Aller au contenu

Nizar89

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    15

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Francais Anglais et un peu d'espagnol

Nizar89's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Nizar89
    Non, plus aucun ^^. Merci pour tout le temps passé à m'aider.
  2. Nizar89
    Es ce terminé?
  3. Nizar89
    Bonsoir, Voila le rapport: -->- Recherche: C:\Combofix: trouvé ! C:\Qoobox: trouvé ! C:\_OtMoveIt: trouvé ! C:\Users\Azaiez\Desktop\OtMoveIt2.exe: trouvé ! --------------------------------- -->- Suppression: C:\Users\Azaiez\Desktop\OtMoveIt2.exe: supprimé ! C:\Combofix: supprimé ! C:\Qoobox: supprimé ! C:\_OtMoveIt: supprimé !
  4. Nizar89
    Non, plus aucun, ils on en fait disparut depuis bien longtemps. Es-ce terminé?
  5. Nizar89
    Merci ^^. Vous aviez raison, j'ai oublié une ligne. Cela a corectement fonctionner. Merci
  6. Nizar89
    Bonjour, Désolé pour le retard important, mes examens (et les fête de fin d'exam) viennent juste de finir. Voici le premier rapport OTMoveIt: File/Folder C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll not found. File/Folder C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll not found. File/Folder C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll not found. File/Folder C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll not found. C:\Windows\System32\tmp.reg moved successfully. C:\Windows\System32\perfc009.dat moved successfully. C:\Windows\System32\perfc00C.dat moved successfully. C:\Windows\System32\perfh009.dat moved successfully. C:\Windows\System32\perfh00C.dat moved successfully. File/Folder G:\PMB_P.exe not found. OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06242008_121947 Un problème m'enpêche de fusionner les fichiers, vista affiche un message d'erreur: "Le fichier specifié n'est pas un scrip du registre". Merci
  7. Nizar89
    Bonjour, Excusez mon retard, je suis en pleine période d'examens. Impossible de générer un rapport combofix, j'ai toujours le même problème (mon ordinateur redemarre alors que combofix fonctionne toujours). Voici le rapport Hijackthis, créer apres avoir supprimé ce que vous demandiez: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:25, on 2008-06-05 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\System32\mobsync.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Users\Azaiez\AppData\Local\Temp\Rar$EX00.560\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/onglet-intepestifs...15&start=15 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O13 - Gopher Prefix: O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: GOGA - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: JATLCW - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6635 bytes Et le scan, fais à partir de Nod32: # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3159 (20080605) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=003249b6f1f0404eb8a7e7fc1d3a922a # end=finished # remove_checked=false # unwanted_checked=false # utc_time=2008-06-05 09:22:43 # local_time=2008-06-05 11:22:43 (+0100, Paris, Madrid (heure d'été)) # country="France" # osver=6.0.6001 NT Service Pack 1 # scanned=382104 # found=1 # scan_time=4452 C:\Users\Azaiez\readme.bat probably a variant of Win32/Agent trojan E46306598C5F687B8AFE6A7F5D153792 Dois-je supprimer le fichier "C:\Users\Azaiez\readme.bat"? Merci
  8. Nizar89
    Bonjour, Pas de problème ^^. Voici le rapport Combofix: ComboFix 08-05-29.1 - Azaiez 2008-06-01 10:25:34.4 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1120 [GMT 2:00] Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-01 to 2008-06-01 )))))))))))))))))))))))))))))))))))) . 2008-05-28 09:17 . 2008-03-08 04:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-28 09:17 . 2008-03-08 06:21 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-21 14:52 . 2008-05-21 14:52 <REP> d-------- C:\Programme 2008-05-17 22:01 . 2008-05-28 15:54 96,966 --a------ C:\Windows\System32\drivers\klin.dat 2008-05-17 22:01 . 2008-05-29 20:22 88,774 --a------ C:\Windows\System32\drivers\klick.dat 2008-05-17 22:00 . 2008-06-01 09:36 <REP> d-------- C:\Users\All Users\Kaspersky Lab 2008-05-17 22:00 . 2008-06-01 09:36 <REP> d-------- C:\ProgramData\Kaspersky Lab 2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab 2008-05-17 22:00 . 2008-06-01 10:29 199,463,968 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-05-17 22:00 . 2008-06-01 09:21 2,632,040 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI 2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2) 2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1) 2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0) 2008-05-12 12:18 . 2008-05-24 09:39 <REP> d-------- C:\Karcher 2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg 2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix 2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe 2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll 2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll 2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll 2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free 2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner 2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll 2008-05-09 13:43 . 2008-05-21 14:17 <REP> d-------- C:\Program Files\SEGA 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0 2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb 2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker 2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker 2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 07:19 --------- d-----w C:\ProgramData\Google Updater 2008-05-28 13:54 112,144 ----a-w C:\Windows\system32\drivers\kl1.sys 2008-05-24 07:43 --------- d-----w C:\Program Files\Google 2008-05-22 04:41 --------- d-----w C:\Program Files\SiteAdvisor 2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail 2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee 2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP 2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games 2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe 2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar 2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo! 2008-04-30 11:30 --------- d-----w C:\Program Files\DOOM 3 2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II 2008-04-23 08:23 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll 2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs 2008-04-12 16:25 --------- d-----w C:\Program Files\THQ 2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll 2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll 2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll 2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif 2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe 2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi 2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe 2008-03-14 15:06 52 ----a-w C:\amp.bat 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-12 12:45 48 ----a-w C:\Users\Azaiez\readme.bat 2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat 2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat 2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat 2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-24_ 9.46.58,65 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-24 05:46:38 