Aller au contenu

speck41

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    370

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par speck41

  1. speck41
    Bonjour Apollo, Content de te voir espérer encore........ mais, ça ne va pas trop. J'ai fais la vérification avec AVP tool et ça ne semble pas donner les résultats espérés. Au démarrage c'est semblable, et, je ne trouve même pas le rapport généré par ce logiciel. J'ai fais un nouveau HijackThis et je te le post plus bas. Mon interrogation est à savoir si mon disque D est infecté aussi car il y a beaucoup de fichier à conserver dessus. L'idéal serait je pense de formater le disque C seulement. Je ne peux même pas déplacer les icones du bureau, ni copier coller des dossiers du disque C. À ta prochaine réponse je serai surement fixé. Merci Speck41 -------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:01:22, on 2009-09-17 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe D:\Program Files\Nero\InCD\InCDsrv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\WebUpdateSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Network Magic\nmapp.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evolutionsynchro.123.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: La barre d'outils AIR MILES - {DC7A75BF-581D-4675-BDCB-D1B35116EB49} - D:\Program Files\La barre d'outils AIR MILES\Toolbar.dll O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WeatherEye] D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-21-2025429265-1614895754-1801674531-1003\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" (User '?') O4 - HKUS\S-1-5-21-2025429265-1614895754-1801674531-1003\..\Run: [WeatherEye] D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe (User '?') O4 - HKUS\S-1-5-21-2025429265-1614895754-1801674531-1003\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O15 - Trusted Zone: http://maps.live.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F2AB3A-D1E7-478C-88C0-07ADF9334145}: NameServer = 64.18.160.73,64.18.160.74 O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - (no file) O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Gestion d'applications (AppMgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Audio Windows (AudioSrv) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Explorateur d'ordinateur (Browser) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: CryptSvc - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Lanceur de processus serveur DCOM (DcomLaunch) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Client DHCP (Dhcp) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de disque logique (dmserver) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Client DNS (Dnscache) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Configuration automatique de réseau câblé (Dot3svc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service Protocole EAP (Extensible Authentication Protocol) (EapHost) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service de rapport d'erreurs (ERSvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Système d'événements de COM+ (EventSystem) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Compatibilité avec le Changement rapide d'utilisateur (FastUserSwitchingCompatibility) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Aide et support (helpsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service Gestion des clés et des certificats d'intégrité (hkmsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Nero\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Serveur (lanmanserver) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Station de travail (lanmanworkstation) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Assistance TCP/IP NetBIOS (LmHosts) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Agent de protection d'accès réseau (napagent) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Ouverture de session réseau (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Connexions réseau (Netman) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: NLA (Network Location Awareness) (Nla) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: Stockage amovible (NtmsSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Services IPSEC (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Emplacement protégé (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Gestionnaire de connexion automatique d'accès distant (RasAuto) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de connexions d'accès distant (RasMan) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Appel de procédure distante (RPC) (RpcSs) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Gestionnaire de comptes de sécurité (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Secondary Logon (seclogon) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Notification d'événement système (SENS) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Pare-feu Windows / Partage de connexion Internet (SharedAccess) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Détection matériel noyau (ShellHWDetection) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Spouleur d'impression (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Service de restauration système (srservice) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de découvertes SSDP (SSDPSRV) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Acquisition d'image Windows (WIA) (stisvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Services Terminal Server (TermService) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Thèmes (Themes) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Client de suivi de lien distribué (TrkWks) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Hôte de périphérique universel Plug-and-Play (upnphost) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Horloge Windows (W32Time) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe O23 - Service: Infrastructure de gestion Windows (winmgmt) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Service de numéro de série du lecteur multimédia portable (WmdmPmSN) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Extensions du pilote WMI (Wmi) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Centre de sécurité (wscsvc) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - C:\WINDOWS\system32\svchost.exe (file missing) O23 - Service: Configuration automatique sans fil (WZCSVC) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) O23 - Service: Service d'approvisionnement réseau (xmlprov) - Unknown owner - C:\WINDOWS\System32\svchost.exe (file missing) -- End of file - 13779 bytes ---------------------------------------------------
