Aller au contenu

clache

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    77

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par clache

  1. clache
    Bonjour PEAR j'ai fait ce qui est demandé, par contre le scan de combofix s'est lancé avant que je ne désactive l'anti virus ( avira) si le rapport n'est pas correct, merci de me le dire. Voici le fichier de resultat du scan ComboFix 10-05-14.06 - Monique&Claude 15/05/2010 14:22:20.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2046.1094 [GMT 2:00] Lancé depuis: c:\users\Monique&Claude\Desktop\ComboFix.exe SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\Microsoft\Network\Downloader\qmgr0.dat c:\programdata\Microsoft\Network\Downloader\qmgr1.dat c:\users\Monique&Claude\AppData\Roaming\Microsoft\Windows\Recent\manga passion.url c:\users\Monique\AppData\Local\Microsoft\Windows\Temporary Internet Files\scrollbar.css c:\windows\system32\AbaleZip.dll ----- BITS: Il y a peut-être des sites infectés ----- hxxp://solaruploader.com . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-15 au 2010-05-15 )))))))))))))))))))))))))))))))))))) . 2010-05-15 12:30 . 2010-05-15 12:30 -------- d-----w- c:\users\Monique\AppData\Local\temp 2010-05-15 12:30 . 2010-05-15 12:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-05-15 12:30 . 2010-05-15 12:30 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp 2010-05-15 12:30 . 2010-05-15 12:30 -------- d-----w- c:\users\Camille\AppData\Local\temp 2010-05-14 17:09 . 2008-11-19 07:41 16640 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383.sys 2010-05-14 17:09 . 2010-05-14 17:09 -------- d-----w- c:\program files\Wondershare 2010-05-13 17:01 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll 2010-05-13 16:47 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll 2010-05-13 08:28 . 2010-05-14 16:07 -------- d-----w- C:\rsit 2010-05-13 08:28 . 2010-05-14 16:07 -------- d-----w- c:\program files\trend micro 2010-05-13 08:26 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-13 08:26 . 2010-05-13 08:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-13 08:26 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-12 18:56 . 2010-05-12 22:58 -------- d-----w- c:\program files\a-squared Free 2010-05-12 18:53 . 2010-05-12 18:53 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\Uniblue 2010-05-12 03:29 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll 2010-05-08 11:49 . 2010-05-08 11:49 -------- d-----w- c:\users\Monique&Claude\AppData\Local\Western Digital 2010-05-02 15:46 . 2010-05-02 15:46 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\Media Player Classic 2010-05-02 15:00 . 2010-05-02 15:00 -------- d-----w- c:\users\Monique\AppData\Roaming\TuneUp Software 2010-05-02 12:38 . 2010-04-20 14:40 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2010-05-02 12:38 . 2010-04-20 14:35 21320 ----a-w- c:\windows\system32\authuitu.dll 2010-05-02 12:38 . 2010-04-20 14:35 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2010-05-02 12:38 . 2010-05-02 12:38 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\TuneUp Software 2010-05-02 12:38 . 2010-05-02 12:40 -------- d-----w- c:\program files\TuneUp Utilities 2010 2010-05-02 12:37 . 2010-05-02 12:38 -------- d-----w- c:\programdata\TuneUp Software 2010-05-02 12:37 . 2010-05-02 12:37 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-04-30 21:08 . 2010-04-30 21:08 -------- d-----w- c:\program files\Haali 2010-04-30 21:08 . 2010-04-30 21:08 -------- d-----w- c:\program files\DScaler5 2010-04-30 21:07 . 2010-04-30 21:07 -------- d-----w- c:\program files\MPC HomeCinema 2010-04-30 15:24 . 2010-04-30 15:29 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\vlc 2010-04-28 16:55 . 2010-04-28 16:55 -------- d-----w- c:\users\Monique\AppData\Roaming\Yahoo! 2010-04-25 19:10 . 2010-05-12 19:10 -------- d-----w- c:\programdata\Yahoo! Companion 2010-04-25 19:10 . 2010-04-25 19:10 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\Yahoo! 2010-04-25 19:10 . 2010-04-25 19:10 -------- d-----w- c:\program files\Yahoo! 2010-04-21 20:20 . 2010-04-21 20:20 -------- d-----w- c:\users\Monique\AppData\Local\PCTV Systems 2010-04-21 19:59 . 2010-04-21 19:59 -------- d-----w- c:\windows\system32\Hauppauge 2010-04-21 19:49 . 2010-04-21 19:49 -------- d-----w- c:\users\Monique&Claude\AppData\Local\PCTV Systems 2010-04-21 19:44 . 2010-04-21 19:59 -------- d-----w- c:\program files\PCTV Systems 2010-04-21 19:44 . 2010-04-21 19:45 -------- d-----w- c:\program files\Common Files\PCTV Systems 2010-04-21 19:42 . 2010-04-21 19:50 -------- d-----w- c:\programdata\PCTV Systems 2010-04-21 17:10 . 2010-04-21 17:10 -------- d-----w- c:\windows\system32\RTCOM 2010-04-21 16:46 . 2010-04-21 16:46 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\DivX 2010-04-21 12:00 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-04-20 20:03 . 2010-04-03 22:55 56424 ----a-w- c:\windows\system32\OpenCL.dll 2010-04-20 20:03 . 2010-04-03 22:55 11573800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2010-04-20 20:03 . 2010-04-03 22:55 4503144 ----a-w- c:\windows\system32\nvwgf2um.dll 2010-04-20 20:03 . 2010-04-03 22:55 15227496 ----a-w- c:\windows\system32\nvoglv32.dll 2010-04-20 20:03 . 2010-04-03 22:55 4029544 ----a-w- c:\windows\system32\nvcuda.dll 2010-04-20 20:03 . 2010-04-03 22:55 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-04-20 20:03 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod1914.dll 2010-04-20 20:03 . 2010-04-03 22:55 227944 ----a-w- c:\windows\system32\nvcod.dll 2010-04-20 20:03 . 2010-04-03 22:55 2009704 ----a-w- c:\windows\system32\nvcuvid.dll 2010-04-20 20:03 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll 2010-04-20 20:00 . 2010-04-20 20:00 -------- d-----w- c:\windows\system32\WinFast 2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\users\Monique\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 07:25 . 2010-04-06 15:41 71253 ----a-w- c:\programdata\nvModes.dat 2010-05-15 06:54 . 2007-09-01 08:15 -------- d-----w- c:\programdata\NVIDIA 2010-05-13 17:26 . 2007-06-01 21:03 -------- d-----w- c:\program files\Google 2010-05-13 08:09 . 2007-09-01 08:03 680 ----a-w- c:\users\Monique&Claude\AppData\Local\d3d9caps.dat 2010-05-12 12:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-05-12 08:47 . 2007-06-02 06:18 669328 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-12 08:47 . 2007-06-02 06:18 123350 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-12 08:45 . 2009-02-08 10:00 1 ----a-w- c:\users\Monique&Claude\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-10 19:15 . 2009-02-08 10:02 1 ----a-w- c:\users\Monique\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-02 12:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-04-30 21:07 . 2007-10-28 08:10 -------- d-----w- c:\program files\ffdshow 2010-04-25 19:10 . 2007-09-01 17:24 -------- d-----w- c:\program files\CCleaner 2010-04-24 16:18 . 2008-04-06 14:29 -------- d-----w- c:\program files\Opera 2010-04-24 16:04 . 2007-12-24 08:43 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\XnView 2010-04-21 17:11 . 2009-12-22 12:26 -------- d--h--w- c:\program files\Temp 2010-04-21 17:09 . 2007-06-01 20:40 319456 ----a-w- c:\windows\DIFxAPI.dll 2010-04-21 17:09 . 2007-06-01 20:38 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-04-21 16:49 . 2007-11-02 10:01 -------- d-----w- c:\program files\Picasa2 2010-04-21 14:01 . 2007-10-28 08:10 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-04-20 19:54 . 2009-12-22 12:05 -------- d-----w- c:\programdata\ma-config.com 2010-04-20 19:54 . 2009-12-22 12:05 -------- d-----w- c:\program files\ma-config.com 2010-04-10 22:08 . 2010-04-10 22:08 -------- d-----w- c:\programdata\McAfee 2010-04-10 12:46 . 2009-03-04 11:23 -------- d-----w- c:\users\Monique\AppData\Roaming\MEGAUPLOADTOOLBAR 2010-04-10 11:23 . 2010-04-10 10:37 -------- d-----w- c:\program files\Conquer Online 2.0 2010-04-07 16:58 . 2010-04-06 15:31 600680 ----a-w- c:\windows\system32\nvuninst.exe 2010-04-06 15:51 . 2009-12-22 12:19 -------- d-----w- c:\program files\NVIDIA Corporation 2010-04-06 15:24 . 2009-03-05 10:42 -------- d-----w- c:\program files\AGEIA Technologies 2010-04-06 15:16 . 2009-12-22 13:44 -------- d-----w- c:\users\Monique&Claude\AppData\Roaming\HpUpdate 2010-04-03 22:55 . 2010-04-20 20:03 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2010-04-03 22:55 . 2010-04-06 15:31 600680 ----a-w- c:\windows\system32\nvudisp.exe 2010-04-03 22:55 . 2009-10-29 13:55 9386600 ----a-w- c:\windows\system32\nvd3dum.dll 2010-04-03 22:55 . 2009-10-29 13:55 1296488 ----a-w- c:\windows\system32\nvapi.dll 2010-04-03 16:27 . 2010-04-03 16:27 985704 ----a-w- c:\windows\system32\nvsvc.dll 2010-04-03 16:27 . 2010-04-03 16:27 1515624 ----a-w- c:\windows\system32\nvsvcr.dll 2010-04-03 16:27 . 2010-04-03 16:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll 2010-04-03 16:27 . 2010-04-03 16:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-04-03 16:27 . 2010-04-03 16:27 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-03-27 12:10 . 2009-12-16 07:24 -------- d-----w- c:\programdata\Norton 2010-03-27 12:09 . 2007-11-02 14:26 -------- d-----w- c:\program files\Canon 2010-03-26 16:24 . 2010-04-21 17:09 3048096 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys 2010-03-26 16:03 . 2010-04-21 17:09 1749536 ----a-w- c:\windows\system32\RtkPgExt.dll 2010-03-26 16:03 . 2010-04-21 17:09 57888 ----a-w- c:\windows\system32\RtkCoInst.dll 2010-03-26 16:02 . 2010-04-21 17:09 371232 ----a-w- c:\windows\system32\RtkApoApi.dll 2010-03-26 16:02 . 2010-04-21 17:09 2649120 ----a-w- c:\windows\system32\RtkAPO.dll 2010-03-26 15:45 . 2007-09-02 16:01 8224 ----a-w- c:\users\Camille\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-22 12:22 . 2010-04-21 17:09 1247776 ----a-w- c:\windows\RtlExUpd.dll 2010-03-20 17:41 . 2010-03-20 17:41 -------- d-----w- c:\programdata\Avira 2010-03-20 17:41 . 2010-03-20 17:41 -------- d-----w- c:\program files\Avira 2010-03-20 17:33 . 2007-06-01 21:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-03-20 17:32 . 2009-03-21 08:39 -------- d-----w- c:\program files\Symantec 2010-03-20 17:32 . 2007-10-27 16:34 -------- d-----w- c:\programdata\Symantec 2010-03-20 13:37 . 2010-03-20 13:37 -------- d-----w- c:\program files\Gameforge4D 2010-03-17 18:41 . 2010-03-17 18:14 -------- d-----w- c:\program files\Gimp 2010-03-17 10:08 . 2010-04-21 17:09 307616 ----a-w- c:\windows\system32\FMAPO.dll 2010-03-16 06:51 . 2010-04-06 15:47 215656 ----a-w- c:\windows\system32\nvcod1910.dll 2010-03-08 14:31 . 2010-03-08 14:31 26896 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\iTVCenter.dll 2010-03-08 14:31 . 2010-03-08 14:31 24336 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\TvServiceClient.dll 2010-03-04 15:19 . 2010-03-04 18:02 38784 ----a-w- c:\users\Monique\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-03-04 15:19 . 2010-03-04 15:19 38784 ----a-w- c:\users\Monique&Claude\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-03-04 15:19 . 2010-03-04 15:19 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-03-04 14:21 . 2010-03-04 14:21 120080 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\Misc.Util.dll 2010-03-04 14:21 . 2010-03-04 14:21 48912 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\Misc.Media.dll 2010-03-04 14:21 . 2010-03-04 14:21 103696 ----a-w- c:\programdata\PCTV Systems\TVCenter\DocRoot\iTVCenter\bin\Misc.IO.dll 2010-03-03 19:50 . 2007-08-24 16:18 98368 ----a-w- c:\users\Monique&Claude\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-24 14:09 . 2007-08-25 12:54 98368 ----a-w- c:\users\Monique\AppData\Local\GDIPFONTCACHEV1.DAT 2010-02-23 11:10 . 2010-04-14 21:27 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-02-23 11:10 . 2010-04-14 21:27 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2010-02-23 11:10 . 2010-04-14 21:27 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2010-02-23 06:39 . 2010-05-13 16:49 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 06:33 . 2010-05-13 16:49 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-02-23 06:33 . 2010-05-13 16:49 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-02-23 04:55 . 2010-05-13 16:49 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-02-20 23:06 . 2010-03-11 13:01 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-02-20 23:05 . 2010-03-11 13:01 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-02-20 20:53 . 2010-03-11 13:01 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr 2010-02-18 14:07 . 2010-04-14 21:26 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-02-18 14:07 . 2010-04-14 21:26 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-02-18 14:07 . 2010-04-14 21:26 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-18 13:30 . 2010-04-14 21:26 200704 ----a-w- c:\windows\system32\iphlpsvc.dll 2010-02-18 11:28 . 