Plus d'Explorer.exe

Page 1 sur 1

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Plus d'Explorer.exe Noter :

#1 arriabelle

Member

Groupe : Membres
Messages : 43
Inscrit(e) : 03-août 08

Posté 06 décembre 2011 - 06:05

Bonjour à tous,

Je résumes un peu les symptômes de ce pc (il n'est pas à moi) qui est visiblement infecté par au moins 2 infections différentes. J'ai fait un scan avec Antivir qui m'as dis que le processus Winlogon.exe et Explorer.exe sont infectés par TROJ/Patched.gen. Il me dis aussi que Svchost est infecté par un adware suivi de tout plein de chiffres. J'ai aussi essayer Rescue me d'antivir qui lui me dis qu'il y a une infection adware/RegRevive.A dans une ligne contenant application data/opencandy/pleins de chiffres. Il m'as dis qu'il y avais un exploit java dans un fichier nommé apache/adidas.class. Il y avais aussi une autre infection dont je me rappelles pas, je n'ai pas été capable de terminer le scan avec Rescue me parce-qu'après un moment il me disait que je manquais de mémoire vive.

Les symptômes autres que le fait de ne plus avoir de processus Explorer.exe et de ne pas être capable de l'éxécuter comme nouvelle tâche, on entendais des publicités qui n'étaient pas visibles et le pc fermais de manière aléatoire.

Voici le rapport HJT:

Citation

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:03, on 2011-12-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\taskmgr.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll
O4 - HKLM\..\Run: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFix\Combobatch.bat
O4 - HKLM\..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE /c C:\ComboFixCombobatch.bat
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe -update activex (User 'Default user')
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.updat...b?1301171279171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1301161140734
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.tous...fig_5_1_1_0.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--
End of file - 4473 bytes

et le rapport OTL:

Citation

OTL logfile created on: 2011-12-05 22:44:45 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

511,42 Mb Total Physical Memory | 288,23 Mb Available Physical Memory | 56,36% Memory free
1,22 Gb Paging File | 1,04 Gb Available in Paging File | 84,93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 20,29 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,63 Gb Free Space | 83,46% Space Free | Partition Type: FAT

Computer Name: CLOCLO-4D55E9C4 | User Name: claudine simard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011-12-04 23:15:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011-07-21 12:20:29 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011-04-21 07:55:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe
PRC - [2008-04-14 07:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe

========== Modules (No Company Name) ==========

MOD - [2011-07-21 15:12:32 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008-04-14 07:00:00 | 000,548,864 | ---- | M] () -- C:\WINDOWS\system32\winlogon.exe

========== Win32 Services (SafeList) ==========

SRV - [2011-07-21 12:20:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011-04-21 07:55:37 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010-03-04 21:38:00 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)

