Aller au contenu

PatOtj

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    45

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par PatOtj

  1. PatOtj
    Ok merci beaucoup, je vais regarder et appliquer tous ces conseils à mon aise
  2. PatOtj
    [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\_OTM: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\Babel\Bureau\Gmer.exe: trouvé ! C:\Documents and Settings\Babel\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\Babel\Bureau\Rsit.exe: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\Babel\Bureau\Gmer.exe: supprimé ! C:\Documents and Settings\Babel\Bureau\OTM.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\Documents and Settings\Babel\Bureau\Rsit.exe: supprimé ! C:\_OTM: supprimé ! C:\Rsit: supprimé ! Voilà
  3. PatOtj
    Pour Antivir, la mise à jour a été faite ... et pas par moi ! je suppose donc qu'elle s'est faite automatiquement en mon absence voici le rapport OTM : All processes killed ========== FILES ========== File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Babel ->Temp folder emptied: 82436318 bytes ->Temporary Internet Files folder emptied: 20606028 bytes ->Java cache emptied: 25749465 bytes ->FireFox cache emptied: 73161607 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes %systemdrive% .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be deleted on reboot. %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 9280656 bytes Total Files Cleaned = 201,48 mb OTM by OldTimer - Version 3.0.0.6 log created on 10032009_083704 Files moved on Reboot... File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. Registry entries deleted on Reboot...
  4. PatOtj
    Bon j'acvais oublié de désactiver antivir et ce dernier a réagit à +/- 30% du scan Kapersky => j'ai mis en quarantaine le(s) fichier(s) détecté(s) puis j'ai désactivé Antivir Guard Voici le résultat final de Kapersky : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, October 2, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, October 01, 2009 21:18:37 Records in database: 2929988 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ K:\ Scan statistics: Objects scanned: 203924 Threats found: 5 Infected objects found: 8 Suspicious objects found: 0 Scan duration: 12:43:42 File name / Threat / Threats count C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP442\A0077018.dll Infected: Trojan.Win32.Scar.xmh 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP449\A0079941.dll Infected: Trojan.Win32.Monder.bzea 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP449\A0079945.dll Infected: Trojan.Win32.Monder.bzea 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP449\A0079949.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.balk 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP450\A0081113.exe Infected: P2P-Worm.Win32.Palevo.jaz 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP451\A0081156.exe Infected: Packed.Win32.Black.a 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP451\A0081157.dll Infected: Trojan.Win32.Scar.xmh 1 C:\System Volume Information\_restore{890D0020-EAA1-4E8B-AFB4-FB6092C8CE50}\RP451\A0081158.dll Infected: Trojan.Win32.Scar.xmh 1 Selected area has been scanned.
  5. PatOtj
    Pour le point 1, j'aurais besoin de précisons car si je fais Démarrer, Exécuter Cmd et que je copie/colle le contenu de la citation j'ai un message Pour le point 2, je ne parviens pas à installer l'active X sur IE mais ça fonctionne sous Firefox ==> j'attends donc le complément d'info sur le point 1 avant de lancer le 2 sous firefox
  6. PatOtj
    Le Centre de sécurité Windows n'affiche plus d'alerte mais je ne sais pas encore si Antivir va effectuer une mise à jour automatique Pour VirusTotal, il y a un stud ! Je n'arrive pas à uploader le fichier je le vois bien à l'endroit indiqué (en grisé) mais j'obtiens ce message une fois l'upload lancé : et si je passe par la version email il m'indique que le fichier à attacher ne s'attache pas !
  7. PatOtj
    MP lu et suivi ComboFix 09-09-28.01 - Babel 30/09/2009 18:26.2.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1531 [GMT 2:00] Lancé depuis: c:\documents and settings\Babel\Bureau\bibitte.exe Commutateurs utilisés :: c:\documents and settings\Babel\Bureau\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} * Un nouveau point de restauration a été créé FILE :: "c:\windows\S96DCFBA0.tmp" "c:\windows\system32\drivers\a7812lml.sys" . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\S96DCFBA0.tmp . . . . impossible à supprimer . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-30 )))))))))))))))))))))))))))))))))))) . 2009-09-30 16:23 . 2009-09-30 16:22 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys 2009-09-30 16:23 . 2009-09-30 16:22 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-09-29 21:43 . 2009-09-29 21:43 -------- d-----w- C:\rsit 2009-09-23 21:38 . 2009-09-23 21:38 -------- d-----w- C:\_OTM 2009-09-21 21:38 . 2009-09-21 21:38 -------- d-----w- c:\program files\Garmin 2009-09-19 11:22 . 2009-09-19 11:22 -------- d-----w- c:\program files\CCleaner 2009-09-19 11:07 . 2009-09-19 11:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-12 12:55 . 2009-06-16 16:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-12 12:55 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 12:06 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys 2009-09-12 12:06 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys 2009-09-12 12:06 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\program files\ma-config.com 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-09-10 00:54 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 15:48 . 2009-09-07 15:48 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-09-07 04:43 . 2009-09-07 04:43 -------- d-----w- C:\spoolerlogs 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-09-06 19:03 . 2009-09-06 19:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-06 18:59 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-06 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-06 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-06 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\program files\Avira 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-06 18:42 . 2009-09-06 18:42 -------- d-----w- c:\documents and settings\Babel\Application Data\Malwarebytes 2009-09-06 18:41 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 18:41 . 2009-09-30 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 18:41 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 18:41 . 2009-09-06 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 17:19 . 2009-09-06 17:19 -------- d-sh--w- c:\documents and settings\Babel\IECompatCache 2009-09-06 17:18 . 2009-09-06 17:18 -------- d-sh--w- c:\documents and settings\Babel\PrivacIE . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-30 16:34 . 2009-07-25 13:50 0 ------w- c:\windows\S96DCFBA0.tmp 2009-09-27 08:00 . 2008-12-20 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-27 07:57 . 2002-08-30 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-27 07:57 . 2002-08-30 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-27 07:56 . 2008-04-03 09:09 -------- d-----w- c:\program files\SWAT 4 2009-09-19 20:33 . 2008-05-27 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-19 11:19 . 2008-01-16 22:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-19 11:15 . 2008-05-29 17:36 -------- d-----w- c:\program files\Lavasoft 2009-09-19 11:06 . 2008-05-31 08:59 -------- d-----w- c:\program files\Java 2009-09-19 08:36 . 2008-08-28 10:23 -------- d-----w- c:\program files\TOPCOM 2009-09-13 21:28 . 2008-08-29 09:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Skype 2009-09-12 12:19 . 2004-08-19 14:10 14336 ------w- c:\windows\system32\svchost.exe 2009-09-12 12:18 . 2008-05-29 17:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-12 12:18 . 2008-10-31 17:48 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-10 17:41 . 2009-04-12 16:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-30 06:22 . 2009-08-30 06:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland 2009-08-30 06:21 . 2009-08-30 06:21 -------- d-----w- c:\program files\Softland 2009-08-18 19:13 . 2009-08-18 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2009-08-18 19:13 . 2008-08-22 09:01 -------- d-----w- c:\program files\CDBurnerXP 2009-08-18 19:08 . 2008-01-16 22:05 69632 ----a-w- c:\documents and settings\Babel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll 2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-16 22:57 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-16 22:57 . 2008-10-07 12:33 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-16 22:57 . 2008-10-07 12:33 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-16 22:57 . 2008-10-07 12:33 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-16 22:57 . 2007-09-16 17:07 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-16 22:57 . 2007-09-16 17:07 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\program files\Fichiers communs\SWF Studio 2009-08-12 10:50 . 2009-08-30 06:21 21192 ----a-w- c:\windows\system32\dopdfmn6.dll 2009-08-12 10:50 . 2009-08-30 06:21 18632 ----a-w- c:\windows\system32\dopdfmi6.dll 2009-08-11 17:57 . 2009-03-22 08:07 -------- d-----w- c:\program files\TomTom HOME 2009-08-11 17:52 . 2008-04-20 14:27 -------- d-----w- c:\program files\American Conquest - Fight Back 2009-08-11 17:51 . 2008-04-20 13:59 -------- d-----w- c:\program files\American Conquest 2009-08-11 10:35 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-05 09:00 . 2004-08-19 14:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 21:13 . 2009-08-04 21:13 -------- d-----w- c:\program files\The KMPlayer FR 2009-08-04 21:05 . 2009-08-04 21:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Media Player Classic 2009-08-04 21:05 . 2009-08-04 21:04 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll 2009-07-17 19:03 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 14:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2004-08-19 14:09 915456 ------w- c:\windows\system32\wininet.dll . (((((((((((((((((((((((((((((((((((((((((( SR_Search )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ------- Sigcheck ------- [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-06-11 . 3F89432724DC5D72689E16F3354BCCFC . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys . ((((((((((((((((((((((((((((( SnapShot@2009-09-29_21.31.49 ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-30 16:34 . 2009-09-30 16:34 16384 c:\windows\temp\Perflib_Perfdata_770.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk backup=c:\windows\pss\PrintKey 2000 Fr.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GUILD WARS\\Gw.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8587:TCP"= 8587:TCP:BitComet 8587 TCP "8587:UDP"= 8587:UDP:BitComet 8587 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/04/2009 08:30 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [17/01/2008 00:38 22168] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26/10/2008 17:03 2915944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/09/2009 20:59 108289] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [16/07/2009 12:35 515803] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder Audio Edition\SysInfo.sys --> c:\program files\MediaCoder Audio Edition\SysInfo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [16/07/2009 12:35 10986] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://www.mediapluspro.com/mediaplus66/download/packages/_Installer/packageinstaller.ocx FF - ProfilePath - c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-30 18:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f4,eb,20,be,17,58,fc,a9,f6,4a,94,0c,6c,ed,f0,10,81,68,65,64,6f,c0,38, 65,e0,64,4b,8b,7b,d4,1a,f1,0d,ac,a9,df,3a,52,32,a4,ae,b0,2f,c5,01,29,b3,44,\ "??"=hex:81,d7,06,db,64,1d,a3,ec,b3,e8,5a,c2,80,d2,e7,76 [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:97,e8,20,42,c5,72,df,d8,5b,4f,89,98,18,e2,df,32,69,8d,09,77,9a, fd,b9,91,d7,1e,c8,19,fb,9f,d9,c2,1c,7e,ee,ac,cc,6f,be,e8,9c,53,e8,85,dd,96,\ "rkeysecu"=hex:10,ba,3d,de,73,7c,79,e7,59,00,84,3a,45,d0,97,bb [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2872) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe . ************************************************************************** . Heure de fin: 2009-09-30 18:40 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-30 16:40 ComboFix2.txt 2009-09-29 21:36 Avant-CF: 62 483 300 352 octets libres Après-CF: 62 471 671 808 octets libres Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 267 --- E O F --- 2009-09-10 05:35 et la suite : Logfile of random's system information tool 1.06 (written by random/random) Run by Babel at 2009-09-30 19:14:35 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 60 GB (38%) free of 156 GB Total RAM: 2046 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:35, on 30/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Babel\Bureau\RSIT.exe D:\Download\HiJackThis\Babel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6074 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon] C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter] C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl] C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "HonorAutoRunSetting"=1 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3" "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-30 18:40:30 ----A---- C:\ComboFix.txt 2009-09-30 18:33:12 ----D---- C:\WINDOWS\temp 2009-09-29 23:43:38 ----D---- C:\rsit 2009-09-29 23:23:23 ----A---- C:\Boot.bak 2009-09-29 23:23:15 ----RASHD---- C:\cmdcons 2009-09-29 23:22:28 ----A---- C:\WINDOWS\zip.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWSC.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWREG.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\sed.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\PEV.