Aller au contenu

angeofvillerest23

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    190

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par angeofvillerest23

  1. angeofvillerest23
    Je viens de refaire le combofix... ComboFix 09-01-21.04 - Stef 2009-01-25 17:33:44.4 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.1982 [GMT 1:00] Lancé depuis: c:\users\Stef\Desktop\Combo-Fix.exe Commutateurs utilisés :: c:\users\Stef\Desktop\CFScript.txt * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\acovcnt.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-25 au 2009-01-25 )))))))))))))))))))))))))))))))))))) . 2009-01-25 01:22 . 2009-01-25 01:58 <REP> d-------- c:\program files\Buyertools Reminder 2009-01-24 21:49 . 2009-01-24 21:49 <REP> d-------- c:\users\All Users\Avira 2009-01-24 21:49 . 2009-01-24 21:49 <REP> d-------- c:\program files\Avira 2009-01-24 21:49 . 2009-01-24 21:49 <REP> d-------- c:\progra~2\Avira 2009-01-24 21:21 . 2009-01-24 21:21 <REP> d-------- c:\users\All Users\NortonInstaller 2009-01-24 21:21 . 2009-01-24 21:21 <REP> d-------- c:\progra~2\NortonInstaller 2009-01-22 21:48 . 2009-01-22 21:48 <REP> d-------- c:\windows\Sun 2009-01-22 21:46 . 2009-01-22 21:45 410,984 --a------ c:\windows\System32\deploytk.dll 2009-01-22 21:45 . 2009-01-22 21:45 <REP> d-------- c:\program files\Java 2009-01-22 20:43 . 2009-01-22 20:43 <REP> d-------- c:\windows\System32\Bayo 2009-01-22 20:31 . 2005-10-10 11:51 909,312 --a------ c:\windows\System32\x9.dll 2009-01-22 20:31 . 2005-06-08 09:58 49,152 --a------ c:\windows\System32\OgcDrvPyx.dll 2009-01-22 20:31 . 2005-06-08 09:57 49,152 --a------ c:\windows\System32\OgcDrvAvmap.dll 2009-01-22 20:31 . 2005-10-12 15:09 45,056 --a------ c:\windows\System32\OgcDrvSuu.dll 2009-01-22 20:30 . 2005-06-22 13:09 139,264 --a------ c:\windows\System32\Polyclip.dll 2009-01-22 20:30 . 2004-06-30 17:05 32,768 --a------ c:\windows\System32\RCalcul.dll 2009-01-22 19:55 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-21 19:39 . 2009-01-21 19:39 <REP> d-------- c:\users\Stef\AppData\Roaming\Ahead 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\users\All Users\WindowsSearch 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\progra~2\WindowsSearch 2009-01-20 20:15 . 2009-01-20 22:27 <REP> d-------- c:\windows\BDOSCAN8 2009-01-20 20:14 . 2009-01-22 20:18 <REP> d-------- c:\program files\FindyKill 2009-01-20 18:58 . 2009-01-20 18:58 <REP> d-------- c:\program files\IncredimailBackup 2009-01-18 21:15 . 2009-01-20 19:37 <REP> d-------- c:\program files\ABC Amber IncrediMail Converter 2009-01-18 19:35 . 2009-01-18 19:35 <REP> d-------- c:\program files\Alwil Software 2009-01-18 15:19 . 2009-01-18 15:19 <REP> d-------- c:\users\Stef\AppData\Roaming\EZ Backup IncrediMail 2009-01-18 02:03 . 2009-01-18 02:05 <REP> d-------- c:\users\Stef\AppData\Roaming\ToutMail 2009-01-18 01:59 . 2003-01-26 15:48 147,456 --a------ c:\windows\System32\vbzip11.dll 2009-01-18 01:59 . 2005-02-28 23:52 102,400 --a------ c:\windows\System32\unzip32.dll 2009-01-18 01:59 . 2005-04-18 16:39 77,824 --a------ c:\windows\System32\ExplorerDir.ocx 2009-01-18 01:59 . 1998-07-13 00:00 21,504 --a------ c:\windows\System32\TABCTFR.DLL 2009-01-18 00:10 . 2009-01-18 00:10 <REP> d-------- c:\program files\WinISO 2009-01-18 00:05 . 2009-01-18 15:59 <REP> d-------- c:\users\Stef\AppData\Roaming\Nero 2009-01-17 22:35 . 2009-01-21 18:56 39 --a------ c:\windows\Irremote.ini 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\users\All Users\Nero 2009-01-17 22:00 . 2009-01-21 19:16 <REP> d-------- c:\program files\Common Files\Nero 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\progra~2\Nero 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\users\All Users\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\users\All Users\IM 2009-01-17 19:13 . 2009-01-18 01:43 <REP> d-------- c:\program files\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\progra~2\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\progra~2\IM 2009-01-17 19:06 . 2009-01-17 19:08 <REP> d-------- c:\program files\adslTV 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\users\All Users\MapInfo 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\progra~2\MapInfo 2009-01-14 18:58 . 2009-01-14 19:00 <REP> d-------- c:\windows\Crystal 2009-01-14 18:58 . 2009-01-14 18:58 <REP> d-------- c:\program files\Seagate Software 2009-01-14 18:57 . 2009-01-14 18:57 <REP> d-------- c:\program files\Fichiers communs 2009-01-02 12:42 . 2009-01-02 12:42 <REP> d-------- C:\MagellanDrivers 2009-01-01 20:41 . 2009-01-21 19:03 <REP> d-------- c:\windows\Windl 2009-01-01 20:24 . 2009-01-01 20:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Disney Interactive Studios 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\users\All Users\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\program files\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\progra~2\Skyline 2009-01-01 19:00 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll 2009-01-01 19:00 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll 2009-01-01 19:00 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll 2009-01-01 19:00 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll 2009-01-01 19:00 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll 2009-01-01 19:00 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll 2009-01-01 18:57 . 2009-01-01 18:57 <REP> d-------- c:\users\Stef\AppData\Roaming\InstallShield 2009-01-01 18:57 . 2009-01-01 19:15 1,002 --a------ c:\windows\disney.ini 2008-12-30 23:02 . 1998-06-17 17:07 57,344 --a------ c:\windows\System32\Mfc42loc.dll 2008-12-30 22:02 . 2008-12-30 22:02 0 --a------ c:\windows\nsreg.dat 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\users\All Users\KONAMI 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\progra~2\KONAMI 2008-12-27 14:27 . 2008-12-27 14:27 <REP> d-------- c:\users\Stef\AppData\Roaming\Media Player Classic 2008-12-26 22:58 . 2008-12-26 22:58 <REP> d-------- c:\program files\K-Lite Codec Pack 2008-12-26 22:58 . 2008-09-24 19:41 839,680 --a------ c:\windows\System32\lameACM.acm 2008-12-26 22:58 . 2008-12-07 19:08 795,648 --a------ c:\windows\System32\xvidcore.dll 2008-12-26 22:58 . 2004-01-25 17:18 217,088 --a------ c:\windows\System32\yv12vfw.dll 2008-12-26 22:58 . 2007-09-04 17:56 164,352 --a------ c:\windows\System32\unrar.dll 2008-12-26 22:58 . 2008-12-07 19:08 130,048 --a------ c:\windows\System32\xvidvfw.dll 2008-12-26 22:58 . 2007-09-21 01:52 118,784 --a------ c:\windows\System32\ac3acm.acm 2008-12-26 22:58 . 2008-12-08 12:53 57,344 --a------ c:\windows\System32\ff_vfw.dll 2008-12-26 22:58 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest 2008-12-26 22:58 . 2008-10-03 13:30 414 --a------ c:\windows\System32\lame_acm.xml 2008-12-26 22:58 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\All Users\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\progra~2\Babylon 2008-12-25 10:47 . 2008-12-31 12:44 138,464 --a------ c:\windows\System32\drivers\PnkBstrK.sys 2008-12-25 10:47 . 2008-12-28 13:56 22,328 --a------ c:\users\Stef\AppData\Roaming\PnkBstrK.sys 2008-12-25 10:46 . 2008-12-28 13:56 2,250,024 --a------ c:\windows\System32\pbsvc.exe 2008-12-25 10:46 . 2008-12-31 12:44 111,928 --a------ c:\windows\System32\PnkBstrB.exe 2008-12-25 10:46 . 2008-12-28 13:56 66,872 --a------ c:\windows\System32\PnkBstrA.exe 2008-12-25 09:51 . 2008-12-25 09:51 <REP> d--hs---- c:\windows\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 20:23 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-24 20:23 --------- d-----w c:\progra~2\Symantec 2009-01-24 20:20 27,744 ----a-w c:\users\All Users\nvModes.dat 2009-01-24 20:20 27,744 ----a-w c:\progra~2\nvModes.dat 2009-01-22 19:43 --------- d-----w c:\program files\Bayo 2009-01-22 18:56 --------- d-----w c:\program files\Windows Mail 2009-01-22 17:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-21 17:57 --------- d-----w c:\program files\Nero 2009-01-21 17:28 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2009-01-20 22:56 --------- d-----w c:\program files\Common Files\LightScribe 2009-01-20 18:35 --------- d-----w c:\program files\eMule 2009-01-18 12:14 1,858,264,425 ----a-w c:\windows\DUMP87d4.tmp 2009-01-18 12:12 --------- d-----w c:\progra~2\HP 2009-01-17 23:07 --------- d-----w c:\progra~2\CyberLink 2009-01-17 18:06 --------- d-----w c:\users\Stef\AppData\Roaming\vlc 2009-01-15 17:27 --------- d-----w c:\progra~2\P4G 2009-01-14 22:29 --------- d-----w c:\users\Stef\AppData\Roaming\MapInfo 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIWE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMITC__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIRE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOS__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIMI__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMICG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIAR__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPSYM.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPIS___.FOT 2009-01-09 10:04 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-09 10:04 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-02 11:42 --------- d-----w c:\program files\Magellan 2009-01-01 18:15 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-12-30 16:47 --------- d-----w c:\program files\Google 2008-12-23 15:33 --------- d--h--r c:\users\Stef\AppData\Roaming\SecuROM 2008-12-23 02:11 --------- d-----w c:\progra~2\Microsoft Help 2008-12-22 09:51 --------- d-----w c:\program files\MSBuild 2008-12-22 09:46 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-12-20 19:47 --------- d-----w c:\program files\MSXML 4.0 2008-12-19 17:40 --------- d-----w c:\program files\PDFCreator 2008-12-07 18:03 --------- d-----w c:\program files\MapInfo 2008-12-07 18:02 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-07 13:14 --------- d-----w c:\users\Stef\AppData\Roaming\HP 2008-12-07 13:13 --------- d-----w c:\progra~2\WEBREG 2008-12-07 12:59 --------- d-----w c:\program files\HP 2008-12-07 12:59 --------- d-----w c:\progra~2\HPSSUPPLY 2008-12-07 12:58 --------- d-----w c:\program files\Common Files\HP 2008-12-07 12:49 --------- d-----w c:\program files\Hewlett-Packard 2008-12-07 12:49 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2008-12-07 12:41 --------- d-----w c:\progra~2\Hewlett-Packard 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-28 12:26 520,192 ----a-w c:\windows\System32\Asus_Camera_ScreenSaver.scr 2008-10-28 12:26 47,672 ----a-w c:\windows\AsScrProlog.exe 2008-10-28 12:26 4,814,371 ----a-w c:\windows\ASUS Camera ScreenSaver.exe 2008-10-28 12:26 33,136 ----a-w c:\windows\ASScrPro.exe 2008-10-28 12:26 281,144 ----a-w c:\windows\ASUS Camera ScreenSaver Uninstaller.exe 2008-10-28 11:58 319,488 ----a-w c:\windows\HideWin.exe 2008-10-28 11:58 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-07-02 02:28 61,440 ----a-w c:\program files\Common Files\CPInstallAction.dll 2008-05-22 16:35 51,962 ----a-w c:\program files\Common Files\banner.jpg 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-06-12 17:34 35,822 ----a-w c:\program files\Common Files\ASPG_icon.ico 2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((( snapshot_2009-01-24_22.09.26.06 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-24 21:06:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-25 16:37:21 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-25 16:37:21 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-24 21:06:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-25 16:37:21 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-25 16:37:21 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 + 2009-01-24 21:30:45 224,639 ----a-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\1036\StructuredQuerySchema.bin - 2009-01-24 20:30:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-24 21:30:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-24 21:30:46 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012009012420090125\index.dat - 2009-01-24 20:30:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-24 21:30:46 49,152 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-24 20:30:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-24 22:09:09 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-24 20:48:58 9,830 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362013965-2266447467-1447862643-1000_UserData.bin + 2009-01-25 09:42:21 10,146 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362013965-2266447467-1447862643-1000_UserData.bin - 2009-01-24 20:48:57 98,776 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-01-25 09:42:21 99,016 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-24 20:48:55 48,712 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-01-25 09:42:20 48,784 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-20 1833296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-12-23 251264] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Buyertools Reminder"="c:\program files\Buyertools Reminder\Reminder.exe" [2008-12-23 6530048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-28 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-28 33136] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-13 c:\windows\RtHDVCpl.