========== Driver Services (SafeList) ==========

DRV - [2011-07-21 12:22:41 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011-07-21 12:22:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-06-17 15:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010-06-17 15:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010-04-28 01:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2010-02-11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009-11-12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = GameTop Search - Find Free Full Version Games
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 F8 F2 E8 F9 EB CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.647: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-04-13 00:28:19 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011-12-05 15:50:18 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (uTorrentBar_FR Toolbar) - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\RunOnce: [combofix] C:\ComboFix\CF3734.3XE (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1301171279171 (MUCatalogWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1301161140734 (MUWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.tous...fig_5_1_1_0.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Elf%20Bowling%207%2017%20-%20The%20Last%20Insult/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C8A5F89-4020-4D25-8874-62DDE846FA48}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011-03-22 23:19:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011-12-05 15:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\RK_Quarantine
[2011-12-05 14:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011-12-05 14:09:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011-12-05 14:09:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011-12-05 14:09:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011-12-05 14:09:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011-12-05 14:08:25 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011-12-05 00:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011-12-05 00:09:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011-12-05 00:07:23 | 000,000,000 | ---D | C] -- C:\WinFileReplace
[2011-12-04 21:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira
[2011-12-04 21:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Avira
[2011-12-04 21:37:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011-12-04 21:37:21 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011-12-04 21:37:21 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011-12-04 21:37:21 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011-12-04 21:37:21 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011-12-04 21:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
[2011-11-23 18:48:48 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe
[2011-11-21 17:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment
[2011-11-21 17:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\GameTop.com
[2011-11-21 17:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\GameTop.com
[2011-11-21 17:15:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3024
[2011-11-21 16:36:27 | 088,496,128 | ---- | C] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir
[2011-11-21 15:38:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\AdobeUM
[2011-11-17 13:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft
[2011-11-13 09:10:06 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users.WINDOWS\Documents\kbd32.dll
[2011-11-13 09:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Mes documents\My eBooks
[2011-11-13 09:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Adobe
[2011-11-11 17:24:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Nouveau dossier (2)
[2010-03-25 03:28:46 | 401,790,922 | ---- | C] (Games ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HauntedManorCE.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011-12-05 22:51:43 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-12-05 22:40:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011-12-05 22:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-12-05 15:59:33 | 000,111,872 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011-12-05 15:50:18 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011-12-05 01:36:55 | 000,000,212 | -HS- | M] () -- C:\boot.ini
[2011-12-04 21:54:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-12-04 21:54:07 | 000,001,072 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job
[2011-12-04 21:37:41 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk
[2011-12-04 21:31:11 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
[2011-12-04 21:31:09 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011-12-04 21:31:08 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011-11-23 18:45:34 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe
[2011-11-23 18:37:00 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\HiJackThis.exe
[2011-11-23 11:42:02 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
[2011-11-21 17:48:37 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011-11-21 16:41:46 | 088,496,128 | ---- | M] (Media Contact LLC ) -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\FishdomH2O.exe.vir
[2011-11-19 17:57:04 | 016,636,444 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\06 SEROPOSITIF BOOGIE.mp3
[2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\RegRevive.job
[2011-11-10 12:27:01 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011-11-08 14:58:33 | 000,502,986 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011-11-08 14:58:33 | 000,434,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011-11-08 14:58:33 | 000,082,360 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011-11-08 14:58:33 | 000,068,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011-11-06 04:25:52 | 000,001,097 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011-12-05 15:47:16 | 000,111,872 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2011-12-05 14:09:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011-12-05 14:09:16 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011-12-05 14:09:16 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011-12-05 14:09:16 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011-12-05 14:09:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011-12-04 21:37:41 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Bureau\Avira AntiVir Control Center.lnk
[2011-11-23 18:49:51 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\zrbrbhlq.exe
[2011-11-20 19:40:49 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011-11-20 19:40:49 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011-11-06 04:25:52 | 000,001,097 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Bureau\Raccourci vers The B52's - Love Shack.flv.lnk
[2011-06-29 17:12:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011-05-16 05:11:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011-05-06 01:14:23 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Options
[2011-04-14 18:57:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011-03-29 00:48:28 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-03-27 08:08:27 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011-03-26 20:52:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011-03-26 13:30:48 | 000,502,986 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2011-03-26 13:30:48 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2011-03-26 13:30:48 | 000,082,360 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2011-03-26 13:30:48 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2011-03-26 13:30:12 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\winlogon.exe
[2011-03-26 13:29:43 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011-03-26 13:29:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\sdbinnst.exe