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\grep.exe 2009-09-29 23:22:23 ----D---- C:\WINDOWS\ERDNT 2009-09-29 23:21:49 ----D---- C:\Qoobox 2009-09-25 18:35:43 ----RAD---- C:\autorun.inf 2009-09-23 23:38:29 ----D---- C:\_OTM 2009-09-23 00:21:41 ----A---- C:\TCleaner.txt 2009-09-21 23:38:26 ----D---- C:\Program Files\Garmin 2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll 2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation 2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll 2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com 2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-07 06:43:17 ----D---- C:\spoolerlogs 2009-09-06 20:59:54 ----D---- C:\Program Files\Avira 2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes 2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes ======List of files/folders modified in the last 1 months====== 2009-09-30 19:14:04 ----D---- C:\WINDOWS\Prefetch 2009-09-30 19:12:40 ----D---- C:\Program Files\Mozilla Firefox 2009-09-30 18:40:32 ----D---- C:\WINDOWS\system32\drivers 2009-09-30 18:40:32 ----D---- C:\WINDOWS\system32 2009-09-30 18:35:31 ----D---- C:\WINDOWS 2009-09-30 18:35:30 ----A---- C:\WINDOWS\system.ini 2009-09-30 18:35:22 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-30 18:34:55 ----N---- C:\WINDOWS\S96DCFBA0.tmp 2009-09-30 18:29:59 ----D---- C:\WINDOWS\AppPatch 2009-09-30 18:29:54 ----D---- C:\Program Files\Fichiers communs 2009-09-30 18:25:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-30 18:23:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-29 23:35:28 ----SD---- C:\WINDOWS\Tasks 2009-09-29 23:29:15 ----D---- C:\WINDOWS\system32\config 2009-09-29 23:23:23 ----RASH---- C:\boot.ini 2009-09-27 15:31:41 ----HD---- C:\WINDOWS\inf 2009-09-27 15:02:00 ----SHD---- C:\WINDOWS\Installer 2009-09-27 15:01:57 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-27 15:01:30 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-27 10:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-09-27 10:00:39 ----RSD---- C:\WINDOWS\assembly 2009-09-27 09:58:01 ----RD---- C:\Program Files 2009-09-27 09:57:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-27 09:57:27 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-27 09:56:17 ----D---- C:\Program Files\SWAT 4 2009-09-27 09:48:05 ----A---- C:\WINDOWS\win.ini 2009-09-27 09:48:04 ----D---- C:\WINDOWS\pss 2009-09-26 12:46:08 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-21 23:38:32 ----D---- C:\Garmin 2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 13:16:07 ----D---- C:\Warhammer Online - Age of Reckoning 2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft 2009-09-19 13:06:59 ----D---- C:\Program Files\Java 2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM 2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair 2009-09-18 15:34:43 ----D---- C:\WINDOWS\Minidump 2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype 2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-12 14:19:17 ----N---- C:\WINDOWS\system32\svchost.exe 2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help 2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies 2009-09-12 14:16:38 ----D---- C:\NVIDIA 2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight 2009-09-10 07:33:47 ----A---- C:\WINDOWS\imsins.BAK 2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS 2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 catchme;catchme; \??\C:\DOCUME~1\Babel\LOCALS~1\Temp\catchme.sys [] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803] S3 a48nlf64;a48nlf64; C:\WINDOWS\system32\drivers\a48nlf64.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  8. PatOtj
    ComboFix 09-09-28.01 - Babel 29/09/2009 23:26.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1537 [GMT 2:00] Lancé depuis: c:\documents and settings\Babel\Bureau\bibitte.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Babel\Application Data\Microsoft\Clip Organizer\mstore10.mgc c:\documents and settings\Babel\Application Data\Microsoft\Clip Organizer\Offic10.MGC c:\windows\system32\drivers\4e5fab3d.sys . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_4e5fab3d ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-28 au 2009-09-29 )))))))))))))))))))))))))))))))))))) . 2009-09-23 21:38 . 2009-09-23 21:38 -------- d-----w- C:\_OTM 2009-09-21 21:38 . 2009-09-21 21:38 -------- d-----w- c:\program files\Garmin 2009-09-19 11:22 . 2009-09-19 11:22 -------- d-----w- c:\program files\CCleaner 2009-09-19 11:07 . 2009-09-19 11:07 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-12 12:55 . 2009-06-16 16:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys 2009-09-12 12:55 . 2006-10-27 14:26 69632 ----a-w- c:\windows\system32\vuins32.dll 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\program files\NVIDIA Corporation 2009-09-12 12:17 . 2009-09-12 12:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 12:06 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys 2009-09-12 12:06 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys 2009-09-12 12:06 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\program files\ma-config.com 2009-09-12 11:57 . 2009-09-27 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-09-10 00:54 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-09-07 15:48 . 2009-09-07 15:48 -------- d-----r- c:\documents and settings\LocalService\Mes documents 2009-09-07 04:43 . 2009-09-07 04:43 -------- d-----w- C:\spoolerlogs 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-----r- c:\documents and settings\LocalService\Favoris 2009-09-06 19:15 . 2009-09-06 19:15 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-09-06 19:03 . 2009-09-06 19:03 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-09-06 18:59 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-09-06 18:59 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-06 18:59 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-06 18:59 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\program files\Avira 2009-09-06 18:59 . 2009-09-06 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-06 18:42 . 2009-09-06 18:42 -------- d-----w- c:\documents and settings\Babel\Application Data\Malwarebytes 2009-09-06 18:41 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-06 18:41 . 2009-09-18 22:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-06 18:41 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 18:41 . 2009-09-06 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-06 17:19 . 2009-09-06 17:19 -------- d-sh--w- c:\documents and settings\Babel\IECompatCache 2009-09-06 17:18 . 2009-09-06 17:18 -------- d-sh--w- c:\documents and settings\Babel\PrivacIE . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-27 08:00 . 2008-12-20 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-27 07:57 . 2002-08-30 12:00 81626 ----a-w- c:\windows\system32\perfc00C.dat 2009-09-27 07:57 . 2002-08-30 12:00 503656 ----a-w- c:\windows\system32\perfh00C.dat 2009-09-27 07:56 . 2008-04-03 09:09 -------- d-----w- c:\program files\SWAT 4 2009-09-19 20:33 . 2008-05-27 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-19 11:19 . 2008-01-16 22:40 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-19 11:15 . 2008-05-29 17:36 -------- d-----w- c:\program files\Lavasoft 2009-09-19 11:06 . 2008-05-31 08:59 -------- d-----w- c:\program files\Java 2009-09-19 08:36 . 2008-08-28 10:23 -------- d-----w- c:\program files\TOPCOM 2009-09-13 21:28 . 2008-08-29 09:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Skype 2009-09-12 12:19 . 2004-08-19 14:10 14336 ----a-w- c:\windows\system32\svchost.exe 2009-09-12 12:18 . 2008-05-29 17:35 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard 2009-09-12 12:18 . 2008-10-31 17:48 -------- d-----w- c:\program files\AGEIA Technologies 2009-09-10 17:41 . 2009-04-12 16:32 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-30 06:22 . 2009-08-30 06:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland 2009-08-30 06:21 . 2009-08-30 06:21 -------- d-----w- c:\program files\Softland 2009-08-18 19:13 . 2009-08-18 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited 2009-08-18 19:13 . 2008-08-22 09:01 -------- d-----w- c:\program files\CDBurnerXP 2009-08-18 19:08 . 2008-01-16 22:05 69632 ----a-w- c:\documents and settings\Babel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-17 01:03 . 2009-08-17 01:03 3674112 ----a-w- c:\windows\system32\nvwssr.dll 2009-08-17 01:02 . 2009-08-17 01:02 229376 ----a-w- c:\windows\system32\nvmccs.dll 2009-08-16 22:57 . 2009-08-16 22:57 2189856 ----a-w- c:\windows\system32\nvcuvid.dll 2009-08-16 22:57 . 2009-08-16 22:57 1706528 ----a-w- c:\windows\system32\nvcuvenc.dll 2009-08-16 22:57 . 2009-08-16 22:57 1597690 ----a-w- c:\windows\system32\nvdata.bin 2009-08-16 22:57 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\nvudisp.exe 2009-08-16 22:57 . 2008-10-07 12:33 868352 ----a-w- c:\windows\system32\nvapi.dll 2009-08-16 22:57 . 2008-10-07 12:33 2002944 ----a-w- c:\windows\system32\nvcuda.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcodins.dll 2009-08-16 22:57 . 2008-10-07 12:33 155648 ----a-w- c:\windows\system32\nvcod.dll 2009-08-16 22:57 . 2008-10-07 12:33 10457088 ----a-w- c:\windows\system32\nvoglnt.dll 2009-08-16 22:57 . 2007-09-16 17:07 7729568 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2009-08-16 22:57 . 2007-09-16 17:07 5845760 ----a-w- c:\windows\system32\nv4_disp.dll 2009-08-14 11:36 . 2009-08-14 11:36 70936 ----a-w- c:\windows\system32\PhysXLoader.dll 2009-08-13 12:35 . 2009-08-13 12:35 -------- d-----w- c:\program files\Fichiers communs\SWF Studio 2009-08-12 10:50 . 2009-08-30 06:21 21192 ----a-w- c:\windows\system32\dopdfmn6.dll 2009-08-12 10:50 . 2009-08-30 06:21 18632 ----a-w- c:\windows\system32\dopdfmi6.dll 2009-08-11 17:57 . 2009-03-22 08:07 -------- d-----w- c:\program files\TomTom HOME 2009-08-11 17:52 . 2008-04-20 14:27 -------- d-----w- c:\program files\American Conquest - Fight Back 2009-08-11 17:51 . 2008-04-20 13:59 -------- d-----w- c:\program files\American Conquest 2009-08-11 10:35 . 2008-10-31 17:47 485920 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-08-05 09:00 . 2004-08-19 14:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 21:13 . 2009-08-04 21:13 -------- d-----w- c:\program files\The KMPlayer FR 2009-08-04 21:05 . 2009-08-04 21:05 -------- d-----w- c:\documents and settings\Babel\Application Data\Media Player Classic 2009-08-04 21:05 . 2009-08-04 21:04 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelTraditionalChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSwedish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSpanish.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelSimplifiedChinese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelPortugese.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelKorean.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelJapanese.dll 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 288024 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe 2009-08-02 22:21 . 2009-08-02 22:21 23320 ----a-w- c:\windows\system32\PhysXDevice.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelGerman.dll 2009-08-02 22:21 . 2009-08-02 22:21 58648 ----a-w- c:\windows\system32\AgCPanelFrench.dll 2009-07-25 13:54 . 2009-07-25 13:50 24 --sh--w- c:\windows\S96DCFBA0.tmp 2009-07-17 19:03 . 2004-08-19 14:09 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 21:43 . 2004-08-19 14:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 16:57 . 2004-08-19 14:09 915456 ----a-w- c:\windows\system32\wininet.dll . ------- Sigcheck ------- [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-06-11 . 3F89432724DC5D72689E16F3354BCCFC . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys c:\windows\system32\drivers\beep.sys ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-19 149280] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248] "BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\OneNote 2007 - Capture d'écran et lancement.lnk backup=c:\windows\pss\OneNote 2007 - Capture d'écran et lancement.lnkStartup [HKLM\~\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] path=c:\documents and settings\Babel\Menu Démarrer\Programmes\Démarrage\PrintKey 2000 Fr.lnk backup=c:\windows\pss\PrintKey 2000 Fr.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"= "c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\GUILD WARS\\Gw.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8587:TCP"= 8587:TCP:BitComet 8587 TCP "8587:UDP"= 8587:UDP:BitComet 8587 UDP R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [13/04/2009 08:30 64160] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [17/01/2008 00:38 22168] R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [26/10/2008 17:03 2915944] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/09/2009 20:59 108289] S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?] S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [16/07/2009 12:35 515803] S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder Audio Edition\SysInfo.sys --> c:\program files\MediaCoder Audio Edition\SysInfo.sys [?] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [23/09/2009 14:50 238960] S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [16/07/2009 12:35 10986] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-09-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Examen supplémentaire ------- . Trusted Zone: com.tw\www.msi DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - hxxp://www.mediapluspro.com/mediaplus66/download/packages/_Installer/packageinstaller.ocx FF - ProfilePath - c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\documents and settings\Babel\Application Data\Mozilla\Firefox\Profiles\w93cwdm9.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyrMus.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - Toolbar-Locked - (no file) AddRemove-BitComet - c:\program files\BitComet\uninst.exe AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-29 23:31 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f4,eb,20,be,17,58,fc,a9,f6,4a,94,0c,6c,ed,f0,10,81,68,65,64,6f,c0,38, 65,e0,64,4b,8b,7b,d4,1a,f1,0d,ac,a9,df,3a,52,32,a4,ae,b0,2f,c5,01,29,b3,44,\ "??"