Aller au contenu

Mâalin

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    47

  • Inscription

  • Dernière visite

Tout ce qui a été posté par Mâalin

  1. Mâalin
    J'ai réinstallé, intsallé cccleaner, cpu-z... Et ça plante toujours... Quant à l'overlocking, je ne comprends pas ce que c'est...
  2. Mâalin
    Bonsoir ! Snif ! Ca ne marche toujours pas. J'ai toujours, régulièrement, un gros freeze puis mon écran qui part en c....... Pourtant le driver est bien installé et tout... C'est galère des fois l'informatique !
  3. Mâalin
    Oki je vais essayer, merci. Mais pour le moment, je croise les doigts, j'ai joué un peu ce matin et je n'ai pas eu de soucis... C'est étrange parfois l'informatique Je vais installé le driver sur le site, on verra.
  4. Mâalin
    Oui bien sur, j'ai installé le driver du cd... En fait, j'ai mis la nouvelle carte graphique en place, je l'ai branchée, le ventilateur tourne bien, puis j'ai installé le driver du cd et j'ai redémarré l'ordinateur comme demandé. Et la, ça marche correctement, jusqu'au moment où ça bloque et ou l'écran de mon jeu "déconne" complètement.
  5. Mâalin
    J'ai désinstallé Nvidia oui... :s
  6. Mâalin
    Bonjour ! Voila, j'avais il y a quelques jours une Carte graphique ASUS EN9800GT 512méga dont le ventilateur a cramé. Je l'ai remplacée par une ASUS EN9800GT 1G. Donc, à très peu de choses près, la même. Je l'ai installée, j'ai installé le driver, j'ai mis le DirectX à jour... Et pourtant, quand je joue (à Wow), j'ai de gros freeze et dès que l'image se débloque, j'ai des gros problèmes d'affichage. Genre le gros bordel^^ Pour info, j'ai un Intel Core2 Quad CPU 2.39 GHz, 3.25 Go de RAM Carte mère : ASUS P5QL PRO En espérant que j'ai posté ce message sur la bonne partie du forum et que quelqu'un pourra m'aider. Merci d'avance !
  7. Mâalin
    Salut ! Par habitude, je fais toujours supprimer... Mais je n'ai plus aucun message d'erreur ou d'infection... Donc c'est que ça doit aller En tout cas, merci beaucoup pour ton aide !!!!! Bonne journée !
  8. Mâalin
    Non, je n'ai pas installé Windows sur D:. Enfin disons que je l'ai formaté c'est tout. Par contre, un double clique sur D: ou I: ( I: étant probablement la clé responsable du transport du virus sur mon pc ), j'ai le message Antivir sur le C:\WINDOWS\System32\Drivers\klif.sys contient le Rootkit RKIT/Small.UA... Et lorsque je recherche ce fichier, je ne le trouve pas. Je ne peux donc pas l'analyser... :s
  9. Mâalin
    Je ne trouve rien en cliquant sur D:, G: ou I:. Par ailleurs c'est bien en ouvrant D:, soit mon 2ème disque dur qui faisait apparaitre ce message Antivir. Pour ce qui est de Kapersky, j'avoue mon crime
  10. Mâalin
    Merci de la réponse aussi rapide. Je ne sais pas si ça peut aider, mais lorsque j'ouvre D:, anitivir me dit qu'un virus ou indésirable a été détecté C:\WINDOWS\System32\Drivers\klif.sys contient le Rootkit RKIT/Small.UA
  11. Mâalin
    Voila ! Z'ai fini les derniers rapports. Donc, dans l'ordre : Le Mbam-log : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1876 Windows 5.1.2600 Service Pack 3 20/03/2009 23:53:28 mbam-log-2009-03-20 (23-53-28).txt Type de recherche: Examen complet (C:\|D:\|G:\|I:\|) Eléments examinés: 114235 Temps écoulé: 31 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Puis l'infotext de Rsit info.txt logfile of random's system information tool 1.05 2009-03-20 09:07:51 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly ASUS GameLiveShow-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{04726714-8286-43B8-AFD6-2DF92EC49995} ASUS SmartDoctor-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{12E11FBB-7CA6-4A86-834D-5E6390D51009} /l1036 ASUS Utilities-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{43C67D92-F56E-4729-8673-9A2D5A6036F8} /l1036 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" GameFace Messenger-->C:\WINDOWS\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini" HijackThis 2.0.2-->"C:\Documents and Settings\Jo\Bureau\HijackThis.exe" /uninstall Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} livebox-->C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MemTurbo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Silicon Prairie Software\MemTurbo\Uninst.isu" Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl NETGEAR Wireless Adapter WPN311-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB938897-211A-4999-9749-236D2E8E464A} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u PC DUAL SHOCK-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D313CA09-D5D4-4B3D-B4D0-20F2289BCD01}\setup.exe" -l0x9 SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x40c -removeonly TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe Wow Cartographe 1.09-->C:\Program Files\WowCartographe\uninst.exe XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf ======Security center information====== AV: Avira AntiVir PersonalEdition Classic System event log Computer Name: JOHN-729DBF238F Event Code: 15007 Message: La réservation de l'espace de nom identifié par le préfixe d'URL http://*:2869/ a été correctement ajoutée. Record Number: 5 Source Name: HTTP Time Written: 20090204015816.000000+060 Event Type: Informations User: Computer Name: JOHN-729DBF238F Event Code: 6011 Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers JOHN-729DBF238F. Record Number: 4 Source Name: EventLog Time Written: 20090204015445.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 2 Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée. Record Number: 3 Source Name: Serial Time Written: 20090204024450.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20090204024427.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090204024427.000000+060 Event Type: Informations User: Application event log Computer Name: JOHN-729DBF238F Event Code: 1000 Message: Les compteurs de performances pour le service ContentIndex (ContentIndex) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20090204015613.000000+060 Event Type: Informations User: Computer Name: JOHN-729DBF238F Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20090204015611.000000+060 Event Type: Informations User: Computer Name: JOHN-729DBF238F Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20090204015512.000000+060 Event Type: Informations User: Computer Name: JOHN-729DBF238F Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20090204015453.000000+060 Event Type: Informations User: Computer Name: JOHN-729DBF238F Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20090204015453.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Et le log.txt Logfile of random's system information tool 1.05 (written by random/random) Run by Jo at 2009-03-20 23:54:07 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 215 GB (90%) free of 238 GB Total RAM: 1535 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:54:18, on 20/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\GameFace Messenger\GameFace.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Jo\Bureau\RSIT.exe C:\Documents and Settings\Jo\Bureau\Jo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716765931 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716746384 O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6552 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-04 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-04 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-04 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016] "GameFace Messenger"=C:\Program Files\GameFace Messenger\GameFace.exe [2006-08-02 2048000] "SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208] "ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-04 136600] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-09-08 1085440] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Documents and Settings\Jo\Menu Démarrer\Programmes\Démarrage MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - b393b258\Launcher.exe"="C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - b393b258\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - 1d90d518\Launcher.exe"="C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - 1d90d518\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - u.com shell\open\command - u.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe ======List of files/folders created in the last 1 months====== 2009-03-20 09:07:44 ----D---- C:\rsit 2009-03-20 08:51:27 ----D---- C:\Documents and Settings\Jo\Application Data\Malwarebytes 2009-03-20 08:51:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-20 08:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-03-19 16:51:56 ----D---- C:\Program Files\Avira 2009-03-19 16:51:56 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-03-19 16:40:03 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-19 13:47:18 ----D---- C:\Program Files\Alwil Software 2009-03-18 21:00:15 ----D---- C:\WINDOWS\Minidump 2009-03-16 13:55:34 ----D---- C:\WINDOWS\system32\LogFiles 2009-03-15 12:31:00 ----D---- C:\WINDOWS\Sun 2009-03-13 19:52:06 ----A---- C:\WINDOWS\system32\ptpusb.dll 2009-03-13 19:52:05 ----A---- C:\WINDOWS\system32\ptpusd.dll 2009-03-11 23:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 23:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-02 07:25:49 ----D---- C:\Documents and Settings\Jo\Application Data\LG Electronics 2009-02-25 17:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2009-02-25 12:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-23 13:49:22 ----D---- C:\Documents and Settings\Jo\Application Data\U3 2009-02-23 13:19:50 ----D---- C:\Program Files\Zeb-Utility 2009-02-23 13:16:25 ----A---- C:\WINDOWS\Active Setup Log.txt 2009-02-23 13:15:39 ----D---- C:\Program Files\BigFix 2009-02-23 13:11:58 ----D---- C:\Program Files\Silicon Prairie Software 2009-02-23 13:11:44 ----A---- C:\WINDOWS\IsUninst.exe ======List of files/folders modified in the last 1 months====== 2009-03-20 23:19:18 ----A---- C:\WINDOWS\system.ini 2009-03-20 23:18:12 ----D---- C:\Program Files\Mozilla Firefox 2009-03-20 23:09:38 ----D---- C:\WINDOWS\Temp 2009-03-20 20:11:26 ----D---- C:\WINDOWS\Prefetch 2009-03-20 18:54:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-20 08:57:46 ----D---- C:\WINDOWS\system32\drivers 2009-03-20 08:57:46 ----D---- C:\WINDOWS\system32 2009-03-20 08:57:46 ----D---- C:\WINDOWS 2009-03-20 08:51:20 ----RD---- C:\Program Files 2009-03-19 16:39:58 ----HD---- C:\Program Files\InstallShield Installation Information 2009-03-19 16:37:57 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-19 15:46:50 ----HD---- C:\WINDOWS\inf 2009-03-19 15:43:11 ----SHD---- C:\WINDOWS\Installer 2009-03-19 15:42:48 ----D---- C:\Program Files\ASUS 2009-03-19 13:51:24 ----A---- C:\WINDOWS\win.ini 2009-03-19 13:47:45 ----D---- C:\WINDOWS\system32\config 2009-03-18 22:21:42 ----D---- C:\Documents and Settings\Jo\Application Data\teamspeak2 2009-03-15 03:05:28 ----D---- C:\Program Files\World of Warcraft 2009-03-13 19:52:11 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-03-11 23:41:47 ----A---- C:\WINDOWS\imsins.BAK 2009-03-11 07:57:56 ----HD---- C:\WINDOWS\$hf_mig$ 2009-03-02 07:25:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-26 19:16:13 ----D---- C:\Documents and Settings\Jo\Application Data\dvdcss 2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-23 08:28:45 ----SD---- C:\Documents and Settings\Jo\Application Data\Microsoft ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-02-04 15890] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408] R3 AR5211;NETGEAR WPN311 V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WPN311.sys [2005-01-27 400288] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-01 260288] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-10-25 36864] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-04 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] -----------------EOF----------------- Et enfin, le petit scan d'explorer par virustotal Fichier IEXPLORE.EXE.vir reçu le 2009.03.19 16:43:19 (CET) Situation actuelle: terminé Résultat: 0/39 (0.00%) Formaté Formaté Impression des résultats Impression des résultats Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.03.19 - AhnLab-V3 5.0.0.2 2009.03.19 - AntiVir 7.9.0.120 2009.03.19 - Authentium 5.1.2.4 2009.03.19 - Avast 4.8.1335.0 2009.03.19 - AVG 8.5.0.283 2009.03.19 - BitDefender 7.2 2009.03.19 - CAT-QuickHeal 10.00 2009.03.19 - ClamAV 0.94.1 2009.03.19 - Comodo 1066 2009.03.18 - DrWeb 4.44.0.09170 2009.03.19 - eSafe 7.0.17.0 2009.03.19 - eTrust-Vet 31.6.6388 2009.03.09 - F-Prot 4.4.4.56 2009.03.18 - F-Secure 8.0.14470.0 2009.03.19 - Fortinet 3.117.0.0 2009.03.19 - GData 19 2009.03.19 - Ikarus T3.1.1.48.0 2009.03.19 - K7AntiVirus 7.10.674 2009.03.17 - Kaspersky 7.0.0.125 2009.03.19 - McAfee 5557 2009.03.18 - McAfee+Artemis 5557 2009.03.18 - McAfee-GW-Edition 6.7.6 2009.03.19 - Microsoft 1.4502 2009.03.19 - NOD32 3948 2009.03.19 - Norman 6.00.06 2009.03.19 - nProtect 2009.1.8.0 2009.03.19 - Panda 10.0.0.10 2009.03.19 - PCTools 4.4.2.0 2009.03.19 - Prevx1 V2 2009.03.19 - Rising 21.21.32.00 2009.03.19 - Sophos 4.39.0 2009.03.19 - Sunbelt 3.2.1858.2 2009.03.19 - Symantec 1.4.4.12 2009.03.19 - TheHacker 6.3.3.0.285 2009.03.19 - TrendMicro 8.700.0.1004 2009.03.19 - VBA32 3.12.10.1 2009.03.18 - ViRobot 2009.3.19.1656 2009.03.19 - VirusBuster 4.6.5.0 2009.03.19 - Information additionnelle File size: 93184 bytes MD5...: 3d3c316bd1e112f3b9c532d8b9939bdc SHA1..: 4790b06f44768193e5ebd3393e51ac1b9c555e06 SHA256: 03d4e48914abb80f9d2e770887b5c2fbb1b59c709b8cac1d009438db9684851e SHA512: 6a834dcda3928109b3fc62859b33b587046e13cc70c1771ddedb8e7b5412f22a 12e8729384308a730679573c5c44391b04da865cb7568bc9a404a05ff2ca78b7 ssdeep: 1536:ggkhB6T4BcDQX2oooD+AyxArAIVJ9yayZbScAEiag5UofZ:UWT46QXMmAIq 1LiaUUofZ PEiD..: - TrID..: File type identification Win64 Executable Generic (59.6%) Win32 Executable MS Visual C++ (generic) (26.2%) Win32 Executable Generic (5.9%) Win32 Dynamic Link Library (generic) (5.2%) Generic Win/DOS Executable (1.3%) PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x2451 timedatestamp.....: 0x48025225 (Sun Apr 13 18:34:13 2008) machinetype.......: 0x14c (I386) ( 3 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1d9b 0x1e00 6.19 3f990a62f1398291d56bce2dea22c041 .data 0x3000 0x9c 0x200 2.57 3250ebd1e3513e9aa0c55ad75a9f41c3 .rsrc 0x4000 0x14714 0x14800 5.69 391927f5f166db05acf6617717aa48a0 ( 5 imports ) > msvcrt.dll: _except_handler3 > KERNEL32.dll: UnhandledExceptionFilter, GetCommandLineA, lstrlenW, MultiByteToWideChar, CreateEventA, GetCurrentThreadId, lstrcatA, lstrlenA, lstrcmpiA, lstrcpyA, GetModuleFileNameA, FreeLibrary, GetProcAddress, LoadLibraryA, GetVersionExA, UnmapViewOfFile, CloseHandle, ReleaseMutex, SetEvent, WaitForSingleObject, CreateProcessA, lstrcpynA, GetCurrentProcessId, DuplicateHandle, GetCurrentProcess, CreateMutexA, MapViewOfFile, CreateFileMappingA, WaitForMultipleObjects, GetModuleFileNameW, OpenProcess, GetLastError, SetUnhandledExceptionFilter, LocalFree, LocalAlloc, GetModuleHandleA, ExitThread, GetStartupInfoA, SetErrorMode, TerminateProcess, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime > USER32.dll: GetShellWindow, GetClassNameA, SendMessageA, PeekMessageA, MsgWaitForMultipleObjects, DestroyWindow, TranslateMessage, DispatchMessageA, LoadStringA, DefWindowProcA, RegisterClassA, CreateMenu, CreateWindowExA, ShowWindow, GetForegroundWindow, wsprintfA > SHLWAPI.dll: SHGetValueA, -, -, -, -, -, -, SHRegGetBoolUSValueA, PathRemoveFileSpecA, PathAppendA, PathQuoteSpacesA, StrCpyNW, wnsprintfA, PathFindFileNameA, StrStrIA, - > SHDOCVW.dll: -, - Voila, j'espère avoit tout bien fait cette fois-ci et j'espère surtout que ce Trojan .Gen 'est pas aussi grave que ce que je crains. Bonne nuit !
