:58.0710 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
2011/01/06 20:57:59.0007 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
2011/01/06 20:57:59.0287 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/06 20:57:59.0584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
2011/01/06 20:57:59.0740 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
2011/01/06 20:57:59.0974 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
2011/01/06 20:58:00.0395 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
2011/01/06 20:58:00.0847 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
2011/01/06 20:58:01.0113 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
2011/01/06 20:58:01.0503 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
2011/01/06 20:58:01.0659 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
2011/01/06 20:58:01.0846 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
2011/01/06 20:58:02.0049 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/06 20:58:02.0251 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
2011/01/06 20:58:02.0579 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/06 20:58:02.0891 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
2011/01/06 20:58:03.0063 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/06 20:58:03.0265 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
2011/01/06 20:58:03.0421 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
2011/01/06 20:58:03.0624 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/06 20:58:03.0858 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
2011/01/06 20:58:04.0108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
2011/01/06 20:58:04.0295 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/06 20:58:04.0623 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
2011/01/06 20:58:05.0013 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/01/06 20:58:05.0309 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/01/06 20:58:05.0652 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\windows\system32\drivers\HTTP.sys
2011/01/06 20:58:06.0027 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
2011/01/06 20:58:06.0151 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/06 20:58:06.0385 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\windows\system32\drivers\iastor.sys
2011/01/06 20:58:06.0510 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
2011/01/06 20:58:06.0853 igfx (d97e70e4e243c9660f91c1112e36c73b) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/01/06 20:58:07.0243 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
2011/01/06 20:58:07.0399 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
2011/01/06 20:58:07.0524 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/06 20:58:07.0680 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/06 20:58:07.0899 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
2011/01/06 20:58:08.0164 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
2011/01/06 20:58:08.0367 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
2011/01/06 20:58:08.0616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
2011/01/06 20:58:08.0725 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/06 20:58:08.0991 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
2011/01/06 20:58:09.0193 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
2011/01/06 20:58:09.0334 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/06 20:58:09.0583 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/06 20:58:09.0849 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
2011/01/06 20:58:10.0161 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/06 20:58:10.0332 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
2011/01/06 20:58:10.0457 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
2011/01/06 20:58:10.0707 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
2011/01/06 20:58:10.0863 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
2011/01/06 20:58:11.0128 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
2011/01/06 20:58:11.0253 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
2011/01/06 20:58:11.0377 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
2011/01/06 20:58:11.0533 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
2011/01/06 20:58:11.0705 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/06 20:58:11.0814 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/06 20:58:12.0033 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
2011/01/06 20:58:12.0251 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
2011/01/06 20:58:12.0641 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
2011/01/06 20:58:12.0813 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
2011/01/06 20:58:13.0031 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
2011/01/06 20:58:13.0203 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/06 20:58:13.0421 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/06 20:58:13.0686 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/06 20:58:13.0920 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
2011/01/06 20:58:14.0123 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
2011/01/06 20:58:14.0451 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
2011/01/06 20:58:14.0544 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
2011/01/06 20:58:14.0700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/06 20:58:14.0934 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/06 20:58:15.0028 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
2011/01/06 20:58:15.0121 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
2011/01/06 20:58:15.0465 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/06 20:58:15.0901 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
2011/01/06 20:58:15.0995 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
2011/01/06 20:58:16.0276 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
2011/01/06 20:58:16.0447 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
2011/01/06 20:58:16.0759 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/06 20:58:16.0884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/06 20:58:17.0009 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/06 20:58:17.0321 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
2011/01/06 20:58:17.0524 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
2011/01/06 20:58:17.0773 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
2011/01/06 20:58:18.0054 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
2011/01/06 20:58:18.0273 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