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-06-01 07:36:11 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-05-24 05:46:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-06-01 07:36:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-05-24 05:46:38 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-06-01 07:36:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-05-24 05:47:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-06-01 07:37:22 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-06-01 07:37:22 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-05-24 07:46:05 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-06-01 08:29:35 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-06-01 08:29:35 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-05-24 05:52:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-06-01 07:19:04 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-24 05:52:27 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-06-01 07:19:04 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-24 05:52:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-06-01 07:19:04 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-24 07:43:11 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-01 08:25:26 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-06-01 08:25:26 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-05-24 05:51:18 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-06-01 07:41:33 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-05-24 05:51:18 123,350 ----a-w C:\Windows\System32\perfc00C.dat + 2008-06-01 07:41:33 123,350 ----a-w C:\Windows\System32\perfc00C.dat - 2008-05-24 05:51:18 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-06-01 07:41:33 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-05-24 05:51:18 669,340 ----a-w C:\Windows\System32\perfh00C.dat + 2008-06-01 07:41:33 669,340 ----a-w C:\Windows\System32\perfh00C.dat - 2008-05-18 01:01:07 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat + 2008-05-29 14:19:23 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat - 2008-05-24 05:48:46 15,304 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin + 2008-06-01 07:38:19 15,582 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin - 2008-05-24 05:48:46 68,768 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-06-01 07:38:18 68,990 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-05-24 05:48:43 65,784 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-06-01 07:38:16 66,068 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-05-24 03:38:39 76,624 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2008-05-24 20:03:31 103,350 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2008-05-28 07:16:24 1,431,026 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin + 2008-03-08 00:22:51 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16651_none_0a06ea31f54d7fe8\AcRes.dll + 2008-03-08 00:15:10 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.20788_none_0a77193f0e7d24e6\AcRes.dll + 2008-03-08 01:58:43 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18032_none_0c03c8f9f262f24e\AcRes.dll + 2008-03-08 01:56:45 2,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22132_none_0c8d65c50b809218\AcRes.dll + 2008-03-08 04:30:03 2,144,256 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16651_none_0a08eac5f54bb296\AcGenral.dll + 2008-03-08 04:15:43 2,144,768 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.20788_none_0a7919d30e7b5794\AcGenral.dll + 2008-03-08 04:19:20 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18032_none_0c05c98df26124fc\AcGenral.dll + 2008-03-08 04:09:28 2,153,984 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22132_none_0c8f66590b7ec4c6\AcGenral.dll + 2008-03-08 04:30:03 449,536 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16651_none_0a09eb0ff54acbed\AcSpecfc.dll + 2008-03-08 04:15:44 450,560 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.20788_none_0a7a1a1d0e7a70eb\AcSpecfc.dll + 2008-03-08 04:19:21 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18032_none_0c06c9d7f2603e53\AcSpecfc.dll + 2008-03-08 04:09:29 458,752 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22132_none_0c9066a30b7dde1d\AcSpecfc.dll + 2008-03-08 04:30:03 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcLayers.dll + 2008-03-08 04:30:03 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16651_none_0a0aeb59f549e544\AcXtrnal.dll + 2008-03-08 04:15:44 537,600 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcLayers.dll + 2008-03-08 04:15:44 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.20788_none_0a7b1a670e798a42\AcXtrnal.dll + 2008-03-08 04:19:20 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcLayers.dll + 2008-03-08 04:19:21 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18032_none_0c07ca21f25f57aa\AcXtrnal.dll + 2008-03-08 04:09:28 540,672 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcLayers.dll + 2008-03-08 04:09:30 173,056 ----a-w C:\Windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22132_none_0c9166ed0b7cf774\AcXtrnal.dll + 2008-03-08 04:30:04 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\gameux.dll + 2008-03-08 00:37:02 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\GameUXLegacyGDFs.dll + 2008-03-08 04:16:23 1,686,528 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\gameux.dll + 2008-03-08 00:29:38 4,247,552 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\GameUXLegacyGDFs.dll + 2008-03-08 04:21:55 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\gameux.dll + 2008-03-08 02:08:55 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\GameUXLegacyGDFs.dll + 2008-03-08 04:10:46 1,695,744 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\gameux.dll + 2008-03-08 02:09:25 4,240,384 ----a-w C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22132_none_426b7ca9da7127c6\GameUXLegacyGDFs.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}] C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 13:49 4670968] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 21:10 36904] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b] C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07] C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] --a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT] --a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700] C:\Windows\system32\vphc700.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] --a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery "{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype "TCP Query User{47244DB5-D835-41F6-B836-419EE53447F6}C:\\users\\azaiez\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xjbz7ci0\\zerg_reveal_final_french_xvid.avi-downloader[1].exe"= UDP:C:\users\azaiez\appdata\local\microsoft\windows\temporary internet files\content.ie5\xjbz7ci0\zerg_reveal_final_french_xvid.avi-downloader[1].exe:zerg_reveal_final_french_xvid.avi-downloader[1].exe "UDP Query User{41459383-2728-4BC6-B662-FBC92320B523}C:\\users\\azaiez\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\xjbz7ci0\\zerg_reveal_final_french_xvid.avi-downloader[1].exe"= TCP:C:\users\azaiez\appdata\local\microsoft\windows\temporary internet files\content.ie5\xjbz7ci0\zerg_reveal_final_french_xvid.avi-downloader[1].exe:zerg_reveal_final_french_xvid.avi-downloader[1].exe R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32] R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14] S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13] S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23] S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe [] S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe [] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}] \shell\AutoRun\command - G:\PMB_P.