rital94

Membres

Afficher le profil Afficher son activité

Compteur de contenus
39
Inscription
le 14 juin 2008
Dernière visite
le 30 novembre 2013

Type de contenu

Toute l’activité

Profils

Forums

Blogs

Tout ce qui a été posté par rital94

bonsoir a vous toutes et tous SOS !! SOS !!

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

BONJOUR Pear et encore merci pour votre implication à mon problème, voici donc les rapports: Logfile of random's system information tool 1.06 (written by random/random) Run by christophe at 2009-03-23 10:46:16 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 146 GB (77%) free of 191 GB Total RAM: 1023 MB (47% free) ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-03-21 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "EoEngine"= [] "SoftwareHelper"=C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-25 251264] C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\Documents and Settings\christophe.B7F020E3BF5F476\Menu Démarrer\Programmes\Démarrage Xfire.lnk - C:\Program Files\Xfire\xfire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-04-25 206088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-03-23 10:46:16 ----D---- C:\rsit 2009-03-23 10:46:16 ----D---- C:\Program Files\trend micro 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\muweb.dll 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-03-23 08:31:49 ----D---- C:\WINDOWS\LastGood 2009-03-22 22:43:16 ----D---- C:\Program Files\CCleaner 2009-03-22 20:00:28 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes 2009-03-22 20:00:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-22 20:00:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs\logishrd 2009-03-22 17:46:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-03-22 16:50:34 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2009-03-22 16:39:18 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo 2009-03-22 16:00:19 ----RA---- C:\WINDOWS\system32\Audio3D.dll 2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmudax.dll 2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe 2009-03-22 13:50:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic 2009-03-22 13:49:27 ----D---- C:\Program Files\ffdshow 2009-03-22 01:42:00 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird 2009-03-22 01:33:35 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2009-03-22 01:17:34 ----D---- C:\WINDOWS\pss 2009-03-22 01:06:17 ----D---- C:\Program Files\GSpot221 2009-03-22 00:55:34 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software 2009-03-22 00:46:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM 2009-03-22 00:45:14 ----D---- C:\Program Files\IncrediMail 2009-03-22 00:45:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail 2009-03-22 00:38:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xfire 2009-03-21 23:42:54 ----D---- C:\Program Files\Marvell 2009-03-21 23:25:30 ----D---- C:\Program Files\Intel 2009-03-21 23:19:10 ----A---- C:\WINDOWS\system32\ntport.dll 2009-03-21 23:11:12 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll 2009-03-21 23:11:11 ----RA---- C:\WINDOWS\system32\udaprop.dll 2009-03-21 23:00:00 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-03-21 22:29:41 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-03-21 22:22:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Mozilla 2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Macromedia 2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Adobe 2009-03-21 21:47:31 ----D---- C:\Program Files\Kaspersky Lab 2009-03-21 21:47:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2009-03-21 21:42:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2 2009-03-21 21:41:02 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xentient 2009-03-21 21:40:43 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\HLSW 2009-03-21 21:31:21 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Identities 2009-03-21 21:30:19 ----ASH---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\desktop.ini 2009-03-21 21:30:17 ----SD---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Microsoft 2009-03-21 20:20:31 ----A---- C:\WINDOWS\system32\h323log.txt 2009-03-21 20:19:23 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-03-21 20:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-03-21 20:17:03 ----A---- C:\WINDOWS\system32\usbui.dll 2009-03-21 20:16:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-03-21 20:15:14 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-03-21 20:13:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-21 20:13:24 ----A---- C:\WINDOWS\ODBCINST.INI 2009-03-21 20:13:14 ----A---- C:\WINDOWS\system32\irclass.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-03-21 20:13:10 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-03-21 20:13:09 ----A---- C:\WINDOWS\system32\batt.dll 2009-03-21 20:13:08 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-03-21 20:13:07 ----A---- C:\WINDOWS\system32\storprop.dll 2009-03-21 20:12:50 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini 2009-03-21 20:10:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft 2009-03-21 19:46:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-21 19:36:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2009-03-21 19:35:32 ----D---- C:\Program Files\TaskSwitchXP 2009-03-21 19:34:05 ----A---- C:\WINDOWS\system32\jit.dll 2009-03-21 19:34:05 ----A---- C:\WINDOWS\setdebug.exe 2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\javaee.dll 2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\dx3j.dll 2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\wjview.exe 2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\vmhelper.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjdbc10.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjava.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msawt.dll 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jview.exe 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jdbgmgr.exe 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\javart.dll 2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javaprxy.dll 2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javacypt.dll 2009-03-21 19:33:54 ----A---- C:\WINDOWS\system32\clspack.exe 2009-03-21 19:29:09 ----A---- C:\WINDOWS\control.ini 2009-03-21 19:28:29 ----D---- C:\WINDOWS\system32\dllcache 2009-03-21 19:28:29 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-03-21 19:27:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-03-21 19:27:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-03-21 19:26:31 ----A---- C:\WINDOWS\system32\acctres.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wups.dll 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-03-21 19:26:08 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srclient.dll 2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetres.dll 2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstask.dll 2009-03-21 19:24:14 ----A---- C:\WINDOWS\vbaddin.ini 2009-03-21 19:24:14 ----A---- C:\WINDOWS\vb.ini 2009-03-21 19:23:20 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\getuname.dll 2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\charmap.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\winmine.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\sol.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\calc.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tskill.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tscon.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\reset.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\freecell.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\shadow.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\regini.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\msg.exe 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\logoff.exe 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-03-21 19:23:00 ----A---- C:\WINDOWS\system32\spider.exe 2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-03-21 19:22:57 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\stclient.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\colbact.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comuid.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-03-21 19:22:39 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-03-21 19:22:37 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-03-21 18:10:28 ----AD---- C:\WINDOWS\i386 2009-03-21 18:09:08 ----D---- C:\Program Files\Mozilla Thunderbird 2009-03-21 18:08:03 ----D---- C:\Program Files\Recuva 2009-03-21 18:08:02 ----D---- C:\Program Files\Paint.NET 2009-03-21 18:08:00 ----D---- C:\Program Files\Occtpt 2009-03-21 18:07:43 ----D---- C:\Program Files\Cpu-z 2009-03-15 19:47:17 ----D---- C:\Program Files\MSBuild 2009-03-15 19:44:54 ----D---- C:\Program Files\Microsoft Visual Studio 8 2009-03-11 20:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 20:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 20:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-09 20:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-03-09 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-26 19:46:50 ----A---- C:\WINDOWS\system32\xfcodec.dll ======List of files/folders modified in the last 1 months====== 2009-03-23 10:46:16 ----RD---- C:\Program Files 2009-03-23 08:33:04 ----D---- C:\Program Files\Mozilla Firefox 2009-03-23 08:32:21 ----D---- C:\WINDOWS\Temp 2009-03-23 08:31:50 ----D---- C:\WINDOWS\system32 2009-03-23 08:31:49 ----HD---- C:\WINDOWS\inf 2009-03-23 08:31:49 ----D---- C:\WINDOWS 2009-03-23 08:31:47 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-22 23:33:09 ----D---- C:\WINDOWS\system 2009-03-22 23:28:45 ----HD---- C:\Config.Msi 2009-03-22 23:26:15 ----D---- C:\WINDOWS\system32\drivers 2009-03-22 23:24:12 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-22 23:24:08 ----SHD---- C:\WINDOWS\Installer 2009-03-22 22:44:20 ----D---- C:\Program Files\Teamspeak2_RC2 2009-03-22 22:12:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-03-22 21:00:18 ----SH---- C:\boot.ini 2009-03-22 21:00:18 ----A---- C:\WINDOWS\win.ini 2009-03-22 21:00:18 ----A---- C:\WINDOWS\system.ini 2009-03-22 17:57:49 ----RSD---- C:\WINDOWS\assembly 2009-03-22 17:56:45 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs 2009-03-22 16:51:56 ----D---- C:\Program Files\Microsoft Silverlight 2009-03-22 16:50:31 ----D---- C:\WINDOWS\system32\DirectX 2009-03-22 16:49:53 ----D---- C:\WINDOWS\WinSxS 2009-03-22 16:48:33 ----RSD---- C:\WINDOWS\Fonts 2009-03-22 03:24:01 ----D---- C:\WINDOWS\Prefetch 2009-03-22 01:11:40 ----D---- C:\Program Files\Xfire 2009-03-22 01:07:35 ----D---- C:\WINDOWS\Help 2009-03-22 00:57:54 ----D---- C:\Program Files\TuneUp Utilities 2008 2009-03-21 23:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-03-21 21:33:28 ----SHD---- C:\RECYCLER 2009-03-21 21:30:14 ----D---- C:\Documents and Settings 2009-03-21 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-03-21 20:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-03-21 20:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-03-21 20:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-03-21 20:16:07 ----D---- C:\Program Files\Internet Explorer 2009-03-21 20:09:57 ----D---- C:\WINDOWS\WBEM 2009-03-21 20:09:57 ----D---- C:\WINDOWS\system32\fr 2009-03-21 20:09:57 ----D---- C:\WINDOWS\Network Diagnostic 2009-03-21 20:09:57 ----D---- C:\WINDOWS\L2Schemas 2009-03-21 20:07:40 ----D---- C:\WINDOWS\AppPatch 2009-03-21 20:07:22 ----RD---- C:\WINDOWS\Web 2009-03-21 20:07:22 ----D---- C:\WINDOWS\system32\Setup 2009-03-21 20:06:12 ----D---- C:\WINDOWS\Offline Web Pages 2009-03-21 20:06:03 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-21 20:05:53 ----D---- C:\WINDOWS\twain_32 2009-03-21 20:05:49 ----D---- C:\WINDOWS\system32\ras 2009-03-21 20:05:45 ----D---- C:\WINDOWS\system32\icsxml 2009-03-21 20:05:25 ----D---- C:\WINDOWS\system32\1036 2009-03-21 19:47:37 ----D---- C:\WINDOWS\SoftwareDistribution 2009-03-21 19:47:32 ----D---- C:\WINDOWS\system32\MsDtc 2009-03-21 19:47:26 ----D---- C:\WINDOWS\security 2009-03-21 19:47:26 ----D---- C:\WINDOWS\repair 2009-03-21 19:47:17 ----D---- C:\WINDOWS\Debug 2009-03-21 19:46:43 ----SHD---- C:\System Volume Information 2009-03-21 19:46:43 ----D---- C:\WINDOWS\system32\Restore 