Aller au contenu

MCFIVE

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    424

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

Tout ce qui a été posté par MCFIVE

  1. MCFIVE
    SALUT TICLOU, c'est 1 problème que j ai rencontré rapidement qques semaines après l achat... c-à- tout blanchissait et re re re..galère; Quelqu'un avait tout désinstallé et reinstallé et les choses s'étaient améliorées mais sont revenues t (jrs avec le même message :explorateur windows ne fonctionnait +); Le problème est " moindre" mais s'affirme au fur et à mesure. Je suis allé faire 1 tour comme tu me l'as conseillé, mon modèle apparait à droite à gauche Mais pas franchement sur site "packardmerlde" (parceque j'en ai 2 et c'est galère). Si tu sèches ma chère Ticlou....dois je prendre ce Pc , ouvrir la fenêtre ou viser la benne ordure et en faire cadeau à mon pire ennemi ? ce qui peut défouler Cordialement
  2. MCFIVE
    BONSOIR, j'ai interrogé google et voici ce qui semblerait être mon PC :Fiche technique Packard Bell iMedia X9651 Intel Core 2 Quad Nom Packard Bell iMedia X9651 Intel Core 2 Quad Description Intel Core 2 Quad, 2.4 GHz, 2048 MB, 500 GB VGA (D-Sub) 1 Carte réseau Oui Ports USB 6 Lecteur de cartes mémoire 8-in-1 j'espère que ça ira FireWire Yes Haut-parleurs Connecteurs DVI 1 Taille écran Carte son Integrated ALC 888 7.1 Channel Ecran Vendu séparément Graveur DVD double couche Oui Lecteur optique 2 Aucun Lecteur optique 1 DVD-RW/CD-RW Capacité du disque dur 500.0 Go Carte graphique nVidia GeForce 8600 GS 512MB HDCP Mémoire interne (RAM) 2048 Mo Vitesse du processeur 2.4 GHz Processeur Intel Core 2 Quad Multi-GPU No Format du boitier Tour Configuration Preconfiguré Prêt pour Windows Vista Oui (Vista Premium) Type PC Page web du produit Français Autres composants Logicels fournis Disney PC Ratatouille Game Divers One Year Warranty Système d'exploitation Windows Vista Home Premium Souris et clavier inclus Oui Avis Packard Bell iMedia X9651 Intel Core 2 Quad
  3. MCFIVE
    bonsoir Ticlou, je suis bien embêté, je pense que c'est IMEDIAX9651 FUB COH26 ACHAT LECLERC 20 JANV 2008 EST6CE QUE CELA CONVIENDRAIT.....?
  4. MCFIVE
    bon, si cela peut suffire ds 1 premier temps c'est déjà ça ...j'ai pris ( ce qui suit) sur 1 étiquette blanche située derrière le pc : Model/Type ref : UTOW-SFR S/N : 101239610371 P/N : PB80X14802 était cela la ref PC?
  5. MCFIVE
    Hello, me revoici. le café heureusement était bon....mais arrivé à la fin L AFFICHAge n'est resté qu'1 seconde et c'est effacé ; je n'ai eu le temps de voir que disque NTS OU NTFS : 0 T O U T ce qui précédait indiquait :CHKDSK vérifié traités !
  6. MCFIVE
    salut , du coup , je relance la vérif parceque je n'ai rien vu. Mais c'est long amicalement à plus tard 0 PLUS TARD
  7. MCFIVE
    j ai eu deux nouvelles coupures electrique ce qui ne facilite pas l avancée de la vérification recommencée d'autant... la vérification est faite, mais, comment le résultat se récupère t-il ?