  12. Mâalin
    Mouais, j'ai voulu tout faire vite avant d'aller en cours ce matin, j'aurais pas dû ! Du coup, mal réveillé, j'ai oublié de brancher les clés usb et disques externes. Donc je refais tout. D'autant que tout à l'heure, Antivir a détecté un ".Gen" de plutôt mauvais augure d'après ce que j'ai vu sur le pc de ma copine qui l'avait choppé... Donc, j'ai relancé un antivir. Voici le rapport Avira AntiVir Personal Date de création du fichier de rapport : vendredi 20 mars 2009 20:14 La recherche porte sur 1308219 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur :JOHN-729DBF238F Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 15:52:44 ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 15:52:46 ANTIVIR3.VDF : 7.1.2.191 233472 Bytes 19/03/2009 15:52:47 Version du moteur: 8.2.0.120 AEVDF.DLL : 8.1.1.0 106868 Bytes 19/03/2009 15:52:53 AESCRIPT.DLL : 8.1.1.67 364923 Bytes 19/03/2009 15:52:52 AESCN.DLL : 8.1.1.8 127346 Bytes 19/03/2009 15:52:51 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.10 397686 Bytes 19/03/2009 15:52:51 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 19/03/2009 15:52:50 AEHEUR.DLL : 8.1.0.107 1663352 Bytes 19/03/2009 15:52:50 AEHELP.DLL : 8.1.2.2 119158 Bytes 19/03/2009 15:52:48 AEGEN.DLL : 8.1.1.30 336245 Bytes 19/03/2009 15:52:48 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.6.6 176501 Bytes 19/03/2009 15:52:47 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, G:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: arrêt Fichier mode de recherche........: Tous les fichiers Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Types d'archives divergents......: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Heuristique de macrovirus........: marche Heuristique fichier..............: élevé Catégories de dangers divergentes: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : vendredi 20 mars 2009 20:14 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'notepad.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'memturbo.exe' - '1' module(s) sont contrôlés Processus de recherche 'wlancfg5.exe' - '1' module(s) sont contrôlés Processus de recherche 'AlertModule.exe' - '1' module(s) sont contrôlés Processus de recherche 'memturbo.exe' - '1' module(s) sont contrôlés Processus de recherche 'msmsgs.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés Processus de recherche 'SystrayApp.exe' - '1' module(s) sont contrôlés Processus de recherche 'GameFace.exe' - '1' module(s) sont contrôlés Processus de recherche 'SMax4.exe' - '1' module(s) sont contrôlés Processus de recherche 'SMax4PNP.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiapsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SMAgent.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'FTRTSVC.exe' - '1' module(s) sont contrôlés Processus de recherche 'ATKKBService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'acs.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '40' processus ont été contrôlés avec '40' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD2 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD3 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'G:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '53' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\System Volume Information\_restore{1B0BE2E6-9816-4525-9EAD-1DB0E3DE676E}\RP53\A0007527.dll [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [REMARQUE] Fichier supprimé. Recherche débutant dans 'D:\' Recherche débutant dans 'G:\' <My Book> G:\2.bat [RESULTAT] Contient le cheval de Troie TR/Drop.Agent.ahdz [REMARQUE] Fichier supprimé. G:\System Volume Information\_restore{1B0BE2E6-9816-4525-9EAD-1DB0E3DE676E}\RP42\A0005408.com [RESULTAT] Contient le cheval de Troie TR/Drop.Agent.ahdz [REMARQUE] Fichier supprimé. G:\System Volume Information\_restore{1B0BE2E6-9816-4525-9EAD-1DB0E3DE676E}\RP54\A0007543.bat [RESULTAT] Contient le cheval de Troie TR/Drop.Agent.ahdz [REMARQUE] Fichier supprimé. G:\Musique\Par Genres\The Reggae History - Reggae Music CD2 (The Past) - Jimmy Cliff,Johnny Clarke,Sugar Minott,Don Carlos,Alpha Blondy,Marcia Griffiths....- by SuX.ace [0] Type d'archive: ACE --> 5. One Draw (Rita Marley).mp3 [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. Fin de la recherche : vendredi 20 mars 2009 23:09 Temps nécessaire: 2:54:56 Heure(s) La recherche a été effectuée intégralement 4693 Les répertoires ont été contrôlés 141444 Des fichiers ont été contrôlés 4 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 4 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 141439 Fichiers non infectés 1286 Les archives ont été contrôlées 2 Avertissements 4 Consignes Et maintenant, je me met aux Mbam, rsit et je fais les petites manip que tu m'a conseillé de faire. A de suite Et encore merci ( on le dit jamais trop ! )
  13. Mâalin
    Avant toute chose, merci beaucoup de m'aider. J'espère avoir tout bien fait Alors, j'ai lancé un Mbam qui a trouvé plusieurs éléments à supprimer, dont un qui devait être supprimé au démarrage. J'ai donc redémarré l'ordi et voici le rapport : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1876 Windows 5.1.2600 Service Pack 3 20/03/2009 08:56:40 mbam-log-2009-03-20 (08-56-40).txt Type de recherche: Examen rapide Eléments examinés: 58605 Temps écoulé: 3 minute(s), 27 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot. Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully. C:\gyn.cmd (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot. C:\WINDOWS\system32\nmdfgds1.dll (Spyware.OnLineGames) -> Quarantined and deleted successfully. ------------------------------------------------------------------------------------------------- Puis j'ai lancé le RSIT et voici les 2 rapports qu'il a sorti : Le log Texte : Logfile of random's system information tool 1.05 (written by random/random) Run by Jo at 2009-03-20 09:07:44 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 215 GB (90%) free of 238 GB Total RAM: 1535 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:07:48, on 20/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\GameFace Messenger\GameFace.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Jo\Bureau\RSIT.exe C:\Documents and Settings\Jo\Bureau\Jo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716765931 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716746384 O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6532 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-04 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-04 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-04 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016] "GameFace Messenger"=C:\Program Files\GameFace Messenger\GameFace.exe [2006-08-02 2048000] "SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208] "ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-04 136600] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-09-08 1085440] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Documents and Settings\Jo\Menu Démarrer\Programmes\Démarrage MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - b393b258\Launcher.exe"="C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - b393b258\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - 1d90d518\Launcher.exe"="C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - 1d90d518\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] shell\AutoRun\command - C:\gyn.cmd shell\open\command - C:\gyn.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\gyn.cmd shell\open\command - D:\gyn.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fd54d17-1000-11de-bd51-000fb587df06}] shell\AutoRun\command - wd_windows_tools\WDEULA.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65fe103f-f250-11dd-8b9e-806d6172696f}] shell\AutoRun\command - D:\gyn.cmd shell\open\command - D:\gyn.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ec6e72-f262-11dd-bd3b-000fb587df06}] shell\AutoRun\command - u.com shell\open\command - u.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ef0965-01a2-11de-bd48-000fb587df06}] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ef0966-01a2-11de-bd48-000fb587df06}] shell\AutoRun\command - I:\2.bat shell\open\command - I:\2.bat ======List of files/folders created in the last 3 months====== 2009-03-20 09:07:44 ----D---- C:\rsit 2009-03-20 08:51:27 ----D---- C:\Documents and Settings\Jo\Application Data\Malwarebytes 2009-03-20 08:51:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-20 08:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-03-19 16:51:56 ----D---- C:\Program Files\Avira 2009-03-19 16:51:56 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-03-19 16:40:03 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-19 13:47:18 ----D---- C:\Program Files\Alwil Software 2009-03-18 21:00:15 ----D---- C:\WINDOWS\Minidump 2009-03-16 13:55:34 ----D---- C:\WINDOWS\system32\LogFiles 2009-03-15 12:31:00 ----D---- C:\WINDOWS\Sun 2009-03-13 19:52:06 ----A---- C:\WINDOWS\system32\ptpusb.dll 2009-03-13 19:52:05 ----A---- C:\WINDOWS\system32\ptpusd.dll 2009-03-11 23:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 23:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-02 07:25:49 ----D---- C:\Documents and Settings\Jo\Application Data\LG Electronics 2009-02-25 17:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2009-02-25 12:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-23 13:49:22 ----D---- C:\Documents and Settings\Jo\Application Data\U3 2009-02-23 13:19:50 ----D---- C:\Program Files\Zeb-Utility 2009-02-23 13:16:25 ----A---- C:\WINDOWS\Active Setup Log.txt 2009-02-23 13:15:39 ----D---- C:\Program Files\BigFix 2009-02-23 13:11:58 ----D---- C:\Program Files\Silicon Prairie Software 2009-02-23 13:11:44 ----A---- C:\WINDOWS\IsUninst.exe 2009-02-11 14:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-08 16:29:27 ----D---- C:\Documents and Settings\Jo\Application Data\teamspeak2 2009-02-04 16:35:35 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA 2009-02-04 10:47:44 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard 2009-02-04 09:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-02-04 09:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-02-04 09:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-02-04 08:20:10 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-02-04 08:20:10 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-02-04 06:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-02-04 06:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-02-04 06:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-02-04 06:36:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-02-04 06:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-02-04 06:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2009-02-04 06:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$ 2009-02-04 06:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-02-04 06:24:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-02-04 06:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-02-04 06:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-02-04 06:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2009-02-04 06:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-02-04 06:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-02-04 06:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-02-04 06:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-02-04 06:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-02-04 06:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-02-04 06:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-02-04 06:20:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-02-04 06:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-02-04 06:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-02-04 06:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-02-04 06:14:37 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-04 06:04:52 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-02-04 