2010-04-14 21:26 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys 2007-09-01 20:06 . 2007-09-01 20:06 22 --sha-w- c:\windows\SMINST\HPCD.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-01-08 98304] "RemoTerm.exe"="c:\program files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe" [2010-02-24 220944] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2010-02-23 638232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "etMonitor"="c:\windows\etMon.exe" [2007-09-19 102400] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "CANAL+ CANALSAT A LA DEMANDE"="c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" [2009-12-07 163928] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Rechercher les mises … jour.lnk - c:\program files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe "ehTray.exe"=c:\windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):8c,16,c7,43,b4,6a,ca,01 R2 CanalPlus.VOD;CanalPlus.VOD;c:\program files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2009-12-07 188416] R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696] R3 DCamUSBET;ET USB 2750 Camera;c:\windows\system32\DRIVERS\etDevice.sys [2008-03-01 131712] R3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\DRIVERS\etFilter.sys [2008-06-12 183168] R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-04-03 243056] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-06-28 3100060] R3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\DRIVERS\etScan.sys [2007-09-07 6656] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-15 1872320] S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-01-08 233472] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-20 1050440] S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-01-08 36608] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - FSUSBEXDISK *Deregistered* - jahnlt [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Tâches planifiées' 2010-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004Core.job - c:\users\Monique\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 07:57] 2010-05-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004UA.job - c:\users\Monique\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-17 07:57] 2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{997C55C0-66A2-475B-8778-829FD12EEECF}.job - c:\windows\system32\msfeedssync.exe [2010-05-13 04:54] 2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{B8F0A0D2-08CA-480D-9ECD-D89D14DB0951}.job - c:\windows\system32\msfeedssync.exe [2010-05-13 04:54] 2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{E751C124-48C6-4A88-AFDD-210D6596364B}.job - c:\windows\system32\msfeedssync.exe [2010-05-13 04:54] 2010-05-15 c:\windows\Tasks\User_Feed_Synchronization-{E9981789-9055-4D0F-AE12-E069F2AA4615}.job - c:\windows\system32\msfeedssync.exe [2010-05-13 04:54] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.free.fr/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=73&bd=Pavilion&pf=desktop IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHELINS SUPPRIMES - - - - BHO-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - c:\progra~1\MEGAUP~2\MEGAUP~1.DLL Toolbar-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - c:\progra~1\MEGAUP~2\MEGAUP~1.DLL WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - c:\progra~1\MEGAUP~2\MEGAUP~1.DLL ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\jahnlt] . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-901323267-570254288-1772102938-1001\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:8a,b8,c4,e1,a0,62,40,98,57,80,30,e3,fc,0f,73,6b,c2,63,3a,47,0e, fb,27,b4,c5,79,a1,b0,3f,63,d7,42,ad,74,72,a6,05,25,64,4c,70,e1,8b,14,02,d4,\ "rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8 [HKEY_USERS\S-1-5-21-901323267-570254288-1772102938-1002\Software\SecuROM\License information*] "datasecu"=hex:08,4a,c0,0c,5c,25,73,0c,43,e5,5a,e7,56,ff,44,96,92,25,d9,6f,1d, 22,fd,d0,cf,02,9a,d0,80,c7,cb,99,19,ea,9c,5c,f4,fe,63,01,5b,62,a2,89,a7,d1,\ "rkeysecu"=hex:2f,20,05,df,a2,92,8b,f3,ae,d7,c1,81,bf,ba,1a,b8 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Heure de fin: 2010-05-15 14:34:58 ComboFix-quarantined-files.txt 2010-05-15 12:34 Avant-CF: 168 287 846 400 octets libres Après-CF: 174 369 337 344 octets libres Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7 - - End Of File - - AC2E5946FE262EFAA7788115FA576C6E
  2. clache
    En voici un nouveau apres MBAM J'espère que cela te conviendra A Plus Logfile of random's system information tool 1.07 (written by random/random) Run by Monique&Claude at 2010-05-14 18:07:15 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 165 GB (56%) free of 297 GB Total RAM: 2046 MB (51% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:07:26, on 14/05/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\etMon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Users\Monique&Claude\Downloads\RSIT.exe C:\Program Files\trend micro\Monique&Claude.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing) O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [etMonitor] C:\Windows\etMon.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000097.000001cd O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run: [M5T8QL3YW3] C:\Users\Kévin\AppData\Local\Temp\Hfl.exe (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run: [userinit] C:\Users\Kévin\AppData\Roaming\sdra64.exe (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run: [ljiigdsys] rundll32.exe "c:\users\kvin~1\appdata\local\temp\jkkiih.dll",DllRegisterServer (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run: [lkdbixwd] C:\Users\Kévin\AppData\Local\ypgwadeor\prrynsutssd.exe (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\Run: [ljghhfdrv] rundll32.exe "c:\users\kvin~1\appdata\local\temp\khgggd.dll",s (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1002\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000097.000001cd (User 'Kévin') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1004\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Monique') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1004\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000097.000001cd (User 'Monique') O4 - Global Startup: Rechercher les mises à jour.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 25023 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004UA.job C:\Windows\tasks\User_Feed_Synchronization-{997C55C0-66A2-475B-8778-829FD12EEECF}.job C:\Windows\tasks\User_Feed_Synchronization-{B8F0A0D2-08CA-480D-9ECD-D89D14DB0951}.job C:\Windows\tasks\User_Feed_Synchronization-{E751C124-48C6-4A88-AFDD-210D6596364B}.job C:\Windows\tasks\User_Feed_Synchronization-{E9981789-9055-4D0F-AE12-E069F2AA4615}.job C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536] "KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536] "OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784] ""= [] "etMonitor"=C:\Windows\etMon.exe [2007-09-19 102400] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904] "CANAL+ CANALSAT A LA DEMANDE"=C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe [2009-12-07 163928] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-01-08 98304] "RemoTerm.exe"=C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [2010-02-24 220944] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Rechercher les mises à jour.lnk - C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08db3f98-5925-11dc-aced-001bfc5fb5f2}] shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cc8e079-f3d2-11de-99a1-001bfc5fb5f2}] shell\Auto\command - J:\launcher.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee10869-1658-11dc-819f-806e6f6e6963}] shell\AutoRun\command - E:\autorun.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-05-13 22:17:05 ----D---- C:\Program Files\Mozilla Firefox 2010-05-13 19:01:09 ----A---- C:\Windows\system32\vbscript.dll 2010-05-13 19:01:09 ----A---- C:\Windows\system32\jscript.dll 2010-05-13 18:49:14 ----A---- C:\Windows\system32\occache.dll 2010-05-13 18:49:14 ----A---- C:\Windows\system32\mstime.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\msfeeds.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\jsproxy.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\ieui.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\iesetup.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\iepeers.dll 2010-05-13 18:49:12 ----A---- C:\Windows\system32\wininet.dll 2010-05-13 18:49:12 ----A---- C:\Windows\system32\msfeedssync.exe 2010-05-13 18:49:12 ----A---- C:\Windows\system32\iernonce.dll 2010-05-13 18:49:12 ----A---- C:\Windows\system32\ie4uinit.exe 2010-05-13 18:49:11 ----A---- C:\Windows\system32\urlmon.dll 2010-05-13 18:49:11 ----A---- C:\Windows\system32\ieUnatt.exe 2010-05-13 18:49:11 ----A---- C:\Windows\system32\iesysprep.dll 2010-05-13 18:49:11 ----A---- C:\Windows\system32\iertutil.dll 2010-05-13 18:49:11 ----A---- C:\Windows\system32\iedkcs32.dll 2010-05-13 18:49:10 ----A---- C:\Windows\system32\ieframe.dll 2010-05-13 18:49:09 ----A---- C:\Windows\system32\mshtml.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\mshtmler.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\mshtmled.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\icardie.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\admparse.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\msls31.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\imgutil.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\ieakeng.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\dxtrans.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\dxtmsft.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\corpol.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\WinFXDocObj.exe 2010-05-13 18:47:43 ----A---- C:\Windows\system32\wextract.exe 2010-05-13 18:47:43 ----A---- C:\Windows\system32\webcheck.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\msrating.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\licmgr10.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\inseng.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\ieakui.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\ieaksie.dll 2010-05-13 18:47:42 ----A---- C:\Windows\system32\pngfilt.dll 2010-05-13 18:47:42 ----A---- C:\Windows\system32\ieapfltr.dll 2010-05-13 18:47:42 ----A---- C:\Windows\system32\advpack.dll 2010-05-13 18:47:41 ----A---- C:\Windows\system32\url.dll 2010-05-13 18:47:41 ----A---- C:\Windows\system32\mshta.exe 2010-05-13 18:47:41 ----A---- C:\Windows\system32\iexpress.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\SetDepNx.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\PDMSetup.exe 2010-05-13 10:28:47 ----D---- C:\rsit 2010-05-13 10:28:47 ----D---- C:\Program Files\trend micro 2010-05-13 10:26:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-12 22:06:43 ----A---- C:\Windows\ntbtlog.txt 2010-05-12 20:56:11 ----D---- C:\Program Files\a-squared Free 2010-05-12 20:53:22 ----D---- C:\Users\Monique&Claude\AppData\Roaming\Uniblue 2010-05-12 05:29:06 ----A---- C:\Windows\system32\inetcomm.dll 2010-05-02 17:46:12 ----D---- C:\Users\Monique&Claude\AppData\Roaming\Media Player Classic 2010-05-02 14:38:59 ----A---- C:\Windows\system32\uxtuneup.dll 2010-05-02 14:38:59 ----A---- C:\Windows\system32\TURegOpt.exe 2010-05-02 14:38:59 ----A---- C:\Windows\system32\authuitu.dll 2010-05-02 14:38:25 ----D---- C:\Users\Monique&Claude\AppData\Roaming\TuneUp Software 2010-05-02 14:38:16 ----D---- C:\Program Files\TuneUp Utilities 2010 2010-05-02 14:37:44 ----D---- C:\ProgramData\TuneUp Software 2010-05-02 14:37:35 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-04-30 23:08:39 ----D---- C:\Program Files\Haali 2010-04-30 23:08:12 ----D---- C:\Program Files\DScaler5 2010-04-30 23:07:05 ----D---- C:\Program Files\MPC HomeCinema 2010-04-30 17:24:50 ----D---- C:\Users\Monique&Claude\AppData\Roaming\vlc 2010-04-25 21:10:41 ----D---- C:\Users\Monique&Claude\AppData\Roaming\Yahoo! 2010-04-25 21:10:41 ----D---- C:\ProgramData\Yahoo! Companion 2010-04-25 21:10:39 ----D---- C:\Program Files\Yahoo! 2010-04-21 22:06:40 ----D---- C:\Windows\pss 2010-04-21 21:59:52 ----D---- C:\Windows\system32\Hauppauge 2010-04-21 21:44:13 ----D---- C:\Program Files\PCTV Systems 2010-04-21 21:44:13 ----D---- C:\Program Files\Common Files\PCTV Systems 2010-04-21 21:42:41 ----D---- C:\ProgramData\PCTV Systems 2010-04-21 19:10:33 ----D---- C:\Windows\system32\RTCOM 2010-04-21 19:09:31 ----A---- C:\Windows\system32\SRSWOW.dll 2010-04-21 19:09:31 ----A---- C:\Windows\system32\SRSTSXT.dll 2010-04-21 19:09:28 ----A---- C:\Windows\system32\RtkPgExt.dll 2010-04-21 19:09:27 ----A---- C:\Windows\system32\RtkCoInst.dll 2010-04-21 19:09:27 ----A---- C:\Windows\system32\RtkApoApi.dll 2010-04-21 19:09:25 ----A---- C:\Windows\system32\RtkAPO.