flowstylz
-
Compteur de contenus
114 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par flowstylz
-
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
non il ne me le détecte plus -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
# version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3489 (20081002) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=5a5b8f401c21bf4782037116af282de4 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-10-02 02:45:58 # local_time=2008-10-02 04:45:58 (+0100, Paris, Madrid) # country="France" # osver=5.1.2600 NT Service Pack 3 # scanned=197555 # found=0 # scan_time=14214 -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
Fichier windnll reçu le 2008.10.02 11:46:09 (CET) Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE Résultat: 0/36 (0%) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.10.2.0 2008.10.02 - AntiVir 7.8.1.34 2008.10.02 - Authentium 5.1.0.4 2008.10.02 - Avast 4.8.1248.0 2008.10.01 - AVG 8.0.0.161 2008.10.01 - BitDefender 7.2 2008.10.02 - CAT-QuickHeal 9.50 2008.10.01 - ClamAV 0.93.1 2008.10.02 - DrWeb 4.44.0.09170 2008.10.02 - eSafe 7.0.17.0 2008.10.01 - eTrust-Vet 31.6.6121 2008.10.02 - Ewido 4.0 2008.10.01 - F-Prot 4.4.4.56 2008.09.30 - F-Secure 8.0.14332.0 2008.10.02 - Fortinet 3.113.0.0 2008.10.02 - GData 19 2008.10.02 - Ikarus T3.1.1.34.0 2008.10.02 - K7AntiVirus 7.10.479 2008.10.01 - Kaspersky 7.0.0.125 2008.10.02 - McAfee 5396 2008.10.02 - Microsoft 1.4005 2008.10.02 - NOD32 3489 2008.10.02 - Norman 5.80.02 2008.10.01 - Panda 9.0.0.4 2008.10.02 - PCTools 4.4.2.0 2008.10.01 - Prevx1 V2 2008.10.02 - Rising 20.63.62.00 2008.09.28 - SecureWeb-Gateway 6.7.6 2008.10.02 - Sophos 4.34.0 2008.10.02 - Sunbelt 3.1.1668.1 2008.09.24 - Symantec 10 2008.10.02 - TheHacker 6.3.0.9.098 2008.10.01 - TrendMicro 8.700.0.1004 2008.10.02 - VBA32 3.12.8.6 2008.10.02 - ViRobot 2008.10.1.1402 2008.10.02 - VirusBuster 4.5.11.0 2008.10.01 - Information additionnelle File size: 2645 bytes MD5...: f94f069abe46b91418d60d4b7d66b458 SHA1..: 82a5e7eacdc0e316572bb6ccb4af2e5097871eb6 SHA256: bfc259a226a4fac6d76d2cdee5748285ff45cbc1aeed3a8dcdd0d4b57a456d59 SHA512: d0458472bafec6315bf70f468257a62f22f893d7e7129767d72bc8928185a3c4 4e5f7d509cd134a8ac00531d2b6eaae75c9e70c665d880c01f487f0610200cfb PEiD..: - TrID..: File type identification MP3 audio (100.0%) PEInfo: - -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
je suis arriver à virer cette icône en la supprimant à la main elle ne revient plus -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
ce fameux malwarecore se trouverait apparament dans démarrer et tous les programmes de toutes les sessions de l'ordinateur alors que tout au début il se trouvait sur une seule et même session! on peut le voir sous la forme de cette icône que j'ai entouré en rouge après le passage de spybot elle n'y est plus mais quand je redémarre l'ordi ça revient! voilà si ça peut te donner des indices ou t'aider! merci au fait pour ton aide! -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
voici le rapport combofix ComboFix 08-09-20.05 - florent 2008-09-21 16:01:40.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.143 [GMT 2:00] Lancé depuis: E:\Documents and Settings\florent\Bureau\Fixcombo.exe * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-21 au 2008-09-21 )))))))))))))))))))))))))))))))))))) . 2008-09-21 15:09 . 2008-09-19 12:26 82,944 --a------ E:\WINDOWS\system32\o4Patch.exe 2008-09-20 11:30 . 2008-09-21 14:59 <REP> d-------- E:\Program Files\Steam 2008-09-11 20:09 . 2008-09-11 20:09 <REP> d-------- E:\Documents and Settings\florent\dMSN 2008-09-11 20:05 . 2008-09-11 20:12 <REP> d--h----- E:\Program Files\Zero G Registry 2008-09-11 20:05 . 2008-09-11 20:05 <REP> d--h----- E:\Documents and Settings\florent\InstallAnywhere 2008-09-08 18:36 . 2008-09-08 18:39 <REP> d-------- E:\Program Files\Pcsx2_0.9.4 2008-09-07 13:55 . 2008-04-13 19:33 21,504 --a------ E:\WINDOWS\system32\hidserv.dll 2008-09-07 13:55 . 2008-04-13 19:05 14,720 --a------ E:\WINDOWS\system32\drivers\kbdhid.sys 2008-08-31 18:15 . 2008-08-31 18:18 <REP> d-------- E:\Program Files\Notepad++ 2008-08-31 18:15 . 2008-08-31 18:33 <REP> d-------- E:\Documents and Settings\florent\Application Data\Notepad++ 2008-08-29 13:27 . 2008-08-29 13:27 268 --ah----- E:\sqmdata09.sqm 2008-08-29 13:27 . 2008-08-29 13:27 244 --ah----- E:\sqmnoopt09.sqm 2008-08-29 11:49 . 2008-08-29 11:49 268 --ah----- E:\sqmdata08.sqm 2008-08-29 11:49 . 2008-08-29 11:49 244 --ah----- E:\sqmnoopt08.sqm 2008-08-28 11:58 . 2008-08-28 11:58 <REP> d-------- E:\Documents and Settings\Kevin\Application Data\Comodo 2008-08-27 18:03 . 2008-08-27 18:03 249,592 --a------ E:\WINDOWS\system32\cssdll32.dll 2008-08-27 17:56 . 2008-08-27 18:03 <REP> d-------- E:\Program Files\COMODO 2008-08-27 17:56 . 2008-08-27 17:56 <REP> d-------- E:\Documents and Settings\florent\Application Data\Comodo 2008-08-27 17:56 . 2008-08-27 18:40 <REP> d-------- E:\Documents and Settings\All Users\Application Data\comodo 2008-08-27 17:56 . 2008-08-27 17:56 143,104 --a------ E:\WINDOWS\system32\guard32.dll 2008-08-27 17:56 . 2008-08-27 17:56 87,056 --a------ E:\WINDOWS\system32\drivers\cmdguard.sys 2008-08-27 17:56 . 2008-08-27 17:56 24,208 --a------ E:\WINDOWS\system32\drivers\cmdhlp.sys 2008-08-27 11:24 . 2008-04-11 21:05 691,712 -----c--- E:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-27 11:24 . 2008-06-14 19:33 272,768 -----c--- E:\WINDOWS\system32\dllcache\bthport.sys 2008-08-27 11:24 . 2008-05-08 16:02 203,136 -----c--- E:\WINDOWS\system32\dllcache\rmcast.sys 2008-08-26 21:20 . 2008-08-26 21:20 <REP> d-------- E:\WINDOWS\system32\fr 2008-08-26 21:15 . 2008-08-26 21:21 <REP> d-------- E:\WINDOWS\ServicePackFiles 2008-08-25 17:15 . 2008-09-10 00:04 38,528 --a------ E:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-24 17:25 . 2008-09-21 15:34 2,758 --a------ E:\WINDOWS\system32\tmp.reg 2008-08-24 17:25 . 2008-08-24 17:56 0 --a------ E:\WINDOWS\system32\tmp.MSNFix 2008-08-24 17:24 . 2007-09-06 00:22 289,144 --a------ E:\WINDOWS\system32\VCCLSID.exe 2008-08-24 17:24 . 2006-04-27 17:49 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe 2008-08-24 17:24 . 2008-08-23 19:06 89,600 --a------ E:\WINDOWS\system32\AntiXPVSTFix.exe 2008-08-24 17:24 . 2008-05-29 09:35 86,528 --a------ E:\WINDOWS\system32\VACFix.exe 2008-08-24 17:24 . 2008-05-18 21:40 82,944 --a------ E:\WINDOWS\system32\IEDFix.exe 2008-08-24 17:24 . 2008-08-14 21:52 82,432 --a------ E:\WINDOWS\system32\IEDFix.C.exe 2008-08-24 17:24 . 2008-08-18 12:19 82,432 --a------ E:\WINDOWS\system32\404Fix.exe 2008-08-24 17:24 . 2003-06-05 21:13 53,248 --a------ E:\WINDOWS\system32\Process.exe 2008-08-24 17:24 . 2004-07-31 18:50 51,200 --a------ E:\WINDOWS\system32\dumphive.exe 2008-08-24 17:24 . 2007-10-04 00:36 25,600 --a------ E:\WINDOWS\system32\WS2Fix.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 14:11 --------- d-----w E:\Documents and Settings\florent\Application Data\Free Download Manager 2008-09-21 12:59 --------- d-----w E:\Documents and Settings\Kevin\Application Data\Free Download Manager 2008-09-21 11:28 --------- d-----w E:\Program Files\eMule 2008-09-18 15:23 --------- d-----w E:\Program Files\Malwarebytes' Anti-Malware 2008-09-17 19:30 --------- d-----w E:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-15 18:01 --------- d-----w E:\Program Files\Windows Live Safety Center 2008-09-11 10:19 --------- d-----w E:\Documents and Settings\florent\Application Data\Image Zone Express 2008-09-09 22:03 17,200 ----a-w E:\WINDOWS\system32\drivers\mbam.sys 2008-09-08 16:51 --------- d-----w E:\Program Files\Yahoo! 2008-08-31 21:21 --------- d-----w E:\Program Files\Messenger Plus! Live 2008-08-22 12:12 --------- d-----w E:\Program Files\Spybot - Search & Destroy 2008-08-13 19:35 --------- d-----w E:\Program Files\GIMP-2.0 2008-08-11 23:33 53,248 -c--a-w E:\WINDOWS\fados.exe 2008-08-06 11:04 --------- d-----w E:\Documents and Settings\All Users\Application Data\Microgaming 2008-08-06 11:04 --------- d-----w E:\Documents and Settings\All Users\Application Data\MGS 2008-08-05 17:24 --------- d-----w E:\Documents and Settings\florent\Application Data\eBookPro6 2008-07-31 17:34 --------- d-----w E:\Program Files\IMG-TXT 5 2008-07-31 11:14 --------- d-----w E:\Program Files\Fichiers communs\Atlence 2008-07-31 11:05 --------- d-----w E:\Program Files\fond-ecran-wallpaper 2008-07-31 11:04 --------- d-----w E:\Program Files\Mon Logiciel Gratuit 2008-07-24 15:23 --------- d-----w E:\Program Files\Java 2008-07-24 01:02 --------- d-----w E:\Program Files\Windows Live 2008-07-18 20:10 94,920 ----a-w E:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w E:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w E:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 -c--a-w E:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w E:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w E:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w E:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w E:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w E:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w E:\WINDOWS\system32\muweb.dll 2008-07-18 18:39 587,264 ----a-w E:\WINDOWS\WLXPGSS.SCR 2008-07-17 17:54 236,544 -c--a-w E:\WINDOWS\system32\msn hackerz 2008.exe 2008-07-07 20:28 253,952 ----a-w E:\WINDOWS\system32\es.dll 2008-06-24 16:44 74,240 ----a-w E:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 -c--a-w E:\WINDOWS\system32\wmpeffects.dll 2008-06-23 16:28 826,368 ----a-w E:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-03-27 14:12 1164600 --a--c--- E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "Free Download Manager"="E:\Program Files\Free Download Manager\fdm.exe" [2006-04-29 1990703] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] "msnmsgr"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] "TomTomHOME.exe"="E:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088] "MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2005-10-10 7286784] "avgnt"="E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-09-05 266497] "HP Software Update"="E:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 86016] "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SystrayORAHSS"="E:\Program Files\Orange HSS\Systray\SystrayApp.exe" [2007-07-24 94208] "ORAHSSSessionManager"="E:\Program Files\Orange HSS\SessionManager\SessionManager.exe" [2007-07-24 102400] "VirtualCloneDrive"="E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "COMODO Firewall Pro"="E:\Program Files\COMODO\Firewall\cfp.exe" [2008-08-27 1655552] "nwiz"="nwiz.exe" [2005-10-10 E:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-09-22 E:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="E:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 15360] "Free Download Manager"="E:\Program Files\Free Download Manager\fdm.exe" [2006-04-29 1990703] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="E:\WINDOWS\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801] "tscuninstall"="E:\WINDOWS\system32\tscupgrd.exe" [2004-12-07 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= E:\WINDOWS\system32\guard32.