[2011-03-26 13:29:32 | 000,434,324 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011-03-26 13:29:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011-03-26 13:29:32 | 000,068,896 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011-03-26 13:29:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011-03-26 13:29:29 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011-03-26 13:29:25 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011-03-26 13:29:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011-03-26 13:29:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011-03-26 13:29:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011-03-26 13:28:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\lprheelp.dll
[2011-03-26 13:28:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011-03-26 13:28:13 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011-03-26 13:28:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\assr_pfu.exe
[2011-03-26 10:30:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011-03-26 10:30:02 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011-03-26 09:51:04 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011-03-26 09:49:54 | 000,102,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011-03-26 09:42:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011-03-26 09:34:14 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010-01-13 21:41:00 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2010-01-13 21:38:00 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\DirectCOM.dll
[2001-07-12 16:14:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\shelexec.exe
[1998-10-10 23:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2011-05-16 01:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Alwil Software
[2011-04-13 00:08:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Big Fish Games
[2011-04-06 02:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\BOONTY
[2011-06-29 17:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Canneverbe Limited
[2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Casual Arts
[2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DragonsEye Studios
[2011-04-26 16:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Dying for Daylight
[2011-08-22 17:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fenomen Games
[2011-05-17 20:42:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\GameHouse
[2011-05-28 11:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Gogii
[2011-04-06 02:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Intenium
[2011-04-10 10:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear
[2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LittleGamesCompany
[2011-03-28 13:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
[2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Maximize Games
[2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Merscom
[2011-05-16 08:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\MumboJumbo
[2011-05-04 00:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Namco
[2011-05-05 20:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Particles
[2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayFirst
[2011-05-16 07:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PlayPond
[2011-04-08 04:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Registry Helper
[2011-03-28 05:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\RegRevive
[2011-05-10 22:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SOS
[2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Top Evidence
[2011-04-03 11:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\WinZip
[2011-03-26 20:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Zylom
[2011-11-17 13:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\.minecraft
[2011-05-02 12:16:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\A Gypsy's Tale - The Tower of Secrets
[2011-04-10 04:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Application Data
[2011-04-13 14:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artifex Mundi
[2011-05-11 06:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Artogon
[2011-04-13 14:31:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Awem
[2011-03-28 22:28:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\BabylonToolbar
[2011-04-03 05:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Big Fish Games
[2011-08-23 06:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Blue Tea Games
[2011-06-29 17:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Canneverbe Limited
[2011-03-28 10:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Casual Arts
[2011-03-28 06:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Clickteam
[2011-04-03 07:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\CrazyLoader
[2011-06-13 06:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\DragonsEye Studios
[2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight
[2011-04-26 16:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Dying for Daylight Shared
[2011-05-28 10:58:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enki Games
[2011-05-16 09:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Enlightenus
[2011-06-01 19:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS G-Studio
[2011-09-15 07:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\ERS Game Studios
[2011-06-17 00:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Frogwares
[2011-04-09 05:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\FrostWire
[2011-05-16 07:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Fugazo
[2011-04-10 21:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHouse
[2011-04-10 04:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameHousev1002
[2011-05-16 05:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\GameMill Entertainment
[2011-05-16 05:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Ghost Ship Studios
[2011-03-27 20:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\HdO Adventure
[2011-03-27 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\LittleGamesCompany
[2011-07-01 04:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA
[2011-08-17 05:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MA2
[2011-04-26 15:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\margrave3_full
[2011-05-10 17:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Maximize Games
[2011-03-27 08:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Meridian93
[2011-05-17 19:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Merscom
[2011-09-14 07:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Monkey Barrel Games
[2011-04-09 00:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\MSNInstaller
[2011-03-28 05:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\OpenCandy
[2011-07-08 12:55:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Orneon
[2011-07-07 23:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Phantasmat_bf_ce1
[2011-04-15 02:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayFirst
[2011-06-01 08:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PlayPond
[2011-11-21 17:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Playrix Entertainment
[2011-04-08 04:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\RegistryKeys
[2011-04-15 01:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\report
[2011-06-08 22:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SerpentOfIsis
[2011-03-27 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\SpinTop
[2011-03-27 18:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\TikisLab
[2011-04-11 18:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Top Evidence
[2011-06-02 22:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Total Eclipse
[2011-04-04 01:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\UseNeXT
[2011-12-04 21:57:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\uTorrent
[2011-04-08 18:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vast Studios
[2011-05-06 01:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Vogat Interactive
[2011-03-26 21:00:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Zylom
[2011-11-17 16:00:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\RegRevive.job
[2011-12-04 21:51:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job