  8. MCFIVE
    on subit des délestages d'électricité donc des coupures electriques depuis 1 moi et plusieurs dois par soir. pas terrible pour le PC....donc voici pour MBAM : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4588 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 17/12/2010 19:35:48 mbam-log-2010-12-17 (19-35-48).txt Type d'examen: Examen complet (C:\|D:\|E:\|F:\|J:\|) Elément(s) analysé(s): 361307 Temps écoulé: 1 heure(s), 33 minute(s), 59 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  9. MCFIVE
    Bonjour Ticlou, J'ai dû m'absenter sans pouvoir finaliser la résolution de ce problème ...inchangé; pas de miracle! Pratique ton truc , alors voici : - Ordinateur Système d'exploitation Windows 7 Ultimate Professional Carte mère Type de processeur Unknown, 2400 MHz Nom de la carte mère Inconnu Chipset de la carte mère Inconnu Ordinateur Système d'exploitation Windows 7 Ultimate Professional Service Pack du système Aucun Internet Explorer 8.0.7600.16385 Nom du système MICHEL-PC Nom d'utilisateur Michel Domaine de connexion Michel-PC Carte mère Type de processeur Unknown, 2400 MHz Nom de la carte mère Inconnu Chipset de la carte mère Inconnu Mémoire système 3008 Mo Type de BIOS Award (11/19/07) Phoenix technologies ltd
  10. MCFIVE
    QUE DOIS-JE faire et où aller pour trouver tous ces indices dans le pc: -nom du constructeur de la carte graphique ? température du PC ?? svp
  11. MCFIVE
  12. MCFIVE
    tout cela cela est bien sympathique , mais que dois-je en penser ? j'y connais rien parceque où "ça que ça c'est" mettre à jour la carte graphique : comment on fait ? j ai efface "- BHO: ReducBarreHelper - {357ADA38-B41F-4432-9F10-5638FA4A75AD} - C:\Program Files\ReducBarre\ReducBarre.dll => ReducBarre Toolbar" j'ai dépoussiéré ....et " rien de neuf docteur!"
  13. MCFIVE
    MERCI TICLOU POUR TA Réponse; MBAM : rien trouvé voici hijackthis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:52:51, on 14/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\vVX6000.exe C:\Program Files\HomePlayer\HomePlayer.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Software Informer\softinfo.exe C:\Windows\system32\taskhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\prevhost.exe C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe C:\Users\Michel\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ReducBarreHelper - {357ADA38-B41F-4432-9F10-5638FA4A75AD} - C:\Program Files\ReducBarre\ReducBarre.dll O2 - BHO: Ziepod One-Click IE Helper - {57A30D1E-08B9-4EF4-B273-AAEA1C234A5B} - C:\Windows\system32\ZiepodOneClicker.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O3 - Toolbar: BuyObaB - {1660B308-BECB-4062-890D-396B2FBBC8CA} - C:\Program Files\ReducBarre\ReducBarre.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [HomePlayer] C:\Program Files\HomePlayer\HomePlayer.exe -autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Michel\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @C:\Program Files\NOS\bin\getPlus_Helper.dll,-101 (getPlusHelper) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 23035 bytes
  14. MCFIVE
    BONJOUR , Je vous souhaite de bonnes fêtes à venir.... pour commencer. Vous est-il possible de m'aider s'il vous-plait ? Voici l'histoire: J'ouvre le PC et au début c'est presque normal .. puis au fur et à mesure l'ordinateur réagit tardivement au clic souris puis avec 1 décalage, puis la frappe de caractère se produit 2,3 ... secondes plus tard , puis les changements de fenêtres se font de + en + lentement. A chaque situation "sa peine "l'ordinateur vrombit , souffre, jusqu'à sa ta^che effectuée sinon ...la page blanchit , va de pire en pire . Bref , toutes les manoeuvres deviennent impossibles jusqu'au blocage des fenêtres, souris etc...j'éteins le pc à la source ma configuration : PACKARD BELL windows 7 processeur : core2 quad CPU Q6600 , 2.4 Gh MEMOIRE 4 Go 32 BITS il semble pas que j'ai de virus merci bien;
  15. MCFIVE
    BONJOUR, je reviens très tardivement et j'espère finaliser ....si ... en tout état de cause je te remercie de ta patience; alors voici : ComboFix 10-03-17.07 - Michel 18/03/2010 13:48:10.2.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.622 [GMT 1:00] Lancé depuis: c:\documents and settings\Michel\Bureau\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2010-02-18 au 2010-03-18 )))))))))))))))))))))))))))))))))))) . 2010-03-09 21:18 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe 2010-03-08 10:47 . 2010-03-08 10:47 1925088 ----a-w- c:\documents and settings\Michel\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe 2010-02-18 12:42 . 2010-02-18 12:44 -------- d-----w- C:\tdsskiller . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-18 12:46 . 2009-04-06 13:07 -------- d-----w- c:\program files\DNA 2010-03-18 12:46 . 2009-04-06 13:07 -------- d-----w- c:\documents and settings\Michel\Application Data\DNA 2010-03-18 12:45 . 2009-12-15 14:58 -------- d-----w- c:\documents and settings\Michel\Application Data\uTorrent 2010-03-18 11:00 . 