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a--c--- 2008-01-11 22:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2008-04-13 19:34 15360 E:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager] --a------ 2006-04-29 10:22 1990703 E:\Program Files\Free Download Manager\fdm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a--c--- 2007-02-07 16:21 54832 E:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] E:\Program Files\MSN Messenger\MsnMsgr.Exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [bU] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a--c--- 2005-10-10 15:49 7286784 E:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a--c--- 2005-10-10 15:49 86016 E:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a--c--- 2007-02-07 16:24 71216 E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a--c--- 2005-10-10 15:49 1519616 E:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2005-09-22 10:42 90112 E:\WINDOWS\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRFirstRun] --a------ 2008-04-13 19:33 67584 E:\WINDOWS\system32\srclient.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MDM"=2 (0x2) "odserv"=3 (0x3) "ose"=3 (0x3) "idsvc"=3 (0x3) "NMIndexingService"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "WMPNetworkSvc"=3 (0x3) "RichVideo"=2 (0x2) "NVSvc"=2 (0x2) "iPod Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "E:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "E:\\Program Files\\Mozilla Firefox\\firefox.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "E:\\WINDOWS\\system32\\dpvsetup.exe"= "E:\\Program Files\\eMule\\eMule.exe"= "E:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= "E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;E:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-08-27 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver;E:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-08-27 24208] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};E:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51 13560] S3 Boonty Games;Boonty Games;E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [ ] S3 NPF;NetGroup Packet Filter Driver;E:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1C4982F0-D45C-0ECB-0106-050807080003}] E:\WINDOWS\system32\windnll.exe . Contenu du dossier 'Tâches planifiées' . . ------- Examen supplémentaire ------- . O8 -: &Windows Live Search - E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 -: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 -: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 -: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 -: E&xporter vers Microsoft Excel - E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 16:11:47 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\E:\Program Files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs chargées dans les processus actifs --------------------- PROCESSUS: E:\WINDOWS\explorer.exe -> E:\WINDOWS\system32\nview.dll . Heure de fin: 2008-09-21 16:17:21 ComboFix-quarantined-files.txt 2008-09-21 14:16:58 Avant-CF: 9ÿ745ÿ526ÿ784 octets libres Après-CF: 9,644,056,576 octets libres 242 --- E O F --- 2008-09-10 17:25:10 -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
voilà le premier rapport Logfile of random's system information tool 1.02 (written by random/random) Run by florent at 2008-09-25 14:04:15 Microsoft Windows XP Professionnel Service Pack 3 System drive E: has 6 GB (11%) free of 53 GB Total RAM: 447 MB (29% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:05:22, on 25/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe E:\Program Files\COMODO\Firewall\cmdagent.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\WINDOWS\system32\nvsvc32.exe E:\Program Files\CyberLink\Shared files\RichVideo.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe E:\Program Files\COMODO\Firewall\cfp.exe E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe E:\WINDOWS\system32\rundll32.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Free Download Manager\fdm.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe E:\Program Files\TomTom HOME 2\HOMERunner.exe E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe E:\Documents and Settings\florent\Bureau\NisScript\mirc.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Documents and Settings\florent\Bureau\RSIT.exe E:\Program Files\trend micro\florent.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll (file missing) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe -- End of file - 10035 bytes ======Scheduled tasks folder====== E:\WINDOWS\tasks\AppleSoftwareUpdate.job E:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - E:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - E:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] SweetIM Toolbar Helper - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - E:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 1164600] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2005-10-10 7286784] "nwiz"=nwiz.exe /install [] "avgnt"=E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-09-05 266497] "HP Software Update"=E:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152] "SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112] "NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2005-10-10 86016] "SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "VirtualCloneDrive"=E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2006-04-29 94208] "COMODO Firewall Pro"=E:\Program Files\COMODO\Firewall\cfp.exe [2008-08-27 1655552] "RemoteControl"=E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-02-07 71216] "LanguageShortcut"=E:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-02-07 54832] "Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Free Download Manager"=E:\Program Files\Free Download Manager\fdm.exe [2006-04-29 1990703] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872] "msnmsgr"=E:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184] "TomTomHOME.exe"=E:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-05-06 202088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Nero BackItUp Scheduler 3"=2 "iPod Service"=3 E:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage BTTray.lnk - E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe HP Digital Imaging Monitor.lnk - E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"=" E:\WINDOWS\system32\guard32.dll " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] E:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "legalnoticecaption"= "legalnoticetext"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe"="E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD" "E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="E:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "E:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="E:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="E:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="E:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="E:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "E:\WINDOWS\system32\dpvsetup.exe"="E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "E:\Program Files\eMule\eMule.exe"="E:\Program Files\eMule\eMule.exe:*:Enabled:eMule" "E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "E:\Program Files\Windows Live\Messenger\livecall.exe"="E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" ======File associations====== .scr - config - "%1" /S ======List of files/folders created in the last 1 months====== 2008-09-25 14:04:17 ----D---- E:\Program Files\trend micro 2008-09-25 14:04:15 ----D---- E:\rsit 2008-09-25 10:37:14 ----A---- E:\WINDOWS\system32\tmp.txt 2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swxcacls.exe 2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swsc.exe 2008-09-25 10:36:32 ----A---- E:\WINDOWS\system32\swreg.exe 2008-09-25 10:16:42 ----A---- E:\WINDOWS\ntbtlog.txt 2008-09-24 09:48:34 ----A---- E:\WINDOWS\presf.txt 2008-09-24 09:38:20 ----D---- E:\Program Files\MSNFix 2008-09-23 15:42:32 ----D---- E:\Program Files\mIRC 2008-09-23 15:42:32 ----D---- E:\Documents and Settings\florent\Application Data\mIRC 2008-09-22 18:19:05 ----HDC---- E:\WINDOWS\ie8 2008-09-21 16:20:21 ----SHD---- E:\RECYCLER 2008-09-21 16:17:50 ----D---- E:\WINDOWS\temp 2008-09-21 16:17:27 ----A---- E:\ComboFix.txt 2008-09-21 15:54:48 ----D---- E:\Fixcombo 2008-09-21 15:10:39 ----A---- E:\rapport.txt 2008-09-21 15:09:58 ----A---- E:\WINDOWS\system32\o4Patch.exe 2008-09-20 11:30:12 ----D---- E:\Program Files\Steam 2008-09-11 20:05:44 ----HD---- E:\Program Files\Zero G Registry 2008-09-08 18:36:15 ----D---- E:\Program Files\Pcsx2_0.9.4 2008-09-07 13:55:26 ----A---- E:\WINDOWS\system32\hidserv.dll 2008-09-02 00:13:09 ----D---- E:\QooBox 2008-09-02 00:12:46 ----A---- E:\WINDOWS\zip.exe 2008-09-02 00:12:46 ----A---- E:\WINDOWS\VFind.exe 2008-09-02 00:12:46 ----A---- E:\WINDOWS\swsc.exe 2008-09-02 00:12:46 ----A---- E:\WINDOWS\swreg.exe 2008-09-02 00:12:46 ----A---- E:\WINDOWS\sed.exe 2008-09-02 00:12:46 ----A---- E:\WINDOWS\grep.exe 