2009-03-21 19:46:32 ----SD---- C:\WINDOWS\Tasks 2009-03-21 19:45:57 ----D---- C:\WINDOWS\system32\config 2009-03-21 19:37:11 ----D---- C:\Program Files\WinRAR 2009-03-21 19:37:01 ----D---- C:\Program Files\Nero 2009-03-21 19:35:21 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-21 19:30:55 ----D---- C:\WINDOWS\Registration 2009-03-21 19:30:14 ----D---- C:\WINDOWS\system32\URTTemp 2009-03-21 19:28:06 ----D---- C:\WINDOWS\system32\ias 2009-03-21 19:26:41 ----D---- C:\WINDOWS\srchasst 2009-03-21 19:26:32 ----D---- C:\Program Files\Windows Media Player 2009-03-21 19:26:27 ----D---- C:\Program Files\Outlook Express 2009-03-21 19:24:38 ----D---- C:\WINDOWS\system32\Com 2009-03-21 19:23:31 ----D---- C:\Program Files\Windows Media Connect 2 2009-03-21 19:23:08 ----D---- C:\WINDOWS\system32\wbem 2009-03-21 19:23:00 ----D---- C:\WINDOWS\system32\fr-fr 2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\usmt 2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\oodag 2009-03-21 18:37:59 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-03-21 18:37:53 ----D---- C:\WINDOWS\system32\1033 2009-03-21 18:37:52 ----D---- C:\WINDOWS\SHELLNEW 2009-03-21 18:37:51 ----D---- C:\WINDOWS\PeerNet 2009-03-21 18:37:38 ----D---- C:\WINDOWS\ime 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2009-03-17 18:11:17 ----HD---- C:\Program Files\InstallShield Installation Information 2009-03-17 13:42:48 ----D---- C:\temp 2009-03-17 02:09:13 ----HD---- C:\$AVG8.VAULT$ 2009-03-15 19:46:43 ----D---- C:\Program Files\Microsoft Office 2009-03-11 10:59:07 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-22 213520] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792] R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-02 10368] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-05-02 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-05-02 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-02 259712] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-02 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-16 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-16 68952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-03-23 10:46:35 ======Uninstall list====== Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} C-Media High Definition Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} GSpot 2.21 Fr-->"C:\Program Files\GSpot221\unins000.exe" IncrediMail-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} ITE IT8212 ATA RAID Controller-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC6AAE10-A081-42C7-9CD3-ED1D80C30941}\Setup.exe" -l0x9 Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.14)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Nero 8 Lite 8.3.2.1-->"C:\Program Files\Nero\unins000.exe" O&O Defrag Professional Edition-->MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SoftwareUpdate 1.0-->"C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\unins000.exe" TaskSwitchXP-->C:\Program Files\TaskSwitchXP\uninst.exe TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2} Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe" ======Hosts File====== 127.0.0.1 localhost 127.0.0.1 ad.a8.net 127.0.0.1 asy.a8ww.net 127.0.0.1 www.abx4.com #[Adware.ABXToolbar] 127.0.0.1 acezip.net #[siteAdvisor.acezip.net] 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] 127.0.0.1 phpadsnew.abac.com 127.0.0.1 a.abnad.net 127.0.0.1 b.abnad.net 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] ======Security center information====== AV: Kaspersky Internet Security FW: Kaspersky Internet Security ======System event log====== Computer Name: B7F020E3BF5F476 Event Code: 6011 Message: Le nom NetBIOS et le nom de l'hôte DNS de cet ordinateur ont été modifiés de MACHINENAME vers B7F020E3BF5F476. Record Number: 5 Source Name: EventLog Time Written: 20090321192037.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 121 Message: Port A is up with 100 Mbps Record Number: 4 Source Name: yukonwxp Time Written: 20090321201745.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 2 Message: Pendant la validation de \Device\Serial0 en tant que port série, une FIFO a été détectée. La FIFO sera utilisée. Record Number: 3 Source Name: Serial Time Written: 20090321201026.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 2 Source Name: EventLog Time Written: 20090321201020.000000+060 Event Type: Informations User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090321201020.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: B7F020E3BF5F476 Event Code: 1000 Message: Les compteurs de performances pour le service MSDTC (MSDTC) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 5 Source Name: LoadPerf Time Written: 20090321192356.000000+060 Event Type: Informations User: Computer Name: B7F020E3BF5F476 Event Code: 1000 Message: Les compteurs de performances pour le service TermService (Services Terminal Server) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 4 Source Name: LoadPerf Time Written: 20090321192349.000000+060 Event Type: Informations User: Computer Name: B7F020E3BF5F476 Event Code: 1000 Message: Les compteurs de performances pour le service RemoteAccess (Routage et accès distant) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 3 Source Name: LoadPerf Time Written: 20090321192218.000000+060 Event Type: Informations User: Computer Name: B7F020E3BF5F476 Event Code: 1000 Message: Les compteurs de performances pour le service PSched (PSched) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 2 Source Name: LoadPerf Time Written: 20090321192127.000000+060 Event Type: Informations User: Computer Name: B7F020E3BF5F476 Event Code: 1000 Message: Les compteurs de performances pour le service RSVP (QoS RSVP) ont été chargés. Les données d'enregistrement contiennent les nouvelles valeurs d'index assignées à ce service. Record Number: 1 Source Name: LoadPerf Time Written: 20090321192056.