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEEP32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEEL32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEEG32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEED32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RP3DHT32.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RP3DAA32.dll 2010-04-21 19:09:22 ----A---- C:\Windows\system32\FMAPO.dll 2010-04-21 19:09:21 ----A---- C:\Windows\system32\AERTARen.dll 2010-04-21 19:09:21 ----A---- C:\Windows\system32\AERTACap.dll 2010-04-21 19:09:16 ----A---- C:\Windows\RtlExUpd.dll 2010-04-21 18:46:49 ----D---- C:\Users\Monique&Claude\AppData\Roaming\DivX 2010-04-21 14:00:25 ----A---- C:\Windows\system32\browserchoice.exe 2010-04-20 22:03:30 ----A---- C:\Windows\system32\OpenCL.dll 2010-04-20 22:03:29 ----A---- C:\Windows\system32\nvwgf2um.dll 2010-04-20 22:03:28 ----A---- C:\Windows\system32\nvoglv32.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcuvid.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcuvenc.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcuda.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcompiler.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcod1914.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcod.dll 2010-04-20 22:00:38 ----D---- C:\Windows\system32\WinFast ======List of files/folders modified in the last 1 months====== 2010-05-14 18:07:14 ----D---- C:\Windows\Temp 2010-05-14 17:54:13 ----D---- C:\Windows\system32\Tasks 2010-05-14 17:54:12 ----D---- C:\Windows\Tasks 2010-05-14 17:06:22 ----D---- C:\Windows\Prefetch 2010-05-14 14:37:59 ----D---- C:\Windows\system32\drivers 2010-05-14 14:37:59 ----D---- C:\Windows\Options 2010-05-14 11:14:37 ----SHD---- C:\System Volume Information 2010-05-14 09:20:31 ----D---- C:\ProgramData\NVIDIA 2010-05-13 22:17:05 ----D---- C:\Program Files 2010-05-13 21:27:35 ----D---- C:\Windows\System32 2010-05-13 21:26:27 ----D---- C:\Windows\system32\WDI 2010-05-13 21:24:03 ----D---- C:\Windows\winsxs 2010-05-13 19:26:15 ----SHD---- C:\Windows\Installer 2010-05-13 19:26:15 ----D---- C:\ProgramData\Google 2010-05-13 19:26:15 ----D---- C:\Program Files\Google 2010-05-13 19:10:26 ----D---- C:\Windows\rescache 2010-05-13 19:01:06 ----D---- C:\Windows\system32\catroot 2010-05-13 18:50:40 ----D---- C:\Windows\system32\migration 2010-05-13 18:50:40 ----D---- C:\Program Files\Internet Explorer 2010-05-13 18:50:39 ----D---- C:\Windows\system32\fr-FR 2010-05-13 18:50:37 ----D---- C:\Windows\system32\en-US 2010-05-13 18:50:37 ----D---- C:\Windows\PolicyDefinitions 2010-05-13 18:50:02 ----D---- C:\Windows\system32\catroot2 2010-05-13 18:42:58 ----D---- C:\Windows 2010-05-13 18:29:16 ----D---- C:\Windows\Help 2010-05-13 11:08:21 ----D---- C:\Windows\IME 2010-05-13 10:53:28 ----D---- C:\Windows\system 2010-05-13 10:51:01 ----HD---- C:\ProgramData 2010-05-12 21:07:11 ----D---- C:\Windows\Debug 2010-05-12 14:01:07 ----D---- C:\Program Files\Windows Mail 2010-05-12 10:47:02 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-05-12 10:47:01 ----D---- C:\Windows\inf 2010-05-11 22:29:36 ----D---- C:\Windows\system32\wbem 2010-05-11 22:23:09 ----D---- C:\Windows\system32\spool 2010-05-11 22:23:09 ----D---- C:\Windows\system32\CodeIntegrity 2010-05-11 22:23:08 ----D---- C:\Windows\registration 2010-05-02 17:30:10 ----SHD---- C:\Boot 2010-05-02 17:30:10 ----D---- C:\Windows\system32\config 2010-05-02 14:39:08 ----D---- C:\Program Files\Windows Sidebar 2010-04-30 23:07:44 ----D---- C:\Program Files\ffdshow 2010-04-30 20:51:06 ----A---- C:\Windows\system32\mrt.exe 2010-04-29 14:14:40 ----RSD---- C:\Windows\Fonts 2010-04-25 21:10:34 ----D---- C:\Program Files\CCleaner 2010-04-24 18:18:34 ----D---- C:\Program Files\Opera 2010-04-24 18:04:16 ----D---- C:\Users\Monique&Claude\AppData\Roaming\XnView 2010-04-22 08:50:39 ----D---- C:\Windows\Microsoft.NET 2010-04-22 08:50:34 ----RSD---- C:\Windows\assembly 2010-04-21 21:44:13 ----D---- C:\Program Files\Common Files 2010-04-21 19:11:16 ----HD---- C:\Program Files\Temp 2010-04-21 19:09:39 ----A---- C:\Windows\DIFxAPI.dll 2010-04-21 19:09:19 ----HD---- C:\Program Files\InstallShield Installation Information 2010-04-21 18:54:33 ----D---- C:\Windows\Minidump 2010-04-21 18:49:12 ----D---- C:\Program Files\Picasa2 2010-04-21 16:01:14 ----A---- C:\Windows\system32\ff_vfw.dll 2010-04-20 21:54:19 ----D---- C:\ProgramData\ma-config.com 2010-04-20 21:54:19 ----D---- C:\Program Files\ma-config.com 2010-04-20 21:43:31 ----SD---- C:\Windows\Downloaded Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2007-12-28 165376] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2007-12-28 18048] R3 azvusb;Virtual USB Hub; C:\Windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544] R3 E100B;Pilote de carte Intel ® PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-19 159744] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-08 36608] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-03-26 3048096] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-01-28 68200] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-04 11573800] R3 ovt519;Trust 320 SpaceCam; C:\Windows\System32\Drivers\ov519vid.sys [2003-09-25 174530] R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] R3 USB28xxBGA;USB 2870 Device; C:\Windows\system32\DRIVERS\emBDA.sys [2008-11-07 561536] R3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2008-11-07 455168] R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 DCamUSBET;ET USB 2750 Camera; C:\Windows\system32\DRIVERS\etDevice.sys [2008-03-01 131712] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2010-04-03 14336] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-06-12 183168] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-13 25280] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2007-09-07 6656] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2008-02-22 87936] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-04-15 1872320] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2009-12-07 188416] R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-01-08 233472] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-06-04 354840] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-20 1050440] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504] S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696] S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S3 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264] S3 M1 Server;Intel® Viiv Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-08-31 26624] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-04-03 243056] S3 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-06-28 3100060] S3 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256] S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656] S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-05-02 435016] -----------------EOF----------------- voili voilou
  3. clache
    Voila les fichiesr de scan que je viens de terminer, j'ai encore 2 positifs Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4095 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.18904 14/05/2010 14:37:23 mbam-log-2010-05-14 (14-37-23).txt Type d'examen: Examen complet (C:\|D:\|) Elément(s) analysé(s): 339789 Temps écoulé: 1 heure(s), 35 minute(s), 4 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Windows\System32\drivers\jahnlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> Quarantined and deleted successfully. le scan de rsit Logfile of random's system information tool 1.07 (written by random/random) Run by Monique&Claude at 2010-05-14 12:52:38 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 System drive C: has 165 GB (56%) free of 297 GB Total RAM: 2046 MB (53% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:53:13, on 14/05/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Windows\etMon.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe C:\Program Files\Common Files\PCTV Systems\RemoTerm\remoterm.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Monique&Claude\Downloads\RSIT.exe C:\Program Files\trend micro\Monique&Claude.exe C:\hp\kbd\kbd.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing) O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [etMonitor] C:\Windows\etMon.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [CANAL+ CANALSAT A LA DEMANDE] "C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [RemoTerm.exe] C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000097.000001cd O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1004\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Monique') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1004\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Monique') O4 - HKUS\S-1-5-21-901323267-570254288-1772102938-1004\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000097.000001cd (User 'Monique') O4 - Global Startup: Rechercher les mises à jour.lnk = C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\uxtuneup.dll,-4096 (UxTuneUp) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 23775 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-901323267-570254288-1772102938-1004UA.job C:\Windows\tasks\User_Feed_Synchronization-{997C55C0-66A2-475B-8778-829FD12EEECF}.job C:\Windows\tasks\User_Feed_Synchronization-{B8F0A0D2-08CA-480D-9ECD-D89D14DB0951}.job C:\Windows\tasks\User_Feed_Synchronization-{E751C124-48C6-4A88-AFDD-210D6596364B}.job C:\Windows\tasks\User_Feed_Synchronization-{E9981789-9055-4D0F-AE12-E069F2AA4615}.job C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-06 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}] Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}] IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-06 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}] SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - Megaupload Toolbar - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL [] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "hpsysdrv"=c:\hp\support\hpsysdrv.exe [2006-09-28 65536] "KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536] "OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784] ""= [] "etMonitor"=C:\Windows\etMon.exe [2007-09-19 102400] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904] "CANAL+ CANALSAT A LA DEMANDE"=C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\Launcher.exe [2009-12-07 163928] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] ""= [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2009-01-08 98304] "RemoTerm.exe"=C:\Program Files\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe [2010-02-24 220944] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] ""=C:\Program Files\Internet Explorer\iexplore.exe [2010-02-23 638232] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Rechercher les mises à jour.lnk - C:\Program Files\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08db3f98-5925-11dc-aced-001bfc5fb5f2}] shell\AutoRun\command - J:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4cc8e079-f3d2-11de-99a1-001bfc5fb5f2}] shell\Auto\command - J:\launcher.exe shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aee10869-1658-11dc-819f-806e6f6e6963}] shell\AutoRun\command - E:\autorun.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-05-13 22:17:05 ----D---- C:\Program Files\Mozilla Firefox 2010-05-13 19:01:09 ----A---- C:\Windows\system32\vbscript.dll 2010-05-13 19:01:09 ----A---- C:\Windows\system32\jscript.dll 2010-05-13 18:49:14 ----A---- C:\Windows\system32\occache.dll 2010-05-13 18:49:14 ----A---- C:\Windows\system32\mstime.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\msfeeds.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\jsproxy.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\ieui.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\iesetup.dll 2010-05-13 18:49:13 ----A---- C:\Windows\system32\iepeers.dll 2010-05-13 18:49:12 ----A---- C:\Windows\system32\wininet.dll 2010-05-13 18:49:12 ----A---- C:\Windows\system32\msfeedssync.exe 2010-05-13 18:49:12 ----A---- C:\Windows\system32\iernonce.dll 2010-05-13 18:49:12 ----A---- C:\Windows\system32\ie4uinit.exe 2010-05-13 18:49:11 ----A---- C:\Windows\system32\urlmon.dll 2010-05-13 18:49:11 ----A---- C:\Windows\system32\ieUnatt.exe 2010-05-13 18:49:11 ----A---- C:\Windows\system32\iesysprep.dll 2010-05-13 18:49:11 ----A---- C:\Windows\system32\iertutil.dll 2010-05-13 18:49:11 ----A---- C:\Windows\system32\iedkcs32.dll 2010-05-13 18:49:10 ----A---- C:\Windows\system32\ieframe.dll 2010-05-13 18:49:09 ----A---- C:\Windows\system32\mshtml.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\mshtmler.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\mshtmled.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\icardie.dll 2010-05-13 18:47:45 ----A---- C:\Windows\system32\admparse.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\msls31.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\imgutil.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\ieakeng.