2009-02-07 16:32 -------- d-----w- c:\program files\dl_Cats 2010-03-18 01:33 . 2009-03-17 12:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater 2010-03-16 21:07 . 2009-03-02 11:18 -------- d-----w- c:\program files\adslTV 2010-03-10 02:03 . 2009-01-28 19:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2010-02-16 14:36 . 2010-02-16 14:36 13535884 ----a-w- c:\documents and settings\All Users.WINDOWS\SPL37E.tmp 2010-02-02 16:41 . 2010-02-02 16:41 -------- d-----w- c:\program files\QuickTime 2010-01-23 02:16 . 2009-09-13 11:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-08 16:06 . 2010-01-08 16:06 45880 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-05 09:56 . 2009-01-27 21:00 832512 ------w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2009-01-27 21:14 78336 ------w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2009-01-27 17:43 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2009-01-27 20:11 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 13:50 . 2009-01-27 17:46 81974 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-21 13:50 . 2009-01-27 17:46 503988 ----a-w- c:\windows\system32\perfh00C.dat 2009-01-27 06:53 . 2009-01-27 06:53 22115 ---ha-w- c:\program files\folder.htt 2008-04-13 18:33 . 2009-01-27 17:45 1384479 --sh--r- c:\windows\system32\msvbvm60.dll . ((((((((((((((((((((((((((((( SnapShot@2010-02-15_11.26.24 ))))))))))))))))))))))))))))))))))))))))) . - 2009-01-27 21:14 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe + 2009-01-27 21:14 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe + 2009-01-27 18:27 . 2008-07-08 13:03 18296 c:\windows\system32\spmsg.dll - 2009-01-27 18:27 . 2009-05-26 11:40 18296 c:\windows\system32\spmsg.dll + 2010-02-26 04:20 . 2010-02-26 04:20 22528 c:\windows\Installer\bee42a4.msi + 2009-01-28 19:59 . 2010-03-10 02:03 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe - 2009-01-28 19:59 . 2010-02-10 18:39 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe + 2009-01-28 19:59 . 2010-03-10 02:03 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2009-01-28 19:59 . 2010-02-10 18:39 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe - 2009-01-28 19:59 . 2010-02-10 18:39 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2009-01-28 19:59 . 2010-03-10 02:03 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe + 2009-01-28 19:59 . 2010-03-10 02:03 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2009-01-28 19:59 . 2010-02-10 18:39 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe - 2009-01-28 19:59 . 2010-02-10 18:39 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2009-01-28 19:59 . 2010-03-10 02:03 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe + 2009-01-28 19:59 . 2010-03-10 02:03 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2009-01-28 19:59 . 2010-02-10 18:39 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe - 2009-01-28 19:59 . 2010-02-10 18:39 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2009-01-28 19:59 . 2010-03-10 02:03 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe + 2009-01-28 19:59 . 2010-03-10 02:03 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe - 2009-01-28 19:59 . 2010-02-10 18:39 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe + 2009-01-28 19:59 . 2010-03-10 02:03 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe - 2009-01-28 19:59 . 2010-02-10 18:39 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe + 2010-02-04 16:24 . 2010-02-04 16:24 9122304 c:\windows\Installer\3b3e19d5.msp + 2010-02-21 00:00 . 2010-02-21 00:00 8480768 c:\windows\Installer\3b3e19c1.msp + 2010-02-03 23:59 . 2010-02-03 23:59 5031936 c:\windows\Installer\3b3e19ad.msp + 2009-01-28 19:59 . 2010-03-10 02:03 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe - 2009-01-28 19:59 . 2010-02-10 18:39 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe + 2009-01-28 19:59 . 2010-03-10 02:03 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe - 2009-01-28 19:59 . 2010-02-10 18:39 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe + 2009-01-27 20:09 . 2010-03-02 05:30 31648712 c:\windows\system32\MRT.exe + 2009-11-20 22:46 . 2009-11-20 22:46 11524608 c:\windows\Installer\3b3e19e9.msp + 2009-04-03 16:46 . 2009-04-03 16:46 17314688 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\MSO.DLL . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-08 323392] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-15 289584] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "ActivBoard"="c:\program files\ActivBoard\ABoard.exe" [2003-05-02 24576] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-09 198160] "ISUSPM Startup"="c:\progra~1\fichie~1\instal~1\update~1\isuspm.exe" [2004-04-17 196608] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 430080] c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\ forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2009-2-2 1687552] Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\dlcccoms.exe"= "c:\\Program Files\\adslTV\\adsltv.