2011/01/06 20:58:18.0397 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
2011/01/06 20:58:18.0616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
2011/01/06 20:58:18.0865 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
2011/01/06 20:58:19.0021 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
2011/01/06 20:58:19.0115 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
2011/01/06 20:58:19.0365 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
2011/01/06 20:58:19.0474 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
2011/01/06 20:58:19.0817 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/06 20:58:20.0067 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys
2011/01/06 20:58:20.0223 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
2011/01/06 20:58:20.0410 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys
2011/01/06 20:58:20.0550 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
2011/01/06 20:58:20.0691 pciide (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys
2011/01/06 20:58:20.0815 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/06 20:58:20.0987 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
2011/01/06 20:58:21.0439 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/06 20:58:21.0549 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
2011/01/06 20:58:21.0829 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
2011/01/06 20:58:22.0017 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
2011/01/06 20:58:22.0157 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
2011/01/06 20:58:22.0360 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
2011/01/06 20:58:22.0594 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
2011/01/06 20:58:22.0672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/06 20:58:22.0797 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/06 20:58:22.0906 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/06 20:58:23.0046 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/06 20:58:23.0140 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/06 20:58:23.0265 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/06 20:58:23.0436 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\windows\system32\drivers\rdpdr.sys
2011/01/06 20:58:23.0530 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
2011/01/06 20:58:23.0655 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
2011/01/06 20:58:23.0951 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/06 20:58:24.0076 RsvLock (3beefe509c414f3a6e55e5c7c4024581) C:\windows\system32\drivers\RsvLock.sys
2011/01/06 20:58:24.0216 RTL8187B (e0ea9f5f94814f8a31f4b40175e1456e) C:\windows\system32\DRIVERS\RTL8187B.sys
2011/01/06 20:58:24.0450 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
2011/01/06 20:58:24.0450 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
2011/01/06 20:58:24.0466 SafeBoot - detected Locked file (1)
2011/01/06 20:58:24.0559 SbAlg (52dcde2d1787217e15ffdca1cbf8cce9) C:\windows\system32\drivers\SbAlg.sys
2011/01/06 20:58:24.0684 SbFsLock (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\windows\system32\drivers\SbFsLock.sys
2011/01/06 20:58:24.0809 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
2011/01/06 20:58:25.0027 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/01/06 20:58:25.0168 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\drivers\serenum.sys
2011/01/06 20:58:25.0324 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\drivers\serial.sys
2011/01/06 20:58:25.0449 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
2011/01/06 20:58:25.0620 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
2011/01/06 20:58:25.0761 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
2011/01/06 20:58:25.0839 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
2011/01/06 20:58:25.0963 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
2011/01/06 20:58:26.0166 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
2011/01/06 20:58:26.0307 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
2011/01/06 20:58:26.0416 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
2011/01/06 20:58:26.0619 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
2011/01/06 20:58:26.0884 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/01/06 20:58:27.0118 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
2011/01/06 20:58:27.0243 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\windows\system32\DRIVERS\srv.sys
2011/01/06 20:58:27.0430 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\windows\system32\DRIVERS\srv2.sys
2011/01/06 20:58:27.0555 srvnet (faa0d553a49e85008c6bb3781987c574) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/06 20:58:27.0695 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/01/06 20:58:27.0882 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
2011/01/06 20:58:28.0038 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
2011/01/06 20:58:28.0147 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
2011/01/06 20:58:28.0210 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
2011/01/06 20:58:28.0350 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
2011/01/06 20:58:28.0631 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\drivers\tcpip.sys
2011/01/06 20:58:28.0803 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/06 20:58:28.0927 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
2011/01/06 20:58:29.0005 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
2011/01/06 20:58:29.0099 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
2011/01/06 20:58:29.0208 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
2011/01/06 20:58:29.0364 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
2011/01/06 20:58:29.0520 TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys
2011/01/06 20:58:29.0676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/06 20:58:29.0817 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
2011/01/06 20:58:29.0910 tunnel (300db877ac094feab0be7688c3454a9c) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/06 20:58:30.0051 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
2011/01/06 20:58:30.0207 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
2011/01/06 20:58:30.0409 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
2011/01/06 20:58:30.0550 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
2011/01/06 20:58:30.0675 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
2011/01/06 20:58:30.0753 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
2011/01/06 20:58:30.0862 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
2011/01/06 20:58:31.0018 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