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Je recommence l'analyse ,j'ai mal lu l'anglais (eh oui beaucoup de lacunes !), voivi le nouveau rapport : Logfile of random's system information tool 1.06 (written by random/random) Run by christophe at 2009-03-23 10:52:28 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 146 GB (77%) free of 191 GB Total RAM: 1023 MB (47% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:55:16, on 23/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20978) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\RunDll32.exe C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IncrediMail\bin\ImApp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\IncrediMail\bin\IncMail.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\christophe.B7F020E3BF5F476\Bureau\RSIT.exe C:\Program Files\trend micro\christophe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://lo.st#first R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: ;Tag&rename O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [softwareHelper] C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 5804 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2009-03-21 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04 92504] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992] "Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd [] "EoEngine"= [] "SoftwareHelper"=C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2008-05-02 679936] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TaskSwitchXP"=C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [2006-08-04 62976] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-05-02 15360] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-02-25 251264] C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage RAID Manager.lnk - C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe C:\Documents and Settings\christophe.B7F020E3BF5F476\Menu Démarrer\Programmes\Démarrage Xfire.lnk - C:\Program Files\Xfire\xfire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\WINDOWS\system32\klogon.dll [2008-04-25 206088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-05-02 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-03-23 10:46:16 ----D---- C:\rsit 2009-03-23 10:46:16 ----D---- C:\Program Files\trend micro 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\muweb.dll 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-03-23 08:31:50 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-03-23 08:31:49 ----D---- C:\WINDOWS\LastGood 2009-03-22 22:43:16 ----D---- C:\Program Files\CCleaner 2009-03-22 20:00:28 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Malwarebytes 2009-03-22 20:00:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-22 20:00:21 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs\logishrd 2009-03-22 17:46:24 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2009-03-22 16:50:34 ----A---- C:\WINDOWS\system32\d3dx9_32.dll 2009-03-22 16:39:18 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\EoRezo 2009-03-22 16:00:19 ----RA---- C:\WINDOWS\system32\Audio3D.dll 2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmudax.dll 2009-03-22 16:00:06 ----RA---- C:\WINDOWS\system32\cmirmdrv.exe 2009-03-22 13:50:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Media Player Classic 2009-03-22 13:49:27 ----D---- C:\Program Files\ffdshow 2009-03-22 01:42:00 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Thunderbird 2009-03-22 01:33:35 ----A---- C:\WINDOWS\system32\BASSMOD.dll 2009-03-22 01:17:34 ----D---- C:\WINDOWS\pss 2009-03-22 01:06:17 ----D---- C:\Program Files\GSpot221 2009-03-22 00:55:34 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\TuneUp Software 2009-03-22 00:46:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IM 2009-03-22 00:45:14 ----D---- C:\Program Files\IncrediMail 2009-03-22 00:45:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\IncrediMail 2009-03-22 00:38:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xfire 2009-03-21 23:42:54 ----D---- C:\Program Files\Marvell 2009-03-21 23:25:30 ----D---- C:\Program Files\Intel 2009-03-21 23:19:10 ----A---- C:\WINDOWS\system32\ntport.dll 2009-03-21 23:11:12 ----RA---- C:\WINDOWS\system32\cmirmdrv.dll 2009-03-21 23:11:11 ----RA---- C:\WINDOWS\system32\udaprop.dll 2009-03-21 23:00:00 ----RA---- C:\WINDOWS\system32\a3d.dll 2009-03-21 22:29:41 ----A---- C:\WINDOWS\Ascd_tmp.ini 2009-03-21 22:22:12 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Mozilla 2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Macromedia 2009-03-21 22:10:52 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Adobe 2009-03-21 21:47:31 ----D---- C:\Program Files\Kaspersky Lab 2009-03-21 21:47:31 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab 2009-03-21 21:42:47 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\teamspeak2 2009-03-21 21:41:02 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Xentient 2009-03-21 21:40:43 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\HLSW 2009-03-21 21:31:21 ----D---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Identities 2009-03-21 21:30:19 ----ASH---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\desktop.ini 2009-03-21 21:30:17 ----SD---- C:\Documents and Settings\christophe.B7F020E3BF5F476\Application Data\Microsoft 2009-03-21 20:20:31 ----A---- C:\WINDOWS\system32\h323log.txt 2009-03-21 20:19:23 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-03-21 20:17:15 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$ 2009-03-21 20:17:03 ----A---- C:\WINDOWS\system32\usbui.dll 2009-03-21 20:16:28 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-03-21 20:15:14 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-03-21 20:13:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-03-21 20:13:24 ----A---- C:\WINDOWS\ODBCINST.INI 2009-03-21 20:13:14 ----A---- C:\WINDOWS\system32\irclass.