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-30 752168] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1362013965-2266447467-1447862643-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7AEDF9B3-E371-4848-9424-1DBAADF7B25E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{52D22DB9-EE1A-43BA-9C6A-BA1C4109C02A}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{8DD95815-3509-462D-A096-DE2FFC35CD2B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{9329ADC0-1AA6-4D99-8C73-278129F1DF28}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{7FA554D6-30BF-4383-AD06-88C2206FBC1F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{F6E9F42B-C60C-4015-9BE0-553DA75486F4}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{0A67B095-E1A9-4F7A-8693-3BF1AC04FBA8}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{6A31382B-F480-4915-BEA1-B70A6D47D843}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{223BE1EA-D3ED-4F0F-94E5-F68BBE71F48C}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{67F7F7A4-4358-44A8-985F-5B64F524AE6D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{3CFBCECF-C1FD-4A4F-87A3-BA752FE16D8B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{95947169-4A23-48DD-863B-E56CE6A7EC91}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{C6107F03-41D1-446A-84EE-E2761B21DF97}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{4DBEE067-DFCC-41CF-AF38-834D0B610337}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{3F7A189A-7A06-464C-92FD-EF3492652BC9}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{E3B70457-3D95-493A-9347-70F3D848B2FF}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{1563F715-8D90-48D7-A0E3-B2C8BE38F580}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{A4EBFFA3-6776-4075-8430-BB7D59F88013}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{16FE7694-1FF3-42F2-880A-0254D9C41DBF}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{EC017D28-ADEF-41E4-9AAD-E0253019B165}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{61763B32-9EC1-46A5-969D-909CFFA57200}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{020610D8-941B-41FF-A393-D7B113D22599}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{C7302ACA-AD7B-427D-914F-3DACBC041E25}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{64AA35AD-A9DA-4D43-B0B1-AA0D53CC6D04}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{9CCB2407-CA2B-4556-A4D7-82C427A7E2A4}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{B09743A1-CEC1-43B6-BFF5-CCF77ABB1869}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{860E22C8-3B33-40A2-B6DF-4A1B1DF7EDF5}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{99AD85E2-8F95-4090-A234-B390ABB96B81}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{DF4E528B-62FD-4154-90BC-065C6A5747EB}"= UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{00330ED1-9763-4113-9CFC-C601300A9359}"= TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{AD583DB9-1D97-4C8F-8638-D5E241FEBCA7}"= UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{9E91C262-1A3F-4297-9A4B-0F8FEDCADC34}"= TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{163F37FF-C78E-41E3-BAEB-D6E010C4E6E4}"= UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{60D8F474-CE77-4868-942D-49842B34DF5F}"= TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-10-28 15416] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-11-16 48128] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-10-28 29736] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15bba829-e476-11dd-9e5b-002354685cdd}] \shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c42add3-b31e-11dd-ad7b-002243c29751}] \shell\AutoRun\command - F:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0a-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - H:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0b-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - I:\BayoAutorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-01-19 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Stef.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [] 2009-01-24 c:\windows\Tasks\User_Feed_Synchronization-{2337A26F-C33D-4352-A344-0891F718C7AE}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{27914077-B4D6-4A0E-9763-76B6E9DD9A81} - c:\program files\Buyertools Reminder\ReminderIE.exe TCP: {EFF219C1-EFC0-44E1-A371-9E3D6EFDC908} = 192.168.1.1 Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll FF - ProfilePath - c:\users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\r8j8eiz3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\program files\Picasa2\npPicasa2.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-25 17:38:28 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(4856) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\windows\system32\btmmhook.dll c:\users\Stef\AppData\Local\Temp\catchme.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\AsLdrSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\windows\System32\rundll32.exe c:\program files\ASUS\SmartLogon\smartlogon.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\PnkBstrA.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\ATK Hotkey\MsgTranAgt.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\ASPG.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\System32\conime.exe c:\combo-fix\hidec.exe c:\windows\System32\rundll32.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\IncrediMail\bin\ImApp.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\combo-fix\Catchme.tmp c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-01-25 17:42:29 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-25 16:41:09 ComboFix2.txt 2009-01-24 21:12:15 ComboFix3.txt 2009-01-23 21:53:04 Avant-CF: 1 899 556 864 octets libres Après-CF: 1,770,008,576 octets libres 384 --- E O F --- 2009-01-25 14:48:27
  2. angeofvillerest23
    qu'ai je mal fait? je ne vois pas...pouvez vous me dire exactement svp
  3. angeofvillerest23
    Voilà le rapport Antivir (toujours sans DD externe): Avira AntiVir Personal Date de création du fichier de rapport : samedi 24 janvier 2009 22:31 La recherche porte sur 1274398 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows Vista Version de Windows :(Service Pack 1) [6.0.6001] Mode Boot : Mode sans échec Identifiant : Stef Nom de l'ordinateur :PC-DE-STEF Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.1.113 2817536 Bytes 14/01/2009 21:24:57 ANTIVIR2.VDF : 7.1.1.172 958464 Bytes 23/01/2009 21:24:59 ANTIVIR3.VDF : 7.1.1.175 29696 Bytes 24/01/2009 21:24:59 Version du moteur: 8.2.0.60 AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56 AESCRIPT.DLL : 8.1.1.32 340347 Bytes 24/01/2009 21:25:04 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.5 393588 Bytes 24/01/2009 21:25:04 AEOFFICE.DLL : 8.1.0.33 196987 Bytes 24/01/2009 21:25:03 AEHEUR.DLL : 8.1.0.86 1552759 Bytes 24/01/2009 21:25:03 AEHELP.DLL : 8.1.2.0 119159 Bytes 24/01/2009 21:25:01 AEGEN.DLL : 8.1.1.10 323957 Bytes 24/01/2009 21:25:01 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.5.2 172405 Bytes 24/01/2009 21:25:00 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: réparer Action secondaire................: supprimer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: marche Fichier mode de recherche........: Tous les fichiers Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : samedi 24 janvier 2009 22:31 La recherche d'objets cachés commence. Impossible d'initialiser le pilote. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '16' processus ont été contrôlés avec '16' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '47' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <VistaOS> C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\Qoobox\Quarantine\C\Windows\System32\dfroxspi.dll.vir [RESULTAT] Contient le cheval de Troie TR/Monder.areo [REMARQUE] Une copie de sécurité a été créée sous le nom 49ed8bf7.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Users\Stef\Desktop\Combo-Fix.exe [0] Type d'archive: RAR SFX (self extracting) --> 32788R22FWJFW\catchme.cfexe [RESULTAT] Contient le cheval de Troie TR/Murdak.A.36 [REMARQUE] Une copie de sécurité a été créée sous le nom 49e88c69.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Users\Stef\Documents\Mes Jeux\pc game-Fallout 3 CrackFix JUST RELOADED!.rar [0] Type d'archive: RAR --> pc game-Fallout 3 CrackFix JUST RELOADED!\FalloutLauncher.exe [RESULTAT] Contient le cheval de Troie TR/Dropper.Gen [REMARQUE] Une copie de sécurité a été créée sous le nom 499b8c6f.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Users\Stef\Downloads\Combo-Fix (2).exe [0] Type d'archive: RAR SFX (self extracting) --> 32788R22FWJFW\catchme.cfexe [RESULTAT] Contient le cheval de Troie TR/Murdak.A.36 [REMARQUE] Une copie de sécurité a été créée sous le nom 49e88f87.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Users\Stef\Downloads\Flash_Disinfector(2).exe [RESULTAT] Contient le modèle de détection du ver WORM/Generic.4084 [REMARQUE] Une copie de sécurité a été créée sous le nom 49dc8f84.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Users\Stef\Downloads\Flash_Disinfector.exe [RESULTAT] Contient le modèle de détection du ver WORM/Generic.4084 [REMARQUE] Une copie de sécurité a été créée sous le nom 49dc8f85.qua ( QUARANTAINE ) [REMARQUE] Fichier supprimé. C:\Windows\System32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' <DATA> Fin de la recherche : samedi 24 janvier 2009 23:14 Temps nécessaire: 43:30 Minute(s) La recherche a été effectuée intégralement 15909 Les répertoires ont été contrôlés 368327 Des fichiers ont été contrôlés 6 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 6 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 6 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 2 Impossible de contrôler des fichiers 368319 Fichiers non infectés 3495 Les archives ont été contrôlées 2 Avertissements 6 Consignes
  4. angeofvillerest23
    Voilà le rapport (sans mon DD externe): ComboFix 09-01-21.04 - Stef 2009-01-24 22:03:25.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.1945 [GMT 1:00] Lancé depuis: c:\users\Stef\Desktop\Combo-Fix.exe Commutateurs utilisés :: c:\users\Stef\Desktop\CFScript.txt * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-24 au 2009-01-24 )))))))))))))))))))))))))))))))))))) . 2009-01-24 22:06 . 2009-01-24 22:06 45,056 --a------ c:\windows\System32\acovcnt.exe 2009-01-24 21:49 . 2009-01-24 21:49 <REP> d-------- c:\users\All Users\Avira 2009-01-24 21:49 . 2009-01-24 21:49 <REP> d-------- c:\program files\Avira 2009-01-24 21:49 . 2009-01-24 21:49 <REP> d-------- c:\progra~2\Avira 2009-01-24 21:21 . 2009-01-24 21:21 <REP> d-------- c:\users\All Users\NortonInstaller 2009-01-24 21:21 . 2009-01-24 21:21 <REP> d-------- c:\progra~2\NortonInstaller 2009-01-22 21:48 . 2009-01-22 21:48 <REP> d-------- c:\windows\Sun 2009-01-22 21:46 . 2009-01-22 21:45 410,984 --a------ c:\windows\System32\deploytk.dll 2009-01-22 21:45 . 2009-01-22 21:45 <REP> d-------- c:\program files\Java 2009-01-22 20:43 . 2009-01-22 20:43 <REP> d-------- c:\windows\System32\Bayo 2009-01-22 20:31 . 2005-10-10 11:51 909,312 --a------ c:\windows\System32\x9.dll 2009-01-22 20:31 . 2005-06-08 09:58 49,152 --a------ c:\windows\System32\OgcDrvPyx.dll 2009-01-22 20:31 . 2005-06-08 09:57 49,152 --a------ c:\windows\System32\OgcDrvAvmap.dll 2009-01-22 20:31 . 2005-10-12 15:09 45,056 --a------ c:\windows\System32\OgcDrvSuu.dll 2009-01-22 20:30 . 2005-06-22 13:09 139,264 --a------ c:\windows\System32\Polyclip.dll 2009-01-22 20:30 . 2004-06-30 17:05 32,768 --a------ c:\windows\System32\RCalcul.dll 2009-01-22 19:55 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-21 19:39 . 2009-01-21 19:39 <REP> d-------- c:\users\Stef\AppData\Roaming\Ahead 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\users\All Users\WindowsSearch 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\progra~2\WindowsSearch 2009-01-20 20:15 . 2009-01-20 22:27 <REP> d-------- c:\windows\BDOSCAN8 2009-01-20 20:14 . 2009-01-22 20:18 <REP> d-------- c:\program files\FindyKill 2009-01-20 18:58 . 2009-01-20 18:58 <REP> d-------- c:\program files\IncredimailBackup 2009-01-18 21:15 . 2009-01-20 19:37 <REP> d-------- c:\program files\ABC Amber IncrediMail Converter 2009-01-18 19:35 . 2009-01-18 19:35 <REP> d-------- c:\program files\Alwil Software 2009-01-18 15:19 . 2009-01-18 15:19 <REP> d-------- c:\users\Stef\AppData\Roaming\EZ Backup IncrediMail 2009-01-18 02:03 . 2009-01-18 02:05 <REP> d-------- c:\users\Stef\AppData\Roaming\ToutMail 2009-01-18 01:59 . 2003-01-26 15:48 147,456 --a------ c:\windows\System32\vbzip11.dll 2009-01-18 01:59 . 2005-02-28 23:52 102,400 --a------ c:\windows\System32\unzip32.dll 2009-01-18 01:59 . 2005-04-18 16:39 77,824 --a------ c:\windows\System32\ExplorerDir.ocx 2009-01-18 01:59 . 1998-07-13 00:00 21,504 --a------ c:\windows\System32\TABCTFR.DLL 2009-01-18 00:10 . 2009-01-18 00:10 <REP> d-------- c:\program files\WinISO 2009-01-18 00:05 . 2009-01-18 15:59 <REP> d-------- c:\users\Stef\AppData\Roaming\Nero 2009-01-17 22:35 . 2009-01-21 18:56 39 --a------ c:\windows\Irremote.ini 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\users\All Users\Nero 2009-01-17 22:00 . 2009-01-21 19:16 <REP> d-------- c:\program files\Common Files\Nero 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\progra~2\Nero 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\users\All Users\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\users\All Users\IM 2009-01-17 19:13 . 2009-01-18 01:43 <REP> d-------- c:\program files\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\progra~2\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\progra~2\IM 2009-01-17 19:06 . 2009-01-17 19:08 <REP> d-------- c:\program files\adslTV 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\users\All Users\MapInfo 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\progra~2\MapInfo 2009-01-14 18:58 . 2009-01-14 19:00 <REP> d-------- c:\windows\Crystal 2009-01-14 18:58 . 2009-01-14 18:58 <REP> d-------- c:\program files\Seagate Software 2009-01-14 18:57 . 2009-01-14 18:57 <REP> d-------- c:\program files\Fichiers communs 2009-01-02 12:42 . 2009-01-02 12:42 <REP> d-------- C:\MagellanDrivers 2009-01-01 20:41 . 2009-01-21 19:03 <REP> d-------- c:\windows\Windl 2009-01-01 20:24 . 2009-01-01 20:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Disney Interactive Studios 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\users\All Users\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\program files\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\progra~2\Skyline 2009-01-01 19:00 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll 2009-01-01 19:00 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll 2009-01-01 19:00 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll 2009-01-01 19:00 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll 2009-01-01 19:00 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll 2009-01-01 19:00 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll 2009-01-01 18:57 . 2009-01-01 18:57 <REP> d-------- c:\users\Stef\AppData\Roaming\InstallShield 2009-01-01 18:57 . 2009-01-01 19:15 1,002 --a------ c:\windows\disney.ini 2008-12-30 23:02 . 1998-06-17 17:07 57,344 --a------ c:\windows\System32\Mfc42loc.dll 2008-12-30 22:02 . 2008-12-30 22:02 0 --a------ c:\windows\nsreg.dat 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\users\All Users\KONAMI 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\progra~2\KONAMI 2008-12-27 14:27 . 