> Tous les forums > Forum Sécurité
 comment supprimer des barres d'outils ?Sujet résolu
Ajouter un message à la discussion
Pages : [1] 2 3 ... Fin
Page 1 sur 3 [Fin]
roboklex
  Posté le 02/05/2011 @ 12:32 
Aller en bas de la page 
Petite astucienne

Bonjour

Je souhaiterais supprimer plusieurs barres d'outils (msgplus!, u torrent, apps conduit)

Je ne sais absolument pas comment elles sont arrivées la ?

Merci pour votre aide

Publicité
philae
 Posté le 02/05/2011 à 12:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonjour,

elles ont arrivées là lors des téléchargements des logiciels en question. Il faut bien souvent décocher les cases déjà cochées pendant l'installation.

  • Télécharge Ad Remover d'El Desaparecido , C_XX & Chimay8 sur ton Bureau. Autre lien de téléchargement possible.
  • Double-clique sur l'outil pour l'exécuter (Sous Vista ou windows 7, il faut faire un clic droit et l'exécuter en tant qu'administrateur),
  • Lance la recherche et édite le rapport généré par l'outil dans ta prochaine réponse.

ensuite

  • Double-clique sur Ad Remover pour exécuter l'outil (ou clic droit>Exécuter en tant qu'administrateur sous Vista et windows 7),
  • Lance le nettoyage et édite le rapport généré par l'outil dans ta prochaine réponse.


ensuite clique sur le lien de ma signature : AIDE AU DIAGNOSTIC et fait les manips demandées. Revient avec les rapports

roboklex
 Posté le 02/05/2011 à 14:24 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Merci pour votre réponse

Je vais faire tout cela

Je me doute bien qu'elles sont arrivées la lors de téléchargements, le probleme de ce PC est que plusieurs personnes l'utilisenz et parfois sans comprendre ce qu'ils font :(

roboklex
 Posté le 02/05/2011 à 14:29 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Voila le rapport comme demandé :

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 14:25:38 on 02/05/2011, Normal boot

Microsoft Windows XP Professional Szervizcsomag 3 (X86)
user@KRAVECZ-BE3FB62 ( )

============== SEARCH ==============


File found: C:\Program Files\Mozilla FireFox\searchplugins\crawlersrch.xml
File found: C:\WINDOWS\system32\ConduitEngine.tmp
File found: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\prefs.js.ask.bak
Folder found: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\conduit
Folder found: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\ConduitEngine
Folder found: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\extensions\engine@conduit.com
File found: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\searchplugins\conduit.xml
Folder found: C:\Documents and Settings\user\Local Settings\Application Data\Conduit
Folder found: C:\Documents and Settings\user\Application Data\OpenCandy

-- File opened: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\Prefs.js --
Line found: user_pref("CT2269050.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2506565&SearchSource=13");
Line found: user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line found: user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226...
Line found: user_pref("CT2506565.SearchEngine", "Keres%C3%A9s||hxxp://search.conduit.com/Results.aspx?q=UCM_SEAR...
Line found: user_pref("CT2506565.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...
Line found: user_pref("CT2786678.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2905326&SearchSource=13");
Line found: user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278...
Line found: user_pref("CT2905326.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT290...
Line found: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2905326,CT2786678");
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1297251/1292922/HU", "\"0\"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/HU", "\"0\"")...
Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", ...
Line found: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2905326", ...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line found: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2....
Line found: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....
Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",...
Line found: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678...
Line found: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2905326/CT2905326...
Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif...
Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "...
Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "...
Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"...
Line found: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\...
Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...
Line found: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=hu-hu", "\"...
Line found: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line found: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line found: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line found: user_pref("CommunityToolbar.IsEngineShown", true);
Line found: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line found: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line found: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line found: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?FORM...
Line found: user_pref("CommunityToolbar.ToolbarsList", "CT2506565,CT2269050,ConduitEngine,CT2905326,CT2786678");
Line found: user_pref("CommunityToolbar.ToolbarsList2", "CT2506565,CT2269050,CT2905326,CT2786678");
Line found: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 01 2011 20:01:01 GMT+02...
Line found: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line found: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 01 2011 18:09:49 GMT+0200");
Line found: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line found: user_pref("CommunityToolbar.alert.locale", "en");
Line found: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line found: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 01 2011 20:00:57 GMT+0200");
Line found: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Line found: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line found: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line found: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line found: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line found: user_pref("CommunityToolbar.alert.userId", "58531bb8-10cb-4539-afa7-e16ad50ab074");
Line found: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun May 01 2011 20:01:03 GMT+0200");
Line found: user_pref("CommunityToolbar.globalUserId", "7ab8ff7a-26c4-4cd9-a358-11fb9e79d342");
Line found: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line found: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line found: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun May 01 2011 20:01:13 GMT+0200");
Line found: user_pref("ConduitEngine.CTID", "ConduitEngine");
Line found: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 01 2011 20:01:02 GMT+0200");
Line found: user_pref("ConduitEngine.FirstServerDate", "02/08/2011 09");
Line found: user_pref("ConduitEngine.FirstTime", true);
Line found: user_pref("ConduitEngine.FirstTimeFF3", true);
Line found: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line found: user_pref("ConduitEngine.Initialize", true);
Line found: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line found: user_pref("ConduitEngine.InstalledDate", "Tue Feb 08 2011 07:46:16 GMT+0100");
Line found: user_pref("ConduitEngine.IsMulticommunity", false);
Line found: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line found: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line found: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun May 01 2011 18:09:51 GMT+0200");
Line found: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Tue Apr 05 2011 01:06:45 GMT+0200");
Line found: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun May 01 2011 18:26:08 GMT+0200");
Line found: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon May 02 2011 10:11:51 GMT+0200");
Line found: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line found: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon May 02 2011 10:11:51 GMT+0200");
Line found: user_pref("ConduitEngine.UserID", "UN55996421927821655");
Line found: user_pref("ConduitEngine.approveUntrustedApps", true);
Line found: user_pref("ConduitEngine.componentAlertEnabled", true);
Line found: user_pref("ConduitEngine.engineLocale", "hu");
Line found: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun May 01 2011 18:09:51 GMT+0200");
Line found: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 02 2011 11:11:52 GMT+0200");
Line found: user_pref("ConduitEngine.initDone", true);
Line found: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line found: user_pref("ConduitEngine.usagesFlag", 2);
Line found: user_pref("browser.search.defaultengine", "Ask.com");
Line found: user_pref("browser.search.defaultenginename", "Crawler Search");
Line found: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&Sea...
Line found: user_pref("browser.search.order.1", "Crawler Search");
Line found: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line found: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
-- File closed --