2008-09-02 00:12:46 ----A---- E:\WINDOWS\fdsv.exe 2008-09-02 00:12:45 ----A---- E:\WINDOWS\swxcacls.exe 2008-09-01 23:47:22 ----A---- E:\WINDOWS\msnfix.txt 2008-09-01 23:30:11 ----SHD---- E:\WINDOWS\CSC 2008-09-01 20:33:52 ----A---- E:\lopR.txt 2008-08-31 18:15:05 ----D---- E:\Program Files\Notepad++ 2008-08-31 18:15:05 ----D---- E:\Documents and Settings\florent\Application Data\Notepad++ 2008-08-27 18:03:39 ----A---- E:\WINDOWS\system32\cssdll32.dll 2008-08-27 17:56:17 ----D---- E:\Documents and Settings\florent\Application Data\Comodo 2008-08-27 17:56:13 ----D---- E:\Documents and Settings\All Users\Application Data\comodo 2008-08-27 17:56:13 ----A---- E:\WINDOWS\system32\guard32.dll 2008-08-27 17:56:09 ----D---- E:\Program Files\COMODO 2008-08-26 21:29:26 ----D---- E:\WINDOWS\Prefetch 2008-08-26 21:21:13 ----N---- E:\WINDOWS\system32\smtpapi.dll 2008-08-26 21:21:13 ----N---- E:\WINDOWS\system32\rwnh.dll 2008-08-26 21:21:13 ----N---- E:\WINDOWS\system32\comsdupd.exe 2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati3duag.dll 2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati3d1ag.dll 2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati2dvag.dll 2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati2dvaa.dll 2008-08-26 21:21:08 ----N---- E:\WINDOWS\system32\ati2cqag.dll 2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\bitsprx4.dll 2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\azroles.dll 2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\ativvaxx.dll 2008-08-26 21:21:07 ----N---- E:\WINDOWS\system32\ativtmxx.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3svc.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3msm.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3gpclnt.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3dlg.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3cfg.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dot3api.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dimsroam.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dimsntfy.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\dhcpqec.dll 2008-08-26 21:21:06 ----N---- E:\WINDOWS\system32\credssp.dll 2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eappprxy.dll 2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eapphost.dll 2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eappgnui.dll 2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eappcfg.dll 2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eapp3hst.dll 2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\eapolqec.dll 2008-08-26 21:21:05 ----N---- E:\WINDOWS\system32\dot3ui.dll 2008-08-26 21:21:04 ----N---- E:\WINDOWS\system32\eapsvc.dll 2008-08-26 21:21:04 ----N---- E:\WINDOWS\system32\eapqec.dll 2008-08-26 21:21:03 ----N---- E:\WINDOWS\system32\hsfcisp2.dll 2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdpash.dll 2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdnepr.dll 2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdiultn.dll 2008-08-26 21:21:01 ----N---- E:\WINDOWS\system32\kbdbhc.dll 2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\mmcfxcommon.dll 2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\mmcex.dll 2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\microsoft.managementconsole.dll 2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\mdmxsdk.dll 2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\l2gpstore.dll 2008-08-26 21:21:00 ----N---- E:\WINDOWS\system32\kmsvc.dll 2008-08-26 21:20:59 ----N---- E:\WINDOWS\system32\mmcperf.exe 2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\napstat.exe 2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\napmontr.dll 2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\napipsec.dll 2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\mtxparhd.dll 2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\msshavmsg.dll 2008-08-26 21:20:58 ----N---- E:\WINDOWS\system32\mssha.dll 2008-08-26 21:20:57 ----N---- E:\WINDOWS\system32\onex.dll 2008-08-26 21:20:56 ----N---- E:\WINDOWS\system32\qcliprov.dll 2008-08-26 21:20:56 ----N---- E:\WINDOWS\system32\qagentrt.dll 2008-08-26 21:20:56 ----N---- E:\WINDOWS\system32\qagent.dll 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slserv.exe 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slrundll.exe 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slgen.dll 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slextspk.dll 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\slcoinst.dll 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\setupn.exe 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\s3gnb.dll 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\rasqec.dll 2008-08-26 21:20:55 ----N---- E:\WINDOWS\system32\qutil.dll 2008-08-26 21:20:53 ----N---- E:\WINDOWS\system32\tspkg.dll 2008-08-26 21:20:52 ----N---- E:\WINDOWS\system32\wlanapi.dll 2008-08-26 21:20:50 ----N---- E:\WINDOWS\slrundll.exe 2008-08-26 21:20:46 ----D---- E:\Program Files\msn 2008-08-26 21:20:45 ----D---- E:\WINDOWS\system32\fr 2008-08-26 21:20:45 ----D---- E:\WINDOWS\l2schemas 2008-08-26 21:20:44 ----D---- E:\WINDOWS\system32\bits 2008-08-26 21:15:58 ----D---- E:\WINDOWS\ServicePackFiles 2008-08-26 21:05:37 ----HDC---- E:\WINDOWS\$NtServicePackUninstall$ ======List of files/folders modified in the last 1 months====== 2008-09-25 14:04:17 ----RD---- E:\Program Files 2008-09-25 14:04:08 ----D---- E:\Documents and Settings\florent\Application Data\Free Download Manager 2008-09-25 13:49:40 ----D---- E:\Program Files\Mozilla Firefox 2008-09-25 10:53:39 ----D---- E:\Program Files\Orange HSS 2008-09-25 10:53:22 ----D---- E:\Program Files\Fichiers communs 2008-09-25 10:50:17 ----D---- E:\WINDOWS\system32 2008-09-25 10:38:56 ----D---- E:\WINDOWS 2008-09-25 10:34:13 ----A---- E:\WINDOWS\SchedLgU.Txt 2008-09-25 02:56:25 ----D---- E:\WINDOWS\system32\CatRoot2 2008-09-25 02:51:21 ----D---- E:\WINDOWS\system32\LogFiles 2008-09-25 02:51:19 ----D---- E:\WINDOWS\Debug 2008-09-25 00:27:13 ----D---- E:\Program Files\Windows Live Safety Center 2008-09-25 00:27:12 ----HD---- E:\WINDOWS\inf 2008-09-25 00:05:51 ----D---- E:\Program Files\eMule 2008-09-24 18:27:31 ----AC---- E:\WINDOWS\NeroDigital.ini 2008-09-24 13:34:39 ----D---- E:\WINDOWS\system32\drivers 2008-09-23 11:17:42 ----SHD---- E:\WINDOWS\Installer 2008-09-23 11:17:16 ----HD---- E:\Config.Msi 2008-09-23 11:17:14 ----D---- E:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-22 18:27:56 ----D---- E:\WINDOWS\system32\fr-fr 2008-09-22 18:27:55 ----RSHDC---- E:\WINDOWS\system32\dllcache 2008-09-22 18:27:55 ----D---- E:\WINDOWS\Media 2008-09-22 18:27:55 ----D---- E:\WINDOWS\Help 2008-09-22 18:27:55 ----D---- E:\Program Files\Internet Explorer 2008-09-21 16:32:04 ----N---- E:\WINDOWS\system.ini 2008-09-21 16:32:04 ----AC---- E:\WINDOWS\win.ini 2008-09-21 16:16:34 ----D---- E:\WINDOWS\repair 2008-09-21 16:07:01 ----D---- E:\WINDOWS\AppPatch 2008-09-21 00:31:54 ----SD---- E:\WINDOWS\Downloaded Program Files 2008-09-18 17:23:27 ----D---- E:\Program Files\Malwarebytes' Anti-Malware 2008-09-11 12:19:50 ----D---- E:\Documents and Settings\florent\Application Data\Image Zone Express 2008-09-10 19:16:00 ----D---- E:\WINDOWS\WinSxS 2008-09-09 00:22:42 ----A---- E:\WINDOWS\system32\ieframe.dll.mui 2008-09-09 00:21:12 ----A---- E:\WINDOWS\system32\advpack.dll.mui 2008-09-08 18:51:23 ----D---- E:\Program Files\Yahoo! 2008-09-02 00:13:49 ----D---- E:\WINDOWS\ERDNT 2008-09-01 18:13:17 ----D---- E:\Documents and Settings 2008-08-31 23:21:12 ----D---- E:\Program Files\Messenger Plus! Live 2008-08-30 16:14:15 ----D---- E:\WINDOWS\security 2008-08-27 17:36:47 ----D---- E:\WINDOWS\system32\CatRoot 2008-08-27 11:24:28 ----HD---- E:\WINDOWS\$hf_mig$ 2008-08-26 22:28:12 ----AC---- E:\WINDOWS\system32\MRT.exe 2008-08-26 21:31:33 ----AC---- E:\WINDOWS\system32\PerfStringBackup.INI 2008-08-26 21:28:47 ----D---- E:\WINDOWS\system32\Setup 2008-08-26 21:28:47 ----D---- E:\Program Files\Messenger 2008-08-26 21:28:46 ----D---- E:\WINDOWS\system32\wbem 2008-08-26 21:28:45 ----RSD---- E:\WINDOWS\Fonts 2008-08-26 21:21:15 ----D---- E:\WINDOWS\ehome 2008-08-26 21:21:12 ----D---- E:\WINDOWS\system32\inetsrv 2008-08-26 21:21:12 ----D---- E:\WINDOWS\network diagnostic 2008-08-26 21:21:11 ----D---- E:\WINDOWS\ime 2008-08-26 21:20:49 ----D---- E:\WINDOWS\system32\usmt 2008-08-26 21:20:44 ----D---- E:\WINDOWS\PeerNet 2008-08-26 21:20:44 ----D---- E:\Program Files\Movie Maker 2008-08-26 21:15:39 ----D---- E:\WINDOWS\system32\Restore 2008-08-26 21:15:39 ----D---- E:\WINDOWS\system32\npp 2008-08-26 21:15:37 ----D---- E:\WINDOWS\msagent 2008-08-26 21:15:35 ----D---- E:\WINDOWS\srchasst 2008-08-26 21:15:34 ----D---- E:\Program Files\NetMeeting 2008-08-26 21:15:32 ----D---- E:\WINDOWS\system32\Com 2008-08-26 21:15:28 ----D---- E:\Program Files\Windows Media Player 2008-08-26 21:15:27 ----D---- E:\Program Files\Windows NT 2008-08-26 21:15:27 ----D---- E:\Program Files\Outlook Express 2008-08-26 21:15:23 ----D---- E:\Program Files\Fichiers communs\System 2008-08-26 21:14:55 ----D---- E:\WINDOWS\system32\oobe 2008-08-26 21:14:51 ----D---- E:\WINDOWS\system ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008] R1 avgio;avgio; \??\E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; E:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-09-05 75072] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver; E:\WINDOWS\System32\DRIVERS\cmdguard.sys [2008-08-27 87056] R1 cmdHlp;COMODO Firewall Pro Helper Driver; E:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2008-08-27 24208] R1 ElbyCDIO;ElbyCDIO Driver; E:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160] R1 kbdhid;Pilote HID de clavier; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720] R1 ssmdrv;ssmdrv; E:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 VClone;VClone; E:\WINDOWS\system32\DRIVERS\VClone.sys [2008-05-30 25344] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\E:\Program Files\CyberLink\PowerDVD\000.fcl [] R2 tmcomm;tmcomm; \??\E:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680] R3 avgntflt;avgntflt; \??