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgsetup.dll 2009-03-21 20:13:13 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-03-21 20:13:10 ----A---- C:\WINDOWS\TASKMAN.EXE 2009-03-21 20:13:09 ----A---- C:\WINDOWS\system32\batt.dll 2009-03-21 20:13:08 ----A---- C:\WINDOWS\NOTEPAD.EXE 2009-03-21 20:13:07 ----A---- C:\WINDOWS\system32\storprop.dll 2009-03-21 20:12:50 ----ASH---- C:\Documents and Settings\All Users.WINDOWS\Application Data\desktop.ini 2009-03-21 20:10:45 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft 2009-03-21 19:46:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-03-21 19:36:36 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero 2009-03-21 19:35:32 ----D---- C:\Program Files\TaskSwitchXP 2009-03-21 19:34:05 ----A---- C:\WINDOWS\system32\jit.dll 2009-03-21 19:34:05 ----A---- C:\WINDOWS\setdebug.exe 2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\javaee.dll 2009-03-21 19:34:04 ----A---- C:\WINDOWS\system32\dx3j.dll 2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\wjview.exe 2009-03-21 19:33:58 ----A---- C:\WINDOWS\system32\vmhelper.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjdbc10.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msjava.dll 2009-03-21 19:33:57 ----A---- C:\WINDOWS\system32\msawt.dll 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jview.exe 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\jdbgmgr.exe 2009-03-21 19:33:56 ----A---- C:\WINDOWS\system32\javart.dll 2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javaprxy.dll 2009-03-21 19:33:55 ----A---- C:\WINDOWS\system32\javacypt.dll 2009-03-21 19:33:54 ----A---- C:\WINDOWS\system32\clspack.exe 2009-03-21 19:29:09 ----A---- C:\WINDOWS\control.ini 2009-03-21 19:28:29 ----D---- C:\WINDOWS\system32\dllcache 2009-03-21 19:28:29 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-03-21 19:27:24 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-03-21 19:27:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-03-21 19:26:31 ----A---- C:\WINDOWS\system32\acctres.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-03-21 19:26:12 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-03-21 19:26:11 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wups.dll 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-03-21 19:26:10 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx4.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-03-21 19:26:09 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-03-21 19:26:08 ----A---- C:\WINDOWS\system32\qmgr.dll 2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-03-21 19:26:07 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srsvc.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-03-21 19:26:06 ----A---- C:\WINDOWS\system32\srclient.dll 2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-03-21 19:26:05 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetres.dll 2009-03-21 19:26:03 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\schedsvc.dll 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-03-21 19:26:00 ----A---- C:\WINDOWS\system32\mstask.dll 2009-03-21 19:24:14 ----A---- C:\WINDOWS\vbaddin.ini 2009-03-21 19:24:14 ----A---- C:\WINDOWS\vb.ini 2009-03-21 19:23:20 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\getuname.dll 2009-03-21 19:23:13 ----A---- C:\WINDOWS\system32\charmap.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\winmine.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\sol.exe 2009-03-21 19:23:12 ----A---- C:\WINDOWS\system32\calc.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tskill.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\tscon.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\reset.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-03-21 19:23:11 ----A---- C:\WINDOWS\system32\freecell.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\shadow.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\regini.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-03-21 19:23:10 ----A---- C:\WINDOWS\system32\msg.exe 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\logoff.exe 2009-03-21 19:23:09 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-03-21 19:23:01 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-03-21 19:23:00 ----A---- C:\WINDOWS\system32\spider.exe 2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tsgqec.dll 2009-03-21 19:22:59 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\rhttpaa.dll 2009-03-21 19:22:58 ----A---- C:\WINDOWS\system32\aaclient.dll 2009-03-21 19:22:57 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-03-21 19:22:56 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\termsrv.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-03-21 19:22:55 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-03-21 19:22:54 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-03-21 19:22:53 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-03-21 19:22:52 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\stclient.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-03-21 19:22:51 ----A---- C:\WINDOWS\system32\colbact.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-03-21 19:22:50 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-03-21 19:22:49 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comuid.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-03-21 19:22:48 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-03-21 19:22:39 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-03-21 19:22:38 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-03-21 19:22:37 ----A---- C:\WINDOWS\system32\cmprops.dll 2009-03-21 18:10:28 ----AD---- C:\WINDOWS\i386 2009-03-21 18:09:08 ----D---- C:\Program Files\Mozilla Thunderbird 2009-03-21 18:08:03 ----D---- C:\Program Files\Recuva 2009-03-21 18:08:02 ----D---- C:\Program Files\Paint.NET 2009-03-21 18:08:00 ----D---- C:\Program Files\Occtpt 2009-03-21 18:07:43 ----D---- C:\Program Files\Cpu-z 2009-03-15 19:47:17 ----D---- C:\Program Files\MSBuild 2009-03-15 19:44:54 ----D---- C:\Program Files\Microsoft Visual Studio 8 2009-03-11 20:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$ 2009-03-11 20:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$ 2009-03-11 20:01:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-03-09 20:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-03-09 20:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-26 19:46:50 ----A---- C:\WINDOWS\system32\xfcodec.dll ======List of files/folders modified in the last 1 months====== 2009-03-23 10:51:59 ----D---- C:\WINDOWS\Temp 2009-03-23 10:46:16 ----RD---- C:\Program Files 2009-03-23 08:33:04 ----D---- C:\Program