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}] \shell\AutoRun\command - F:\blank.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-06-01 08:30:01 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 10:29:55 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6261\saHook.dll . Temps d'accomplissement: 2008-06-01 10:32:32 ComboFix-quarantined-files.txt 2008-06-01 08:31:25 ComboFix2.txt 2008-05-24 07:48:43 ComboFix3.txt 2008-05-21 15:14:16 Pre-Run: 176,130,273,280 octets libres Post-Run: 176,094,330,880 octets libres 400 --- E O F --- 2008-05-30 13:54:50 Merci Et voici le rapport hijacthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:36:25, on 01/06/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\SiteAdvisor\6261\SiteAdv.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\System32\mobsync.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\Azaiez\AppData\Local\Temp\Rar$EX00.981\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/onglet-intepestifs...15&start=15 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Statistiques dAnti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: GOGA - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: JATLCW - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6695 bytes Merci
  9. Nizar89
    N'ayant pas recut de reponse, je me permet de upper ^^
  10. Nizar89
    Bonjour, Dans Hijacthis, d'autres ligne du type "O2 - BHO: (no name) - {EF222A11-9687-4127-BE91-96882A6CE14E} - (no file)" été apparut. Dans le doute, je ne les ait pas supprimé, mais ais-je bien fais? Vous me demandiez de postez deux rapports, mais quelle est le deuxième rapport? celui d'Hijacthis? Voice le rapport Combofix: ComboFix 08-05-21.3 - Azaiez 2008-05-24 9:43:15.3 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1010 [GMT 2:00] Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Google\googletoolbar1.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))))))) . 2008-05-21 17:07 . 2008-05-24 09:42 <REP> d-------- C:\327882R2FWJFW 2008-05-21 14:52 . 2008-05-21 14:52 <REP> d-------- C:\Programme 2008-05-17 22:01 . 2008-05-17 22:10 96,645 --a------ C:\Windows\System32\drivers\klin.dat 2008-05-17 22:01 . 2008-05-17 22:10 87,941 --a------ C:\Windows\System32\drivers\klick.dat 2008-05-17 22:00 . 2008-05-24 07:47 <REP> d-------- C:\Users\All Users\Kaspersky Lab 2008-05-17 22:00 . 2008-05-24 07:47 <REP> d-------- C:\ProgramData\Kaspersky Lab 2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab 2008-05-17 22:00 . 2008-05-24 09:45 119,580,192 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-05-17 22:00 . 2008-05-24 05:39 1,572,632 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI 2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2) 2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1) 2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0) 2008-05-12 12:18 . 2008-05-24 09:39 <REP> d-------- C:\Karcher 2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg 2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix 2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe 2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll 2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll 2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll 2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free 2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner 2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll 2008-05-09 13:43 . 2008-05-21 14:17 <REP> d-------- C:\Program Files\SEGA 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0 2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb 2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker 2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker 2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd 2008-04-27 11:11 . 2008-04-27 11:11 <REP> d-------- C:\PerfLogs 2008-04-27 09:39 . 2008-04-28 16:01 <REP> d-------- C:\e8016fc4bc0b50c5d5 2008-04-24 12:43 . 2008-04-24 12:43 331 --a------ C:\Windows\doom3.ini 2008-04-24 12:32 . 2008-04-30 13:30 <REP> d-------- C:\Program Files\DOOM 3 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-24 07:43 --------- d-----w C:\Program Files\Google 2008-05-23 12:52 --------- d-----w C:\ProgramData\Google Updater 2008-05-22 04:41 --------- d-----w C:\Program Files\SiteAdvisor 2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail 2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee 2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP 2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games 2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe 2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar 2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo! 2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II 2008-04-23 08:23 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll 2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs 2008-04-12 16:25 --------- d-----w C:\Program Files\THQ 2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll 2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll 2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll 2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif 2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe 2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi 2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe 2008-03-14 15:06 52 ----a-w C:\amp.bat 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-12 12:45 48 ----a-w C:\Users\Azaiez\readme.bat 2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat 2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat 2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat 2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}] C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 13:49 4670968] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 21:10 36904] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b] C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07] C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] --a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT] --a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700] C:\Windows\system32\vphc700.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] --a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery "{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32] R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14] S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13] S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23] S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe [] S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe [] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}] \shell\AutoRun\command - G:\PMB_P.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}] \shell\AutoRun\command - F:\blank.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-05-24 07:45:00 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-24 09:46:09 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-05-24 9:48:43 ComboFix-quarantined-files.txt 2008-05-24 07:47:39 ComboFix2.txt 2008-05-21 15:14:16 Pre-Run: 178,900,504,576 octets libres Post-Run: 178,861,457,408 octets libres 329 --- E O F --- 2008-05-23 12:44:47 Merci.