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Opera\\opera.exe"= R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 11:25 710144] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [02/10/2002 09:57 13532] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [27/01/2009 22:33 7040] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/01/2009 20:34 717296] S2 gupdate1c9a6f9ee0a74e0;Service Google Update (gupdate1c9a6f9ee0a74e0);c:\program files\Google\Update\GoogleUpdate.exe [17/03/2009 13:14 133104] S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [16/03/2009 16:03 1414528] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [02/02/2009 23:27 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [02/02/2009 23:27 18432] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864] S3 rk_remover;rk_remover;\??\c:\windows\system32\drivers\rk_remover.sys --> c:\windows\system32\drivers\rk_remover.sys [?] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - SJYPKT . Contenu du dossier 'Tâches planifiées' 2010-03-18 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-17 12:44] 2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 12:14] 2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 12:14] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wibeez.com/meteo IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB FF - ProfilePath - c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wibeez FF - prefs.js: browser.startup.homepage - hxxp://www.wibeez.com/meteo FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q= FF - component: c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(892) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2560) c:\windows\system32\eappprxy.dll . Heure de fin: 2010-03-18 13:52:48 ComboFix-quarantined-files.txt 2010-03-18 12:52 ComboFix2.txt 2010-02-15 11:30 Avant-CF: 131 953 491 968 octets libres Après-CF: 131 931 066 368 octets libres - - End Of File - - 304D63C3C4D99A609A1C31298B416114
  16. MCFIVE
    Ah! dans ce cas, j'ai des fichiers ouverts dans le décompresseur et je clique sur remover, et ce qui apparait ne me demande rien
  17. MCFIVE
    BONJOUR, Me revoici, désolé pour ces délais de réponse... alors voici : TDSS remover version 1.6.3.4 Copyright 2009 eSage Lab http://www.esagelab.com support@esagelab.com *** USAGE - close all running programs and save all unsaved data; - un-rar and run the tool (Administrator privileges required); - reboot if necessary; - let the tool scan the system for hidden objects; - tick malicious objects you want to remove (hint: if you are not sure which objects are malicious, use the context menu option 'Scan at VirusTotal.com'); - click the 'Delete selected' button; - allow immediate reboot. *** IMPORTANT: KNOWN FALSE POSITIVES Some legitimate applications prevent normal reading of their drivers. Such a behaviour may also be a sign of a rootkit. Thus, TDSS remover detects blocked files with the verdict 'No Access', though they may be legitimate files. Currently we are aware of the following false positives: - Daemon Tools and Alcohol 120%: sptd.sys. - Kaspersky Antivirus: fidbox*.*. - Avast! antivirus: aswBoot.exe, AvastSS.scr, aswFsBlk.sys, aswMonFlt.sys, aswRdr.sys, aswTdi.sys, aswSP.sys. - Symantec Antivirus: S32EVNT1.DLL, SymNeti.dll, SymRedir.dll, co_mon.cat, CO_Mon.inf, CO_Mon.sys, srtsp.cat, srtsp.inf, srtsp.sys, srtspl.cat, srtspl.inf, srtspl.sys, srtspx.cat, srtspx.inf, srtspx.sys, symdns.sys, SYMEVENT.CAT, SYMEVENT.INF, SYMEVENT.SYS, symfw.sys. symids.sys. SymIM.sys. symndis.sys. symndisv.sys, SymRedir.cat. SymRedir.inf, symredrv.sys. symtdi.sys. - Dr.Web antivirus: dwprot.sys. - Outpost: sandbox.sys, afw.sys. In most cases, if you get one of the listed FPs ('No Access' verdict only!) AND if you have the appropriate software installed, it's safe to leave the listed files. Howewer, checking all ambiguous files at www.virustotal.com is recommended, since a rootkit can mask under a legitimate software. Thus, !!! Use the 'Scan at VirusTotal.com' context menu option on ambiguous files. !!! *** TROUBLESHOOTING First, check comments to the following blog entry for a possible solution of your problem: http://blog.alisa.sh/2009/06/09/tdss-rootk...eaner/#comments. If the solution isn't there, contact us at support@esagelab.com. Please, DO ATTACH YOUR LOG FILE! (rk_remover_debug_log.txt). *** VERSION HISTORY 12.12.2009: version 1.6.3 - Added context menu option "Scan at VirusTotal.com" - Fixed some bugs 06.12.2009: version 1.6.2 - Improved the TDL3 disinfection - Added the capability to resize program window - Optimized scanning time 25.11.2009: version 1.6 - Added disinfection of the TDL3 rootkit - Added the option to save malicious objects to a custom folder - Added optional sending of statistics and infected files to our server. 30.07.2009: version 1.4 - Added Windows 7 support - Improved hidden files scanning - Fixed drives scanning error - Fixed some minor bugs. 08.06.2009: version 1.3.5.0 - Initial release.