  2. speck41
    Salut Apollo, ça ne va pas bien, impossible de supprimer SP3..... fichier introuvable. Impossible d'imprimer...... imprimante introuvable et impossible de la réinstaller, spooler d'impression manquant??? Impossible de faire un copier coller, impossible de déplacer un icone sur le bureau..... etc, etc Présentement, l'outil AVP Tool est en marche en mode sans echec, je te communique avec le portable de ma fille, je te redonne des nouvelle tard ce soir, (présentement 19H36) ou, demain selon le temps requis pour l'analyse, en attendant, Merci encore..... A+ Speck41
  3. speck41
    Bonjour, tout d'abords j'aimerais te dire qu"au démarrage de mon PC il y a au moins 50 alertes de Avast concernant le fichier TR/Patched.gen qui a l"air d'infecter chaque chose qui essais de s'ouvrir. Je suis tellement tanné de cliquer sur OK de ces alertes que j'ai coché faire cette action à l'avenir et j'ai chiosis mettre en quarantaine. Aussi, suite à l'application WinFileReplacement, mon logiciel Network Magic a cessé de fonctionner et la connexion internet est vraiment lente ou c'est le PC qui est très lent à répondre..... je ne sais pas quelle affirmation est la bonne. Dans le gestionnaire des taches il y a au moins 50% moins de programmes qui s'ouvrent. Lorsque je réduit une fenètre de navigation elle ne s'en va plus dans la barre des taches elle se réduit à même la fenêtre de navigation, aussi, je ne peux plus gérer la barre d'outils........ la galère quoi....! Bon, voici le rapport demandé: WinFileReplace - ver : 1.1.0 - by Loup blanc --------------------------- Microsoft Windows XP Service Pack 3 Fran‡ais --------------------------- Contrôle du fichier téléchargé : MD5 recherchée : a9a9a86e7330bffaf64ae2acfb73d959 sp3.000 MD5 : a9a9a86e7330bffaf64ae2acfb73d959 --------------------------- ============ Comparaison des fichiers avant remplacement ============ --------- Les fichiers et "C:\FR-files\lsass.exe" MD5 : 91e6024d6d4dcdecdb36c43ecf9bbecb "C:\FR-files\lsass.exe" MD5 : 91e6024d6d4dcdecdb36c43ecf9bbecb sont différents... ----------- Les fichiers et "C:\FR-files\spoolsv.exe" MD5 : 460e4ce148bd07218da0b6a3d31885a9 "C:\FR-files\spoolsv.exe" MD5 : 460e4ce148bd07218da0b6a3d31885a9 sont différents... ----------- ============ Comparaison des fichiers après remplacement ============ ----------- Les fichiers et "C:\FR-files\lsass.exe" MD5 = 91e6024d6d4dcdecdb36c43ecf9bbecb sont différents... Echec du remplacement ----------- Les fichiers et "C:\FR-files\spoolsv.exe" MD5 = 460e4ce148bd07218da0b6a3d31885a9 sont différents... Echec du remplacement ----------- ======= Fin du rapport ======= Merci Speck41
  4. speck41
    ------------------------------------ Voici le résultat combofix: ComboFix 09-09-14.02 - Famille Kelly Begin 2009-09-15 20:09.2.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.510.309 [GMT -4:00] Lancé depuis: c:\documents and settings\Famille Kelly Begin\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ADS - WINDOWS: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\7e36347.msp c:\windows\system32\lsass.exe . . . est infecté!! c:\windows\system32\spoolsv.exe . . . est infecté!! . ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-16 au 2009-09-16 )))))))))))))))))))))))))))))))))))) . 2009-09-14 14:23 . 2009-09-14 14:24 -------- d-----w- c:\program files\QuickTime 2009-09-14 14:17 . 2009-09-14 14:17 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-09-14 14:16 . 2009-09-14 14:16 -------- d-----w- c:\program files\Apple Software Update 2009-09-14 13:58 . 2009-09-14 13:58 -------- d-----w- c:\documents and settings\NetworkService\Bureau 2009-09-14 13:47 . 2009-09-14 13:47 -------- d-----w- c:\program files\Secunia 2009-09-14 01:32 . 2009-09-14 01:32 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-09-14 00:44 . 2009-03-30 14:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-09-14 00:44 . 2009-02-13 16:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-09-14 00:44 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-09-14 00:44 . 2009-09-14 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-09-13 20:25 . 2009-02-09 11:23 111104 -c----w- c:\windows\system32\dllcache\services.exe 2009-09-08 13:48 . 2009-09-08 13:48 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-07 18:06 . 2009-09-07 18:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Goland 2009-09-07 17:02 . 2009-09-07 17:02 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Mozilla 2009-09-07 16:55 . 2009-09-07 17:01 -------- d-----w- c:\documents and settings\Administrateur\Tracing 2009-09-07 16:47 . 2009-09-07 16:47 -------- d-sh--w- c:\documents and settings\Administrateur\PrivacIE 2009-09-04 00:48 . 2009-09-04 00:48 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\GlarySoft 2009-09-01 23:54 . 2009-09-01 23:54 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Convivea 2009-08-31 15:07 . 2009-08-31 15:07 -------- d-----w- c:\program files\Fichiers communs\DivX Shared 2009-08-31 15:07 . 2009-08-31 15:08 -------- d-----w- c:\program files\DivX 2009-08-26 02:11 . 2009-08-26 02:11 -------- d-----w- c:\program files\PFPortChecker 2009-08-26 01:24 . 2009-08-27 00:02 -------- d-----w- C:\mIRC Omenserve 2009-08-24 17:41 . 2009-08-24 17:41 -------- d-----w- C:\sr 2009-08-22 14:39 . 2009-08-22 14:39 74703 ----a-w- c:\windows\system32\mfc45.dll 2009-08-20 19:26 . 2009-08-20 19:26 -------- d-----w- c:\program files\LG Drivers 2009-08-19 14:17 . 2009-08-19 14:17 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\InstallShield 2009-08-19 13:56 . 2008-03-24 19:52 208896 ----a-w- c:\windows\system32\ConTest.dll 2009-08-18 23:39 . 2009-08-18 23:39 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-08-18 19:49 . 