  11. Nizar89
    Après avoir relu votre message, j'ai remarqué que je commetais une erreur: au lieu de lancer le programmer PUIS transferer le fichier txt, je le trnsferais dirrectement. Voici donc le rapport Combofix (bien que je ne sois pas sur a 100% que le tranfert est marché): ComboFix 08-05-15.3 - Azaiez 2008-05-21 17:07:28.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1249 [GMT 2:00] Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))))))) . 2008-05-21 17:07 . 2008-05-12 22:31 <REP> d-------- C:\327882R2FWJFW 2008-05-21 14:52 . 2008-05-21 14:52 <REP> d-------- C:\Programme 2008-05-17 22:01 . 2008-05-17 22:10 96,645 --a------ C:\Windows\System32\drivers\klin.dat 2008-05-17 22:01 . 2008-05-17 22:10 87,941 --a------ C:\Windows\System32\drivers\klick.dat 2008-05-17 22:00 . 2008-05-21 16:53 <REP> d-------- C:\Users\All Users\Kaspersky Lab 2008-05-17 22:00 . 2008-05-21 16:53 <REP> d-------- C:\ProgramData\Kaspersky Lab 2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab 2008-05-17 22:00 . 2008-05-21 17:11 95,884,576 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-05-17 22:00 . 2008-05-21 15:25 1,267,232 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI 2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2) 2008-05-17 08:06 . 2008-05-17 19:14 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-17 08:06 . 2008-05-17 20:04 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-17 08:06 . 2008-05-17 19:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-17 08:06 . 2008-05-17 19:56 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-17 08:06 . 2008-05-17 20:04 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TM.blf 2008-05-17 08:06 . 2008-05-17 19:56 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TM.blf 2008-05-17 01:46 . 2008-05-17 01:51 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-17 01:46 . 2008-05-17 07:57 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-17 01:46 . 2008-05-17 07:57 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TM.blf 2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1) 2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0) 2008-05-12 12:18 . 2008-05-21 16:58 <REP> d-------- C:\Karcher 2008-05-12 11:51 . 2008-05-12 12:14 <REP> d-------- C:\Program Files\Navilog1 2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg 2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix 2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe 2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll 2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll 2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll 2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free 2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner 2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll 2008-05-09 13:43 . 2008-05-21 14:17 <REP> d-------- C:\Program Files\SEGA 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-03 17:48 . 2008-05-21 15:25 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-03 17:48 . 2008-05-21 15:24 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-03 17:48 . 2008-05-21 15:25 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TM.blf 2008-05-03 17:48 . 2008-05-21 15:24 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TM.blf 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0 2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb 2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker 2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker 2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd 2008-04-28 15:06 . 2008-04-28 22:18 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-04-28 15:06 . 2008-05-03 16:58 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-04-28 15:06 . 2008-05-03 16:58 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TM.blf 2008-04-27 11:11 . 2008-04-27 11:11 <REP> d-------- C:\PerfLogs 2008-04-27 09:39 . 2008-04-28 16:01 <REP> d-------- C:\e8016fc4bc0b50c5d5 2008-04-24 12:43 . 2008-04-24 12:43 331 --a------ C:\Windows\doom3.ini 2008-04-24 12:32 . 2008-04-30 13:30 <REP> d-------- C:\Program Files\DOOM 3 2008-04-22 12:35 . 2008-02-12 14:45 48 --a------ C:\Users\Azaiez\readme.bat 2008-04-22 10:07 . 2008-04-23 10:23 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-21 06:03 --------- d-----w C:\ProgramData\Google Updater 2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail 2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee 2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP 2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games 2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe 2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-11 13:10 --------- d-----w C:\Program Files\Google 2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar 2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo! 2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II 2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs 2008-04-12 16:25 --------- d-----w C:\Program Files\THQ 2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll 2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll 2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll 2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif 2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe 2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi 2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-03-23 16:15 --------- d-----w C:\Program Files\Illustrate 2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe 2008-03-22 12:50 --------- d-----w C:\ProgramData\Lavasoft 2008-03-14 15:06 52 ----a-w C:\amp.bat 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat 2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat 2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat 2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((( snapshot@2008-05-18_18.12.12.81 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-18 16:04:16 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-21 14:53:21 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-05-21 14:53:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-05-21 14:53:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-05-18 16:04:59 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-05-21 14:55:15 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat + 2008-05-21 14:55:15 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-05-18 16:04:58 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat + 2008-05-21 14:56:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat - 2008-05-18 13:04:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-05-21 14:39:25 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-05-18 13:04:01 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-05-21 14:39:25 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-05-18 13:04:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-05-21 14:39:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-05-18 15:56:30 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-05-21 15:07:23 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-05-21 15:07:23 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-05-18 13:14:27 101,052 ----a-w C:\Windows\System32\perfc009.dat + 2008-05-21 14:58:38 101,052 ----a-w C:\Windows\System32\perfc009.dat - 