Key found: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key found: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key found: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key found: HKLM\Software\Classes\BandooCore.BandooCore
Key found: HKLM\Software\Classes\BandooCore.BandooCore.1
Key found: HKLM\Software\Classes\BandooCore.ResourcesMngr
Key found: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Key found: HKLM\Software\Classes\BandooCore.SettingsMngr
Key found: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Key found: HKLM\Software\Classes\BandooCore.StatisticMngr
Key found: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Key found: HKLM\Software\Classes\Conduit.Engine
Key found: HKLM\Software\Classes\Toolbar.CT2269050
Key found: HKLM\Software\Classes\Toolbar.CT2506565
Key found: HKLM\Software\Classes\Toolbar.CT2643111
Key found: HKLM\Software\Classes\Toolbar.CT2786678
Key found: HKLM\Software\Classes\Toolbar.CT2905326
Key found: HKLM\Software\Classes\AppID\BandooCore.EXE
Key found: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key found: HKLM\Software\bandoo
Key found: HKLM\Software\Conduit
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
Key found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key found: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}

Value found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.5.19 (hu)] ****

Plugins\npwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@itstructures.com/ffactivex (x)
Searchplugins\crawlersrch.xml (hxxp://www.crawler.com/search/dispatcher.aspx?tp=ff&qkw={searchTerms})
Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/)
Searchplugins\eBay-en-GB.xml (hxxp://rover.ebay.com/rover/1/710-47297-17704-2/4)
Searchplugins\polymeta.xml (hxxp://www.polymeta.hu/search/ui7/searchfr.jsp)
Searchplugins\sztaki-en-hu.xml (hxxp://dict.sztaki.hu/dict_search.php)
Searchplugins\vatera.xml (hxxp://www.vatera.hu/listings/index.php)
Searchplugins\wikipedia-hu.xml (hxxp://hu.wikipedia.org/wiki/Speciális:Keresés)
Components\aboutCertError.js
Components\aboutPrivateBrowsing.js
Components\aboutRights.js
Components\aboutRobots.js
Components\aboutSessionRestore.js
Components\nsPostUpdateWin.js
Extensions\performeroptimum@livejasmin.com (Performer Optimum)
HKLM_Extensions|avg@igeared - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared (x)

-- C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default --
Extensions\engine@conduit.com (Conduit Engine )
Extensions\neoncamspublisher@neoncams.com (Neoncams Publisher)
Extensions\performeroptimum@livejasmin.com (Performer Optimum)
Extensions\{061fc861-e9a9-4073-87b7-7bea67f3f8b4} (Messenger Plus Live Hungary Community Toolbar)
Extensions\{6eba7ab6-9866-4c07-a735-5fa9845f81d3} (Messenger Plus HU Community Toolbar)
Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} (DVDVideoSoft Menu)
Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} (uTorrentBar Community Toolbar)
Searchplugins\conduit.xml (hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms} /)
Prefs.js - browser.search.defaultenginename, Crawler Search
Prefs.js - browser.search.defaulturl, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
Prefs.js - browser.startup.homepage, hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.19
Prefs.js - keyword.URL, hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_Main|Default_Search_URL - hxxp://www.google.com/ie
HKCU_Main|Search bar - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60347
HKCU_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Start Page - hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|SearchAssistant - hxxp://www.crawler.com/search/ie.aspx?tb_id=60347
HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKCU_SearchScopes\{0FF1DC69-0AE2-4B6D-B6F2-54BF451FBD9E} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=4c4c5bd5&v=6.10.6.4&i=23&tp=chrome&q={searchTerms...)
HKCU_SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} - "Ask Search" (hxxp://websearch.ask.com/redirect?client=ie&tb=LMW2&o=16062&src=crm&q={searchTer...)
HKCU_SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2} - "Ask" (hxxp://www.plusnetwork.com/s/?q={searchTerms}&iesrc={referrer:source?})
HKCU_SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - "Crawler Search" (hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60347)
HKCU_SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8} - "Web Search" (hxxp://www.searchqu.com/web?src=ieb&q={SearchTerms})
HKCU_SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} - " " (hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT...)
HKCU_Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542} (x)
HKLM_ElevationPolicy\06059ad7-a308-485b-a38d-ee52ab707fad - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\13781ab9-411d-483c-ae91-1a08c0dffedd - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\1e8279cd-586a-4c27-8dc1-c85bfda6f9af - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\327c6a5a-e79c-4b9d-b53d-88ba48a14dfc - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\3ec2bc30-0ba8-473d-b105-58677c6e994d - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\62dbd87c-bbaa-4e70-86de-970be9fbf44b - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\63028738-764c-4a77-93da-9ed5bdf2980a - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\855fa0df-d1c0-4e0b-a0a8-039b2aedf26a - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\d8c78110-5fe8-48c8-8b49-07a4a1a96523 - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\f88b4b42-b95f-4f02-afab-97da77d52fc4 - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC} - C:\Program Files\Bandoo\BndCore.exe (x)
HKLM_ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12} - C:\Program Files\Bandoo\ExtensionsManager.exe (x)
HKLM_ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A} - C:\Program Files\Bandoo\Bandoo.exe (x)
HKLM_ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080} - C:\Program Files\Bandoo\BandooUI.exe (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
C:\Program Files\Ad-Remover\Backup: 1 File(s)