=hex:81,d7,06,db,64,1d,a3,ec,b3,e8,5a,c2,80,d2,e7,76 [HKEY_USERS\S-1-5-21-1220945662-1972579041-682003330-1003\Software\SecuROM\License information*] "datasecu"=hex:97,e8,20,42,c5,72,df,d8,5b,4f,89,98,18,e2,df,32,69,8d,09,77,9a, fd,b9,91,d7,1e,c8,19,fb,9f,d9,c2,1c,7e,ee,ac,cc,6f,be,e8,9c,53,e8,85,dd,96,\ "rkeysecu"=hex:10,ba,3d,de,73,7c,79,e7,59,00,84,3a,45,d0,97,bb [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(924) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CDBurnerXP\NMSAccessU.exe c:\windows\system32\PnkBstrA.exe c:\windows\system32\rundll32.exe c:\program files\Lexmark 1200 Series\lxczbmon.exe c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Heure de fin: 2009-09-29 23:36 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-29 21:35 Avant-CF: 62 513 254 400 octets libres Après-CF: 62 481 145 856 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4 270 --- E O F --- 2009-09-10 05:35 et voici le rapport suivant : Logfile of random's system information tool 1.06 (written by random/random) Run by Babel at 2009-09-29 23:43:38 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 60 GB (38%) free of 156 GB Total RAM: 2046 MB (75% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:43:43, on 29/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\update.exe C:\Documents and Settings\Babel\Bureau\RSIT.exe D:\Download\HiJackThis\Babel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6260 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon] C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter] C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl] C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^onenote 2007 - capture d'écran et lancement.lnk] C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE /tsr [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "HonorAutoRunSetting"=1 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3" "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-09-29 23:43:38 ----D---- C:\rsit 2009-09-29 23:36:01 ----A---- C:\ComboFix.txt 2009-09-29 23:29:01 ----D---- C:\WINDOWS\temp 2009-09-29 23:23:23 ----A---- C:\Boot.bak 2009-09-29 23:23:15 ----RASHD---- C:\cmdcons 2009-09-29 23:22:28 ----A---- C:\WINDOWS\zip.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWSC.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\SWREG.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\sed.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\PEV.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\NIRCMD.exe 2009-09-29 23:22:28 ----A---- C:\WINDOWS\grep.exe 2009-09-29 23:22:23 ----D---- C:\WINDOWS\ERDNT 2009-09-29 23:21:49 ----D---- C:\Qoobox 2009-09-25 18:35:43 ----RAD---- C:\autorun.inf 2009-09-23 23:38:29 ----D---- C:\_OTM 2009-09-23 00:21:41 ----A---- C:\TCleaner.txt 2009-09-21 23:38:26 ----D---- C:\Program Files\Garmin 2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll 2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation 2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll 2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com 2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-07 06:43:17 ----D---- C:\spoolerlogs 2009-09-06 20:59:54 ----D---- C:\Program Files\Avira 2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes 2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll 2009-08-30 08:21:20 ----D---- C:\Program Files\Softland ======List of files/folders modified in the last 1 months====== 2009-09-29 23:41:16 ----D---- C:\Program Files\Mozilla Firefox 2009-09-29 23:36:04 ----D---- C:\WINDOWS\system32\drivers 2009-09-29 23:36:04 ----D---- C:\WINDOWS\system32 2009-09-29 23:35:28 ----SD---- C:\WINDOWS\Tasks 2009-09-29 23:31:56 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-29 23:31:51 ----D---- C:\WINDOWS 2009-09-29 23:31:51 ----A---- C:\WINDOWS\system.ini 2009-09-29 23:29:15 ----D---- C:\WINDOWS\system32\config 2009-09-29 23:27:59 ----D---- C:\WINDOWS\AppPatch 2009-09-29 23:27:56 ----D---- C:\Program Files\Fichiers communs 2009-09-29 23:23:23 ----RASH---- C:\boot.ini 2009-09-29 23:22:38 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-29 23:22:25 ----D---- C:\WINDOWS\Prefetch 2009-09-27 15:31:41 ----HD---- C:\WINDOWS\inf 2009-09-27 15:02:00 ----SHD---- C:\WINDOWS\Installer 2009-09-27 15:02:00 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-27 15:01:57 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-09-27 15:01:30 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-27 10:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-09-27 10:00:39 ----RSD---- C:\WINDOWS\assembly 2009-09-27 09:58:01 ----RD---- C:\Program Files 2009-09-27 09:57:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-27 09:57:27 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-27 09:56:17 ----D---- C:\Program Files\SWAT 4 2009-09-27 09:48:05 ----A---- C:\WINDOWS\win.ini 2009-09-27 09:48:04 ----D---- C:\WINDOWS\pss 2009-09-26 12:46:08 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-21 23:38:32 ----D---- C:\Garmin 2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 13:16:07 ----D---- C:\Warhammer Online - Age of Reckoning 2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft 2009-09-19 13:06:59 ----D---- C:\Program Files\Java 2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM 2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair 2009-09-18 15:34:43 ----D---- C:\WINDOWS\Minidump 2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype 2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-12 14:19:17 ----N---- C:\WINDOWS\system32\svchost.exe 2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help 2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies 2009-09-12 14:16:38 ----D---- C:\NVIDIA 2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight 2009-09-10 07:33:47 ----A---- C:\WINDOWS\imsins.BAK 2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS 2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 catchme;catchme; \??\C:\bibitte\catchme.sys [] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803] S3 a7812lml;a7812lml; C:\WINDOWS\system32\drivers\a7812lml.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-23 238960] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  9. PatOtj
    OK pas de soucis, il n'y a pas le feu ! Le PC tourne bien et ces "copains" ne m'empêchent pas de dormir pour le moment
  10. PatOtj
    Voilà ! Je n'ai pas eu l'occasion de décocher tout ce qui n'était pas "file" et "services" avant de lancer alors ça a pris un bon moment GMER 1.0.15.15087 - http://www.gmer.net Rootkit scan 2009-09-29 06:42:03 Windows 5.1.2600 Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\Babel\LOCALS~1\Temp\awpyqfob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwCreateEvent [0xB4254995] SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwCreateKey [0xB4252985] SSDT B86B9944 ZwCreateThread SSDT B86B9953 ZwDeleteKey SSDT B86B995D ZwDeleteValueKey SSDT spgv.sys ZwEnumerateKey [0xB7EC5CA4] SSDT spgv.sys ZwEnumerateValueKey [0xB7EC6032] SSDT B86B9962 ZwLoadKey SSDT \SystemRoot\System32\drivers\4e5fab3d.sys ZwOpenKey [0xB4252A45] SSDT B86B9930 ZwOpenProcess SSDT B86B9935 ZwOpenThread SSDT spgv.sys ZwQueryKey [0xB7EC610A] SSDT spgv.sys ZwQueryValueKey [0xB7EC5F8A] SSDT B86B996C ZwReplaceKey SSDT B86B9967 ZwRestoreKey SSDT B86B9958 ZwSetValueKey SSDT B86B993F ZwTerminateProcess INT 0x62 ? 8A853BF8 INT 0x63 ? 8A853BF8 INT 0x63 ? 8A853BF8 INT 0x63 ? 8A669BF8 INT 0x63 ? 8A669BF8 INT 0x63 ? 8A853BF8 INT 0x82 ? 8A853BF8 INT 0x84 ? 8A669BF8 INT 0x94 ? 8A669BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spgv.sys Le fichier spécifié est introuvable. ! .text USBPORT.SYS!DllUnload B6F598AC 5 Bytes JMP 8A6691D8 .text an2q9dft.SYS B6EE4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text an2q9dft.SYS B6EE43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text an2q9dft.SYS B6EE43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text an2q9dft.SYS B6EE43C9 1 Byte [30] .text an2q9dft.SYS B6EE43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ? C:\WINDOWS\System32\drivers\4e5fab3d.sys Le fichier spécifié est introuvable. ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b7EA8042] spgv.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b7EA813E] spgv.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b7EA80C0] spgv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b7EA8800] spgv.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b7EA86D6] spgv.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b7EB7E9C] spgv.sys IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\an2q9dft.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 4e5fab3d.sys Device \FileSystem\Ntfs \Ntfs 8A8521F8 Device \Driver\Tcpip \Device\Ip 4e5fab3d.sys Device \Driver\sptd \Device\668650070 spgv.sys Device \Driver\usbuhci \Device\USBPDO-0 8A6681F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7E21F8 Device \Driver\dmio \Device\DmControl\DmConfig 8A7E21F8 Device \Driver\dmio \Device\DmControl\DmPnP 8A7E21F8 Device \Driver\dmio \Device\DmControl\DmInfo 8A7E21F8 Device \Driver\usbuhci \Device\USBPDO-1 8A6681F8 Device \Driver\usbuhci \Device\USBPDO-2 8A6681F8 Device \Driver\usbuhci \Device\USBPDO-3 8A6681F8 Device \Driver\usbehci \Device\USBPDO-4 8A5DE1F8 Device \Driver\Tcpip \Device\Tcp 4e5fab3d.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8541F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8541F8 Device \Driver\Cdrom \Device\CdRom0 8A66C1F8 Device \Driver\Cdrom \Device\CdRom1 8A66C1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8541F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B2EA5F4E-C4CC-4399-8981-765D0FBFAA9A} 8A52C1F8 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A52C1F8 Device \Driver\NetBT \Device\NetbiosSmb 8A52C1F8 Device \Driver\usbstor \Device\00000086 8A4D11F8 Device \Driver\PCI_PNP6320 \Device\0000004d spgv.sys Device \Driver\usbstor \Device\00000087 8A4D11F8 Device \Driver\Tcpip \Device\Udp 4e5fab3d.sys Device \Driver\Tcpip \Device\RawIp 4e5fab3d.sys Device \Driver\usbuhci \Device\USBFDO-0 8A6681F8 Device \Driver\usbuhci \Device\USBFDO-1 8A6681F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A5261F8 Device \Driver\Tcpip \Device\IPMULTICAST 4e5fab3d.sys Device \Driver\usbuhci \Device\USBFDO-2 8A6681F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A5261F8 Device \Driver\usbuhci \Device\USBFDO-3 8A6681F8 Device \Driver\usbehci \Device\USBFDO-4 8A5DE1F8 Device \Driver\Ftdisk \Device\FtControl 8A8541F8 Device \Driver\an2q9dft \Device\Scsi\an2q9dft1Port4Path0Target0Lun0 8A59F408 Device \Driver\an2q9dft \Device\Scsi\an2q9dft1 8A59F408 Device \FileSystem\Cdfs \Cdfs 8A2C3500 ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\System32\drivers\4e5fab3d.sys (*** hidden *** ) [sYSTEM] 4e5fab3d <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@Type 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@Start 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@kadfmmqr 1 Reg HKLM\SYSTEM\ControlSet001\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6 Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ... Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@start 1 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@type 1 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@group file system Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal@imagepath \systemroot\system32\drivers\rotscxkmotuqpf.sys Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@aid 10001 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@sid 2 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main@cmddelay 14400 Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\delete (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\injector (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\injector@* rotscxwsp8.dll Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\main\tasks (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxrk.sys \systemroot\system32\drivers\rotscxkmotuqpf.sys Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxcmd.dll \systemroot\system32\rotscxqmobxxrc.dll Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxlog.dat \systemroot\system32\rotscxftabuyxm.dat Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxwsp.dll \systemroot\system32\rotscxbnmvtrnv.dll Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscx.dat \systemroot\system32\rotscxdjntidqo.dat Reg HKLM\SYSTEM\ControlSet001\Services\rotscxwehxdpal\modules@rotscxwsp8.dll \systemroot\system32\rotscxhxrevsie.dll Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0x07 0x84 0x20 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x0F 0xAE 0xD5 0x5E ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE8 0xD3 0x8F 0xE1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x91 0x9B 0x16 0x5A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@kadfmmqr 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Parameters@ServiceDll C:\WINDOWS\system32\qmgr.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7 Reg HKLM\SYSTEM\controlset004\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@ImagePath \SystemRoot\System32\drivers\4e5fab3d.sys Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@Type 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@Start 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@ErrorControl 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@kadfmmqr 1 Reg HKLM\SYSTEM\controlset004\Services\4e5fab3d@F96ZK6nPB Y29tcC1hbnkuYml6 Reg HKLM\SYSTEM\controlset004\Services\BITS\Parameters@ServiceDll C:\WINDOWS\system32\qmgr.dll Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8 Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8@00164e834b39 0xD9 0x56 0x7D 0x4B ... Reg HKLM\SYSTEM\controlset004\Services\BTHPORT\Parameters\Keys\0009dd500fe8@001e3b1381f4 0xDB 0x57 0x4C 0xEB ... Reg HKLM\SYSTEM\controlset004\Services\MRxDAV\EncryptedDirectories@ Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEF 0x77 0x62 0x6A ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x20 0x15 0x41 0x8F ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x81 0x88 0xEB 0x3B ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5E 0x5C 0x0F 0x95 ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0xEB 0xCB 0x2A ... Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\controlset004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x04 0x37 0x5C 0xDE ... Reg HKLM\SYSTEM\controlset004\Services\wuauserv\Parameters@ServiceDll C:\WINDOWS\system32\wuauserv.dll ---- EOF - GMER 1.0.15 ----
  11. PatOtj
    Les 2 services correspondant à Avira (Guard et Scheduler) sont bien en l'état "Démarré" et en type "Automatique" et en plus du centre de sécurité en rouge je reçois périodiquement un "pop-up" d'Avira précisant que ma mise à jour date de + de 1 jour alors que je la mets à jour manuellement chaque jour !