2009-08-18 19:49 -------- d-----w- c:\program files\directx 2009-08-18 19:49 . 2003-09-04 14:49 86016 ----a-w- c:\windows\system32\lvcoinst.dll 2009-08-18 19:49 . 2003-09-04 14:47 360448 ----a-w- c:\windows\system32\LVUI2RC.dll 2009-08-18 19:49 . 2003-09-04 14:47 122880 ----a-w- c:\windows\system32\LVUI2.dll 2009-08-18 19:49 . 2003-09-04 14:46 172032 ----a-w- c:\windows\system32\lvcodec2.dll 2009-08-18 19:49 . 2003-09-04 14:45 57344 ----a-w- c:\windows\system32\LVComC.dll 2009-08-18 19:49 . 2003-09-04 14:45 135214 ----a-w- c:\windows\system32\LVComS.exe 2009-08-18 19:49 . 2003-09-04 14:40 12112 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys 2009-08-18 19:49 . 2003-09-04 14:38 152576 ----a-w- c:\windows\system32\drivers\LV532AV.SYS 2009-08-18 19:48 . 2009-08-18 19:49 -------- d-----w- c:\program files\Fichiers communs\Logitech 2009-08-18 19:12 . 2009-08-18 19:12 -------- d-----w- c:\program files\Fichiers communs\Labtec 2009-08-18 19:11 . 2009-08-18 19:40 -------- d-----w- c:\program files\Fichiers communs\LogiShrd 2009-08-18 19:08 . 2009-08-18 19:47 -------- d-----w- c:\program files\Labtec 2009-08-18 01:37 . 2008-07-23 16:50 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-08-18 01:37 . 2008-07-23 16:50 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-08-18 01:37 . 2008-07-23 16:50 129784 ------w- c:\windows\system32\pxafs.dll 2009-08-18 01:28 . 2009-08-18 01:30 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\LG Electronics 2009-08-17 17:29 . 2006-05-04 12:33 53248 ----a-w- c:\windows\system32\CommonDL.dll 2009-08-17 17:29 . 2005-11-24 06:34 82432 ----a-w- c:\windows\system32\msxml4r.dll 2009-08-17 17:29 . 2005-10-04 05:39 44544 ----a-w- c:\windows\system32\msxml4a.dll 2009-08-17 17:29 . 2009-08-20 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\LGMOBILEAX 2009-08-17 15:29 . 2009-08-17 15:29 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-15 00:02 . 2009-06-27 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-14 14:26 . 2009-05-06 23:30 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Winamp 2009-09-14 14:26 . 2009-02-11 02:05 -------- d-----w- c:\program files\Winamp 2009-09-14 14:22 . 2008-06-19 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-09-12 00:12 . 2009-04-23 01:30 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\uTorrent 2009-09-10 18:54 . 2009-07-12 14:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-07-12 14:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-09 23:21 . 2008-03-15 20:34 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-01 23:36 . 2009-04-23 01:30 -------- d-----w- c:\program files\uTorrent 2009-08-26 02:42 . 2001-08-28 12:00 83324 ----a-w- c:\windows\system32\perfc00C.dat 2009-08-26 02:42 . 2001-08-28 12:00 506528 ----a-w- c:\windows\system32\perfh00C.dat 2009-08-25 14:46 . 2008-06-02 13:34 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2009-08-23 20:08 . 2009-06-20 17:58 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Vso 2009-08-22 16:06 . 2009-04-22 01:52 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\iolo 2009-08-19 14:17 . 2008-02-01 08:46 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-18 20:02 . 2009-03-25 13:05 -------- d-----w- c:\program files\Regensoft 2009-08-18 01:23 . 2008-02-03 19:49 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-08-17 17:37 . 2008-01-27 20:15 -------- d-----w- c:\program files\DIFX 2009-08-08 13:48 . 2008-03-04 19:23 -------- d-----w- c:\program files\Java 2009-08-06 20:36 . 2009-05-30 19:47 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\U3 2009-08-05 09:00 . 2004-08-19 20:09 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-28 20:33 . 2009-05-18 21:17 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-25 09:23 . 2008-10-29 02:20 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-07-24 15:50 . 2009-07-24 15:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead 2009-07-23 16:28 . 2009-07-23 16:28 -------- d-----w- c:\program files\Elaborate Bytes 2009-07-23 01:00 . 2009-07-23 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DVDXStudio 2009-07-17 19:03 . 2004-08-19 20:09 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 16:05 . 2008-08-09 16:00 30208 ----a-w- c:\windows\system32\iolobtdfg.exe 2009-07-14 03:43 . 2004-08-19 20:09 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-10 23:51 . 2008-01-27 20:12 77352 ----a-w- c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-08 01:36 . 2008-01-27 20:24 11776 ----a-w- c:\windows\system32\smrgdf.exe 2009-07-03 16:57 . 2004-08-19 20:09 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 08:26 . 2008-07-29 16:52 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2008-07-29 16:52 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2008-07-29 16:52 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-19 20:09 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-19 20:09 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-19 20:09 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2008-07-29 16:52 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys . ------- Sigcheck ------- [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll [-] 2008-04-14 . 06B54A7B1EF7CB16BFD0E208D343FA71 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\browser.dll [-] 2004-08-19 . 75AC49029966BFFEA09F96C1C194F684 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll [-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll [-] 2008-04-14 . B4AA331468315B6A174C3F0D5B3BC135 . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll [-] 2008-04-14 . F92E6BEA9349D49341383F8403B4DFE5 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll [-] 2006-08-25 . 5BBCD65CFD7610F36BCA96B72BBAED4B . 617472 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2006-08-25 . 47ABF878B9AEC81B23BA5F89DE597B3A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll [-] 2004-08-19 . 7D3AA1F0E765054CB5F30114F2DB6888 . 611328 . . [5.82] . . c:\windows\$NtUninstallKB923191$\comctl32.dll [-] 2004-08-19 . 7B5D86AF13CEF261180CC0F3BF094366 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [-] 2001-08-28 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll [-] 2008-04-14 . 