2008-12-27 14:27 <REP> d-------- c:\users\Stef\AppData\Roaming\Media Player Classic 2008-12-26 22:58 . 2008-12-26 22:58 <REP> d-------- c:\program files\K-Lite Codec Pack 2008-12-26 22:58 . 2008-09-24 19:41 839,680 --a------ c:\windows\System32\lameACM.acm 2008-12-26 22:58 . 2008-12-07 19:08 795,648 --a------ c:\windows\System32\xvidcore.dll 2008-12-26 22:58 . 2004-01-25 17:18 217,088 --a------ c:\windows\System32\yv12vfw.dll 2008-12-26 22:58 . 2007-09-04 17:56 164,352 --a------ c:\windows\System32\unrar.dll 2008-12-26 22:58 . 2008-12-07 19:08 130,048 --a------ c:\windows\System32\xvidvfw.dll 2008-12-26 22:58 . 2007-09-21 01:52 118,784 --a------ c:\windows\System32\ac3acm.acm 2008-12-26 22:58 . 2008-12-08 12:53 57,344 --a------ c:\windows\System32\ff_vfw.dll 2008-12-26 22:58 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest 2008-12-26 22:58 . 2008-10-03 13:30 414 --a------ c:\windows\System32\lame_acm.xml 2008-12-26 22:58 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\All Users\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\progra~2\Babylon 2008-12-25 10:47 . 2008-12-31 12:44 138,464 --a------ c:\windows\System32\drivers\PnkBstrK.sys 2008-12-25 10:47 . 2008-12-28 13:56 22,328 --a------ c:\users\Stef\AppData\Roaming\PnkBstrK.sys 2008-12-25 10:46 . 2008-12-28 13:56 2,250,024 --a------ c:\windows\System32\pbsvc.exe 2008-12-25 10:46 . 2008-12-31 12:44 111,928 --a------ c:\windows\System32\PnkBstrB.exe 2008-12-25 10:46 . 2008-12-28 13:56 66,872 --a------ c:\windows\System32\PnkBstrA.exe 2008-12-25 09:51 . 2008-12-25 09:51 <REP> d--hs---- c:\windows\ftpcache . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-24 20:23 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-24 20:23 --------- d-----w c:\progra~2\Symantec 2009-01-24 20:20 27,744 ----a-w c:\users\All Users\nvModes.dat 2009-01-24 20:20 27,744 ----a-w c:\progra~2\nvModes.dat 2009-01-22 19:43 --------- d-----w c:\program files\Bayo 2009-01-22 18:56 --------- d-----w c:\program files\Windows Mail 2009-01-22 17:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-21 17:57 --------- d-----w c:\program files\Nero 2009-01-21 17:28 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2009-01-20 22:56 --------- d-----w c:\program files\Common Files\LightScribe 2009-01-20 18:35 --------- d-----w c:\program files\eMule 2009-01-18 12:14 1,858,264,425 ----a-w c:\windows\DUMP87d4.tmp 2009-01-18 12:12 --------- d-----w c:\progra~2\HP 2009-01-17 23:07 --------- d-----w c:\progra~2\CyberLink 2009-01-17 18:06 --------- d-----w c:\users\Stef\AppData\Roaming\vlc 2009-01-15 17:27 --------- d-----w c:\progra~2\P4G 2009-01-14 22:29 --------- d-----w c:\users\Stef\AppData\Roaming\MapInfo 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIWE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMITC__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIRE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOS__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIMI__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMICG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIAR__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPSYM.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPIS___.FOT 2009-01-09 10:04 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-09 10:04 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-02 11:42 --------- d-----w c:\program files\Magellan 2008-12-30 16:47 --------- d-----w c:\program files\Google 2008-12-23 15:33 --------- d--h--r c:\users\Stef\AppData\Roaming\SecuROM 2008-12-23 02:11 --------- d-----w c:\progra~2\Microsoft Help 2008-12-22 09:51 --------- d-----w c:\program files\MSBuild 2008-12-22 09:46 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-12-20 19:47 --------- d-----w c:\program files\MSXML 4.0 2008-12-19 17:40 --------- d-----w c:\program files\PDFCreator 2008-12-07 18:03 --------- d-----w c:\program files\MapInfo 2008-12-07 18:02 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-07 13:14 --------- d-----w c:\users\Stef\AppData\Roaming\HP 2008-12-07 13:13 --------- d-----w c:\progra~2\WEBREG 2008-12-07 12:59 --------- d-----w c:\program files\HP 2008-12-07 12:59 --------- d-----w c:\progra~2\HPSSUPPLY 2008-12-07 12:58 --------- d-----w c:\program files\Common Files\HP 2008-12-07 12:49 --------- d-----w c:\program files\Hewlett-Packard 2008-12-07 12:49 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2008-12-07 12:41 --------- d-----w c:\progra~2\Hewlett-Packard 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-28 12:26 47,672 ----a-w c:\windows\AsScrProlog.exe 2008-10-28 12:26 4,814,371 ----a-w c:\windows\ASUS Camera ScreenSaver.exe 2008-10-28 12:26 33,136 ----a-w c:\windows\ASScrPro.exe 2008-10-28 12:26 281,144 ----a-w c:\windows\ASUS Camera ScreenSaver Uninstaller.exe 2008-10-28 11:58 319,488 ----a-w c:\windows\HideWin.exe 2008-10-28 11:58 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-07-02 02:28 61,440 ----a-w c:\program files\Common Files\CPInstallAction.dll 2008-05-22 16:35 51,962 ----a-w c:\program files\Common Files\banner.jpg 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-06-12 17:34 35,822 ----a-w c:\program files\Common Files\ASPG_icon.ico 2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-23_ 7.20.53.25 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-02 11:44:45 51,200 ----a-w c:\windows\inf\infpub.dat + 2009-01-24 20:21:05 51,200 ----a-w c:\windows\inf\infpub.dat - 2009-01-02 11:44:44 86,016 ----a-w c:\windows\inf\infstor.dat + 2009-01-24 20:21:05 86,016 ----a-w c:\windows\inf\infstor.dat - 2009-01-02 11:44:43 86,016 ----a-w c:\windows\inf\infstrng.dat + 2009-01-24 20:21:05 86,016 ----a-w c:\windows\inf\infstrng.dat - 2009-01-23 06:16:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-24 21:06:41 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-24 21:06:41 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-23 06:17:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-24 21:06:41 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-24 21:06:41 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-01-23 06:01:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-24 20:30:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-23 06:01:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-24 20:30:11 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-23 06:01:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-24 20:30:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-23 06:07:12 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat + 2009-01-24 20:46:21 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat - 2009-01-23 06:06:42 102,094 ----a-w c:\windows\System32\perfc009.dat + 2009-01-23 19:25:08 102,094 ----a-w c:\windows\System32\perfc009.dat - 2009-01-23 06:06:42 124,434 ----a-w c:\windows\System32\perfc00C.dat + 2009-01-23 19:25:08 124,434 ----a-w c:\windows\System32\perfc00C.dat - 2009-01-23 06:06:42 590,082 ----a-w c:\windows\System32\perfh009.dat + 2009-01-23 19:25:08 590,082 ----a-w c:\windows\System32\perfh009.dat - 2009-01-23 06:06:42 672,322 ----a-w c:\windows\System32\perfh00C.dat + 2009-01-23 19:25:08 672,322 ----a-w c:\windows\System32\perfh00C.dat - 2009-01-23 06:18:18 9,514 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362013965-2266447467-1447862643-1000_UserData.bin + 2009-01-24 20:48:58 9,830 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362013965-2266447467-1447862643-1000_UserData.bin - 2009-01-23 06:18:17 97,866 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-01-24 20:48:57 98,776 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-01-22 18:47:37 47,230 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-01-24 20:48:55 48,712 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Instantané actualisé -- . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-20 1833296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-12-23 251264] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-28 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-28 33136] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-13 c:\windows\RtHDVCpl.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-30 752168] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1362013965-2266447467-1447862643-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7AEDF9B3-E371-4848-9424-1DBAADF7B25E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{52D22DB9-EE1A-43BA-9C6A-BA1C4109C02A}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{8DD95815-3509-462D-A096-DE2FFC35CD2B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{9329ADC0-1AA6-4D99-8C73-278129F1DF28}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{7FA554D6-30BF-4383-AD06-88C2206FBC1F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{F6E9F42B-C60C-4015-9BE0-553DA75486F4}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{0A67B095-E1A9-4F7A-8693-3BF1AC04FBA8}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{6A31382B-F480-4915-BEA1-B70A6D47D843}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{223BE1EA-D3ED-4F0F-94E5-F68BBE71F48C}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{67F7F7A4-4358-44A8-985F-5B64F524AE6D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{3CFBCECF-C1FD-4A4F-87A3-BA752FE16D8B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{95947169-4A23-48DD-863B-E56CE6A7EC91}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{C6107F03-41D1-446A-84EE-E2761B21DF97}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{4DBEE067-DFCC-41CF-AF38-834D0B610337}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{3F7A189A-7A06-464C-92FD-EF3492652BC9}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{E3B70457-3D95-493A-9347-70F3D848B2FF}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{1563F715-8D90-48D7-A0E3-B2C8BE38F580}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{A4EBFFA3-6776-4075-8430-BB7D59F88013}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{16FE7694-1FF3-42F2-880A-0254D9C41DBF}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{EC017D28-ADEF-41E4-9AAD-E0253019B165}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{61763B32-9EC1-46A5-969D-909CFFA57200}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{020610D8-941B-41FF-A393-D7B113D22599}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{C7302ACA-AD7B-427D-914F-3DACBC041E25}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{64AA35AD-A9DA-4D43-B0B1-AA0D53CC6D04}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{9CCB2407-CA2B-4556-A4D7-82C427A7E2A4}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{B09743A1-CEC1-43B6-BFF5-CCF77ABB1869}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{860E22C8-3B33-40A2-B6DF-4A1B1DF7EDF5}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{99AD85E2-8F95-4090-A234-B390ABB96B81}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{DF4E528B-62FD-4154-90BC-065C6A5747EB}"= UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{00330ED1-9763-4113-9CFC-C601300A9359}"= TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{AD583DB9-1D97-4C8F-8638-D5E241FEBCA7}"= UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{9E91C262-1A3F-4297-9A4B-0F8FEDCADC34}"= TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{163F37FF-C78E-41E3-BAEB-D6E010C4E6E4}"= UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{60D8F474-CE77-4868-942D-49842B34DF5F}"= TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-10-28 15416] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-11-16 48128] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-10-28 29736] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - SSMDRV *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15bba829-e476-11dd-9e5b-002354685cdd}] \shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c42add3-b31e-11dd-ad7b-002243c29751}] \shell\AutoRun\command - F:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0a-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - H:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0b-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - I:\BayoAutorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-01-19 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Stef.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [] 2009-01-24 c:\windows\Tasks\User_Feed_Synchronization-{2337A26F-C33D-4352-A344-0891F718C7AE}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EFF219C1-EFC0-44E1-A371-9E3D6EFDC908} = 192.168.1.1 Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll FF - ProfilePath - c:\users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\r8j8eiz3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\program files\Picasa2\npPicasa2.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 22:06:45 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\ASUS\SmartLogon\smartlogon.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\AsLdrSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\PnkBstrA.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\ATK Hotkey\MsgTranAgt.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\ASPG.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\combo-fix\hidec.exe c:\windows\ehome\ehmsas.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\IncrediMail\bin\ImApp.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\combo-fix\Catchme.tmp . ************************************************************************** . Heure de fin: 2009-01-24 22:12:12 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-24 21:10:52 ComboFix2.txt 2009-01-23 21:53:04 Avant-CF: 611 880 960 octets libres Après-CF: 362,995,712 octets libres 384 --- E O F --- 2009-01-24 20:19:35
  5. angeofvillerest23
    Comment fait on pour réinstaller le pare feu windows? Pour windows defender, j'ai un message d'erreur quand je tente de le lancer... "échec de l'initialisation de l'application 0x800106ba; Un problème a provoqué l'arrêt du service de ce programme. Pour démarrer le service redémarrer votre ordinateur ou rechercher dans le centre d'aide et de support la méthode de démarrage manuel de ce service. " Que dois je faire? Je fais le scan avec combo fix et je le poste mais je n'ai pas mon DD externe avec moi car je suis chez ds amis (en Gironde y'a eu du vent et j'ai plus d'électricité) Pour bayo, c'est mon logiciel de cartographie...