2011/01/06 20:58:31.0158 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/06 20:58:31.0267 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
2011/01/06 20:58:31.0408 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/06 20:58:31.0579 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/06 20:58:31.0689 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/06 20:58:31.0782 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/06 20:58:31.0954 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/06 20:58:32.0016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/06 20:58:32.0157 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
2011/01/06 20:58:32.0344 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/06 20:58:32.0437 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
2011/01/06 20:58:32.0547 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
2011/01/06 20:58:32.0703 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
2011/01/06 20:58:32.0796 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
2011/01/06 20:58:32.0921 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
2011/01/06 20:58:33.0093 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
2011/01/06 20:58:33.0295 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
2011/01/06 20:58:33.0498 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
2011/01/06 20:58:33.0685 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
2011/01/06 20:58:33.0810 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/06 20:58:33.0888 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/06 20:58:34.0060 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
2011/01/06 20:58:34.0169 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
2011/01/06 20:58:34.0653 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/06 20:58:34.0902 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys
2011/01/06 20:58:35.0027 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/06 20:58:35.0230 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/06 20:58:35.0448 yukonwlh (f72d4bffa37e857d195048c498afc61b) C:\windows\system32\DRIVERS\yk60x86.sys
2011/01/06 20:58:35.0791 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/06 20:58:35.0791 ================================================================================
2011/01/06 20:58:35.0791 Scan finished
2011/01/06 20:58:35.0791 ================================================================================
2011/01/06 20:58:35.0854 Detected object count: 2
2011/01/06 20:59:44.0478 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
2011/01/06 20:59:44.0494 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
2011/01/06 20:59:44.0494 C:\windows\system32\drivers\SafeBoot.sys - copied to quarantine
2011/01/06 20:59:44.0494 Locked file(SafeBoot) - User select action: Quarantine
2011/01/06 20:59:44.0525 \HardDisk0 - will be cured after reboot
2011/01/06 20:59:44.0525 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/06 20:59:51.0810 Deinitialize success
2011/01/06 20:57:45.0637 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/06 20:57:45.0637 ================================================================================
2011/01/06 20:57:45.0637 SystemInfo:
2011/01/06 20:57:45.0637
2011/01/06 20:57:45.0637 OS Version: 6.0.6002 ServicePack: 2.0
2011/01/06 20:57:45.0637 Product type: Workstation
2011/01/06 20:57:45.0637 ComputerName: PC-DE-FRED
2011/01/06 20:57:45.0653 UserName: fred
2011/01/06 20:57:45.0653 Windows directory: C:\windows
2011/01/06 20:57:45.0653 System windows directory: C:\windows
2011/01/06 20:57:45.0653 Processor architecture: Intel x86
2011/01/06 20:57:45.0653 Number of processors: 2
2011/01/06 20:57:45.0653 Page size: 0x1000
2011/01/06 20:57:45.0653 Boot type: Normal boot
2011/01/06 20:57:45.0653 ================================================================================
2011/01/06 20:57:46.0761 Initialize success
2011/01/06 20:57:49.0413 ================================================================================
2011/01/06 20:57:49.0413 Scan started
2011/01/06 20:57:49.0444 Mode: Manual;
2011/01/06 20:57:49.0444 ================================================================================
2011/01/06 20:57:50.0692 Accelerometer (a9b917777841b76f299e2ea946e03adf) C:\windows\system32\DRIVERS\Accelerometer.sys
2011/01/06 20:57:50.0848 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys
2011/01/06 20:57:51.0019 ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys
2011/01/06 20:57:51.0191 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys
2011/01/06 20:57:51.0331 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys
2011/01/06 20:57:51.0503 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys
2011/01/06 20:57:51.0581 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys
2011/01/06 20:57:51.0862 AFD (a201207363aa900abf1a388468688570) C:\windows\system32\drivers\afd.sys
2011/01/06 20:57:52.0033 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\windows\system32\DRIVERS\AGRSM.sys
2011/01/06 20:57:52.0252 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys
2011/01/06 20:57:52.0330 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys
2011/01/06 20:57:52.0501 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys
2011/01/06 20:57:52.0673 amdagp (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys
2011/01/06 20:57:52.0798 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys
2011/01/06 20:57:53.0344 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys
2011/01/06 20:57:53.0562 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/06 20:57:53.0765 arc (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys
2011/01/06 20:57:53.0905 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys
2011/01/06 20:57:54.0186 AsyncMac (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/06 20:57:54.0358 atapi (2d9c903dc76a66813d350a562de40ed9) C:\windows\system32\drivers\atapi.sys
2011/01/06 20:57:54.0529 avgio (f1d43170fdd7399ee17ea32d4f868b0c) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/01/06 20:57:54.0639 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\windows\system32\DRIVERS\avgntflt.sys
2011/01/06 20:57:54.0810 avipbb (ad9bd66a862116e79cb45bb6be46055f) C:\windows\system32\DRIVERS\avipbb.sys
2011/01/06 20:57:54.0951 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/01/06 20:57:55.0200 BCM43XX (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys
2011/01/06 20:57:55.0419 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys
2011/01/06 20:57:55.0637 blbdrive (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys
2011/01/06 20:57:55.0731 bowser (74b442b2be1260b7588c136177ceac66) C:\windows\system32\DRIVERS\bowser.sys