\E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 BTKRNL;Enumérateur de bus Bluetooth; E:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-08-24 1341466] R3 ElbyDelay;ElbyDelay; E:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984] R3 HidUsb;Pilote de classe HID Microsoft; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Pilote HID de souris; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288] R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-10-10 3530432] R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048] R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928] R3 usbaudio;Pilote USB audio (WDM); E:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; E:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 32128] S3 btaudio;Périphérique audio Bluetooth; E:\WINDOWS\system32\drivers\btaudio.sys [2005-08-24 401152] S3 BTDriver;Pilote de communications virtuelles Bluetooth; E:\WINDOWS\system32\DRIVERS\btport.sys [2005-08-24 30363] S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; E:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-08-24 148040] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; E:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-24 56648] S3 catchme;catchme; \??\E:\DOCUME~1\florent\LOCALS~1\Temp\catchme.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; E:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; E:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; E:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568] S3 nm;Pilote du Moniteur réseau; E:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; E:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCANDIS5.SYS [] S3 usbprint;Classe d'imprimantes USB Microsoft; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-09-05 68865] R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-09-05 149761] R2 btwdins;Bluetooth Service; E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe [2005-08-24 258103] R2 cmdAgent;COMODO Firewall Pro Helper Service; E:\Program Files\COMODO\Firewall\cmdagent.exe [2008-08-27 519936] R2 MDM;Machine Debug Manager; E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2005-10-10 131139] R2 RichVideo;Cyberlink RichVideo Service(CRVS); E:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-02-07 173616] R3 NMIndexingService;NMIndexingService; E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752] S2 Pml Driver HPZ12;Pml Driver HPZ12; E:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] S3 aspnet_state;Service d'état ASP.NET; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Boonty Games;Boonty Games; E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864] S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376] S3 NBService;NBService; E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-11-28 800040] S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); E:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; E:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S3 WLSetupSvc;Windows Live Setup Service; E:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880] -----------------EOF----------------- voilà le deuxième rapport info.txt logfile of random's system information tool 1.02 2008-09-25 14:05:28 ======Uninstall list====== -->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->E:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->E:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL -->E:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL -->E:\WINDOWS\UNNeroShowTime.exe /UNINSTALL -->E:\WINDOWS\UNNeroVision.exe /UNINSTALL -->E:\WINDOWS\UNRecode.exe /UNINSTALL -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {957E4620-59C2-4D3E-9B6D-5F024803E7D8} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player-->E:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Athlon 64 Processor Driver-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c Avira AntiVir Personal - Free Antivirus-->E:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Barre d'outils Outlook de Windows Live (Windows Live Toolbar)-->MsiExec.exe /X{4002F73D-EBB3-4EA1-A2FF-DBCB4529759E} Belkin Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679} Bloqueur de fenêtres pop-up (Windows Live Toolbar)-->MsiExec.exe /X{51F366F4-C2E4-429A-866A-59C885ED42FD} CCleaner (remove only)-->"E:\Program Files\CCleaner\uninst.exe" COMODO Firewall Pro-->E:\Program Files\COMODO\Firewall\cfpconfg.exe -u Correctif pour Windows Internet Explorer 7 (KB947864)-->"E:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Counter-Strike: Source-->"E:\Program Files\Steam\steam.exe" steam://uninstall/240 Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{175B7C4A-CAF8-437A-B597-73E0D2D970FE} DivX Codec-->E:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->E:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->E:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EasyCleaner-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly eMule-->"E:\Program Files\eMule\Uninstall.exe" Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{D518AD32-C710-4616-BA0D-D4B1FA5F82E8} Free Download Manager 2.0-->"E:\Program Files\Free Download Manager\unins000.exe" Galerie de photos Windows Live-->MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068} GIMP 2.4.6-->"E:\Program Files\GIMP-2.0\setup\unins000.exe" HijackThis 2.0.2-->"E:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->E:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840} HP Customer Participation Program 7.0-->E:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 7.0-->E:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Photosmart, Officejet and Deskjet 7.0.A-->E:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0-->E:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat IMG-TXT 5-->"E:\Program Files\IMG-TXT 5\uninstall.exe" Java 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lecteur Windows Media 11-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall livebox-->E:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe -runfromtemp -l0x040c -removeonly Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{3585ED1C-74C5-43B0-A232-831B96A12A2B} Messenger Plus! Live & Sponsor (CiD)-->"E:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659} Microsoft .NET Framework 3.0-->e:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003} Microsoft Compression Client Pack 1.0 for Windows XP-->"E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"E:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"E:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"E:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC-->E:\Program Files\mIRC\uninstall.exe _?=E:\Program Files\mIRC Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"E:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"E:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"E:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"E:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923789)-->E:\WINDOWS\system32\MacroMed\Flash\genuinst.exe E:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->e:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe Mozilla Firefox (3.0.2)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D} Navigation par onglets (Windows Live Toolbar)-->MsiExec.exe /X{E74559C2-BB47-45AD-83DD-0D66B67E7811} Nero 7 Premium-->MsiExec.exe /X{22FB6750-ADDF-4726-B67F-6901E1991036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Notepad++-->E:\Program Files\Notepad++\uninstall.exe NVIDIA Drivers-->E:\WINDOWS\system32\nvudisp.exe UninstallGUI OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{F242B06B-517F-4D62-B654-16B11564A912} PhotoFiltre-->"E:\Program Files\PhotoFiltre\Uninst.exe" PowerDVD-->"E:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x00040c /z-uninstall Realtek AC'97 Audio-->RunDll32 E:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly Security Update for 2007 Microsoft Office System (KB951596)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1AFF2298-CC00-4A3B-866A-C62B8373794E} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for Microsoft Office Excel 2007 (KB951546)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7399DD71-8E24-4E60-B6A8-6CED89C0AC26} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Spybot - Search & Destroy-->"E:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} SweetIM for Messenger 2.5-->MsiExec.exe /X{C3576005-01B0-4C25-AA5F-40134CC78C42} SweetIM Toolbar for Internet Explorer 3.1-->MsiExec.exe /X{59971D79-8111-42C2-9E40-883A0C277E78} TomTom HOME-->E:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb956080)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {96CC215F-3F22-4E1E-A101-F0041934A456} VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VideoLAN VLC media player 0.8.6f-->E:\Program Files\VideoLAN\VLC\uninstall.exe VirtualCloneDrive-->"E:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="E:\Program Files\Elaborate Bytes\VirtualCloneDrive" Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333} Windows Internet Explorer 8 Beta 2-->"E:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B} Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65} Windows Live OneCare safety scanner-->RunDll32.exe "E:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Toolbar-->"E:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Media Format 11 runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836} Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD} Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPcap 4.0.2-->E:\Program Files\WinPcap\uninstall.exe WinRAR archiver-->E:\Program Files\WinRar\uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"E:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" Xvid 1.1.3 final uninstall-->"E:\Program Files\Xvid\unins000.exe" YAMAHA SoftSynthesizer S-YXG70-->E:\WINDOWS\unin040c.exe -fE:\WINDOWS\DeIsL1.isu -c"E:\WINDOWS\system32\sxgunins.dll ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Avira AntiVir PersonalEdition FW: COMODO Firewall Pro ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