C:\Ad-Report-SCAN[1].txt - 02/05/2011 14:26:27 (16370 Byte(s))

End at: 14:27:01, 02/05/2011

============== E.O.F ==============

roboklex
 Posté le 02/05/2011 à 14:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Voila le second rapport, celui de la fonction Clean :

======= REPORT FROM AD-REMOVER 2.0.0.2,G | ONLY XP/VISTA/7 =======

Updated by TeamXscript on 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
website: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 14:31:23 on 02/05/2011, Normal boot

Microsoft Windows XP Professional Szervizcsomag 3 (X86)
user@KRAVECZ-BE3FB62 ( )

============== ACTION(S) ==============


File deleted: C:\Program Files\Mozilla FireFox\searchplugins\crawlersrch.xml
File deleted: C:\WINDOWS\system32\ConduitEngine.tmp
File deleted: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\prefs.js.ask.bak
Folder deleting error: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\conduit
Folder deleted: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\ConduitEngine
Folder deleting error: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\extensions\engine@conduit.com
File deleted: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\searchplugins\conduit.xml
Folder deleted: C:\Documents and Settings\user\Local Settings\Application Data\Conduit
Folder deleted: C:\Documents and Settings\user\Application Data\OpenCandy

(!) -- Temporary files deleted.


-- File opened: C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default\Prefs.js --
Line deleted: user_pref("CT2269050.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2506565&SearchSource=13");
Line deleted: user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER...
Line deleted: user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226...
Line deleted: user_pref("CT2506565.SearchEngine", "Keres%C3%A9s||hxxp://search.conduit.com/Results.aspx?q=UCM_SEAR...
Line deleted: user_pref("CT2506565.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250...
Line deleted: user_pref("CT2786678.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2905326&SearchSource=13");
Line deleted: user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278...
Line deleted: user_pref("CT2905326.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT290...
Line deleted: user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2905326,CT2786678");
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1297251/1292922/HU", "\"0\"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/HU", "\"0\"")...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2905326", ...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2....
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3....
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63439407619947...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2905326/CT2905326...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF"...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634...
Line deleted: user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=hu-hu", "\"...
Line deleted: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line deleted: user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line deleted: user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line deleted: user_pref("CommunityToolbar.IsEngineShown", true);
Line deleted: user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line deleted: user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line deleted: user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.live.com/results.aspx?FORM...
Line deleted: user_pref("CommunityToolbar.ToolbarsList", "CT2506565,CT2269050,ConduitEngine,CT2905326,CT2786678");
Line deleted: user_pref("CommunityToolbar.ToolbarsList2", "CT2506565,CT2269050,CT2905326,CT2786678");
Line deleted: user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun May 01 2011 20:01:01 GMT+02...
Line deleted: user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line deleted: user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun May 01 2011 18:09:49 GMT+0200");
Line deleted: user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.locale", "en");
Line deleted: user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line deleted: user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun May 01 2011 20:00:57 GMT+0200");
Line deleted: user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1303303927");
Line deleted: user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line deleted: user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line deleted: user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line deleted: user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line deleted: user_pref("CommunityToolbar.alert.userId", "58531bb8-10cb-4539-afa7-e16ad50ab074");
Line deleted: user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun May 01 2011 20:01:03 GMT+0200");
Line deleted: user_pref("CommunityToolbar.globalUserId", "7ab8ff7a-26c4-4cd9-a358-11fb9e79d342");
Line deleted: user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line deleted: user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line deleted: user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun May 01 2011 20:01:13 GMT+0200");
Line deleted: user_pref("ConduitEngine.CTID", "ConduitEngine");
Line deleted: user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun May 01 2011 20:01:02 GMT+0200");
Line deleted: user_pref("ConduitEngine.FirstServerDate", "02/08/2011 09");
Line deleted: user_pref("ConduitEngine.FirstTime", true);
Line deleted: user_pref("ConduitEngine.FirstTimeFF3", true);
Line deleted: user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line deleted: user_pref("ConduitEngine.Initialize", true);
Line deleted: user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line deleted: user_pref("ConduitEngine.InstalledDate", "Tue Feb 08 2011 07:46:16 GMT+0100");
Line deleted: user_pref("ConduitEngine.IsMulticommunity", false);
Line deleted: user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line deleted: user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line deleted: user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun May 01 2011 18:09:51 GMT+0200");
Line deleted: user_pref("ConduitEngine.LastLogin_3.2.3.3", "Tue Apr 05 2011 01:06:45 GMT+0200");
Line deleted: user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun May 01 2011 18:26:08 GMT+0200");
Line deleted: user_pref("ConduitEngine.LastLogin_3.3.3.2", "Mon May 02 2011 10:11:51 GMT+0200");
Line deleted: user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line deleted: user_pref("ConduitEngine.SettingsLastCheckTime", "Mon May 02 2011 10:11:51 GMT+0200");
Line deleted: user_pref("ConduitEngine.UserID", "UN55996421927821655");
Line deleted: user_pref("ConduitEngine.approveUntrustedApps", true);
Line deleted: user_pref("ConduitEngine.componentAlertEnabled", true);
Line deleted: user_pref("ConduitEngine.engineLocale", "hu");
Line deleted: user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun May 01 2011 18:09:51 GMT+0200");
Line deleted: user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Mon May 02 2011 11:11:52 GMT+0200");
Line deleted: user_pref("ConduitEngine.initDone", true);
Line deleted: user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line deleted: user_pref("ConduitEngine.usagesFlag", 2);
Line deleted: user_pref("browser.search.defaultengine", "Ask.com");
Line deleted: user_pref("browser.search.defaultenginename", "Crawler Search");
Line deleted: user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&Sea...
Line deleted: user_pref("browser.search.order.1", "Crawler Search");
Line deleted: user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line deleted: user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
-- File closed --