  6. angeofvillerest23
    Le problème est que j'ai plus de 50 mails à récupérer donc le logiciel bloque quand il y a plus de 50 mails et ça coupe...et j'ai aucun mail de récupérer...alors que dois je faire?
  7. angeofvillerest23
    J'ai essayé de redémarrer windows defender mais j'obtiens toujours le même message.... Voilà le rapport: ComboFix 09-01-21.04 - Stef 2009-01-23 22:43:08.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.1607 [GMT 1:00] Lancé depuis: c:\users\Stef\Desktop\Combo-Fix.exe Commutateurs utilisés :: c:\users\Stef\Desktop\CFScript.txt * Un nouveau point de restauration a été créé FILE :: C:\ARK5274.tmp C:\ARK7F5C.tmp c:\windows\rapidui.exe c:\windows\System32\awtQkHyv.dll c:\windows\System32\cBSjgHWq.dll c:\windows\System32\cbXroNfc.dll c:\windows\System32\dysjmvni.dll c:\windows\System32\famxgxcx.dll c:\windows\System32\kHaXOETL.dll c:\windows\System32\ljJBSkiJ.dll c:\windows\System32\pmrrdcvl.dll g:\resycled\boot.com . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ARK5274.tmp C:\ARK7F5C.tmp c:\windows\rapidui.exe c:\windows\system32\acovcnt.exe c:\windows\System32\awtQkHyv.dll c:\windows\System32\cBSjgHWq.dll c:\windows\System32\cbXroNfc.dll c:\windows\System32\dysjmvni.dll c:\windows\System32\famxgxcx.dll c:\windows\System32\kHaXOETL.dll c:\windows\System32\ljJBSkiJ.dll c:\windows\System32\pmrrdcvl.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 )))))))))))))))))))))))))))))))))))) . 2009-01-22 21:48 . 2009-01-22 21:48 <REP> d-------- c:\windows\Sun 2009-01-22 21:46 . 2009-01-22 21:45 410,984 --a------ c:\windows\System32\deploytk.dll 2009-01-22 21:45 . 2009-01-22 21:45 <REP> d-------- c:\program files\Java 2009-01-22 20:43 . 2009-01-22 20:43 <REP> d-------- c:\windows\System32\Bayo 2009-01-22 20:31 . 2005-10-10 11:51 909,312 --a------ c:\windows\System32\x9.dll 2009-01-22 20:31 . 2005-06-08 09:58 49,152 --a------ c:\windows\System32\OgcDrvPyx.dll 2009-01-22 20:31 . 2005-06-08 09:57 49,152 --a------ c:\windows\System32\OgcDrvAvmap.dll 2009-01-22 20:31 . 2005-10-12 15:09 45,056 --a------ c:\windows\System32\OgcDrvSuu.dll 2009-01-22 20:30 . 2005-06-22 13:09 139,264 --a------ c:\windows\System32\Polyclip.dll 2009-01-22 20:30 . 2004-06-30 17:05 32,768 --a------ c:\windows\System32\RCalcul.dll 2009-01-22 19:55 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-22 18:21 . 2009-01-22 18:21 <REP> d-------- c:\program files\ToniArts 2009-01-22 18:08 . 2008-11-18 19:02 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2009-01-21 19:39 . 2009-01-21 19:39 <REP> d-------- c:\users\Stef\AppData\Roaming\Ahead 2009-01-20 22:59 . 2009-01-20 22:59 <REP> d-------- c:\users\All Users\Avira 2009-01-20 22:59 . 2009-01-20 22:59 <REP> d-------- c:\program files\Avira 2009-01-20 22:59 . 2009-01-20 22:59 <REP> d-------- c:\progra~2\Avira 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\users\All Users\WindowsSearch 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\progra~2\WindowsSearch 2009-01-20 20:15 . 2009-01-20 22:27 <REP> d-------- c:\windows\BDOSCAN8 2009-01-20 20:14 . 2009-01-22 20:18 <REP> d-------- c:\program files\FindyKill 2009-01-20 18:58 . 2009-01-20 18:58 <REP> d-------- c:\program files\IncredimailBackup 2009-01-18 21:15 . 2009-01-20 19:37 <REP> d-------- c:\program files\ABC Amber IncrediMail Converter 2009-01-18 19:35 . 2009-01-18 19:35 <REP> d-------- c:\program files\Alwil Software 2009-01-18 15:19 . 2009-01-18 15:19 <REP> d-------- c:\users\Stef\AppData\Roaming\EZ Backup IncrediMail 2009-01-18 02:03 . 2009-01-18 02:05 <REP> d-------- c:\users\Stef\AppData\Roaming\ToutMail 2009-01-18 01:59 . 2003-01-26 15:48 147,456 --a------ c:\windows\System32\vbzip11.dll 2009-01-18 01:59 . 2005-02-28 23:52 102,400 --a------ c:\windows\System32\unzip32.dll 2009-01-18 01:59 . 2005-04-18 16:39 77,824 --a------ c:\windows\System32\ExplorerDir.ocx 2009-01-18 01:59 . 1998-07-13 00:00 21,504 --a------ c:\windows\System32\TABCTFR.DLL 2009-01-18 00:10 . 2009-01-18 00:10 <REP> d-------- c:\program files\WinISO 2009-01-18 00:05 . 2009-01-18 15:59 <REP> d-------- c:\users\Stef\AppData\Roaming\Nero 2009-01-17 22:35 . 2009-01-21 18:56 39 --a------ c:\windows\Irremote.ini 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\users\All Users\Nero 2009-01-17 22:00 . 2009-01-21 19:16 <REP> d-------- c:\program files\Common Files\Nero 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\progra~2\Nero 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\users\All Users\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\users\All Users\IM 2009-01-17 19:13 . 2009-01-18 01:43 <REP> d-------- c:\program files\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\progra~2\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\progra~2\IM 2009-01-17 19:06 . 2009-01-17 19:08 <REP> d-------- c:\program files\adslTV 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\users\All Users\MapInfo 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\progra~2\MapInfo 2009-01-14 18:58 . 2009-01-14 19:00 <REP> d-------- c:\windows\Crystal 2009-01-14 18:58 . 2009-01-14 18:58 <REP> d-------- c:\program files\Seagate Software 2009-01-14 18:57 . 2009-01-14 18:57 <REP> d-------- c:\program files\Fichiers communs 2009-01-02 12:42 . 2009-01-02 12:42 <REP> d-------- C:\MagellanDrivers 2009-01-01 20:41 . 2009-01-21 19:03 <REP> d-------- c:\windows\Windl 2009-01-01 20:24 . 2009-01-01 20:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Disney Interactive Studios 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\users\All Users\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\program files\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\progra~2\Skyline 2009-01-01 19:00 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll 2009-01-01 19:00 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll 2009-01-01 19:00 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll 2009-01-01 19:00 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll 2009-01-01 19:00 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll 2009-01-01 19:00 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll 2009-01-01 18:57 . 2009-01-01 18:57 <REP> d-------- c:\users\Stef\AppData\Roaming\InstallShield 2009-01-01 18:57 . 2009-01-01 19:15 1,002 --a------ c:\windows\disney.ini 2008-12-30 23:02 . 1998-06-17 17:07 57,344 --a------ c:\windows\System32\Mfc42loc.dll 2008-12-30 22:02 . 2008-12-30 22:02 0 --a------ c:\windows\nsreg.dat 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\users\All Users\KONAMI 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\progra~2\KONAMI 2008-12-27 14:27 . 2008-12-27 14:27 <REP> d-------- c:\users\Stef\AppData\Roaming\Media Player Classic 2008-12-26 22:58 . 2008-12-26 22:58 <REP> d-------- c:\program files\K-Lite Codec Pack 2008-12-26 22:58 . 2008-09-24 19:41 839,680 --a------ c:\windows\System32\lameACM.acm 2008-12-26 22:58 . 2008-12-07 19:08 795,648 --a------ c:\windows\System32\xvidcore.dll 2008-12-26 22:58 . 2004-01-25 17:18 217,088 --a------ c:\windows\System32\yv12vfw.dll 2008-12-26 22:58 . 2007-09-04 17:56 164,352 --a------ c:\windows\System32\unrar.dll 2008-12-26 22:58 . 2008-12-07 19:08 130,048 --a------ c:\windows\System32\xvidvfw.dll 2008-12-26 22:58 . 2007-09-21 01:52 118,784 --a------ c:\windows\System32\ac3acm.acm 2008-12-26 22:58 . 2008-12-08 12:53 57,344 --a------ c:\windows\System32\ff_vfw.dll 2008-12-26 22:58 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest 2008-12-26 22:58 . 2008-10-03 13:30 414 --a------ c:\windows\System32\lame_acm.xml 2008-12-26 22:58 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\All Users\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\progra~2\Babylon 2008-12-25 10:47 . 2008-12-31 12:44 138,464 --a------ c:\windows\System32\drivers\PnkBstrK.sys 2008-12-25 10:47 . 2008-12-28 13:56 22,328 --a------ c:\users\Stef\AppData\Roaming\PnkBstrK.sys 2008-12-25 10:46 . 2008-12-28 13:56 2,250,024 --a------ c:\windows\System32\pbsvc.exe 2008-12-25 10:46 . 2008-12-31 12:44 111,928 --a------ c:\windows\System32\PnkBstrB.exe 2008-12-25 10:46 . 2008-12-28 13:56 66,872 --a------ c:\windows\System32\PnkBstrA.exe 2008-12-25 09:51 . 2008-12-25 09:51 <REP> d--hs---- c:\windows\ftpcache 2008-12-23 16:33 . 2008-12-23 16:33 <REP> dr-h----- c:\users\Stef\AppData\Roaming\SecuROM 2008-12-23 16:33 . 2009-01-01 19:15 107,888 --a------ c:\windows\System32\CmdLineExt.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 21:46 45,056 ----a-w c:\windows\System32\acovcnt.exe 2009-01-22 22:39 27,744 ----a-w c:\users\All Users\nvModes.dat 2009-01-22 22:39 27,744 ----a-w c:\progra~2\nvModes.dat 2009-01-22 19:43 --------- d-----w c:\program files\Bayo 2009-01-22 18:56 --------- d-----w c:\program files\Windows Mail 2009-01-22 17:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-21 17:57 --------- d-----w c:\program files\Nero 2009-01-21 17:28 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2009-01-20 22:56 --------- d-----w c:\program files\Common Files\LightScribe 2009-01-20 18:35 --------- d-----w c:\program files\eMule 2009-01-18 19:35 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-18 18:54 --------- d-----w c:\progra~2\Symantec 2009-01-18 12:14 1,858,264,425 ----a-w c:\windows\DUMP87d4.tmp 2009-01-18 12:12 --------- d-----w c:\progra~2\HP 2009-01-17 23:07 --------- d-----w c:\progra~2\CyberLink 2009-01-17 18:06 --------- d-----w c:\users\Stef\AppData\Roaming\vlc 2009-01-15 17:27 --------- d-----w c:\progra~2\P4G 2009-01-14 22:29 --------- d-----w c:\users\Stef\AppData\Roaming\MapInfo 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIWE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMITC__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIRE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOS__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIMI__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMICG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIAR__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPSYM.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPIS___.FOT 2009-01-09 10:04 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-09 10:04 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-02 11:42 --------- d-----w c:\program files\Magellan 2008-12-30 16:47 --------- d-----w c:\program files\Google 2008-12-23 02:11 --------- d-----w c:\progra~2\Microsoft Help 2008-12-22 09:51 --------- d-----w c:\program files\MSBuild 2008-12-22 09:46 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-12-20 19:47 --------- d-----w c:\program files\MSXML 4.0 2008-12-19 17:40 --------- d-----w c:\program files\PDFCreator 2008-12-07 18:03 --------- d-----w c:\program files\MapInfo 2008-12-07 18:02 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-07 13:14 --------- d-----w c:\users\Stef\AppData\Roaming\HP 2008-12-07 13:13 --------- d-----w c:\progra~2\WEBREG 2008-12-07 12:59 --------- d-----w c:\program files\HP 2008-12-07 12:59 --------- d-----w c:\progra~2\HPSSUPPLY 2008-12-07 12:58 --------- d-----w c:\program files\Common Files\HP 2008-12-07 12:49 --------- d-----w c:\program files\Hewlett-Packard 2008-12-07 12:49 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2008-12-07 12:41 --------- d-----w c:\progra~2\Hewlett-Packard 2008-11-23 15:41 --------- d-----w c:\progra~2\LightScribe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-28 12:26 520,192 ----a-w c:\windows\System32\Asus_Camera_ScreenSaver.scr 2008-10-28 12:26 47,672 ----a-w c:\windows\AsScrProlog.exe 2008-10-28 12:26 4,814,371 ----a-w c:\windows\ASUS Camera ScreenSaver.exe 2008-10-28 12:26 33,136 ----a-w c:\windows\ASScrPro.exe 2008-10-28 12:26 281,144 ----a-w c:\windows\ASUS Camera ScreenSaver Uninstaller.exe 2008-10-28 11:58 319,488 ----a-w c:\windows\HideWin.exe 2008-10-28 11:58 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-07-02 02:28 61,440 ----a-w c:\program files\Common Files\CPInstallAction.dll 2008-05-22 16:35 51,962 ----a-w c:\program files\Common Files\banner.jpg 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-06-12 17:34 35,822 ----a-w c:\program files\Common Files\ASPG_icon.ico 2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-23_ 