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\dxtrans.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\dxtmsft.dll 2010-05-13 18:47:44 ----A---- C:\Windows\system32\corpol.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\WinFXDocObj.exe 2010-05-13 18:47:43 ----A---- C:\Windows\system32\wextract.exe 2010-05-13 18:47:43 ----A---- C:\Windows\system32\webcheck.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\msrating.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\licmgr10.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\inseng.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\ieakui.dll 2010-05-13 18:47:43 ----A---- C:\Windows\system32\ieaksie.dll 2010-05-13 18:47:42 ----A---- C:\Windows\system32\pngfilt.dll 2010-05-13 18:47:42 ----A---- C:\Windows\system32\ieapfltr.dll 2010-05-13 18:47:42 ----A---- C:\Windows\system32\advpack.dll 2010-05-13 18:47:41 ----A---- C:\Windows\system32\url.dll 2010-05-13 18:47:41 ----A---- C:\Windows\system32\mshta.exe 2010-05-13 18:47:41 ----A---- C:\Windows\system32\iexpress.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\SetDepNx.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2010-05-13 18:47:40 ----A---- C:\Windows\system32\PDMSetup.exe 2010-05-13 10:28:47 ----D---- C:\rsit 2010-05-13 10:28:47 ----D---- C:\Program Files\trend micro 2010-05-13 10:26:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-12 22:06:43 ----A---- C:\Windows\ntbtlog.txt 2010-05-12 20:56:11 ----D---- C:\Program Files\a-squared Free 2010-05-12 20:53:22 ----D---- C:\Users\Monique&Claude\AppData\Roaming\Uniblue 2010-05-12 05:29:06 ----A---- C:\Windows\system32\inetcomm.dll 2010-05-02 17:46:12 ----D---- C:\Users\Monique&Claude\AppData\Roaming\Media Player Classic 2010-05-02 14:38:59 ----A---- C:\Windows\system32\uxtuneup.dll 2010-05-02 14:38:59 ----A---- C:\Windows\system32\TURegOpt.exe 2010-05-02 14:38:59 ----A---- C:\Windows\system32\authuitu.dll 2010-05-02 14:38:25 ----D---- C:\Users\Monique&Claude\AppData\Roaming\TuneUp Software 2010-05-02 14:38:16 ----D---- C:\Program Files\TuneUp Utilities 2010 2010-05-02 14:37:44 ----D---- C:\ProgramData\TuneUp Software 2010-05-02 14:37:35 ----SHD---- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-04-30 23:08:39 ----D---- C:\Program Files\Haali 2010-04-30 23:08:12 ----D---- C:\Program Files\DScaler5 2010-04-30 23:07:05 ----D---- C:\Program Files\MPC HomeCinema 2010-04-30 17:24:50 ----D---- C:\Users\Monique&Claude\AppData\Roaming\vlc 2010-04-25 21:10:41 ----D---- C:\Users\Monique&Claude\AppData\Roaming\Yahoo! 2010-04-25 21:10:41 ----D---- C:\ProgramData\Yahoo! Companion 2010-04-25 21:10:39 ----D---- C:\Program Files\Yahoo! 2010-04-21 22:06:40 ----D---- C:\Windows\pss 2010-04-21 21:59:52 ----D---- C:\Windows\system32\Hauppauge 2010-04-21 21:44:13 ----D---- C:\Program Files\PCTV Systems 2010-04-21 21:44:13 ----D---- C:\Program Files\Common Files\PCTV Systems 2010-04-21 21:42:41 ----D---- C:\ProgramData\PCTV Systems 2010-04-21 19:10:33 ----D---- C:\Windows\system32\RTCOM 2010-04-21 19:09:31 ----A---- C:\Windows\system32\SRSWOW.dll 2010-04-21 19:09:31 ----A---- C:\Windows\system32\SRSTSXT.dll 2010-04-21 19:09:28 ----A---- C:\Windows\system32\RtkPgExt.dll 2010-04-21 19:09:27 ----A---- C:\Windows\system32\RtkCoInst.dll 2010-04-21 19:09:27 ----A---- C:\Windows\system32\RtkApoApi.dll 2010-04-21 19:09:25 ----A---- C:\Windows\system32\RtkAPO.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEEP32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEEL32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEEG32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RTEED32A.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RP3DHT32.dll 2010-04-21 19:09:24 ----A---- C:\Windows\system32\RP3DAA32.dll 2010-04-21 19:09:22 ----A---- C:\Windows\system32\FMAPO.dll 2010-04-21 19:09:21 ----A---- C:\Windows\system32\AERTARen.dll 2010-04-21 19:09:21 ----A---- C:\Windows\system32\AERTACap.dll 2010-04-21 19:09:16 ----A---- C:\Windows\RtlExUpd.dll 2010-04-21 18:46:49 ----D---- C:\Users\Monique&Claude\AppData\Roaming\DivX 2010-04-21 14:00:25 ----A---- C:\Windows\system32\browserchoice.exe 2010-04-20 22:03:30 ----A---- C:\Windows\system32\OpenCL.dll 2010-04-20 22:03:29 ----A---- C:\Windows\system32\nvwgf2um.dll 2010-04-20 22:03:28 ----A---- C:\Windows\system32\nvoglv32.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcuvid.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcuvenc.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcuda.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcompiler.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcod1914.dll 2010-04-20 22:03:25 ----A---- C:\Windows\system32\nvcod.dll 2010-04-20 22:00:38 ----D---- C:\Windows\system32\WinFast ======List of files/folders modified in the last 1 months====== 2010-05-14 12:52:51 ----D---- C:\Windows\Prefetch 2010-05-14 12:52:31 ----D---- C:\Windows\Temp 2010-05-14 12:35:52 ----D---- C:\Windows\system32\Tasks 2010-05-14 12:35:51 ----D---- C:\Windows\Tasks 2010-05-14 11:01:09 ----SHD---- C:\System Volume Information 2010-05-14 09:20:31 ----D---- C:\ProgramData\NVIDIA 2010-05-13 22:17:05 ----D---- C:\Program Files 2010-05-13 21:27:35 ----D---- C:\Windows\System32 2010-05-13 21:26:27 ----D---- C:\Windows\system32\WDI 2010-05-13 21:24:03 ----D---- C:\Windows\winsxs 2010-05-13 19:26:15 ----SHD---- C:\Windows\Installer 2010-05-13 19:26:15 ----D---- C:\ProgramData\Google 2010-05-13 19:26:15 ----D---- C:\Program Files\Google 2010-05-13 19:10:26 ----D---- C:\Windows\rescache 2010-05-13 19:01:06 ----D---- C:\Windows\system32\catroot 2010-05-13 18:50:40 ----D---- C:\Windows\system32\migration 2010-05-13 18:50:40 ----D---- C:\Program Files\Internet Explorer 2010-05-13 18:50:39 ----D---- C:\Windows\system32\fr-FR 2010-05-13 18:50:37 ----D---- C:\Windows\system32\en-US 2010-05-13 18:50:37 ----D---- C:\Windows\PolicyDefinitions 2010-05-13 18:50:02 ----D---- C:\Windows\system32\catroot2 2010-05-13 18:42:58 ----D---- C:\Windows 2010-05-13 18:29:16 ----D---- C:\Windows\system32\drivers 2010-05-13 18:29:16 ----D---- C:\Windows\Help 2010-05-13 11:08:21 ----D---- C:\Windows\IME 2010-05-13 10:53:28 ----D---- C:\Windows\system 2010-05-13 10:51:01 ----HD---- C:\ProgramData 2010-05-12 21:07:11 ----D---- C:\Windows\Debug 2010-05-12 14:01:07 ----D---- C:\Program Files\Windows Mail 2010-05-12 10:47:02 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-05-12 10:47:01 ----D---- C:\Windows\inf 2010-05-11 22:29:36 ----D---- C:\Windows\system32\wbem 2010-05-11 22:23:09 ----D---- C:\Windows\system32\spool 2010-05-11 22:23:09 ----D---- C:\Windows\system32\CodeIntegrity 2010-05-11 22:23:08 ----D---- C:\Windows\registration 2010-05-02 17:30:10 ----SHD---- C:\Boot 2010-05-02 17:30:10 ----D---- C:\Windows\system32\config 2010-05-02 14:39:08 ----D---- C:\Program Files\Windows Sidebar 2010-04-30 23:07:44 ----D---- C:\Program Files\ffdshow 2010-04-30 20:51:06 ----A---- C:\Windows\system32\mrt.exe 2010-04-29 14:14:40 ----RSD---- C:\Windows\Fonts 2010-04-25 21:10:34 ----D---- C:\Program Files\CCleaner 2010-04-24 18:18:34 ----D---- C:\Program Files\Opera 2010-04-24 18:04:16 ----D---- C:\Users\Monique&Claude\AppData\Roaming\XnView 2010-04-22 08:50:39 ----D---- C:\Windows\Microsoft.NET 2010-04-22 08:50:34 ----RSD---- C:\Windows\assembly 2010-04-21 21:44:13 ----D---- C:\Program Files\Common Files 2010-04-21 19:11:16 ----HD---- C:\Program Files\Temp 2010-04-21 19:09:39 ----A---- C:\Windows\DIFxAPI.dll 2010-04-21 19:09:19 ----HD---- C:\Program Files\InstallShield Installation Information 2010-04-21 18:54:33 ----D---- C:\Windows\Minidump 2010-04-21 18:49:12 ----D---- C:\Program Files\Picasa2 2010-04-21 16:01:14 ----A---- C:\Windows\system32\ff_vfw.dll 2010-04-20 21:54:19 ----D---- C:\ProgramData\ma-config.com 2010-04-20 21:54:19 ----D---- C:\Program Files\ma-config.com 2010-04-20 21:43:31 ----SD---- C:\Windows\Downloaded Program Files ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2007-12-28 165376] R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-11-25 56816] R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2007-12-28 18048] R3 azvusb;Virtual USB Hub; C:\Windows\system32\DRIVERS\azvusb.sys [2009-08-24 44544] R3 E100B;Pilote de carte Intel ® PRO; C:\Windows\system32\DRIVERS\e100b325.sys [2008-01-19 159744] R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-01-08 36608] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-03-26 3048096] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2010-01-28 68200] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-04-04 11573800] R3 ovt519;Trust 320 SpaceCam; C:\Windows\System32\Drivers\ov519vid.sys [2003-09-25 174530] R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] R3 USB28xxBGA;USB 2870 Device; C:\Windows\system32\DRIVERS\emBDA.sys [2008-11-07 561536] R3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2008-11-07 455168] R3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 DCamUSBET;ET USB 2750 Camera; C:\Windows\system32\DRIVERS\etDevice.sys [2008-03-01 131712] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2010-04-03 14336] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 FiltUSBET;ET USB Device Lower Filter; C:\Windows\system32\DRIVERS\etFilter.sys [2008-06-12 183168] S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-13 25280] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 ScanUSBET;ET USB Still Image Capture Device; C:\Windows\system32\DRIVERS\etScan.sys [2007-09-07 6656] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2008-02-22 87936] S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2008-02-22 14976] S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2008-02-22 114304] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-04-15 1872320] R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal+\CANAL+ CANALSAT A LA DEMANDE\VOD\CanalPlus.VOD.exe [2009-12-07 188416] R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-01-08 233472] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-06-04 354840] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-20 1050440] R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-19 21504] S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696] S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [] S3 AlertService;Intel® Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 ISSM;Intel® Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264] S3 M1 Server;Intel® Viiv Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-08-31 26624] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2010-04-03 243056] S3 MCLServiceATL;Intel® Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-06-28 3100060] S3 Remote UI Service;Intel® Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256] S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-03-26 887544] S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-03-08 74656] S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-05-02 435016] -----------------EOF----------------- voila Pear , j'espère que cela te parle???
  4. clache
    Je n'ai pas reusit a charger Fix IE, mais j'ai pensé que je pouvais essayer de reparer IE par la fonction re initialiser dans les parametres avances sur la session de mon fils Cela a marche et je suis maintenat capable deme connecter sur sa session aussi bien sur IE que sur opera Je vais refaire un scan avec MBAM et RSIT et des que cel est fait je poste les nouveaux rapports ici ( je prefere refaire les scans, car ceux d'hiersdoivent êtres remis a jour suite aux mdifiations effectuèes) Je t'envoie cela des que finit A plus
  5. clache
    Bonjour pear j'ai passé MBAM et supprimé certains trojans en passant 3 fois le Scan Je me retrouve actuellement sur la session de mon fils , plus de message d'erreur mais plus possible d'asseder a internet par IE ou par Opera Je peux par contre tres bien me connecter avec ces 2 navigateurs si je suis sur un autre compte J'ai installé Firefox sur la session de mon fils et j'ai un acces internet?? Est ce que cela te donne des indications sur ce que je dois reparer, ou prefere tu que je reprenne la procedure au point de départ??? Merci encore pour ton aide
  6. clache
    Bojour a tous, Je revient vers ce forum qui m'avait bien aidé et permis de nettoyer un portable d'une amie. J'ecris depuis mon portable, mais j'ai besoin d'aide pour nettoyer mon PC de bureau. Il y a plusieurs comptes et celui de mon fils est devenu inutilisable depuis 1 jour suite a une invasion de Trojans ou autres. J'ai effectué des scans avec a-squared, mais celui ci ne permet pas d'enlever les trojans détectés? J'ai lu sur ce forum que le programme Malwarebytes' anti-malware en nettoyait quelque uns, je viens de le passer sur mon PC. Merci de me dire comment proceder pour nettoyer tout cela, et surtout si je dois me connecter a cette session sur mon PC de bureau ou si je peux rester sur ce portable. Dans l'attente de votre aide.