06:04:16 ----D---- C:\WINDOWS\Prefetch 2009-02-04 05:49:54 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-04 05:49:52 ----D---- C:\WINDOWS\l2schemas 2009-02-04 05:49:50 ----D---- C:\WINDOWS\system32\fr 2009-02-04 05:49:49 ----D---- C:\WINDOWS\system32\bits 2009-02-04 05:45:48 ----D---- C:\WINDOWS\ServicePackFiles 2009-02-04 05:42:11 ----D---- C:\WINDOWS\network diagnostic 2009-02-04 05:41:39 ----D---- C:\Documents and Settings\Jo\Application Data\vlc 2009-02-04 05:41:10 ----D---- C:\Documents and Settings\Jo\Application Data\dvdcss 2009-02-04 05:41:05 ----D---- C:\Documents and Settings\Jo\Application Data\WinRAR 2009-02-04 05:34:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-02-04 05:34:05 ----D---- C:\WINDOWS\EHome 2009-02-04 05:03:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-02-04 04:44:31 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-04 04:44:30 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-04 04:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-02-04 04:13:03 ----D---- C:\Documents and Settings\Jo\Application Data\Adobe 2009-02-04 04:07:12 ----A---- C:\WINDOWS\system32\wups2.dll 2009-02-04 04:07:06 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2009-02-04 04:06:58 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2009-02-04 04:06:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-02-04 04:06:52 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2009-02-04 04:01:19 ----D---- C:\Program Files\WinRAR 2009-02-04 04:00:22 ----D---- C:\Program Files\Microsoft Office 2009-02-04 03:57:17 ----D---- C:\Program Files\WowCartographe 2009-02-04 03:57:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-02-04 03:56:32 ----D---- C:\Program Files\Teamspeak2_RC2 2009-02-04 03:56:25 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-02-04 03:56:25 ----D---- C:\Program Files\Adobe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\javaws.exe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\javaw.exe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\java.exe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-02-04 03:47:31 ----D---- C:\Program Files\Java 2009-02-04 03:46:43 ----D---- C:\Program Files\VideoLAN 2009-02-04 03:46:29 ----D---- C:\Program Files\Fichiers communs\Blizzard Entertainment 2009-02-04 03:45:03 ----D---- C:\Documents and Settings\Jo\Application Data\Sun 2009-02-04 03:43:59 ----A---- C:\WINDOWS\system32\wpa.bak 2009-02-04 03:39:03 ----D---- C:\Documents and Settings\Jo\Application Data\Mozilla 2009-02-04 03:38:35 ----D---- C:\Program Files\Mozilla Firefox 2009-02-04 03:33:38 ----D---- C:\Documents and Settings\Jo\Application Data\Macromedia 2009-02-04 03:32:27 ----SHD---- C:\RECYCLER 2009-02-04 03:27:33 ----D---- C:\Program Files\World of Warcraft 2009-02-04 03:24:14 ----A---- C:\WINDOWS\system32\Autodial2000.dll 2009-02-04 03:24:11 ----A---- C:\WINDOWS\system32\w32n50.dll 2009-02-04 03:23:58 ----D---- C:\Program Files\Orange 2009-02-04 03:23:54 ----D---- C:\Program Files\Fichiers communs\France Telecom 2009-02-04 03:23:54 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-02-04 03:23:54 ----A---- C:\WINDOWS\system32\MFC71.dll 2009-02-04 03:23:54 ----A---- C:\WINDOWS\system32\atl71.dll 2009-02-04 03:22:27 ----D---- C:\Program Files\SAGEM 2009-02-04 03:22:23 ----D---- C:\Documents and Settings\Jo\Application Data\InstallShield 2009-02-04 03:22:05 ----D---- C:\Program Files\Securitoo 2009-02-04 03:17:22 ----A---- C:\WINDOWS\system32\results.txt 2009-02-04 03:17:06 ----D---- C:\Program Files\NETGEAR 2009-02-04 03:16:54 ----D---- C:\WINDOWS\Downloaded Installations 2009-02-04 03:04:42 ----D---- C:\Program Files\VID_0E8F&PID_0003 2009-02-04 03:04:13 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-02-04 03:01:53 ----D---- C:\Program Files\ASUS 2009-02-04 03:01:41 ----A---- C:\WINDOWS\iun6002.exe 2009-02-04 03:01:30 ----D---- C:\Program Files\GameFace Messenger 2009-02-04 02:57:51 ----D---- C:\Program Files\My Company Name 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2009-02-04 02:57:33 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2009-02-04 02:57:33 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2009-02-04 02:57:33 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2009-02-04 02:57:32 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2009-02-04 02:56:49 ----A---- C:\WINDOWS\system32\ATKOSDMini.DLL 2009-02-04 02:56:49 ----A---- C:\WINDOWS\system32\atkid.ini 2009-02-04 02:56:49 ----A---- C:\WINDOWS\ATKKBService.exe 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKOSDX32.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKOGL32.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKDispCPL.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKDISP.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asrussian.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\askorean.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asjapan.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asgerman.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asfrench.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\aseng.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ASCHT.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\aschs.dll 2009-02-04 02:55:49 ----D---- C:\WINDOWS\nview 2009-02-04 02:55:49 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-02-04 02:55:31 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-02-04 02:54:36 ----A---- C:\WINDOWS\system32\h323log.txt 2009-02-04 02:49:35 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-02-04 02:49:33 ----D---- C:\Program Files\Intel 2009-02-04 02:48:03 ----A---- C:\WINDOWS\system32\usbui.dll 2009-02-04 02:47:07 ----A---- C:\WINDOWS\imsins.BAK 2009-02-04 02:47:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-04 02:47:04 ----SHD---- C:\WINDOWS\Installer 2009-02-04 02:47:04 ----D---- C:\Program Files\Fichiers communs\ODBC 2009-02-04 02:47:04 ----A---- C:\WINDOWS\ODBCINST.INI 2009-02-04 02:47:01 ----RD---- C:\Program Files 2009-02-04 02:47:01 ----D---- C:\Program Files\Fichiers communs\SpeechEngines 2009-02-04 02:47:01 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-02-04 02:47:01 ----D---- C:\Program Files\Fichiers communs 2009-02-04 02:46:58 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-02-04 02:46:58 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-02-04 02:46:58 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-02-04 02:46:54 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-02-04 02:46:54 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-02-04 02:46:53 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-02-04 02:46:53 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-02-04 02:46:53 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-02-04 02:46:50 ----A---- C:\WINDOWS\system32\irclass.dll 2009-02-04 02:46:50 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-02-04 02:46:49 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-02-04 02:46:49 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-02-04 02:46:49 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-02-04 02:46:47 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-02-04 02:46:47 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-02-04 02:46:46 ----A---- C:\WINDOWS\system32\batt.dll 2009-02-04 02:46:46 ----A---- C:\WINDOWS\notepad.exe 2009-02-04 02:46:45 ----A---- C:\WINDOWS\system32\storprop.dll 2009-02-04 02:46:39 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-02-04 02:45:28 ----RA---- C:\WINDOWS\SET25.tmp 2009-02-04 02:44:57 ----RA---- C:\WINDOWS\SET8.tmp 2009-02-04 02:44:55 ----RA---- C:\WINDOWS\SET4.tmp 2009-02-04 02:44:53 ----RA---- C:\WINDOWS\SET3.tmp 2009-02-04 02:44:48 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-04 02:44:48 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-04 02:44:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-04 02:44:25 ----A---- C:\WINDOWS\setuplog.txt 2009-02-04 02:44:23 ----SHD---- C:\System Volume Information 2009-02-04 02:44:23 ----D---- C:\Documents and Settings 2009-02-04 02:43:33 ----SH---- C:\boot.ini 2009-02-04 02:34:39 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-02-04 02:34:38 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-02-04 02:34:30 ----A---- C:\WINDOWS\system32\wdmioctl.dll 2009-02-04 02:34:29 ----A---- C:\WINDOWS\system32\SMMedia.dll 2009-02-04 02:34:26 ----D---- C:\WINDOWS\VirtualEar 2009-02-04 02:34:26 ----A---- C:\WINDOWS\system32\virtear.dll 2009-02-04 02:34:26 ----A---- C:\WINDOWS\system32\Audio3d.dll 2009-02-04 02:34:24 ----D---- C:\Program Files\Analog Devices 2009-02-04 02:34:24 ----A---- C:\WINDOWS\system32\DSndUp.exe 2009-02-04 02:34:24 ----A---- C:\WINDOWS\system32\CleanUp.exe 2009-02-04 02:34:23 ----HD---- C:\Program Files\InstallShield Installation Information 2009-02-04 02:34:20 ----D---- C:\WINDOWS\system32\3com_dmi 2009-02-04 02:34:20 ----D---- C:\WINDOWS\system32\1036 2009-02-04 02:34:20 ----D---- C:\WINDOWS\PeerNet 2009-02-04 02:34:20 ----D---- C:\WINDOWS\pchealth 2009-02-04 02:34:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-04 02:34:19 ----RSD---- C:\WINDOWS\Fonts 2009-02-04 02:34:19 ----RD---- C:\WINDOWS\Web 2009-02-04 02:34:19 ----HD---- C:\WINDOWS\inf 2009-02-04 02:34:19 ----D---- C:\WINDOWS\WinSxS 2009-02-04 02:34:19 ----D---- C:\WINDOWS\twain_32 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Temp 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\wins 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\wbem 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\usmt 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\spool 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\ShellExt 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\Setup 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\ras 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\oobe 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\npp 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\mui 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\inetsrv 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\IME 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\icsxml 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\ias 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\export 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\drivers 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\dhcp 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\config 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\3076 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\2052 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1054 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1042 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1041 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1037 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1033 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1031 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1028 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1025 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system 2009-02-04 02:34:19 ----D---- C:\WINDOWS\security 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Resources 2009-02-04 02:34:19 ----D---- C:\WINDOWS\repair 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Provisioning 2009-02-04 02:34:19 ----D---- C:\WINDOWS\mui 2009-02-04 02:34:19 ----D---- C:\WINDOWS\msapps 2009-02-04 02:34:19 ----D---- C:\WINDOWS\msagent 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Media 2009-02-04 02:34:19 ----D---- C:\WINDOWS\java 2009-02-04 02:34:19 ----D---- C:\WINDOWS\ime 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Help 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Driver Cache 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Debug 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Cursors 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Connection Wizard 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Config 2009-02-04 02:34:19 ----D---- C:\WINDOWS\AppPatch 2009-02-04 02:34:19 ----D---- C:\WINDOWS\addins 2009-02-04 02:34:19 ----D---- C:\WINDOWS 2009-02-04 02:34:01 ----D---- C:\Program Files\Fichiers communs\InstallShield 2009-02-04 02:33:58 ----A---- C:\WINDOWS\AS_Debug.txt 2009-02-04 02:33:54 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-02-04 02:04:00 ----D---- C:\Documents and Settings\Jo\Application Data\Identities 2009-02-04 02:03:59 ----HD---- C:\Program Files\Uninstall Information 2009-02-04 02:03:43 ----SD---- C:\Documents and Settings\Jo\Application Data\Microsoft 2009-02-04 02:03:43 ----ASH---- C:\Documents and Settings\Jo\Application Data\desktop.ini 2009-02-04 02:03:03 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-04 02:03:02 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-04 02:03:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-04 01:59:51 ----D---- C:\WINDOWS\system32\xircom 2009-02-04 01:59:51 ----D---- C:\Program Files\xerox 2009-02-04 01:59:51 ----D---- C:\Program Files\microsoft frontpage 2009-02-04 01:59:42 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-02-04 01:59:41 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-04 01:59:32 ----A---- C:\WINDOWS\control.ini 2009-02-04 01:59:32 ----A---- C:\AUTOEXEC.BAT 2009-02-04 01:59:12 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-04 01:59:09 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-02-04 01:58:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-04 01:58:27 ----RD---- C:\WINDOWS\Offline Web Pages 2009-02-04 01:58:27 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-02-04 01:58:21 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-02-04 01:58:17 ----HD---- C:\Program Files\WindowsUpdate 2009-02-04 01:58:14 ----D---- C:\Program Files\Services en ligne 2009-02-04 01:58:00 ----D---- C:\WINDOWS\system32\DirectX 2009-02-04 01:57:43 ----A---- C:\WINDOWS\system32\atrace.dll 2009-02-04 01:57:40 ----A---- C:\WINDOWS\system32\desktop.ini 2009-02-04 01:57:40 ----A---- C:\WINDOWS\desktop.ini 2009-02-04 01:57:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-02-04 01:57:32 ----D---- C:\Program Files\Fichiers communs\Services 2009-02-04 01:57:32 ----A---- C:\WINDOWS\system32\acctres.dll 2009-02-04 01:57:29 ----SD---- C:\WINDOWS\Tasks 2009-02-04 01:57:29 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-02-04 01:57:28 ----D---- C:\Program Files\Fichiers communs\MSSoap 2009-02-04 01:57:23 ----D---- C:\WINDOWS\srchasst 2009-02-04 01:57:22 ----D---- C:\WINDOWS\system32\Macromed 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wups.