  12. PatOtj
    Je ne trouve rien dans Démarrer/Tous les programmes/Démarrage ... la boite est vide
  13. PatOtj
    Pour le fix en .reg, il s'est bien incorporé au registre, mais riçen n'a changé au redémarrage Pour les lenteurs à l'arrêt, ça ne le fait plus pour le moment mais j'irais vérifier plus tard les différentes pistes recommandées dans le lien que tu m'a transmis Pour les autres PC sous UBUNTU, je savais que eux ne risquaient rien, mais j'avais un doute sur leur comportement en tant que "porteur sain" à savoir s'ils pouvaient juste propager le "virus" sans pour autant en "souffrir" eux-m^me !? (au m^me titre que certains humains peuvent être immunisé contre certaines maladies mais rester un vecteur de transmission à d'autres !) Pour le dernier PC sous Windows XP, voici le log de USBFix : ############################## | UsbFix V6.036 | User : Cecile (Administrateurs) # ZOE-2 Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 10:56:35 | 27/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html AMD Athlon processor Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : avast! antivirus 4.8.1351 [VPS 090926-1] 4.8.1351 [ Enabled | Updated ] A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 128 Go (111,33 Go free) # NTFS D:\ -> Disque CD-ROM E:\ -> Disque amovible # 1009,45 Mo (975,52 Mo free) [uSB EIFFAGE] # FAT ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe ################## | Fichiers # Dossiers infectieux | Supprimé ! E:\autorun.inf ################## | Registre # Clés Run infectieuses | ################## | Registre # Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{17d77090-84e4-11de-8b17-000e2ea6ff6b}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [14/03/2009 21:32|--a------|0] C:\AUTOEXEC.BAT [14/03/2009 21:24|---hs----|212] C:\boot.ini [28/09/2001 14:00|-rahs----|4952] C:\Bootfont.bin [14/03/2009 21:32|--a------|0] C:\CONFIG.SYS [?|?|?] C:\hiberfil.sys [14/03/2009 21:32|-rahs----|0] C:\IO.SYS [14/03/2009 21:32|-rahs----|0] C:\MSDOS.SYS [03/08/2004 23:38|-rahs----|47564] C:\NTDETECT.COM [14/03/2009 21:49|-rahs----|252240] C:\ntldr [?|?|?] C:\pagefile.sys [27/09/2009 10:59|--a------|2435] C:\UsbFix.txt [28/08/2008 16:36|--a------|64] E:\valkirie-wpa.txt [24/09/2009 18:04|--a------|1232175] E:\UsbFix.exe [01/09/2009 16:12|--a------|19739] E:\AccessEnt6095.rtf [06/09/2009 20:52|--a------|33961728] E:\avira_antivir_personal_en.exe [20/09/2009 13:01|--a------|308160] E:\avast_home_setup.exe ################## | Vaccination | # C:\autorun.inf -> Folder created by UsbFix. # E:\autorun.inf -> Folder created by UsbFix. ################## | Upload | Veuillez envoyer le fichier : C:\DOCUME~1\Cecile\Bureau\UsbFix_Upload_Me_ZOE-2.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.036 ! | Ce qui me semble étonnant à lire ce rapport, c'est que c'est de nouveau une de mes clefs précédement nettoyée par USBFix qui semble infectée !!! Je n'ai pas su envoyé le rapport directement à l'adresse indiquée car la connection WiFi n'était pas opérationnelle suite au reboot via USBFix ! Dois-je l'envoyer d'ici ?
  14. PatOtj
    OK pour la désinstallation de UsbFix Pour le reste, je vois encore 2 "petits" soucis : 1. L'alerte sécurité Windows qyui m'indique qu'antivir ne se met pas à jour automatiquement ! En fait il est à jour suite à une demande de mise à jour "manuelle" de ma part mais je ne sais pas ce que ça va donner les prochains jours !? 2. la fermeture de Windows est tres tres longue et ce n'était pas le cas dans le courant de la semaine Le mode sans échec refonctionne correctement J'aimerais aussi savoir la suite à donner (si nécessaire) sur les autres machines de mon réseau où les scan antivirus et malwarebytes n'indiquent rien d'anormal sachant que mes clefs USB son passée d'une à l'autre dont certaines machines sous UBUNTU
  15. PatOtj
    j'avais déjà l'option "activer les fichiers caché" J'ai repassé une couche de USBFix avec ma clef du taf connactée et il n'a plus rien trouvé J'ai relancé Kapersky online et il n'a plus rien, trouvé non plus voic son rapport : -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, September 26, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, September 25, 2009 17:48:50 Records in database: 2919464 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ K:\ Scan statistics: Objects scanned: 204078 Threats found: 0 Infected objects found: 0 Suspicious objects found: 0 Scan duration: 08:41:31 No threats found. Scanned area is clean. Selected area has been scanned.
  16. PatOtj
    Ok pour la clef du taf ce WE J'avais déjà envoyé le rapport sur le forum en question aussi Je ne vois pas K:\SEVERINA//aleluja.exe mais c'éatit un de ceux détecté aussi par NOD32 sur ma clef USB au boulot et il était aussi "invisible" donc il est possible qu'il soit "camouflé"
  17. PatOtj
    Voilà le rapport de USB Fix ############################## | UsbFix V6.036 | User : Babel (Administrateurs) # BABEL-452C2D6EF Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 18:07:47 | 24/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Intel® Core2 Duo CPU E4500 @ 2.20GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ Enabled | (!) Outdated ] C:\ -> Disque fixe local # 152,77 Go (56,75 Go free) [sYSTEM_300] # NTFS D:\ -> Disque fixe local # 145,32 Go (33,56 Go free) [DATA_300] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM H:\ -> Disque amovible # 1009,45 Mo (894,67 Mo free) [uSB EIFFAGE] # FAT K:\ -> Disque fixe local # 465,75 Go (351,14 Go free) [Disque Dur Externe] # NTFS ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe ################## | Fichiers # Dossiers infectieux | Supprimé ! C:\WINDOWS\system32\autochk.dll Supprimé ! C:\Recycler\S-1-5-21-0557232864-3721157887-092614360-9014\nissan.exe H:\autorun.inf -> fichier appelé : "H:\SEVERINA//aleluja.exe" ( Présent ! ) Non supprimé ! H:\SEVERINA//aleluja.exe H:\autorun.inf -> fichier appelé : "H:\SEVERINA//aleluja.exe" ( Présent ! ) Non supprimé ! H:\SEVERINA//aleluja.exe Supprimé ! H:\autorun.inf K:\autorun.inf -> fichier appelé : "K:\SEVERINA//aleluja.exe" ( Présent ! ) Non supprimé ! K:\SEVERINA//aleluja.exe K:\autorun.inf -> fichier appelé : "K:\SEVERINA//aleluja.exe" ( Présent ! ) Non supprimé ! K:\SEVERINA//aleluja.exe Supprimé ! K:\autorun.inf ################## | Registre # Clés Run infectieuses | Supprimé ! [HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "autochk" Supprimé ! [HKLM\software\microsoft\windows nt\currentversion\winlogon] "Taskman" ################## | Registre # Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{067fa21a-147e-11de-b63b-001d9204db8e}\Shell\AutoRun\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{576c6175-6f5e-11dd-b53c-001d9204db8e}\Shell\AutoRun\Command ################## | Listing des fichiers présent | [19/09/2009 10:42|--a------|53308] C:\aaw7boot.log [14/02/2009 16:34|--a------|81] C:\apa.out [16/01/2008 23:56|--a------|0] C:\AUTOEXEC.BAT [18/09/2009 20:21|--ahs----|212] C:\boot.ini [30/08/2002 14:00|-rahs----|4952] C:\Bootfont.bin [16/01/2008 23:56|--a------|0] C:\CONFIG.SYS [16/01/2008 23:56|-rahs----|0] C:\IO.SYS [16/01/2008 23:56|-rahs----|0] C:\MSDOS.SYS [03/08/2004 22:38|-rahs----|47564] C:\NTDETECT.COM [04/09/2008 23:04|-rahs----|252240] C:\ntldr [?|?|?] C:\pagefile.sys [23/09/2009 00:21|--a------|1081] C:\TCleaner.txt [24/09/2009 18:12|--a------|3820] C:\UsbFix.txt [14/12/2008 20:05|--a------|10864557] H:\XnView-win-full.exe [28/08/2008 16:36|--a------|64] H:\valkirie-wpa.txt.txt [27/05/2009 10:14|--a------|33861844] H:\safety-nl.zip [30/08/2009 08:20|--a------|1806656] H:\dopdf.exe [28/04/2009 13:06|--a------|43008] H:\Statistiques Accidents COLLIGNON-SORETI-ACH-SATRA-FEYENS-COLLUX + temporaires de 1997 … 12-2008.xls [28/04/2009 11:26|--a------|219136] H:\DOC 42 Questionnaire audit interne VCA - POT 090422.doc [17/03/2009 15:39|--a------|178252] H:\20090317 - Conformit‚ aux exigences l‚gales 18001 - Plan d'action - FEYENS WB.pdf [17/03/2009 15:39|--a------|128512] H:\20090317 - Conformit‚ aux exigences l‚gales 18001 - FEYENS WB.doc [08/04/2009 11:11|--a------|77824] H:\Doc 141 - Rapport de r‚union - 090407 Probl‚matique amiante.doc [23/03/2009 11:56|--a------|23552] H:\Missions et tƒches du service pour la pr‚vention et la protection au travail.xls [11/05/2009 17:48|--a------|122880] H:\doc complet (1).doc [12/05/2009 12:54|--a------|103424] H:\Situation V‚hicules IGC au 090512.xls [27/05/2009 09:30|--a------|32101421] H:\safety-BF-catalogue.zip [17/09/2009 22:41|--a------|1532] H:\BOOTEX.LOG [01/09/2009 16:12|--a------|19739] H:\AccessEnt6095.rtf [04/09/2009 10:08|--a------|145408] H:\Situation des inventaires rentr‚s au 01-01-2009 - Version 01.xls [17/09/2009 07:13|--a------|9736] H:\hijackthis.log [06/09/2009 20:52|--a------|33961728] H:\avira_antivir_personal_en.exe [06/09/2009 20:41|--a------|3942048] H:\mbam-setup.exe [17/09/2009 07:00|--a------|318369] H:\HiJackThis.zip [20/09/2009 13:01|--a------|308160] H:\avast_home_setup.exe [13/03/2009 19:23|--a------|1622736] H:\cutepdf-writer_cutepdf_writer_2.7_anglais_26715.exe ################## | Vaccination | # C:\autorun.inf -> Folder created by UsbFix. # D:\autorun.inf -> Folder created by UsbFix. # H:\autorun.inf -> Folder created by UsbFix. # K:\autorun.inf -> Folder created by UsbFix. ################## | Upload | Veuillez envoyer le fichier : C:\DOCUME~1\Babel\Bureau\UsbFix_Upload_Me_BABEL-452C2D6EF.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.036 ! | Il y manque une clef USB, qui est restée au bureau et surlaquelle NOD32 a fortement réagit tout à l'heure : 3 virus dont le fameux autorun.inf Sauf avis contaraire de ta part d'ici là, je relancerais Kapersky cette nuit
  18. PatOtj
    Non c'est moi qui ais sélectionné "ignorer" dans le pop-up de antivir et ensuite quand OTM a eu terminé et a essayé de redémarré, le système est resté bloqué sur un écran vide pendant au moins 30 minutes ! je l'ai alors rebooté sur l'interrupteur ! et au redémarrage je n'ai pas eu de rapport de OTM donc je l'ai relancé. Pour ce qui est de la quarantaine d'antivir, elle contient tout un tas de trucs, mais rien qui ressemble aux 4 ci-dessus selon moi ! Le dossier _OTM correspondant au plantage contient bien lui certains des 4 cités ci dessus. Y a t'il une possibilité de faire un log de cette quarantaine ? Si non je relancerais Kapersky ce soir mais précise moi si je dois laisser branché mes amovibles (clefs usb et DD externe) Pat Pat
  19. PatOtj
    Bon j'ai eu un soucis ! antivir est venu s'intercaler dans la procédure lors des accès de OTM aux fichiers supsects ! j'ai fais "ignore" à chaque fois, mais ensuite le système s'est planté lors de reboot ! J'ai donc du faire un reset à chaud, désactiver le fonction "guard" d'Antivir et ensuite relancer OTM All processes killed ========== FILES ========== File/Folder C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\protect.exe not found. File/Folder C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D294NU1 not found. File/Folder C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll not found. File/Folder C:\WINDOWS\system32\config\systemprofile\protect.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Babel ->Temp folder emptied: 90693052 bytes ->Temporary Internet Files folder emptied: 23191731 bytes ->Java cache emptied: 25621453 bytes ->FireFox cache emptied: 34119922 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be deleted on reboot. %systemroot% .tmp files removed: 24 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 699087 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 166,28 mb OTM by OldTimer - Version 3.0.0.6 log created on 09232009_235151 Files moved on Reboot... File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. Registry entries deleted on Reboot...