  18. MCFIVE
    BONJOUR, oui : END USER LICENSE AGREEMENT Kaspersky Lab ZAO (the “Rightholder”) is an owner of all rights, whether exclusive or otherwise to the Software. By using the Software You consent to be bound by the terms and conditions of this agreement. The Rightholder hereby grants You a non-exclusive perpetual license to store, load, install, execute, and display (to “use”) the free of charge Software that will substantially perform according to the specifications and descriptions set forth on http://support.kaspersky.com/viruses. The Software should be used as an auxiliary tool for removing threats from Your computer as described on http://support.kaspersky.com/viruses. The Rightholder doesn’t guarantee complete removal of threats and fixing issues caused by these threats. No technical support for the Software is available. You shall not emulate, modify, decompile, or reverse engineer the Software or disassemble or create derivative works based on the Software or any portion thereof with the sole exception of a non-waivable right granted to You by applicable legislation. THE SOFTWARE IS PROVIDED "AS IS" AND THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY AS TO ITS USE OR PERFORMANCE. EXCEPT FOR ANY WARRANTY, CONDITION, REPRESENTATION OR TERM THE EXTENT TO WHICH CANNOT BE EXCLUDED OR LIMITED BY APPLICABLE LAW THE RIGHTHOLDER AND ITS PARTNERS MAKE NO WARRANTY, CONDITION, REPRESENTATION, OR TERM (EXPRESS OR IMPLIED, WHETHER BY STATUTE, COMMON LAW, CUSTOM, USAGE OR OTHERWISE) AS TO ANY MATTER INCLUDING, WITHOUT LIMITATION, NONINFRINGEMENT OF THIRD PARTY RIGHTS, MERCHANTABILITY, SATISFACTORY QUALITY, INTEGRATION, OR APPLICABILITY FOR A PARTICULAR PURPOSE. YOU ASSUME ALL FAULTS, AND THE ENTIRE RISK AS TO PERFORMANCE AND RESPONSIBILITY FOR SELECTING THE SOFTWARE TO ACHIEVE YOUR INTENDED RESULTS, AND FOR THE INSTALLATION OF, USE OF, AND RESULTS OBTAINED FROM THE SOFTWARE. WITHOUT LIMITING THE FOREGOING PROVISIONS, THE RIGHTHOLDER MAKES NO REPRESENTATION AND GIVES NO WARRANTY THAT THE SOFTWARE WILL BE ERROR-FREE OR FREE FROM INTERRUPTIONS OR OTHER FAILURES OR THAT THE SOFTWARE WILL MEET ANY OR ALL YOUR REQUIREMENTS WHETHER OR NOT DICLOSED TO THE RIGHTHOLDER. © 1997-2009 Kaspersky Lab ZAO. All Rights Reserved.
  19. MCFIVE
    BONJOUR, la page bloc-notes est vide ! ...je ne peux rien copier/coller..normal ou pas normal? merci
  20. MCFIVE
    bonjour, es espérant que j'ai pas zapper quelque chose ; GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-16 18:10:09 Windows 5.1.2600 Service Pack 3 Running: ub2le2qy.exe; Driver: C:\DOCUME~1\Michel\LOCALS~1\Temp\fwncrpod.sys ---- System - GMER 1.0.15 ---- SSDT 865548A0 ZwAssignProcessToJobObject SSDT spfy.sys ZwCreateKey [0xF73900E0] SSDT spfy.sys ZwEnumerateKey [0xF73AECA2] SSDT spfy.sys ZwEnumerateValueKey [0xF73AF030] SSDT spfy.sys ZwOpenKey [0xF73900C0] SSDT 86553CB0 ZwOpenProcess SSDT 865540D0 ZwOpenThread SSDT spfy.sys ZwQueryKey [0xF73AF108] SSDT spfy.sys ZwQueryValueKey [0xF73AEF88] SSDT spfy.sys ZwSetValueKey [0xF73AF19A] SSDT 865546D0 ZwSuspendProcess SSDT 865544F0 ZwSuspendThread SSDT 86553EE0 ZwTerminateProcess SSDT 86554310 ZwTerminateThread INT 0x62 ? 86F67BF8 INT 0x63 ? 86F67BF8 INT 0x63 ? 86F67BF8 INT 0x63 ? 86B41F00 INT 0x74 ? 86B41F00 INT 0x82 ? 86F67BF8 INT 0x84 ? 86B41F00 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7391040] spfy.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739113C] spfy.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73910BE] spfy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73917FC] spfy.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73916D2] spfy.sys IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KeGetCurrentIrql] CB033043 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfRaiseIrql] 0673C13B IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfLowerIrql] C13B0003 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!HalGetInterruptVector] 8366FA72 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!READ_PORT_USHORT] 83660000 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200 IAT \SystemRoot\System32\Drivers\ayorc6tf.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140 IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A1048] spfy.