Files\Mozilla Firefox 2009-03-23 08:31:50 ----D---- C:\WINDOWS\system32 2009-03-23 08:31:49 ----HD---- C:\WINDOWS\inf 2009-03-23 08:31:49 ----D---- C:\WINDOWS 2009-03-23 08:31:47 ----D---- C:\WINDOWS\system32\CatRoot2 2009-03-22 23:33:09 ----D---- C:\WINDOWS\system 2009-03-22 23:28:45 ----HD---- C:\Config.Msi 2009-03-22 23:26:15 ----D---- C:\WINDOWS\system32\drivers 2009-03-22 23:24:12 ----D---- C:\WINDOWS\system32\CatRoot 2009-03-22 23:24:08 ----SHD---- C:\WINDOWS\Installer 2009-03-22 22:44:20 ----D---- C:\Program Files\Teamspeak2_RC2 2009-03-22 22:12:35 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-03-22 21:00:18 ----SH---- C:\boot.ini 2009-03-22 21:00:18 ----A---- C:\WINDOWS\win.ini 2009-03-22 21:00:18 ----A---- C:\WINDOWS\system.ini 2009-03-22 17:57:49 ----RSD---- C:\WINDOWS\assembly 2009-03-22 17:56:45 ----D---- C:\WINDOWS\Microsoft.NET 2009-03-22 17:46:24 ----D---- C:\Program Files\Fichiers communs 2009-03-22 16:51:56 ----D---- C:\Program Files\Microsoft Silverlight 2009-03-22 16:50:34 ----D---- C:\WINDOWS\system32\DirectX 2009-03-22 16:49:53 ----D---- C:\WINDOWS\WinSxS 2009-03-22 16:48:33 ----RSD---- C:\WINDOWS\Fonts 2009-03-22 03:24:01 ----D---- C:\WINDOWS\Prefetch 2009-03-22 01:11:40 ----D---- C:\Program Files\Xfire 2009-03-22 01:07:35 ----D---- C:\WINDOWS\Help 2009-03-22 00:57:54 ----D---- C:\Program Files\TuneUp Utilities 2008 2009-03-21 23:35:26 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-03-21 21:33:28 ----SHD---- C:\RECYCLER 2009-03-21 21:30:14 ----D---- C:\Documents and Settings 2009-03-21 20:17:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-03-21 20:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-03-21 20:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-03-21 20:16:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-03-21 20:16:07 ----D---- C:\Program Files\Internet Explorer 2009-03-21 20:09:57 ----D---- C:\WINDOWS\WBEM 2009-03-21 20:09:57 ----D---- C:\WINDOWS\system32\fr 2009-03-21 20:09:57 ----D---- C:\WINDOWS\Network Diagnostic 2009-03-21 20:09:57 ----D---- C:\WINDOWS\L2Schemas 2009-03-21 20:07:40 ----D---- C:\WINDOWS\AppPatch 2009-03-21 20:07:22 ----RD---- C:\WINDOWS\Web 2009-03-21 20:07:22 ----D---- C:\WINDOWS\system32\Setup 2009-03-21 20:06:12 ----D---- C:\WINDOWS\Offline Web Pages 2009-03-21 20:06:03 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-03-21 20:05:53 ----D---- C:\WINDOWS\twain_32 2009-03-21 20:05:49 ----D---- C:\WINDOWS\system32\ras 2009-03-21 20:05:45 ----D---- C:\WINDOWS\system32\icsxml 2009-03-21 20:05:25 ----D---- C:\WINDOWS\system32\1036 2009-03-21 19:47:37 ----D---- C:\WINDOWS\SoftwareDistribution 2009-03-21 19:47:32 ----D---- C:\WINDOWS\system32\MsDtc 2009-03-21 19:47:26 ----D---- C:\WINDOWS\security 2009-03-21 19:47:26 ----D---- C:\WINDOWS\repair 2009-03-21 19:47:17 ----D---- C:\WINDOWS\Debug 2009-03-21 19:46:43 ----SHD---- C:\System Volume Information 2009-03-21 19:46:43 ----D---- C:\WINDOWS\system32\Restore 2009-03-21 19:46:32 ----SD---- C:\WINDOWS\Tasks 2009-03-21 19:45:57 ----D---- C:\WINDOWS\system32\config 2009-03-21 19:37:11 ----D---- C:\Program Files\WinRAR 2009-03-21 19:37:01 ----D---- C:\Program Files\Nero 2009-03-21 19:35:21 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-03-21 19:30:55 ----D---- C:\WINDOWS\Registration 2009-03-21 19:30:14 ----D---- C:\WINDOWS\system32\URTTemp 2009-03-21 19:28:06 ----D---- C:\WINDOWS\system32\ias 2009-03-21 19:26:41 ----D---- C:\WINDOWS\srchasst 2009-03-21 19:26:32 ----D---- C:\Program Files\Windows Media Player 2009-03-21 19:26:27 ----D---- C:\Program Files\Outlook Express 2009-03-21 19:24:38 ----D---- C:\WINDOWS\system32\Com 2009-03-21 19:23:31 ----D---- C:\Program Files\Windows Media Connect 2 2009-03-21 19:23:08 ----D---- C:\WINDOWS\system32\wbem 2009-03-21 19:23:00 ----D---- C:\WINDOWS\system32\fr-fr 2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\usmt 2009-03-21 18:38:01 ----D---- C:\WINDOWS\system32\oodag 2009-03-21 18:37:59 ----HD---- C:\WINDOWS\system32\GroupPolicy 2009-03-21 18:37:53 ----D---- C:\WINDOWS\system32\1033 2009-03-21 18:37:52 ----D---- C:\WINDOWS\SHELLNEW 2009-03-21 18:37:51 ----D---- C:\WINDOWS\PeerNet 2009-03-21 18:37:38 ----D---- C:\WINDOWS\ime 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-03-21 18:37:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2009-03-21 18:37:27 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2009-03-17 18:11:17 ----HD---- C:\Program Files\InstallShield Installation Information 2009-03-17 13:42:48 ----D---- C:\temp 2009-03-17 02:09:13 ----HD---- C:\$AVG8.VAULT$ 2009-03-15 19:46:43 ----D---- C:\Program Files\Microsoft Office 2009-03-11 10:59:07 ----HD---- C:\WINDOWS\$hf_mig$ ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 40576] R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-03-22 213520] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-05-02 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792] R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360] R3 cmudax;C-Media High Definition Audio Interface; C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-21 1275584] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-05-02 144384] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-05-02 10368] R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys [2007-02-03 41504] R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2008-05-02 5810] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-05-02 61824] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-05-02 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-02 259712] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-02 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-05-02 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504] R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2009-03-21 201992] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-02-15 707344] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-07-16 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-07-16 68952] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-05-02 14336] -----------------EOF-----------------
- le 23 mars 2009
- 21 réponses
bonsoir a vous toutes et tous SOS !! SOS !!