========== Purity Check ==========

< End of report >

Merci beaucoup de prendre le temps de lire mon message.

Retour en haut of the page up there ^

#2 bernard53

Godlike Member

Groupe : Equipe Sécurité
Messages : 2361
Inscrit(e) : 14-octobre 08

Posté 06 décembre 2011 - 09:46

Bonsoir

Je ne sais pas si la version de Combofix que tu as est récente ou pas donc si elle est récente ceci sinon nouveau téléchargement.

Télécharge ComboFix <ICI>>

Pour les Utilisateurs de VISTA et SEVEN: Clic-droit et choisis "Exécuter en tant qu'administrateur".
Pour VISTA et SEVEN: pas d'installation de la console de récupération.

>> Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée.

Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir préinstallée sur votre PC avant toute suppression de nuisibles.
Elle permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de vous aider plus facilement si jamais votre ordinateur rencontre un problème après une tentative de nettoyage.

Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela est demandé, accepte le Contrat de Licence Utilisateur Final pour l'installer.
>> Une fois sur ton bureau double clique dessus pour le lancer.
Note importante : Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

Lorsque le scan sera complet, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

>>Ne pas cliquer dans la fenêtre de Combofix durant l’analyse, ceci provoquerait le gel du programme

Retour en haut of the page up there ^

#3 arriabelle

Member

Groupe : Membres
Messages : 43
Inscrit(e) : 03-août 08

Posté 07 décembre 2011 - 05:10

Alors voici le log combofix, je tiens à préciser que malgré le fait que le PC était connecté à un modem internet fonctionnel (je pouvais surfer sur le web à partir de ce réseau sur mon iPod touch tout en étant assise devant le pc), Combofix me disait toujours que l'ordinateur n'était pas connecté au net, j'ai quand même fait le scan:

Citation

ComboFix 11-12-06.01 - claudine simard 2011-12-06 22:35:13.2.1 - x86
Lancé depuis: F:\ComboFix.exe
.
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
---- Exécution préalable -------
.
c:\documents and settings\All Users.WINDOWS\Application Data\amqnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\eavnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\kzrnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\onwnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\qyonaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
c:\documents and settings\All Users.WINDOWS\Application Data\umtnaaa.tmp
c:\documents and settings\All Users.WINDOWS\Application Data\yaynaaa.tmp
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\1.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\a.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\b.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\c.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\d.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\e.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\f.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\g.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\h.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\i.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\J.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\k.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\l.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\m.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\n.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\o.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\p.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\q.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\r.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\s.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\t.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\u.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\v.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\w.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\x.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\y.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\PriceGong\Data\z.xml
c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\WINDOWS
c:\documents and settings\oliv gab\WINDOWS
c:\program files\ScanQuery
c:\windows\expl.dat
c:\windows\system32\Cache
c:\windows\system32\config\systemprofile\Application Data\PriceGong
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\1391.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2046.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2229.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\2256.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4256.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\4402.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\5597.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6590.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6783.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\6927.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\7030.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9355.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9387.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9480.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\9837.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\a.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\b.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\c.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\d.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\e.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\f.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\g.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\h.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\i.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\j.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\k.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\l.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\m.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\mru.xml
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\n.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\o.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\p.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\q.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\r.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\s.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\t.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\u.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\v.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\w.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\wlu.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\x.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\y.txt
c:\windows\system32\config\systemprofile\Application Data\PriceGong\Data\z.txt
c:\windows\system32\dllc.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-11-07 au 2011-12-07 ))))))))))))))))))))))))))))))))))))
.
.
2011-12-06 21:31 . 2011-12-06 21:37 -------- d-----w- C:\ZHP
2011-12-06 21:25 . 2011-12-06 21:37 -------- d-----w- c:\program files\ZHPDiag
2011-12-05 20:47 . 2011-12-05 20:59 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-12-05 05:07 . 2011-12-06 22:56 -------- d-----w- C:\WinFileReplace
2011-12-05 02:45 . 2011-12-05 02:45 -------- d-----w- c:\documents and settings\claudine simard.CLOCLO-4D55E9C4\Application Data\Avira
2011-12-05 02:37 . 2011-07-21 17:22 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-05 02:37 . 2011-07-21 17:22 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-05 02:37 . 2010-06-17 20:28 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-12-05 02:37 . 2010-06-17 20:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-12-05 02:37 . 2011-12-05 02:37 -------- d-----w- c:\program files\Avira
2011-11-13 14:09 . 2011-11-13 14:09 -------- d-----w- c:\program files\Fichiers communs\Adobe
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 19:21 . 2011-10-30 19:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:23 . 2011-03-26 14:35 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2011-03-26 18:28 606208 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2011-03-26 18:29 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 15:41 . 2008-07-29 18:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2011-03-26 18:29 220160 ----a-w- c:\windows\system32\oleacc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll
[-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll
.
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[-] 2008-04-14 12:00 . F4B7146C7EED6C4E158DCD9B5266C25A . 851968 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 548864 . . [------] . . c:\windows\system32\dllcache\winlogon.exe
.
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 4C96AB448A3014EBC11E1D3868071391 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . AD6F8920E9BC4ADF4F2844E3ED0D47AF . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-04-14 12:00 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
.
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
.
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\mshtml.dll
[-] 2011-10-03 . 74BED1542D59A83B1B13BCCF73A45D30 . 5971456 . . [8.00.6001.19154] . . c:\windows\system32\dllcache\mshtml.dll
[-] 2011-10-03 . 04B3377227CD337F740A1BE05A33E6D7 . 5972992 . . [8.00.6001.23250] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 87AD8BE7B6A2AA21BD05BAEEC42ADE1C . 5964800 . . [8.00.6001.23141] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 8B82D452F8BFCDC50D1C003957EB4C24 . 5962240 . . [8.00.6001.19046] . . c:\windows\ie8updates\KB2586448-IE8\mshtml.dll
[-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\mshtml.dll
[-] 2010-12-20 . 57840C53F8FA1928AD7A02A61C990401 . 5961216 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\mshtml.dll
[-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\mshtml.dll
[-] 2010-12-20 . 6CEA3DF10D6B27C2A98EBDD4DDBE7646 . 5962240 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\mshtml.dll
[-] 2010-12-20 . 2F7D3FEEB64619984478CBB095461AA3 . 3099136 . . [6.00.2900.6058] . . c:\windows\ie8\mshtml.dll
[-] 2010-12-20 . E8B6DCBC1A066368C307FC19790349F2 . 3099136 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\mshtml.dll
[-] 2010-05-06 . 58AF16DE738F10213E86FEF10836D0E5 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2482017-IE8\mshtml.dll
.