7A6D0B71035E123FDDA2156A25578AD3 . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll [-] 2004-08-19 . CD73133EB24C572019944001FAD1B8D9 . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys [-] 2001-08-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2001-08-28 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\kbdclass.sys [-] 2008-04-14 . 16813155807C6881F4BFBF6657424659 . 25216 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys [-] 2004-08-19 . E798705E8DC7FAB596EF6BFDF167E007 . 25216 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys [-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys [-] 2007-02-09 . 05AB81909514BFD69CBB1F2C147CF6B9 . 574976 . . [5.1.2600.3081] . . c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys [-] 2007-02-09 . 19A811EF5F1ED5C926A028CE107FF1AF . 574464 . . [5.1.2600.3081] . . c:\windows\$NtServicePackUninstall$\ntfs.sys [-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB930916$\ntfs.sys [-] 2001-08-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2001-08-28 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys [-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB941644$\tcpip.sys [-] 2008-07-07 20:31 . A5B1B7C76134329AA7547F6E6DA35410 . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll [-] 2008-07-07 20:28 . EC16AE9B37EACF871629227A3F3913FD . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll [-] 2008-07-07 20:24 . 157F9C595FD0D10502497DC4C1348D17 . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll [-] 2008-07-07 20:18 . 74ECF4DDC685BD3249CAB323405FCC49 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll [-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll [-] 2008-04-14 02:33 . 9FD4A0615BF3E9388A46EDF8774C7294 . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll [-] 2005-07-26 04:39 . D9CDB9380E0EFC9E97CC589B5F484B94 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974_0$\es.dll [-] 2005-07-26 04:29 . B56B69129181FF63BAED5EDE65DCC9B1 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll [-] 2004-08-19 20:09 . FDE7FBE9CC9DD9484DF3E0241737C091 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll [-] 2008-04-14 . 0469B73DB32E5520F342C5E163AA3CCA . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll [-] 2004-08-19 . E55DAFA1A354BD5CB69151563DC9748A . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll [-] 2009-03-21 . 98F08549604D090B6B2514AF845F329F . 1054720 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll [-] 2009-03-21 . C3AF0EEE26B59484E674673E3016AAB7 . 1056768 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll [-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll [-] 2008-04-14 . 3AC8886DFA5AB641417DF4D3B7F5512E . 1054720 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2007-04-16 . 62E3F0E9ABFCBCEE62C51546F622C455 . 1051136 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll [-] 2007-04-16 . 6F1FE2AE7B22EB9CED1BFF533C9455EA . 1049600 . . [5.1.2600.3119] . . c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2004-08-19 . C88F74591579DBDE273C61312B2D3886 . 1048576 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB935839$\kernel32.dll [-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll [-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll [-] 2008-04-14 . 5C64008E661307C4A3C3C25D9086CDE7 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll [-] 2005-09-01 . D9BD4CCA0533401B6609E47FF74F40DC . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll [-] 2005-09-01 . 8D9A075C065DFE1228688D10155D6624 . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll [-] 2004-08-19 . 6C411ABBEEF0CA1D991F8A8F449D2B5F . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll [-] 2008-04-14 . 982B2C204337C3B12211E1E1D9BA8C9C . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll [-] 2004-08-19 . 3236A6A1650E6C055FD5E87D7C4A05AD . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2008-04-14 . 91E6024D6D4DCDECDB36C43ECF9BBECB . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe [-] 2008-04-14 . EFD713BE5FAB073DE2C9367384BB65BD . 14848 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe [-] 2004-08-19 . 259AF82A0932EEA4F316F92DB94707B6 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2009-07-19 . 29AA8EA1DAA83DBEC54916669BF09077 . 5937152 . . [8.00.6001.18812] . . c:\windows\system32\mshtml.dll [-] 2009-07-19 . 29AA8EA1DAA83DBEC54916669BF09077 . 5937152 . . [8.00.6001.18812] . . c:\windows\system32\dllcache\mshtml.dll [-] 2009-07-19 . 19C9FC84B91467171674D76EB0224D48 . 5938176 . . [8.00.6001.22902] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\mshtml.dll [-] 2009-05-13 . C153CCC6BA78182DFA3CD23086EA5BDB . 5936128 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll [-] 2009-05-13 . F73E32A6674F1D59D6D88C88D2536BAC . 5936128 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\mshtml.dll [-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\mshtml.dll [-] 2009-02-21 . D79AEC545A98057155099FB69BB3C4D3 . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll [-] 2009-02-20 . 78068F040272D5EEF5198B3C75DD4D99 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie8\mshtml.dll [-] 2009-01-17 . 0975BFBBCF2639C8BB5C0790F020DE6C . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll [-] 2009-01-16 . F386435C5E0A5D86E9F90B659D4F6075 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll [-] 2008-12-13 . 0AFB982529328ABAF64EFC6C85E0F09C . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll [-] 2008-12-13 . CB7922B3AD4BC5BBEDA130F6C9E0656A . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll [-] 2008-10-17 . 74BF6087086364FA96BF047DA7C9EB38 . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll [-] 2008-10-16 . EB75C0C66C633D0EFD0176450F8857F8 . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll [-] 2008-08-27 . 3CCDB836BBAB800FDED3181AF7EED38F . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll [-] 2008-08-27 . 3CCDB836BBAB800FDED3181AF7EED38F . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2GDR\mshtml.dll [-] 2008-08-26 . 0F345A2FE55C3DC9693AAAF2E983F4AD . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll [-] 2008-08-26 . 0F345A2FE55C3DC9693AAAF2E983F4AD . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2QFE\mshtml.dll [-] 2008-08-20 . EB2B003122AA714FE93979CFA4EEAA55 . 3088384 . . [6.00.2900.3429] . . c:\windows\ie7\mshtml.dll [-] 2008-08-20 . E1772442035064C97BA6B4D60BDA1BB9 . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\mshtml.dll [-] 2008-08-20 . 4229C8960DE4DC5B6C326E2B65175E9F . 3088896 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\mshtml.dll [-] 2008-06-24 . 03F74B51CC156B0E78D998DDF0EF31C1 . 3592192 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll [-] 2008-06-24 . 03F74B51CC156B0E78D998DDF0EF31C1 . 3592192 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2GDR\mshtml.dll [-] 2008-06-23 . A01EF08ACFF24D6E4987804BFD306AA4 . 3594240 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\mshtml.dll [-] 2008-06-23 . A01EF08ACFF24D6E4987804BFD306AA4 . 3594240 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2QFE\mshtml.dll [-] 2008-04-23 . EBF0440323874DDF97EF0CEC2D6DC9F4 . 3593728 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll [-] 2008-04-14 . C4153F037157C7BE7C54FD88887F027D . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll [-] 2008-03-01 . F745B291067B273909D87D9D84857F4D . 3591680 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\mshtml.dll [-] 2008-03-01 . B22EC9AE82E19818077E286FF1B82B72 . 3593216 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll [-] 2007-12-07 . 906D0EC58033A9475BF8C7F885B7ED45 . 3593216 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll [-] 2007-10-31 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . c:\windows\ie7updates\KB944533-IE7\mshtml.dll [-] 2007-10-31 . 89397AFC934A509580FF089035E71DA8 . 3590656 . . [7.00.6000.16587] . . c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\mshtml.dll [-] 2007-10-30 . EB4E53C96D5FB4A9A3F1EAEB782D8862 . 3593216 . . [7.00.6000.20710] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll [-] 2007-10-30 . EB4E53C96D5FB4A9A3F1EAEB782D8862 . 3593216 . . [7.00.6000.20710] . . c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\mshtml.dll [-] 2007-10-30 . C9BD851330A5AE9CF42CA74F7FAB3054 . 3079680 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB942615$\mshtml.dll [-] 2007-10-30 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243] . . c:\windows\$hf_mig$\KB942615\SP2QFE\mshtml.dll [-] 2007-10-30 . 1B0CD3D5B664C7786698FBB8C381A4D3 . 3086848 . . [6.00.2900.3243] . . c:\windows\$NtUninstallKB956390$\mshtml.dll [-] 2007-08-13 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\mshtml.dll [-] 2004-08-19 . 7CA9E0D2C4DCA6B710FD57F40E597337 . 3003392 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615_0$\mshtml.dll [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll [-] 2008-06-20 . 58AF8498C62E1E1DAB5AE59C6E08C180 . 247808 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll [-] 2008-06-20 . C759B3790D3BA760C52E218EF4886DAC . 247808 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll [-] 2008-06-20 . 8A52DE10680A40ECD04FA2C0FBC34190 . 247808 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll [-] 2008-06-20 . 4138FBDEDBC6FEAD215BB4C4B102F7DE . 247808 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll [-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll [-] 2008-04-14 . 196CCC3FDD21665DCAA9F83FFC03B41A . 247808 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll [-] 2004-08-19 . 6FA2DDF70DC9B762EBF8920F89B6BEA3 . 247808 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netlogon.dll [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll [-] 2008-04-14 . 04821179C3171554C1BD1F9888A113E2 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll [-] 2004-08-19 . D4CFAC76926C24E32B7F25A35C31BC6E . 407040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netlogon.dll [-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll [-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll [-] 2008-04-14 . BE0CB143FA427D93440DED18DB8C918B . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll [-] 2005-08-22 . 0D55724D88488BBFC53BC2EA219240F3 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll [-] 2005-08-22 . 31748843AD5811351B115CC52CEA8D77 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll [-] 2004-08-19 . 237F77C91B70469E3AF9F7FD0A524954 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll [-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe [-] 2009-02-10 . BEF458B8424553279E95E250D1E0CE7E . 2191232 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\ntoskrnl.exe [-] 2009-02-09 . 4183ED119200F8520F5E834498AFB927 . 2182528 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\ntoskrnl.exe [-] 2009-02-09 . B55AA66BC9269BC5257B915FFDAA790B . 2188160 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\ntoskrnl.exe [-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\ntoskrnl.exe [-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\system32\ntoskrnl.exe [-] 2009-02-09 . AB896577F35CF5FED7A9F87D3C3205ED . 2191104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntoskrnl.exe [-] 2008-08-14 . D79210549BBF09B7638E860440504299 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe [-] 2008-08-14 . 449566D74B5C261A3A54AA216F0C532B . 2182400 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2008-08-14 . C6649255E51F145B6E15C505AB68E459 . 2188032 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntoskrnl.exe [-] 2008-08-14 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe [-] 2008-08-14 . C8D4D5974F9671DA0A37175650912960 . 2191232 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe [-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntoskrnl.exe [-] 2008-04-14 . 099D639DA1EF6968D4E41795BB507E6B . 2191104 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2007-02-28 . 8E244108562E0E452EB68DFF64CB08A9 . 2184192 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe [-] 2007-02-28 . 7D6D19AAC51A4325F6039F083C22303C . 2182400 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntoskrnl.exe [-] 2005-03-02 . 3E2A0A4A0C0B19FC113618A9562A3B2A . 2181632 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 . 63729DD0F2AAE36CC52B89C05505146C . 2181376 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntoskrnl.exe [-] 2004-08-19 . 7D38CE4398E6AA6339B4644FEADCC0D8 . 