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-02-04 01:57:16 ----D---- C:\Program Files\Movie Maker 2009-02-04 01:57:13 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-02-04 01:57:13 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-02-04 01:57:13 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-02-04 01:57:12 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-02-04 01:57:10 ----A---- C:\WINDOWS\system32\fltmc.exe 2009-02-04 01:57:10 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-02-04 01:57:09 ----D---- C:\WINDOWS\system32\Restore 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\srclient.dll 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\ils.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\msconf.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-02-04 01:57:06 ----D---- C:\Program Files\NetMeeting 2009-02-04 01:57:06 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-02-04 01:57:06 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-02-04 01:57:05 ----A---- C:\WINDOWS\system32\inetres.dll 2009-02-04 01:57:05 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-02-04 01:57:03 ----D---- C:\Program Files\Outlook Express 2009-02-04 01:57:03 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-02-04 01:57:03 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-02-04 01:57:03 ----A---- C:\WINDOWS\system32\mstask.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\isign32.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-02-04 01:56:57 ----D---- C:\Program Files\Internet Explorer 2009-02-04 01:56:57 ----D---- C:\Program Files\Fichiers communs\System 2009-02-04 01:56:47 ----D---- C:\Program Files\ComPlus Applications 2009-02-04 01:56:45 ----A---- C:\WINDOWS\vbaddin.ini 2009-02-04 01:56:45 ----A---- C:\WINDOWS\vb.ini 2009-02-04 01:56:41 ----D---- C:\WINDOWS\Registration 2009-02-04 01:56:11 ----D---- C:\Program Files\Windows Media Player 2009-02-04 01:56:11 ----D---- C:\Program Files\Online Services 2009-02-04 01:56:07 ----D---- C:\Program Files\Messenger 2009-02-04 01:56:04 ----D---- C:\Program Files\MSN Gaming Zone 2009-02-04 01:56:04 ----A---- C:\WINDOWS\system32\write.exe 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\hticons.dll 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\avwav.dll 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-02-04 01:55:56 ----A---- C:\WINDOWS\system32\winchat.exe 2009-02-04 01:55:51 ----A---- C:\WINDOWS\system32\getuname.dll 2009-02-04 01:55:51 ----A---- C:\WINDOWS\system32\charmap.exe 2009-02-04 01:55:51 ----A---- C:\WINDOWS\system32\calc.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\winmine.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\tskill.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\sol.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\reset.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\freecell.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\tscon.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\shadow.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\regini.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\msg.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\logoff.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\stclient.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-02-04 01:55:47 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-02-04 01:55:42 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-02-04 01:55:34 ----D---- C:\Program Files\MSN 2009-02-04 01:55:33 ----D---- C:\Program Files\Windows NT 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-02-04 01:55:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-02-04 01:55:32 ----A---- C:\WINDOWS\system32\spider.exe 2009-02-04 01:55:32 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-02-04 01:55:30 ----D---- C:\WINDOWS\system32\MsDtc 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-02-04 01:55:28 ----D---- C:\WINDOWS\system32\Com 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\colbact.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-02-04 01:55:27 ----A---- C:\WINDOWS\system32\comuid.dll 2009-02-04 01:55:27 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-02-04 01:55:22 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-02-04 01:55:22 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-02-04 01:55:22 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-02-04 01:55:21 ----A---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 3 months====== 2009-03-20 08:30:59 ----A---- C:\WINDOWS\system.ini 2009-03-19 13:51:24 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-02-04 15890] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408] R3 AR5211;NETGEAR WPN311 V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WPN311.sys [2005-01-27 400288] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-01 260288] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-10-25 36864] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-04 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] -----------------EOF----------------- Et l'info texte : Logfile of random's system information tool 1.05 (written by random/random) Run by Jo at 2009-03-20 09:07:44 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 215 GB (90%) free of 238 GB Total RAM: 1535 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:07:48, on 20/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\acs.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\GameFace Messenger\GameFace.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Jo\Bureau\RSIT.exe C:\Documents and Settings\Jo\Bureau\Jo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716765931 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716746384 O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6532 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-04 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-04 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-04 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-10-14 1388544] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016] "GameFace Messenger"=C:\Program Files\GameFace Messenger\GameFace.exe [2006-08-02 2048000] "SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208] "ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-04 136600] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "ASUS SmartDoctor"=C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe [2006-09-08 1085440] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe NETGEAR WPN311 Wireless Assistant.lnk - C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Documents and Settings\Jo\Menu Démarrer\Programmes\Démarrage MemTurbo.lnk - C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - b393b258\Launcher.exe"="C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - b393b258\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - 1d90d518\Launcher.exe"="C:\Documents and Settings\Jo\Local Settings\Temp\Blizzard Launcher Temporary - 1d90d518\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] shell\AutoRun\command - C:\gyn.cmd shell\open\command - C:\gyn.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\gyn.cmd shell\open\command - D:\gyn.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fd54d17-1000-11de-bd51-000fb587df06}] shell\AutoRun\command - wd_windows_tools\WDEULA.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{65fe103f-f250-11dd-8b9e-806d6172696f}] shell\AutoRun\command - D:\gyn.cmd shell\open\command - D:\gyn.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1ec6e72-f262-11dd-bd3b-000fb587df06}] shell\AutoRun\command - u.com shell\open\command - u.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ef0965-01a2-11de-bd48-000fb587df06}] shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ef0966-01a2-11de-bd48-000fb587df06}] shell\AutoRun\command - I:\2.bat shell\open\command - I:\2.bat ======List of files/folders created in the last 3 months====== 2009-03-20 09:07:44 ----D---- C:\rsit 2009-03-20 08:51:27 ----D---- C:\Documents and Settings\Jo\Application Data\Malwarebytes 2009-03-20 08:51:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-20 08:51:20 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-03-19 16:51:56 ----D---- C:\Program Files\Avira 2009-03-19 16:51:56 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-03-19 16:40:03 ----A---- C:\WINDOWS\ntbtlog.txt 2009-03-19 13:47:18 ----D---- C:\Program Files\Alwil Software 2009-03-18 21:00:15 ----D---- C:\WINDOWS\Minidump 2009-03-16 13:55:34 ----D---- C:\WINDOWS\system32\LogFiles 2009-03-15 12:31:00 ----D---- C:\WINDOWS\Sun 2009-03-13 19:52:06 ----A---- C:\WINDOWS\system32\ptpusb.dll 2009-03-13 19:52:05 ----A---- C:\WINDOWS\system32\ptpusd.dll 2009-03-11 23:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 23:41:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-02 07:25:49 ----D---- C:\Documents and Settings\Jo\Application Data\LG Electronics 2009-02-25 17:25:35 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2009-02-25 12:04:43 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-23 13:49:22 ----D---- C:\Documents and Settings\Jo\Application Data\U3 2009-02-23 13:19:50 ----D---- C:\Program Files\Zeb-Utility 2009-02-23 13:16:25 ----A---- C:\WINDOWS\Active Setup Log.txt 2009-02-23 13:15:39 ----D---- C:\Program Files\BigFix 2009-02-23 13:11:58 ----D---- C:\Program Files\Silicon Prairie Software 2009-02-23 13:11:44 ----A---- C:\WINDOWS\IsUninst.exe 2009-02-11 14:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-08 16:29:27 ----D---- C:\Documents and Settings\Jo\Application Data\teamspeak2 2009-02-04 16:35:35 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA 2009-02-04 10:47:44 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard 2009-02-04 09:46:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-02-04 09:46:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-02-04 09:46:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-02-04 08:20:10 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-02-04 08:20:10 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-02-04 06:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-02-04 06:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-02-04 06:36:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-02-04 06:36:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-02-04 06:25:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-02-04 06:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2009-02-04 06:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$ 2009-02-04 06:24:57 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-02-04 06:24:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-02-04 06:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-02-04 06:22:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-02-04 06:22:21 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$ 2009-02-04 06:22:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-02-04 06:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-02-04 06:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-02-04 06:21:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-02-04 06:20:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-02-04 06:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-02-04 06:20:19 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-02-04 06:20:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-02-04 06:19:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-02-04 06:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-02-04 06:19:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-02-04 06:14:37 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-04 06:04:52 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-02-04 06:04:16 ----D---- C:\WINDOWS\Prefetch 2009-02-04 05:49:54 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-04 05:49:52 ----D---- C:\WINDOWS\l2schemas 2009-02-04 05:49:50 ----D---- C:\WINDOWS\system32\fr 2009-02-04 05:49:49 ----D---- C:\WINDOWS\system32\bits 2009-02-04 05:45:48 ----D---- C:\WINDOWS\ServicePackFiles 2009-02-04 05:42:11 ----D---- C:\WINDOWS\network diagnostic 2009-02-04 05:41:39 ----D---- C:\Documents and Settings\Jo\Application Data\vlc 2009-02-04 05:41:10 ----D---- C:\Documents and Settings\Jo\Application Data\dvdcss 2009-02-04 05:41:05 ----D---- C:\Documents and Settings\Jo\Application Data\WinRAR 2009-02-04 05:34:06 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-02-04 05:34:05 ----D---- C:\WINDOWS\EHome 2009-02-04 05:03:16 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-02-04 04:44:31 ----D---- C:\WINDOWS\system32\PreInstall 2009-02-04 04:44:30 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-02-04 04:44:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-02-04 04:13:03 ----D---- C:\Documents and Settings\Jo\Application Data\Adobe 2009-02-04 04:07:12 ----A---- C:\WINDOWS\system32\wups2.dll 2009-02-04 04:07:06 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2009-02-04 04:06:58 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2009-02-04 04:06:52 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-02-04 04:06:52 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2009-02-04 04:01:19 ----D---- C:\Program