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

voici le rapport d'analyse demandé (en reprecisant qu'entre temps mon pc a subi quelques changement) Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1885 Windows 5.1.2600 Service Pack 3 22/03/2009 20:11:18 mbam-log-2009-03-22 (20-11-18).txt Type de recherche: Examen rapide Eléments examinés: 103403 Temps écoulé: 5 minute(s), 26 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 3 Dossier(s) infecté(s): 3 Fichier(s) infecté(s): 3 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Documents and Settings\Christophe\Application Data\VirusRemover2009 (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\Christophe\Application Data\VirusRemover2009\Logs (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\Christophe\Local Settings\Temp\CLN_2009FreeInstall_Rezer.exe (Rogue.Cleaner2009) -> Quarantined and deleted successfully. C:\Documents and Settings\Christophe\Application Data\VirusRemover2009\Logs\scns.log (Rogue.VirusRemover) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
- le 22 mars 2009
- 21 réponses
bonsoir a vous toutes et tous SOS !! SOS !!

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

merci de cette reponse que je vois malheureusement tardivement. Désolé d'avoir été sourd à votre aide mais mon pc ne m'en a pas laissé le temps, c'est simple il ne voulait plus démarrer . J'ai voulu le formater mais le xp choisi pour l'occasion ne devait pas etre le bon si bien qu'en guise de formatage je n'ai pu faire qu'unu installation . Je vais tenter de suivre vos conseil avec attention merci
- le 22 mars 2009
- 21 réponses
bonsoir a vous toutes et tous SOS !! SOS !!

rital94 a posté un sujet dans Analyses et éradication malwares

bonsoir je suis infecter depuis hier après midi de ces deux virus j'ai avg 8.0 et et sumbelt personal firewal j'ai une analyse Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:46:30, on 17/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AirDefense\Personal Agent\ADPService.exe C:\Program Files\AirDefense\Personal Agent\ADPShell.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe C:\Program Files\Malware Defender 2009\malwaredef.exe C:\Program Files\Mozilla Firefox\firefox.exe G:\Mes doc\logiciel christophe\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O1 - Hosts: 91.121.153.162 l2authd.lineage2.com #Semper Fidelis O1 - Hosts: 91.121.153.162 l2testauthd.lineage2.com #Semper Fidelis O1 - Hosts: 91.121.153.162 nprotect.lineage2.com #Semper Fidelis O1 - Hosts: 91.121.153.162 update.nprotect.com #Semper Fidelis O1 - Hosts: 91.121.153.162 update.nprotect.net #Semper Fidelis O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [malwaredef] C:\Program Files\Malware Defender 2009\malwaredef.exe O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O21 - SSODL: HardwareDrivers - {1F10599C-469E-4511-B6E8-603A0346E80B} - C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\hdddriver.dll O21 - SSODL: DriversLoad - {2310429E-B825-4D19-AE63-7299A51DB785} - C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\kliomjyqlo.dll O23 - Service: AirDefense Personal Service (ADPService) - Unknown owner - C:\Program Files\AirDefense\Personal Agent\ADPService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10719 bytes
- le 17 mars 2009
- 21 réponses
probleme messagerie

rital94 a répondu à un(e) sujet de rital94 dans Internet & Réseaux

je crois qu'il va etre difficile pour vous de m'aider aujourd'hui car je ne suis pas sur le pc concerné.quand j'irais chez mon beau-pere je me connecterais de chez lui pour faire un copier collé du message d'erreur. Merci et à plus tard, Le probleme est a la reception
- le 16 décembre 2008
- 4 réponses
probleme messagerie

rital94 a répondu à un(e) sujet de rital94 dans Internet & Réseaux

desole j'ai oublié quelque precision : la massagerie c'est outlook,le pare-feu windows,antivir comme antivirus,avg, et le windows c'est xp edition familiaie pack 2 et l'operateur c'est free.j'espere que vous avez les info necessaire pour m'apporter votre,merci par avance pour votre rapide intervention
- le 16 décembre 2008
- 4 réponses
probleme messagerie

rital94 a posté un sujet dans Internet & Réseaux

Bonjour tout le monde. Petit soucis mais je me retrouve devant un mur. J'ai fait les bons parametrages (verifié avec la hotline )et pourtant le problème persiste. Toujours le meme message d'erreur concernant la tache"verification" des message. Je precise que ces probleme ont lieu avec le pc de mon beau-pere et je vous contact avec le mien. Merci a toute personne pouvant m'aider
- le 16 décembre 2008
- 4 réponses
J'ai une nouvelle à annoncer !

rital94 a répondu à un(e) sujet de sofy dans J'ai rien à dire mais j'le dis quand même

bonjour et félicitation je suis nouveau sur le forum tout mes veux de bonheur ciao
- le 1 juillet 2008
- 684 réponses
UN GRAND MERCI à L'EQUIPE DE ZEBULON

rital94 a répondu à un(e) sujet de sifffer6 dans J'ai rien à dire mais j'le dis quand même

bonjour Merci a vous y a deux semaines j'ai eu un gros trojan sur mon pc et grâce a vous et votre gentillesse en moins de 24h mon problème a été résolut merci beaucoup de votre dévouement et simplicité pour moi qui n'ai pas un pro de l'informatique ciao
- le 1 juillet 2008
- 6 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

merci ce forum d'aide est génial pour ceux qui comme moi ont peu de connaissances de leur ordi bonne journée
- le 15 juin 2008
- 12 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