2011/01/06 20:57:55.0855 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys
2011/01/06 20:57:56.0011 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys
2011/01/06 20:57:56.0136 Brserid (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys
2011/01/06 20:57:56.0245 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys
2011/01/06 20:57:56.0386 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys
2011/01/06 20:57:56.0495 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys
2011/01/06 20:57:56.0651 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\windows\system32\drivers\bthmodem.sys
2011/01/06 20:57:56.0823 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/06 20:57:56.0979 cdrom (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/06 20:57:57.0088 circlass (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys
2011/01/06 20:57:57.0228 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys
2011/01/06 20:57:57.0400 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/06 20:57:57.0525 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys
2011/01/06 20:57:57.0649 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/06 20:57:57.0759 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys
2011/01/06 20:57:57.0899 Crusoe (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys
2011/01/06 20:57:58.0305 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\windows\system32\Drivers\dfsc.sys
2011/01/06 20:57:58.0710 disk (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys
2011/01/06 20:57:59.0007 drmkaud (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys
2011/01/06 20:57:59.0287 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/06 20:57:59.0584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys
2011/01/06 20:57:59.0740 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys
2011/01/06 20:57:59.0974 elxstor (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys
2011/01/06 20:58:00.0395 ErrDev (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys
2011/01/06 20:58:00.0847 exfat (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys
2011/01/06 20:58:01.0113 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys
2011/01/06 20:58:01.0503 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys
2011/01/06 20:58:01.0659 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys
2011/01/06 20:58:01.0846 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys
2011/01/06 20:58:02.0049 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/06 20:58:02.0251 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys
2011/01/06 20:58:02.0579 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/06 20:58:02.0891 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys
2011/01/06 20:58:03.0063 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2011/01/06 20:58:03.0265 HBtnKey (88a78635b41ed4b261365fadeb28fe81) C:\windows\system32\DRIVERS\cpqbttn.sys
2011/01/06 20:58:03.0421 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys
2011/01/06 20:58:03.0624 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/06 20:58:03.0858 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys
2011/01/06 20:58:04.0108 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys
2011/01/06 20:58:04.0295 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/06 20:58:04.0623 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys
2011/01/06 20:58:05.0013 hpdskflt (3520a74fca88a5aefbbe7b937bea75f7) C:\windows\system32\DRIVERS\hpdskflt.sys
2011/01/06 20:58:05.0309 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/01/06 20:58:05.0652 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\windows\system32\drivers\HTTP.sys
2011/01/06 20:58:06.0027 i2omp (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys
2011/01/06 20:58:06.0151 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/06 20:58:06.0385 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\windows\system32\drivers\iastor.sys
2011/01/06 20:58:06.0510 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys
2011/01/06 20:58:06.0853 igfx (d97e70e4e243c9660f91c1112e36c73b) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/01/06 20:58:07.0243 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys
2011/01/06 20:58:07.0399 intelide (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys
2011/01/06 20:58:07.0524 intelppm (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/06 20:58:07.0680 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/06 20:58:07.0899 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys
2011/01/06 20:58:08.0164 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys
2011/01/06 20:58:08.0367 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys
2011/01/06 20:58:08.0616 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys
2011/01/06 20:58:08.0725 iScsiPrt (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/06 20:58:08.0991 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys
2011/01/06 20:58:09.0193 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys
2011/01/06 20:58:09.0334 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/06 20:58:09.0583 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/06 20:58:09.0849 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\windows\system32\Drivers\ksecdd.sys
2011/01/06 20:58:10.0161 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/06 20:58:10.0332 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys
2011/01/06 20:58:10.0457 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys
2011/01/06 20:58:10.0707 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys
2011/01/06 20:58:10.0863 luafv (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys
2011/01/06 20:58:11.0128 megasas (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys
2011/01/06 20:58:11.0253 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys
2011/01/06 20:58:11.0377 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys
2011/01/06 20:58:11.0533 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys
2011/01/06 20:58:11.0705 mouclass (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/06 20:58:11.0814 mouhid (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/06 20:58:12.0033 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys
2011/01/06 20:58:12.0251 mpio (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys
2011/01/06 20:58:12.0641 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys
2011/01/06 20:58:12.0813 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys
2011/01/06 20:58:13.0031 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys
2011/01/06 20:58:13.0203 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/06 20:58:13.0421 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/06 20:58:13.0686 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/06 20:58:13.0920 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys
2011/01/06 20:58:14.0123 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys
2011/01/06 20:58:14.0451 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys
2011/01/06 20:58:14.0544 msisadrv (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys
2011/01/06 20:58:14.0700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/06 20:58:14.0934 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/06 20:58:15.0028 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys
2011/01/06 20:58:15.0121 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys
2011/01/06 20:58:15.0465 mssmbios (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/06 20:58:15.0901 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys
2011/01/06 20:58:15.0995 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys
2011/01/06 20:58:16.0276 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys
2011/01/06 20:58:16.0447 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys
2011/01/06 20:58:16.0759 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys
2011/01/06 20:58:16.0884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys
2011/01/06 20:58:17.0009 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/01/06 20:58:17.0321 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys
2011/01/06 20:58:17.0524 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys
2011/01/06 20:58:17.0773 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys
2011/01/06 20:58:18.0054 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys
2011/01/06 20:58:18.0273 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys
2011/01/06 20:58:18.0397 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys
2011/01/06 20:58:18.0616 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys
2011/01/06 20:58:18.0865 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys
2011/01/06 20:58:19.0021 Null (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys
2011/01/06 20:58:19.0115 nvraid (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys
2011/01/06 20:58:19.0365 nvstor (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys
2011/01/06 20:58:19.0474 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys
2011/01/06 20:58:19.0817 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/06 20:58:20.0067 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys
2011/01/06 20:58:20.0223 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys
2011/01/06 20:58:20.0410 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys
2011/01/06 20:58:20.0550 pci (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys
2011/01/06 20:58:20.0691 pciide (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys
2011/01/06 20:58:20.0815 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/06 20:58:20.0987 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys
2011/01/06 20:58:21.0439 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys
2011/01/06 20:58:21.0549 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys
2011/01/06 20:58:21.0829 PSched (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys
2011/01/06 20:58:22.0017 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys
2011/01/06 20:58:22.0157 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys
2011/01/06 20:58:22.0360 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys
2011/01/06 20:58:22.0594 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys
2011/01/06 20:58:22.0672 RasAcd (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys
2011/01/06 20:58:22.0797 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/01/06 20:58:22.0906 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys
2011/01/06 20:58:23.0046 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys
2011/01/06 20:58:23.0140 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys
2011/01/06 20:58:23.0265 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/06 20:58:23.0436 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\windows\system32\drivers\rdpdr.sys
2011/01/06 20:58:23.0530 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys
2011/01/06 20:58:23.0655 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys
2011/01/06 20:58:23.0951 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys
2011/01/06 20:58:24.0076 RsvLock (3beefe509c414f3a6e55e5c7c4024581) C:\windows\system32\drivers\RsvLock.sys
2011/01/06 20:58:24.0216 RTL8187B (e0ea9f5f94814f8a31f4b40175e1456e) C:\windows\system32\DRIVERS\RTL8187B.sys
2011/01/06 20:58:24.0450 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
2011/01/06 20:58:24.0450 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
2011/01/06 20:58:24.0466 SafeBoot - detected Locked file (1)
2011/01/06 20:58:24.0559 SbAlg (52dcde2d1787217e15ffdca1cbf8cce9) C:\windows\system32\drivers\SbAlg.sys
2011/01/06 20:58:24.0684 SbFsLock (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\windows\system32\drivers\SbFsLock.sys
2011/01/06 20:58:24.0809 sbp2port (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys
2011/01/06 20:58:25.0027 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/01/06 20:58:25.0168 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\windows\system32\drivers\serenum.sys
2011/01/06 20:58:25.0324 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\windows\system32\drivers\serial.sys
2011/01/06 20:58:25.0449 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys
2011/01/06 20:58:25.0620 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys
2011/01/06 20:58:25.0761 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys
2011/01/06 20:58:25.0839 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys
2011/01/06 20:58:25.0963 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\windows\system32\drivers\sfloppy.sys
2011/01/06 20:58:26.0166 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys
2011/01/06 20:58:26.0307 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys
2011/01/06 20:58:26.0416 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys
2011/01/06 20:58:26.0619 Smb (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys
2011/01/06 20:58:26.0884 SNP2UVC (cf9cde12fbc19dba8de528b7511a2f4f) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/01/06 20:58:27.0118 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys
2011/01/06 20:58:27.0243 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\windows\system32\DRIVERS\srv.sys
2011/01/06 20:58:27.0430 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\windows\system32\DRIVERS\srv2.sys