2008-05-18 13:14:27 123,350 ----a-w C:\Windows\System32\perfc00C.dat + 2008-05-21 14:58:38 123,350 ----a-w C:\Windows\System32\perfc00C.dat - 2008-05-18 13:14:27 586,980 ----a-w C:\Windows\System32\perfh009.dat + 2008-05-21 14:58:38 586,980 ----a-w C:\Windows\System32\perfh009.dat - 2008-05-18 13:14:27 669,340 ----a-w C:\Windows\System32\perfh00C.dat + 2008-05-21 14:58:38 669,340 ----a-w C:\Windows\System32\perfh00C.dat - 2008-05-18 13:11:53 15,098 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin + 2008-05-21 14:55:24 15,304 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2019332051-1211254293-2383463360-1001_UserData.bin - 2008-05-18 13:11:52 68,454 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-05-21 14:55:24 68,662 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-05-18 08:07:59 65,112 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-05-21 14:35:40 65,312 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E48D8FF-79FD-430B-B33F-B1F3955CF9EE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57E3A0-1D17-451A-B7AF-3FDA09F332F7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4DC08A-5C1E-4CBE-8184-BF64DC4157A0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3448FA63-F04C-410B-8EC6-F48D50914D6B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37BF8AAA-1672-4F3F-96DB-DA78F794C0F6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}] C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2ACD2-9CA0-4102-B33A-79F5792A081A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5634198B-233F-480A-9FD2-F91EEA177054}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65C462BD-5AFF-4C7E-AAFC-650870C31F02}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A45DFF1-8E12-4AFE-B2E4-45420E21A9EC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E2B2EB3-01CA-47CD-BD13-6893635D67C4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{735AADA2-84F3-4948-9CBC-B107015DA08B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CC623B7-37E2-4D28-BF77-3FBDDDC45DB7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F0B207C-4359-49D7-8325-5F1CA915F90C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCB72CC-5DC9-47A2-B0A2-C90EFB78D577}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A59E3C-2A70-4314-9156-4CA2C70E1868}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6125F9D-98D6-4BB7-8238-01DAD9279F82}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0022941-9470-46FF-87E2-D4C331042A58}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62CC015-D348-4AEC-A838-47582647FE43}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9F2F557-5237-4BD6-BF4C-E53364E916F2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E240FF4E-3005-44C2-9B34-B7C4EB7887D8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3387251-B171-48A6-8487-375CD7B25434}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF222A11-9687-4127-BE91-96882A6CE14E}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 13:49 4670968] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 21:10 36904] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b] C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07] C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] --a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT] --a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700] C:\Windows\system32\vphc700.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] --a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery "{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32] R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14] S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13] S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23] S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe [] S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe [] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}] \shell\AutoRun\command - G:\PMB_P.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}] \shell\AutoRun\command - F:\blank.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-05-21 15:09:59 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-21 17:11:26 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll -> ?:\Windows\system32\iertutil.dll . Temps d'accomplissement: 2008-05-21 17:14:15 ComboFix-quarantined-files.txt 2008-05-21 15:13:10 ComboFix2.txt 2008-05-18 16:13:26 ComboFix3.txt 2008-05-17 17:23:33 ComboFix4.txt 2008-05-14 16:34:43 ComboFix5.txt 2008-05-14 16:15:36 Pre-Run: 177,821,474,816 octets libres Post-Run: 177,785,389,056 octets libres 415 --- E O F --- 2008-05-21 08:01:50 Merci
  12. Nizar89
    Bonjour, Désolé pour ce message un peu en retard. J'ai toujours le même soucis avec Combofix: l'ordinateur redémarre au début de l'analyse. Cela pourrais t'il être dût à vista? Je ne sais pas si cela à de l'importance, mais mon antivirus détecte le virus "Heur" dans l'executable de Combofix. Et enfin, je voulais rajouter que tout les problèmes avaient disparut. Voici la rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:58, on 2008-05-21 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\SiteAdvisor\6253\SiteAdv.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Windows\System32\mobsync.exe C:\Karcher\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.zebulon.fr/onglet-intepestifs...15&start=15 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O2 - BHO: (no name) - {1E48D8FF-79FD-430B-B33F-B1F3955CF9EE} - (no file) O2 - BHO: (no name) - {1E57E3A0-1D17-451A-B7AF-3FDA09F332F7} - (no file) O2 - BHO: (no name) - {2C4DC08A-5C1E-4CBE-8184-BF64DC4157A0} - (no file) O2 - BHO: (no name) - {3448FA63-F04C-410B-8EC6-F48D50914D6B} - (no file) O2 - BHO: (no name) - {37BF8AAA-1672-4F3F-96DB-DA78F794C0F6} - (no file) O2 - BHO: (no name) - {50442F11-C5CD-4B10-8DE0-06F374A59B66} - C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll (file missing) O2 - BHO: (no name) - {54F2ACD2-9CA0-4102-B33A-79F5792A081A} - (no file) O2 - BHO: (no name) - {5634198B-233F-480A-9FD2-F91EEA177054} - (no file) O2 - BHO: (no name) - {65C462BD-5AFF-4C7E-AAFC-650870C31F02} - (no file) O2 - BHO: (no name) - {6A45DFF1-8E12-4AFE-B2E4-45420E21A9EC} - (no file) O2 - BHO: (no name) - {6E2B2EB3-01CA-47CD-BD13-6893635D67C4} - (no file) O2 - BHO: (no name) - {735AADA2-84F3-4948-9CBC-B107015DA08B} - (no file) O2 - BHO: (no name) - {7CC623B7-37E2-4D28-BF77-3FBDDDC45DB7} - (no file) O2 - BHO: (no name) - {7F0B207C-4359-49D7-8325-5F1CA915F90C} - (no file) O2 - BHO: (no name) - {8FCB72CC-5DC9-47A2-B0A2-C90EFB78D577} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O2 - BHO: (no name) - {C1A59E3C-2A70-4314-9156-4CA2C70E1868} - (no file) O2 - BHO: (no name) - {C6125F9D-98D6-4BB7-8238-01DAD9279F82} - (no file) O2 - BHO: (no name) - {D0022941-9470-46FF-87E2-D4C331042A58} - (no file) O2 - BHO: (no name) - {D62CC015-D348-4AEC-A838-47582647FE43} - (no file) O2 - BHO: (no name) - {D9F2F557-5237-4BD6-BF4C-E53364E916F2} - (no file) O2 - BHO: (no name) - {E240FF4E-3005-44C2-9B34-B7C4EB7887D8} - (no file) O2 - BHO: (no name) - {E3387251-B171-48A6-8487-375CD7B25434} - (no file) O2 - BHO: (no name) - {EF222A11-9687-4127-BE91-96882A6CE14E} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: GOGA - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: JATLCW - Unknown owner - C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 8341 bytes Merci.
  13. Nizar89
