Aller au contenu

jpdu

Membres
  • Compteur de contenus

    25
  • Inscription

  • Dernière visite

jpdu's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Bonjour En voulant dévirussé le DD du Pc d'un ami je me suis ramassé de mon coté une tripoté de truc sympa. Merci de votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:19, on 20/11/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\System Control Manager\MGSysCtrl.exe C:\Program Files\Lexmark S600 Series\lxedmon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Windows\System32\StikyNot.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\windows\system32\wbem\unsecapp.exe C:\Users\Dudu\Desktop\SystemExplorerPortable_306\SystemExplorer.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\rundll32.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\taskeng.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchFilterHost.exe C:\Users\Dudu\Downloads\HiJackThis.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dudu\AppData\Local\Google\Chrome\Application\chrome.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSI Global - Computer, Laptop, Notebook, Desktop, Mainboard, Graphics and more R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Hotmail, Messenger, Actualité, Sport, People, Femmes - MSN France R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Your Home Page Has Been Changed R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file) O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: iGraal BHO - {240373D3-4199-4F41-BB4D-15D5B830C82D} - C:\Program Files\iGraal\iGraalBHO.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: MegaIeHelperBHO - {77F4E711-789B-447F-9614-96759B2F83C6} - C:\Users\Dudu\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [lxedmon.exe] "C:\Program Files\Lexmark S600 Series\lxedmon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\Dudu\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [systemExplorerAutoStart] "C:\Users\Dudu\Desktop\SystemExplorerPortable_306\SystemExplorer.exe" /TRAY O4 - HKCU\..\Run: [PCSpeedUp] C:\Program Files\Accelerer PC\PCSpeedUp.lnk O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Capture Web Page - C:\Users\Dudu\AppData\Local\Megamedia\Megakey\CaptureWebPage.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fetch to Megaupload - C:\Users\Dudu\AppData\Local\Megamedia\Megakey\MegaUpload.htm O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm O8 - Extra context menu item: Lire des données EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: iGraal - {0FB6492F-7FED-4446-9863-992806E1C419} - C:\Program Files\iGraal\iGraalButton.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O10 - Unknown file in Winsock LSP: c:\programdata\megamedia\megakey\msadm.dll O13 - Gopher Prefix: O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - http://kitchenplanner.ikea.com/FR/Core/Player/2020PlayerAX_Win32.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3DE97929-2A8C-4AE0-94FA-3AFBB22B22E0}: NameServer = 80.118.196.41 O17 - HKLM\System\CS1\Services\Tcpip\..\{3DE97929-2A8C-4AE0-94FA-3AFBB22B22E0}: NameServer = 80.118.196.41 O17 - HKLM\System\CS2\Services\Tcpip\..\{3DE97929-2A8C-4AE0-94FA-3AFBB22B22E0}: NameServer = 80.118.196.41 O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxedCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxedserv.exe O23 - Service: lxed_device - - C:\windows\system32\lxedcoms.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Micro Star SCM - Micro-Star International Co., Ltd. - C:\Program Files\System Control Manager\MSIService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 14366 bytes
  2. Bonjour Je voudrais avoir vos lumières, j'ai une carte Socket AM2 M2NPV VM ASUS Est elle compatible avec le Processeur PHENOM X4 9650 Merci d'avance
  3. Merci Beaucoup et non c'est pas une blague et pourtant j'ai été sur le site de MSI mais ça a du m'enerver à force et je l'ai zappé. Bon Dimanche
  4. Bonsoir j'ai acheté en destockage une MSI P45D3 Platinum mais il n'y a pas la Notice d'utilisation. Pour installer les connexions boitier dur Si quelqu'un avait un scan Merci d'avance
  5. Bonjour Chrifleur J'ai réessayé de lancer diaghelp j'ai le même problème il m'indique bien 1 virus et je ne peux pas le forcer désolé.