7.20.53.25 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-23 06:16:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-01-23 21:46:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-01-23 06:16:10 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-01-23 21:46:44 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-01-23 06:16:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-23 21:47:19 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-01-23 21:47:19 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-01-23 06:17:30 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-23 21:47:18 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-01-23 21:47:18 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-01-23 06:01:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-01-23 19:20:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-01-23 06:01:52 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-01-23 19:20:32 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-01-23 06:01:52 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-01-23 19:20:32 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-01-23 06:06:42 102,094 ----a-w c:\windows\System32\perfc009.dat + 2009-01-23 19:25:08 102,094 ----a-w c:\windows\System32\perfc009.dat - 2009-01-23 06:06:42 124,434 ----a-w c:\windows\System32\perfc00C.dat + 2009-01-23 19:25:08 124,434 ----a-w c:\windows\System32\perfc00C.dat - 2009-01-23 06:06:42 590,082 ----a-w c:\windows\System32\perfh009.dat + 2009-01-23 19:25:08 590,082 ----a-w c:\windows\System32\perfh009.dat - 2009-01-23 06:06:42 672,322 ----a-w c:\windows\System32\perfh00C.dat + 2009-01-23 19:25:08 672,322 ----a-w c:\windows\System32\perfh00C.dat - 2009-01-23 06:18:18 9,514 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362013965-2266447467-1447862643-1000_UserData.bin + 2009-01-23 19:21:14 9,554 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1362013965-2266447467-1447862643-1000_UserData.bin - 2009-01-23 06:18:17 97,866 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-01-23 19:21:14 98,118 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-20 1833296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-12-23 251264] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-28 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-28 33136] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-13 c:\windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-30 752168] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1362013965-2266447467-1447862643-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7AEDF9B3-E371-4848-9424-1DBAADF7B25E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{52D22DB9-EE1A-43BA-9C6A-BA1C4109C02A}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{8DD95815-3509-462D-A096-DE2FFC35CD2B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{9329ADC0-1AA6-4D99-8C73-278129F1DF28}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{7FA554D6-30BF-4383-AD06-88C2206FBC1F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{F6E9F42B-C60C-4015-9BE0-553DA75486F4}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{0A67B095-E1A9-4F7A-8693-3BF1AC04FBA8}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{6A31382B-F480-4915-BEA1-B70A6D47D843}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{223BE1EA-D3ED-4F0F-94E5-F68BBE71F48C}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{67F7F7A4-4358-44A8-985F-5B64F524AE6D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{3CFBCECF-C1FD-4A4F-87A3-BA752FE16D8B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{95947169-4A23-48DD-863B-E56CE6A7EC91}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{C6107F03-41D1-446A-84EE-E2761B21DF97}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{4DBEE067-DFCC-41CF-AF38-834D0B610337}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{3F7A189A-7A06-464C-92FD-EF3492652BC9}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{E3B70457-3D95-493A-9347-70F3D848B2FF}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{1563F715-8D90-48D7-A0E3-B2C8BE38F580}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{A4EBFFA3-6776-4075-8430-BB7D59F88013}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{16FE7694-1FF3-42F2-880A-0254D9C41DBF}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{EC017D28-ADEF-41E4-9AAD-E0253019B165}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{61763B32-9EC1-46A5-969D-909CFFA57200}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{020610D8-941B-41FF-A393-D7B113D22599}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{C7302ACA-AD7B-427D-914F-3DACBC041E25}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{64AA35AD-A9DA-4D43-B0B1-AA0D53CC6D04}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{9CCB2407-CA2B-4556-A4D7-82C427A7E2A4}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{B09743A1-CEC1-43B6-BFF5-CCF77ABB1869}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{860E22C8-3B33-40A2-B6DF-4A1B1DF7EDF5}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{99AD85E2-8F95-4090-A234-B390ABB96B81}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{DF4E528B-62FD-4154-90BC-065C6A5747EB}"= UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{00330ED1-9763-4113-9CFC-C601300A9359}"= TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{AD583DB9-1D97-4C8F-8638-D5E241FEBCA7}"= UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{9E91C262-1A3F-4297-9A4B-0F8FEDCADC34}"= TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{163F37FF-C78E-41E3-BAEB-D6E010C4E6E4}"= UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{60D8F474-CE77-4868-942D-49842B34DF5F}"= TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-10-28 15416] R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-22 110160] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-10-28 29736] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-11-16 48128] R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-22 20560] R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-22 51792] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15bba829-e476-11dd-9e5b-002354685cdd}] \shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c42add3-b31e-11dd-ad7b-002243c29751}] \shell\AutoRun\command - F:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0a-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - H:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0b-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - I:\BayoAutorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-01-19 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Stef.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [] 2009-01-23 c:\windows\Tasks\User_Feed_Synchronization-{2337A26F-C33D-4352-A344-0891F718C7AE}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EFF219C1-EFC0-44E1-A371-9E3D6EFDC908} = 192.168.1.1 Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll FF - ProfilePath - c:\users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\r8j8eiz3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\program files\Picasa2\npPicasa2.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 22:47:36 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(4244) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\windows\system32\btmmhook.dll c:\users\Stef\AppData\Local\Temp\catchme.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\ASUS\SmartLogon\smartlogon.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\AsLdrSrv.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\ATK Hotkey\MsgTranAgt.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\ASPG.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\PnkBstrA.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\conime.exe c:\combo-fix\hidec.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\windows\ehome\ehmsas.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\IncrediMail\bin\ImApp.exe c:\windows\System32\dllhost.exe c:\combo-fix\Catchme.tmp . ************************************************************************** . Heure de fin: 2009-01-23 22:53:02 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-23 21:51:39 Avant-CF: 1 070 743 552 octets libres Après-CF: 946,139,136 octets libres 425 --- E O F --- 2009-01-23 19:13:17
  8. angeofvillerest23
    Voilà le rapport... ComboFix 09-01-21.04 - Stef 2009-01-23 7:07:24.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.1590 [GMT 1:00] Lancé depuis: c:\users\Stef\Desktop\Combo-Fix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\resycled c:\windows\system32\acovcnt.exe c:\windows\system32\AJPprtAy.ini c:\windows\System32\AJPprtAy.ini2 c:\windows\system32\bjemnfcn.ini c:\windows\system32\cirfgyxg.ini c:\windows\system32\cvsvmmyb.ini c:\windows\system32\dfroxspi.dll c:\windows\system32\ebmckcda.ini c:\windows\system32\fLSvCfhk.ini c:\windows\system32\fLSvCfhk.ini2 c:\windows\system32\GhkTCcdd.ini c:\windows\system32\hqrqrrvq.ini c:\windows\system32\hwfwueqi.ini c:\windows\system32\ifcxyorx.ini c:\windows\system32\invmjsyd.ini c:\windows\system32\ipsxorfd.ini c:\windows\system32\jlopWyay.ini c:\windows\System32\jlopWyay.ini2 c:\windows\System32\JTsCbJjl.ini c:\windows\system32\JTsCbJjl.ini2 c:\windows\system32\jTttAcdd.ini c:\windows\System32\jTttAcdd.ini2 c:\windows\system32\jvfkdggh.ini c:\windows\system32\kaojtqmh.ini c:\windows\system32\kfwdcecg.ini c:\windows\system32\lpfhwptq.ini c:\windows\system32\lvcdrrmp.ini c:\windows\system32\mcrh.tmp c:\windows\system32\MloWvyay.ini c:\windows\System32\monopqru.ini c:\windows\System32\monopqru.ini2 c:\windows\system32\NoUwyGgh.ini c:\windows\System32\NoUwyGgh.ini2 c:\windows\system32\nwvfweul.ini c:\windows\system32\pkmefivb.ini c:\windows\system32\prccqfme.ini c:\windows\system32\qqdwwwks.ini c:\windows\system32\salylcdo.ini c:\windows\system32\sgliabvx.ini c:\windows\system32\tyhercui.ini c:\windows\system32\vwxmoxsc.ini c:\windows\System32\WFghgMoq.ini c:\windows\System32\WFghgMoq.ini2 c:\windows\System32\XadeLRqr.ini c:\windows\System32\XadeLRqr.ini2 c:\windows\system32\xcxgxmaf.ini c:\windows\system32\xhejyvew.ini c:\windows\system32\xlqwxhkk.ini c:\windows\system32\xsrleodk.ini c:\windows\system32\xsyxsehe.ini c:\windows\system32\xxrnfoxi.ini c:\windows\system32\yayWpolj.dll c:\windows\system32\yqsxupcl.ini D:\resycled G:\resycled g:\resycled\boot.com . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-23 au 2009-01-23 )))))))))))))))))))))))))))))))))))) . 2009-01-22 21:48 . 2009-01-22 21:48 <REP> d-------- c:\windows\Sun 2009-01-22 21:46 . 2009-01-22 21:45 410,984 --a------ c:\windows\System32\deploytk.dll 2009-01-22 21:45 . 2009-01-22 21:45 <REP> d-------- c:\program files\Java 2009-01-22 20:43 . 2009-01-22 20:43 <REP> d-------- c:\windows\System32\Bayo 2009-01-22 20:31 . 2005-10-10 11:51 909,312 --a------ c:\windows\System32\x9.dll 2009-01-22 20:31 . 2005-06-08 09:58 49,152 --a------ c:\windows\System32\OgcDrvPyx.dll 2009-01-22 20:31 . 2005-06-08 09:57 49,152 --a------ c:\windows\System32\OgcDrvAvmap.dll 2009-01-22 20:31 . 2005-10-12 15:09 45,056 --a------ c:\windows\System32\OgcDrvSuu.dll 2009-01-22 20:30 . 2005-06-22 13:09 139,264 --a------ c:\windows\System32\Polyclip.dll 2009-01-22 20:30 . 2004-06-30 17:05 32,768 --a------ c:\windows\System32\RCalcul.dll 2009-01-22 19:55 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-22 18:21 . 2009-01-22 18:21 <REP> d-------- c:\program files\ToniArts 2009-01-22 18:08 . 2008-11-18 19:02 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2009-01-21 19:39 . 2009-01-21 19:39 <REP> d-------- c:\users\Stef\AppData\Roaming\Ahead 2009-01-20 23:09 . 2009-01-20 23:09 0 --a------ C:\ARK5274.tmp 2009-01-20 23:03 . 2009-01-20 23:03 0 --a------ C:\ARK7F5C.tmp 2009-01-20 22:59 . 2009-01-20 22:59 <REP> d-------- c:\users\All Users\Avira 2009-01-20 22:59 . 2009-01-20 22:59 <REP> d-------- c:\program files\Avira 2009-01-20 22:59 . 2009-01-20 22:59 <REP> d-------- c:\progra~2\Avira 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\users\All Users\WindowsSearch 2009-01-20 20:51 . 2009-01-20 20:51 <REP> d-------- c:\progra~2\WindowsSearch 2009-01-20 20:15 . 2009-01-20 22:27 <REP> d-------- c:\windows\BDOSCAN8 2009-01-20 20:14 . 