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [03DA1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetWindowLongA] [03DA15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenu] [6302910F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!TrackPopupMenuEx] [63029137] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowLongA] [03DA1530] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExA] [63029296] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DeferWindowPos] [03DA14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcA] [630571AF] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] [63029083] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TrackPopupMenuEx] [63029137] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DefWindowProcA] [03DA1850] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DeferWindowPos] [03DA14A0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetSysColorBrush] [6305C5E9] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!FillRect] [63028DEF] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!DrawFrameControl] [6301DF7F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!TrackPopupMenu] [6302910F] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!SetScrollInfo] [03DA1750] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\shell32.dll [uSER32.dll!GetWindowLongA] [03DA15B0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [6305C5B6] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6302915C] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63028F8E] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63028FF7] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [630290C4] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [63029021] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetSysColor] [6305C532] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CallWindowProcW] [63058149] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExA] [63029296] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DefWindowProcW] [03DA1890] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateWindowExW] [630292D3] C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-I~1\32\wbocx.ocx (WindowBlinds : DirectSkin /Stardock Corporation) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetWindowLongW] [03DA15E0] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) IAT C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1436] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!SetWindowLongW] [03DA1570] C:\Program Files\ATI Technologies\ATI.ACE\Core-Implementation\32\wbhelp2.dll (WindowBlinds Helper DLL/Stardock.Net, Inc) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 86F661F8 AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\NetBT \Device\NetBT_Tcpip_{165C0591-6FD4-4111-BF17-C9020B6885C1} 86A7F500 Device \Driver\usbuhci \Device\USBPDO-0 86B53500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD91F8 Device \Driver\dmio \Device\DmControl\DmConfig 86FD91F8 Device \Driver\dmio \Device\DmControl\DmPnP 86FD91F8 Device \Driver\dmio \Device\DmControl\DmInfo 86FD91F8 Device \Driver\usbuhci \Device\USBPDO-1 86B53500 Device \Driver\usbuhci \Device\USBPDO-2 86B53500 Device \Driver\usbuhci \Device\USBPDO-3 86B53500 AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) Device \Driver\Ftdisk \Device\HarddiskVolume1 86F681F8 Device \Driver\Cdrom \Device\CdRom0 86B54500 Device \Driver\NetBT \Device\NetBT_Tcpip_{E6A3A1B3-8463-4240-A41B-E37446C03EEE} 86A7F500 Device \Driver\Cdrom \Device\CdRom1 86B54500 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort2 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort3 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 [F72E3B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 86A7F500 Device \Driver\usbstor \Device\00000083 86ABF500 Device \Driver\usbstor \Device\00000084 86ABF500 Device \Driver\NetBT \Device\NetbiosSmb 86A7F500 Device \Driver\usbstor \Device\00000085 86ABF500 Device \Driver\usbstor \Device\00000086 86ABF500 Device \Driver\usbstor \Device\00000087 86ABF500 Device \Driver\PCI_PNP5740 \Device\0000004f spfy.sys Device \Driver\sptd \Device\4097846990 spfy.sys Device \Driver\usbuhci \Device\USBFDO-0 86B53500 Device \Driver\usbuhci \Device\USBFDO-1 86B53500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86ACF500 Device \Driver\usbuhci \Device\USBFDO-2 86B53500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86ACF500 Device \Driver\usbuhci \Device\USBFDO-3 86B53500 Device \Driver\Ftdisk \Device\FtControl 86F681F8 Device \Driver\ayorc6tf \Device\Scsi\ayorc6tf1 86B0F500 Device \Driver\ayorc6tf \Device\Scsi\ayorc6tf1Port4Path0Target0Lun0 86B0F500 Device \FileSystem\Cdfs \Cdfs 86B67500 ---- Threads - GMER 1.0.15 ---- Thread System [4:464] 86552930 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0x2A 0x88 0x4E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x37 0x59 0xC3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xD1 0x19 0x2D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xFF 0x2A 0x88 0x4E ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x9B 0x37 0x59 0xC3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x34 0xD1 0x19 0x2D ... ---- EOF - GMER 1.0.15 ----
  21. MCFIVE