Key deleted: HKLM\Software\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key deleted: HKLM\Software\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key deleted: HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key deleted: HKLM\Software\Classes\BandooCore.BandooCore
Key deleted: HKLM\Software\Classes\BandooCore.BandooCore.1
Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr
Key deleted: HKLM\Software\Classes\BandooCore.ResourcesMngr.1
Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr
Key deleted: HKLM\Software\Classes\BandooCore.SettingsMngr.1
Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr
Key deleted: HKLM\Software\Classes\BandooCore.StatisticMngr.1
Key deleted: HKLM\Software\Classes\Conduit.Engine
Key deleted: HKLM\Software\Classes\Toolbar.CT2269050
Key deleted: HKLM\Software\Classes\Toolbar.CT2506565
Key deleted: HKLM\Software\Classes\Toolbar.CT2643111
Key deleted: HKLM\Software\Classes\Toolbar.CT2786678
Key deleted: HKLM\Software\Classes\Toolbar.CT2905326
Key deleted: HKLM\Software\Classes\AppID\BandooCore.EXE
Key deleted: HKLM\Software\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key deleted: HKLM\Software\bandoo
Key deleted: HKLM\Software\Conduit
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{18EAB056-9057-F224-FD4C-1F6569C4D8D2}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key deleted: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}

Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{4B3803EA-5230-4DC3-A7FC-33638F3D3542}


============== ADDITIONNAL SCAN ==============

**** Mozilla Firefox Version [3.5.19 (hu)] ****

Plugins\npwachk.dll (Nullsoft, Inc.)
HKLM_MozillaPlugins\@itstructures.com/ffactivex (x)
Searchplugins\creativecommons.xml (hxxp://search.creativecommons.org/)
Searchplugins\eBay-en-GB.xml (hxxp://rover.ebay.com/rover/1/710-47297-17704-2/4)
Searchplugins\polymeta.xml (hxxp://www.polymeta.hu/search/ui7/searchfr.jsp)
Searchplugins\sztaki-en-hu.xml (hxxp://dict.sztaki.hu/dict_search.php)
Searchplugins\vatera.xml (hxxp://www.vatera.hu/listings/index.php)
Searchplugins\wikipedia-hu.xml (hxxp://hu.wikipedia.org/wiki/Speciális:Keresés)
Components\aboutCertError.js
Components\aboutPrivateBrowsing.js
Components\aboutRights.js
Components\aboutRobots.js
Components\aboutSessionRestore.js
Components\nsPostUpdateWin.js
Extensions\performeroptimum@livejasmin.com (Performer Optimum)
HKLM_Extensions|avg@igeared - C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared (x)

-- C:\Documents and Settings\user\Application Data\Mozilla\FireFox\Profiles\q36jpody.default --
Extensions\engine@conduit.com (?)
Extensions\neoncamspublisher@neoncams.com (Neoncams Publisher)
Extensions\performeroptimum@livejasmin.com (Performer Optimum)
Extensions\{061fc861-e9a9-4073-87b7-7bea67f3f8b4} (Messenger Plus Live Hungary Community Toolbar)
Extensions\{6eba7ab6-9866-4c07-a735-5fa9845f81d3} (Messenger Plus HU Community Toolbar)
Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} (DVDVideoSoft Menu)
Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} (uTorrentBar Community Toolbar)
Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.1.19

========================================

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0FF1DC69-0AE2-4B6D-B6F2-54BF451FBD9E} - "AVG Secure Search" (hxxp://search.avg.com/route/?d=4c4c5bd5&v=6.10.6.4&i=23&tp=chrome&q={searchTerms...)
HKLM_ElevationPolicy\06059ad7-a308-485b-a38d-ee52ab707fad - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\13781ab9-411d-483c-ae91-1a08c0dffedd - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\1e8279cd-586a-4c27-8dc1-c85bfda6f9af - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\327c6a5a-e79c-4b9d-b53d-88ba48a14dfc - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\3ec2bc30-0ba8-473d-b105-58677c6e994d - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\62dbd87c-bbaa-4e70-86de-970be9fbf44b - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\63028738-764c-4a77-93da-9ed5bdf2980a - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\855fa0df-d1c0-4e0b-a0a8-039b2aedf26a - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (x)
HKLM_ElevationPolicy\d8c78110-5fe8-48c8-8b49-07a4a1a96523 - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_ElevationPolicy\f88b4b42-b95f-4f02-afab-97da77d52fc4 - C:\Program Files\Messenger_Plus_Live_Hungary\Messenger_Plus_Live_HungaryToolbarHelper.exe (x)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

========================================

C:\Program Files\Ad-Remover\Quarantine: 123 File(s)
C:\Program Files\Ad-Remover\Backup: 15 File(s)

C:\Ad-Report-CLEAN[1].txt - 02/05/2011 14:31:27 (14219 Byte(s))
C:\Ad-Report-SCAN[1].txt - 02/05/2011 14:26:27 (20447 Byte(s))