  6. Je ne me serais pas permis de te reprocher quoi que ce soit il manquerait plus que ça ! Mais simplement je te relatais ce qu'Avast m'indiqu'ait à l'installation en + un Bagle ! Je n'ai pas vraiment osé continuer Merci encore Thu Sep 11 18:32:05 2008 EliBagle v11.70 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008) ---------------------------------------------- Lista de Acciones (por Acción Directa): Thu Sep 11 18:32:10 2008 EliBagle v11.70 ©2008 S.G.H. / Satinfo S.L. (Actualizado el 10 de Septiembre del 2008) ---------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\RECYCLER\S-1-5-21-1844237615-861567501-839522115-500\Dc3\WINDOWS\system32\drivers\HLDRRR.EXE.VIR --> Eliminado Bagle.dldr Nº Total de Directorios: 5861 Nº Total de Ficheros: 55810 Nº de Ficheros Analizados: 11449 Nº de Ficheros Infectados: 1 Nº de Ficheros Limpiados: 1
  7. Premièrement [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\lopR.txt: trouvé ! C:\Lop SD: trouvé ! C:\Qoobox: trouvé ! C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\Administrateur\Bureau\Combofix.txt: trouvé ! C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\LopSD.exe: trouvé ! C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\Gmer.zip: trouvé ! C:\WINDOWS\Gmer.exe: trouvé ! --------------------------------- -->- Suppression: C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe: supprimé ! C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\LopSD.exe: supprimé ! C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\Gmer.zip: supprimé ! C:\WINDOWS\Gmer.exe: supprimé ! C:\Combofix.txt: supprimé ! C:\lopR.txt: supprimé ! C:\Documents and Settings\Administrateur\Bureau\Combofix.txt: supprimé ! C:\Lop SD: supprimé ! C:\Qoobox: supprimé !
  8. C'était sur Any DVD, j'ai tout désinstallé tout mis à la poubelle et supprimé
  9. J'ai oublié de te dire que le fichier C:\WINDOWS\SDA9523E4.tmp a été mis en quarataine par Avast alors que faire de tous ces fichiers les garder en quarantaine ? Surtout que je crois que le ralentissement est toujours présent moins vraiment, j'ai bien envie de sauvegarder ce que je peu et reformater l'ensemble, mais les fichiers que j'ai sont ils sains ? Ce qui me chagrine c'est que l'installation de mon XP sous Dell n'avait pas été une sinécure et il est hors de question que je m'amuse à payer encore pour le service presto ! Bref on verra, après je verrai pour l'ordi de mon fils, car là avec son WOW ! pas question de formater il est trop fort (lol) Pas d'alertes et le Wifi à l'air de fonctionner je vais redémarrer
  10. Bonjour chrifleur J'ai réussi enfin a désinstaller Avast et le réinstaller et lancer la verif au démarrage il m'a trouvé 73 virus dont Beagle-AFX AAW AFX et Win32:trojan-gen que j'ai mis en quarantaine mais que je voudrai bien "virer" Sinon "Trinita" c'est le DVD original il fait parti d'un coffret qu'on m'a offert et je l'avais rippé car je fait parti d'un forum de cinéphiles. Poisson je l'ai virée c'était une image humoristique. Encore une fois un grand Merci Tourangeau
  11. ça y est j'ai réussi en entrant ton code et en renomant encore une fois le fichier, mais ça a fonctionné mais par contre c'est toujours aussi long. ComboFix 08-09-10.02 - Administrateur 2008-09-10 23:52:13.3 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2625 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\Combo2-Fix.exe Command switches used :: C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\SDA9523E4.tmp . . . . Echec de suppression . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))))))) . 2008-09-10 23:53 . 2008-09-10 23:53 0 --------- C:\WINDOWS\SDA9523E4.tmp 2008-09-10 23:47 . 2008-09-10 23:47 <REP> d-------- C:\Combo1-Fix 2008-09-10 23:13 . 2008-09-10 23:14 <REP> d-------- C:\Combo-Fix 2008-09-10 21:31 . 2008-09-10 21:31 <REP> d-------- C:\ComboFix- 2008-09-10 19:16 . 2008-09-10 19:17 <REP> d-------- C:\Lop SD 2008-09-09 21:00 . 2008-09-10 18:14 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-08 22:31 . 2008-09-08 22:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-09-08 19:39 . 2008-06-26 06:15 3,630,080 --a------ C:\WINDOWS\system32\drivers\NETw5x32.sys 2008-09-08 19:39 . 