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 3891413139EAABFEFE9B0CA49B5CD395 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . D33CD21D476C3A07DD88F83850A17432 . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 6F5F546A92C7B6AE45DB1D6910781EB0 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 39424 . . [------] . . c:\windows\system32\dllcache\svchost.exe
.
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\wininet.dll
[-] 2011-08-22 . 7DF35C3D173E799F97F208CC5F3B1C93 . 916480 . . [8.00.6001.19131] . . c:\windows\system32\dllcache\wininet.dll
[-] 2011-08-22 . 96F7E8DFF026E48DD7655DBFC47E7944 . 919552 . . [8.00.6001.23227] . . c:\windows\$hf_mig$\KB2586448-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 8B466303E57E69AC1F82849006BADAAD . 919552 . . [8.00.6001.23139] . . c:\windows\$hf_mig$\KB2497640-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . 77C66BD5CED4E555919A5FB713322CDD . 916480 . . [8.00.6001.19044] . . c:\windows\ie8updates\KB2586448-IE8\wininet.dll
[-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\ie8updates\KB2497640-IE8\wininet.dll
[-] 2010-12-20 . AF4EAA3B35A2D206E1902D7CA61B958A . 916480 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3GDR\wininet.dll
[-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\$hf_mig$\KB2482017-IE8\SP3QFE\wininet.dll
[-] 2010-12-20 . 2F0037D24E82840EF1D47B635B37301A . 919552 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\411e135e52ae7643606423f645b8463a\SP3QFE\wininet.dll
[-] 2010-12-20 . 7C135A11B4DA7C4F05EE8C75210B9A87 . 671232 . . [6.00.2900.6058] . . c:\windows\ie8\wininet.dll
[-] 2010-12-20 . 6D9C7A3F1C21F2B1F3332D151140C405 . 672768 . . [6.00.2900.6058] . . c:\windows\$hf_mig$\KB2482017\SP3QFE\wininet.dll
[-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2482017-IE8\wininet.dll
[-] 2010-05-06 . B98E84E2CD3EE25D6D41936352E93112 . 916480 . . [8.00.6001.18923] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3GDR\wininet.dll
[-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-05-06 . C906F4EA76E7BEC9255776E626086B95 . 919040 . . [8.00.6001.23014] . . c:\windows\SoftwareDistribution\Download\20e9dcb0bb08e135c6a58fb5643a8e2d\SP3QFE\wininet.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB2482017$\wininet.dll
.
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[-] 2008-04-14 . 36A608BF354FCC64AD6C0F2B5E2B8806 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[-] 2008-04-14 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 1062400 . . [------] . . c:\windows\system32\dllcache\explorer.exe
.
[-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . ADF88D0996A634B5B13EE8FB9595647D . 153088 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\ole32.dll
[-] 2010-07-16 . A867E538CFD78CB10B3EEF2495C10F00 . 1287680 . . [5.1.2600.6010] . . c:\windows\system32\dllcache\ole32.dll
[-] 2010-07-16 . 210E7ADFEFA2879115612E5C02D410D6 . 1288704 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[-] 2008-04-14 . 9245FAF86A8235D5290A23C010DABD43 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
.
[-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . E441C6889101BEEB1237855D0683C763 . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . A044F43EACDB453AE6DA308DE9BBD51E . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 8B9167A0A9E18E22F31FB4EE2563019A . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-13 . C8B7941F9824E9F4D3D7B9B9BAE14FEE . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
.
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[-] 2009-07-27 . 1B8542F338CDD86929A084A455837158 . 135680 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[-] 2009-07-27 . 988DD1BCDD050B56F28DFCD16BF26C1B . 135680 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[-] 2008-04-14 . E62B0BE3FC855066C872F5B50A6BCD1B . 347136 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
[-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll
.
[-] 2008-04-14 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 09:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\ReinstallBackups\0001\DriverFiles\i386\AGP440.SYS
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\AGP440.SYS
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . C27D0CD76C1982F36387F2E4F67E64A9 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . 8699BC5CF7FDE1292E7F9B56DD043D82 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 12:00 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\mspmsnsv.dll
[-] 2009-01-31 00:33 . 051B1BDECD6DEE18C771B5D5EC7F044D . 27136 . . [11.0.5721.5262] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2008-04-14 12:00 . AA370F0D5B900E13D40E9CB834B5DA10 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
[-] 2010-12-09 . D27A5053A37FB85E8525F998CDC4DE19 . 2071424 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\ntkrnlpa.exe
[-] 2010-12-09 . F2B0235923A03E0FEB5E212B4E9475B6 . 2071424 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
.
[-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[-] 2008-04-14 12:00 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[-] 2008-04-14 . 4BB396EA6CAA50F2208078602549F2F2 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[-] 2008-04-14 . 7EAEC24B85DD04EDAA04A51CB07DF870 . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[-] 2008-04-14 . 75BD925DAB6E5323EDB6D5CFCDEB16D1 . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[-] 2008-04-14 12:00 . 3BA21BD333A1B8B222006E5464D44F49 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[-] 2008-04-14 . 08592889A219F7A60F9865B0EE7CAFF8 . 42496 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[-] 2008-04-14 . A71A42AD584FAD1A8D1EC5D807C6E528 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[-] 2010-12-09 . 360612511AA332B8D3AB295ACA0192CD . 2194816 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\ntoskrnl.exe
[-] 2010-12-09 . 33698C8FAD37228407E62624C334DFE9 . 2194816 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
.
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[-] 2008-04-14 . C1F726EE0B043B074A68992BC4AEF8FD . 178176 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[-] 2008-04-14 . D76B0E8A4ECAD1ADCC75FD14A7ACC54C . 334336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[-] 2008-04-14 . 5D469FE7D63CF5215AF80CFA37BE6897 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[-] 2008-04-14 . E17BBF14DBE41CAB571BBD244F97C25F . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
c:\windows\System32\svchost.exe ... manque !!
c:\windows\explorer.exe ... manque !!
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"= "c:\program files\uTorrentBar_FR\prxtbuTo2.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11c_ActiveX.exe" [2011-10-30 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-04-21 12:55 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-28 08:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-04-13 05:27 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-04-10 01:58 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"WmiApSrv"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"Spooler"=2 (0x2)
"SeaPort"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtLmSsp"=3 (0x3)
"NMSAccess"=2 (0x2)
"Netlogon"=3 (0x3)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"fsssvc"=3 (0x3)
"FontCache3.0.0.0"=3 (0x3)
"Eventlog"=2 (0x2)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Boonty Games"=3 (0x3)
"aspnet_state"=3 (0x3)
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"ALG"=3 (0x3)
.
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
R4 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 135664]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - HELPSVC
*NewlyCreated* - WUAUSERV
.
Contenu du dossier 'Tâches planifiées'
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]
.
2011-12-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-28 08:49]
.
2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-11-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-1409082233-1547161642-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-05 c:\windows\Tasks\User_Feed_Synchronization-{B7C888B0-7B27-492D-A0FD-345EDAF1ADB9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Examen supplémentaire -------
.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-06 23:02
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,e4,ee,57,70,f5,7f,49,88,30,8b,\
.
Heure de fin: 2011-12-06 23:12:46
ComboFix-quarantined-files.txt 2011-12-07 04:12
.
Avant-CF: 21 825 302 528 octets libres
Après-CF: 21 809 262 592 octets libres
.
- - End Of File - - 3AD32AE230AF89D250C113AE77A0BD20