2009-01-22 20:18 <REP> d-------- c:\program files\FindyKill 2009-01-20 18:58 . 2009-01-20 18:58 <REP> d-------- c:\program files\IncredimailBackup 2009-01-18 21:15 . 2009-01-20 19:37 <REP> d-------- c:\program files\ABC Amber IncrediMail Converter 2009-01-18 19:35 . 2009-01-18 19:35 <REP> d-------- c:\program files\Alwil Software 2009-01-18 15:19 . 2009-01-18 15:19 <REP> d-------- c:\users\Stef\AppData\Roaming\EZ Backup IncrediMail 2009-01-18 15:12 . 2009-01-18 15:12 442,880 --a------ c:\windows\rapidui.exe 2009-01-18 02:03 . 2009-01-18 02:05 <REP> d-------- c:\users\Stef\AppData\Roaming\ToutMail 2009-01-18 01:59 . 2003-01-26 15:48 147,456 --a------ c:\windows\System32\vbzip11.dll 2009-01-18 01:59 . 2005-02-28 23:52 102,400 --a------ c:\windows\System32\unzip32.dll 2009-01-18 01:59 . 2005-04-18 16:39 77,824 --a------ c:\windows\System32\ExplorerDir.ocx 2009-01-18 01:59 . 1998-07-13 00:00 21,504 --a------ c:\windows\System32\TABCTFR.DLL 2009-01-18 00:10 . 2009-01-18 00:10 <REP> d-------- c:\program files\WinISO 2009-01-18 00:05 . 2009-01-18 15:59 <REP> d-------- c:\users\Stef\AppData\Roaming\Nero 2009-01-17 22:35 . 2009-01-21 18:56 39 --a------ c:\windows\Irremote.ini 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\users\All Users\Nero 2009-01-17 22:00 . 2009-01-21 19:16 <REP> d-------- c:\program files\Common Files\Nero 2009-01-17 22:00 . 2009-01-21 19:15 <REP> d-------- c:\progra~2\Nero 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\users\All Users\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\users\All Users\IM 2009-01-17 19:13 . 2009-01-18 01:43 <REP> d-------- c:\program files\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:13 <REP> d-------- c:\progra~2\IncrediMail 2009-01-17 19:13 . 2009-01-17 19:16 <REP> d-------- c:\progra~2\IM 2009-01-17 19:06 . 2009-01-17 19:08 <REP> d-------- c:\program files\adslTV 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\users\All Users\MapInfo 2009-01-14 23:29 . 2009-01-14 23:29 <REP> d-------- c:\progra~2\MapInfo 2009-01-14 18:58 . 2009-01-14 19:00 <REP> d-------- c:\windows\Crystal 2009-01-14 18:58 . 2009-01-14 18:58 <REP> d-------- c:\program files\Seagate Software 2009-01-14 18:57 . 2009-01-14 18:57 <REP> d-------- c:\program files\Fichiers communs 2009-01-13 06:23 . 2009-01-13 06:23 272,432 --a------ c:\windows\System32\cBSjgHWq.dll 2009-01-13 05:23 . 2009-01-13 05:23 272,432 --a------ c:\windows\System32\ljJBSkiJ.dll 2009-01-13 02:22 . 2009-01-13 02:22 272,432 --a------ c:\windows\System32\kHaXOETL.dll 2009-01-13 00:22 . 2009-01-13 00:22 272,432 --a------ c:\windows\System32\awtQkHyv.dll 2009-01-10 17:08 . 2009-01-10 17:08 273,689 --a------ c:\windows\System32\cbXroNfc.dll 2009-01-02 12:42 . 2009-01-02 12:42 <REP> d-------- C:\MagellanDrivers 2009-01-01 20:41 . 2009-01-21 19:03 <REP> d-------- c:\windows\Windl 2009-01-01 20:24 . 2009-01-01 20:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Disney Interactive Studios 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\users\All Users\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\program files\Skyline 2009-01-01 19:46 . 2009-01-01 19:46 <REP> d-------- c:\progra~2\Skyline 2009-01-01 19:00 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll 2009-01-01 19:00 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll 2009-01-01 19:00 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll 2009-01-01 19:00 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll 2009-01-01 19:00 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll 2009-01-01 19:00 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll 2009-01-01 18:57 . 2009-01-01 18:57 <REP> d-------- c:\users\Stef\AppData\Roaming\InstallShield 2009-01-01 18:57 . 2009-01-01 19:15 1,002 --a------ c:\windows\disney.ini 2009-01-01 12:12 . 2009-01-01 12:12 90,112 --a------ c:\windows\System32\pmrrdcvl.dll 2008-12-30 23:02 . 1998-06-17 17:07 57,344 --a------ c:\windows\System32\Mfc42loc.dll 2008-12-30 22:02 . 2008-12-30 22:02 0 --a------ c:\windows\nsreg.dat 2008-12-30 17:55 . 2008-12-30 17:55 89,088 --a------ c:\windows\System32\dysjmvni.dll 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\users\All Users\KONAMI 2008-12-29 00:46 . 2008-12-29 00:46 <REP> d-------- c:\progra~2\KONAMI 2008-12-27 14:27 . 2008-12-27 14:27 <REP> d-------- c:\users\Stef\AppData\Roaming\Media Player Classic 2008-12-26 22:58 . 2008-12-26 22:58 <REP> d-------- c:\program files\K-Lite Codec Pack 2008-12-26 22:58 . 2008-09-24 19:41 839,680 --a------ c:\windows\System32\lameACM.acm 2008-12-26 22:58 . 2008-12-07 19:08 795,648 --a------ c:\windows\System32\xvidcore.dll 2008-12-26 22:58 . 2004-01-25 17:18 217,088 --a------ c:\windows\System32\yv12vfw.dll 2008-12-26 22:58 . 2007-09-04 17:56 164,352 --a------ c:\windows\System32\unrar.dll 2008-12-26 22:58 . 2008-12-07 19:08 130,048 --a------ c:\windows\System32\xvidvfw.dll 2008-12-26 22:58 . 2007-09-21 01:52 118,784 --a------ c:\windows\System32\ac3acm.acm 2008-12-26 22:58 . 2008-12-08 12:53 57,344 --a------ c:\windows\System32\ff_vfw.dll 2008-12-26 22:58 . 2007-07-10 17:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest 2008-12-26 22:58 . 2008-10-03 13:30 414 --a------ c:\windows\System32\lame_acm.xml 2008-12-26 22:58 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini 2008-12-26 17:57 . 2008-12-26 17:57 89,600 --a------ c:\windows\System32\famxgxcx.dll 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\Stef\AppData\Roaming\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\users\All Users\Babylon 2008-12-25 14:24 . 2008-12-25 14:24 <REP> d-------- c:\progra~2\Babylon 2008-12-25 10:47 . 2008-12-31 12:44 138,464 --a------ c:\windows\System32\drivers\PnkBstrK.sys 2008-12-25 10:47 . 2008-12-28 13:56 22,328 --a------ c:\users\Stef\AppData\Roaming\PnkBstrK.sys 2008-12-25 10:46 . 2008-12-28 13:56 2,250,024 --a------ c:\windows\System32\pbsvc.exe 2008-12-25 10:46 . 2008-12-31 12:44 111,928 --a------ c:\windows\System32\PnkBstrB.exe 2008-12-25 10:46 . 2008-12-28 13:56 66,872 --a------ c:\windows\System32\PnkBstrA.exe 2008-12-25 09:51 . 2008-12-25 09:51 <REP> d--hs---- c:\windows\ftpcache 2008-12-23 16:33 . 2008-12-23 16:33 <REP> dr-h----- c:\users\Stef\AppData\Roaming\SecuROM 2008-12-23 16:33 . 2009-01-01 19:15 107,888 --a------ c:\windows\System32\CmdLineExt.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-23 06:16 45,056 ----a-w c:\windows\System32\acovcnt.exe 2009-01-22 22:39 27,744 ----a-w c:\users\All Users\nvModes.dat 2009-01-22 22:39 27,744 ----a-w c:\progra~2\nvModes.dat 2009-01-22 19:43 --------- d-----w c:\program files\Bayo 2009-01-22 18:56 --------- d-----w c:\program files\Windows Mail 2009-01-22 17:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-21 17:57 --------- d-----w c:\program files\Nero 2009-01-21 17:28 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2009-01-20 22:56 --------- d-----w c:\program files\Common Files\LightScribe 2009-01-20 18:35 --------- d-----w c:\program files\eMule 2009-01-18 19:35 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-01-18 18:54 --------- d-----w c:\progra~2\Symantec 2009-01-18 12:14 1,858,264,425 ----a-w c:\windows\DUMP87d4.tmp 2009-01-18 12:12 --------- d-----w c:\progra~2\HP 2009-01-17 23:07 --------- d-----w c:\progra~2\CyberLink 2009-01-17 18:06 --------- d-----w c:\users\Stef\AppData\Roaming\vlc 2009-01-15 17:27 --------- d-----w c:\progra~2\P4G 2009-01-14 22:29 --------- d-----w c:\users\Stef\AppData\Roaming\MapInfo 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIWE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMITC__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIRE__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOS__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIOG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIMI__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMICG__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\TTMIAR__.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPSYM.FOT 2009-01-14 17:58 1,409 ----a-w c:\windows\Fonts\MAPIS___.FOT 2009-01-09 10:04 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-01-09 10:04 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-02 11:42 --------- d-----w c:\program files\Magellan 2008-12-30 16:47 --------- d-----w c:\program files\Google 2008-12-23 02:11 --------- d-----w c:\progra~2\Microsoft Help 2008-12-22 09:51 --------- d-----w c:\program files\MSBuild 2008-12-22 09:46 --------- d-----w c:\program files\Microsoft Visual Studio 8 2008-12-20 19:47 --------- d-----w c:\program files\MSXML 4.0 2008-12-19 17:40 --------- d-----w c:\program files\PDFCreator 2008-12-07 18:03 --------- d-----w c:\program files\MapInfo 2008-12-07 18:02 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-07 13:14 --------- d-----w c:\users\Stef\AppData\Roaming\HP 2008-12-07 13:13 --------- d-----w c:\progra~2\WEBREG 2008-12-07 12:59 --------- d-----w c:\program files\HP 2008-12-07 12:59 --------- d-----w c:\progra~2\HPSSUPPLY 2008-12-07 12:58 --------- d-----w c:\program files\Common Files\HP 2008-12-07 12:49 --------- d-----w c:\program files\Hewlett-Packard 2008-12-07 12:49 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2008-12-07 12:41 --------- d-----w c:\progra~2\Hewlett-Packard 2008-11-23 15:41 --------- d-----w c:\progra~2\LightScribe 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe 2008-10-28 12:26 520,192 ----a-w c:\windows\System32\Asus_Camera_ScreenSaver.scr 2008-10-28 12:26 47,672 ----a-w c:\windows\AsScrProlog.exe 2008-10-28 12:26 4,814,371 ----a-w c:\windows\ASUS Camera ScreenSaver.exe 2008-10-28 12:26 33,136 ----a-w c:\windows\ASScrPro.exe 2008-10-28 12:26 281,144 ----a-w c:\windows\ASUS Camera ScreenSaver Uninstaller.exe 2008-10-28 11:58 319,488 ----a-w c:\windows\HideWin.exe 2008-10-28 11:58 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-07-02 02:28 61,440 ----a-w c:\program files\Common Files\CPInstallAction.dll 2008-05-22 16:35 51,962 ----a-w c:\program files\Common Files\banner.jpg 2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini 2007-06-12 17:34 35,822 ----a-w c:\program files\Common Files\ASPG_icon.ico 2008-06-30 12:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 01:08 143360 --a------ c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-20 1833296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-12-23 251264] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936] "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13543968] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 92704] "HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-12 98304] "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-06-25 159744] "ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2008-10-28 47672] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-10-28 33136] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-22 136600] "RtHDVCpl"="RtHDVCpl.exe" [2008-08-13 c:\windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-07-30 752168] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "TaskbarNoNotification"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-21 03:23 1008184 c:\program files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1362013965-2266447467-1447862643-1000] "EnableNotificationsRef"=dword:00000003 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{7AEDF9B3-E371-4848-9424-1DBAADF7B25E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{52D22DB9-EE1A-43BA-9C6A-BA1C4109C02A}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{8DD95815-3509-462D-A096-DE2FFC35CD2B}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{9329ADC0-1AA6-4D99-8C73-278129F1DF28}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{7FA554D6-30BF-4383-AD06-88C2206FBC1F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{F6E9F42B-C60C-4015-9BE0-553DA75486F4}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{0A67B095-E1A9-4F7A-8693-3BF1AC04FBA8}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5 "{6A31382B-F480-4915-BEA1-B70A6D47D843}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{223BE1EA-D3ED-4F0F-94E5-F68BBE71F48C}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{67F7F7A4-4358-44A8-985F-5B64F524AE6D}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{3CFBCECF-C1FD-4A4F-87A3-BA752FE16D8B}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{95947169-4A23-48DD-863B-E56CE6A7EC91}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{C6107F03-41D1-446A-84EE-E2761B21DF97}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{4DBEE067-DFCC-41CF-AF38-834D0B610337}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{3F7A189A-7A06-464C-92FD-EF3492652BC9}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{E3B70457-3D95-493A-9347-70F3D848B2FF}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty® - World at War "{1563F715-8D90-48D7-A0E3-B2C8BE38F580}"= UDP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{A4EBFFA3-6776-4075-8430-BB7D59F88013}"= TCP:d:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty® - World at War "{16FE7694-1FF3-42F2-880A-0254D9C41DBF}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{EC017D28-ADEF-41E4-9AAD-E0253019B165}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{61763B32-9EC1-46A5-969D-909CFFA57200}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{020610D8-941B-41FF-A393-D7B113D22599}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{C7302ACA-AD7B-427D-914F-3DACBC041E25}"= UDP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{64AA35AD-A9DA-4D43-B0B1-AA0D53CC6D04}"= TCP:d:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editeur "{9CCB2407-CA2B-4556-A4D7-82C427A7E2A4}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{B09743A1-CEC1-43B6-BFF5-CCF77ABB1869}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{860E22C8-3B33-40A2-B6DF-4A1B1DF7EDF5}"= UDP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{99AD85E2-8F95-4090-A234-B390ABB96B81}"= TCP:d:\program files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:Pro Evolution Soccer 2009 "{DF4E528B-62FD-4154-90BC-065C6A5747EB}"= UDP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{00330ED1-9763-4113-9CFC-C601300A9359}"= TCP:c:\program files\IncrediMail\bin\ImpCnt.exe:IncrediMail "{AD583DB9-1D97-4C8F-8638-D5E241FEBCA7}"= UDP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{9E91C262-1A3F-4297-9A4B-0F8FEDCADC34}"= TCP:c:\program files\IncrediMail\bin\IncMail.exe:IncrediMail "{163F37FF-C78E-41E3-BAEB-D6E010C4E6E4}"= UDP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail "{60D8F474-CE77-4868-942D-49842B34DF5F}"= TCP:c:\program files\IncrediMail\bin\ImApp.exe:IncrediMail [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [2008-10-28 15416] R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-22 110160] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-10-28 29736] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\System32\drivers\SiSGB6.sys [2007-11-16 48128] R4 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-22 20560] R4 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-22 51792] --- Autres Services/Pilotes en mémoire --- *Deregistered* - sptd [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL g:\resycled\boot.com f: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15bba829-e476-11dd-9e5b-002354685cdd}] \shell\AutoRun\command - K:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c42add3-b31e-11dd-ad7b-002243c29751}] \shell\AutoRun\command - F:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beb13e42-cf3d-11dd-bf46-002354685cdd}] \shell\AutoRun\command - e.cmd \shell\explore\Command - e.cmd \shell\open\Command - e.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0a-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - H:\BayoAutorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9e94b0b-b321-11dd-abcd-002243c29751}] \shell\AutoRun\command - I:\BayoAutorun.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contenu du dossier 'Tâches planifiées' 2009-01-19 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Stef.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [] 2009-01-22 c:\windows\Tasks\User_Feed_Synchronization-{2337A26F-C33D-4352-A344-0891F718C7AE}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 03:24] . - - - - ORPHELINS SUPPRIMES - - - - BHO-{017050A9-0A12-47CD-959C-439A141D3287} - c:\windows\system32\yAtrpPJA.dll BHO-{1FA2C94B-231B-4A39-A1F7-5ED82BC15974} - (no file) BHO-{2D0E03CE-8D52-4D5D-9348-59AE9645F031} - (no file) BHO-{630F2211-8192-42F0-BC63-940405FF1A9E} - (no file) BHO-{9041B5BB-2116-4623-AFC2-E09B4789DC5B} - c:\windows\system32\qoMghgFW.dll BHO-{AFD74E51-A03B-4778-A059-3B48C5A083E6} - (no file) BHO-{B9D96D8A-EA7A-4EA7-8665-1CCABFB2A919} - (no file) BHO-{D9185135-67C7-4BCC-9831-D7E60A726419} - (no file) BHO-{DBED8583-F5B1-4018-BC6B-3328C67FA815} - (no file) BHO-{DF5B7A23-E6FD-4CD2-84AD-80E9F221ADB5} - (no file) HKCU-Run-50bd75b2 - c:\windows\system32\dfroxspi.dll HKLM-Run-Windl - c:\windows\Windl\mirc.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {EFF219C1-EFC0-44E1-A371-9E3D6EFDC908} = 192.168.1.1 Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\Skyline\TerraExplorer\TerraExplorerX.dll FF - ProfilePath - c:\users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\r8j8eiz3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar&search= FF - plugin: c:\program files\Picasa2\npPicasa2.dll ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-23 07:17:19 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... C:\ADSM_PData_0150 Scan terminé avec succès Fichiers cachés: 1 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(1864) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\windows\system32\btmmhook.dll c:\program files\IncrediMail\bin\B4ImApp.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\nvvsvc.exe c:\windows\System32\audiodg.exe c:\windows\System32\rundll32.exe c:\program files\ASUS\SmartLogon\smartlogon.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\AsLdrSrv.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\ASUS\SmartLogon\sensorsrv.exe c:\program files\ATK Hotkey\HControl.exe c:\program files\ATK Hotkey\MsgTranAgt.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\ASUS\ASUS CopyProtect\ASPG.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\System32\PnkBstrA.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\servicing\TrustedInstaller.exe c:\windows\System32\conime.exe c:\windows\System32\rundll32.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\windows\ehome\ehmsas.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\IncrediMail\bin\ImApp.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\System32\dllhost.exe . ************************************************************************** . Heure de fin: 2009-01-23 7:22:30 - La machine a redémarré ComboFix-quarantined-files.txt 2009-01-23 06:22:24 Avant-CF: 1 969 508 352 octets libres Après-CF: 1,665,138,688 octets libres 467 --- E O F --- 2009-01-22 18:58:57
  9. angeofvillerest23
    je l'avais fait avec firefox donc je vais réessayer et je vous poste tout demain soir...je vais laisser tourner cette nuit! Merci pour votre aide car je désespère...
  10. angeofvillerest23
    je n'ai pas pu executer combofix...j'ai posté le rapport Findykill comme demandé...
  11. angeofvillerest23
    non ça m'a pas aidé...
  12. angeofvillerest23
    Bonjour, Suite à une infection sur mon disque, j'ai procéder à des éradications mais cela m'a amené un problème... J'ai un message "échec de l'initialisation de l'application: 0x800106ba. Un problème a provoqué l'arrêt du service de ce programme. Pour démarrer le service, redémarrer votre ordinateur ou recherchez dans le Centre d'aide et de support la méthode de démarrage manuel d'un service." Que dois je faire?
  13. angeofvillerest23
    personne ne peut m'aider?
  14. angeofvillerest23
    Voilà le rapport... de plus j'ai pu installer antivir et il est en train de scanner... ###################### [ FindyKill V4.714 ] # User : Stef - PC-DE-STEF # Executed from : C:\Program Files\FindyKill # Update on 19/01/09 by Chiquitine29 # Start at 22:33:57 the 20/01/2009 # Windows Vista - Internet Explorer 7.0.6001.18000 # [ FindyKill V4.714 - Deleting ] ############### \\\\\\\\\\\\\\\\\\ [ Active Processes ] /////////////////// C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\LogonUI.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe C:\Windows\System32\lpksetup.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Windows\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\runonce.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe \\\\\\\\\\\\\\\\\\ [ Infected Files / Folders ] /////////////////// ################## [ C:\ ] Deleted ! - "C:\Muestras" Deleted ! - C:\InfoSat.txt ################## [ C:\Windows ] ################## [ C:\Windows\Prefetch ] ################## [ C:\Windows\system32 ] Deleted ! - C:\Windows\system32\a.bat Deleted ! - C:\Windows\system32\mdelk.exe Deleted ! - C:\Windows\system32\wintems.exe Deleted ! - C:\Windows\system32\winupgro.exe ################## [ C:\Windows\system32\drivers ] ################## [ C:\Users\Stef\AppData\Roaming ] Deleted ! - "C:\Users\Stef\AppData\Roaming\m\flec006.exe" Deleted ! - "C:\Users\Stef\AppData\Roaming\m\shared" Deleted ! - "C:\Users\Stef\AppData\Roaming\m" Deleted ! - "C:\Users\Stef\AppData\Roaming\drivers\wfsintwq.sys" Deleted ! - "C:\Users\Stef\AppData\Roaming\drivers\winupgro.exe" Deleted ! - "C:\Users\Stef\AppData\Roaming\drivers\downld" Deleted ! - "C:\Users\Stef\AppData\Roaming\drivers" ################## [ C:\Users\Stef\AppData\Local\Temp ] ################## [ C:\Users\Stef\Local Settings\Temporary Internet Files\Content.IE5 ] \\\\\\\\\\\\\\\\\\ [ Registry / Infected keys ] /////////////////// Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S Deleted ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S Deleted ! - HKEY_CURRENT_USER\Software\FirtR Deleted ! - HKEY_CURRENT_USER\Software\MuleAppData Deleted ! - HKEY_USERS\S-1-5-21-1362013965-2266447467-1447862643-1000\Software\Local AppWizard-Generated Applications\winupgro Deleted ! - HKEY_USERS\S-1-5-21-1362013965-2266447467-1447862643-1000\Software\MuleAppData Deleted ! - HKEY_USERS\S-1-5-21-1362013965-2266447467-1447862643-1000\Software\Ubisoft \\\\\\\\\\\\\\\\\\ [ States / Restarting of services ] /////////////////// # Services : [ Auto=2 / Request=3 / Disable=4 ] Ndisuio - # Type of startup = 3 EapHost - # Type of startup = 2 Wlansvc - # Type of startup = 2 SharedAccess - # Type of startup = 2 wuauserv - # Type of startup = 2 wscsvc - # Type of startup = 2 WinDefend - # Type of startup = 2 -> UAC is Enable \\\\\\\\\\\\\\\\\\ [ Cleaning Removable drives ] /////////////////// # Informations : C: - Lecteur fixe D: - Lecteur fixe # deleting files : Deleted ! - C:\autorun.inf Deleted ! - D:\autorun.inf \\\\\\\\\\\\\\\\\\ [ Registry / Mountpoint2 ] /////////////////// Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\open\Command Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\open\Command Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef387cc-b2fe-11dd-aa60-002354685cdd}\Shell\AutoRun\command Deleted ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef387cc-b2fe-11dd-aa60-002354685cdd}\Shell\open\Command \\\\\\\\\\\\\\\\\\ [ Searching Other Infections ] /////////////////// Références de comparaison Bagle MD5 : 2144df1c C:\Users\Stef\AppData\Roaming\drivers\winupgro.exe 895c7dd60d43bc828d2355a956d9db27 C:\Users\Stef\AppData\Roaming\drivers\winupgro.exe Suspect ! - 895c7dd60d43bc828d2355a956d9db27 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden \\\\\\\\\\\\\\\\\\ [ Searching Cracks / Keygen ] /////////////////// C:\Users\Stef\Documents\Mes Jeux\Brothers In Arms Hell's Highway Crack NoCD - Activation Multilanguage - certified -.zip C:\Users\Stef\Documents\Mes Jeux\Brothers in arms Hell's Highway crack [NoCD] - Multilanguage -.zip C:\Users\Stef\Documents\Mes Jeux\pc game-Fallout 3 CrackFix JUST RELOADED!.rar C:\Users\Stef\Documents\Mes Jeux\COD World at war\Call.Of.Duty.World.At.War-RELOADED NoCD.Crack.Patch.KEYGEN by d33VV C:\Users\Stef\Documents\Mes Jeux\Far Cry 2\FAR CRY 2 (pc) FR-ENG-GER-SPA-ITA- crack simplifi‚ - by TEKNOMADE.iso C:\Users\Stef\Documents\Mes Jeux\NBA 2007\Crack NO CD C:\Users\Stef\Documents\Mes Jeux\NBA 2007\Keygen C:\Users\Stef\Documents\Mes Jeux\NBA 2007\Crack NO CD\nbalive07.exe C:\Users\Stef\Documents\Mes Jeux\NBA 2007\Keygen\rld-nba7.exe C:\Users\Stef\Documents\Mes Jeux\PES 2009\Pes 2009 Pro Evolution Soccer 2009 Dvd Completo Viene Con Crack Y Serial Descomprimir E Instalar Funciona Perfecto.rar C:\Users\Stef\Documents\Mes Jeux\PES 2009\pes2009\Crack C:\Users\Stef\Documents\Mes Jeux\PES 2009\pes2009\Crack\pes2009.exe C:\Users\Stef\Documents\Mes Logiciels\CartoExplorer 3\Carto Exploreur 3.02 Crack‚.iso C:\Users\Stef\Documents\Mes Logiciels\Magellan map send\Mapsend Direct Route Europe\crack C:\Users\Stef\Documents\Mes Logiciels\Magellan map send\Mapsend Direct Route Europe\crack\Magellan - Mapsend DirectRoute Europe - v2.00c - no CD patch.txt C:\Users\Stef\Documents\Mes Logiciels\Magellan map send\Mapsend Direct Route Europe\crack\MapSend.exe C:\Users\Stef\Downloads\crack_3555.exe C:\Users\Stef\Music\Uncommonmenfrommars - Noise pollution\10 Firecracker.mp3 C:\ProgramData\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw ################## [ ! End of report # FindyKill V4.714 ! ]