2011/01/06 20:58:27.0555 srvnet (faa0d553a49e85008c6bb3781987c574) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/06 20:58:27.0695 ssmdrv (3ad0362cf68de3ac500e981700242cca) C:\windows\system32\DRIVERS\ssmdrv.sys
2011/01/06 20:58:27.0882 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys
2011/01/06 20:58:28.0038 Symc8xx (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys
2011/01/06 20:58:28.0147 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys
2011/01/06 20:58:28.0210 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys
2011/01/06 20:58:28.0350 SynTP (f5d926807bd9bc0af68f9376144de425) C:\windows\system32\DRIVERS\SynTP.sys
2011/01/06 20:58:28.0631 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\drivers\tcpip.sys
2011/01/06 20:58:28.0803 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\windows\system32\DRIVERS\tcpip.sys
2011/01/06 20:58:28.0927 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys
2011/01/06 20:58:29.0005 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys
2011/01/06 20:58:29.0099 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys
2011/01/06 20:58:29.0208 tdx (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys
2011/01/06 20:58:29.0364 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys
2011/01/06 20:58:29.0520 TPM (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys
2011/01/06 20:58:29.0676 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/01/06 20:58:29.0817 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys
2011/01/06 20:58:29.0910 tunnel (300db877ac094feab0be7688c3454a9c) C:\windows\system32\DRIVERS\tunnel.sys
2011/01/06 20:58:30.0051 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys
2011/01/06 20:58:30.0207 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys
2011/01/06 20:58:30.0409 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys
2011/01/06 20:58:30.0550 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys
2011/01/06 20:58:30.0675 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys
2011/01/06 20:58:30.0753 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys
2011/01/06 20:58:30.0862 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys
2011/01/06 20:58:31.0018 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\windows\system32\Drivers\usbaapl.sys
2011/01/06 20:58:31.0158 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/06 20:58:31.0267 usbcir (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys
2011/01/06 20:58:31.0408 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/06 20:58:31.0579 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/06 20:58:31.0689 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/06 20:58:31.0782 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/06 20:58:31.0954 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/06 20:58:32.0016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/06 20:58:32.0157 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\windows\system32\Drivers\usbvideo.sys
2011/01/06 20:58:32.0344 vga (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/06 20:58:32.0437 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys
2011/01/06 20:58:32.0547 viaagp (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys
2011/01/06 20:58:32.0703 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys
2011/01/06 20:58:32.0796 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys
2011/01/06 20:58:32.0921 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys
2011/01/06 20:58:33.0093 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys
2011/01/06 20:58:33.0295 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys
2011/01/06 20:58:33.0498 vsmraid (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys
2011/01/06 20:58:33.0685 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys
2011/01/06 20:58:33.0810 Wanarp (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/06 20:58:33.0888 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/06 20:58:34.0060 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys
2011/01/06 20:58:34.0169 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\windows\system32\drivers\Wdf01000.sys
2011/01/06 20:58:34.0653 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/06 20:58:34.0902 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys
2011/01/06 20:58:35.0027 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/06 20:58:35.0230 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/06 20:58:35.0448 yukonwlh (f72d4bffa37e857d195048c498afc61b) C:\windows\system32\DRIVERS\yk60x86.sys
2011/01/06 20:58:35.0791 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/06 20:58:35.0791 ================================================================================
2011/01/06 20:58:35.0791 Scan finished
2011/01/06 20:58:35.0791 ================================================================================
2011/01/06 20:58:35.0854 Detected object count: 2
2011/01/06 20:59:44.0478 SafeBoot (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys
2011/01/06 20:59:44.0494 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9
2011/01/06 20:59:44.0494 C:\windows\system32\drivers\SafeBoot.sys - copied to quarantine
2011/01/06 20:59:44.0494 Locked file(SafeBoot) - User select action: Quarantine
2011/01/06 20:59:44.0525 \HardDisk0 - will be cured after reboot
2011/01/06 20:59:44.0525 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/06 20:59:51.0810 Deinitialize success
======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 03/01/11 à 14:20
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 20:53:20 le 06/01/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86)
fred@PC-DE-FRED (Hewlett-Packard HP Compaq 6730s)
============== RECHERCHE ==============
Fichier trouvé: C:\Users\fred\AppData\Local\vlmckbbp.bat
Fichier trouvé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar
Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\conduit
Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\ConduitEngine
Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\extensions\engine@conduit.com
Dossier trouvé: C:\Program Files\AskTBar
Dossier trouvé: C:\Users\fred\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Users\fred\AppData\LocalLow\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Users\fred\AppData\LocalLow\PriceGong
Dossier trouvé: C:\Users\fred\AppData\LocalLow\SearchquTB
Dossier trouvé: C:\Users\fred\AppData\Roaming\OfferBox
Dossier trouvé: C:\Program Files\OfferBox
-- Fichier ouvert: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
Ligne trouvée: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
Ligne trouvée: user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"...