Retour en haut of the page up there ^

#4 bernard53

Godlike Member

Groupe : Equipe Sécurité
Messages : 2361
Inscrit(e) : 14-octobre 08

Posté 07 décembre 2011 - 12:53

ok ceci s.t.p

Ouvre le Menu Démarrer > Exécuter (Touche Windows+ R : en raccourci)

Dans la boîte de dialogue, copie/colle tout ce qui est en citation ci-dessous :

Citation

fsutil file createnew "%userprofile%\bureau\CFScript.txt" 0

Puis valide

2/ Ouvre CFScript.txt (sur ton Bureau) . > copie dedans cette nouvelle citation :

Citation

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E}"=-
[-HKEY_CLASSES_ROOT\clsid\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Mail Scanner"=-
"avast! Antivirus"=-
"avast! Web Scanner"=-

Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture:

Image IPB

http://i75.servimg.c...93/83/cf110.gif

Une fenêtre bleue va apparaître et ComboFix vas de nouveau faire une analyse.

Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Par contre lance bien ComboFix de C: et non de F:

Citation

ComboFix 11-12-06.01
Lancé depuis: F:\ComboFix.exe

Ensuite ceci:

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal " soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL " Personnalisation"

Citation

HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl|FEATURE_BROWSER_EMULATION /rs
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\FeatureControl|feature_enable_ie_compression /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers /s
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 /s
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\drivers.desc /s
%temp%\smtmp\1\*.* /s
%temp%\smtmp\2\*.* /s
%temp%\smtmp\4\*.* /s
nslookup Google /c
SAVEMBR:0
NetSvcs
%systemroot%\system32\drivers\*.sys /lockedfiles
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
netsvcs
/md5start
dwm.exe
taskhost.exe
taskeng.exe
wscntfy.exe
ctfmon.exe
rdpclip.exe
volsnap.sys
sptd.sys
explorer.exe
userinit.exe
winlogon.exe
wininit.exe
tcpip.sys
Sfloppy.sys
Changer.sys
cdrom.sys
disk.sys
ndis.sys
usbscan.sys
usbprint.sys
tdtcp.sys
tdpipe.sys
swmidi.sys
splitter.sys
rdpwd.sys
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
RASACD.SYS
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
Cliquez ici.
ou la
Accueil de Cjoint.com

Retour en haut of the page up there ^

#5 arriabelle

Member

Groupe : Membres
Messages : 43
Inscrit(e) : 03-août 08

Posté 07 décembre 2011 - 08:51

Alors voici le rapport:

http://mydoc.tk/3/logOtl.txt

Comme il n'y a aucunes icones sur le bureau je dois passer par le gestionnaire de tâches pour ouvrir OTL qui se trouves sur une clef USB.