Files\WinRAR 2009-02-04 04:00:22 ----D---- C:\Program Files\Microsoft Office 2009-02-04 03:57:17 ----D---- C:\Program Files\WowCartographe 2009-02-04 03:57:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-02-04 03:56:32 ----D---- C:\Program Files\Teamspeak2_RC2 2009-02-04 03:56:25 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-02-04 03:56:25 ----D---- C:\Program Files\Adobe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\javaws.exe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\javaw.exe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\java.exe 2009-02-04 03:47:56 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-02-04 03:47:31 ----D---- C:\Program Files\Java 2009-02-04 03:46:43 ----D---- C:\Program Files\VideoLAN 2009-02-04 03:46:29 ----D---- C:\Program Files\Fichiers communs\Blizzard Entertainment 2009-02-04 03:45:03 ----D---- C:\Documents and Settings\Jo\Application Data\Sun 2009-02-04 03:43:59 ----A---- C:\WINDOWS\system32\wpa.bak 2009-02-04 03:39:03 ----D---- C:\Documents and Settings\Jo\Application Data\Mozilla 2009-02-04 03:38:35 ----D---- C:\Program Files\Mozilla Firefox 2009-02-04 03:33:38 ----D---- C:\Documents and Settings\Jo\Application Data\Macromedia 2009-02-04 03:32:27 ----SHD---- C:\RECYCLER 2009-02-04 03:27:33 ----D---- C:\Program Files\World of Warcraft 2009-02-04 03:24:14 ----A---- C:\WINDOWS\system32\Autodial2000.dll 2009-02-04 03:24:11 ----A---- C:\WINDOWS\system32\w32n50.dll 2009-02-04 03:23:58 ----D---- C:\Program Files\Orange 2009-02-04 03:23:54 ----D---- C:\Program Files\Fichiers communs\France Telecom 2009-02-04 03:23:54 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-02-04 03:23:54 ----A---- C:\WINDOWS\system32\MFC71.dll 2009-02-04 03:23:54 ----A---- C:\WINDOWS\system32\atl71.dll 2009-02-04 03:22:27 ----D---- C:\Program Files\SAGEM 2009-02-04 03:22:23 ----D---- C:\Documents and Settings\Jo\Application Data\InstallShield 2009-02-04 03:22:05 ----D---- C:\Program Files\Securitoo 2009-02-04 03:17:22 ----A---- C:\WINDOWS\system32\results.txt 2009-02-04 03:17:06 ----D---- C:\Program Files\NETGEAR 2009-02-04 03:16:54 ----D---- C:\WINDOWS\Downloaded Installations 2009-02-04 03:04:42 ----D---- C:\Program Files\VID_0E8F&PID_0003 2009-02-04 03:04:13 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-02-04 03:01:53 ----D---- C:\Program Files\ASUS 2009-02-04 03:01:41 ----A---- C:\WINDOWS\iun6002.exe 2009-02-04 03:01:30 ----D---- C:\Program Files\GameFace Messenger 2009-02-04 02:57:51 ----D---- C:\Program Files\My Company Name 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xinput1_1.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xactengine2_2.dll 2009-02-04 02:57:35 ----A---- C:\WINDOWS\system32\xactengine2_1.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\xactengine2_0.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\d3dx9_30.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\d3dx9_29.dll 2009-02-04 02:57:34 ----A---- C:\WINDOWS\system32\d3dx9_28.dll 2009-02-04 02:57:33 ----A---- C:\WINDOWS\system32\d3dx9_27.dll 2009-02-04 02:57:33 ----A---- C:\WINDOWS\system32\d3dx9_26.dll 2009-02-04 02:57:33 ----A---- C:\WINDOWS\system32\d3dx9_25.dll 2009-02-04 02:57:32 ----A---- C:\WINDOWS\system32\d3dx9_24.dll 2009-02-04 02:56:49 ----A---- C:\WINDOWS\system32\ATKOSDMini.DLL 2009-02-04 02:56:49 ----A---- C:\WINDOWS\system32\atkid.ini 2009-02-04 02:56:49 ----A---- C:\WINDOWS\ATKKBService.exe 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKOSDX32.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKOGL32.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKDispCPL.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ATKDISP.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asrussian.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\askorean.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asjapan.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asgerman.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\asfrench.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\aseng.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\ASCHT.dll 2009-02-04 02:56:48 ----A---- C:\WINDOWS\system32\aschs.dll 2009-02-04 02:55:49 ----D---- C:\WINDOWS\nview 2009-02-04 02:55:49 ----A---- C:\WINDOWS\system32\nvudisp.exe 2009-02-04 02:55:31 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2009-02-04 02:54:36 ----A---- C:\WINDOWS\system32\h323log.txt 2009-02-04 02:49:35 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-02-04 02:49:33 ----D---- C:\Program Files\Intel 2009-02-04 02:48:03 ----A---- C:\WINDOWS\system32\usbui.dll 2009-02-04 02:47:07 ----A---- C:\WINDOWS\imsins.BAK 2009-02-04 02:47:05 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-04 02:47:04 ----SHD---- C:\WINDOWS\Installer 2009-02-04 02:47:04 ----D---- C:\Program Files\Fichiers communs\ODBC 2009-02-04 02:47:04 ----A---- C:\WINDOWS\ODBCINST.INI 2009-02-04 02:47:01 ----RD---- C:\Program Files 2009-02-04 02:47:01 ----D---- C:\Program Files\Fichiers communs\SpeechEngines 2009-02-04 02:47:01 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-02-04 02:47:01 ----D---- C:\Program Files\Fichiers communs 2009-02-04 02:46:58 ----RA---- C:\WINDOWS\system32\kbdtuq.dll 2009-02-04 02:46:58 ----RA---- C:\WINDOWS\system32\kbdtuf.dll 2009-02-04 02:46:58 ----RA---- C:\WINDOWS\system32\kbdazel.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdtat.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdmon.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdkyr.dll 2009-02-04 02:46:57 ----RA---- C:\WINDOWS\system32\kbdaze.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdycc.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbduzb.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdur.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdru1.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdru.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdkaz.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdbu.dll 2009-02-04 02:46:56 ----RA---- C:\WINDOWS\system32\kbdblr.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhept.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhela3.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhela2.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhe319.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhe220.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdhe.dll 2009-02-04 02:46:55 ----RA---- C:\WINDOWS\system32\kbdgkl.dll 2009-02-04 02:46:54 ----RA---- C:\WINDOWS\system32\kbdlt1.dll 2009-02-04 02:46:54 ----RA---- C:\WINDOWS\system32\kbdlt.dll 2009-02-04 02:46:53 ----RA---- C:\WINDOWS\system32\kbdlv1.dll 2009-02-04 02:46:53 ----RA---- C:\WINDOWS\system32\kbdlv.dll 2009-02-04 02:46:53 ----RA---- C:\WINDOWS\system32\kbdest.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdycl.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdsl1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdsl.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdro.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdpl1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdpl.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdhu1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdhu.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcz2.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcz1.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcz.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\kbdcr.dll 2009-02-04 02:46:52 ----RA---- C:\WINDOWS\system32\KBDAL.DLL 2009-02-04 02:46:50 ----A---- C:\WINDOWS\system32\irclass.dll 2009-02-04 02:46:50 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-02-04 02:46:49 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-02-04 02:46:49 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-02-04 02:46:49 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-02-04 02:46:47 ----N---- C:\WINDOWS\system32\CONFIG.TMP 2009-02-04 02:46:47 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-02-04 02:46:46 ----A---- C:\WINDOWS\system32\batt.dll 2009-02-04 02:46:46 ----A---- C:\WINDOWS\notepad.exe 2009-02-04 02:46:45 ----A---- C:\WINDOWS\system32\storprop.dll 2009-02-04 02:46:39 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-02-04 02:45:28 ----RA---- C:\WINDOWS\SET25.tmp 2009-02-04 02:44:57 ----RA---- C:\WINDOWS\SET8.tmp 2009-02-04 02:44:55 ----RA---- C:\WINDOWS\SET4.tmp 2009-02-04 02:44:53 ----RA---- C:\WINDOWS\SET3.tmp 2009-02-04 02:44:48 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-04 02:44:48 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-04 02:44:43 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-04 02:44:25 ----A---- C:\WINDOWS\setuplog.txt 2009-02-04 02:44:23 ----SHD---- C:\System Volume Information 2009-02-04 02:44:23 ----D---- C:\Documents and Settings 2009-02-04 02:43:33 ----SH---- C:\boot.ini 2009-02-04 02:34:39 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-02-04 02:34:38 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-02-04 02:34:30 ----A---- C:\WINDOWS\system32\wdmioctl.dll 2009-02-04 02:34:29 ----A---- C:\WINDOWS\system32\SMMedia.dll 2009-02-04 02:34:26 ----D---- C:\WINDOWS\VirtualEar 2009-02-04 02:34:26 ----A---- C:\WINDOWS\system32\virtear.dll 2009-02-04 02:34:26 ----A---- C:\WINDOWS\system32\Audio3d.dll 2009-02-04 02:34:24 ----D---- C:\Program Files\Analog Devices 2009-02-04 02:34:24 ----A---- C:\WINDOWS\system32\DSndUp.exe 2009-02-04 02:34:24 ----A---- C:\WINDOWS\system32\CleanUp.exe 2009-02-04 02:34:23 ----HD---- C:\Program Files\InstallShield Installation Information 2009-02-04 02:34:20 ----D---- C:\WINDOWS\system32\3com_dmi 2009-02-04 02:34:20 ----D---- C:\WINDOWS\system32\1036 2009-02-04 02:34:20 ----D---- C:\WINDOWS\PeerNet 2009-02-04 02:34:20 ----D---- C:\WINDOWS\pchealth 2009-02-04 02:34:19 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-02-04 02:34:19 ----RSD---- C:\WINDOWS\Fonts 2009-02-04 02:34:19 ----RD---- C:\WINDOWS\Web 2009-02-04 02:34:19 ----HD---- C:\WINDOWS\inf 2009-02-04 02:34:19 ----D---- C:\WINDOWS\WinSxS 2009-02-04 02:34:19 ----D---- C:\WINDOWS\twain_32 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Temp 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\wins 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\wbem 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\usmt 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\spool 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\ShellExt 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\Setup 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\ras 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\oobe 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\npp 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\mui 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\inetsrv 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\IME 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\icsxml 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\ias 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\export 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\drivers 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\dhcp 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\config 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\3076 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\2052 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1054 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1042 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1041 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1037 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1033 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1031 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1028 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32\1025 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system32 2009-02-04 02:34:19 ----D---- C:\WINDOWS\system 2009-02-04 02:34:19 ----D---- C:\WINDOWS\security 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Resources 2009-02-04 02:34:19 ----D---- C:\WINDOWS\repair 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Provisioning 2009-02-04 02:34:19 ----D---- C:\WINDOWS\mui 2009-02-04 02:34:19 ----D---- C:\WINDOWS\msapps 2009-02-04 02:34:19 ----D---- C:\WINDOWS\msagent 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Media 2009-02-04 02:34:19 ----D---- C:\WINDOWS\java 2009-02-04 02:34:19 ----D---- C:\WINDOWS\ime 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Help 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Driver Cache 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Debug 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Cursors 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Connection Wizard 2009-02-04 02:34:19 ----D---- C:\WINDOWS\Config 2009-02-04 02:34:19 ----D---- C:\WINDOWS\AppPatch 2009-02-04 02:34:19 ----D---- C:\WINDOWS\addins 2009-02-04 02:34:19 ----D---- C:\WINDOWS 2009-02-04 02:34:01 ----D---- C:\Program Files\Fichiers communs\InstallShield 2009-02-04 02:33:58 ----A---- C:\WINDOWS\AS_Debug.txt 2009-02-04 02:33:54 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-02-04 02:04:00 ----D---- C:\Documents and Settings\Jo\Application Data\Identities 2009-02-04 02:03:59 ----HD---- C:\Program Files\Uninstall Information 2009-02-04 02:03:43 ----SD---- C:\Documents and Settings\Jo\Application Data\Microsoft 2009-02-04 02:03:43 ----ASH---- C:\Documents and Settings\Jo\Application Data\desktop.ini 2009-02-04 02:03:03 ----D---- C:\WINDOWS\SoftwareDistribution 2009-02-04 02:03:02 ----SD---- C:\WINDOWS\system32\Microsoft 2009-02-04 02:03:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-04 01:59:51 ----D---- C:\WINDOWS\system32\xircom 2009-02-04 01:59:51 ----D---- C:\Program Files\xerox 2009-02-04 01:59:51 ----D---- C:\Program Files\microsoft frontpage 2009-02-04 01:59:42 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-02-04 01:59:41 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-04 01:59:32 ----A---- C:\WINDOWS\control.ini 2009-02-04 01:59:32 ----A---- C:\AUTOEXEC.BAT 2009-02-04 01:59:12 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-04 01:59:09 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-02-04 01:58:27 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-04 01:58:27 ----RD---- C:\WINDOWS\Offline Web Pages 2009-02-04 01:58:27 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-02-04 01:58:21 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-02-04 01:58:17 ----HD---- C:\Program Files\WindowsUpdate 2009-02-04 01:58:14 ----D---- C:\Program Files\Services en ligne 2009-02-04 01:58:00 ----D---- C:\WINDOWS\system32\DirectX 2009-02-04 01:57:43 ----A---- C:\WINDOWS\system32\atrace.dll 2009-02-04 01:57:40 ----A---- C:\WINDOWS\system32\desktop.ini 2009-02-04 01:57:40 ----A---- C:\WINDOWS\desktop.ini 2009-02-04 01:57:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-02-04 01:57:32 ----D---- C:\Program Files\Fichiers communs\Services 2009-02-04 01:57:32 ----A---- C:\WINDOWS\system32\acctres.dll 2009-02-04 01:57:29 ----SD---- C:\WINDOWS\Tasks 2009-02-04 01:57:29 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-02-04 01:57:28 ----D---- C:\Program Files\Fichiers communs\MSSoap 2009-02-04 01:57:23 ----D---- C:\WINDOWS\srchasst 2009-02-04 01:57:22 ----D---- C:\WINDOWS\system32\Macromed 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wups.