2008-04-18 16:09 2,756,608 --a------ C:\WINDOWS\system32\NETw5r32.dll 2008-09-08 19:39 . 2008-04-18 16:08 659,456 --a------ C:\WINDOWS\system32\NETw5c32.dll 2008-09-08 09:42 . 2008-09-08 09:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft 2008-09-08 09:35 . 2008-09-08 17:51 <REP> d-------- C:\Program Files\Glary Utilities 2008-09-07 21:33 . 2008-09-07 21:33 <REP> d-------- C:\TEMP\poisson 2008-09-07 16:17 . 2008-09-07 16:30 <REP> d-------- C:\TRINITA 2008-09-07 16:14 . 2008-09-07 16:14 <REP> d-------- C:\Program Files\DVD Shrink 2008-09-07 16:14 . 2008-09-07 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-09-07 14:16 . 2008-09-07 14:22 <REP> d-------- C:\Program Files\Capturino V2 2008-09-07 00:08 . 2008-09-07 00:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PCF-VLC 2008-09-03 23:04 . 2008-09-03 23:04 <REP> d-------- C:\Program Files\Lauyan 2008-09-03 09:47 . 2008-09-03 13:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla 2008-09-03 09:46 . 2008-09-03 09:46 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-09-03 09:30 . 2008-09-03 09:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\IrfanView 2008-09-02 23:49 . 2008-09-02 23:49 1,276,326 --a------ C:\WINDOWS\M I N I Cooper.exe 2008-09-02 23:49 . 2008-09-02 23:49 305,636 --a------ C:\WINDOWS\M I N I Cooper.scr 2008-09-02 23:49 . 2008-09-02 23:49 40,960 --a------ C:\WINDOWS\M I N I Cooper.dll 2008-09-02 23:49 . 2008-09-02 23:49 18,192 --a------ C:\WINDOWS\M I N I Cooper.dat 2008-09-01 18:14 . 2008-09-07 21:33 <REP> d-------- C:\TEMP 2008-09-01 16:10 . 2008-09-01 16:10 <REP> d-------- C:\Program Files\Camouflage 2008-09-01 16:10 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-08-27 10:23 . 2008-05-09 12:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll 2008-08-27 10:23 . 2008-05-09 12:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll 2008-08-27 10:23 . 2008-05-09 12:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll 2008-08-27 10:23 . 2008-05-09 12:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll 2008-08-27 10:23 . 2008-05-08 13:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe 2008-08-27 10:23 . 2008-05-09 10:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe 2008-08-27 10:23 . 2008-05-09 12:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll 2008-08-26 14:54 . 2004-08-04 02:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-26 14:53 . 2008-08-26 14:53 <REP> d-------- C:\WINDOWS\system32\xircom 2008-08-26 14:53 . 2008-08-26 14:53 <REP> d-------- C:\WINDOWS\system32\npp 2008-08-26 14:53 . 2008-08-26 14:53 <REP> d-------- C:\Program Files\microsoft frontpage 2008-08-26 14:44 . 2008-08-26 14:45 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-08-26 14:39 . 2008-08-26 14:45 <REP> d-------- C:\WINDOWS\EHome 2008-08-24 19:34 . 2008-08-24 19:34 <REP> d-------- C:\SNCF-HOR 2008-08-24 19:34 . 2008-08-24 19:34 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-08-24 19:34 . 2008-08-24 19:36 327 --a------ C:\WINDOWS\horinfgl.ini 2008-08-18 20:19 . 2008-08-18 20:19 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-08-18 20:19 . 2008-08-18 20:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1 2008-08-16 14:59 . 2008-09-07 22:40 <REP> d-------- C:\Program Files\SpeedFan 2008-08-16 14:59 . 2008-08-16 14:59 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-08-13 18:22 . 2008-08-13 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-08-13 18:22 . 2007-02-21 19:56 49,904 --a------ C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 2008-08-12 21:18 . 2008-07-07 22:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll 2008-08-12 21:18 . 2008-06-24 18:44 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll 2008-08-12 21:14 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 21:13 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-11 22:25 . 2008-08-11 22:25 <REP> d-------- C:\WINDOWS\Sun 2008-08-11 22:25 . 2008-08-11 22:31 <REP> d-------- C:\Program Files\SystemRequirementsLab 2008-08-11 22:25 . 2008-08-11 22:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab 2008-08-11 10:01 . 2008-08-11 10:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink 2008-08-11 10:00 . 