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{502C038A-DCB8-4C20-9730-FD734ECDB2BA}
Clé trouvée: HKLM\Software\Classes\CLSID\{7B840956-64ED-11DE-B890-694956D89593}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B840956-64ED-11DE-B890-694956D89593}
Clé trouvée: HKLM\Software\Classes\CLSID\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé trouvée: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé trouvée: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fnvfnfnv
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2769726
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2849852
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\fcn
Clé trouvée: HKCU\Software\AppDataLow\Toolbar
Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8391CC7-6D4E-4F8F-A27F-FB92252827C6}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|fnvfnfnv
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (en-US)] **
-- C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
browser.search.defaultenginename, Lphant Web Search
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://search.conduit.com/?ctid=&SearchSource=13
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://search.lphant.com//web?src=ffb&q=
========================================
** Internet Explorer Version [7.0.6002.18005] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Show_ToolBar: yes
Start Page: hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 06/01/2011 (6983 Octet(s))
Fin à: 20:55:14, 06/01/2011
============== E.O.F ==============
Mis à jour par TeamXscript le 03/01/11 à 14:20
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 20:53:20 le 06/01/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86)
fred@PC-DE-FRED (Hewlett-Packard HP Compaq 6730s)
============== RECHERCHE ==============
Fichier trouvé: C:\Users\fred\AppData\Local\vlmckbbp.bat
Fichier trouvé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier trouvé: C:\Program Files\Windows Searchqu Toolbar
Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\conduit
Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\ConduitEngine
Dossier trouvé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\extensions\engine@conduit.com
Dossier trouvé: C:\Program Files\AskTBar
Dossier trouvé: C:\Users\fred\AppData\LocalLow\Conduit
Dossier trouvé: C:\Program Files\Conduit
Dossier trouvé: C:\Users\fred\AppData\LocalLow\ConduitEngine
Dossier trouvé: C:\Program Files\ConduitEngine
Dossier trouvé: C:\Users\fred\AppData\LocalLow\PriceGong
Dossier trouvé: C:\Users\fred\AppData\LocalLow\SearchquTB
Dossier trouvé: C:\Users\fred\AppData\Roaming\OfferBox
Dossier trouvé: C:\Program Files\OfferBox
-- Fichier ouvert: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
Ligne trouvée: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
Ligne trouvée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
Ligne trouvée: user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"...
Ligne trouvée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
Ligne trouvée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
-- Fichier Fermé --
Clé trouvée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé trouvée: HKLM\Software\Classes\CLSID\{502C038A-DCB8-4C20-9730-FD734ECDB2BA}
Clé trouvée: HKLM\Software\Classes\CLSID\{7B840956-64ED-11DE-B890-694956D89593}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B840956-64ED-11DE-B890-694956D89593}
Clé trouvée: HKLM\Software\Classes\CLSID\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé trouvée: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé trouvée: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fnvfnfnv
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2769726
Clé trouvée: HKLM\Software\Classes\Toolbar.CT2849852
Clé trouvée: HKLM\Software\Conduit
Clé trouvée: HKLM\Software\conduitEngine
Clé trouvée: HKCU\Software\fcn
Clé trouvée: HKCU\Software\AppDataLow\Toolbar
Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit
Clé trouvée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé trouvée: HKCU\Software\AppDataLow\Software\PriceGong
Clé trouvée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8391CC7-6D4E-4F8F-A27F-FB92252827C6}
Clé trouvée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Valeur trouvée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|fnvfnfnv
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur trouvée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur trouvée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (en-US)] **
-- C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
browser.search.defaultenginename, Lphant Web Search
browser.search.selectedEngine, Google
browser.startup.homepage, hxxp://search.conduit.com/?ctid=&SearchSource=13
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://search.lphant.com//web?src=ffb&q=
========================================
** Internet Explorer Version [7.0.6002.18005] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Show_ToolBar: yes
Start Page: hxxp://search.conduit.com?SearchSource=10&ctid=CT2849852
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=83&bd=all&pf=cmnb
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 1 Fichier(s)
C:\Ad-Report-SCAN[1].txt - 06/01/2011 (6983 Octet(s))
Fin à: 20:55:14, 06/01/2011
============== E.O.F ==============
Citation :
bonsoir oui j'ai de grosse lacune en informatique en tout cas voici les rapports c'est pas une question de lacune, c'est question d'être prudent sur ce que tu fais sur le net...
/!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
(Sous Vista, il faut cliquer droit sur AD-R et choisir Exécuter en tant qu'administrateur)
/!\ Laisse travailler l'outil /!\
/!\ Pense à réactiver ton antivirus /!\
je croix que tout fonctionne deja mieux
voici le rapport
======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 03/01/11 à 14:20
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:24:35 le 06/01/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86)
fred@PC-DE-FRED (Hewlett-Packard HP Compaq 6730s)
============== ACTION(S) ==============
Fichier supprimé: C:\Users\fred\AppData\Local\vlmckbbp.bat
Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier supprimé: C:\Program Files\Windows Searchqu Toolbar
Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\conduit
Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\ConduitEngine
Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\extensions\engine@conduit.com
Dossier supprimé: C:\Program Files\AskTBar
Dossier supprimé: C:\Users\fred\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\fred\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Users\fred\AppData\LocalLow\PriceGong
Dossier supprimé: C:\Users\fred\AppData\LocalLow\SearchquTB
Dossier supprimé: C:\Users\fred\AppData\Roaming\OfferBox
Dossier supprimé: C:\Program Files\OfferBox
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
Ligne supprimée:
Ligne supprimée:
Ligne supprimée: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
Ligne supprimée: user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"...
Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{502C038A-DCB8-4C20-9730-FD734ECDB2BA}
Clé supprimée: HKLM\Software\Classes\CLSID\{7B840956-64ED-11DE-B890-694956D89593}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B840956-64ED-11DE-B890-694956D89593}
Clé supprimée: HKLM\Software\Classes\CLSID\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé supprimée: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé supprimée: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fnvfnfnv
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2769726
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2849852
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\fcn
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8391CC7-6D4E-4F8F-A27F-FB92252827C6}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|fnvfnfnv
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (en-US)] **
-- C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
browser.search.defaultenginename, Lphant Web Search
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://search.lphant.com//web?src=ffb&q=
========================================
** Internet Explorer Version [7.0.6002.18005] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 110 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 06/01/2011 (7100 Octet(s))
C:\Ad-Report-SCAN[1].txt - 06/01/2011 (7112 Octet(s))
Fin à: 21:27:14, 06/01/2011
============== E.O.F ==============
voici le rapport
======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 03/01/11 à 14:20
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:24:35 le 06/01/2011, Mode normal
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 (X86)
fred@PC-DE-FRED (Hewlett-Packard HP Compaq 6730s)
============== ACTION(S) ==============
Fichier supprimé: C:\Users\fred\AppData\Local\vlmckbbp.bat
Fichier supprimé: C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml
Dossier supprimé: C:\Program Files\Windows Searchqu Toolbar
Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\conduit
Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\ConduitEngine
Dossier supprimé: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\extensions\engine@conduit.com
Dossier supprimé: C:\Program Files\AskTBar
Dossier supprimé: C:\Users\fred\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Users\fred\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine
Dossier supprimé: C:\Users\fred\AppData\LocalLow\PriceGong
Dossier supprimé: C:\Users\fred\AppData\LocalLow\SearchquTB
Dossier supprimé: C:\Users\fred\AppData\Roaming\OfferBox
Dossier supprimé: C:\Program Files\OfferBox
(!) -- Fichiers temporaires supprimés.
-- Fichier ouvert: C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
Ligne supprimée:
Ligne supprimée:
Ligne supprimée: user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT284...
Ligne supprimée: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2849852/CT2849852...
Ligne supprimée: user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13"...
Ligne supprimée: user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C...
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
-- Fichier Fermé --
Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{502C038A-DCB8-4C20-9730-FD734ECDB2BA}
Clé supprimée: HKLM\Software\Classes\CLSID\{7B840956-64ED-11DE-B890-694956D89593}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B840956-64ED-11DE-B890-694956D89593}
Clé supprimée: HKLM\Software\Classes\CLSID\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B8E3703-D5E5-4CD7-AD33-A299206E93B7}
Clé supprimée: HKLM\Software\Classes\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
Clé supprimée: HKLM\Software\Classes\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKLM\Software\Classes\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
Clé supprimée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fnvfnfnv
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2769726
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2849852
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\fcn
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B8391CC7-6D4E-4F8F-A27F-FB92252827C6}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Valeur supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Run|fnvfnfnv
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks|{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
============== SCAN ADDITIONNEL ==============
** Mozilla Firefox Version [3.6.13 (en-US)] **
-- C:\Users\fred\AppData\Roaming\Mozilla\FireFox\Profiles\lhj2elb3.default\Prefs.js --
browser.search.defaultenginename, Lphant Web Search
browser.search.selectedEngine, Google
browser.startup.homepage_override.mstone, rv:1.9.2.13
keyword.URL, hxxp://search.lphant.com//web?src=ffb&q=
========================================
** Internet Explorer Version [7.0.6002.18005] **
[HKCU\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no
[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm
========================================
C:\Program Files\Ad-Remover\Quarantine: 110 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 17 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 06/01/2011 (7100 Octet(s))
C:\Ad-Report-SCAN[1].txt - 06/01/2011 (7112 Octet(s))
Fin à: 21:27:14, 06/01/2011
============== E.O.F ==============
re
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :![]()
Combofix
Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
++++++++++++++++++++++++++++
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
Combofix Sauvegarde-le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, suis les invites puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
<@_@>
++++++++++++++++++++++++++++
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumProbleme trojan, spyware et virus
- ForumVirus malware spyware secure
- ForumProbleme virus spyware avec laposte .fr
- ForumMeilleur anti virus anti spyware, malware
- ForumSpyware malware virus ou rien.
- ForumProbleme de virus malware
- ForumLogicielle anti virus spyware malware
- ForumVirus spyware trojan probleme
- ForumVirus, malware infecte par spyware soft stop
- ForumProbleme virus spyware rapport hijack
- Voir plus