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-02-04 01:57:20 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-02-04 01:57:19 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-02-04 01:57:16 ----D---- C:\Program Files\Movie Maker 2009-02-04 01:57:13 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-02-04 01:57:13 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-02-04 01:57:13 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-02-04 01:57:12 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-02-04 01:57:10 ----A---- C:\WINDOWS\system32\fltmc.exe 2009-02-04 01:57:10 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-02-04 01:57:09 ----D---- C:\WINDOWS\system32\Restore 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\srclient.dll 2009-02-04 01:57:09 ----A---- C:\WINDOWS\system32\ils.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\msconf.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-02-04 01:57:08 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-02-04 01:57:06 ----D---- C:\Program Files\NetMeeting 2009-02-04 01:57:06 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-02-04 01:57:06 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-02-04 01:57:05 ----A---- C:\WINDOWS\system32\inetres.dll 2009-02-04 01:57:05 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-02-04 01:57:03 ----D---- C:\Program Files\Outlook Express 2009-02-04 01:57:03 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-02-04 01:57:03 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-02-04 01:57:03 ----A---- C:\WINDOWS\system32\mstask.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\isign32.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-02-04 01:57:02 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-02-04 01:56:57 ----D---- C:\Program Files\Internet Explorer 2009-02-04 01:56:57 ----D---- C:\Program Files\Fichiers communs\System 2009-02-04 01:56:47 ----D---- C:\Program Files\ComPlus Applications 2009-02-04 01:56:45 ----A---- C:\WINDOWS\vbaddin.ini 2009-02-04 01:56:45 ----A---- C:\WINDOWS\vb.ini 2009-02-04 01:56:41 ----D---- C:\WINDOWS\Registration 2009-02-04 01:56:11 ----D---- C:\Program Files\Windows Media Player 2009-02-04 01:56:11 ----D---- C:\Program Files\Online Services 2009-02-04 01:56:07 ----D---- C:\Program Files\Messenger 2009-02-04 01:56:04 ----D---- C:\Program Files\MSN Gaming Zone 2009-02-04 01:56:04 ----A---- C:\WINDOWS\system32\write.exe 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\hticons.dll 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\avwav.dll 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-02-04 01:55:57 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-02-04 01:55:56 ----A---- C:\WINDOWS\system32\winchat.exe 2009-02-04 01:55:51 ----A---- C:\WINDOWS\system32\getuname.dll 2009-02-04 01:55:51 ----A---- C:\WINDOWS\system32\charmap.exe 2009-02-04 01:55:51 ----A---- C:\WINDOWS\system32\calc.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\winmine.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\tskill.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\sol.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\reset.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-02-04 01:55:50 ----A---- C:\WINDOWS\system32\freecell.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\tscon.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\shadow.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\regini.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\msg.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\logoff.exe 2009-02-04 01:55:49 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\stclient.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-02-04 01:55:48 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-02-04 01:55:47 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-02-04 01:55:42 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-02-04 01:55:34 ----D---- C:\Program Files\MSN 2009-02-04 01:55:33 ----D---- C:\Program Files\Windows NT 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-02-04 01:55:33 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-02-04 01:55:32 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-02-04 01:55:32 ----A---- C:\WINDOWS\system32\spider.exe 2009-02-04 01:55:32 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-02-04 01:55:31 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-02-04 01:55:30 ----D---- C:\WINDOWS\system32\MsDtc 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-02-04 01:55:30 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-02-04 01:55:29 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-02-04 01:55:28 ----D---- C:\WINDOWS\system32\Com 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\colbact.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-02-04 01:55:28 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-02-04 01:55:27 ----A---- C:\WINDOWS\system32\comuid.dll 2009-02-04 01:55:27 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-02-04 01:55:22 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-02-04 01:55:22 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-02-04 01:55:22 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-02-04 01:55:21 ----A---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 3 months====== 2009-03-20 08:30:59 ----A---- C:\WINDOWS\system.ini 2009-03-19 13:51:24 ----A---- C:\WINDOWS\win.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys [] R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.10; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-02-04 15890] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-08-13 129408] R3 AR5211;NETGEAR WPN311 V1H3 Wireless Adapter Service; C:\WINDOWS\system32\DRIVERS\WPN311.sys [2005-01-27 400288] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12288] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-04-26 381056] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-02-01 260288] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S1 asusgsb;ASUS Virtual Video Capture Device Driver; C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 12416] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2004-09-14 88960] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 Video3D;ASUS Video3D Service; C:\WINDOWS\System32\Drivers\Video3D32.sys [] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-10-25 36864] R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2006-09-04 241664] R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-04 152984] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715] R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] -----------------EOF----------------- Par ailleurs, j'utilise Firefox comme navigateur, voila pourquoi je ne me suis pas trop embêté avec Internet Explorer. Et puis je crois me souvenir que lorsque j'ai voulu l'installer, il a bloqué à chaque fois :s Voila Merci encore ! Mâalin
  14. Mâalin
    Bonjour ! Il y a peu de temps, ma copine a eu la bonne idée de connecter une clé usb infectée sur mon pc... Depuis, forcément, je suis infecté. Antivir a donc trouvé un Trojan "Kavos" je crois... Après avoir suivi toutes les démarches que vous conseillez, j'aurais eu besoin d'un petit coup de main s'il vous plait. Voici le rapport HijackThis que j'ai effectué en mode sans échec Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:51:47, on 19/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Jo\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie Software\MemTurbo\memturbo.exe O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716765931 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1233716746384 O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5210 bytes Si quelqu'un voulait bien me dire ce qu'il me reste à faire. D'autant que je trouve que mon ordinateur rame pas mal lorsque je joue en ligne, j'imagine que c'est lié... Merci d'avance ! Mâalin
  15. Mâalin

    !je ne veux pas formater ! :p

    Mâalin a répondu à un(e) sujet de Mâalin dans Software

    Merci beaucoup !!! Ce forum et ce site sont toujours un réel plaisir ! Toujours sympa, toujours utile Merci à tous !
  16. Mâalin
    Bonjour ! ou bonne nuit... Voila, c'est surement tout bête, et pour le coup c'est surtout moi qui ai été assez bête... Je m'explique : j'ai voulu reformater mon pc, ça je sais faire. Mais bêtement, j'ai laissé branché un disque externe lorsque j'ai reinstallé windows, et j'ai supprimé la partition du disque externe. Alors dès que je clique dessus windows me propose de le formater. Mais j'aimerai bien ne pas perdre ce qu'il y a dessus et je suis psque sur qu'il y a une manip' toute simple à faire pour le récuperer. enfin je l'espere...^^ quelqu'un pour m'aider a reparer ma betise ? Merci d'avance, amicalement, Mâalin
  17. Mâalin
    Re! Serait-ce la lumière au bout du tunnel?^^ Donc, ce rapport Gmer : GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-14 21:00:00 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xB7A7E040] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB7A7A930] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xB7A85A80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB7A7E510] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xB7A84870] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xB7A84AA0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xB7A87FD0] SSDT F7AAF0FC ZwCreateThread SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB7A7E600] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB7A7AF20] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xB7A866E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xB7A86440] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xB7A84580] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB7A868B0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB7A7AD70] SSDT F7AAF0E8 ZwOpenProcess SSDT F7AAF0ED ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xB7A87250] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB7A86CB0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xB7A7DC00] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB7A87080] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xB7A7E220] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB7A7B120] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xB7A86140] SSDT F7AAF0F7 ZwTerminateProcess SSDT F7AAF0F2 ZwWriteVirtualMemory Code 8B557EF3 IoWriteOperationCount ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 10, E5, A7, B7, 70, 48, A8, ... ] ? srescan.sys Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2112] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [b7A82CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [b7A831C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [b7A83320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [b7A82E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [b7A82E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [b7A82CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [b7A831C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [b7A83320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [b7A82CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [b7A83320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [b7A831C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [b7A82E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [b7A83320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [b7A831C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [b7A82CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [b7A90330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [b7A82E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [b7A82CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [b7A831C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [b7A83320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [b7A82CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [b7A82E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [b7A83320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [b7A831C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [b7A7B670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [b7A7B5C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [b7A7B770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [b7A7B2D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.14 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- EOF - GMER 1.0.14 ---- Voila, A plus tard !