2183040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll [-] 2008-04-14 . 9F2C862E39BF8E8FC51C3F6A6BCEB415 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll [-] 2004-08-19 . 29D5E58FB089C41898A81BD4C8970F22 . 17408 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll [-] 2008-04-14 . BAA0B6E647C1AD593E9BAE5CC31BCFFB . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll [-] 2004-08-19 . 659F7B6C502051BFA37910614B225548 . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll [-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll [-] 2009-02-09 . F83B964469D230F445613C44DF9FE25D . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\rpcss.dll [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\rpcss.dll [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll [-] 2009-02-09 . 0203B1AAD358F206CB0A3C1F93CCE17A . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll [-] 2009-02-09 . 5620353B93DD08016674E4FEE280190B . 399360 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\rpcss.dll [-] 2009-02-09 . BA1EF616F55210820F6462D033088497 . 401408 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\rpcss.dll [-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll [-] 2008-04-14 . 3D65EB82E1FA6DB15A33E024C9E03CAB . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 . CB7D37602638369A516757E994CBB31D . 397824 . . [5.1.2600.2726] . . c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2005-07-26 . B38D431ACE730452CD1FEE4FB7ECD6E2 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-04-28 . FD292BFE003558F4C39AA3D44F420AC7 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll [-] 2005-04-28 . D0F724BDF4A0647F1A52985FD629EFCE . 395776 . . [5.1.2600.2665] . . c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2004-08-19 . C6FE0B727A5D13419D480150631ADC09 . 395776 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB894391$\rpcss.dll [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\scecli.dll [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll [-] 2008-04-14 . 973B36634C544948C663E8269AA1B3A3 . 187392 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll [-] 2004-08-19 . 58D439F6EF73A2D9288B204E819F4BBD . 186368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\scecli.dll [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\services.exe [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\services.exe [-] 2009-02-09 . C3FB1D70CB88722267949694BA51759E . 111104 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe [-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe [-] 2009-02-09 . 62789101F9C2401ED598AA2CDE7450C0 . 111104 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\services.exe [-] 2009-02-09 . 9D6BF82FE50D55F20F8E10E0F6653886 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\services.exe [-] 2009-02-09 . 51A24094F076961A7FF73E5F7E991D68 . 111104 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\services.exe [-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe [-] 2008-04-14 . 54CB50058851D95E56EC70D09F70857F . 109056 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-19 . 63DCDE1A0D86EEB8924D6738FF616EAD . 108544 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfc.dll [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll [-] 2008-04-14 . 9A4E7ECBB5B7FB86F3B926AB039F4FEC . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll [-] 2004-08-19 . BB695F18354B38CFF693E67EE7A30C22 . 5120 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2008-04-14 . 460E4CE148BD07218DA0B6A3D31885A9 . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2008-04-14 . 4AEA0B1114BFB27379C1DAFDD59FA50C . 58880 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe [-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-19 . DF9FC62AD51CB082B0AE371919A232CB . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2008-04-14 . E4BDF223CD75478BF44567B4D5C2634D . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe [-] 2004-08-19 . 2979B03D5382A602623C0535B16AB9C0 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll [-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll [-] 2008-04-14 . 8E5231171AD6595FF002E848CC54FCD7 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll [-] 2005-07-08 . C9FA05D271A0066764FE75BE38E24D69 . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll [-] 2005-07-08 . 720DA0C9DB8996AD9B7F5164B2242DAA . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll [-] 2004-08-19 . 5CC2A233DAC03CAF99D20B87598675CD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll [-] 2008-04-14 . E853F84D3CE2FAA2A802E33CF89AC023 . 579584 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll [-] 2007-03-08 . 4D88AAF39ADABFE45958EA1384E2C4FF . 579072 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll [-] 2005-03-02 . C34920EB988CE98910BD6B0417F334EB . 578048 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 . 0DF75FB73F705B011630159A43D7C354 . 578048 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll [-] 2004-08-19 . 61C8C283AD063BB697AE61A155C64A5A . 578048 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\userinit.exe [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe [-] 2008-04-14 . E74DDB12188C2FF57A78624DBF7332FC . 26624 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe [-] 2004-08-19 . 84717891F0734C611721F56C60B5FBC3 . 25088 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2009-07-03 . B0249F1B9F68E55CB7D2656339D13323 . 915456 . . [8.00.6001.22896] . . c:\windows\$hf_mig$\KB972260-IE8\SP3QFE\wininet.dll [-] 2009-07-03 . 995E2754D7FB0203A45351A1376836ED . 915456 . . [8.00.6001.18806] . . c:\windows\system32\wininet.dll [-] 2009-07-03 . 995E2754D7FB0203A45351A1376836ED . 915456 . . [8.00.6001.18806] . . c:\windows\system32\dllcache\wininet.dll [-] 2009-05-13 . 722E8ABB39238BAD1B1E13D97C49DB4D . 915456 . . [8.00.6001.22873] . . c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [-] 2009-05-13 . FEADC209186574B0471D694FF5634F70 . 915456 . . [8.00.6001.18783] . . c:\windows\ie8updates\KB972260-IE8\wininet.dll [-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB969897-IE8\wininet.dll [-] 2009-03-03 . 39F71B559A97ED722F939A0EA7235323 . 828416 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [-] 2009-03-03 . 68A2567FDD62AE7E31D8A885C5173EF9 . 