Retour en haut of the page up there ^

#6 bernard53

Godlike Member

Groupe : Equipe Sécurité
Messages : 2361
Inscrit(e) : 14-octobre 08

Posté 07 décembre 2011 - 09:09

arriabelle, le 07 décembre 2011 - 08:51 , dit :

Comme il n'y a aucunes icones sur le bureau je dois passer par le gestionnaire de tâches pour ouvrir OTL qui se trouves sur une clef USB.

* Télécharge sur le bureau RogueKiller (par tigzy)
* Lance le puis valide choix 2.

* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse

Ensuite relance le mais cette fois choisi l'option 6

Puis:

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure-toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case " Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"

Citation

:OTL
SRV - (helpsvc) -- File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_FR Toolbar) - {05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} - C:\Program Files\uTorrentBar_FR\prxtbuTo2.dll (Conduit Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2011-03-28 05:15:56 | 000,416,160 | ---- | M] () -- C:\Documents and Settings\claudine simard.CLOCLO-4D55E9C4\Application Data\OpenCandy\OpenCandy_B01CFB8680DA415D9EC65ED9839C94C9\LatestDLMgr.exe
:Files
:Commands
[createrestorepoint]
[reboot]

* Cliques sur l'icône Correction (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un rapport s'ouvrir "OTL.log"
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Mets le rapport ici car il prend bien de la place.
Cliquez ici.
ou la
Accueil de Cjoint.com

Ensuite:

Installe Malewarebytes' Antimalware,

Malwarebytes : Malwarebytes Anti-Malware PRO removes malware including viruses, spyware, worms and trojans, plus it protects your computer

Prends bien la version FREE
*** Met-le à jour puis choisi, Exécuter un examen complet

*** Si une infection est trouvée, coche la case a coté et valides avec l’Onglet Supprimer la sélection

Poste le rapport final.

Retour en haut of the page up there ^

Page 1 sur 1

Vous ne pouvez pas commencer un sujet
Vous ne pouvez pas répondre à ce sujet

Similar Topics
Sujet	Commencé par	Statistiques	Infos sur le dernier message
Internet Explorer a cessé de fonctionner Ci-joint un rapport de ZHPDiag	mouna	1 réponses 49 vues	Hier, 17:45 Par : Dylav
Internet Explorer plante	pappy13	6 réponses 173 vues	23 mai 2012 - 11:39 Par : leminou
[Résolu] Explorer très lent sous Windows 7 1 2	edetfa	16 réponses 466 vues	18 mai 2012 - 04:08 Par : Tonton
Windows Explorer plante 1 2	soliot	10 réponses 513 vues	05 mai 2012 - 10:58 Par : Tonton
Explorer se ferme tout seul	nicolas2603	1 réponses 180 vues	08 mai 2012 - 05:26 Par : Tonton
[Résolu] CPU souvent à 100% et plantage explorer.exe 1 2 3	Goss70	28 réponses 637 vues	05 mai 2012 - 12:00 Par : Apollo
Explorer a cessé de fonctionner… [1] 1 2 Bug continu depuis le déplacement d'une vidéo sur mon bureau	Lea79	13 réponses 487 vues	06 mai 2012 - 12:51 Par : Tonton
Explorer a cessé de fonctionner… [2]	meresse	2 réponses 109 vues	06 mai 2012 - 06:43 Par : Tonton
Internet Explorer 7 impossible a installer	dragon-druide	4 réponses 3165 vues	09 novembre 2008 - 04:13 Par : Norimael
Favoris Internet Explorer Google Chrome comment importer	australle	2 réponses 389 vues	12 avril 2012 - 04:59 Par : australle