End at: 14:32:18, 02/05/2011

============== E.O.F ==============

philae
 Posté le 02/05/2011 à 14:45 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

déjà du ménage de fait. J'attends les autres rapports

MBAM et ZHPDiag

Publicité
roboklex
 Posté le 02/05/2011 à 14:47 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Fichier joint : ZHPDiag.Txt

roboklex
 Posté le 02/05/2011 à 15:00 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Et voila le rapport MBAM :

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 6491

Windows 5.1.2600 Szervizcsomag 3
Internet Explorer 8.0.6001.18702

2011.05.02. 14:53:42
mbam-log-2011-05-02 (14-53-42).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 141495
Temps écoulé: 3 minute(s), 38 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

roboklex
 Posté le 02/05/2011 à 15:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

J'espere avoir bien suivi vos instructions

roboklex
 Posté le 02/05/2011 à 15:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Que dois je faire maintenant ?

philae
 Posté le 02/05/2011 à 15:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

ton problème est loin d'être terminé, grosse infection. Vu que je ne m'en occupe plus, je vais demander à un membre GS de venir t'aider.

Que dois je faire maintenant ?

attendre un GS.


Publicité
roboklex
 Posté le 02/05/2011 à 15:34 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Merci de votre réponse

Grosse infection ? De quel type, je suis inquiet maintenant... Est ce vraiment tres grave ?

philae
 Posté le 02/05/2011 à 15:59 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

j'aurais dû mettre grosse infection "possible". Rootkit mais je n'en suis pas certaine. Il faudra qu'on te prenne en charge

roboklex
 Posté le 02/05/2011 à 16:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Merci pour cette réponse qui me rassure un petit peu...

J'attends donc des nouvelles du Groupe Sécurité ou comment faire ?

pear
 Posté le 02/05/2011 à 16:26 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour,

Voyons s'il y a un rootkit ou si l'alerte est due à la seule présence de spdt.sys(légitime )

Télécharge aswMBR.exe sur le bureau
Double clic sur l'icôneimage
image
Puis Scan
image
Le scan fini, cliquer sur "SAVE LOG" et sauvegarder le fichier sur le Bureau,
Copier/Coller le contenu dans la réponse.

Un fichier "MBR.dat" apparait sur le Bureau.
Faites clic droit -> Envoyer vers- > "Dossier compressé".
Conserver ce fichier MBR.zip sur clé Usb

roboklex
 Posté le 02/05/2011 à 17:50 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ok

Voila le rapport MBR :

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Szervizcsomag 3 (build 2600)
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 129):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0xF7AD7000 \WINDOWS\system32\KDCOM.DLL
0xF79E7000 \WINDOWS\system32\BOOTVID.dll
0xF7590000 d347bus.sys
0xF7562000 ACPI.sys
0xF7AD9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7551000 pci.sys
0xF75D7000 isapnp.sys
0xF7B9F000 pciide.sys
0xF7857000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75E7000 MountMgr.sys
0xF7532000 ftdisk.sys
0xF7ADB000 dmload.sys
0xF750C000 dmio.sys
0xF785F000 PartMgr.sys
0xF75F7000 VolSnap.sys
0xF74F4000
0xF7ADD000 d347prt.sys
0xF74DC000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7607000 disk.sys
0xF7617000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF74BC000 fltmgr.sys
0xF74AA000 sr.sys
0xF7627000 PxHelp20.sys
0xF7493000 KSecDD.sys
0xF7406000 Ntfs.sys
0xF73D9000 NDIS.sys
0xF73BF000 Mup.sys
0xF6AF7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF64E1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF64CD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF64A5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF648B000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF7957000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6467000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF795F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6453000 \SystemRoot\system32\DRIVERS\parport.sys
0xF6AE7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7967000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6AD7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7ACF000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF6AC7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF796F000 \SystemRoot\system32\drivers\Afc.sys
0xF6AB7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF6AA7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6430000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7977000 \SystemRoot\system32\drivers\InCDPass.sys
0xF6A97000 \SystemRoot\system32\drivers\InCDRm.sys
0xF6A87000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7667000 \SystemRoot\system32\DRIVERS\splitcam.sys
0xF7677000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0xF7BD3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7393000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6386000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7707000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF798F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6375000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7717000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7997000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF799F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6235000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7727000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79A7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B1F000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF61D7000 \SystemRoot\system32\DRIVERS\update.sys
0xF7377000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7747000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA30D000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2E9000 \SystemRoot\system32\drivers\portcls.sys
0xF7797000 \SystemRoot\system32\drivers\drmk.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B4B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B57000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CEC000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B59000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78BF000 \SystemRoot\System32\drivers\vga.sys
0xF7B5B000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B5D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF61CF000 \SystemRoot\system32\drivers\InCDRec.sys
0xAA25D000 \SystemRoot\system32\drivers\InCDFs.sys
0xF78C7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78CF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF61CB000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA24A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA1F1000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA1CB000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA1A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF77E7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA181000 \SystemRoot\System32\drivers\afd.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\netbios.sys

Publicité
pear
 Posté le 02/05/2011 à 18:13 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Ce rapport ne me semble pas complet.

Mais ce que j'attends ,c'est ceci:

Le scan fini, cliquer sur "SAVE LOG" et sauvegarder le fichier sur le Bureau,
Copier/Coller le contenu dans la réponse.