2008-08-11 10:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-11 09:55 . 2008-08-11 09:56 <REP> d-------- C:\Program Files\CyberLink 2008-08-11 09:40 . 2008-08-11 09:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-08-11 09:08 . 2008-08-11 09:08 <REP> d-------- C:\CloneDVDTemp 2008-08-11 09:04 . 2008-08-11 09:04 <REP> d-------- C:\Program Files\Elaborate Bytes 2008-08-11 09:04 . 2008-08-11 09:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-08-11 09:03 . 2008-08-11 09:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-08-11 09:02 . 2008-08-11 09:02 <REP> d-------- C:\Program Files\SlySoft 2008-08-10 13:36 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll 2008-08-10 13:36 . 2008-08-10 13:36 50 --a------ C:\WINDOWS\system32\bridf06a.dat 2008-08-10 12:25 . 2003-11-08 02:56 278,528 --a------ C:\WINDOWS\system32\hpdj5100 2008-08-10 11:59 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-08-10 11:59 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-08-10 11:59 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-08-10 11:59 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2008-08-10 11:42 . 2008-08-10 11:42 <REP> d-------- C:\Program Files\HP 2008-08-10 11:42 . 2008-08-14 17:15 <REP> d-------- C:\Program Files\Hewlett-Packard 2008-08-10 11:38 . 2008-08-14 16:59 253,532 --a------ C:\WINDOWS\hpdj5100.hi2 2008-08-10 11:38 . 2008-08-14 16:59 10,592 --a------ C:\WINDOWS\hpdj5100.bu2 2008-08-10 11:23 . 2008-08-14 17:00 10,244 --a------ C:\WINDOWS\hpdj5100.hi1 2008-08-10 11:23 . 2008-08-14 17:00 1,984 --a------ C:\WINDOWS\hpdj5100.bu1 2008-08-10 11:22 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-10 11:20 . 2008-08-14 18:54 521,088 --a------ C:\WINDOWS\hpdj5100.his 2008-08-10 11:20 . 2008-08-14 18:54 10,706 --a------ C:\WINDOWS\hpdj5100.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-09 16:54 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-09-08 16:20 --------- d-----w C:\Program Files\Windows Live 2008-09-07 21:14 --------- d-----w C:\Program Files\eMule 2008-08-27 17:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus 2008-08-26 13:40 --------- d-----w C:\Program Files\Dell 2008-08-24 17:34 1,409 ----a-w C:\WINDOWS\Fonts\SncfPre.fot 2008-08-24 17:34 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot 2008-08-13 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-12 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-10 11:36 --------- d-----w C:\Program Files\Brother 2008-08-03 08:02 --------- d-----w C:\Program Files\Sun 2008-08-03 08:02 --------- d-----w C:\Program Files\Java 2008-08-03 08:01 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-07-31 12:06 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-07-31 12:06 --------- d-----w C:\Program Files\Windows Live Favorites 2008-07-31 12:06 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-07-31 12:04 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-07-31 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-07-28 20:17 --------- d-----w C:\Program Files\X'nStop 2.5 2008-07-28 15:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Participatory Culture Foundation 2008-07-27 15:29 --------- d-----w C:\Program Files\Participatory Culture Foundation 2008-07-24 08:46 --------- d-----w C:\Program Files\Kibisoft 2008-07-24 08:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\kibisoft 2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-07-14 15:53 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-07-13 18:48 --------- d-----w C:\Program Files\Azureus 2008-07-13 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Global Software Publishing 2008-07-13 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-07-12 17:32 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search 2008-07-12 17:31 --------- d-----w C:\Program Files\Windows Desktop Search 2008-07-10 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-07-10 16:27 --------- d-----w C:\Program Files\jeux 2008-07-10 16:19 --------- d-----w C:\Program Files\Yahoo! 