voici le log spybot: --- Report generated: 2008-08-21 16:47 --- Zlob.Downloader.rid: [sBI $A215F79F] Dossier Programme (Répertoire, fixed) E:\Program Files\RichVideoCodec\ --- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) --- 2008-01-28 blindman.exe (1.0.0.7) 2008-01-28 SDDelFile.exe (1.0.2.4) 2008-01-28 SDMain.exe (1.0.0.5) 2007-10-07 SDShred.exe (1.0.1.2) 2008-01-28 SDUpdate.exe (1.0.8. 2008-01-28 SDWinSec.exe (1.0.0.11) 2008-01-28 SpybotSD.exe (1.5.2.20) 2008-01-28 TeaTimer.exe (1.5.2.16) 2008-05-31 unins000.exe (51.49.0.0) 2008-01-28 Update.exe (1.4.0.6) 2008-01-28 advcheck.dll (1.5.4.5) 2007-04-02 aports.dll (2.1.0.0) 2007-11-17 DelZip179.dll (1.79.7.4) 2008-01-28 SDFiles.dll (1.5.1.19) 2008-01-28 SDHelper.dll (1.5.0.11) 2008-01-28 Tools.dll (2.1.3.3) 2008-08-05 Includes\Adware.sbi (*) 2008-08-12 Includes\AdwareC.sbi (*) 2008-06-03 Includes\Cookies.sbi (*) 2008-06-03 Includes\Dialer.sbi (*) 2008-08-05 Includes\DialerC.sbi (*) 2008-07-23 Includes\HeavyDuty.sbi (*) 2008-07-30 Includes\Hijackers.sbi (*) 2008-08-12 Includes\HijackersC.sbi (*) 2008-08-05 Includes\Keyloggers.sbi (*) 2008-08-12 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2008-08-05 Includes\Malware.sbi (*) 2008-08-12 Includes\MalwareC.sbi (*) 2008-08-05 Includes\PUPS.sbi (*) 2008-08-12 Includes\PUPSC.sbi (*) 2007-11-07 Includes\Revision.sbi (*) 2008-06-18 Includes\Security.sbi (*) 2008-08-12 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2008-08-12 Includes\Spyware.sbi (*) 2008-08-12 Includes\SpywareC.sbi (*) 2008-06-03 Includes\Tracks.uti 2008-08-05 Includes\Trojans.sbi (*) 2008-08-12 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll antivir m'a également trouvé une petite surprise! Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]' detected in file 'E:\Documents and Settings\florent\Local Settings\Temp\V21OFHf02400. Action performed: Delete file -
lu et approuvé lol
-
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
j'ai un petit problème au niveau de mes périphériques maintenant lecteur cd-rom inaccessible selon windows ainsi que mon imprimante qui ne fonctionne pas quand je veux imprimer! merci de ton aide! -
infecté par malwarecore
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
le probléme c'est que je trouve aucun log de cette date là! et ce qui est pire c'est que l'analyse que j'ai effectué avc spybot hier je ne trouve plus le log non plus! j'ai bien fait ce que tu m'a dis y'a des logs à l'intérieur mais pas ceux là! mon pc est super lent donc je pense qu'il est infecté! merci! -
bonsoir je vous explique la situation j'ai fait pas mal d'analyses et seul spybot m'a découvert malwarecore j'ai aussi antimalwarebytes qui ne l'a pas trouvé, ainsi que mon antivirus et un antivirus en ligne kapersky en l'occurrence rien n'a pu me détecter quoi que ce soit! voici mon hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:17, on 22/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe E:\Program Files\COMODO\Firewall\cmdagent.exe E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\WINDOWS\system32\nvsvc32.exe E:\Program Files\CyberLink\Shared files\RichVideo.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\WINDOWS\system32\rundll32.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\Program Files\Orange HSS\Systray\SystrayApp.exe E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe E:\Program Files\COMODO\Firewall\cfp.exe E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Free Download Manager\fdm.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\Program Files\TomTom HOME 2\HOMERunner.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Windows Live\Messenger\usnsvc.exe E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\Documents and Settings\florent\Bureau\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "E:\Program Files\Orange HSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] E:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LanguageShortcut] "E:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - E:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe -- End of file - 11605 bytes
-
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
ça à vérifier les fichiers ça m'a rien signalé de plus -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
j'ai essayer d'aller dans la clé de registre HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DocFolderPaths le problème c'est qu'apparament docfolderpaths n'existe plus y'a tout sauf ça! merci! donc évidemement je ne peux pas changer la valeur de la clé vu qu'elle n'existe plus -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
je n'arrive pas à télécharger zebrestore on me demande un nom d'utilisateur et un mot de passe! merci! -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
et ça continue Virus or unwanted program 'APPL/NirCmd.E.2.B [program]' detected in file 'E:\System Volume Information\_restore{85CE1B43-63F5-469A-9D90-2B103B807E25}\RP153\A0090996.com. Action performed: Delete file -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
ma soeur a viré msnfix et combofix donc on ne trouve plus de rapports par contre antivir m'a trouvé ça! Starting the file scan: Begin scan in 'C:\' Begin scan in 'E:\' E:\hiberfil.sys [WARNING] The file could not be opened! E:\pagefile.sys [WARNING] The file could not be opened! E:\Documents and Settings\Cindy_2\Application Data\seconddoesboob\Active Load User.exe [DETECTION] Is the TR/Obfuscated.392704.1 Trojan [NOTE] The file was moved to '49351845.qua'! E:\Documents and Settings\Cindy_2\Application Data\seconddoesboob\funkuploadmfcdlog.exe [DETECTION] Is the TR/Obfuscated.311808.3 Trojan [NOTE] The file was moved to '492f1864.qua'! E:\Documents and Settings\Cindy_2\Application Data\seconddoesboob\xrobzrmm.exe [DETECTION] Is the TR/Dldr.Agen.531968 Trojan [NOTE] The file was moved to '49301865.qua'! --> Object [DETECTION] Contains recognition pattern of the JOKE/Blinking joke [WARNING] The file was ignored! E:\System Volume Information\_restore{85CE1B43-63F5-469A-9D90-2B103B807E25}\RP153\A0090996.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application [WARNING] The file was ignored! E:\System Volume Information\_restore{85CE1B43-63F5-469A-9D90-2B103B807E25}\RP155\A0092464.exe [DETECTION] Is the TR/Dldr.Swizzor.HNV Trojan [WARNING] The file was ignored! E:\System Volume Information\_restore{85CE1B43-63F5-469A-9D90-2B103B807E25}\RP155\A0092466.exe [DETECTION] Is the TR/Obfuscated.392704.1 Trojan [NOTE] The file was moved to '48f12c3c.qua'! E:\System Volume Information\_restore{85CE1B43-63F5-469A-9D90-2B103B807E25}\RP155\A0092467.exe [DETECTION] Is the TR/Obfuscated.311808.3 Trojan [NOTE] The file was moved to '48f12c41.qua'! E:\System Volume Information\_restore{85CE1B43-63F5-469A-9D90-2B103B807E25}\RP155\A0092468.exe [DETECTION] Is the TR/Dldr.Agen.531968 Trojan [NOTE] The file was moved to '48f12c43.qua'! et pour zeb restore pour le télécharger on me demande un mot de passe je comprends pas pourquoi! merci! -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
combofix et msnfix supprime les infections quand elles sont présentes mais ils ne fournissent pas de rapport pour mes documents ça ne marche pas désolé! merci pour ton aide c'est cool -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
ben ça à l'air d'aller mieux! apparament msn était infecté j'ai donc utiliser msnfix et combofix m'a trouver des trucs que j'ai viré aussi! par contre y'a pas moyen que je récupére mon dossier? documents de florent? tiens voici mon Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:33:24, on 03/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe E:\Program Files\COMODO\Firewall\cmdagent.exe E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\Program Files\Orange HSS\Systray\SystrayApp.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe E:\Program Files\COMODO\Firewall\cfp.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Free Download Manager\fdm.exe E:\WINDOWS\System32\svchost.exe E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\Program Files\TomTom HOME 2\HOMERunner.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe E:\PROGRA~1\Belkin\LOGICI~1\BTSTAC~1.EXE E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Documents and Settings\florent\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "E:\Program Files\Orange HSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] E:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://www.orange.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe -- End of file - 11396 bytes -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
voici mon autre rapport --------------------\\ Lop S&D 4.2.3-8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 2600+ ) BIOS : Default System BIOS USER : florent ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated) Firewall : COMODO Firewall Pro 3.0 (Activated) "E:\Lop SD" ( MAJ : 31-08-2008|15:45 ) Option : [2] ( 03/09/2008|10:49 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - E:\DOCUME~1\florent\LOCALS~1\Temp\nsd330.tmp Supprime! - E:\DOCUME~1\florent\Cookies\florent@adopt.euroclick[2].txt \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [01/09/2008|23:31] E:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [23/05/2008|20:19] E:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [01/09/2008|23:31] E:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [23/05/2008|14:52] E:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [20/07/2008|08:57] E:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla [12/06/2008|17:38] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/05/2008|14:05] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [09/07/2008|23:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [24/05/2008|02:28] E:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [24/05/2008|01:18] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [24/05/2008|13:48] E:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [27/08/2008|18:40] E:\DOCUME~1\ALLUSE~1\APPLIC~1\comodo [23/05/2008|22:03] E:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [23/05/2008|20:19] E:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [24/05/2008|04:02] E:\DOCUME~1\ALLUSE~1\APPLIC~1\HP [24/05/2008|04:02] E:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log [30/05/2008|14:37] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [02/06/2008|19:38] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [03/06/2008|17:50] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [06/08/2008|13:04] E:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS [06/08/2008|13:04] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming [01/07/2008|20:41] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [31/08/2008|15:54] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [29/05/2008|13:59] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [25/05/2008|11:58] E:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA [25/05/2008|16:59] E:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [01/07/2008|20:44] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games [31/05/2008|02:29] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [12/07/2008|13:32] E:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM [01/07/2008|22:11] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [15/07/2008|14:14] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom [23/05/2008|14:55] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [25/05/2008|21:53] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [13/07/2008|16:51] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [27/05/2008|00:06] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [06/06/2008|01:20] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [24/05/2008|03:00] E:\DOCUME~1\Cindy\APPLIC~1\Adobe [23/05/2008|20:19] E:\DOCUME~1\Cindy\APPLIC~1\desktop.ini [24/05/2008|13:13] E:\DOCUME~1\Cindy\APPLIC~1\Free Download Manager [24/05/2008|12:56] E:\DOCUME~1\Cindy\APPLIC~1\HP [24/05/2008|02:55] E:\DOCUME~1\Cindy\APPLIC~1\Identities [24/05/2008|03:00] E:\DOCUME~1\Cindy\APPLIC~1\Macromedia [24/05/2008|19:43] E:\DOCUME~1\Cindy\APPLIC~1\Microsoft [24/05/2008|02:58] E:\DOCUME~1\Cindy\APPLIC~1\Mozilla [24/05/2008|19:55] E:\DOCUME~1\Cindy\APPLIC~1\Sun [24/05/2008|02:59] E:\DOCUME~1\Cindy\APPLIC~1\Talkback [23/05/2008|20:19] E:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [23/05/2008|14:52] E:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [15/06/2008|17:22] E:\DOCUME~1\florent\APPLIC~1\Adobe [01/06/2008|22:50] E:\DOCUME~1\florent\APPLIC~1\Ahead [27/08/2008|17:56] E:\DOCUME~1\florent\APPLIC~1\Comodo [23/05/2008|23:39] E:\DOCUME~1\florent\APPLIC~1\CyberLink [23/05/2008|20:19] E:\DOCUME~1\florent\APPLIC~1\desktop.ini [23/05/2008|23:43] E:\DOCUME~1\florent\APPLIC~1\DivX [05/08/2008|19:24] E:\DOCUME~1\florent\APPLIC~1\eBookPro6 [03/09/2008|10:51] E:\DOCUME~1\florent\APPLIC~1\Free Download Manager [06/06/2008|23:18] E:\DOCUME~1\florent\APPLIC~1\HP [23/05/2008|23:18] E:\DOCUME~1\florent\APPLIC~1\Identities [03/08/2008|19:20] E:\DOCUME~1\florent\APPLIC~1\Image Zone Express [28/05/2008|17:19] E:\DOCUME~1\florent\APPLIC~1\InstallShield [23/05/2008|23:35] E:\DOCUME~1\florent\APPLIC~1\Macromedia [02/06/2008|19:38] E:\DOCUME~1\florent\APPLIC~1\Malwarebytes [23/05/2008|23:43] E:\DOCUME~1\florent\APPLIC~1\Media Player Classic [03/08/2008|19:16] E:\DOCUME~1\florent\APPLIC~1\Microsoft [27/06/2008|13:56] E:\DOCUME~1\florent\APPLIC~1\Mozilla [31/08/2008|18:33] E:\DOCUME~1\florent\APPLIC~1\Notepad++ [24/05/2008|01:50] E:\DOCUME~1\florent\APPLIC~1\Real [24/05/2008|11:50] E:\DOCUME~1\florent\APPLIC~1\Sun [23/05/2008|23:19] E:\DOCUME~1\florent\APPLIC~1\Talkback [15/07/2008|14:23] E:\DOCUME~1\florent\APPLIC~1\TomTom [24/05/2008|00:29] E:\DOCUME~1\florent\APPLIC~1\vlc [24/05/2008|10:24] E:\DOCUME~1\florent\APPLIC~1\WinRAR [29/06/2008|16:41] E:\DOCUME~1\Kevin\APPLIC~1\Adobe [28/08/2008|11:58] E:\DOCUME~1\Kevin\APPLIC~1\Comodo [23/05/2008|20:19] E:\DOCUME~1\Kevin\APPLIC~1\desktop.ini [12/06/2008|09:11] E:\DOCUME~1\Kevin\APPLIC~1\DivX [31/08/2008|10:31] E:\DOCUME~1\Kevin\APPLIC~1\Free Download Manager [24/05/2008|13:30] E:\DOCUME~1\Kevin\APPLIC~1\HP [24/05/2008|13:29] E:\DOCUME~1\Kevin\APPLIC~1\Identities [29/06/2008|16:41] E:\DOCUME~1\Kevin\APPLIC~1\Macromedia [12/06/2008|09:11] E:\DOCUME~1\Kevin\APPLIC~1\Media Player Classic [24/08/2008|15:16] E:\DOCUME~1\Kevin\APPLIC~1\Microsoft [28/06/2008|09:13] E:\DOCUME~1\Kevin\APPLIC~1\Mozilla [24/05/2008|13:44] E:\DOCUME~1\Kevin\APPLIC~1\Talkback [24/05/2008|15:09] E:\DOCUME~1\Kevin\APPLIC~1\vlc [14/06/2008|13:12] E:\DOCUME~1\Kevin\APPLIC~1\WinRAR [24/05/2008|04:03] E:\DOCUME~1\LOCALS~1\APPLIC~1\HP [28/05/2008|00:47] E:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/05/2008|02:28] E:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [23/05/2008|22:46] E:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe [23/05/2008|22:03] E:\DOCUME~1\UTILIS~1\APPLIC~1\CyberLink [23/05/2008|16:40] E:\DOCUME~1\UTILIS~1\APPLIC~1\desktop.ini [23/05/2008|20:54] E:\DOCUME~1\UTILIS~1\APPLIC~1\DivX [23/05/2008|23:17] E:\DOCUME~1\UTILIS~1\APPLIC~1\Free Download Manager [24/05/2008|13:09] E:\DOCUME~1\UTILIS~1\APPLIC~1\HP [23/05/2008|18:43] E:\DOCUME~1\UTILIS~1\APPLIC~1\Identities [23/05/2008|22:46] E:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia [23/05/2008|20:54] E:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic [24/05/2008|02:28] E:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft [23/05/2008|22:44] E:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla [23/05/2008|15:20] E:\DOCUME~1\UTILIS~1\APPLIC~1\Nero [23/05/2008|22:50] E:\DOCUME~1\UTILIS~1\APPLIC~1\Sun [23/05/2008|22:44] E:\DOCUME~1\UTILIS~1\APPLIC~1\Talkback --------------------\\ Tâches planifiées dans E:\WINDOWS\tasks [26/08/2008 17:25][--a------] E:\WINDOWS\tasks\AppleSoftwareUpdate.job [03/09/2008 03:20][--a------] E:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [03/09/2008 10:42][--ah-c---] E:\WINDOWS\tasks\SA.DAT [07/12/2004 03:51][-r-h-c---] E:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans E:\Program Files [15/07/2008|15:56] E:\Program Files\Adobe [25/05/2008|11:46] E:\Program Files\AMD [09/07/2008|23:35] E:\Program Files\Apple Software Update [31/07/2008|13:13] E:\Program Files\Atlence [23/05/2008|18:53] E:\Program Files\AVG [24/05/2008|01:18] E:\Program Files\Avira [25/05/2008|11:42] E:\Program Files\AvRack [29/05/2008|03:11] E:\Program Files\Belkin [24/05/2008|13:46] E:\Program Files\Boonty [25/05/2008|22:05] E:\Program Files\CCleaner [17/07/2008|19:54] E:\Program Files\Common Files [27/08/2008|18:03] E:\Program Files\COMODO [23/05/2008|14:48] E:\Program Files\ComPlus Applications [23/05/2008|15:11] E:\Program Files\CyberLink [23/05/2008|23:45] E:\Program Files\DivX [16/07/2008|21:17] E:\Program Files\Elaborate Bytes [03/09/2008|01:34] E:\Program Files\eMule [02/09/2008|00:17] E:\Program Files\Fichiers communs [31/07/2008|13:05] E:\Program Files\fond-ecran-wallpaper [23/05/2008|15:09] E:\Program Files\Free Download Manager [13/08/2008|21:35] E:\Program Files\GIMP-2.0 [24/05/2008|03:57] E:\Program Files\Hewlett-Packard [24/05/2008|04:01] E:\Program Files\HP [31/07/2008|19:34] E:\Program Files\IMG-TXT 5 [14/07/2008|22:04] E:\Program Files\IMMonitor [16/07/2008|13:06] E:\Program Files\InstallShield Installation Information [14/08/2008|01:50] E:\Program Files\Internet Explorer [24/07/2008|17:23] E:\Program Files\Java [30/05/2008|14:36] E:\Program Files\Lavasoft [25/08/2008|17:15] E:\Program Files\Malwarebytes' Anti-Malware [23/05/2008|15:12] E:\Program Files\Media Player Classic [26/08/2008|21:28] E:\Program Files\Messenger [31/08/2008|23:21] E:\Program Files\Messenger Plus! Live [23/05/2008|15:12] E:\Program Files\microsoft frontpage [23/05/2008|15:40] E:\Program Files\Microsoft Office [13/07/2008|16:54] E:\Program Files\Microsoft SQL Server Compact Edition [23/05/2008|15:40] E:\Program Files\Microsoft Visual Studio [23/05/2008|15:40] E:\Program Files\Microsoft Works [23/05/2008|15:40] E:\Program Files\Microsoft.NET [31/07/2008|13:04] E:\Program Files\Mon Logiciel Gratuit [26/08/2008|21:20] E:\Program Files\Movie Maker [03/09/2008|10:45] E:\Program Files\Mozilla Firefox [23/05/2008|15:34] E:\Program Files\MSBuild [26/08/2008|21:20] E:\Program Files\msn [23/05/2008|20:33] E:\Program Files\msn gaming zone [23/05/2008|15:04] E:\Program Files\MSXML 4.0 [23/05/2008|15:04] E:\Program Files\MSXML 6.0 [29/05/2008|13:59] E:\Program Files\Nero [26/08/2008|21:15] E:\Program Files\NetMeeting [31/08/2008|18:18] E:\Program Files\Notepad++ [01/07/2008|20:40] E:\Program Files\orange [28/05/2008|17:25] E:\Program Files\Orange HSS [26/08/2008|21:15] E:\Program Files\Outlook Express [28/06/2008|10:55] E:\Program Files\Panda Security [29/05/2008|16:29] E:\Program Files\PhotoFiltre [25/05/2008|11:42] E:\Program Files\Realtek AC97 [25/05/2008|11:42] E:\Program Files\Realtek Sound Manager [23/05/2008|15:28] E:\Program Files\Reference Assemblies [28/05/2008|17:19] E:\Program Files\SAGEM [31/08/2008|23:21] E:\Program Files\seconddoesboob [28/05/2008|17:18] E:\Program Files\Securitoo [23/05/2008|14:51] E:\Program Files\Services en ligne [22/08/2008|14:12] E:\Program Files\Spybot - Search & Destroy [16/07/2008|21:22] E:\Program Files\Square Soft, Inc [12/07/2008|13:32] E:\Program Files\SweetIM [15/07/2008|14:22] E:\Program Files\TomTom HOME [15/07/2008|14:23] E:\Program Files\TomTom HOME 2 [31/05/2008|01:25] E:\Program Files\ToniArts [16/07/2008|21:21] E:\Program Files\Uninstall Information [24/05/2008|00:24] E:\Program Files\VideoLAN [24/07/2008|03:02] E:\Program Files\Windows Live [25/05/2008|21:53] E:\Program Files\Windows Live Favorites [03/09/2008|00:54] E:\Program Files\Windows Live Safety Center [05/07/2008|14:10] E:\Program Files\Windows Live Toolbar [23/05/2008|14:56] E:\Program Files\Windows Media Connect 2 [26/08/2008|21:15] E:\Program Files\Windows Media Player [26/08/2008|21:15] E:\Program Files\Windows NT [23/05/2008|14:51] E:\Program Files\WindowsUpdate [14/07/2008|22:04] E:\Program Files\WinPcap [09/06/2008|00:26] E:\Program Files\WinRar [23/05/2008|15:12] E:\Program Files\xerox [23/05/2008|18:41] E:\Program Files\Xvid [25/05/2008|22:05] E:\Program Files\Yahoo! --------------------\\ Listing des dossiers dans E:\Program Files\Fichiers communs [15/06/2008|17:22] E:\Program Files\Fichiers communs\Adobe [29/05/2008|14:03] E:\Program Files\Fichiers communs\Ahead [31/07/2008|13:14] E:\Program Files\Fichiers communs\Atlence [24/05/2008|13:47] E:\Program Files\Fichiers communs\BOONTY Shared [23/05/2008|15:40] E:\Program Files\Fichiers communs\DESIGNER [28/05/2008|17:22] E:\Program Files\Fichiers communs\France Telecom [24/05/2008|03:56] E:\Program Files\Fichiers communs\Hewlett-Packard [24/05/2008|04:01] E:\Program Files\Fichiers communs\HP [25/05/2008|11:39] E:\Program Files\Fichiers communs\InstallShield [25/05/2008|12:44] E:\Program Files\Fichiers communs\Java [07/08/2008|17:27] E:\Program Files\Fichiers communs\Microsoft Shared [23/05/2008|14:50] E:\Program Files\Fichiers communs\MSSoap [23/05/2008|21:10] E:\Program Files\Fichiers communs\Nero [01/07/2008|20:40] E:\Program Files\Fichiers communs\Oberon Media [23/05/2008|16:40] E:\Program Files\Fichiers communs\ODBC [24/05/2008|01:50] E:\Program Files\Fichiers communs\Real [23/05/2008|14:50] E:\Program Files\Fichiers communs\Services [23/05/2008|16:40] E:\Program Files\Fichiers communs\SpeechEngines [26/08/2008|21:15] E:\Program Files\Fichiers communs\System [14/06/2008|13:23] E:\Program Files\Fichiers communs\Vbox [13/07/2008|16:54] E:\Program Files\Fichiers communs\WindowsLiveInstaller [30/05/2008|14:35] E:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 48 Processus ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-03 10:54:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 1 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. E:\DOCUME~1\florent\.housecall6.6\Quarantine\WinRAR.v3.xx.Crack.exe.bac_a03624 [F:881][D:37]-> E:\DOCUME~1\florent\LOCALS~1\Temp [F:53][D:0]-> E:\DOCUME~1\florent\Cookies [F:451][D:6]-> E:\DOCUME~1\florent\LOCALS~1\TEMPOR~1\content.IE5 1 - "E:\Lop SD\LopR_1.txt" - 01/09/2008|20:41 - Option : [1] 1 - 2008-09-02|19:10 - Option : [2] 3 - "E:\Lop SD\LopR_3.txt" - 2008-09-02|19:10 - Option : [2] 3 - 2008-09-02|19:19 - Option : [2] 5 - "E:\Lop SD\LopR_5.txt" - 2008-09-02|19:19 - Option : [2] 5 - 03/09/2008|10:56 - Option : [2] 7 - "E:\Lop SD\LopR_7.txt" - 03/09/2008|10:56 - Option : [2] --------------------\\ Fin du rapport a 10:56:23 -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
--------------------\\ Lop S&D 4.2.3-8 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 2600+ ) BIOS : Default System BIOS USER : florent ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.15 (Activated) Firewall : COMODO Firewall Pro 3.0 (Activated) "E:\Lop SD" ( MAJ : 31-08-2008|15:45 ) Option : [1] ( 01/09/2008|20:34 ) --------------------\\ Listing des dossiers dans APPLIC~1 [23/05/2008|20:19] E:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [23/05/2008|14:52] E:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [20/07/2008|08:57] E:\DOCUME~1\ADMINI~1\APPLIC~1\Mozilla [12/06/2008|17:38] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/05/2008|14:05] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [09/07/2008|23:35] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [24/05/2008|02:28] E:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [24/05/2008|01:18] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [24/05/2008|13:48] E:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY [27/08/2008|18:40] E:\DOCUME~1\ALLUSE~1\APPLIC~1\comodo [23/05/2008|22:03] E:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [23/05/2008|20:19] E:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [31/08/2008|23:22] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site [24/05/2008|04:02] E:\DOCUME~1\ALLUSE~1\APPLIC~1\HP [24/05/2008|04:02] E:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log [30/05/2008|14:37] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [02/06/2008|19:38] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes [03/06/2008|17:50] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [06/08/2008|13:04] E:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS [06/08/2008|13:04] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming [01/07/2008|20:41] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [31/08/2008|15:54] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [29/05/2008|13:59] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [25/05/2008|11:58] E:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA [25/05/2008|16:59] E:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [01/07/2008|20:44] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games [31/05/2008|02:29] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [12/07/2008|13:32] E:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM [01/07/2008|22:11] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [15/07/2008|14:14] E:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom [23/05/2008|14:55] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [25/05/2008|21:53] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [13/07/2008|16:51] E:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [27/05/2008|00:06] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [06/06/2008|01:20] E:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom [24/05/2008|03:00] E:\DOCUME~1\Cindy\APPLIC~1\Adobe [23/05/2008|20:19] E:\DOCUME~1\Cindy\APPLIC~1\desktop.ini [24/05/2008|13:13] E:\DOCUME~1\Cindy\APPLIC~1\Free Download Manager [24/05/2008|12:56] E:\DOCUME~1\Cindy\APPLIC~1\HP [24/05/2008|02:55] E:\DOCUME~1\Cindy\APPLIC~1\Identities [24/05/2008|03:00] E:\DOCUME~1\Cindy\APPLIC~1\Macromedia [24/05/2008|19:43] E:\DOCUME~1\Cindy\APPLIC~1\Microsoft [24/05/2008|02:58] E:\DOCUME~1\Cindy\APPLIC~1\Mozilla [24/05/2008|19:55] E:\DOCUME~1\Cindy\APPLIC~1\Sun [24/05/2008|02:59] E:\DOCUME~1\Cindy\APPLIC~1\Talkback [23/05/2008|20:19] E:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [23/05/2008|14:52] E:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [15/06/2008|17:22] E:\DOCUME~1\florent\APPLIC~1\Adobe [01/06/2008|22:50] E:\DOCUME~1\florent\APPLIC~1\Ahead [27/08/2008|17:56] E:\DOCUME~1\florent\APPLIC~1\Comodo [23/05/2008|23:39] E:\DOCUME~1\florent\APPLIC~1\CyberLink [23/05/2008|20:19] E:\DOCUME~1\florent\APPLIC~1\desktop.ini [23/05/2008|23:43] E:\DOCUME~1\florent\APPLIC~1\DivX [05/08/2008|19:24] E:\DOCUME~1\florent\APPLIC~1\eBookPro6 [01/09/2008|20:33] E:\DOCUME~1\florent\APPLIC~1\Free Download Manager [06/06/2008|23:18] E:\DOCUME~1\florent\APPLIC~1\HP [23/05/2008|23:18] E:\DOCUME~1\florent\APPLIC~1\Identities [03/08/2008|19:20] E:\DOCUME~1\florent\APPLIC~1\Image Zone Express [28/05/2008|17:19] E:\DOCUME~1\florent\APPLIC~1\InstallShield [23/05/2008|23:35] E:\DOCUME~1\florent\APPLIC~1\Macromedia [02/06/2008|19:38] E:\DOCUME~1\florent\APPLIC~1\Malwarebytes [23/05/2008|23:43] E:\DOCUME~1\florent\APPLIC~1\Media Player Classic [03/08/2008|19:16] E:\DOCUME~1\florent\APPLIC~1\Microsoft [27/06/2008|13:56] E:\DOCUME~1\florent\APPLIC~1\Mozilla [31/08/2008|18:33] E:\DOCUME~1\florent\APPLIC~1\Notepad++ [24/05/2008|01:50] E:\DOCUME~1\florent\APPLIC~1\Real [24/05/2008|11:50] E:\DOCUME~1\florent\APPLIC~1\Sun [23/05/2008|23:19] E:\DOCUME~1\florent\APPLIC~1\Talkback [15/07/2008|14:23] E:\DOCUME~1\florent\APPLIC~1\TomTom [24/05/2008|00:29] E:\DOCUME~1\florent\APPLIC~1\vlc [24/05/2008|10:24] E:\DOCUME~1\florent\APPLIC~1\WinRAR [29/06/2008|16:41] E:\DOCUME~1\Kevin\APPLIC~1\Adobe [28/08/2008|11:58] E:\DOCUME~1\Kevin\APPLIC~1\Comodo [23/05/2008|20:19] E:\DOCUME~1\Kevin\APPLIC~1\desktop.ini [12/06/2008|09:11] E:\DOCUME~1\Kevin\APPLIC~1\DivX [31/08/2008|10:31] E:\DOCUME~1\Kevin\APPLIC~1\Free Download Manager [24/05/2008|13:30] E:\DOCUME~1\Kevin\APPLIC~1\HP [24/05/2008|13:29] E:\DOCUME~1\Kevin\APPLIC~1\Identities [29/06/2008|16:41] E:\DOCUME~1\Kevin\APPLIC~1\Macromedia [12/06/2008|09:11] E:\DOCUME~1\Kevin\APPLIC~1\Media Player Classic [24/08/2008|15:16] E:\DOCUME~1\Kevin\APPLIC~1\Microsoft [28/06/2008|09:13] E:\DOCUME~1\Kevin\APPLIC~1\Mozilla [24/05/2008|13:44] E:\DOCUME~1\Kevin\APPLIC~1\Talkback [24/05/2008|15:09] E:\DOCUME~1\Kevin\APPLIC~1\vlc [14/06/2008|13:12] E:\DOCUME~1\Kevin\APPLIC~1\WinRAR [24/05/2008|04:03] E:\DOCUME~1\LOCALS~1\APPLIC~1\HP [28/05/2008|00:47] E:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [24/05/2008|02:28] E:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [23/05/2008|22:46] E:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe [23/05/2008|22:03] E:\DOCUME~1\UTILIS~1\APPLIC~1\CyberLink [23/05/2008|16:40] E:\DOCUME~1\UTILIS~1\APPLIC~1\desktop.ini [23/05/2008|20:54] E:\DOCUME~1\UTILIS~1\APPLIC~1\DivX [23/05/2008|23:17] E:\DOCUME~1\UTILIS~1\APPLIC~1\Free Download Manager [24/05/2008|13:09] E:\DOCUME~1\UTILIS~1\APPLIC~1\HP [23/05/2008|18:43] E:\DOCUME~1\UTILIS~1\APPLIC~1\Identities [23/05/2008|22:46] E:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia [23/05/2008|20:54] E:\DOCUME~1\UTILIS~1\APPLIC~1\Media Player Classic [24/05/2008|02:28] E:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft [23/05/2008|22:44] E:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla [23/05/2008|15:20] E:\DOCUME~1\UTILIS~1\APPLIC~1\Nero [23/05/2008|22:50] E:\DOCUME~1\UTILIS~1\APPLIC~1\Sun [23/05/2008|22:44] E:\DOCUME~1\UTILIS~1\APPLIC~1\Talkback --------------------\\ Tâches planifiées dans E:\WINDOWS\tasks [26/08/2008 17:25][--a------] E:\WINDOWS\tasks\AppleSoftwareUpdate.job [01/09/2008 20:20][--a------] E:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [01/09/2008 18:14][--ah-c---] E:\WINDOWS\tasks\SA.DAT [07/12/2004 03:51][-r-h-c---] E:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans E:\Program Files [15/07/2008|15:56] E:\Program Files\Adobe [25/05/2008|11:46] E:\Program Files\AMD [09/07/2008|23:35] E:\Program Files\Apple Software Update [31/07/2008|13:13] E:\Program Files\Atlence [23/05/2008|18:53] E:\Program Files\AVG [24/05/2008|01:18] E:\Program Files\Avira [25/05/2008|11:42] E:\Program Files\AvRack [29/05/2008|03:11] E:\Program Files\Belkin [24/05/2008|13:46] E:\Program Files\Boonty [25/05/2008|22:05] E:\Program Files\CCleaner [31/08/2008|23:21] E:\Program Files\Circle Developement [17/07/2008|19:54] E:\Program Files\Common Files [27/08/2008|18:03] E:\Program Files\COMODO [23/05/2008|14:48] E:\Program Files\ComPlus