Modifié par pear le 02/05/2011 18:22
roboklex
 Posté le 02/05/2011 à 18:30 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

J'espere que c'est bon cette fois, j'ai, j'espere fait ce que vous demandiez :

aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 18:28:41
-----------------------------
18:28:41.718 OS Version: Windows 5.1.2600 Szervizcsomag 3
18:28:41.718 Number of processors: 2 586 0xF0D
18:28:41.718 ComputerName: KRAVECZ-BE3FB62 UserName: user
18:28:42.328 Initialize success
18:28:44.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
18:28:44.562 Disk 0 Vendor: Hitachi_HDP725016GLA380 GMBOA5CA Size: 152627MB BusType: 3
18:28:44.562 Device \Driver\atapi -> MajorFunction 860f93a8
18:28:44.562 Disk 0 MBR read error 0
18:28:44.562 Disk 0 MBR scan
18:28:44.562 Disk 0 unknown MBR code
18:28:44.562 MBR BIOS signature not found 0
18:28:44.562 Disk 0 scanning sectors +312560640
18:28:44.562 Disk 0 scanning C:\WINDOWS\system32\drivers
18:28:50.281 Service scanning
18:28:51.078 Disk 0 trace - called modules:
18:28:51.078 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x860f93a8]<<
18:28:51.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8631cab8]
18:28:51.078 3 CLASSPNP.SYS[f7617fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0x86320b00]
18:28:51.078 \Driver\atapi[0x8639c1a8] -> IRP_MJ_CREATE -> 0x860f93a8
18:28:51.078 Scan finished successfully
18:29:07.890 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
18:29:07.890 The log file has been saved successfully to "C:\aswMBR2.txt"

roboklex
 Posté le 02/05/2011 à 20:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Que se passe t il ?

Y t il un gros probleme ?

Ou peut etre que je n'ai pas envoyé le rapport que vous attendiez ?

le sioux
 Posté le 03/05/2011 à 04:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Groupe Sécurité

roboklex

Que se passe t il ?

Y t il un gros probleme ?

Ou peut etre que je n'ai pas envoyé le rapport que vous attendiez ?

C'est bien le rapport qu'attendait Pear cette fois ;) rassure toi tu as bien fait ce qu'il fallait, soi maintenant patient(e) et attends son retour qu'il te donne la suite de la procédure.

Bonne continuation à vous 2.

pear
 Posté le 03/05/2011 à 09:17 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Bonjour,

Le rapport répond "Mbr" inconnu, mais ne fait pas référence à spdt.sys.

Le logiciel AswMbr est tout nouveau, et demande donc une certaine prudence.

On va désactiver Spdt.sys et faire un nouvel examen.

Télécharger DeFogger de Jpshortstuff sur le bureau.

Double cliquer sur DeFogger pour démarrer l'outil.

La fenêtre de DeFogger apparaît
Cliquer sur le bouton Disable pour désactiver les drivers d'émulateurs CD.
Cliquer sur Yes pour continuer
Un message 'Finished!' apparaîtra
Cliquer sur OK
DeFogger demandera de redémarrer la machine, OK

Ne réactivez PAS ces drivers avant la fin de la désinfection
Vous cliquerez sur Enable pour réactiver.

Relancez AswMbr et postez en le nouveau rapport Savelog.

Publicité
roboklex
 Posté le 03/05/2011 à 16:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Bonjour

Désolé de n'avoir pu faire vos recommandations plus tot

Voila le rapport MBR :

aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-03 15:58:14
-----------------------------
15:58:14.312 OS Version: Windows 5.1.2600 Szervizcsomag 3
15:58:14.312 Number of processors: 2 586 0xF0D
15:58:14.312 ComputerName: KRAVECZ-BE3FB62 UserName: user
15:58:14.703 Initialize success
15:58:21.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
15:58:21.640 Disk 0 Vendor: Hitachi_HDP725016GLA380 GMBOA5CA Size: 152627MB BusType: 3
15:58:23.656 Disk 0 MBR read successfully
15:58:23.656 Disk 0 MBR scan
15:58:23.656 Disk 0 unknown MBR code
15:58:25.656 Disk 0 scanning sectors +312560640
15:58:25.671 Disk 0 scanning C:\WINDOWS\system32\drivers
15:58:32.515 Service scanning
15:58:33.421 Disk 0 trace - called modules:
15:58:33.421 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:58:33.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86370ab8]
15:58:33.421 3 CLASSPNP.SYS[f7617fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0x863d5b00]
15:58:33.437 Scan finished successfully
15:59:04.000 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
15:59:04.000 The log file has been saved successfully to "C:\aswMBR3.txt"

Est ce que je peux réactiver les drivers ou dois je patienter ?

J'attends de vos nouvelles

Merci

Cordialement

pear
 Posté le 03/05/2011 à 16:25 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien

Est ce que je peux réactiver les drivers ou dois je patienter ?

Il vaut mieux attendre la fin de la désinfection.

Télécharger TDSSKILLER
- Télécharger le .zip sur le Bureau.
- Extraire son contenu (clic droit >> "Extraire tout...") et valider ;
- Un dossier tdsskiller sera créé sur le Bureau.
image
Cliquer surStart scan pour lancer l'analyse.
Lorsque l'outil a terminé son travail d'inspection
,image ("Malicious objects")
si des fichiers infectés sont détectés,l'action par défaut est"Nettoyer"(Cure) .
Cliquer sur"Continue"


image
Si c'est un fichier suspect, l'action par défaut est Skip( sauter)
Cliquer sur"Continue"
image
S'il vous est demandé de redémarrer:
Cliquer Reboot Now
Sinon cliquer sur Report
Envoyer en réponse:
*- le rapport de TDSSKiller (contenu du fichier SystemDrive\TDSSKiller.Version_Date_Heure_log.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

roboklex
 Posté le 03/05/2011 à 16:36 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Aucune infection n'a été trouvée,