2008-07-10 16:19 --------- d-----w C:\Program Files\CCleaner . ((((((((((((((((((((((((((((( snapshot@2008-09-10_18.33.37.14 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-09 19:07:28 62,702 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-10 16:36:48 62,702 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-09-09 19:07:28 84,354 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-09-10 16:36:48 84,354 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-09-09 19:07:28 402,434 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-10 16:36:48 402,434 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-09-09 19:07:28 492,168 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-10 16:36:48 492,168 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-10 21:53:56 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_1dc.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2005-02-11 831496] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "Google Update"="C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 36864] "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089] "TransBar"="C:\Windows\System32\TransBar.exe" [2001-08-28 65536] "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200] "TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2006-11-06 195584] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 8495104] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 81920] "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 36864] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 159744] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2006-06-29 77824] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "X'nStop"="C:\Program Files\X'nStop 2.5\Extinction.exe" [2006-01-20 755712] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "nwiz"="nwiz.exe" [2007-11-17 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-11-17 C:\WINDOWS\system32\nvhotkey.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-13 138240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "47913:TCP"= 47913:TCP:emule "4590:UDP"= 4590:UDP:emule R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080] R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-08 141376] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-07-18 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b787b6-75a0-11dd-9c0e-001cbf8695b1}] \Shell\AutoRun\command - F:\nideiect.com \Shell\explore\Command - F:\nideiect.com \Shell\open\Command - F:\nideiect.com . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - Toolbar-ITBarLayout - (no file) Toolbar-ITBarLayout - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 23:54:18 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RGIE.tmp Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\topdesk.dll -> C:\Windows\System32\VttHooks.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\ApntEx.exe C:\Program Files\DellTPad\hidfind.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\stacsv.exe C:\WINDOWS\system32\searchindexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\searchfilterhost.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-10 23:59:19 - machine was rebooted [Administrateur] ComboFix-quarantined-files.txt 2008-09-10 21:59:12 ComboFix2.txt 2008-09-10 21:43:41 ComboFix3.txt 2008-09-10 16:39:05 Pre-Run: 108,130,422,784 octets libres Post-Run: 108,117,852,160 octets libres 297 --- E O F --- 2008-08-27 09:26:43
  12. Voilà après des tas de ralentissements et autre ! je me suis amusé ! a renommer combofix et ça a marché ! ComboFix 08-09-10.02 - Administrateur 2008-09-10 23:41:02.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2476 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Mes documents\Téléchargements\Combo1-Fix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))))))) . 2008-09-10 23:13 . 2008-09-10 23:14 <REP> d-------- C:\Combo-Fix 2008-09-10 21:31 . 2008-09-10 21:31 <REP> d-------- C:\ComboFix- 2008-09-10 19:16 . 2008-09-10 19:17 <REP> d-------- C:\Lop SD 2008-09-09 21:00 . 2008-09-10 18:14 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-08 22:31 . 2008-09-08 22:31 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-09-08 19:39 . 2008-06-26 06:15 3,630,080 --a------ C:\WINDOWS\system32\drivers\NETw5x32.sys 2008-09-08 19:39 . 2008-04-18 16:09 2,756,608 --a------ C:\WINDOWS\system32\NETw5r32.dll 2008-09-08 19:39 . 