    bonjour, Ca y est , je suis sur place . Alors voici : ComboFix 10-02-12.01 - Michel 15/02/2010 12:20:40.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.1022.664 [GMT 1:00] Lancé depuis: c:\documents and settings\Michel\Bureau\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Un antivirus résident est actif . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Michel\Application Data\inst.exe c:\program files\Winsudate c:\program files\Winsudate\gibcom.dll c:\program files\Winsudate\gibidl.dll c:\program files\Winsudate\gibsvc.exe c:\program files\Winsudate\gibupt.exe c:\program files\Winsudate\gibusr.exe c:\windows\system\msvbvm60.dll c:\windows\system32\itiimg3.dll . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINSVC -------\Service_WinSvc ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-15 au 2010-02-15 )))))))))))))))))))))))))))))))))))) . 2010-02-14 13:10 . 2010-02-14 13:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-02-12 11:00 . 2010-02-13 14:08 -------- d-----w- c:\documents and settings\Michel\Local Settings\Application Data\anaqak 2010-02-02 16:42 . 2010-02-02 16:42 -------- d-----w- C:\FreudUsers 2010-02-02 16:41 . 1999-05-28 09:15 86016 ----a-w- c:\windows\unvise32qt.exe 2010-02-02 16:41 . 2010-02-02 16:41 -------- d-----w- c:\windows\system32\QuickTime 2010-02-02 16:41 . 2010-02-02 16:41 -------- d-----w- c:\program files\QuickTime 2010-01-25 14:24 . 2010-01-25 14:24 -------- d-----w- c:\program files\ESET . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-15 11:27 . 2009-12-15 14:58 -------- d-----w- c:\documents and settings\Michel\Application Data\uTorrent 2010-02-15 11:26 . 2009-04-06 13:07 -------- d-----w- c:\program files\DNA 2010-02-15 11:26 . 2009-04-06 13:07 -------- d-----w- c:\documents and settings\Michel\Application Data\DNA 2010-02-14 19:03 . 2009-03-17 12:13 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater 2010-02-13 20:59 . 2009-03-02 11:18 -------- d-----w- c:\program files\adslTV 2010-02-13 12:09 . 2009-02-07 16:32 -------- d-----w- c:\program files\dl_Cats 2010-02-10 18:39 . 2009-01-28 19:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2010-01-23 02:16 . 2009-09-13 11:51 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-13 02:18 . 2009-12-15 12:41 -------- d-----w- c:\program files\Download Direct 2010-01-11 20:53 . 2009-03-31 17:31 -------- d-----w- c:\documents and settings\Michel\Application Data\dvdcss 2010-01-08 16:06 . 2010-01-08 16:06 45880 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-08 16:06 . 2010-01-08 16:06 -------- d-----w- c:\documents and settings\LocalService\Application Data\ATI 2010-01-08 16:03 . 2010-01-08 16:03 -------- d-----w- c:\documents and settings\Michel\Application Data\Icones 2010-01-05 09:56 . 2009-01-27 21:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2009-01-27 21:14 78336 ------w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2009-01-27 17:43 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2009-01-27 20:11 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-21 14:11 . 2009-12-21 14:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ESET 2009-12-21 13:50 . 2009-01-27 17:46 81974 ----a-w- c:\windows\system32\perfc00C.dat 2009-12-21 13:50 . 2009-01-27 17:46 503988 ----a-w- c:\windows\system32\perfh00C.dat 2009-12-21 13:49 . 2009-03-02 18:36 -------- d-----w- c:\documents and settings\Michel\Application Data\BitTorrent 2009-12-17 07:41 . 2009-01-27 21:00 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-16 13:42 . 2009-12-22 10:10 872960 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-12-16 13:42 . 2009-12-22 10:10 43008 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-12-16 13:42 . 2009-12-22 10:10 340480 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-12-16 13:41 . 2009-12-22 10:10 346624 ----a-w- c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-12-14 07:09 . 2009-01-27 17:43 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-10 16:23 . 2009-11-19 14:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-09 10:08 . 2001-08-23 17:12 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:08 . 2001-08-23 17:12 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2009-01-27 17:45 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:13 . 2009-01-27 21:00 1297920 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:13 . 2001-08-23 17:47 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:08 . 2009-01-27 21:01 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08 . 2009-01-27 21:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:08 . 2009-01-27 17:45 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:08 . 2001-08-23 17:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-27 16:08 . 2001-08-23 17:47 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-21 15:58 . 2009-01-27 21:01 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-01-27 06:53 . 2009-01-27 06:53 22115 ---ha-w- c:\program files\folder.htt 2008-04-13 18:33 . 2009-01-27 17:45 1384479 --sh--r- c:\windows\system32\msvbvm60.