Applications [23/05/2008|15:11] E:\Program Files\CyberLink [23/05/2008|23:45] E:\Program Files\DivX [16/07/2008|21:17] E:\Program Files\Elaborate Bytes [01/09/2008|13:48] E:\Program Files\eMule [31/07/2008|13:14] E:\Program Files\Fichiers communs [31/07/2008|13:05] E:\Program Files\fond-ecran-wallpaper [23/05/2008|15:09] E:\Program Files\Free Download Manager [13/08/2008|21:35] E:\Program Files\GIMP-2.0 [24/05/2008|03:57] E:\Program Files\Hewlett-Packard [24/05/2008|04:01] E:\Program Files\HP [31/07/2008|19:34] E:\Program Files\IMG-TXT 5 [14/07/2008|22:04] E:\Program Files\IMMonitor [16/07/2008|13:06] E:\Program Files\InstallShield Installation Information [14/08/2008|01:50] E:\Program Files\Internet Explorer [24/07/2008|17:23] E:\Program Files\Java [30/05/2008|14:36] E:\Program Files\Lavasoft [25/08/2008|17:15] E:\Program Files\Malwarebytes' Anti-Malware [23/05/2008|15:12] E:\Program Files\Media Player Classic [26/08/2008|21:28] E:\Program Files\Messenger [31/08/2008|23:21] E:\Program Files\Messenger Plus! Live [23/05/2008|15:12] E:\Program Files\microsoft frontpage [23/05/2008|15:40] E:\Program Files\Microsoft Office [13/07/2008|16:54] E:\Program Files\Microsoft SQL Server Compact Edition [23/05/2008|15:40] E:\Program Files\Microsoft Visual Studio [23/05/2008|15:40] E:\Program Files\Microsoft Works [23/05/2008|15:40] E:\Program Files\Microsoft.NET [31/07/2008|13:04] E:\Program Files\Mon Logiciel Gratuit [26/08/2008|21:20] E:\Program Files\Movie Maker [01/09/2008|20:21] E:\Program Files\Mozilla Firefox [23/05/2008|15:34] E:\Program Files\MSBuild [26/08/2008|21:20] E:\Program Files\msn [23/05/2008|20:33] E:\Program Files\msn gaming zone [23/05/2008|15:04] E:\Program Files\MSXML 4.0 [23/05/2008|15:04] E:\Program Files\MSXML 6.0 [29/05/2008|13:59] E:\Program Files\Nero [26/08/2008|21:15] E:\Program Files\NetMeeting [31/08/2008|18:18] E:\Program Files\Notepad++ [01/07/2008|20:40] E:\Program Files\orange [28/05/2008|17:25] E:\Program Files\Orange HSS [26/08/2008|21:15] E:\Program Files\Outlook Express [28/06/2008|10:55] E:\Program Files\Panda Security [29/05/2008|16:29] E:\Program Files\PhotoFiltre [25/05/2008|11:42] E:\Program Files\Realtek AC97 [25/05/2008|11:42] E:\Program Files\Realtek Sound Manager [23/05/2008|15:28] E:\Program Files\Reference Assemblies [28/05/2008|17:19] E:\Program Files\SAGEM [31/08/2008|23:21] E:\Program Files\seconddoesboob [28/05/2008|17:18] E:\Program Files\Securitoo [23/05/2008|14:51] E:\Program Files\Services en ligne [22/08/2008|14:12] E:\Program Files\Spybot - Search & Destroy [16/07/2008|21:22] E:\Program Files\Square Soft, Inc [12/07/2008|13:32] E:\Program Files\SweetIM [15/07/2008|14:22] E:\Program Files\TomTom HOME [15/07/2008|14:23] E:\Program Files\TomTom HOME 2 [31/05/2008|01:25] E:\Program Files\ToniArts [16/07/2008|21:21] E:\Program Files\Uninstall Information [24/05/2008|00:24] E:\Program Files\VideoLAN [24/07/2008|03:02] E:\Program Files\Windows Live [25/05/2008|21:53] E:\Program Files\Windows Live Favorites [01/09/2008|00:40] E:\Program Files\Windows Live Safety Center [05/07/2008|14:10] E:\Program Files\Windows Live Toolbar [23/05/2008|14:56] E:\Program Files\Windows Media Connect 2 [26/08/2008|21:15] E:\Program Files\Windows Media Player [26/08/2008|21:15] E:\Program Files\Windows NT [23/05/2008|14:51] E:\Program Files\WindowsUpdate [14/07/2008|22:04] E:\Program Files\WinPcap [09/06/2008|00:26] E:\Program Files\WinRar [23/05/2008|15:12] E:\Program Files\xerox [23/05/2008|18:41] E:\Program Files\Xvid [25/05/2008|22:05] E:\Program Files\Yahoo! --------------------\\ Listing des dossiers dans E:\Program Files\Fichiers communs [15/06/2008|17:22] E:\Program Files\Fichiers communs\Adobe [29/05/2008|14:03] E:\Program Files\Fichiers communs\Ahead [31/07/2008|13:14] E:\Program Files\Fichiers communs\Atlence [24/05/2008|13:47] E:\Program Files\Fichiers communs\BOONTY Shared [23/05/2008|15:40] E:\Program Files\Fichiers communs\DESIGNER [28/05/2008|17:22] E:\Program Files\Fichiers communs\France Telecom [24/05/2008|03:56] E:\Program Files\Fichiers communs\Hewlett-Packard [24/05/2008|04:01] E:\Program Files\Fichiers communs\HP [25/05/2008|11:39] E:\Program Files\Fichiers communs\InstallShield [25/05/2008|12:44] E:\Program Files\Fichiers communs\Java [07/08/2008|17:27] E:\Program Files\Fichiers communs\Microsoft Shared [23/05/2008|14:50] E:\Program Files\Fichiers communs\MSSoap [23/05/2008|21:10] E:\Program Files\Fichiers communs\Nero [01/07/2008|20:40] E:\Program Files\Fichiers communs\Oberon Media [23/05/2008|16:40] E:\Program Files\Fichiers communs\ODBC [24/05/2008|01:50] E:\Program Files\Fichiers communs\Real [23/05/2008|14:50] E:\Program Files\Fichiers communs\Services [23/05/2008|16:40] E:\Program Files\Fichiers communs\SpeechEngines [26/08/2008|21:15] E:\Program Files\Fichiers communs\System [14/06/2008|13:23] E:\Program Files\Fichiers communs\Vbox [13/07/2008|16:54] E:\Program Files\Fichiers communs\WindowsLiveInstaller [30/05/2008|14:35] E:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 51 Processus ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop E:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site E:\DOCUME~1\ALLUSE~1\APPLIC~1\Grid Blue Memo Site\MESS DEFAULT.exe E:\DOCUME~1\florent\LOCALS~1\Temp\nsd330.tmp E:\WINDOWS\system32\drivers\etc\hosts.obr E:\Program Files\Circle Developement E:\Program Files\Circle Developement\Uninstall.exe E:\DOCUME~1\florent\Cookies\florent@adopt.euroclick[2].txt --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "memo site kind that"="E:\\Documents and Settings\\All Users\\Application Data\\Grid Blue Memo Site\\MESS DEFAULT.exe" --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 20:38:27 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 1 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. E:\DOCUME~1\florent\.housecall6.6\Quarantine\WinRAR.v3.xx.Crack.exe.bac_a03624 [F:883][D:38]-> E:\DOCUME~1\florent\LOCALS~1\Temp [F:54][D:0]-> E:\DOCUME~1\florent\Cookies [F:451][D:6]-> E:\DOCUME~1\florent\LOCALS~1\TEMPOR~1\content.IE5 1 - "E:\Lop SD\LopR_1.txt" - 01/09/2008|20:41 - Option : [1] --------------------\\ Fin du rapport a 20:41:23 voila mon rapport merci! -
dossier disparu probléme d'ouverture de session
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
mon pc est lent aussi -
dossier disparu probléme d'ouverture de session
flowstylz a posté un sujet dans Analyses et éradication malwares
mon dossier documents de florent et disparu et j'ai eu un probléme d'ouverture de session j'ai redémarré et j'ai pu ouvrir ma session probléme de pubs intempestives aussi! spybot malware bytes rien y fait! je suis en train de faire une analyse avec antivir voir si il me trouve quelque chose! merci de m'aider svp voici mon hijackthis! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:21, on 01/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe E:\WINDOWS\system32\spoolsv.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe E:\Program Files\COMODO\Firewall\cmdagent.exe E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\Explorer.EXE E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe E:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe E:\Program Files\Orange HSS\Systray\SystrayApp.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe E:\Program Files\COMODO\Firewall\cfp.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\Free Download Manager\fdm.exe E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe E:\Program Files\Windows Live\Messenger\msnmsgr.exe E:\WINDOWS\System32\svchost.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe E:\Program Files\TomTom HOME 2\HOMERunner.exe E:\Program Files\Messenger\msmsgs.exe E:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe E:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Windows Live\Messenger\usnsvc.exe E:\Program Files\Internet Explorer\IEXPLORE.EXE E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe E:\Program Files\Windows Live Toolbar\msn_sl.exe E:\WINDOWS\system32\wuauclt.exe E:\Documents and Settings\florent\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comodo.com/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - E:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - E:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - E:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [systrayORAHSS] "E:\Program Files\Orange HSS\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] E:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "E:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [memo site kind that] E:\Documents and Settings\All Users\Application Data\Grid Blue Memo Site\MESS DEFAULT.exe O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "E:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] E:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Windows Live Search - res://E:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://E:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download web site with Free Download Manager - file://E:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Download with Free Download Manager - file://E:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O17 - HKLM\System\CS1\Services\Tcpip\..\{428C57B4-15BD-4570-B36A-E56FF8477C09}: NameServer = 80.10.246.2,80.10.246.129 O20 - AppInit_DLLs: E:\WINDOWS\system32\guard32.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - E:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Boonty Games - Unknown owner - E:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - E:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - E:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - E:\Program Files\WinPcap\rpcapd.exe -- End of file - 11557 bytes -
infecter par zlobdownloader.rid
flowstylz a répondu à un(e) sujet de flowstylz dans Analyses et éradication malwares
merci pour toutes ces infos c'est cool de ta part jte remercie pour toute ton aide! bon maintenat je peux mettre résolu à mon sujet alors Résolu!!!!!!!! -
j'aimerais apprendre ces 3 langages!
flowstylz a répondu à un(e) sujet de flowstylz dans Programmation
merci pour tous ces conseils c'est sympa à toi! a+