  20. PatOtj
    Voilà désolé pour la réponse tardive mais l'antivirus a tourné toute la nuit et n'avait pas fini ce matin. Voici le rapport de ToolCleaner : [ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\lopR.txt: trouvé ! C:\Lop SD: trouvé ! C:\_OTM: trouvé ! C:\Rsit: trouvé ! C:\Documents and Settings\Babel\Bureau\LopSD.exe: trouvé ! C:\Documents and Settings\Babel\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\Babel\Bureau\hijackthis.log: trouvé ! C:\Documents and Settings\Babel\Bureau\Rsit.exe: trouvé ! C:\Documents and Settings\Babel\Recent\HijackThis.lnk: trouvé ! C:\Lop SD\catchme.exe: trouvé ! C:\Lop SD\catchme.log: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\Babel\Bureau\LopSD.exe: supprimé ! C:\Documents and Settings\Babel\Bureau\OTM.exe: supprimé ! C:\Documents and Settings\Babel\Recent\HijackThis.lnk: supprimé ! C:\Lop SD\catchme.exe: supprimé ! C:\lopR.txt: supprimé ! C:\Documents and Settings\Babel\Bureau\hijackthis.log: supprimé ! C:\Documents and Settings\Babel\Bureau\Rsit.exe: supprimé ! C:\Lop SD\catchme.log: supprimé ! C:\Lop SD: supprimé ! C:\_OTM: supprimé ! C:\Rsit: supprimé ! et celui de Kapersky -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Wednesday, September 23, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Wednesday, September 23, 2009 00:16:30 Records in database: 2870163 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ K:\ Scan statistics: Objects scanned: 204934 Threats found: 4 Infected objects found: 5 Suspicious objects found: 0 Scan duration: 08:01:37 File name / Threat / Threats count C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\protect.exe Infected: Packed.Win32.Black.a 1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0D294NU1\fyzmmn[1].htm Infected: Backdoor.Win32.Agent.akwi 1 C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll Infected: Trojan.Win32.Scar.xmh 1 C:\WINDOWS\system32\config\systemprofile\protect.dll Infected: Trojan.Win32.Scar.xmh 1 K:\autorun.inf Infected: P2P-Worm.Win32.Palevo.jsq 1 Selected area has been scanned. En passant j'ai vu le fichier autorun.inf sur certaines de mes clefs USB
  21. PatOtj
    Merci Robert Marcel J'ai trouvé de quoi faire dans ton lien Pour les autres qui auraient ce problème, j'ai du installer l' Outil d'analyse de l'installation conforme des mises à jour du système (KB947821) [avril 2009] C'est assez long et à un moment ça semble planté mais si on est patient ça fni par passé et ensuite Windows update télécharge et installe le SP1 sans trop de problèmes Le SP2 est seulement dispo après apparemment !
  22. PatOtj
    Bon j'ai réinitialisé IE et Firefox comme indiqué et la page est revenue quelques secondes après le démarrage ! J'ai ensuite effectué un autre test : j'ai passé IE en navigateur par défaut et relancé la machine => la page de pub s'est ouverte automatiquement sous IE quelques secondes après le démarrage. Pour les sites de streaming, je confirme que je les ai fréquenté pas mal ces derniers temps pour aller voir ce qu'ils proposaient
  23. PatOtj
    Je n'utilise pas Daemon ou Alcohool de ces temps ci donc ou peut le désactiver voire le désinstaller si nécessaire pour s'assurer qu'ils ne sont pas en cause et malheureusement j'ai toujours l'ouverture de cette page de pub mais contrairement à ce que je disais elle n'apparait pas systématiquement à l'ouverture de firefox mais parfois avant -> je penserais que c'est lors de la 1ère tentative d'accès au net par n'importe quel programme ! voici mes logs : All processes killed ========== SERVICES/DRIVERS ========== Service\Driver ai4z6bj1 not found. Service\Driver key ai4z6bj1 deleted successfully. ========== FILES ========== C:\Documents and Settings\Babel\Application Data\.# moved successfully. File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. File/Folder C:\WINDOWS\system32\drivers\ai4z6bj1.sys not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Babel ->Temp folder emptied: 2132563 bytes ->Temporary Internet Files folder emptied: 699197 bytes ->Java cache emptied: 25495466 bytes ->FireFox cache emptied: 71256212 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be deleted on reboot. %systemroot% .tmp files removed: 24 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 1290737 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 96,26 mb OTM by OldTimer - Version 3.0.0.6 log created on 09202009_225124 Files moved on Reboot... File move failed. C:\WINDOWS\S96DCFBA0.tmp scheduled to be moved on reboot. Registry entries deleted on Reboot... et le second : Logfile of random's system information tool 1.06 (written by random/random) Run by Babel at 2009-09-20 22:59:32 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 58 GB (37%) free of 156 GB Total RAM: 2046 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:59:36, on 20/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Babel\Bureau\RSIT.exe D:\Download\HiJackThis\Babel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'Default user') O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6915 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon] C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter] C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl] C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888] C:\Documents and Settings\Babel\Menu Démarrer\Programmes\Démarrage OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli wenunuve.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3" "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo" "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe:*:Enabled:FileZilla Server Interface" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe"="C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw" "C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{067fa21a-147e-11de-b63b-001d9204db8e}] shell\AutoRun\command - G:\start.exe shell\FramaKey\command - G:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576c6175-6f5e-11dd-b53c-001d9204db8e}] shell\AutoRun\command - L:\umenu.exe ======List of files/folders created in the last 3 months====== 2009-09-20 11:07:28 ----A---- C:\lopR.txt 2009-09-20 11:06:42 ----D---- C:\Lop SD 2009-09-19 22:33:12 ----SHD---- C:\Config.Msi 2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-09-18 20:13:37 ----D---- C:\_OTM 2009-09-18 15:43:37 ----D---- C:\rsit 2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll 2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation 2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll 2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com 2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-07 06:43:17 ----D---- C:\spoolerlogs 2009-09-06 20:59:54 ----D---- C:\Program Files\Avira 2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes 2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll 2009-08-30 08:21:20 ----D---- C:\Program Files\Softland 2009-08-28 04:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-18 21:13:28 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited 2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcpluir.dll 2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcplui.exe 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszht.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszhc.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrstr.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsth.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssv.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssl.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssk.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsru.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsptb.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspt.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspl.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsno.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsnl.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsko.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsja.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsit.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshu.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshe.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsfr.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsfi.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsesm.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrses.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrseng.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsel.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsde.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsda.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrscs.dll 2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvwddi.dll 2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvrsar.dll 2009-08-17 03:03:50 ----A---- C:\WINDOWS\system32\nvwssr.dll 2009-08-17 03:03:44 ----A---- C:\WINDOWS\system32\nvwss.dll 2009-08-17 03:03:40 ----A---- C:\WINDOWS\system32\nvvitvsr.dll 2009-08-17 03:03:38 ----A---- C:\WINDOWS\system32\nvvitvs.dll 2009-08-17 03:03:32 ----A---- C:\WINDOWS\system32\nvmoblsr.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmobls.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccssr.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccss.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvgamesr.dll 2009-08-17 03:03:22 ----A---- C:\WINDOWS\system32\nvgames.dll 2009-08-17 03:03:18 ----A---- C:\WINDOWS\system32\nvdispsr.dll 2009-08-17 03:03:02 ----A---- C:\WINDOWS\system32\nvdisps.dll 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvmctray.dll 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcpl.dll 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcolor.exe 2009-08-17 03:02:52 ----A---- C:\WINDOWS\system32\nvmccs.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2009-08-14 13:36:18 ----A---- C:\WINDOWS\system32\PhysXLoader.dll 2009-08-13 14:35:34 ----D---- C:\Warhammer Online - Age of Reckoning 2009-08-13 14:35:17 ----D---- C:\Program Files\Fichiers communs\SWF Studio 2009-08-13 14:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 14:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 14:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 14:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-13 14:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 14:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 14:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 14:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-13 14:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-11 20:00:32 ----D---- C:\WINDOWS\system32\appmgmt 2009-08-11 19:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-10 07:30:36 ----D---- C:\WINDOWS\SxsCaPendDel 2009-08-04 23:13:46 ----D---- C:\Program Files\The KMPlayer FR 2009-08-04 23:05:16 ----D---- C:\Documents and Settings\Babel\Application Data\Media Player Classic 2009-08-04 23:04:30 ----A---- C:\WINDOWS\system32\unrar.dll 2009-08-04 23:04:30 ----A---- C:\WINDOWS\avisplitter.ini 2009-08-04 23:04:29 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\qt-dx331.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\divx.dll 2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-08-04 23:04:25 ----D---- C:\Program Files\K-Lite Codec Pack 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXDevice.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCplUI.exe 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCompatCplUI.exe 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSwedish.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSpanish.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelPortugese.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelKorean.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelJapanese.dll 2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelGerman.dll 2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelFrench.dll 2009-07-25 15:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft 2009-07-25 15:50:32 ----ASH---- C:\WINDOWS\S96DCFBA0.tmp 2009-07-25 15:50:20 ----D---- C:\Program Files\SlySoft 2009-07-16 22:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-16 22:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-16 22:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-16 19:04:33 ----D---- C:\Program Files\Mars 2009-07-16 12:41:46 ----D---- C:\Documents and Settings\Babel\Application Data\ArcSoft 2009-07-16 12:39:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-07-16 12:35:40 ----D---- C:\WINDOWS\Setup533 2009-07-16 12:35:40 ----A---- C:\WINDOWS\system32\SP5X_32.DLL 2009-07-16 12:35:40 ----A---- C:\WINDOWS\ShowBmp.exe 2009-07-16 12:35:40 ----A---- C:\WINDOWS\Remove.ini 2009-07-16 12:35:40 ----A---- C:\WINDOWS\CA533A.INI 2009-07-16 12:35:40 ----A---- C:\WINDOWS\amcap533.exe 2009-07-16 12:33:33 ----A---- C:\WINDOWS\PCDLIB32.DLL 2009-07-16 12:33:31 ----D---- C:\Program Files\ArcSoft 2009-06-30 17:30:31 ----D---- C:\Documents and Settings\Babel\Application Data\PlayFirst 2009-06-30 17:30:31 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst 2009-06-28 09:00:18 ----D---- C:\Program Files\DAEMON Tools Lite 2009-06-27 10:18:58 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames 2009-06-27 10:18:54 ----D---- C:\Documents and Settings\Babel\Application Data\Zylom 2009-06-27 10:00:12 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom 2009-06-25 18:16:41 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$ 2009-06-25 18:12:47 ----D---- C:\Program Files\PC Connectivity Solution 2009-06-25 18:11:35 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$ 2009-06-24 18:03:23 ----D---- C:\WINDOWS\ie8updates 2009-06-24 18:02:28 ----D---- C:\WINDOWS\WBEM 2009-06-24 18:01:23 ----HDC---- C:\WINDOWS\ie8 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\px.dll ======List of files/folders modified in the last 3 months====== 2009-09-20 22:53:48 ----D---- C:\WINDOWS\Temp 2009-09-20 22:53:39 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-20 22:53:38 ----D---- C:\Program Files\Mozilla Firefox 2009-09-20 22:51:41 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-20 19:02:36 ----D---- C:\WINDOWS\Prefetch 2009-09-19 22:33:35 ----SHD---- C:\WINDOWS\Installer 2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-09-19 13:29:13 ----D---- C:\WINDOWS\pss 2009-09-19 13:22:50 ----RD---- C:\Program Files 2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft 2009-09-19 13:15:22 ----D---- C:\WINDOWS\system32 2009-09-19 13:11:45 ----D---- C:\Program Files\Fichiers communs 2009-09-19 13:06:59 ----D---- C:\Program Files\Java 2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM 2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair 2009-09-19 10:31:50 ----HD---- C:\WINDOWS\inf 2009-09-19 10:31:50 ----D---- C:\WINDOWS\system32\drivers 2009-09-19 10:31:50 ----D---- C:\WINDOWS 2009-09-18 20:21:57 ----ASH---- C:\boot.ini 2009-09-18 20:21:57 ----A---- C:\WINDOWS\win.ini 2009-09-18 20:21:57 ----A---- C:\WINDOWS\system.ini 2009-09-18 15:34:43 ----D---- C:\WINDOWS\Minidump 2009-09-17 18:57:28 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-17 06:50:42 ----SHD---- C:\RECYCLER 2009-09-17 06:43:21 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype 2009-09-12 15:30:02 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-12 14:19:17 ----A---- C:\WINDOWS\system32\svchost.exe 2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help 2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies 2009-09-12 14:16:38 ----D---- C:\NVIDIA 2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight 2009-09-10 07:33:45 ----A---- C:\WINDOWS\imsins.BAK 2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-10 07:33:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS 2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-18 21:13:15 ----D---- C:\Program Files\CDBurnerXP 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuda.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcodins.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcod.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvapi.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-08-13 14:10:26 ----D---- C:\Program Files\Outlook Express 2009-08-12 07:08:46 ----D---- C:\Downloads 2009-08-11 19:57:13 ----D---- C:\Program Files\TomTom HOME 2009-08-11 19:54:13 ----A---- C:\WINDOWS\SIERRA.INI 2009-08-11 19:52:10 ----D---- C:\Program Files\American Conquest - Fight Back 2009-08-11 19:51:26 ----D---- C:\Program Files\American Conquest 2009-08-11 12:35:08 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-08-10 19:06:07 ----RSD---- C:\WINDOWS\assembly 2009-08-10 07:34:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-10 07:31:38 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-10 07:31:35 ----D---- C:\WINDOWS\system32\en-us 2009-08-10 07:31:30 ----RSD---- C:\WINDOWS\Fonts 2009-08-10 07:29:21 ----D---- C:\Program Files\Internet Explorer 2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-17 21:03:33 ----A---- C:\WINDOWS\system32\atl.dll 2009-07-16 19:04:35 ----D---- C:\Program Files\DIFX 2009-07-16 12:39:12 ----D---- C:\WINDOWS\system 2009-07-16 12:33:09 ----D---- C:\Program Files\Fichiers communs\InstallShield 2009-07-14 13:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe 2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll 2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll 2009-07-04 19:47:11 ----D---- C:\WINDOWS\system32\DirectX 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll 2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-07-03 18:57:46 ----N---- C:\WINDOWS\system32\jsproxy.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll 2009-07-03 18:57:41 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2009-07-03 13:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe 2009-06-30 17:30:30 ----D---- C:\Documents and Settings\Babel\Application Data\Identities 2009-06-29 18:31:15 ----D---- C:\Documents and Settings\Babel\Application Data\DAEMON Tools Lite 2009-06-26 22:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2009-06-26 22:23:28 ----D---- C:\Program Files\Nokia 2009-06-25 18:18:11 ----D---- C:\Documents and Settings\Babel\Application Data\Nokia 2009-06-25 18:14:52 ----D---- C:\WINDOWS\security 2009-06-25 18:13:51 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-06-25 18:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2009-06-24 18:05:44 ----D---- C:\WINDOWS\system32\fr-fr 2009-06-24 18:02:21 ----D---- C:\WINDOWS\Media 2009-06-23 18:56:53 ----D---- C:\Program Files\Winamp 2009-06-23 18:51:14 ----A---- C:\WINDOWS\winamp.ini 2009-06-22 08:47:13 ----A---- C:\WINDOWS\system32\jscript.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803] S3 ak2aqkrs;ak2aqkrs; C:\WINDOWS\system32\drivers\ak2aqkrs.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
  24. PatOtj
    Bonjour, Je tente, en vain, de mettre à jour un portable ACER d'une amie ! il est sous Vista Edition Familiale Prémium ! Le téléchargement du SP1 via Windows update échoue et si je passe au fichier manuel ça plante également à la fin de l'installation avec le message suivant : Code d'erreur : 0x80070002 http://go.microsoft.com/fwlink/?LinkId=101139 ce dernier lien ne mène nulle part de sérieux ! Merci d'avance de vos suggestions Patrick
  25. PatOtj
    --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E4500 @ 2.20GHz ) BIOS : Default System BIOS USER : Babel ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Activated) C:\ (Local Disk) - NTFS - Total:152 Go (Free:56 Go) D:\ (Local Disk) - NTFS - Total:145 Go (Free:33 Go) E:\ (CD or DVD) F:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 20/09/2009|11:07 ) --------------------\\ Listing des dossiers dans APPLIC~1 [18/02/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [18/03/2008|21:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3 [18/04/2009|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [18/04/2009|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [06/09/2009|20:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [30/01/2009|09:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Blizzard [18/08/2009|21:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Canneverbe Limited [17/02/2009|22:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite [23/11/2008|19:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fallout3 [27/06/2009|10:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames [26/06/2009|22:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations [29/05/2008|19:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [12/09/2009|14:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com [06/09/2009|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [12/04/2009|18:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [10/09/2009|07:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [12/04/2009|18:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NCH Swift Sound [12/09/2009|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA Corporation [25/06/2009|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [30/06/2009|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst [29/08/2008|11:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [25/07/2009|15:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft [17/01/2008|01:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia [24/07/2008|11:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [17/02/2008|17:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [27/06/2009|10:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [13/08/2009|14:38] C:\DOCUME~1\Babel\APPLIC~1\.# [18/02/2008|19:16] C:\DOCUME~1\Babel\APPLIC~1\Adobe [16/07/2009|12:42] C:\DOCUME~1\Babel\APPLIC~1\ArcSoft [01/05/2008|23:19] C:\DOCUME~1\Babel\APPLIC~1\Bioshock [11/04/2009|10:06] C:\DOCUME~1\Babel\APPLIC~1\Broad Intelligence [22/08/2008|11:02] C:\DOCUME~1\Babel\APPLIC~1\Canneverbe_Limited [17/02/2009|22:56] C:\DOCUME~1\Babel\APPLIC~1\DAEMON Tools [29/06/2009|18:31] C:\DOCUME~1\Babel\APPLIC~1\DAEMON Tools Lite [17/02/2009|23:00] C:\DOCUME~1\Babel\APPLIC~1\DAEMON Tools Pro [22/08/2008|11:02] C:\DOCUME~1\Babel\APPLIC~1\DeepBurner [29/03/2009|15:14] C:\DOCUME~1\Babel\APPLIC~1\dvdcss [10/06/2008|18:12] C:\DOCUME~1\Babel\APPLIC~1\GARMIN [24/12/2008|17:24] C:\DOCUME~1\Babel\APPLIC~1\gtk-2.0 [17/01/2008|20:59] C:\DOCUME~1\Babel\APPLIC~1\Help [30/06/2009|17:30] C:\DOCUME~1\Babel\APPLIC~1\Identities [02/07/2008|15:54] C:\DOCUME~1\Babel\APPLIC~1\InstallShield [19/01/2008|12:03] C:\DOCUME~1\Babel\APPLIC~1\Macromedia [06/09/2009|20:42] C:\DOCUME~1\Babel\APPLIC~1\Malwarebytes [04/08/2009|23:05] C:\DOCUME~1\Babel\APPLIC~1\Media Player Classic [20/12/2008|15:51] C:\DOCUME~1\Babel\APPLIC~1\Microsoft [19/06/2008|18:28] C:\DOCUME~1\Babel\APPLIC~1\Mozilla [17/01/2008|01:14] C:\DOCUME~1\Babel\APPLIC~1\My Games [13/04/2009|08:21] C:\DOCUME~1\Babel\APPLIC~1\NCH Swift Sound [25/06/2009|18:18] C:\DOCUME~1\Babel\APPLIC~1\Nokia [13/03/2008|21:23] C:\DOCUME~1\Babel\APPLIC~1\PC Suite [30/06/2009|17:30] C:\DOCUME~1\Babel\APPLIC~1\PlayFirst [12/04/2009|18:36] C:\DOCUME~1\Babel\APPLIC~1\Recordpad [22/04/2008|23:40] C:\DOCUME~1\Babel\APPLIC~1\SecuROM [13/09/2009|23:28] C:\DOCUME~1\Babel\APPLIC~1\Skype [29/08/2008|16:05] C:\DOCUME~1\Babel\APPLIC~1\skypePM [31/05/2008|11:00] C:\DOCUME~1\Babel\APPLIC~1\Sun [31/10/2008|19:31] C:\DOCUME~1\Babel\APPLIC~1\SystemRequirementsLab [17/01/2008|00:33] C:\DOCUME~1\Babel\APPLIC~1\Talkback [11/05/2008|10:55] C:\DOCUME~1\Babel\APPLIC~1\teamspeak2 [28/05/2008|00:10] C:\DOCUME~1\Babel\APPLIC~1\TigerPlayer [14/03/2008|21:07] C:\DOCUME~1\Babel\APPLIC~1\vlc [24/12/2008|17:02] C:\DOCUME~1\Babel\APPLIC~1\XnView [26/10/2008|13:49] C:\DOCUME~1\Babel\APPLIC~1\XRay Engine [30/06/2009|17:30] C:\DOCUME~1\Babel\APPLIC~1\Zylom [16/01/2008|23:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [06/09/2009|21:15] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe [16/01/2008|23:56] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [30/08/2009|08:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\Softland [16/01/2008|23:56] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [19/09/2009 21:53][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [07/09/2009 08:30][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [20/09/2009 10:40][--ah-----] C:\WINDOWS\tasks\SA.DAT [30/08/2002 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [25/07/2008|01:47] C:\Program Files\Adobe [12/09/2009|14:18] C:\Program Files\AGEIA Technologies [17/01/2008|00:51] C:\Program Files\Alwil Software [11/08/2009|19:51] C:\Program Files\American Conquest [11/08/2009|19:52] C:\Program Files\American Conquest - Fight Back [18/04/2009|07:56] C:\Program Files\Apple Software Update [16/07/2009|12:33] C:\Program Files\ArcSoft [22/08/2008|11:02] C:\Program Files\Astonsoft [06/09/2009|20:59] C:\Program Files\Avira [23/11/2008|19:24] C:\Program Files\Bethesda Softworks [19/09/2009|13:22] C:\Program Files\CCleaner [18/08/2009|21:13] C:\Program Files\CDBurnerXP [25/04/2009|12:47] C:\Program Files\CDex_150 [16/01/2008|23:53] C:\Program Files\ComPlus Applications [29/06/2009|18:29] C:\Program Files\DAEMON Tools Lite [26/10/2008|13:50] C:\Program Files\Deep Silver [16/07/2009|19:04] C:\Program Files\DIFX [23/02/2009|13:29] C:\Program Files\Editions ENI [17/02/2009|23:10] C:\Program Files\EGOSOFT [01/04/2008|11:57] C:\Program Files\Electronic Arts [19/09/2009|13:11] C:\Program Files\Fichiers communs [03/06/2008|17:12] C:\Program