826368 . . [7.00.6000.16827] . . c:\windows\ie8\wininet.dll [-] 2008-12-20 . 4E192082A5FCE9EF19198A24CDEA3442 . 827904 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll [-] 2008-12-20 . 0551C946E305CEE0A79BA744DC141BFC . 826368 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2008-10-16 . CFBFA47415E85018E2CDC509E5E3D011 . 826368 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\wininet.dll [-] 2008-10-16 . 37D1A1BFE3D9904F2C3D11592456F9C0 . 827904 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . 4B0E70D44297877A313045BD059770E1 . 827904 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll [-] 2008-08-26 . 4B0E70D44297877A313045BD059770E1 . 827904 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2QFE\wininet.dll [-] 2008-08-26 . E30CACD98479B36A3DBFA3267BF62DD0 . 826368 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\wininet.dll [-] 2008-08-26 . E30CACD98479B36A3DBFA3267BF62DD0 . 826368 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\a37a907ce729d9b027006f974e62dcad\SP2GDR\wininet.dll [-] 2008-08-20 . AEF39AC3BCBAFE971155D0073191B5A6 . 671744 . . [6.00.2900.3429] . . c:\windows\ie7\wininet.dll [-] 2008-08-20 . 50D19E569C83A9C1AE7EFAEF6A93BC50 . 670208 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll [-] 2008-08-20 . 96D50ACA60DA22ADBD253F2825C98D1A . 670720 . . [6.00.2900.5659] . . c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll [-] 2008-06-23 . AC0BD61DC2C64906FBFE50E005FEFA2C . 826368 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\wininet.dll [-] 2008-06-23 . AC0BD61DC2C64906FBFE50E005FEFA2C . 826368 . . [7.00.6000.16705] . . c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2GDR\wininet.dll [-] 2008-06-23 . 52589BAE67DD9859724287372668690B . 827904 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll [-] 2008-06-23 . 52589BAE67DD9859724287372668690B . 827904 . . [7.00.6000.20861] . . c:\windows\SoftwareDistribution\Download\848074f054596c97d2468deeb41d6ba1\SP2QFE\wininet.dll [-] 2008-04-23 . 78D3D2B0BE6AD3E6D82CCB115CF74310 . 827392 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll [-] 2008-04-14 . 4A6E04EA20F48D750D9BFED8600D516B . 670208 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll [-] 2008-03-01 . 8E027981DDFFA690D456FE18B37415A0 . 826368 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\wininet.dll [-] 2008-03-01 . 5A0093F59B505C008ED0CEE615563C72 . 827392 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll [-] 2007-12-07 . F4FD487241D3AC291046A22CEBD2CF71 . 825344 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll [-] 2007-10-11 . D2FD027E5D3AF96DEE6C5CC225079DF0 . 663552 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB942615$\wininet.dll [-] 2007-10-11 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231] . . c:\windows\$hf_mig$\KB942615\SP2QFE\wininet.dll [-] 2007-10-11 . 0465CDE31ADD22F6233FFB4FE4AF01CF . 670208 . . [6.00.2900.3231] . . c:\windows\$NtUninstallKB956390$\wininet.dll [-] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . c:\windows\ie7updates\KB944533-IE7\wininet.dll [-] 2007-10-10 . BC5119C53BDD48DABC628D448A3BDCCB . 824832 . . [7.00.6000.16574] . . c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2GDR\wininet.dll [-] 2007-10-10 . 871AE10D6AE8877E9636AE5017953D52 . 825344 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll [-] 2007-10-10 . 871AE10D6AE8877E9636AE5017953D52 . 825344 . . [7.00.6000.20696] . . c:\windows\SoftwareDistribution\Download\3da5fb25f9bca1c53dde30405d5bbc6e\SP2QFE\wininet.dll [-] 2007-08-13 . A4A0FC92358F39538A6494C42EF99FE9 . 818688 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\wininet.dll [-] 2004-08-19 . 4E958B97EFC3D801F49283D1820F48B7 . 660480 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB942615_0$\wininet.dll [-] 2008-04-14 . DD73D6B9F6B4CB630CF35B438B540174 . 512000 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2008-04-14 . BD672FF0368E41EF5A64344445C13EF6 . 516096 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe [-] 2004-08-19 . 123EEA158F74D0F67A51DCDF065D1091 . 506368 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll [-] 2008-04-14 . FB836F9E62D82904C983AD21296A5D9C . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll [-] 2004-08-19 . EED74B969B2CA1ACC558FF60FB420E28 . 82944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\explorer.exe [-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe [-] 2008-04-14 . F2317622D29F9FF0F88AEECD5F60F0DD . 1037824 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe [-] 2007-06-13 . D0288319660EDCFED07C7E74C4EA38A5 . 1037312 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2007-06-13 . B795475444D6D57A572C14B9E1A29839 . 1037312 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe [-] 2004-08-19 . 2A7BD330924252A2FD80344FC949BB72 . 1036288 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\srsvc.dll [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll [-] 2008-04-14 . 6ED29124A1C83BD0CF6B26BD01CA6F6F . 171520 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll [-] 2004-08-19 . CE978404558CE2D82896AC2032F06DBF . 171008 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\srsvc.dll [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe [-] 2008-04-14 . 02DA31AB433A6C1110A736C85701DECA . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2004-08-19 . 8558905BA81F6EFAAF9667139BB117DD . 13824 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\wscntfy.exe [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll [-] 2008-04-14 . F92A87FDDA0C11C8604FBC2B864FA726 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll [-] 2004-08-19 . 912591E2055E26566D1CB54092A7E8B0 . 129536 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\xmlprov.dll [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll [-] 2008-04-14 . 4EC800BDF80521B0207BD2301DFC7D14 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll [-] 2004-08-19 . 49B1376885340BF9EA0D99F71557B59A . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll [-] 2008-04-14 . E17C85D5B5CF477638433B851A98499E . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll [-] 2004-08-19 . 6D8F3AC555E3F8A569AA9B2A817698C1 . 1548288 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe [-] 2008-04-14 . 