    Bonjour, Je n'ai trouvé acun des ces fichiers. Voici le rapport de combofix ComboFix 08-05-15.3 - Azaiez 2008-05-18 17:56:46.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1022 [GMT 2:00] Endroit: C:\Users\Azaiez\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\drivers\Phibtn.exe C:\Windows\system32\drivers\Tray900.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))))))) . 2008-05-17 22:01 . 2008-05-17 22:10 96,645 --a------ C:\Windows\System32\drivers\klin.dat 2008-05-17 22:01 . 2008-05-17 22:10 87,941 --a------ C:\Windows\System32\drivers\klick.dat 2008-05-17 22:00 . 2008-05-18 18:06 <REP> d-------- C:\Users\All Users\Kaspersky Lab 2008-05-17 22:00 . 2008-05-18 18:06 <REP> d-------- C:\ProgramData\Kaspersky Lab 2008-05-17 22:00 . 2008-05-17 22:00 <REP> d-------- C:\Program Files\Kaspersky Lab 2008-05-17 22:00 . 2008-05-18 18:05 68,472,352 --ahs---- C:\Windows\System32\drivers\fidbox.dat 2008-05-17 22:00 . 2008-05-18 18:03 918,392 --ahs---- C:\Windows\System32\drivers\fidbox.idx 2008-05-17 21:34 . 2008-05-17 21:34 <REP> d-------- C:\Windows\4DCA27399D164B55808CE72CD70A5BD3.TMP 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\Users\All Users\Kaspersky Lab Setup Files 2008-05-17 21:32 . 2008-05-17 21:32 <REP> d-------- C:\ProgramData\Kaspersky Lab Setup Files 2008-05-17 20:19 . 2008-05-17 20:19 208 --a------ C:\Windows\System32\MRT.INI 2008-05-17 19:41 . 2008-05-17 19:41 <REP> d-------- C:\ComboFix(2) 2008-05-17 08:06 . 2008-05-17 19:14 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-17 08:06 . 2008-05-17 20:04 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-17 08:06 . 2008-05-17 19:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-17 08:06 . 2008-05-17 19:56 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-17 08:06 . 2008-05-17 20:04 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{569c8dab-23d7-11dd-85c8-001a924085c8}.TM.blf 2008-05-17 08:06 . 2008-05-17 19:56 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{569c8db3-23d7-11dd-85c8-001a924085c8}.TM.blf 2008-05-17 01:46 . 2008-05-17 01:51 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-17 01:46 . 2008-05-17 07:57 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-17 01:46 . 2008-05-17 07:57 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{49b1772b-23a2-11dd-a365-001a924085c8}.TM.blf 2008-05-16 18:24 . 2008-05-16 18:25 <REP> d-------- C:\ComboFix(1) 2008-05-15 13:42 . 2008-05-15 13:42 <REP> d-------- C:\ComboFix(0) 2008-05-12 12:18 . 2008-05-12 12:19 <REP> d-------- C:\Karcher 2008-05-12 11:51 . 2008-05-12 12:14 <REP> d-------- C:\Program Files\Navilog1 2008-05-11 20:45 . 2008-05-12 11:20 5,204 --a------ C:\Windows\System32\tmp.reg 2008-05-11 20:45 . 2008-05-12 11:20 0 --a------ C:\Windows\System32\tmp.MSNFix 2008-05-11 20:44 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-05-11 20:44 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-05-11 20:44 . 2008-04-24 08:10 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-05-11 20:44 . 2008-04-28 08:03 82,944 --a------ C:\Windows\System32\404Fix.exe 2008-05-11 20:44 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-05-11 20:44 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-05-11 15:14 . 2008-05-11 15:14 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-11 13:14 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll 2008-05-11 13:13 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll 2008-05-11 13:12 . 2008-01-19 09:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll 2008-05-11 13:11 . 2008-01-19 09:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll 2008-05-11 13:10 . 2008-01-19 09:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-05-11 13:09 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL 2008-05-11 13:07 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll 2008-05-11 13:07 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll 2008-05-11 13:07 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll 2008-05-11 13:06 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll 2008-05-11 13:06 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll 2008-05-11 13:06 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll 2008-05-11 13:06 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll 2008-05-11 13:06 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe 2008-05-11 13:06 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll 2008-05-11 13:05 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll 2008-05-11 09:50 . 2008-05-11 12:16 <REP> d-------- C:\Program Files\a-squared Free 2008-05-10 23:20 . 2008-05-10 23:20 <REP> d-------- C:\Program Files\Common Files\Scanner 2008-05-10 23:20 . 2002-02-21 17:56 24,576 --a------ C:\Windows\System32\msxml3a.dll 2008-05-09 13:43 . 2008-05-09 13:43 <REP> d-------- C:\Program Files\SEGA 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-10 19:05 <REP> d-------- C:\ProgramData\Spybot - Search & Destroy 2008-05-04 20:08 . 2008-05-08 15:37 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-03 17:48 . 2008-05-18 18:03 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-03 17:48 . 2008-05-03 23:13 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-05-03 17:48 . 2008-05-18 18:02 524,288 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-05-03 17:48 . 2008-05-18 18:03 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{2f9f44ed-1928-11dd-b7fd-001a924085c8}.TM.blf 2008-05-03 17:48 . 2008-05-18 18:02 65,536 --ahs---- C:\Users\Azaiez\ntuser.dat{2f9f44f5-1928-11dd-b7fd-001a924085c8}.TM.blf 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\MOVAVI 2008-05-01 18:32 . 2008-05-01 18:33 <REP> d-------- C:\Program Files\ConvertMovie 5.0 2008-05-01 18:19 . 2008-05-01 18:19 <REP> d-------- C:\Program Files\Yamb 2008-05-01 18:03 . 2008-05-01 18:03 <REP> d-------- C:\videodvdmaker 2008-05-01 17:59 . 2008-05-01 17:59 <REP> d-------- C:\Program Files\Video DVD Maker 2008-05-01 17:23 . 2008-05-03 18:43 <REP> d-------- C:\0e8d4d347a10744117ffacd44f81dd 2008-04-28 15:06 . 2008-04-28 22:18 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000002.regtrans-ms 2008-04-28 15:06 . 2008-05-03 16:58 524,288 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TMContainer00000000000000000001.regtrans-ms 2008-04-28 15:06 . 2008-05-03 16:58 65,536 --ahs---- C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{c97de34e-1523-11dd-96bd-001a924085c8}.TM.blf 2008-04-27 11:11 . 2008-04-27 11:11 <REP> d-------- C:\PerfLogs 2008-04-27 09:39 . 2008-04-28 16:01 <REP> d-------- C:\e8016fc4bc0b50c5d5 2008-04-24 12:43 . 2008-04-24 12:43 331 --a------ C:\Windows\doom3.ini 2008-04-24 12:32 . 2008-04-30 13:30 <REP> d-------- C:\Program Files\DOOM 3 2008-04-22 12:35 . 2008-02-12 14:45 48 --a------ C:\Users\Azaiez\readme.bat 2008-04-22 10:07 . 2008-04-23 10:23 43,520 --a------ C:\Windows\System32\CmdLineExt03.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-18 01:00 --------- d-----w C:\Program Files\Windows Mail 2008-05-17 20:04 --------- d-----w C:\ProgramData\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\McAfee 2008-05-17 20:04 --------- d-----w C:\Program Files\Common Files\McAfee 2008-05-17 19:54 --------- d---a-w C:\ProgramData\TEMP 2008-05-17 18:16 --------- d-----w C:\ProgramData\Google Updater 2008-05-17 18:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-17 18:03 --------- d-----w C:\Program Files\Microsoft Games 2008-05-17 18:03 --------- d-----w C:\Program Files\Cossacks 2 - Battle for Europe 2008-05-15 20:25 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-11 13:10 --------- d-----w C:\Program Files\Google 2008-05-11 12:34 174 --sha-w C:\Program Files\desktop.ini 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Journal 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Defender 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-11 12:25 --------- d-----w C:\Program Files\Windows Calendar 2008-05-11 11:44 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-11 11:44 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-10 21:20 --------- d-----w C:\Program Files\Yahoo! 