Files\FileZilla Server [02/07/2008|15:32] C:\Program Files\Firaxis Games [10/06/2008|18:12] C:\Program Files\Garmin GPS Plugin [01/03/2008|12:47] C:\Program Files\GUILD WARS [19/09/2009|13:19] C:\Program Files\InstallShield Installation Information [10/08/2009|07:29] C:\Program Files\Internet Explorer [19/09/2009|13:06] C:\Program Files\Java [04/08/2009|23:05] C:\Program Files\K-Lite Codec Pack [13/02/2009|19:38] C:\Program Files\Kluwer [17/01/2008|00:48] C:\Program Files\Lavalys [19/09/2009|13:15] C:\Program Files\Lavasoft [12/07/2008|17:09] C:\Program Files\Lexmark 1200 Series [12/09/2009|14:44] C:\Program Files\ma-config.com [19/09/2009|00:00] C:\Program Files\Malwarebytes' Anti-Malware [16/07/2009|19:04] C:\Program Files\Mars [25/08/2008|10:04] C:\Program Files\Mass Effect [04/09/2008|23:10] C:\Program Files\Messenger [12/04/2009|18:30] C:\Program Files\Microsoft [08/05/2008|18:33] C:\Program Files\Microsoft Baseline Security Analyzer 2 [16/01/2008|23:57] C:\Program Files\microsoft frontpage [23/03/2008|20:04] C:\Program Files\Microsoft Games [17/01/2008|00:27] C:\Program Files\Microsoft IntelliPoint [20/12/2008|12:44] C:\Program Files\Microsoft Office [10/09/2009|19:41] C:\Program Files\Microsoft Silverlight [12/04/2009|18:31] C:\Program Files\Microsoft SQL Server Compact Edition [20/12/2008|12:44] C:\Program Files\Microsoft Visual Studio [20/12/2008|12:39] C:\Program Files\Microsoft Visual Studio 8 [20/12/2008|12:44] C:\Program Files\Microsoft Works [20/12/2008|12:43] C:\Program Files\Microsoft.NET [04/09/2008|23:08] C:\Program Files\Movie Maker [20/09/2009|10:50] C:\Program Files\Mozilla Firefox [28/05/2008|00:10] C:\Program Files\MpcStar [23/11/2008|19:22] C:\Program Files\MSBuild [17/01/2008|20:00] C:\Program Files\MSI [16/01/2008|23:52] C:\Program Files\MSN [16/01/2008|23:53] C:\Program Files\MSN Gaming Zone [17/03/2008|01:27] C:\Program Files\MSXML 4.0 [17/01/2008|00:27] C:\Program Files\MSXML 6.0 [13/04/2009|08:20] C:\Program Files\NCH Software [13/04/2009|08:21] C:\Program Files\NCH Swift Sound [04/09/2008|23:06] C:\Program Files\NetMeeting [17/01/2008|00:21] C:\Program Files\NFO viewer [26/06/2009|22:23] C:\Program Files\Nokia [12/09/2009|14:17] C:\Program Files\NVIDIA Corporation [16/01/2008|23:53] C:\Program Files\Online Services [13/08/2009|14:10] C:\Program Files\Outlook Express [12/04/2008|10:15] C:\Program Files\Packard Bell Data Secure [25/06/2009|18:12] C:\Program Files\PC Connectivity Solution [14/03/2008|20:47] C:\Program Files\PowerISO [17/01/2008|20:56] C:\Program Files\PowerQuest [10/11/2008|13:31] C:\Program Files\PrintKey 2000 Fr [17/01/2008|01:02] C:\Program Files\Realtek [23/11/2008|19:20] C:\Program Files\Reference Assemblies [04/04/2008|13:44] C:\Program Files\Seagate [16/01/2008|23:55] C:\Program Files\Services en ligne [17/01/2008|20:02] C:\Program Files\Setup Files [22/08/2008|10:59] C:\Program Files\Sierra [17/08/2008|21:28] C:\Program Files\Sierra On-Line [29/08/2008|11:04] C:\Program Files\Skype [25/07/2009|15:50] C:\Program Files\SlySoft [30/08/2009|08:21] C:\Program Files\Softland [31/05/2008|11:00] C:\Program Files\Sun [03/04/2008|11:12] C:\Program Files\SWAT 4 [31/10/2008|19:31] C:\Program Files\SystemRequirementsLab [17/01/2008|01:07] C:\Program Files\Take Two [11/05/2008|10:55] C:\Program Files\Teamspeak2_RC2 [04/08/2009|23:13] C:\Program Files\The KMPlayer FR [30/03/2008|21:38] C:\Program Files\THQ [11/08/2009|19:57] C:\Program Files\TomTom HOME [19/09/2009|10:36] C:\Program Files\TOPCOM [22/05/2008|20:38] C:\Program Files\TSO [25/12/2008|13:12] C:\Program Files\Ubisoft [17/01/2008|00:01] C:\Program Files\Uninstall Information [17/01/2008|00:38] C:\Program Files\VIA [14/03/2008|21:06] C:\Program Files\VideoLAN [23/06/2009|18:56] C:\Program Files\Winamp [12/04/2009|18:31] C:\Program Files\Windows Live [12/04/2009|18:30] C:\Program Files\Windows Live SkyDrive [24/07/2008|10:57] C:\Program Files\Windows Media Connect 2 [04/09/2008|23:06] C:\Program Files\Windows Media Player [04/09/2008|23:06] C:\Program Files\Windows NT [13/01/2009|01:02] C:\Program Files\WindowsUpdate [22/08/2008|11:06] C:\Program Files\winLAME [17/01/2008|00:40] C:\Program Files\Winrar [25/03/2009|21:21] C:\Program Files\X Plugin Manager [16/01/2008|23:57] C:\Program Files\xerox [14/12/2008|21:06] C:\Program Files\XnView [02/01/2009|14:18] C:\Program Files\Zeb-Utility --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [18/02/2008|19:15] C:\Program Files\Fichiers communs\Adobe [01/09/2008|22:51] C:\Program Files\Fichiers communs\BioWare [02/07/2008|12:28] C:\Program Files\Fichiers communs\Blizzard Entertainment [20/12/2008|13:05] C:\Program Files\Fichiers communs\DESIGNER [23/02/2009|13:29] C:\Program Files\Fichiers communs\Editions ENI [16/07/2009|12:33] C:\Program Files\Fichiers communs\InstallShield [06/03/2009|20:52] C:\Program Files\Fichiers communs\Microsoft Shared [16/01/2008|23:54] C:\Program Files\Fichiers communs\MSSoap [17/01/2008|06:25] C:\Program Files\Fichiers communs\ODBC [16/01/2008|23:54] C:\Program Files\Fichiers communs\Services [29/08/2008|11:04] C:\Program Files\Fichiers communs\Skype [17/01/2008|06:25] C:\Program Files\Fichiers communs\SpeechEngines [13/08/2009|14:35] C:\Program Files\Fichiers communs\SWF Studio [20/12/2008|12:43] C:\Program Files\Fichiers communs\System [12/04/2009|18:22] C:\Program Files\Fichiers communs\Windows Live [17/02/2008|18:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller [12/09/2009|14:18] C:\Program Files\Fichiers communs\Wise Installation Wizard [13/02/2009|19:39] C:\Program Files\Fichiers communs\WKB shared --------------------\\ Process ( 43 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 11:08:12 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:37][D:2]-> C:\DOCUME~1\Babel\LOCALS~1\Temp [F:3][D:0]-> C:\DOCUME~1\Babel\Cookies [F:67][D:4]-> C:\DOCUME~1\Babel\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 20/09/2009|11:09 - Option : [1] --------------------\\ Fin du rapport a 11:09:16 --> et la suite : Logfile of random's system information tool 1.06 (written by random/random) Run by Babel at 2009-09-20 11:12:20 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 58 GB (37%) free of 156 GB Total RAM: 2046 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:12:23, on 20/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Lexmark 1200 Series\lxczbmon.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Babel\Bureau\RSIT.exe D:\Download\HiJackThis\Babel.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@0 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [java_sun] Java (Sun) O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {997C5A94-77F6-427D-A388-AC2B6ECF0F7C} - http://www.mediapluspro.com/mediaplus66/do...geinstaller.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shock...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\ O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7146 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497bb-d6f0-462c-b6eb-d4daf1d92d43}] SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-09-19 321312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736] "BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent [] "Lexmark 1200 Series"=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 149280] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobe reader speed launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\alcmtr] C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\daemon tools lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nokia.pcsync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvcpldaemon] C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nvmediacenter] C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\quicktime task] C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rthdcpl] C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^babel^menu démarrer^programmes^démarrage^printkey 2000 fr.lnk] C:\PROGRA~1\PRINTK~1\PRINTK~1.EXE [2001-06-17 869888] C:\Documents and Settings\Babel\Menu Démarrer\Programmes\Démarrage OneNote 2007 - Capture d'écran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli wenunuve.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client" "C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3" "C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe"="C:\Program Files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire Demo" "C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe:*:Enabled:FileZilla Server Interface" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword" "C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game" "C:\Program Files\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe"="C:\Documents and Settings\Babel\Local Settings\Temp\Blizzard Launcher Temporary - bbbb3828\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\GUILD WARS\Gw.exe"="C:\Program Files\GUILD WARS\Gw.exe:*:Enabled:Gw" "C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{067fa21a-147e-11de-b63b-001d9204db8e}] shell\AutoRun\command - G:\start.exe shell\FramaKey\command - G:\start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{576c6175-6f5e-11dd-b53c-001d9204db8e}] shell\AutoRun\command - L:\umenu.exe ======List of files/folders created in the last 3 months====== 2009-09-20 11:07:28 ----A---- C:\lopR.txt 2009-09-20 11:06:42 ----D---- C:\Lop SD 2009-09-19 22:33:12 ----SHD---- C:\Config.Msi 2009-09-19 13:22:50 ----D---- C:\Program Files\CCleaner 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\java.exe 2009-09-19 13:07:16 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-09-18 20:13:37 ----D---- C:\_OTM 2009-09-18 15:43:37 ----D---- C:\rsit 2009-09-12 14:55:08 ----A---- C:\WINDOWS\system32\vuins32.dll 2009-09-12 14:17:30 ----D---- C:\Program Files\NVIDIA Corporation 2009-09-12 14:17:25 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation 2009-09-12 14:06:59 ----A---- C:\WINDOWS\system32\vusetup.dll 2009-09-12 13:57:53 ----D---- C:\Program Files\ma-config.com 2009-09-12 13:57:53 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-09-10 07:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-09-10 07:33:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-09-07 06:43:17 ----D---- C:\spoolerlogs 2009-09-06 20:59:54 ----D---- C:\Program Files\Avira 2009-09-06 20:59:54 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-09-06 20:42:01 ----D---- C:\Documents and Settings\Babel\Application Data\Malwarebytes 2009-09-06 20:41:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-09-06 20:41:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmn6.dll 2009-08-30 08:21:21 ----A---- C:\WINDOWS\system32\dopdfmi6.dll 2009-08-30 08:21:20 ----D---- C:\Program Files\Softland 2009-08-28 04:08:16 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-18 21:13:28 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited 2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcpluir.dll 2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcplui.exe 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszht.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrszhc.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrstr.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsth.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssv.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssl.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrssk.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsru.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsptb.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspt.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrspl.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsno.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsnl.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsko.dll 2009-08-17 03:04:14 ----A---- C:\WINDOWS\system32\nvrsja.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsit.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshu.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrshe.dll 2009-08-17 03:04:12 ----A---- C:\WINDOWS\system32\nvrsfr.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsfi.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsesm.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrses.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrseng.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsel.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsde.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrsda.dll 2009-08-17 03:04:10 ----A---- C:\WINDOWS\system32\nvrscs.dll 2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvwddi.dll 2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvrsar.dll 2009-08-17 03:03:50 ----A---- C:\WINDOWS\system32\nvwssr.dll 2009-08-17 03:03:44 ----A---- C:\WINDOWS\system32\nvwss.dll 2009-08-17 03:03:40 ----A---- C:\WINDOWS\system32\nvvitvsr.dll 2009-08-17 03:03:38 ----A---- C:\WINDOWS\system32\nvvitvs.dll 2009-08-17 03:03:32 ----A---- C:\WINDOWS\system32\nvmoblsr.