Voila le rapport :

2011/05/03 16:33:54.0000 2140 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 16:33:54.0281 2140 ================================================================================
2011/05/03 16:33:54.0281 2140 SystemInfo:
2011/05/03 16:33:54.0281 2140
2011/05/03 16:33:54.0281 2140 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/03 16:33:54.0281 2140 Product type: Workstation
2011/05/03 16:33:54.0281 2140 ComputerName: KRAVECZ-BE3FB62
2011/05/03 16:33:54.0281 2140 UserName: user
2011/05/03 16:33:54.0281 2140 Windows directory: C:\WINDOWS
2011/05/03 16:33:54.0281 2140 System windows directory: C:\WINDOWS
2011/05/03 16:33:54.0281 2140 Processor architecture: Intel x86
2011/05/03 16:33:54.0281 2140 Number of processors: 2
2011/05/03 16:33:54.0281 2140 Page size: 0x1000
2011/05/03 16:33:54.0281 2140 Boot type: Normal boot
2011/05/03 16:33:54.0281 2140 ================================================================================
2011/05/03 16:33:54.0515 2140 Initialize success
2011/05/03 16:34:07.0765 1236 ================================================================================
2011/05/03 16:34:07.0765 1236 Scan started
2011/05/03 16:34:07.0765 1236 Mode: Manual;
2011/05/03 16:34:07.0765 1236 ================================================================================
2011/05/03 16:34:08.0125 1236 ACPI (5482ff197e59b4ca97ccb1b4740a2949) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/03 16:34:08.0156 1236 ACPIEC (582c901174a7f0733c6fe41c37c9a80b) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/03 16:34:08.0203 1236 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/03 16:34:08.0250 1236 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/05/03 16:34:08.0328 1236 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/03 16:34:08.0500 1236 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/03 16:34:08.0531 1236 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/03 16:34:08.0562 1236 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/03 16:34:08.0609 1236 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/03 16:34:08.0734 1236 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/03 16:34:08.0796 1236 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/05/03 16:34:08.0812 1236 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/05/03 16:34:08.0859 1236 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/03 16:34:08.0921 1236 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/03 16:34:08.0953 1236 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/03 16:34:09.0000 1236 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/03 16:34:09.0015 1236 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/03 16:34:09.0031 1236 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/03 16:34:09.0140 1236 d347bus (5776322f93cdb91086111f5ffbfda2a0) C:\WINDOWS\system32\DRIVERS\d347bus.sys
2011/05/03 16:34:09.0171 1236 d347prt (b49f79ace459763f4e0380071be9cb45) C:\WINDOWS\System32\Drivers\d347prt.sys
2011/05/03 16:34:09.0234 1236 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/03 16:34:09.0312 1236 dmboot (ae717be311722ceebd9a27b57757a123) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/03 16:34:09.0359 1236 dmio (66b7462ad4844052d4a6cbea3aa486a0) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/03 16:34:09.0390 1236 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/03 16:34:09.0437 1236 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/03 16:34:09.0484 1236 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/03 16:34:09.0546 1236 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/03 16:34:09.0578 1236 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/03 16:34:09.0625 1236 FilterService (1edc0df2da14e04504dd3bac21aa32cd) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/05/03 16:34:09.0671 1236 Fips (0986fca8fd7a56d9f1628fe6ef321090) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/03 16:34:09.0718 1236 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/03 16:34:09.0750 1236 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/03 16:34:09.0812 1236 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/05/03 16:34:09.0828 1236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/03 16:34:09.0843 1236 Ftdisk (44225407f69666099c4d4c6bc9cd804d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/03 16:34:09.0937 1236 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/05/03 16:34:10.0000 1236 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/03 16:34:10.0046 1236 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/03 16:34:10.0078 1236 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/03 16:34:10.0140 1236 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/03 16:34:10.0265 1236 i8042prt (d7947ecf17544ced478bd969939db349) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/03 16:34:10.0437 1236 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/05/03 16:34:10.0656 1236 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/03 16:34:10.0703 1236 InCDfs (98e96b6f095e6289c3293b99d0f926b2) C:\WINDOWS\system32\drivers\InCDFs.sys
2011/05/03 16:34:10.0718 1236 InCDPass (0b3e2517cf826020688650d46adf5b05) C:\WINDOWS\system32\drivers\InCDPass.sys
2011/05/03 16:34:10.0734 1236 InCDrec (00ee363ea793a9d8dab5254acbd7d8e6) C:\WINDOWS\system32\drivers\InCDRec.sys
2011/05/03 16:34:10.0750 1236 incdrm (d41ab5be8861aff53851594de58dddfa) C:\WINDOWS\system32\drivers\InCDRm.sys
2011/05/03 16:34:10.0953 1236 IntcAzAudAddService (eb5608fd4f2961517ac9f5cac88b023b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/05/03 16:34:11.0078 1236 intelppm (5182797825b78faba84f7a82603e212d) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/03 16:34:11.0109 1236 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/03 16:34:11.0125 1236 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/03 16:34:11.0140 1236 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/03 16:34:11.0171 1236 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/03 16:34:11.0187 1236 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/03 16:34:11.0265 1236 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/03 16:34:11.0296 1236 isapnp (3685529caa2b14c9632e85e265ba293b) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/03 16:34:11.0328 1236 Kbdclass (51d3342d1a0c19605095405352bb009b) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/03 16:34:11.0343 1236 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/03 16:34:11.0390 1236 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/03 16:34:11.0500 1236 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/05/03 16:34:11.0562 1236 LVRS (e22fd7852e74f04cceb6b8a684a51f3e) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/05/03 16:34:11.0609 1236 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/05/03 16:34:11.0750 1236 LVUVC (e89df2b88ee659954de79827ddf46dc9) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/05/03 16:34:11.0968 1236 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/03 16:34:12.0000 1236 Modem (226b93eb15b1c819fa021a5167c5809d) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/03 16:34:12.0031 1236 Mouclass (705cac1902dcd3e3181a199d7ad40d13) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/03 16:34:12.0078 1236 mouhid (6a79cb27d0e608a45638cd9468269a3e) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/03 16:34:12.0140 1236 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/03 16:34:12.0171 1236 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/03 16:34:12.0218 