  15. angeofvillerest23
    Voilà j'ai voulu faire un scan car je viens d'installer avast...et là j'ai un message d'erreur comme quoi avast n'est pas une application win 32 valide...je soupçonne un virus donc j'ai fais une recherche avec findy kill et j'ai eu ce rapport: Que dois je faire d'autre pour fixer les bonnes choses? Merci! ###################### [ FindyKill V4.714 ] # User : Stef - PC-DE-STEF # Emplacement : C:\Program Files\FindyKill # Outils Mis a jours le 19/01/09 par Chiquitine29 # Recherche effectuée à 21:07:04 le 20/01/2009 # Windows Vista - Internet Explorer 7.0.6001.18000 # [ FindyKill V4.714 - Scan ] ############## \\\\\\\\\\\\\\\\\\\\ [ Processus actifs ] /////////////////// C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Program Files\ASUS\SmartLogon\sensorsrv.exe C:\Program Files\ATK Hotkey\Hcontrol.exe C:\Program Files\ATK Hotkey\MsgTranAgt.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Program Files\ATK Hotkey\WDC.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe C:\Program Files\ATK Hotkey\HControlUser.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Windows\System32\svchost.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\PnkBstrA.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ChkMail\ChkMail\ChkMail.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Windows\ASScrPro.exe C:\Windows\system32\svchost.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Windows\system32\svchost.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehtray.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\IncrediMail\bin\ImLpp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\conime.exe C:\Windows\system32\rundll32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\Stef\Downloads\ELIBAGLA.BBØABØØI.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe \\\\\\\\\\\\\\\\\\ [ Fichiers/Dossiers infectieux ] /////////////////// ################## [ C:\ ] Found ! [20/01/2009 20:18] - "C:\Muestras" Found ! [20/01/2009 20:56] - C:\InfoSat.txt ################## [ C:\Windows ] ################## [ C:\Windows\Prefetch ] ################## [ C:\Windows\system32 ] Found ! [20/01/2009 19:51] - C:\Windows\system32\a.bat Found ! [20/01/2009 20:00] - C:\Windows\system32\mdelk.exe Found ! [20/01/2009 20:00] - C:\Windows\system32\wintems.exe Found ! [20/01/2009 19:50] - C:\Windows\system32\winupgro.exe ################## [ C:\Windows\system32\drivers ] ################## [ C:\Users\Stef\AppData\Roaming ] Found ! [20/01/2009 19:58] - "C:\Users\Stef\AppData\Roaming\m\flec006.exe" Found ! [20/01/2009 20:09] - "C:\Users\Stef\AppData\Roaming\m\shared" Found ! [20/01/2009 20:18] - "C:\Users\Stef\AppData\Roaming\m" Found ! [20/01/2009 20:18] - "C:\Users\Stef\AppData\Roaming\drivers" Found ! [20/01/2009 19:56] - "C:\Users\Stef\AppData\Roaming\drivers\wfsintwq.sys" Found ! [02/09/2005 09:03] - "C:\Users\Stef\AppData\Roaming\drivers\winupgro.exe" Found ! [20/01/2009 20:18] - "C:\Users\Stef\AppData\Roaming\drivers\downld" ################## [ C:\Users\Stef\AppData\Local\Temp ] \\\\\\\\\\\\\\\\\\ [ Registre / Startup ] /////////////////// [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run] Sidebar=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun LightScribe Control Panel=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe DAEMON Tools Lite="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun ehTray.exe=C:\Windows\ehome\ehTray.exe IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c WMPNSCFG=C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run] Windows Defender=%ProgramFiles%\Windows Defender\MSASCui.exe -hide CLMLServer="C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" P2Go_Menu="C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" NvCplDaemon=RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup NvMediaCenter=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit HControlUser="C:\Program Files\ATK Hotkey\HcontrolUser.exe" ATKOSD2="C:\Program Files\ATKOSD2\ATKOSD2.exe" RtHDVCpl=RtHDVCpl.exe SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ChkMail=C:\Program Files\ChkMail\ChkMail\ChkMail.exe ATKMEDIA=C:\Program Files\ASUS\ATK Media\DMedia.exe ASUS Camera ScreenSaver=C:\Windows\AsScrProlog.exe ASUS Screen Saver Protector=C:\Windows\ASScrPro.exe NeroFilterCheck=C:\Windows\system32\NeroCheck.exe Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" HP Software Update=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe MSServer=rundll32.exe C:\Windows\system32\wvUkIbaY.dll,#1 Windl=C:\WINDOWS\Windl\mirc.exe avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 50bd75b2=rundll32.exe "C:\Windows\system32\iqeuwfwh.dll",b HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents= <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL= Installed=1 <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI= NoChange=1 Installed=1 <NO NAME>= HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS= Installed=1 <NO NAME>= [HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp] [HKEY_CURRENT_USER\software\local appwizard-generated applications\hprbui] [HKEY_CURRENT_USER\software\local appwizard-generated applications\key_gen] [HKEY_CURRENT_USER\software\local appwizard-generated applications\winupgro] \\\\\\\\\\\\\\\\\\ [ Registre / Clés infectieuses ] /////////////////// Found ! - HKEY_USERS\S-1-5-21-1362013965-2266447467-1447862643-1000\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_USERS\S-1-5-21-1362013965-2266447467-1447862643-1000\Software\FirtR Found ! - HKEY_USERS\S-1-5-21-1362013965-2266447467-1447862643-1000\Software\MuleAppData Found ! - HKEY_USERS\S-1-5-21-1362013965-2266447467-1447862643-1000\Software\Ubisoft Found ! - HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications\winupgro Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srosa Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S Found ! - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sK9Ou0s Found ! - HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sK9Ou0s Found ! - HKEY_CURRENT_USER\Software\FirtR Found ! - HKEY_CURRENT_USER\Software\MuleAppData Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | drvsyskit Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | german.exe Found ! - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] | mule_st_key /!\ Infection active : HKLM\SYSTEM\...\Services\srosa -> Start = 0x1 /!\ Infection active : HKLM\SYSTEM\...\Services\sK9Ou0s -> Start = 0x1 \\\\\\\\\\\\\\\\\\ [ Etat / Services ] /////////////////// # Services : [ Auto=2 / Demande=3 / Désactivé=4 ] /!\ Ndisuio - # Type de démarrage = 4 EapHost - # Type de démarrage = 3 Wlansvc - # Type de démarrage = 2 SharedAccess - # Type de démarrage = 2 wuauserv - # Type de démarrage = 2 /!\ wscsvc - # Type de démarrage = 4 /!\ WinDefend - # Type de démarrage = 4 \\\\\\\\\\\\\\\\\\ [ Recherche dans supports amovibles] /////////////////// # Informations : C: - Lecteur fixe D: - Lecteur fixe # Contenu de l'autorun : C:\autorun.inf [autorun] ;bkbpktjryswrmuszhzvrasjisdjpuw shellexecute="resycled\ntldr.com c:" ;ezbmulgzkdmnxuowjwygjtqgzzuoqdogompnliremznhykmgyefpbntrdjlnjzljbsjsk shell\Open\command="resycled\ntldr.com c:" ;pbjhayqvttcdvhmyebmjvhszwyhdkqqngmnvfuujudairqjpikigtfsr # Contenu de l'autorun : D:\autorun.inf [autorun] ;tmilobuehbnvsmqdnnfoownxlqtffvqujswyaccraufflsicedospefmouzwlsndhknzwdnrntkzwwu xknabifqkufthgdlre shellexecute="resycled\ntldr.com d:" ;dligwxzsdmumpvddequfynmdueysxbukdakbifmxxhyroxuvknnrtdsvpgcknzduzhdzx shell\Open\command="resycled\ntldr # presence des fichiers : Found ! [18/01/2009 13:12][-r-hs----] - C:\autorun.inf Found ! [18/01/2009 13:12][-r-hs----] - D:\autorun.inf \\\\\\\\\\\\\\\\\\ [ Registre / Mountpoint2 ] /////////////////// Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\open\Command Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\open\Command Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef387cc-b2fe-11dd-aa60-002354685cdd}\Shell\AutoRun\command Found ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ef387cc-b2fe-11dd-aa60-002354685cdd}\Shell\open\Command ################## [ ! Fin du rapport # FindyKill V4.714 ! ]
  16. angeofvillerest23
    j'ai utiliser dans incredimail backup pro le volet "backup account" et j'ai obtenu un fichier rar. Il y a dedans le fameux "message store" et il y a un fichier inbox.imm qui semble contenir mes mails mais comment l'utiliser pour transférer mes mails dans outlook 2007? Est ce que cette démarche peut me servir à les récupérer ou cela à servit à rien?
  17. angeofvillerest23
    ben ça marche pas, il dit qu'il peut en extraire seulement 50 mails! pour tous les transférer il faut la licence! à part si quelqu'un à trouver un truc?
  18. angeofvillerest23
    j'ai réussi à envoyer mes mails après changement d'antivirus, norton me le bloquait! par contre y'a des mails qui sont considérés comme indésirables...c'est vraiment la merde je pense que je vais prendre outlook 2007 mais faut que je récupère tous mes mails et je n'arrive pas à tous les récupérer. pour l'instant, j'en ai récupérer que 50 avec la version d'évaluation de incredimail backup pro. Faudrait que j'achète la licence mais pas trop le goût...comment puis je faire? y'a un autre moyen?
  19. angeofvillerest23
    je n'arrive pas à utiliser abc amber incredimail converter...où puis je trouver une démarche en français? j'ai essayé avec la version d'essai de incredimail backup pro mais je n'ai pu en transférer que 50! y'a pas moyen de transférer mes mails restants?
  20. angeofvillerest23
    merci mais le problème c'est que le lien tombe pas au bon endroit...si tu y arrives je suis preneur!
  21. angeofvillerest23
    j'aurai bien pris outlook mais mes mails ont été transférés sur incredimail et impossible de les récupérer pour les mettre dans outlook...donc dites moi comment faire pour mes messages sortants svp
  22. angeofvillerest23
    Bonjour, Je n'arrive pas à envoyer des mails avec incredimail mais je les reçois bien...j'obtiens un message d'erreur: Que dois je faire?
  23. angeofvillerest23
    Je voudrais savoir comment faire pour transferer mes anciens mails de mon logiciel incredimail vers outlook 2007? Merci de votre aide
  24. angeofvillerest23
    Bonjour, Depuis que je suis sur Vista avec mon nouveau PC, j'ai des soucis avec internet explorer qui est très lent et qui bloque le chargement des fenêtres...et de temps en temps ça plante et windows cherche des solutions. A partir de ce moment je ne peux plus naviguer sur internet alors que mon système fonctionne bien. De quoi cela peut il venir? J'ai désinstallé la barre d'outils google. PS: internet fonctionne très bien avec mon autre pc portable en wi fi sous XP pro Merci de votre aide
  25. angeofvillerest23
    Bonjour, Quand j'ouvre une fenetre internet, que j'utilise google en barre d'outils, j'ai une fenêtre moxiesearch.com qui s'ouvre. Comment puis je enlever ça? Merci PS: windows vista premium edition familiale, asus X71 SL, Dual core T5800,
×
×
  • Créer...