2008-04-18 16:08 659,456 --a------ C:\WINDOWS\system32\NETw5c32.dll 2008-09-08 09:42 . 2008-09-08 09:42 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GlarySoft 2008-09-08 09:35 . 2008-09-08 17:51 <REP> d-------- C:\Program Files\Glary Utilities 2008-09-07 21:33 . 2008-09-07 21:33 <REP> d-------- C:\TEMP\poisson 2008-09-07 16:17 . 2008-09-07 16:30 <REP> d-------- C:\TRINITA 2008-09-07 16:14 . 2008-09-07 16:14 <REP> d-------- C:\Program Files\DVD Shrink 2008-09-07 16:14 . 2008-09-07 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-09-07 14:16 . 2008-09-07 14:22 <REP> d-------- C:\Program Files\Capturino V2 2008-09-07 00:08 . 2008-09-07 00:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\PCF-VLC 2008-09-03 23:04 . 2008-09-03 23:04 <REP> d-------- C:\Program Files\Lauyan 2008-09-03 09:47 . 2008-09-03 13:34 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\FileZilla 2008-09-03 09:46 . 2008-09-03 09:46 <REP> d-------- C:\Program Files\FileZilla FTP Client 2008-09-03 09:30 . 2008-09-03 09:30 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\IrfanView 2008-09-02 23:49 . 2008-09-02 23:49 1,276,326 --a------ C:\WINDOWS\M I N I Cooper.exe 2008-09-02 23:49 . 2008-09-02 23:49 305,636 --a------ C:\WINDOWS\M I N I Cooper.scr 2008-09-02 23:49 . 2008-09-02 23:49 40,960 --a------ C:\WINDOWS\M I N I Cooper.dll 2008-09-02 23:49 . 2008-09-02 23:49 18,192 --a------ C:\WINDOWS\M I N I Cooper.dat 2008-09-01 18:14 . 2008-09-07 21:33 <REP> d-------- C:\TEMP 2008-09-01 16:10 . 2008-09-01 16:10 <REP> d-------- C:\Program Files\Camouflage 2008-09-01 16:10 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-08-27 10:23 . 2008-05-09 12:55 512,000 -----c--- C:\WINDOWS\system32\dllcache\jscript.dll 2008-08-27 10:23 . 2008-05-09 12:55 430,080 -----c--- C:\WINDOWS\system32\dllcache\vbscript.dll 2008-08-27 10:23 . 2008-05-09 12:55 180,224 -----c--- C:\WINDOWS\system32\dllcache\scrobj.dll 2008-08-27 10:23 . 2008-05-09 12:55 172,032 -----c--- C:\WINDOWS\system32\dllcache\scrrun.dll 2008-08-27 10:23 . 2008-05-08 13:24 155,648 -----c--- C:\WINDOWS\system32\dllcache\wscript.exe 2008-08-27 10:23 . 2008-05-09 10:45 135,168 -----c--- C:\WINDOWS\system32\dllcache\cscript.exe 2008-08-27 10:23 . 2008-05-09 12:55 90,112 -----c--- C:\WINDOWS\system32\dllcache\wshext.dll 2008-08-26 14:54 . 2004-08-04 02:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-26 14:53 . 2008-08-26 14:53 <REP> d-------- C:\WINDOWS\system32\xircom 2008-08-26 14:53 . 2008-08-26 14:53 <REP> d-------- C:\WINDOWS\system32\npp 2008-08-26 14:53 . 2008-08-26 14:53 <REP> d-------- C:\Program Files\microsoft frontpage 2008-08-26 14:44 . 2008-08-26 14:45 <REP> d-------- C:\WINDOWS\ServicePackFiles 2008-08-26 14:39 . 2008-08-26 14:45 <REP> d-------- C:\WINDOWS\EHome 2008-08-24 19:34 . 2008-08-24 19:34 <REP> d-------- C:\SNCF-HOR 2008-08-24 19:34 . 2008-08-24 19:34 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS 2008-08-24 19:34 . 2008-08-24 19:36 327 --a------ C:\WINDOWS\horinfgl.ini 2008-08-18 20:19 . 2008-08-18 20:19 <REP> d-------- C:\Program Files\Fichiers communs\Adobe AIR 2008-08-18 20:19 . 2008-08-18 20:19 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\com.adobe.example.widget-programmes.40247E01796E652D304FB5752B197AB47987A585.1 2008-08-16 14:59 . 2008-09-07 22:40 <REP> d-------- C:\Program Files\SpeedFan 2008-08-16 14:59 . 2008-08-16 14:59 45 --a------ C:\WINDOWS\system32\initdebug.nfo 2008-08-13 18:22 . 2008-08-13 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software 2008-08-13 18:22 . 2007-02-21 19:56 49,904 --a------ C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 2008-08-12 21:18 . 2008-07-07 22:28 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll 2008-08-12 21:18 . 2008-06-24 18:44 74,240 -----c--- C:\WINDOWS\system32\dllcache\mscms.dll 2008-08-12 21:14 . 2008-05-01 16:36 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-12 21:13 . 2008-04-11 21:05 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-11 22:25 . 2008-08-11 22:25 <REP> d-------- C:\WINDOWS\Sun 2008-08-11 22:25 . 2008-08-11 22:31 <REP> d-------- C:\Program Files\SystemRequirementsLab 2008-08-11 22:25 . 