encore merci avant de mettre resolu serait-il possible d'avoir des infos sur ce qu'était le probleme s'il te plait
- le 15 juin 2008
- 12 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

et voila le nouveau rapport demandé : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:59:55, on 15/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: RAID Manager.lnk = ? O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7084 bytes
- le 15 juin 2008
- 12 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

ok je me lance
- le 15 juin 2008
- 12 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

merci angelique pour m'avoir repondu si vite hier. J'attends les instructions pour la suite ,je voulais signaler que je serais absente cette après-midi. Je ne tente rien de plus pour le moment car pas douée dutout pour comprendre quoi que ce soit dans les rapport a plus tard et bonne journée
- le 15 juin 2008
- 12 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

ce fut long mais j'espere avoir bien suivi les étapes ,voici le rapport d'activir (pourvu que j'ai bien tout compris et qu'il correspond à ta demande) Avira AntiVir Personal Report file date: samedi 14 juin 2008 20:47 Scanning for 1331584 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Save mode Username: Christophe Computer name: CHRISTOP-281242 Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 18:17:11 ANTIVIR3.VDF : 7.0.4.196 2048 Bytes 14/06/2008 18:17:12 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 14/06/2008 18:18:04 AESCN.DLL : 8.1.0.21 119156 Bytes 14/06/2008 18:18:01 AERDL.DLL : 8.1.0.20 418165 Bytes 14/06/2008 18:17:58 AEPACK.DLL : 8.1.1.5 364918 Bytes 14/06/2008 18:17:51 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 14/06/2008 18:17:41 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 14/06/2008 18:17:39 AEHELP.DLL : 8.1.0.15 115063 Bytes 14/06/2008 18:17:23 AEGEN.DLL : 8.1.0.28 307572 Bytes 14/06/2008 18:17:21 AEEMU.DLL : 8.1.0.6 430451 Bytes 14/06/2008 18:17:17 AECORE.DLL : 8.1.0.31 168310 Bytes 14/06/2008 18:17:15 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, E:, G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 14 juin 2008 20:47 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 14 processes with 14 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'E:\' [iNFO] No virus was found! Boot sector 'G:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '26' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Christophe\Bureau\Navilog1.exe [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.99 [NOTE] The file was moved to '48ca1476.qua'! C:\Documents and Settings\Christophe\Local Settings\Application Data\Mozilla\Firefox\Profiles\sihdcrjm.default\Cache\55B4B867d01 [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.99 [NOTE] The file was moved to '489614bb.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'G:\' <Téléchargement G> End of the scan: samedi 14 juin 2008 23:38 Used time: 2:50:54 min The scan has been done completely. 6836 Scanning directories 322646 Files were scanned 2 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 322644 Files not concerned 2600 Archives were scanned 2 Warnings 2 Notes
- le 14 juin 2008
- 12 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a répondu à un(e) sujet de rital94 dans Analyses et éradication malwares

merci angélique, je transmet le rapport que j'ai un peu de mal à lire mais il me semble que le probleme a ete trouver,j'attends confirmation merci Clean Navipromo version 3.5.8 commencé le 14/06/2008 à 19:16:02,50 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Christophe" Mise à jour le 06.06.2008 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * C:\WINDOWS\prefetch\rdfitdi*.pf trouvé ! Copie C:\WINDOWS\prefetch\rdfitdi*.pf réalisée avec succès ! C:\WINDOWS\prefetch\rdfitdi*.pf supprimé ! * Suppression dans "C:\Documents and Settings\Christophe\locals~1\applic~1" * rdfitdi.exe trouvé ! Copie rdfitdi.exe réalisée avec succès ! rdfitdi.exe supprimé ! rdfitdi.dat trouvé ! Copie rdfitdi.dat réalisée avec succès ! rdfitdi.dat supprimé ! rdfitdi_nav.dat trouvé ! Copie rdfitdi_nav.dat réalisée avec succès ! rdfitdi_nav.dat supprimé ! rdfitdi_navps.dat trouvé ! Copie rdfitdi_navps.dat réalisée avec succès ! rdfitdi_navps.dat supprimé ! * Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Christophe\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Christophe\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Christophe\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" *** *** Suppression fichiers *** C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Christophe\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Christophe\locals~1\applic~1" * * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 14/06/2008 à 19:25:11,73 ***
- le 14 juin 2008
- 12 réponses
résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

rital94 a posté un sujet dans Analyses et éradication malwares

bonjour a tous , il se trouve qu' après une analyse sur virustotal une méchante bébête est en train de grignoter mon pc à savoir deux troyens :Trojan:Win32/Skintrim.B et Win32.Trojan.Obfuscated.aqn.3 . Si quelqu'un pouvait m'aider se serait formibable et vous en serait infiniment reconnaissante Voici le rapport d'analyse: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:25:06, on 14/06/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: RAID Manager.lnk = ? O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 7412 bytes
- le 14 juin 2008
- 12 réponses

Connexion

rital94

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par rital94

bonsoir a vous toutes et tous SOS !! SOS !!

bonsoir a vous toutes et tous SOS !! SOS !!

bonsoir a vous toutes et tous SOS !! SOS !!

bonsoir a vous toutes et tous SOS !! SOS !!

probleme messagerie

probleme messagerie

probleme messagerie

J'ai une nouvelle à annoncer !

UN GRAND MERCI à L'EQUIPE DE ZEBULON

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

résolu infection Win32.Trojan.Obfuscated.aqn.3 et Trojan:Win32/Skintri

Zebulon

Outils en ligne

Naviguer