  7. clache
    Bonsoir WAWASEB J'avais deja pas mal nettoyè mais j'oubie que certains programmes le font,je ne connaissais pas, voila le rapport -->- Recherche: C:\Program Files\Navilog1: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! --------------------------------- -->- Suppression: C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé ! C:\Program Files\Navilog1: supprimé ! C:\Program Files\Trend Micro\HijackThis: supprimé ! Corbeille vidée! Fichiers temporaires nettoyés Mercipour tout je pense que je vais fermer ce message a bientot sur un autre sujet, j'espere qu'a force j'arriverais moi aussi a depanner certains utilisateurs de ce forum Amitièes
  8. clache
    Bonsoir WAWASEB Je suis super content car le "Malade" est guerit, je pense que mon collegue et sa femme ( tu avais vu que c'est son portable) vont etres tres content, je m'y connait un peu en informatique, mais chapeau bas pour ta classe, j'en suis loin, mais j'apprends c'est le principal. Je vais tenter de nettoyer "physiquement" la chose, cela ne lui feras pas de mal. J'ai cree un point de restauration, voila je pense que c'est OK Dit moi si l'on doit mettre résolu dans le premier message pour fermer le sujet??? Sans vouloir trop te monopoliser, je te demanderais bien une aide pour le mien de portable, j'aurais juste besoin d'accelerer le demarrage que je trouve tres long ( environ 2 minutes) mais dit moi , peut etre cela doit il faire l'objet d'un autre Sujet Encore tous mes remerciement pour ce travail de PRO Bonne soiree Amicalement Clache
  9. clache
    MERCI milles Fois pour tout WAWASEB Je pense que mon amis va etre content de recuperer son portable nettoyè Je vais virer les programmes que nous avons installè pour le nettoyage, car il ne s'en servira pas, peut etre dois je laisser Spybot, bien que son utilite me semble ???? Je laisse aussi Ccleaner, c'est un programme que j'apprecie sur mon portable, et qui est simple d'utilisation. Ensuite, je vasi faire une defrague, et seulement apres j'essai de creer un point de restauration, car je pense qu'il n'y en a jamais eu, cela me permettra de lui expliquer l'utilitè en cas d'installation "sauvage" vu le fiston??? A plus je te tiens au courant afin que l'on puisse mettre résolu sur ce sujet Merci encore A plus
  10. clache
    Pour WAWASEB Je te post e rapport de kaspersky scaner on line, i trouve au moins 3 virus?? Donne moi ton Avis?? Pour la manip deSeDebug-Restore, je l'ai fais et redemarrè, ?? je suppose que cela reactive les points de restauration systeme?? dit moi apres nettoyage, quand je pourrais un faire un avec une config saine?, ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, February 10, 2008 2:55:16 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 10/02/2008 Enregistrements dans la base antivirus Kaspersky : 515239 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ E:\ G:\ Statistiques de l'analyse: Total d'objets analysés: 51746 Nombre de virus trouvés: 3 Nombre d'objets infectés: 12 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:37:06 Nom de l'objet infecté / Nom du virus / Dernière action C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\atapi.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\mmmsghigh.dll Infecté : Trojan.Win32.Small.aao ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-10_Log.ALUSchedulerSvc.LiveUpdate L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\christine\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\christine\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\christine\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\christine\Local Settings\Historique\History.IE5\MSHist012008021020080211\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\christine\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\christine\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\christine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\christine\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\christine\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\christine\Bureau\fich_net_avant0602\clache_for_andy[2008-02-04_21_23].cab/C:/WINDOWS/system32/rxjddnvj.exe Infecté : not-virus:Hoax.Win32.Renos.asa ignoré C:\Documents and Settings\christine\Bureau\fich_net_avant0602\clache_for_andy[2008-02-04_21_23].cab/C:/WINDOWS/system32/crypts.dll Infecté : Trojan-Clicker.Win32.Agent.lt ignoré C:\Documents and Settings\christine\Bureau\fich_net_avant0602\clache_for_andy[2008-02-04_21_23].cab CAB: infecté - 2 ignoré C:\Documents and Settings\christine\Bureau\fich_net_avant0602\upload_moi_ACER-1916361FFD.tar.gz/upload_moi.tar/WINDOWS/System32/mmmsghigh.dll Infecté : Trojan.Win32.Small.aao ignoré C:\Documents and Settings\christine\Bureau\fich_net_avant0602\upload_moi_ACER-1916361FFD.tar.gz/upload_moi.tar Infecté : Trojan.Win32.Small.aao ignoré C:\Documents and Settings\christine\Bureau\fich_net_avant0602\upload_moi_ACER-1916361FFD.tar.gz GZIP: infecté - 2 ignoré C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log L'objet est verrouillé ignoré C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\AVVirus.log L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\AVApp.log L'objet est verrouillé ignoré C:\Program Files\Norton AntiVirus\AVError.log L'objet est verrouillé ignoré C:\_OTMoveIt\MovedFiles2092008_213424\WINDOWS\system32\rxjddnvj.exe Infecté : not-virus:Hoax.Win32.Renos.asa ignoré C:\upload_moi_ACER-1916361FFD.tar.gz/upload_moi.tar/WINDOWS/System32/rxjddnvj.exe Infecté : not-virus:Hoax.Win32.Renos.asa ignoré C:\upload_moi_ACER-1916361FFD.tar.gz/upload_moi.tar/WINDOWS/System32/mmmsghigh.dll Infecté : Trojan.Win32.Small.aao ignoré C:\upload_moi_ACER-1916361FFD.tar.gz/upload_moi.tar Infecté : Trojan.Win32.Small.aao ignoré C:\upload_moi_ACER-1916361FFD.tar.gz GZIP: infecté - 3 ignoré Analyse terminée. A plus
  11. clache
    Salut WAWASEB, Je suis tes explications, bonne nouvelles alors encore mille fois MERCI, je suis connecte sur le forum avec mon portble perso, et sur l'autre je suis en cours du scan Kaspersky, des la fin de le procedure je me connecterais aves le "malade" pour te poster les rapports. J'aimerais que tu me dise si il y a d'autres chose a nettoyer, et quels sont les programmes installes qu'il faudra que j'enleve, mais bon un peu de patience et chaque chose en son temps a tout de suite
  12. clache
    Malgres tout, Spybot semble avoir enlevè la plus part de "nuisibles", un deuxieme passage ne me trouve que SWAgent, et me l'as soit disant supprimé? Je reste pour l'instant déconnectè sur ce portable, j'aimerais que tu me dise si tu pense que nous avons tout nettoyè, si c'est le cas SVP dir moi comment réactiver les points de restauration de XP, car il n'y en a aucun, et j'avais un message qui me dissait que cette fonction etait désactivèe par l'administrateur??? par contre il faudrais que je la réactive par sécuritè pour mon amis. Dit moi si cela doit faire parti d'un autre sujet??? Je me suis habituè a ton aide.... Merci de me dire si je suis trop "Boulet" A plus
  13. clache
    Bonjour WAWASEB J'ai fais les maips suivantes, peu tu me dire ce que tu en pense?? Nettoyè avec Ccleaner OK Norton vidé la quarantaine Virè un "Default.htm" qui etait le fon d'ecran "Spy ware...." Je passe SpyBot, et il me trouve les trucs suivants??? Aconti 7Fasst SW Agent Qmitfraud-C Acoona Microsoft Windows Security Center Task Manager AdBreak INetSpeak CnsMin PWS.LDPinchIE Smitfraud-C.generic Peu tu me dire ce que tu en pense??? j'ai l'impression que ce n'est pas finit??? SpyBot finit par "Unexpected error in fixing problems (Out of memory)" Merci si tu as encore un peu de temps pour finir ce nettoyage A Plus Clache
  14. clache
    Pour WAWASEB Je viens de changer mon fond d'ecran (retour au classique XP) et il sembe tenir?? Je ne veut pas me faire de fausse joie, je n'ai plus d'alarme spyware et autre connection IE intempestive??, Si nous (surtout toi) avons reussit a nettoyer, dit moi ce que je doit encore nettoyer dans Hijackthis, et quels sont es programmes que je dois enever (ceux de nettoyage, et/ou autres), je pense aussi essayer d'enlever les "rapports" qui trainent un peu partout. Par contre il me sembe utile de lui laisser Spybot et Ccleaner en lui expliquant leur utiisation. j'ai enleve F-Secure, mais i n'y avait qu'un dossier dans programme files et rien dans ajout suppression de prgms. Je pense que l'ancien "faux ecran" doit encore exister en fichier HTML sur ce pc, je ne sais ou!!! Il reste aussi un bug de mise a jour de norton "anti ver",, mais leur procedure necessite de désinstaller, et cet mon amis qui a e CD avec la clè, je pense donc attendre de lui rendre son portabe ou qu'ilm'apporte le cd. SVP dit moi si nous avons finit??? Dans un cas comme dans l'autre ENORMES MERCI pour ton assistance A demain sans doute Amitièes Cache
  15. clache
    Salu WAWASEB, J'avais bien fixé les entrees demandees dans Hijackthis, mais elles sont revenues?? Je viens de passer la procedure OTMoveIt, je te post le rapport J'avais encore certaines des lignes O2 dans Hijackthis, j'ai vu dans les reglages, qu'il y avait un backup de c'est lignes, je les ai effacees, j'ai un rapport que je te post apres un nouveau passage Hijackthis, par contre j'ai toujours ce fond d'ecran en Beu avec lettres jaunes"Warning:Spyware threarhas been detected on your PC." je ne sais pas si on va arriver a l'enlever?? Je te post les rapports A plus Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:45:21, on 09/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\F-Secure\fswsclds.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 9628 bytes File move failed. C:\WINDOWS\system32\2052d.exe scheduled to be moved on reboot. C:\WINDOWS\system32\rxjddnvj.exe moved successfully. OTMoveIt2 v1.0.19 log created on 02092008_213424 Dit moi ce que 'on peut faire d'autre??
  16. clache
    Salut en bonjours WAWASEB (vu 'heure) je suis encore la pour 1:4 heure apres je boss?? Je te poste les rapports,je n'avais plus ce fond d'ecran de ... en mode sans echec, mais je crois que c'est la de nouveau en mode norma, pour info je vois dans la fenetre de smitfraudfix qu'i ne peu enever un fichier dans cette session un TMP, car utlisè par une autre source??, j'avais deja remarquè que je ne pouvais pas e suppromer??? Je post et je vais bosser Salut et merci du coup de mains, A Plus Clache SmitFraudFix v2.281 Rapport fait à 23:49:37,73, 07/02/2008 Executé à partir de C:\Documents and Settings\christine\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\ace16win.dll supprimé C:\WINDOWS\system32\msole32.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.53.252 DNS Server Search Order: 212.27.54.252 Description: acer IPN2220 Wireless LAN Card - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.53.252 DNS Server Search Order: 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\..\{4C5E2D76-B042-451C-A059-444BAA7D2A72}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DADFBD8F-FDBF-4970-837A-FC63985EF376}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C5E2D76-B042-451C-A059-444BAA7D2A72}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DADFBD8F-FDBF-4970-837A-FC63985EF376}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C5E2D76-B042-451C-A059-444BAA7D2A72}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DADFBD8F-FDBF-4970-837A-FC63985EF376}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:00:06, on 08/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\F-Secure\fswsclds.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\rxjddnvj.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file) O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file) O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file) O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Notebook Manager Service anbmServiceNetman (anbmServiceNetman) - Unknown owner - C:\WINDOWS\system32\2052d.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 11475 bytes Salut
  17. clache
    Voia WAWASEB, j'espère que tout est Correct, bonne analyse, j'attend de tes nouvelles, si je peut faire autre chose, dit le moi Bonne soirèe et ou nuit Amitièes Clache
  18. clache
    Le dernier, celui de Hitjackthis, j'espère que nous arriverons a virer tous ce "rogues" et ces detournement de fond d'ecran?? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:21:32, on 07/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\F-Secure\fswsclds.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rxjddnvj.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\rxjddnvj.exe, O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file) O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file) O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file) O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file) O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file) O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file) O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file) O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file) O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file) O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file) O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file) O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file) O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file) O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file) O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file) O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file) O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file) O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file) O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file) O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe" O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe" O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmikvik.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Notebook Manager Service anbmServiceNetman (anbmServiceNetman) - Unknown owner - C:\WINDOWS\system32\2052d.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\F-Secure\fswsclds.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 12167 bytes
  19. clache
    | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations... Fichier tcpip.sys reçu le 2008.02.07 21:26:16 (CET) Situation actuelle: terminé Résultat: 0/32 (0%) Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.2.6.10 2008.02.05 - AntiVir 7.6.0.62 2008.02.07 - Authentium 4.93.8 2008.02.06 - Avast 4.7.1098.0 2008.02.06 - AVG 7.5.0.516 2008.02.07 - BitDefender 7.2 2008.02.07 - CAT-QuickHeal 9.00 2008.02.04 - ClamAV 0.92 2008.02.07 - DrWeb 4.44.0.09170 2008.02.07 - eSafe 7.0.15.0 2008.01.28 - eTrust-Vet 31.3.5517 2008.02.07 - Ewido 4.0 2008.02.07 - FileAdvisor 1 2008.02.07 - Fortinet 3.14.0.0 2008.02.07 - F-Prot 4.4.2.54 2008.02.07 - F-Secure 6.70.13260.0 2008.02.07 - Ikarus T3.1.1.20 2008.02.07 - Kaspersky 7.0.0.125 2008.02.07 - McAfee 5225 2008.02.07 - Microsoft 1.3204 2008.02.07 - NOD32v2 2856 2008.02.07 - Norman 5.80.02 2008.02.07 - Panda 9.0.0.4 2008.02.07 - Prevx1 V2 2008.02.07 - Rising 20.29.22.00 2008.01.30 - Sophos 4.26.0 2008.02.07 - Sunbelt 2.2.907.0 2008.02.07 - Symantec 10 2008.02.07 - TheHacker 6.2.9.212 2008.02.07 - VBA32 3.12.6.0 2008.02.07 - VirusBuster 4.3.26:9 2008.02.07 - Webwasher-Gateway 6.6.2 2008.02.07 - Information additionnelle File size: 360064 bytes MD5: ecf02439fd31bbd0dbc2ec05600cf08a SHA1: 9368f11456808b226dbd2e097d1c0baf99c5a0cf PEiD: - ATTENTION: VirusTotal iest un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares. VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com 2 Rapport de SmifraudFix SmitFraudFix v2.281 Rapport fait à 21:19:58,78, 07/02/2008 Executé à partir de C:\Documents and Settings\christine\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\F-Secure\fswsclds.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rxjddnvj.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\PowerKey.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\CtrlVol.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Arcade\PCMService.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\PROGRA~1\PHILIP~1\VProperty.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ace16win.dll PRESENT ! C:\WINDOWS\system32\msole32.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christine »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\christine\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIST~1\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\WINDOWS\\system32\\mmmikvik.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.53.252 DNS Server Search Order: 212.27.54.252 Description: acer IPN2220 Wireless LAN Card - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.27.53.252 DNS Server Search Order: 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\..\{4C5E2D76-B042-451C-A059-444BAA7D2A72}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DADFBD8F-FDBF-4970-837A-FC63985EF376}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{4C5E2D76-B042-451C-A059-444BAA7D2A72}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DADFBD8F-FDBF-4970-837A-FC63985EF376}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{4C5E2D76-B042-451C-A059-444BAA7D2A72}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\..\{DADFBD8F-FDBF-4970-837A-FC63985EF376}: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  20. clache
    Salut WAWASEB, j'aime bien quand tu dit on avance, moi c'est un peut le brouillard Je t'envoie les Rapports, mais pour Joti et son rapport j'ai pas tout compris??