2008-08-11 22:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SystemRequirementsLab 2008-08-11 10:01 . 2008-08-11 10:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\CyberLink 2008-08-11 10:00 . 2008-08-11 10:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink 2008-08-11 09:55 . 2008-08-11 09:56 <REP> d-------- C:\Program Files\CyberLink 2008-08-11 09:40 . 2008-08-11 09:40 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-08-11 09:08 . 2008-08-11 09:08 <REP> d-------- C:\CloneDVDTemp 2008-08-11 09:04 . 2008-08-11 09:04 <REP> d-------- C:\Program Files\Elaborate Bytes 2008-08-11 09:04 . 2008-08-11 09:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-08-11 09:03 . 2008-08-11 09:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft 2008-08-11 09:02 . 2008-08-11 09:02 <REP> d-------- C:\Program Files\SlySoft 2008-08-11 09:02 . 2008-08-11 09:04 72 ---hs---- C:\WINDOWS\SDA9523E4.tmp 2008-08-10 13:36 . 2006-02-24 17:27 1,492,480 --a------ C:\WINDOWS\system32\BrWia06a.dll 2008-08-10 13:36 . 2008-08-10 13:36 50 --a------ C:\WINDOWS\system32\bridf06a.dat 2008-08-10 12:25 . 2003-11-08 02:56 278,528 --a------ C:\WINDOWS\system32\hpdj5100 2008-08-10 11:59 . 2003-09-24 09:43 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-08-10 11:59 . 2003-09-24 09:43 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-08-10 11:59 . 2003-09-24 09:43 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-08-10 11:59 . 2003-09-24 09:44 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2008-08-10 11:42 . 2008-08-10 11:42 <REP> d-------- C:\Program Files\HP 2008-08-10 11:42 . 2008-08-14 17:15 <REP> d-------- C:\Program Files\Hewlett-Packard 2008-08-10 11:38 . 2008-08-14 16:59 253,532 --a------ C:\WINDOWS\hpdj5100.hi2 2008-08-10 11:38 . 2008-08-14 16:59 10,592 --a------ C:\WINDOWS\hpdj5100.bu2 2008-08-10 11:23 . 2008-08-14 17:00 10,244 --a------ C:\WINDOWS\hpdj5100.hi1 2008-08-10 11:23 . 2008-08-14 17:00 1,984 --a------ C:\WINDOWS\hpdj5100.bu1 2008-08-10 11:22 . 2008-04-13 11:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-08-10 11:20 . 2008-08-14 18:54 521,088 --a------ C:\WINDOWS\hpdj5100.his 2008-08-10 11:20 . 2008-08-14 18:54 10,706 --a------ C:\WINDOWS\hpdj5100.ini . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-09 16:54 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-09-08 16:20 --------- d-----w C:\Program Files\Windows Live 2008-09-07 21:14 --------- d-----w C:\Program Files\eMule 2008-08-27 17:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus 2008-08-26 13:40 --------- d-----w C:\Program Files\Dell 2008-08-24 17:34 1,409 ----a-w C:\WINDOWS\Fonts\SncfPre.fot 2008-08-24 17:34 1,409 ----a-w C:\WINDOWS\Fonts\sncf09.fot 2008-08-13 16:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-12 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-10 11:36 --------- d-----w C:\Program Files\Brother 2008-08-03 08:02 --------- d-----w C:\Program Files\Sun 2008-08-03 08:02 --------- d-----w C:\Program Files\Java 2008-08-03 08:01 --------- d-----w C:\Program Files\Fichiers communs\Java 2008-07-31 12:06 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-07-31 12:06 --------- d-----w C:\Program Files\Windows Live Favorites 2008-07-31 12:06 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition 2008-07-31 12:04 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-07-31 11:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-07-28 20:17 --------- d-----w C:\Program Files\X'nStop 2.5 2008-07-28 15:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Participatory Culture Foundation 2008-07-27 15:29 --------- d-----w C:\Program Files\Participatory Culture Foundation 2008-07-24 08:46 --------- d-----w C:\Program Files\Kibisoft 2008-07-24 08:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\kibisoft 2008-07-18 18:39 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR 2008-07-14 15:53 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-07-13 18:48 --------- d-----w C:\Program Files\Azureus 2008-07-13 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Global Software Publishing 2008-07-13 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-07-12 17:32 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search 2008-07-12 17:31 --------- d-----w C:\Program Files\Windows Desktop Search 2008-07-10 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-07-10 16:27 --------- d-----w C:\Program Files\jeux 2008-07-10 16:19 --------- d-----w C:\Program Files\Yahoo! 