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-17 39408] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-08 323392] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-12-15 289584] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464] "ActivBoard"="c:\program files\ActivBoard\ABoard.exe" [2003-05-02 24576] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2006-02-24 73728] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-11-09 198160] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Fichiers communs\logishrd\WUApp32.exe" [2007-02-03 430080] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\dlcccoms.exe"= "c:\\Program Files\\adslTV\\adsltv.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/01/2009 20:34 717296] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [27/01/2009 22:21 11264] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29/09/2009 13:02 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [29/09/2009 13:05 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29/09/2009 13:03 735960] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13/09/2009 12:50 54752] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [03/05/2005 11:25 710144] R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [02/10/2002 09:57 13532] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [27/01/2009 22:33 7040] S2 gupdate1c9a6f9ee0a74e0;Service Google Update (gupdate1c9a6f9ee0a74e0);c:\program files\Google\Update\GoogleUpdate.exe [17/03/2009 13:14 133104] S3 cmudau32;C-Media USB UDA Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [16/03/2009 16:03 1414528] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864] S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [02/02/2009 23:27 14336] S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [02/02/2009 23:27 18432] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864] . Contenu du dossier 'Tâches planifiées' 2010-02-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-17 12:44] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 12:14] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-17 12:14] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.wibeez.com/meteo IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} - hxxp://support.packardbell.com/files/activex/InfosFinder2.CAB FF - ProfilePath - c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Wibeez FF - prefs.js: browser.startup.homepage - hxxp://www.wibeez.com/meteo FF - prefs.js: keyword.URL - hxxp://www.wibeez.com/meteo?search&q= FF - component: c:\documents and settings\Michel\Application Data\Mozilla\Firefox\Profiles\d11qro8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-WinUsr - c:\program files\Winsudate\gibusr.exe HKLM-Run-CmUsbSound - cmcnfgu.cpl ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 12:26 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll atapi.sys spxg.sys >>UNKNOWN [0x86F88938]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf762ef28 \Driver\ACPI -> ACPI.sys @ 0xf7388cb8 \Driver\atapi -> atapi.sys @ 0xf731db40 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 NDIS: Carte Fast Ethernet compatible VIA -> SendCompleteHandler -> NDIS.sys @ 0xf7226bb0 PacketIndicateHandler -> NDIS.sys @ 0xf7233a21 SendHandler -> NDIS.sys @ 0xf721187b user & kernel MBR OK ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(924) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4032) c:\windows\system32\eappprxy.dll c:\program files\WinRAR\rarext.dll c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\dlcccoms.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\RTHDCPL.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ActivBoard\AOSD.exe c:\windows\system32\RunDll32.exe c:\program files\LG Soft India\forteManager\bin\Monitor.exe c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Heure de fin: 2010-02-15 12:30:07 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-15 11:30 Avant-CF: 133 434 990 592 octets libres Après-CF: 135 368 458 240 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn - - End Of File - - 3E1D681B528CFB3B1EA42E18456D80FA
  22. MCFIVE
    bonsoir apollo, je ne t'avais pas oublié mais certaines difficultés par ailleurs m'ont retenues. Je voulais te remercier de ton aide et de ton temps que tu m'as consacré. je t'en remercie sincèrement très cordialement à toi Mcfive
  23. MCFIVE
    BONJOUR FALKRA, j' ai lu le message adressé àWifi2, que je suppose m'être adressé aussi , en ce qui me concerne, ça ne fait pas de mal de lire mais sache qu'il n'y a rien de volontaire . J ai quelqu"un ignare comme moi en informatique à ma librairie que j ai appelé pour qu'il clique sur TFC et le virus (je suppose) empêche d'exécuter le fichier comme les autres (MBAM, Hijackthis, ccleaner, le gestionnaire de tâche , mon pare feu est désactivé etc..) donc , le probleme demeure Que faire ?
  24. MCFIVE
    TFC est téléchargé mais ne s'ouvre pas de la même façon que le reste
  25. MCFIVE
    mERCI WIFI2, je suis parti de la librairie je ne pourrais reprendre que la semaine prochaine j'espère te retrouver, habitant loin bonsoir
×
×
  • Créer...