  21. clache
    WAWASEB, toutes mes excuses, je n'ai pas désactivè Norton??? si je dois recommencer, excuse moi et dit le moi, je ne reposte rien pour l'instant, histoire de te laisser le temps de digèrer So Sorry A Plus Clache
  22. clache
    Voila WAWASEB, j'espère que cela repond a ta demande... Sacre boulot, je suis en admiration de savoir que tu dechiffre tous cela, c'est un vrai job. Merci, j'espère que l'on avance A plus et bon courage Amities Clache
  23. clache
    Voila le dernier, celui de DiagHelp toujours du 0602 DiagHelp version v1.4 - http://www.malekal.com excute le 06/02/2008 à 21:49:30,06 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->06/02/2008 21:39:06 C:\WINDOWS\prefetch\Layout.ini -->04/02/2008 20:00:56 C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54 C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:56 C:\WINDOWS\System32\drivers\symtdi.sys -->28/03/2007 18:41:26 C:\WINDOWS\System32\drivers\symredrv.sys -->28/03/2007 18:41:24 C:\WINDOWS\System32\drivers\symids.sys -->28/03/2007 18:41:20 C:\WINDOWS\System32\drivers\symndis.sys -->28/03/2007 18:41:18 C:\WINDOWS\System32\drivers\symfw.sys -->28/03/2007 18:41:14 C:\WINDOWS\System32\nvapps.xml -->06/02/2008 21:35:42 C:\WINDOWS\System32\wpa.dbl -->06/02/2008 21:34:02 C:\WINDOWS\System32\googlelink.txt -->04/02/2008 22:46:12 C:\WINDOWS\System32\googlekey.txt -->04/02/2008 22:46:12 C:\WINDOWS\System32\redirect_link.txt -->04/02/2008 22:37:34 C:\WINDOWS\System32\redirect_key.txt -->04/02/2008 22:35:16 C:\WINDOWS\System32\redirect_original.txt -->04/02/2008 22:32:42 C:\WINDOWS\System32\search_fid.txt -->04/02/2008 22:04:56 C:\WINDOWS\System32\mess_add.txt -->04/02/2008 22:04:56 C:\WINDOWS\System32\FNTCACHE.DAT -->03/02/2008 18:05:46 C:\WINDOWS\System32\msole32.exe -->03/02/2008 12:49:08 C:\WINDOWS\System32\ace16win.dll -->03/02/2008 12:49:08 C:\WINDOWS\System32\tmp.reg -->03/02/2008 12:47:34 C:\WINDOWS\System32\Help.ico -->02/02/2008 20:44:46 C:\WINDOWS\System32\Uninstall.ico -->02/02/2008 20:44:46 C:\WINDOWS\System32\create.exe -->02/02/2008 13:50:36 C:\WINDOWS\System32\mmmsghigh.dll -->02/02/2008 13:33:38 C:\WINDOWS\System32\vxddsk.exe -->02/02/2008 10:18:48 C:\WINDOWS\System32\wml.exe -->27/01/2008 13:42:42 C:\WINDOWS\System32\ESHOPEE.exe -->26/01/2008 12:53:36 C:\WINDOWS\System32\3250099823.dat -->26/01/2008 12:40:18 C:\WINDOWS\System32\lz32w.dll -->26/01/2008 12:40:16 C:\WINDOWS\System32\2052d.exe -->26/01/2008 12:38:52 C:\WINDOWS\System32\rxjddnvj.exe -->26/01/2008 12:38:20 C:\WINDOWS\System32\CmdLineExt03.dll -->22/01/2008 20:24:12 C:\WINDOWS\default.htm -->06/02/2008 21:49:10 C:\WINDOWS\msnfix.txt -->06/02/2008 21:38:56 C:\WINDOWS\ie_32.exe -->06/02/2008 21:35:58 C:\WINDOWS\hotporn.exe -->06/02/2008 21:35:58 C:\WINDOWS\ComponentList.xml -->06/02/2008 21:35:36 C:\WINDOWS\ModemLog_Agere Systems AC'97 Modem.txt -->06/02/2008 21:34:06 C:\WINDOWS\wiadebug.log -->06/02/2008 21:33:52 C:\WINDOWS.log -->06/02/2008 21:33:40 C:\WINDOWS\bootstat.dat -->06/02/2008 21:33:36 C:\WINDOWS\ntbtlog.txt -->06/02/2008 21:31:14 C:\WINDOWS\WindowsUpdate.log -->06/02/2008 21:26:02 C:\WINDOWS\wiaservc.log -->06/02/2008 21:25:58 C:\WINDOWS\SchedLgU.Txt -->06/02/2008 21:25:58 C:\WINDOWS\settn.dll -->05/02/2008 22:36:06 C:\WINDOWS\pbsysie.dll -->05/02/2008 22:36:04 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Unsigned ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ EXPLORER.EXE pid: 3596 Command line: explorer.exe Base Size Version Path 0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x63000000 0x14000 7.10.0010.0000 C:\WINDOWS\system32\SynTPFcs.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x10000000 0xd000 3.00.0000.0000 C:\Program Files\CyberLink\Shared Files\CLRCEngine.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll 0x44a40000 0x373000 7.00.6000.16587 C:\WINDOWS\system32\mshtml.dll 0x017a0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll 0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x16200000 0x6000 4.01.0000.0000 C:\Program Files\WinZip\wzshlstb.dll 0x03320000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x03750000 0x35000 11.00.0016.0002 C:\Program Files\Norton AntiVirus\NavShExt.dll 0x7c120000 0x1a000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL 0x7c3c0000 0x7c000 7.10.6030.0000 C:\WINDOWS\system32\MSVCP71.dll 0x7c360000 0x56000 7.10.6030.0000 C:\WINDOWS\system32\MSVCR71.dll 0x6af30000 0x3d000 103.00.0009.0002 C:\Program Files\Fichiers communs\Symantec Shared\ccL30.dll 0x031d0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x032d0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x015f0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x039f0000 0x11a000 1.05.0000.0008 C:\PROGRA~1\SPYBOT~1\SDHelper.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ WINLOGON.EXE pid: 888 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01250000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0A2A-1AD4 Répertoire de C:\WINDOWS\system 24/12/1998 17:15 345 983 RCDsetup.exe 23/08/2001 13:00 9 728 regsvr32.exe 2 fichier(s) 355 711 octets 0 Rép(s) 13 064 601 600 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0A2A-1AD4 Répertoire de C:\WINDOWS\system32 05/08/2004 05:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 13 064 601 600 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0A2A-1AD4 Répertoire de C:\WINDOWS\Downloaded Program Files 13/09/2004 19:25 <REP> . 13/09/2004 19:25 <REP> .. 13/09/2004 19:25 65 desktop.ini 15/06/2006 18:33 1 132 192 EPUWALcontrol.dll 21/01/2008 21:34 465 472 wlscBase.dll 21/01/2008 21:37 319 wlscBase.inf 14/03/2005 14:38 126 live.ini 14/03/2005 14:58 7 073 scanoptions.tsi 16/03/2005 12:34 7 407 lang.ini 25/05/2006 01:21 53 248 ipsupd.dll 25/05/2006 01:21 118 784 bdupd.dll 07/12/2004 17:07 32 libfn.dll 07/12/2004 17:07 32 bdcore.dll 25/10/2007 16:54 471 040 oscan8.ocx 29/10/2007 16:45 1 244 oscan8.inf 02/11/2005 18:07 435 712 xscan53.ocx 02/11/2005 18:01 1 777 xscan.inf 31/10/2001 10:37 118 uninst.bat 12/07/2000 02:02 36 864 fxfileop.dll 30/01/2003 16:52 348 160 bitdefender.ocx 21/03/2002 15:26 815 bitdefender.inf 19 fichier(s) 3 080 480 octets Total des fichiers listés : 19 fichier(s) 3 080 480 octets 2 Rép(s) 13 064 601 600 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\DOCUME~1\\CHRIST~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CHRIST~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2" "C:\\Documents and Settings\\christine\\lgepfc.exe"="C:\\Documents and Settings\\christine\\lgepfc.exe:*:Enabled:Windows Service" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\christine\\Mes documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\christine\\Mes documents\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire" "C:\\Documents and Settings\\christine\\Bureau\\clement\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\christine\\Bureau\\clement\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 21:50:00 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run ToUcamVProperty = C:\PROGRA~1\PHILIP~1\VProperty.exe??~?1?\?V?P?r?o?p?e?r?t?y?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... IPC error: 2 Le fichier spécifié est introuvable. scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 168 - ANBMSERV.EXE 240 - SVCHOST.EXE 252 - APPLEMOBILEDEVI 332 - FSWSCLDS.EXE 364 - NAVAPSVC.EXE 436 - NPFMNTOR.EXE 488 - NVSVC32.EXE 516 - SynTPLpr.exe 704 - ccApp.exe 856 - SYMLCSVC.EXE 860 - CSRSS.EXE 888 - WINLOGON.EXE 932 - SERVICES.EXE 944 - LSASS.EXE 1092 - SVCHOST.EXE 1156 - SVCHOST.EXE 1192 - SVCHOST.EXE 1252 - SVCHOST.EXE 1352 - SVCHOST.EXE 1584 - SynTPEnh.exe 1656 - RXJDDNVJ.EXE 1696 - CCSETMGR.EXE 1732 - SNDSRVC.EXE 1824 - CCEVTMGR.EXE 1980 - HotkeyApp.exe 2132 - ctfmon.exe 2236 - VTTimer.exe 2332 - AGRSMMSG.exe 2348 - Ltmoh.exe 2356 - PCMService.exe 2364 - Dragdiag.exe 2456 - cmd.exe 2468 - apdproxy.exe 2904 - Opera.exe 2912 - NkbMonitor.exe 3208 - msmsgs.exe 3596 - EXPLORER.EXE Total number of processes = 38 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F8B65000 - \WINDOWS\system32\KDCOM.DLL F8A75000 - \WINDOWS\system32\BOOTVID.dll F853C000 - a347bus.sys F850D000 - ACPI.sys F8B67000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F84FC000 - pci.sys F8665000 - isapnp.sys F8675000 - ohci1394.sys F8685000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F8A79000 - compbatt.sys F8A7D000 - \WINDOWS\system32\DRIVERS\BATTC.SYS F8C2D000 - pciide.sys F88E5000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F8B69000 - aliide.sys F8B6B000 - intelide.sys F8B6D000 - toside.sys F8B6F000 - viaide.sys F8B71000 - cmdide.sys F84DE000 - pcmcia.sys F8695000 - MountMgr.sys F84BF000 - ftdisk.sys F8A81000 - ACPIEC.sys F8C2E000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS F88ED000 - PartMgr.sys F86A5000 - VolSnap.sys F8A85000 - cpqarray.sys F84A7000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F848F000 - F8A89000 - aha154x.sys F88F5000 - sparrow.sys F8A8D000 - symc810.sys F86B5000 - aic78xx.sys F8A91000 - dac960nt.sys F86C5000 - ql10wnt.sys F8A95000 - amsint.sys F88FD000 - asc.sys F8A99000 - asc3550.sys F8905000 - mraid35x.sys F890D000 - i2omp.sys F8A9D000 - ini910u.sys F86D5000 - ql1240.sys F86E5000 - aic78u2.sys F8915000 - symc8xx.sys F891D000 - sym_hi.sys F8925000 - sym_u3.sys F892D000 - ABP480N5.SYS F8935000 - asc3350p.sys F8B73000 - cd20xrnt.sys F86F5000 - ultra.sys F8476000 - adpu160m.sys F893D000 - dpti2o.sys F8705000 - ql1080.sys F8715000 - ql1280.sys F8725000 - ql12160.sys F8945000 - perc2.sys F8B75000 - perc2hib.sys F894D000 - hpn.sys F8AA1000 - cbidf2k.sys F844A000 - dac2w2k.sys F8B77000 - a347scsi.sys F8735000 - disk.sys F8745000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F842A000 - fltMgr.sys F8407000 - Fastfat.sys F83F0000 - KSecDD.sys F83C3000 - NDIS.sys F8755000 - sisagp.sys F8765000 - viaagp.sys F8955000 - viaagp1.sys F83A8000 - Mup.sys F8775000 - gagp30kx.sys F8785000 - alim1541.sys F8795000 - amdagp.sys F87A5000 - agp440.sys F87B5000 - agpCPQ.sys F87D5000 - \SystemRoot\system32\DRIVERS\AmdK8.sys F8027000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F7F2D000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7F0A000 - \SystemRoot\system32\DRIVERS\i2220ntx.sys F87E5000 - \SystemRoot\system32\DRIVERS\nic1394.sys