2008-07-10 16:19 --------- d-----w C:\Program Files\CCleaner 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-10_18.33.37.14 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-09 19:07:28 62,702 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-09-10 16:36:48 62,702 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-09-09 19:07:28 84,354 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-09-10 16:36:48 84,354 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-09-09 19:07:28 402,434 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-09-10 16:36:48 402,434 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-09-09 19:07:28 492,168 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-10 16:36:48 492,168 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-09-10 21:26:17 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_188.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2005-02-11 831496] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "Google Update"="C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 180224] "VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2004-08-28 36864] "Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 121089] "TransBar"="C:\Windows\System32\TransBar.exe" [2001-08-28 65536] "Styler"="C:\Program Files\styler\Styler.exe" [2006-05-03 307200] "TopDesk"="C:\WINDOWS\system32\topdesk.exe" [2006-11-06 195584] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456] "DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 8495104] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 81920] "OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-10 36864] "dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384] "DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544] "Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2007-07-02 159744] "ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2006-06-29 77824] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "X'nStop"="C:\Program Files\X'nStop 2.5\Extinction.exe" [2006-01-20 755712] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592] "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "nwiz"="nwiz.exe" [2007-11-17 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2007-11-17 C:\WINDOWS\system32\nvhotkey.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2008-04-13 138240] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176] Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Azureus\\Azureus.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "47913:TCP"= 47913:TCP:emule "4590:UDP"= 4590:UDP:emule R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 NETw5x32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-06-26 3630080] R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;C:\WINDOWS\system32\Drivers\OEM02Afx.sys [2007-06-08 141376] R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-07-18 235520] R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b787b6-75a0-11dd-9c0e-001cbf8695b1}] \Shell\AutoRun\command - F:\nideiect.com \Shell\explore\Command - F:\nideiect.com \Shell\open\Command - F:\nideiect.com . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . - - - - ORPHANS REMOVED - - - - Toolbar-ITBarLayout - (no file) Toolbar-ITBarLayout - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\1rjgl1yi.default\ FF -: plugin - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-10 23:42:41 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\topdesk.dll -> C:\Windows\System32\VttHooks.dll . Temps d'accomplissement: 2008-09-10 23:43:40 ComboFix-quarantined-files.txt 2008-09-10 21:43:25 ComboFix2.txt 2008-09-10 16:39:05 Pre-Run: 108,165,345,280 octets libres Post-Run: 108,152,205,312 octets libres 273 --- E O F --- 2008-08-27 09:26:43
  13. J'ai you cannot rename Combofix as combofix- Please use another name, preferbaly made up of alphanumeric characters. Et donc je ne peux pas relancer Combofix
×
×
  • Créer...