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmobls.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccssr.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccss.dll 2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvgamesr.dll 2009-08-17 03:03:22 ----A---- C:\WINDOWS\system32\nvgames.dll 2009-08-17 03:03:18 ----A---- C:\WINDOWS\system32\nvdispsr.dll 2009-08-17 03:03:02 ----A---- C:\WINDOWS\system32\nvdisps.dll 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvmctray.dll 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcpl.dll 2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcolor.exe 2009-08-17 03:02:52 ----A---- C:\WINDOWS\system32\nvmccs.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll 2009-08-14 13:36:18 ----A---- C:\WINDOWS\system32\PhysXLoader.dll 2009-08-13 14:35:34 ----D---- C:\Warhammer Online - Age of Reckoning 2009-08-13 14:35:17 ----D---- C:\Program Files\Fichiers communs\SWF Studio 2009-08-13 14:35:16 ----SHD---- C:\Documents and Settings\Babel\Application Data\.# 2009-08-13 14:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-13 14:11:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-13 14:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-13 14:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-13 14:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-13 14:10:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-13 14:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-13 14:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$ 2009-08-13 14:08:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-11 20:00:32 ----D---- C:\WINDOWS\system32\appmgmt 2009-08-11 19:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-10 07:30:36 ----D---- C:\WINDOWS\SxsCaPendDel 2009-08-04 23:13:46 ----D---- C:\Program Files\The KMPlayer FR 2009-08-04 23:05:16 ----D---- C:\Documents and Settings\Babel\Application Data\Media Player Classic 2009-08-04 23:04:30 ----A---- C:\WINDOWS\system32\unrar.dll 2009-08-04 23:04:30 ----A---- C:\WINDOWS\avisplitter.ini 2009-08-04 23:04:29 ----A---- C:\WINDOWS\system32\yv12vfw.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidvfw.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\xvidcore.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\qt-dx331.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\dpl100.dll 2009-08-04 23:04:28 ----A---- C:\WINDOWS\system32\divx.dll 2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-08-04 23:04:27 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-08-04 23:04:25 ----D---- C:\Program Files\K-Lite Codec Pack 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXDevice.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCplUI.exe 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\PhysXCompatCplUI.exe 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelTraditionalChinese.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSwedish.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSpanish.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelSimplifiedChinese.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelPortugese.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelKorean.dll 2009-08-03 00:21:54 ----A---- C:\WINDOWS\system32\AgCPanelJapanese.dll 2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelGerman.dll 2009-08-03 00:21:52 ----A---- C:\WINDOWS\system32\AgCPanelFrench.dll 2009-07-25 15:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\SlySoft 2009-07-25 15:50:32 ----SH---- C:\WINDOWS\S96DCFBA0.tmp 2009-07-25 15:50:20 ----D---- C:\Program Files\SlySoft 2009-07-16 22:58:28 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$ 2009-07-16 22:58:22 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-07-16 22:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$ 2009-07-16 19:04:33 ----D---- C:\Program Files\Mars 2009-07-16 12:41:46 ----D---- C:\Documents and Settings\Babel\Application Data\ArcSoft 2009-07-16 12:39:12 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-07-16 12:35:40 ----D---- C:\WINDOWS\Setup533 2009-07-16 12:35:40 ----A---- C:\WINDOWS\system32\SP5X_32.DLL 2009-07-16 12:35:40 ----A---- C:\WINDOWS\ShowBmp.exe 2009-07-16 12:35:40 ----A---- C:\WINDOWS\Remove.ini 2009-07-16 12:35:40 ----A---- C:\WINDOWS\CA533A.INI 2009-07-16 12:35:40 ----A---- C:\WINDOWS\amcap533.exe 2009-07-16 12:33:33 ----A---- C:\WINDOWS\PCDLIB32.DLL 2009-07-16 12:33:31 ----D---- C:\Program Files\ArcSoft 2009-06-30 17:30:31 ----D---- C:\Documents and Settings\Babel\Application Data\PlayFirst 2009-06-30 17:30:31 ----D---- C:\Documents and Settings\All Users\Application Data\PlayFirst 2009-06-28 09:00:18 ----D---- C:\Program Files\DAEMON Tools Lite 2009-06-27 10:18:58 ----D---- C:\Documents and Settings\All Users\Application Data\FreshGames 2009-06-27 10:18:54 ----D---- C:\Documents and Settings\Babel\Application Data\Zylom 2009-06-27 10:00:12 ----D---- C:\Documents and Settings\All Users\Application Data\Zylom 2009-06-25 18:16:41 ----HDC---- C:\WINDOWS\$NtUninstallWudf01007$ 2009-06-25 18:12:47 ----D---- C:\Program Files\PC Connectivity Solution 2009-06-25 18:11:35 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$ 2009-06-24 18:03:23 ----D---- C:\WINDOWS\ie8updates 2009-06-24 18:02:28 ----D---- C:\WINDOWS\WBEM 2009-06-24 18:01:23 ----HDC---- C:\WINDOWS\ie8 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-06-23 18:51:21 ----N---- C:\WINDOWS\system32\px.dll ======List of files/folders modified in the last 3 months====== 2009-09-20 11:08:22 ----D---- C:\WINDOWS\Prefetch 2009-09-20 10:50:51 ----D---- C:\Program Files\Mozilla Firefox 2009-09-20 10:41:21 ----D---- C:\WINDOWS\Temp 2009-09-20 10:40:41 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-20 00:48:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-19 22:33:35 ----SHD---- C:\WINDOWS\Installer 2009-09-19 22:33:16 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-09-19 13:29:13 ----D---- C:\WINDOWS\pss 2009-09-19 13:22:50 ----RD---- C:\Program Files 2009-09-19 13:19:09 ----HD---- C:\Program Files\InstallShield Installation Information 2009-09-19 13:15:33 ----D---- C:\Program Files\Lavasoft 2009-09-19 13:15:22 ----D---- C:\WINDOWS\system32 2009-09-19 13:11:45 ----D---- C:\Program Files\Fichiers communs 2009-09-19 13:06:59 ----D---- C:\Program Files\Java 2009-09-19 10:36:04 ----D---- C:\Program Files\TOPCOM 2009-09-19 10:33:55 ----D---- C:\WINDOWS\repair 2009-09-19 10:31:50 ----HD---- C:\WINDOWS\inf 2009-09-19 10:31:50 ----D---- C:\WINDOWS\system32\drivers 2009-09-19 10:31:50 ----D---- C:\WINDOWS 2009-09-18 20:21:57 ----ASH---- C:\boot.ini 2009-09-18 20:21:57 ----A---- C:\WINDOWS\win.ini 2009-09-18 20:21:57 ----A---- C:\WINDOWS\system.ini 2009-09-17 18:57:28 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-17 06:50:42 ----SHD---- C:\RECYCLER 2009-09-17 06:43:21 ----A---- C:\WINDOWS\ntbtlog.txt 2009-09-13 23:28:51 ----D---- C:\Documents and Settings\Babel\Application Data\Skype 2009-09-12 15:30:02 ----D---- C:\WINDOWS\system32\CatRoot 2009-09-12 14:55:08 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-09-12 14:19:17 ----A---- C:\WINDOWS\system32\svchost.exe 2009-09-12 14:18:45 ----D---- C:\WINDOWS\Help 2009-09-12 14:18:13 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard 2009-09-12 14:18:01 ----D---- C:\Program Files\AGEIA Technologies 2009-09-12 14:16:38 ----D---- C:\NVIDIA 2009-09-10 19:41:42 ----D---- C:\Program Files\Microsoft Silverlight 2009-09-10 07:33:45 ----A---- C:\WINDOWS\imsins.BAK 2009-09-10 07:33:42 ----HD---- C:\WINDOWS\$hf_mig$ 2009-09-10 07:33:27 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2009-09-07 21:01:47 ----D---- C:\WINDOWS\WinSxS 2009-09-01 19:57:48 ----D---- C:\WINDOWS\Microsoft.NET 2009-08-18 21:13:15 ----D---- C:\Program Files\CDBurnerXP 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuda.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcodins.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcod.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvapi.dll 2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-08-13 14:10:26 ----D---- C:\Program Files\Outlook Express 2009-08-12 07:08:46 ----D---- C:\Downloads 2009-08-11 19:57:13 ----D---- C:\Program Files\TomTom HOME 2009-08-11 19:54:13 ----A---- C:\WINDOWS\SIERRA.INI 2009-08-11 19:52:10 ----D---- C:\Program Files\American Conquest - Fight Back 2009-08-11 19:51:26 ----D---- C:\Program Files\American Conquest 2009-08-11 12:35:08 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-08-10 19:06:07 ----RSD---- C:\WINDOWS\assembly 2009-08-10 07:34:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-08-10 07:31:38 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-10 07:31:35 ----D---- C:\WINDOWS\system32\en-us 2009-08-10 07:31:30 ----RSD---- C:\WINDOWS\Fonts 2009-08-10 07:29:21 ----D---- C:\Program Files\Internet Explorer 2009-08-05 11:00:38 ----A---- C:\WINDOWS\system32\mswebdvd.dll 2009-07-19 18:45:00 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-07-19 15:15:02 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-07-17 21:03:33 ----A---- C:\WINDOWS\system32\atl.dll 2009-07-16 19:04:35 ----D---- C:\Program Files\DIFX 2009-07-16 12:39:12 ----D---- C:\WINDOWS\system 2009-07-16 12:33:09 ----D---- C:\Program Files\Fichiers communs\InstallShield 2009-07-14 13:03:14 ----N---- C:\WINDOWS\system32\tzchange.exe 2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll 2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll 2009-07-04 19:47:11 ----D---- C:\WINDOWS\system32\DirectX 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\wininet.dll 2009-07-03 18:57:51 ----A---- C:\WINDOWS\system32\occache.dll 2009-07-03 18:57:50 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-07-03 18:57:46 ----N---- C:\WINDOWS\system32\jsproxy.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeedsbs.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\msfeeds.dll 2009-07-03 18:57:46 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-07-03 18:57:44 ----A---- C:\WINDOWS\system32\iepeers.dll 2009-07-03 18:57:41 ----N---- C:\WINDOWS\system32\iedkcs32.dll 2009-07-03 13:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe 2009-06-30 17:30:30 ----D---- C:\Documents and Settings\Babel\Application Data\Identities 2009-06-29 18:31:15 ----D---- C:\Documents and Settings\Babel\Application Data\DAEMON Tools Lite 2009-06-26 22:23:37 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2009-06-26 22:23:28 ----D---- C:\Program Files\Nokia 2009-06-25 18:18:11 ----D---- C:\Documents and Settings\Babel\Application Data\Nokia 2009-06-25 18:14:52 ----D---- C:\WINDOWS\security 2009-06-25 18:13:51 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-06-25 18:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2009-06-24 18:05:44 ----D---- C:\WINDOWS\system32\fr-fr 2009-06-24 18:02:21 ----D---- C:\WINDOWS\Media 2009-06-23 18:56:53 ----D---- C:\Program Files\Winamp 2009-06-23 18:51:14 ----A---- C:\WINDOWS\winamp.ini 2009-06-22 08:47:13 ----A---- C:\WINDOWS\system32\jscript.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2008-10-26 2915944] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-02-18 279712] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-02-16 25888] R2 usbhub;DSC Composite USB Device; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 fet5x86v;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2009-06-16 46592] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-02 9856] R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264] S2 Ca533av;Icatch(IV) Video Camera Device; C:\WINDOWS\System32\Drivers\Ca533av.sys [2002-10-21 515803] S3 ai4z6bj1;ai4z6bj1; C:\WINDOWS\system32\drivers\ai4z6bj1.sys [] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder Audio Edition\SysInfo.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2009-04-12 27136] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 RT73;Topcom Skyr@cer USB 4001g Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USBCamera;Icatch(IV) Still Camera Device; C:\WINDOWS\System32\Drivers\Bulk533.sys [2002-07-25 10986] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-18 311296] R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-04-15 71096] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-04-01 66872] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-12 14336] S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2008-10-26 304528] S2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 153376] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------
×
×
  • Créer...