  18. Mâalin
    Bah vi, je sais bien qu'on va y arriver Enfin, tu es en train de me dire comment y arriver héhé. Alors, tu m'as demandé 2 rapports, les voici. Le rapport ComboFix : ComboFix 08-02-14.1 - Mâalin 2008-02-14 12:19:40.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1076 [GMT 1:00] Endroit: C:\Documents and Settings\Mâalin\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Mâalin\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE C:\WINDOWS\rxhkvnr.exe C:\WINDOWS\system32\Drivers\Qva72.sys C:\WINDOWS\xgwdrjp.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\_OTMoveIt C:\_OTMoveIt\MovedFiles\02122008_164916.log C:\_OTMoveIt\MovedFiles\02122008_164916.res C:\_OTMoveIt\MovedFiles\02122008_164937.log C:\_OTMoveIt\MovedFiles\02122008_164937.res C:\_OTMoveIt\MovedFiles\02122008_164937\WINDOWS\SYSTEM32\LogCrypt.dll C:\_OTMoveIt\MovedFiles\02122008_165400.log C:\_OTMoveIt\MovedFiles\02122008_165400.res C:\_OTMoveIt\MovedFiles\02122008_165600.log C:\_OTMoveIt\MovedFiles\02122008_165600.res C:\VundoFix Backups C:\WINDOWS\rxhkvnr.exe C:\WINDOWS\xgwdrjp.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_QVA72 -------\Qva72 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))))))) . 2008-02-14 12:17 . 2008-02-14 12:18 <REP> d-------- C:\SDFix 2008-02-13 02:31 . 2008-02-14 12:29 430,112 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-13 02:31 . 2008-02-14 12:28 6,068 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-13 02:28 . 2008-02-13 02:29 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-02-13 02:21 . 2008-02-13 02:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-02-13 02:19 . 2008-02-13 02:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-13 02:18 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-13 02:18 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-13 02:18 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-13 02:18 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-13 02:17 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-13 02:17 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-13 02:10 . 2008-02-13 02:19 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-13 02:10 . 2008-02-13 02:10 <REP> d-------- C:\Program Files\Zone Labs 2008-02-13 02:10 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-13 02:10 . 2008-02-14 12:29 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-13 02:09 . 2008-02-14 12:23 <REP> d-------- C:\WINDOWS\Internet Logs 2008-02-13 00:50 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-12 21:05 . 2008-02-14 02:28 250 --a------ C:\WINDOWS\gmer.ini 2008-02-12 13:12 . 2008-02-12 13:17 <REP> d-------- C:\fixwareout 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-02-12 01:10 . 2007-11-30 16:54 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-02-12 01:10 . 2007-11-30 16:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-02-12 00:55 . 2008-02-12 00:55 <REP> d-------- C:\Program Files\Avira 2008-02-12 00:55 . 2008-02-12 00:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-11 22:02 . 2008-02-11 22:02 2,563 --a------ C:\WINDOWS\image.jpg 2008-02-11 11:18 . 2008-02-11 12:07 <REP> d-------- C:\Program Files\PKR 2008-01-18 14:15 . 2008-01-18 14:15 268 --ah----- C:\sqmdata01.sqm 2008-01-18 14:15 . 2008-01-18 14:15 244 --ah----- C:\sqmnoopt01.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-13 18:08 303,104 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-13 18:08 1,334,272 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-02-13 01:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 01:07 --------- d-----w C:\Program Files\Java 2008-01-27 16:05 --------- d-----w C:\Program Files\World of Warcraft 2008-01-10 15:58 --------- d-----w C:\Program Files\VideoLAN 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 01:16 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe 2007-11-30 18:33 155,995 ----a-w C:\WINDOWS\java\Packages\EQKUQ2CX.ZIP 2007-11-30 16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe 2005-01-27 16:51 400,288 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys 2005-01-27 09:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE 2005-01-27 09:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-09-08 17:10 1085440] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848] "GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [2006-08-02 16:06 2048000] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 02:08 813912] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280] "MPSWiFiManager"="C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe" [2005-04-11 16:19 135168] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] "WD Button Manager"="WDBtnMgr.exe" [2007-12-04 02:16 339968 C:\WINDOWS\system32\WDBtnMgr.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-12 03:09 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 00:58 249896] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02] S3 EnumChip;EnumChip;E:\VGART\EnumChip.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\install.EXE id= ver=1.0.0.0 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 12:30:14 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-14 12:31:43 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-14 11:31:37 ComboFix2.txt 2008-02-14 01:41:09 . 2008-02-13 18:13:29 --- E O F --- Et le rapport SDFix : SDFix: Version 1.142 Run by Mâalin on 14/02/2008 at 12:36 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: No Trojan Files Found Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 12:58:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 189 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- Files with Hidden Attributes: Fri 30 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT1.tmp" Finished! Voila Mam'zelle ( ou Madame ) Merci encore pour ton aide en tout cas @+ tard
  19. Mâalin
    Coucou ! C'est re moi. Pas eu beaucoup de temps hier entre les cours, le boulot, le foot ...^^ Surtout pas eu le temps de m'occuper de mon ordi convenablement. Mais ca y est, j'ai tout fini, je crois^^ J'ai fait un gmer : GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-13 19:06:02 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xB8000040] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xB7FFC930] <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\jkghje.dll ZwCreateKey [0xF76B8A2B] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xB8000510] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xB8006870] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xB8006AA0] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xB8009FD0] <-- ROOTKIT !!! SSDT BA256D4C ZwCreateThread SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xB8000600] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xB7FFCF20] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xB80086E0] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xB8008440] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xB8006580] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xB80088B0] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xB7FFCD70] <-- ROOTKIT !!! SSDT \??\C:\WINDOWS\system32\jkghje.dll ZwOpenKey [0xF76B8ADF] <-- ROOTKIT !!! SSDT BA256D38 ZwOpenProcess SSDT BA256D3D ZwOpenThread SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xB8009250] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xB8008CB0] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xB7FFFC00] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xB8009080] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xB8000220] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xB7FFD120] <-- ROOTKIT !!! SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xB8008140] <-- ROOTKIT !!! SSDT BA256D47 ZwTerminateProcess SSDT BA256D42 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 10, 05, 00, B8, 70, 68, 00, ... ] ? C:\WINDOWS\system32\drivers\Qva72.sys Accès refusé. ? srescan.sys Le fichier spécifié est introuvable. ! .text jkghje.dll F76B80F2 1159 Bytes [ B7, 58, 3C, 81, 3C, 18, 50, ... ] .text jkghje.dll F76B857A 96 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text jkghje.dll F76B85DB 171 Bytes [ 78, C1, 43, 45, 79, C1, 42, ... ] .text jkghje.dll F76B8687 53 Bytes [ 00, 00, 10, 00, 00, 10, 00, ... ] .text jkghje.dll F76B86BD 61 Bytes [ 00, 00, 00, 38, 00, 00, 00, ... ] .text ... .text C:\WINDOWS\system32\jkghje.dll section is writeable [0xF76B8000, 0x6AA7, 0xE8000020] ? C:\WINDOWS\system32\jkghje.dll Le fichier spécifié est introuvable. ---- User code sections - GMER 1.0.14 ---- .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2488] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [b8004CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [b80051C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [b8005320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [b8004E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [b8004E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [b8004CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [b80051C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [b8005320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [b8004CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [b8005320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [b80051C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [b8004E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [b8005320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [b80051C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [b8004CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [b8004E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [b8004CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [b80051C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [b8005320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [b8012330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [b8004CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [b8004E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [b8005320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [b80051C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [b7FFD670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [b7FFD5C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [b7FFD770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [b7FFD2D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs jkghje.dll AttachedDevice \FileSystem\Ntfs \Ntfs Qva72.sys Device \FileSystem\Udfs \UdfsCdRom Qva72.sys Device \FileSystem\Mup \Dfs Qva72.sys Device \FileSystem\Udfs \UdfsDisk Qva72.sys Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Ip jkghje.dll Device \FileSystem\RAW \Device\RawTape Qva72.sys Device \FileSystem\MRxDAV \Device\WebDavRedirector Qva72.sys Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp jkghje.dll Device \FileSystem\Mup \Device\Mup Qva72.sys Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp jkghje.dll Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp jkghje.dll Device \FileSystem\RAW \Device\RawDisk Qva72.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver Qva72.sys Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST jkghje.dll Device \FileSystem\MRxSmb \Device\LanmanRedirector Qva72.sys Device \FileSystem\RAW \Device\RawCdRom Qva72.sys Device \FileSystem\Mup \Device\WinDfs\Root Qva72.sys Device \FileSystem\Cdfs \Cdfs Qva72.sys ---- Services - GMER 1.0.14 ---- Service C:\WINDOWS\system32\jkghje.dll (*** hidden *** ) [sYSTEM] wer32 <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@ImagePath \??\C:\WINDOWS\system32\jkghje.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\wer32@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\wer32@Start 1 Reg HKLM\SYSTEM\ControlSet002\Services\wer32@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\wer32@ImagePath \??\C:\WINDOWS\system32\jkghje.dll Reg HKLM\SYSTEM\ControlSet002\Services\wer32\Security Reg HKLM\SYSTEM\ControlSet002\Services\wer32\Security@Security 0x01 0x00 0x14 0x80 ... ---- EOF - GMER 1.0.14 ---- Ensuite, j'ai fait l'opération avec le blurp mais des que je l'ai lancé, jai eu un message "Gmer a rencontré un probleme" puis "DeletKey : parametre incorrect" et a chaque nouvelle ligne du tableau, j'i eu un message "Gmer a rencontré un probleme, envoyer/ne pas envoyer". Ca a redémarré mon ordi. J'ai installé ComboFix puis l'ai lancé, voici le rapport : ComboFix 08-02-14.1 - Mâalin 2008-02-14 2:34:56.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1093 [GMT 1:00] Endroit: C:\Documents and Settings\Mâalin\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\3_exception.nls . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SYSLIBRARY -------\runtime -------\SysLibrary ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))))))) . 2008-02-13 02:31 . 2008-02-14 02:40 368,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-02-13 02:31 . 2008-02-14 02:37 5,348 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-02-13 02:28 . 2008-02-13 02:29 <REP> d-------- C:\WINDOWS\system32\fr-fr 2008-02-13 02:21 . 2008-02-13 02:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-02-13 02:19 . 2008-02-13 02:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-02-13 02:18 . 2007-12-13 19:27 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll 2008-02-13 02:18 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll 2008-02-13 02:18 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll 2008-02-13 02:18 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll 2008-02-13 02:17 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-02-13 02:17 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-02-13 02:10 . 2008-02-13 02:19 <REP> d-------- C:\WINDOWS\system32\ZoneLabs 2008-02-13 02:10 . 2008-02-13 02:10 <REP> d-------- C:\Program Files\Zone Labs 2008-02-13 02:10 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll 2008-02-13 02:10 . 2008-02-14 02:38 358,830 --a------ C:\WINDOWS\system32\vsconfig.xml 2008-02-13 02:09 . 2008-02-14 02:36 <REP> d-------- C:\WINDOWS\Internet Logs 2008-02-13 00:50 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys 2008-02-12 21:11 . 2008-02-12 21:11 <REP> d-------- C:\VundoFix Backups 2008-02-12 21:05 . 2008-02-14 02:28 250 --a------ C:\WINDOWS\gmer.ini 2008-02-12 16:49 . 2008-02-12 16:49 <REP> d-------- C:\_OTMoveIt 2008-02-12 13:12 . 2008-02-12 13:17 <REP> d-------- C:\fixwareout 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-02-12 01:10 . 2007-11-30 16:54 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-02-12 01:10 . 2007-11-30 16:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris 2008-02-12 01:10 . 2007-11-30 16:29 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-02-12 00:55 . 2008-02-12 00:55 <REP> d-------- C:\Program Files\Avira 2008-02-12 00:55 . 2008-02-12 00:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-02-11 22:02 . 2007-06-13 14:22 1,078,482 --a------ C:\WINDOWS\xgwdrjp.exe 2008-02-11 22:02 . 2007-06-13 14:22 1,037,312 --a------ C:\WINDOWS\rxhkvnr.exe 2008-02-11 22:02 . 2008-02-11 22:02 2,563 --a------ C:\WINDOWS\image.jpg 2008-02-11 11:18 . 2008-02-11 12:07 <REP> d-------- C:\Program Files\PKR 2008-01-18 14:15 . 2008-01-18 14:15 268 --ah----- C:\sqmdata01.sqm 2008-01-18 14:15 . 2008-01-18 14:15 244 --ah----- C:\sqmnoopt01.sqm . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-13 18:08 303,104 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp 2008-02-13 18:08 1,334,272 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp 2008-02-13 01:48 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-13 01:07 --------- d-----w C:\Program Files\Java 2008-01-27 16:05 --------- d-----w C:\Program Files\World of Warcraft 2008-01-10 15:58 --------- d-----w C:\Program Files\VideoLAN 2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll 2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll 2007-12-04 01:16 339,968 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe 2007-11-30 18:33 155,995 ----a-w C:\WINDOWS\java\Packages\EQKUQ2CX.ZIP 2007-11-30 16:47 737,280 ----a-w C:\WINDOWS\iun6002.exe 2005-01-27 16:51 400,288 ----a-w C:\WINDOWS\inf\WPN311\WPN311.sys 2005-01-27 09:59 35,232 ----a-w C:\WINDOWS\inf\WPN311\ME_INST.EXE 2005-01-27 09:59 26,112 ----a-w C:\WINDOWS\inf\WPN311\install.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360] "ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-09-08 17:10 1085440] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 07:27 860160] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 14:43 7630848] "GameFace Messenger"="C:\Program Files\GameFace Messenger\GameFace.exe" [2006-08-02 16:06 2048000] "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 02:08 813912] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-06 00:52 849280] "MPSWiFiManager"="C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe" [2005-04-11 16:19 135168] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] "WD Button Manager"="WDBtnMgr.exe" [2007-12-04 02:16 339968 C:\WINDOWS\system32\WDBtnMgr.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-12 03:09 185896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 00:58 249896] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360] R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2005-09-27 10:02] S0 Qva72;Qva72;C:\WINDOWS\system32\Drivers\Qva72.sys [] S3 EnumChip;EnumChip;E:\VGART\EnumChip.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\install.EXE id= ver=1.0.0.0 . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-14 02:39:56 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe . ************************************************************************** . Temps d'accomplissement: 2008-02-14 2:41:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-02-14 01:41:03 . 2008-02-13 18:13:29 --- E O F --- Voili voilou. En esperant que je n'ai pas mis trop longtemps a reposter... Bonne nuit !