F7EF8000 - \SystemRoot\system32\DRIVERS\Rtlnicxp.sys F89BD000 - \SystemRoot\system32\DRIVERS\usbuhci.sys F7ED5000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F89C5000 - \SystemRoot\system32\DRIVERS\usbehci.sys F87F5000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F7EA8000 - \SystemRoot\system32\DRIVERS\SynTP.sys F8B8B000 - \SystemRoot\system32\DRIVERS\USBD.SYS F89CD000 - \SystemRoot\system32\DRIVERS\mouclass.sys F89D5000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7E94000 - \SystemRoot\system32\DRIVERS\parport.sys F89DD000 - \SystemRoot\system32\DRIVERS\nscirda.sys F8B35000 - \SystemRoot\system32\DRIVERS\irenum.sys F8805000 - \SystemRoot\system32\DRIVERS\imapi.sys F8B3D000 - \SystemRoot\system32\drivers\pfc.sys F8815000 - \SystemRoot\system32\DRIVERS\cdrom.sys F8825000 - \SystemRoot\system32\DRIVERS\redbook.sys F7E49000 - \SystemRoot\system32\DRIVERS\ks.sys F8B8D000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys F7E2C000 - \SystemRoot\system32\drivers\viaudios.sys F7E08000 - \SystemRoot\system32\drivers\portcls.sys F8835000 - \SystemRoot\system32\drivers\drmk.sys F7CD1000 - \SystemRoot\system32\DRIVERS\AGRSM.sys F89E5000 - \SystemRoot\System32\Drivers\Modem.SYS F8B4D000 - \SystemRoot\system32\DRIVERS\CmBatt.sys F7FA9000 - \SystemRoot\system32\DRIVERS\audstub.sys F89ED000 - \SystemRoot\system32\DRIVERS\rasirda.sys F89F5000 - \SystemRoot\system32\DRIVERS\TDI.SYS F8845000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F8B55000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F7C1A000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F8855000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F8865000 - \SystemRoot\system32\DRIVERS\raspptp.sys F7C09000 - \SystemRoot\system32\DRIVERS\psched.sys F8875000 - \SystemRoot\system32\DRIVERS\msgpc.sys F89FD000 - \SystemRoot\system32\DRIVERS\ptilink.sys F8A05000 - \SystemRoot\system32\DRIVERS\raspti.sys F8885000 - \SystemRoot\system32\DRIVERS\termdd.sys F8B8F000 - \SystemRoot\system32\DRIVERS\swenum.sys F7BD5000 - \SystemRoot\system32\DRIVERS\update.sys F8B61000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F88A5000 - \SystemRoot\System32\Drivers\NDProxy.SYS F88B5000 - \SystemRoot\system32\DRIVERS\usbhub.sys F8B9B000 - \SystemRoot\System32\Drivers\i2omgmt.SYS F6B05000 - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS F6AE8000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS F6AD5000 - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS F69FC000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080206.004\NavEx15.Sys F69E9000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080206.004\NAVENG.Sys F8B9D000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7F6A000 - \SystemRoot\System32\Drivers\Null.SYS F8B9F000 - \SystemRoot\System32\Drivers\Beep.SYS F8A2D000 - \SystemRoot\System32\drivers\vga.sys F8BA1000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8BA3000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F8A35000 - \SystemRoot\System32\Drivers\Msfs.SYS F8A3D000 - \SystemRoot\System32\Drivers\Npfs.SYS F82A7000 - \SystemRoot\system32\DRIVERS\rasacd.sys F69B6000 - \SystemRoot\system32\DRIVERS\ipsec.sys F695E000 - \SystemRoot\system32\DRIVERS\tcpip.sys F691E000 - \SystemRoot\System32\Drivers\SYMTDI.SYS F68F6000 - \SystemRoot\system32\DRIVERS\netbt.sys F68D4000 - \SystemRoot\System32\drivers\afd.sys F88C5000 - \SystemRoot\system32\DRIVERS\netbios.sys F6882000 - \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys F6857000 - \SystemRoot\system32\DRIVERS\rdbss.sys F67C0000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F8297000 - \SystemRoot\System32\Drivers\Hotkey.SYS F8398000 - \SystemRoot\System32\Drivers\Fips.SYS F679F000 - \SystemRoot\system32\DRIVERS\ipnat.sys F8388000 - \SystemRoot\system32\DRIVERS\wanarp.sys F8378000 - \SystemRoot\system32\DRIVERS\arp1394.sys F8358000 - \SystemRoot\System32\Drivers\Cdfs.SYS F66E7000 - \SystemRoot\System32\Drivers\dump_atapi.sys F8BAD000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7E78000 - \SystemRoot\System32\drivers\Dxapi.sys F8A4D000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F8D94000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll F4B4A000 - \SystemRoot\system32\DRIVERS\irda.sys F4BE4000 - \SystemRoot\system32\DRIVERS\ndisuio.sys F4B32000 - \SystemRoot\System32\Drivers\SYMREDRV.SYS F8BCD000 - \SystemRoot\System32\Drivers\SYMDNS.SYS F4AC2000 - \SystemRoot\System32\Drivers\SYMNDIS.SYS F4941000 - \SystemRoot\System32\Drivers\SYMFW.SYS F8A5D000 - \SystemRoot\System32\Drivers\SYMIDS.SYS F4910000 - \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20070628.004\symidsco.sys F472B000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F44D1000 - \SystemRoot\system32\DRIVERS\srv.sys F8A65000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys F42DC000 - \SystemRoot\system32\drivers\wdmaud.sys F46B3000 - \SystemRoot\system32\drivers\sysaudio.sys F899D000 - \??\C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\catchme.sys F3D1D000 - \SystemRoot\System32\Drivers\HTTP.sys F8C8F000 - \??\C:\Program Files\Launch Manager\POWERKEY.sys F3AD9000 - \SystemRoot\system32\drivers\kmixer.sys F8D48000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 180 Liste des programmes installes Acer eManager for Notebook Acer eManager for Notebook Adobe Flash Player ActiveX Adobe Photoshop Elements 2.0 Adobe Reader 8.1.1 - Français Adobe® Photoshop® Album Edition Découverte 3.2 Adobe® Photoshop® Album Edition Découverte 3.2 Agere Systems AC'97 Modem Apple Mobile Device Support Apple Software Update Arcade 3.0 ArcSoft Panorama Maker 3 ArcSoft Panorama Maker 3.0 ArcSoft PhotoBase 3 ArcSoft VideoImpression 1.6 Athlon 64 Processor Driver ATMA V 5.04d Barre d'outils Outlook de Windows Live (Windows Live Toolbar) Battle.net Bloqueur de fenêtres pop-up (Windows Live Toolbar) ccCommon CCleaner (remove only) Commande ECHO désactivée. Darluok Patch Darluok Patch World of Warcraft Diablo II DivX Web Player Détecteur de flux Windows Live Toolbar (Windows Live Toolbar) Extension de Windows Live Toolbar (Windows Live Toolbar) getPlus®_ocx Google Toolbar for Internet Explorer GUILD WARS Heredis 9 Hero Editor V0.95 Heroes of Might and Magic® III HijackThis 2.0.2 Indeo® Software InterActual Player Internet Worm Protection J2SE Runtime Environment 5.0 Update 3 Java 6 Update 2 Java SE Runtime Environment 6 Update 1 Launch Manager V1.0.7.6 Lecteur Windows Media 11 Livebox LiveReg (Symantec Corporation) LiveUpdate 3.2 (Symantec Corporation) Magic Workstation 0.94f Media Player Classic fr Menus intelligents (Windows Live Toolbar) Messenger Plus! Live Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Standard Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works 7.0 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) MSN MSXML 4.0 SP2 (KB936181) MTG GamePack for Magic Workstation Nikon FotoShare Nikon Message Center Norton AntiVirus 2005 Norton AntiVirus 2005 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton WMI Update NTI Backup NOW! 3 NTI Backup NOW! 3 NTI CD & DVD-Maker 6.7 Update NTI CD & DVD-Maker 6.7 Update NTI CD & DVD-Maker NTI CD & DVD-Maker Gold NVIDIA Drivers OneCare Advisor (Windows Live Toolbar) Opera 9.25 Philips ToUcam Fun Camera PhotoFiltre Studio PictureProject Plug-in TicTacToe Messager PlugY, The Survival Kit PowerProducer Project64 1.6 QuickTime SAGEM F@st 800-840 SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio Samsung PC Studio Samsung PC Studio 3 USB Driver Installer Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) SPBBC SpeedTouch USB Software Spybot - Search & Destroy Symantec Symantec Network Drivers Update Symantec Script Blocking Installer SymNet Synaptics Pointing Device Driver VIA Audio Driver Setup Program Vodafone 804SS USB driver Software WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Live Favorites pour Windows Live Toolbar Windows Live Messenger Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver WinZip 11.1 WWP Demo XnView 1.80.1 Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0A2A-1AD4 Répertoire de C:\Program Files 13/09/2004 19:18 <REP> . 13/09/2004 19:18 <REP> .. 03/02/2008 13:13 <REP> 3721 25/07/2006 17:00 <REP> 3DO 05/02/2008 22:26 <REP> Accoona 01/01/2003 22:02 <REP> Acer Inc 01/01/2003 22:07 <REP> Adobe 26/01/2008 12:53 <REP> akl 22/09/2007 20:59 <REP> Alcohol Soft 01/01/2003 21:51 <REP> AMD 26/01/2008 12:53 <REP> amsys 06/10/2007 17:51 <REP> Apple Software Update 18/08/2007 15:31 <REP> Apprentice 06/04/2005 14:40 <REP> Arcade 09/04/2005 12:29 <REP> ArcSoft 02/05/2006 09:10 <REP> ATMA V 22/06/2006 18:46 <REP> BSD Concept 02/02/2008 12:46 <REP> CCleaner 13/09/2004 19:23 <REP> ComPlus Applications 01/01/2003 22:04 <REP> CyberLink 18/10/2007 20:19 <REP> Darluok Server 13/01/2006 17:55 <REP> Diablo II 18/07/2007 20:09 <REP> DivX 25/12/2006 14:02 <REP> Everest Poker 26/01/2008 12:53 <REP> e-zshopper 13/09/2004 19:18 <REP> Fichiers communs 09/04/2005 08:54 <REP> F-Secure 21/10/2005 16:34 <REP> Google 02/02/2008 16:31 <REP> Grisoft 30/09/2006 20:29 <REP> GUILD WARS 02/05/2006 09:12 <REP> Hero Editor 18/03/2007 16:38 <REP> IKEA HomePlanner 25/08/2006 18:41 <REP> IncrediMail 18/06/2007 23:54 <REP> InterActual 13/09/2004 19:24 <REP> Internet Explorer 02/06/2007 19:09 <REP> Java 01/01/2003 21:59 <REP> Launch Manager 01/01/2003 22:06 <REP> Ligos 06/04/2005 14:39 <REP> ltmoh 18/08/2007 13:07 <REP> Magic Workstation 09/03/2006 18:47 <REP> Media Player Classic 13/09/2004 19:23 <REP> Messenger 15/04/2005 21:14 <REP> Messenger Plugin 06/11/2007 12:13 <REP> Messenger Plus! Live 26/12/2007 23:26 <REP> Microsoft CAPICOM 2.1.0.2 13/09/2004 19:26 <REP> microsoft frontpage 07/04/2005 02:18 <REP> Microsoft Office 06/04/2005 14:43 <REP> Microsoft Works 13/09/2004 19:24 <REP> Movie Maker 13/09/2004 19:22 <REP> MSN 13/09/2004 19:23 <REP> MSN Gaming Zone 26/04/2005 18:49 <REP> MSN Messenger 08/10/2007 23:09 <REP> MSXML 4.0 03/02/2008 13:14 <REP> Navilog1 13/09/2004 19:24 <REP> NetMeeting 01/01/2003 22:05 <REP> NewTech Infosystems 06/09/2005 10:44 <REP> Nikon 18/04/2005 11:47 <REP> Norton AntiVirus 13/09/2004 19:23 <REP> Online Services 11/12/2005 22:21 <REP> OpenOffice.org 2.0 02/02/2008 21:18 <REP> Opera 13/09/2004 19:24 <REP> Outlook Express 03/02/2008 14:05 <REP> p2pnetworks 26/04/2005 19:01 <REP> Philips ToUcam Camera 17/11/2007 22:14 <REP> PhotoFiltre Studio 30/07/2007 15:23 <REP> Project64 1.6 18/08/2006 20:04 <REP> Project64 v1.5 06/10/2007 17:51 <REP> QuickTime 12/04/2005 19:30 <REP> SAGEM 07/10/2007 12:22 <REP> Samsung 13/09/2004 19:25 <REP> Services en ligne 20/04/2005 17:10 <REP> Sierra On-Line 27/01/2008 12:44 <REP> Spybot - Search & Destroy 18/04/2005 11:46 <REP> Symantec 26/04/2005 16:51 <REP> SymNetDrv 01/01/2003 21:53 <REP> Synaptics 08/04/2005 13:10 <REP> Thomson 02/02/2008 21:14 <REP> Trend Micro 01/01/2003 21:53 <REP> VIAudioi 15/10/2005 19:38 <REP> VirtualNetwork 08/04/2005 13:09 <REP> Wanadoo 13/11/2005 13:43 <REP> Wanadoo Jeux 12/04/2005 19:29 <REP> Wanadoo Messager 06/11/2007 12:13 <REP> Windows Live 25/12/2007 10:50 <REP> Windows Live Favorites 02/02/2008 13:36 <REP> Windows Live Safety Center 25/12/2007 10:50 <REP> Windows Live Toolbar 15/10/2007 18:41 <REP> Windows Media Connect 2 13/09/2004 19:23 <REP> Windows Media Player 13/09/2004 19:22 <REP> Windows NT 22/09/2007 20:58 <REP> WinRAR 17/11/2007 09:38 <REP> WinZip 29/10/2007 18:17 <REP> World of Warcraft 13/09/2004 19:27 <REP> xerox 20/08/2005 15:50 <REP> XnView 0 fichier(s) 0 octets 95 Rép(s) 13 064 552 448 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0A2A-1AD4 Répertoire de C:\Program Files\fichiers communs 13/09/2004 19:18 <REP> . 