1236 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/03 16:34:12.0265 1236 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/03 16:34:12.0312 1236 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/03 16:34:12.0343 1236 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/03 16:34:12.0421 1236 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/03 16:34:12.0453 1236 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/03 16:34:12.0484 1236 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/03 16:34:12.0515 1236 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/03 16:34:12.0546 1236 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/03 16:34:12.0656 1236 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/03 16:34:12.0687 1236 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/03 16:34:12.0703 1236 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/03 16:34:12.0718 1236 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/03 16:34:12.0734 1236 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/03 16:34:12.0781 1236 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/03 16:34:12.0875 1236 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/03 16:34:12.0890 1236 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/03 16:34:12.0937 1236 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/03 16:34:12.0968 1236 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/03 16:34:13.0031 1236 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/03 16:34:13.0062 1236 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/03 16:34:13.0125 1236 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/03 16:34:13.0156 1236 Parport (632f154061074a9a1b75ecbba89d8d42) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/03 16:34:13.0171 1236 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/03 16:34:13.0203 1236 ParVdm (4df92a889e7fe15ed3834d288a0271f5) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/03 16:34:13.0250 1236 PCI (b4a9c91cfdd5c68e2e48c0754e3a88f9) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/03 16:34:13.0328 1236 PCIIde (fbf3cc42488fd2ce49f9427240cd5809) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/03 16:34:13.0359 1236 Pcmcia (3defb381b9cdca9d4375bd37a3c0189b) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/03 16:34:13.0484 1236 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/03 16:34:13.0515 1236 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/03 16:34:13.0531 1236 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/03 16:34:13.0562 1236 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/03 16:34:13.0656 1236 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/03 16:34:13.0718 1236 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/03 16:34:13.0734 1236 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/03 16:34:13.0750 1236 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/03 16:34:13.0796 1236 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/03 16:34:13.0812 1236 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/03 16:34:13.0843 1236 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/03 16:34:13.0906 1236 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/03 16:34:13.0937 1236 redbook (3c706fd765482112c3a6d42e1d7b58bb) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/03 16:34:14.0015 1236 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/05/03 16:34:14.0062 1236 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/03 16:34:14.0156 1236 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/03 16:34:14.0156 1236 Serial (87df40b4db611efbdf74c9b3eccab417) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/03 16:34:14.0203 1236 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/03 16:34:14.0265 1236 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/03 16:34:14.0328 1236 SPLITCAM (c7c361a04742ab187e10583bbf4fa975) C:\WINDOWS\system32\DRIVERS\splitcam.sys
2011/05/03 16:34:14.0421 1236 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/03 16:34:14.0453 1236 sr (38e904fb6139945822b929eaf2570ca5) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/03 16:34:14.0500 1236 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/03 16:34:14.0546 1236 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/05/03 16:34:14.0593 1236 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/03 16:34:14.0656 1236 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/03 16:34:14.0671 1236 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/03 16:34:14.0781 1236 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/03 16:34:14.0859 1236 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/03 16:34:14.0921 1236 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/03 16:34:14.0953 1236 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/03 16:34:14.0984 1236 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/03 16:34:15.0031 1236 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/03 16:34:15.0078 1236 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/03 16:34:15.0140 1236 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/03 16:34:15.0203 1236 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/03 16:34:15.0265 1236 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/03 16:34:15.0281 1236 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/03 16:34:15.0312 1236 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/03 16:34:15.0359 1236 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/03 16:34:15.0375 1236 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/03 16:34:15.0390 1236 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/05/03 16:34:15.0421 1236 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/03 16:34:15.0468 1236 VolSnap (9946cfcc7e445e1d846db748299724eb) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/03 16:34:15.0515 1236 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/03 16:34:15.0531 1236 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/03 16:34:15.0640 1236 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/03 16:34:15.0671 1236 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/03 16:34:15.0687 1236 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/03 16:34:15.0812 1236 ================================================================================
2011/05/03 16:34:15.0812 1236 Scan finished
2011/05/03 16:34:15.0812 1236 ================================================================================

pear
 Posté le 03/05/2011 à 17:13 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Astucien


Télécharger MBRCheck GtG
ou là:
Télécharger MBRCheck BleepingComputer
et sauvegarder sur le Bureau :
Sous Vista->Exécuter en tant que Administrateur
- Lancer l'outil par double-clic ; une fenêtre noire apparaîtra.
image
- Patienter une dizaine de secondes pour permettre à l'outil de compléter l'analyse.
- N'exécuter aucune action qui pourrait être proposée ;
appuyez alors alors sur la touche N puis Entrée deux fois.
Si rien n'est détecté, pressez touche Entrée

Dites si vous avez , en vert, le message Windows Xp Mbr code dtected
ou
si c'est ce message qui apparait:
Found non-standard or infected MBR.

roboklex
 Posté le 03/05/2011 à 17:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Je viens de faire ce que vous recommandiez et en vert j'ai bien le message suivant :

Windows Xp Mbr code detected


Pages : [1] 2 3 ... Fin
Page 1 sur 3 [Fin]

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !

 > Tous les forums > Forum Sécurité