  20. Mâalin
    Pour les Maj Java, c'est ma faute, j'ai pas fait les demarches. Pour ce qui est d'IE, j'utilise firfox alors je plaide coupable avec circonstances atténuantes. Quant au firewall, c'est fait m'sieur !^^ Voici le rapport HjT : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:34:33, on 13/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\GameFace Messenger\GameFace.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Mâalin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7028 bytes J'espere que c'est bon maintenant Bonne nuit au fait
  21. Mâalin
    Pas de soucis pour le "retard", je te suis deja vraiment reconaissant de m'aider. D'autant que je n'arrive vraiment pas a savoir si ca progresse ou si l'infection est bien planquée...^^ Donc, le rapport AVG m'a dit : 0 rootkits found, et même congratlations je crois DAns le doute, j'ai refait un HjT... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:58:16, on 13/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\GameFace Messenger\GameFace.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\avgarkt.exe C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\5cpXq3.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Mâalin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6325 bytes A bientôt !
  22. Mâalin
    Coucou Le rapport Gmer, bien long désolé GMER 1.0.14.14116 - http://www.gmer.net Rootkit scan 2008-02-12 21:09:50 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \??\C:\WINDOWS\system32\jkghje.dll ZwCreateKey [0xF7698A2B] <-- ROOTKIT !!! SSDT BA980474 ZwCreateThread SSDT \??\C:\WINDOWS\system32\jkghje.dll ZwOpenKey [0xF7698ADF] <-- ROOTKIT !!! SSDT BA980460 ZwOpenProcess SSDT BA980465 ZwOpenThread SSDT BA98046F ZwTerminateProcess SSDT BA98046A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\Qva72.sys Accès refusé. .text jkghje.dll F76980D0 33 Bytes CALL F76980D5 \??\C:\WINDOWS\system32\jkghje.dll .text jkghje.dll F76980F2 1159 Bytes [ B7, 58, 3C, 81, 3C, 18, 50, ... ] .text jkghje.dll F769857A 96 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text jkghje.dll F76985DB 171 Bytes [ 78, C1, 43, 45, 79, C1, 42, ... ] .text jkghje.dll F7698687 53 Bytes [ 00, 00, 10, 00, 00, 10, 00, ... ] .text ... .text C:\WINDOWS\system32\jkghje.dll section is writeable [0xF7698000, 0x6AA7, 0xE8000020] ? C:\WINDOWS\system32\jkghje.dll Le fichier spécifié est introuvable. ---- User code sections - GMER 1.0.14 ---- ? C:\WINDOWS\System32\svchost.exe[1928] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dllunknown module: MSVCR71.dll .text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2448] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation) ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DA6BF0] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DA7883] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DA761B] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DAEBE7] C:\WINDOWS\system32\ADVAPI32.dll (API avancées Windows 32/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [76EE6C5B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [76EE5002] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [76ED5B4D] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [77F0C2AF] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [7C809BF8] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [7C80FD2D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] [7C80FC2F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C81320C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C80A017] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C812F1D] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C8111DA] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C80B905] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C80945C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C81CDDA] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C809B47] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C810637] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C80E93F] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80EA1B] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C830D74] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C809A09] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C809E01] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C80BAA1] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C80929C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C812BB6] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C9205D4] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C9279FD] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C92043D] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C809E79] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C802520] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C8024A7] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C810B1C] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C8350BF] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C920331] C:\WINDOWS\system32\ntdll.dll (DLL Couche NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C80B974] C:\WINDOWS\system32\kernel32.dll (DLL du client API BASE Windows NT/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C351E08] C:\WINDOWS\System32\MSVCR71.dll (Microsoft® C Runtime Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [77F6C41E] C:\WINDOWS\system32\SHLWAPI.dll (Bibliothèque d'utilitaires légers du Shell/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [77F4818C] C:\WINDOWS\system32\SHLWAPI.dll (Bibliothèque d'utilitaires légers du Shell/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7E3986C7] C:\WINDOWS\system32\USER32.dll (DLL client de l'API Utilisateur de Windows XP/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7E39A8AD] C:\WINDOWS\system32\USER32.dll (DLL client de l'API Utilisateur de Windows XP/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7E3AE5C2] C:\WINDOWS\system32\USER32.dll (DLL client de l'API Utilisateur de Windows XP/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [719F3EA1] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [719F615A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [719F428A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [719F3B91] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [719F406A] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [719F2B66] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [719F951E] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [719F2D0F] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [719F2C69] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [719F664D] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [719F46C9] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [719F3F41] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [719F9639] C:\WINDOWS\System32\WS2_32.dll (Windows Socket 2.0 32-Bit DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 00000000 IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [4EBC0F59] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [4EBC11D9] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [4EBC0756] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [4EBB358A] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [4EBB36A6] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [4EBB6D0B] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [4EBB38D9] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [4EBB4611] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[1928] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [4EBB46CE] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs jkghje.dll AttachedDevice \FileSystem\Ntfs \Ntfs Qva72.sys Device \FileSystem\Udfs \UdfsCdRom Qva72.sys Device \FileSystem\Mup \Dfs Qva72.sys Device \FileSystem\Udfs \UdfsDisk Qva72.sys Device \Driver\Tcpip \Device\Ip jkghje.dll Device \FileSystem\RAW \Device\RawTape Qva72.sys Device \FileSystem\MRxDAV \Device\WebDavRedirector Qva72.sys Device \Driver\Tcpip \Device\Tcp jkghje.dll Device \FileSystem\Mup \Device\Mup Qva72.sys Device \Driver\Tcpip \Device\Udp jkghje.dll Device \Driver\Tcpip \Device\RawIp jkghje.dll Device \FileSystem\RAW \Device\RawDisk Qva72.sys Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver Qva72.sys Device \Driver\Tcpip \Device\IPMULTICAST jkghje.dll Device \FileSystem\MRxSmb \Device\LanmanRedirector Qva72.sys Device \FileSystem\RAW \Device\RawCdRom Qva72.sys Device \FileSystem\Mup \Device\WinDfs\Root Qva72.sys Device \FileSystem\Cdfs \Cdfs Qva72.sys ---- Services - GMER 1.0.14 ---- Service C:\WINDOWS\system32\jkghje.dll (*** hidden *** ) [sYSTEM] wer32 <-- ROOTKIT !!! ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32@ImagePath \??\C:\WINDOWS\system32\jkghje.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32\Security Reg HKLM\SYSTEM\CurrentControlSet\Services\wer32\Security@Security 0x01 0x00 0x14 0x80 ... Reg HKLM\SYSTEM\ControlSet002\Services\wer32@Type 1 Reg HKLM\SYSTEM\ControlSet002\Services\wer32@Start 1 Reg HKLM\SYSTEM\ControlSet002\Services\wer32@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet002\Services\wer32@ImagePath \??\C:\WINDOWS\system32\jkghje.dll Reg HKLM\SYSTEM\ControlSet002\Services\wer32\Security Reg HKLM\SYSTEM\ControlSet002\Services\wer32\Security@Security 0x01 0x00 0x14 0x80 ... ---- EOF - GMER 1.0.14 ---- Le rapport Vundo est quant a lui bien plus court lol : VundoFix V6.7.8 Checking Java version... Scan started at 21:11:34 12/02/2008 Listing files found while scanning.... No infected files were found. Beginning removal... J'espere avoir tout bien fait, j'avoue que je suis un peu dépassé ( voir beaucoup ) en informatique, j'ai l'impression que c'est sans fin^^ Merci encore pour le temps que vous ( je te remercie Angélique ) me consacrez !
  23. Mâalin
    euh... ca me dit : le fichier choisi est invalide.
  24. Mâalin
    Me revoila les analyses sont terminées. Voici les rapports : Hjt : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:10:11, on 12/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\GameFace Messenger\GameFace.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\WDBtnMgr.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Veoh Networks\Veoh\VeohClient.exe C:\Program Files\NETGEAR\WPN311\wlancfg5.exe C:\Program Files\Club-Internet\Lanceur\lanceur.exe C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Mâalin\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [MPSWiFiManager] C:\Program Files\Club-Internet\Agent Wifi\AgentWifi.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe O4 - Global Startup: NETGEAR WPN311 Wireless Assistant.lnk = C:\Program Files\NETGEAR\WPN311\wlancfg5.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: LogCrypt - LogCrypt.dll (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6381 bytes Et le Rapport Anitivir : AntiVir PersonalEdition Classic Report file date: mardi 12 février 2008 16:56 Scanning for 1100398 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: M-9870DDA929904 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 23:58:57 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 23:58:57 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 23:58:57 ANTIVIR3.VDF : 7.0.2.124 54272 Bytes 12/02/2008 13:04:26 AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 12/02/2008 13:04:26 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/02/2008 23:58:58 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 12 février 2008 16:56 Starting search for hidden objects. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\errorcontrol [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\imagepath [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\extparamd [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\Security\security [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\errorcontrol [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\imagepath [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\extparamd [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wer32\Security\security [NOTE] The registry entry is invisible. '30561' objects were checked, '12' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mpbtn.exe' - '1' Module(s) have been scanned Scan process 'lanceur.exe' - '1' Module(s) have been scanned Scan process 'wlancfg5.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'VeohClient.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'WDBtnMgr.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'AgentWifi.exe' - '1' Module(s) have been scanned Scan process 'ipoint.exe' - '1' Module(s) have been scanned Scan process 'itype.exe' - '1' Module(s) have been scanned Scan process 'GameFace.exe' - '1' Module(s) have been scanned Scan process 'SMax4.exe' - '1' Module(s) have been scanned Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 42 processes with 42 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '32' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\jkghje.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\Qva72.sys [WARNING] The file could not be opened! End of the scan: mardi 12 février 2008 17:09 Used time: 12:56 min The scan has been done completely. 2921 Scanning directories 89525 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 89525 Files not concerned 591 Archives were scanned 3 Warnings 0 Notes 30561 Objects were scanned with rootkit scan 12 Hidden objects were found J'ai bien ouvert les fichiers cachés et tout, j'ai fait le move it et l'antivir, mais, histoire de voir, j'ai été dans System32 et le fichiers LogCrypt.dll existe toujours bien que les rapports semblent dire qu'il n'existe plus... Est ce normal? @+
  25. Mâalin
    Bien, j'ai relancé l'antivirus et j'attend qu'il se termine pour faire un nouveau Hjt mais j'ai une petite question : "Lorsque tu aura fini d'intervenir dans les répertoires système, fait la manip inverse pour recacher les fichiers système." En quoi dois je intervenir dans les fichiers systemes?
×
×
  • Créer...