2008-04-23 09:06 --------- d-----w C:\Program Files\Diablo II 2008-04-21 10:54 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-04-21 10:54 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-04-21 10:54 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-04-12 16:33 --------- d-----w C:\ProgramData\Media Center Programs 2008-04-12 16:25 --------- d-----w C:\Program Files\THQ 2008-04-12 06:52 21,840 ----a-w C:\Windows\System32\SIntfNT.dll 2008-04-12 06:52 17,212 ----a-w C:\Windows\System32\SIntf32.dll 2008-04-12 06:52 12,067 ----a-w C:\Windows\System32\SIntf16.dll 2008-04-12 06:45 2,829 ----a-w C:\Windows\DIIUnin.pif 2008-04-12 06:45 102,400 ----a-w C:\Windows\DIIUnin.exe 2008-04-05 10:29 --------- d-----w C:\Program Files\Hamachi 2008-04-05 10:28 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-03-23 16:15 --------- d-----w C:\Program Files\Illustrate 2008-03-23 16:14 4,230,520 ----a-w C:\Windows\System32\SpoonUninstall.exe 2008-03-22 12:50 --------- d-----w C:\ProgramData\Lavasoft 2008-03-14 15:06 52 ----a-w C:\amp.bat 2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe 2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe 2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll 2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys 2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll 2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll 2007-12-01 15:57 32 ----a-w C:\Users\All Users\ezsid.dat 2007-12-01 15:57 32 ----a-w C:\ProgramData\ezsid.dat 2007-11-18 11:17 31 ----a-w C:\Users\Azaiez\RUNME.bat 2005-03-03 20:56 16,753 ----a-w C:\Users\Azaiez\Stalker_v2.0.zip 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-01-02 18:04 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-02 18:04 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E48D8FF-79FD-430B-B33F-B1F3955CF9EE}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E57E3A0-1D17-451A-B7AF-3FDA09F332F7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2C4DC08A-5C1E-4CBE-8184-BF64DC4157A0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3448FA63-F04C-410B-8EC6-F48D50914D6B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37BF8AAA-1672-4F3F-96DB-DA78F794C0F6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50442F11-C5CD-4B10-8DE0-06F374A59B66}] C:\Users\Azaiez\AppData\Local\Temp\kHaYsQHW.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54F2ACD2-9CA0-4102-B33A-79F5792A081A}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5634198B-233F-480A-9FD2-F91EEA177054}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65C462BD-5AFF-4C7E-AAFC-650870C31F02}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A45DFF1-8E12-4AFE-B2E4-45420E21A9EC}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E2B2EB3-01CA-47CD-BD13-6893635D67C4}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{735AADA2-84F3-4948-9CBC-B107015DA08B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CC623B7-37E2-4D28-BF77-3FBDDDC45DB7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F0B207C-4359-49D7-8325-5F1CA915F90C}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FCB72CC-5DC9-47A2-B0A2-C90EFB78D577}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1A59E3C-2A70-4314-9156-4CA2C70E1868}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6125F9D-98D6-4BB7-8238-01DAD9279F82}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0022941-9470-46FF-87E2-D4C331042A58}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D62CC015-D348-4AEC-A838-47582647FE43}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9F2F557-5237-4BD6-BF4C-E53364E916F2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E240FF4E-3005-44C2-9B34-B7C4EB7887D8}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3387251-B171-48A6-8487-375CD7B25434}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF222A11-9687-4127-BE91-96882A6CE14E}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [ ] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 21:10 36904] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="" [] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\Program Files\ffdshow\ffdshow.ax [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Outil de mise à jour Google.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Outil de mise à jour Google.lnk backup=C:\Windows\pss\Outil de mise à jour Google.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TrayMin700.exe.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TrayMin700.exe.lnk backup=C:\Windows\pss\TrayMin700.exe.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\444ce99b] C:\Users\Azaiez\AppData\Local\Temp\urpwyqgc.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM477fda07] C:\Users\Azaiez\AppData\Local\Temp\vvvxsnyg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 22:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] --a------ 2006-09-28 15:42 65536 c:\hp\support\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-04-19 18:11 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD] --a------ 2006-12-08 17:16 65536 C:\HP\KBD\KbdStub.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] --a------ 2006-01-17 14:12 135168 C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT] --a------ 2008-05-09 23:35 16863864 C:\Windows\system32\MRT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Users\Azaiez\AppData\Local\Temp\qoMfgGay.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phc700] C:\Windows\system32\vphc700.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-10 19:52 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] --a------ 2006-11-09 12:57 3784704 C:\Windows\RtHDVCpl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] --a------ 2006-12-27 17:53 73840 C:\Program Files\Macrogaming\SweetIM\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2007-04-03 11:12 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-13 20:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-04-01 18:35 3587120 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive] --a------ 2006-04-29 15:21 94208 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{DA8BDA47-26ED-4C80-838E-25ADEB4B0958}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C1C62C23-E5F3-43BB-83E1-2A3CBD7E3EC7}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{C8322D34-B73D-43A8-8F4D-76DD8C1A03D4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{93AF1CAD-8DEB-4F11-BE69-673E70E14631}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server "{43264955-0B3F-4EB9-AD54-92A8D46582C3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{A241423A-F794-4707-952E-7B3FD534A06A}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service "{5F0BEC45-5D2C-49A8-AF8B-A9B29B3C62F8}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery "{ED41B33F-BAC2-4820-8E98-61E60AECFF70}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery "{256BA5C8-B3C2-4983-B454-600F5AA8EF44}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F13EBF44-AC10-4297-A3A6-E98E7FF39142}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{949EB903-E835-407E-8458-7DFBAD448F4A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{AF4A4330-02B4-49C0-A57B-A0F8A4EB5F23}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{BDAD8392-DB41-4FE1-AF5C-52336A815283}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{13E444D6-7964-4755-95D5-0E16810C26EC}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{83196E5D-01B0-4BDD-B8B0-8AD4D0CAE330}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR "{A06AEA53-5BE3-4509-9D10-E9958DAA34FA}"= UDP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{C601AB94-43E4-47F4-BDE0-3DCD42A61A02}"= TCP:C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II "{7C0C3818-357F-4905-B387-A33165FE3CBD}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{B5833123-362D-4854-BB11-BE7023FE159E}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent "{2B3D521F-A6E0-4842-92BB-95198A03F4EA}"= UDP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{2A500327-BEB5-4E90-AACE-C2144583C98C}"= TCP:C:\Program Files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat "{5ACF4C4E-B744-4915-94A8-FE551EF4FB4E}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{22B3CACF-01A3-4266-8CC4-CAE6FA5EA637}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe:Supreme Commander "{2B6E05FA-C8EE-4D94-9842-F04D26407943}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{59C6B8EA-0F55-4E6A-8DC8-9DE740FA1AF2}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2 "{CD3BE5CD-DC83-4A27-932D-4928D9E7C3C6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{7A944F5E-2707-4492-9BD0-BD7CDC8019AD}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{8F864C4F-AF6E-4B55-9AA5-C069F6A37222}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{F0C1F55C-8761-4E20-B839-336234AD619E}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{42C127B6-D7A5-4C19-A38F-6751D6B786D7}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{CC8AD5EA-69A9-44D6-9BD5-0A6E4F34EF26}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqw.exe:Enemy Territory - QUAKE Wars Demo "{377A1038-5E4A-4209-ABD1-FF869D76D2FE}"= UDP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{F7BEBBE5-0181-433B-BC68-3C5D606FC42C}"= TCP:C:\Program Files\id Software\Enemy Territory - QUAKE Wars Demo\etqwded.exe:etqwded.exe "{94C474BD-D001-4CD6-A305-18E702F57D5F}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{1F70259E-0512-4805-9D15-3B2A5340B6B9}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo "{17F8443B-4CED-459B-848B-F6D43AB4EF2E}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{9282BF41-EC99-4676-8DF7-3A2C61A17DEC}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{546D4843-3B34-4324-AF2E-93EEA1E1D888}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{4F9F1B32-BA6A-4849-B7C1-12260F6808F5}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{49AFF427-17E1-4697-988A-D71B331B4BE7}"= UDP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{F8682EBE-6FCB-42C3-87BD-DB92E1853499}"= TCP:C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:Supreme Commander - Forged Alliance "{06C39CC5-E266-485B-B9AB-4A4A90F72CFC}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{1111940A-44B6-40C8-88C4-1FD18CECAD57}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{5D5A6AEC-006B-4637-9F24-4FD9F5A304C9}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{EB636B46-D5BD-4223-AD5E-E51B507B5FD3}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{39215C1D-0978-461A-A572-E62B5B058808}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{0AC844D3-C5A6-4933-B479-C3F0F4830148}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{6A2977D8-4B21-416A-9A9B-F70715D459B9}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype "{EB9DAB2F-8D8E-493C-AFF3-14530287BBAB}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-10-16 11:05] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 11:32] R2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2008-01-19 09:33] R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-10-20 23:47] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] R3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-04-23 14:44] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-06 11:14] S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 10:13] S3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-09-19 18:57] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\Windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23] S3 GOGA;GOGA;C:\Users\Azaiez\AppData\Local\Temp\GOGA.exe [] S3 JATLCW;JATLCW;C:\Users\Azaiez\AppData\Local\Temp\JATLCW.exe [] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-18 04:01] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9d93cbb4-52d5-11dc-935a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f19dff4-00b5-11dd-b98e-001a924085c8}] \shell\AutoRun\command - G:\PMB_P.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0550188-4d9f-11dc-b50a-001a924085c8}] \shell\AutoRun\command - RAVMON.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6f66148-0920-11dd-a4b4-001a924085c8}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7679cde-2085-11dc-9bf4-001a924085c8}] \shell\AutoRun\command - F:\blank.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-05-13 05:38:46 C:\Windows\Tasks\McDefragTask.job" - c:\program files\mcafee\mqc\QcConsol.exe' "2007-05-13 05:38:46 C:\Windows\Tasks\McQcTask.job" - c:\program files\mcafee\mqc\QcConsol.exe "2008-05-18 16:10:39 C:\Windows\Tasks\User_Feed_Synchronization-{48D2F123-9750-4DB6-815B-983FB705A8CB}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-18 18:06:11 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\SiteAdvisor\6253\saHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\McAfee\MPF\MpfSrv.exe C:\Windows\System32\PnkBstrA.exe C:\Program Files\SiteAdvisor\6253\SAService.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\conime.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehrecvr.exe C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe C:\PROGRA~1\McAfee\MSC\mcuimgr.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Temps d'accomplissement: 2008-05-18 18:13:25 - machine was rebooted [Azaiez] ComboFix-quarantined-files.txt 2008-05-18 16:13:05 ComboFix2.txt 2008-05-17 17:23:33 ComboFix3.txt 2008-05-14 16:34:43 ComboFix4.txt 2008-05-14 16:15:36 Pre-Run: 197,098,381,312 octets libres Post-Run: 197,468,983,296 octets libres 411 --- E O F --- 2008-05-18 01:00:48 Rapport généré hiers en fin d'apremidi Les problèmes semblent avoir disparut (sur mozilla et IE)
  14. Nizar89
    Bonjour, J'ai tenté de m'adapter à vos recomendation, et voici ce que j'ai fais: Vista propose une console de récuperation intergrer à windows. J'ai donc choisis le fichier de restauration le plus ancien créer par combofix, et j'ai effectué la récuperation. Le problème dût à l'infection qui était réaparut à de nouveau disparut (sur IE uniquement). Dois-je maintenant procéder à ce que vous demandiez à la page précédante?
  15. Nizar89
    Bonjour, Cela se déroule de cette facon: je fais glisser le fichier txt sur combofix, le logiciel se lance, a bout de quelque secondes, au moment de commencer l'inspection, un écran bleu apparait avec un message dessus (je n'ai donc plus acces a windows), l'ordinateur redemarre alors automatiquement (moins de 10 secondes après l'appartion du message).
×
×
  • Créer...