13/09/2004 19:18 <REP> .. 13/09/2004 19:18 <REP> Microsoft Shared 13/09/2004 19:18 <REP> SpeechEngines 13/09/2004 19:18 <REP> ODBC 13/09/2004 19:24 <REP> System 13/09/2004 19:24 <REP> MSSoap 13/09/2004 19:24 <REP> Services 01/01/2003 21:51 <REP> InstallShield 07/04/2005 02:19 <REP> DESIGNER 09/04/2005 12:29 <REP> Nikon 14/04/2005 13:23 <REP> Adobe 18/04/2005 11:46 <REP> Symantec Shared 02/06/2007 19:09 <REP> Java 06/10/2007 17:50 <REP> Apple 0 fichier(s) 0 octets 15 Rép(s) 13 064 552 448 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0A2A-1AD4 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 13/09/2004 19:31 <REP> . 13/09/2004 19:31 <REP> .. 07/03/2001 07:00 127 033 MSOWS40c.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/04/2005 02:19 <REP> 1036 11/07/2003 02:25 80 448 PKMWS.DLL 07/04/2005 02:19 <REP> 1033 20/09/2005 12:33 1 293 008 MSONSEXT.DLL 22/03/2007 19:29 39 256 MSOSV.DLL 5 fichier(s) 1 662 682 octets 4 Rép(s) 13 064 552 448 octets libres c:\Documents and Settings\All Users\Application Data\BSD\Heredis9\Arbre3D.exe c:\Documents and Settings\All Users\Application Data\BSD\Heredis9\HTML\h8html.exe c:\Documents and Settings\christine\Local Settings\Temporary Internet Files\Content.IE5\9PY31X6G\fixcallback[1].exe c:\Documents and Settings\christine\Local Settings\Temporary Internet Files\Content.IE5QJ5DIJB\wssl49[1].exe c:\Documents and Settings\christine\Mes documents\Mes images\xnview_xnview_1.80.1_francais_9667.exe c:\Documents and Settings\christine\Mes documents\christine.rigault2\InstallationTetrisWanadoo1.0.1.0.exe c:\Documents and Settings\christine\Mes documents\christine.rigault2\InstallationTicTacToeWanadoo1.0.1.0.exe c:\Documents and Settings\christine\Mes documents\Warcraft III Demo\BNUpdate.exe c:\Documents and Settings\christine\Mes documents\Warcraft III Demo\War3Demo.exe c:\Documents and Settings\christine\Mes documents\Warcraft III Demo\Warcraft III Demo.exe c:\Documents and Settings\christine\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe c:\Documents and Settings\christine\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe c:\Documents and Settings\christine\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe c:\Documents and Settings\christine\Application Data\Microsoft\Installer\{C619B312-19F3-460A-9F7B-443248379F18}\ARPPRODUCTICON.exe c:\Documents and Settings\christine\Application Data\U3\temp\cleanup.exe c:\Documents and Settings\christine\Application Data\LimeWire\.NetworkShare\LimeWireWin4.14.10.exe c:\Documents and Settings\christine\Bureau\SDFix.exe c:\Documents and Settings\christine\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\christine\Bureau\DiagHelp\diff.exe c:\Documents and Settings\christine\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\christine\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\christine\Bureau\DiagHelp\find2.exe c:\Documents and Settings\christine\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\christine\Bureau\DiagHelp\grep.exe c:\Documents and Settings\christine\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\christine\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\christine\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\christine\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\christine\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\christine\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\christine\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\christine\Bureau\DiagHelp\streams.exe c:\Documents and Settings\christine\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\christine\Bureau\DiagHelp\tar.exe c:\Documents and Settings\christine\Bureau\MSNFix\incl\MD5File.exe c:\Documents and Settings\christine\Bureau\MSNFix\incl\Process.exe c:\Documents and Settings\christine\Bureau\MSNFix\incl\setpath.exe c:\Documents and Settings\christine\Bureau\MSNFix\incl\swreg.exe c:\Documents and Settings\christine\Bureau\MSNFix\incl\zip.exe c:\Documents and Settings\christine\Bureau\fichiers_nettoy_avant0602\HJTInstall.exe c:\Documents and Settings\christine\Bureau\fichiers_nettoy_avant0602\sfp.exe c:\Documents and Settings\Administrateur\Bureau\Navilog1.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix.exe c:\Documents and Settings\Administrateur\Bureau\VirtumundoBeGone.exe c:\Documents and Settings\Administrateur\Bureau\VundoFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\IEDFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\VACFix.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\christine\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\christine\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_ACER-1916361FFD.tar.gz a l'adresse http://upload.malekal.com
  24. clache
    J'ai du merder un peu, il me semble qu'i y a un peu trop de choses, c'est une copie de a page HTM?? Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 Warning: you seem to have javascript disabled. This is necessary for the display of results. File to upload & scan: Service Service load: 0% 100% File: tcpip.sys Status: INCONCLUSIVE (scan still in progress) MD5: ecf02439fd31bbd0dbc2ec05600cf08a Packers detected: Analyzing... Bit9 reports: File not found Scanner results Scan taken on 06 Feb 2008 20:41:09 (GMT) A-Squared Scanning, please wait... AntiVir Scanning, please wait... ArcaVir Scanning, please wait... Avast Scanning, please wait... AVG Antivirus Scanning, please wait... BitDefender Scanning, please wait... ClamAV Scanning, please wait... CPsecure Scanning, please wait... Dr.Web Scanning, please wait... F-Prot Antivirus Scanning, please wait... F-Secure Anti-Virus Scanning, please wait... Fortinet Scanning, please wait... Ikarus Scanning, please wait... Kaspersky Anti-Virus Scanning, please wait... NOD32 Scanning, please wait... Norman Virus Control Scanning, please wait... Panda Antivirus Scanning, please wait... Rising Antivirus Scanning, please wait... Sophos Antivirus Scanning, please wait... VirusBuster Scanning, please wait... VBA32 Scanning, please wait... Powered by Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by HotelScraper.com. -------------------------------------------------------------------------------- Statistics Last file scanned at least one scanner reported something about: _dy41.exe (MD5: 5af09771ef7f71ec89af87912f1a8480, size: 711168 bytes), detected by: Scanner Malware name A-Squared X AntiVir TR/Dropper.Gen ArcaVir X Avast X AVG Antivirus Packed.Hupigon BitDefender X ClamAV Trojan.Packed-114 CPsecure X Dr.Web X F-Prot Antivirus X F-Secure Anti-Virus Packed.Win32.Klone.ao Fortinet X Ikarus Virus.Win32.Hupigon.DMT Kaspersky Anti-Virus Packed.Win32.Klone.ao NOD32 X Norman Virus Control Hupigon.gen203 Panda Antivirus X Rising Antivirus X Sophos Antivirus X VirusBuster X VBA32 X You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service.
  25. clache
    SDFix: Version 1.137 Run by christine on 06/02/2008 at 21:29 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: CcEvtSvc Path: %SystemRoot%\System32\CcEvtSvc.exe -k netsvcs CcEvtSvc - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\hotporn.exe - Deleted C:\WINDOWS\ie_32.exe - Deleted Removing Temp Files... ADS Check: Final Check: catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-06 21:34:44 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run ToUcamVProperty = C:\PROGRA~1\PHILIP~1\VProperty.exe??~?1?\?V?P?r?o?p?e?r?t?y?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\DOCUME~1\\CHRIST~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\CHRIST~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2" "C:\\Documents and Settings\\christine\\lgepfc.exe"="C:\\Documents and Settings\\christine\\lgepfc.exe:*:Enabled:Windows Service" "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost" "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Documents and Settings\\christine\\Mes documents\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\christine\\Mes documents\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire" "C:\\Documents and Settings\\christine\\Bureau\\clement\\LimeWire\\LimeWire.exe"="C:\\Documents and Settings\\christine\\Bureau\\clement\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Wed 1 Jan 2003 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll" Wed 6 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll" Wed 6 Apr 2005 1,024 ...HR --- "C:\WINDOWS\system32\ntiembed.dll" Sat 26 Jan 2008 38,400 ..SHR --- "C:\WINDOWS\system32\2052d.exe" Sat 26 Jan 2008 20,480 A.SH. --- "C:\WINDOWS\system32\lz32w.dll" Tue 20 Apr 2004 51,712 ..SHR --- "C:\Program Files\ATMA V\Setup.exe" Thu 14 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Wed 20 Jun 2007 248 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti1.tmp" Mon 15 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Finished!
×
×
  • Créer...