59DC5BB82E4C8E0B3EADCFDBC44BA6E4 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe [-] 2004-08-19 . 64E41E8FEE655B03E3F19DED21BA5118 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regsvc.dll [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll [-] 2008-04-14 . E598D81197E2E0EC42A0C55772BB00E8 . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll [-] 2004-08-19 . B6F76CE10953A141545A0D01F1776885 . 59904 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regsvc.dll [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\schedsvc.dll [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll [-] 2008-04-14 . 55F5C5C1BE1A78E285033E432BA01597 . 194560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll [-] 2004-08-19 . A65E74CC5831CED5762AA16033ED20EE . 193024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll [-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll [-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\shsvcs.dll [-] 2008-04-14 . B9F20D71E5B6CE89A7A94B38351FDBDC . 135680 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\shsvcs.dll [-] 2006-12-19 . D7DFBD1EFA149EC158363B974DAE0C6B . 135168 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll [-] 2006-12-19 . 1839CDF416A5AA8BF2EFE377F57452CC . 135680 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll [-] 2004-08-19 . ABA25E49F6589FD73F1143FDC39A6B46 . 135168 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll [-] 2008-04-14 . EA9E0DB8684CEF2FD3BADD671DF5A112 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll [-] 2004-08-19 . DCB185C829538971E47AFFE77BA138C3 . 71680 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll [-] 2008-04-14 . 710BC85A8C22626EE094439E3EA0D38C . 297984 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll [-] 2004-08-19 . 78F90C3E230AD122BCB116ABAD5FEFE9 . 297984 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\appmgmts.dll [-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll [-] 2008-04-14 . F36C9F78FC902C8DCE4D3B576BB0435A . 176640 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\appmgmts.dll [-] 2004-08-19 . 7E9D138DC991BCCE6E6026CD74E69CC4 . 176640 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\appmgmts.dll [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys [-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys [-] 2001-08-28 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys [-] 2001-08-28 . E4ABC1212B70BB03D35E60681C447210 . 12032 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys [-] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys [-] 2006-02-15 00:30 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys [-] 2006-02-15 00:22 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys [-] 2004-08-03 22:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtUninstallKB900485$\aec.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ip6fw.sys [-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll [-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\mfc40u.dll [-] 2008-04-14 02:33 . CE21FE79AD3B913A79E0C742BED6BF85 . 927504 . . [4.1.0.61] . . c:\windows\system32\dllcache\mfc40u.dll [-] 2006-11-01 19:18 . FCD58951B3B2392007E0EE34D2CF944F . 927504 . . [4.1.0.61] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll [-] 2001-08-28 12:00 . E1A34560BF6CE7C703BB67EC4FA70F43 . 924432 . . [4.1.6140] . . c:\windows\$NtUninstallKB924667$\mfc40u.dll [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll [-] 2008-04-14 . E67A66A3781C1A483F0F8992664CBE0D . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll [-] 2004-08-19 . DE71362123E81D268088E78543752576 . 33792 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-08-19 20:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll [-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3GDR\ntkrnlpa.exe [-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\system32\ntkrnlpa.exe [-] 2009-02-10 . F751E041E682F53EAF34F7FAEA78994D . 2068096 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\ntkrnlpa.exe [-] 2009-02-09 . 663D7167ED065786EC9DCFF2569A39F7 . 2059776 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2GDR\ntkrnlpa.exe [-] 2009-02-09 . 0150FE5C1E07F8AE422FEC6C8E8A0C98 . 2065024 . . [5.1.2600.3520] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP2QFE\ntkrnlpa.exe [-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe [-] 2009-02-09 . ED5E20AE4AC5A63A4FF43FFE704A5153 . 2068224 . . [5.1.2600.5755] . . c:\windows\SoftwareDistribution\Download\284fbcf1e8e0b40c0953d6b85a551eae\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . 755B50949D0DBC0F0136B0DB58765331 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe [-] 2008-08-14 . F9720D61DF1E3E47614C4FC891F3FE44 . 2059776 . . [5.1.2600.3427] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2008-08-14 . DCBC1A6D150B5EE1BD6257186157B0F3 . 2065024 . . [5.1.2600.3427] . . c:\windows\$hf_mig$\KB956841\SP2QFE\ntkrnlpa.exe [-] 2008-08-14 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe [-] 2008-08-14 . 8DA71F1900721E1E4FCB5B02D55FB771 . 2068096 . . [5.1.2600.5657] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe [-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956841$\ntkrnlpa.exe [-] 2008-04-14 . B71A8F101CEFAF82FC5EC16130A54A3F . 2067968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2007-02-28 . 7A56A64EB50399613587E90292DD2AAB . 2061440 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe [-] 2007-02-28 . A1D5231403329478AE4FE2778C55C77F . 2059648 . . [5.1.2600.3093] . . c:\windows\$NtUninstallKB956841_0$\ntkrnlpa.exe [-] 2005-03-02 . 5311776074B6C13F983DC75BAEAC9C0C . 2059008 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 . 73FA9C95D235844A36968C7852C7DBDD . 2058880 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe [-] 2004-08-19 . F252FAE094C54572ECE38A039F2103C4 . 2058880 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll [-] 2008-04-14 02:33 . 037D92B3A7853A183FCAB77FB1D13D6C . 438272 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll [-] 2004-08-19 20:09 . 951543FFB84012D13F4CB09DA2EACE96 . 438272 . . [5.1.2400.2180] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll [-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\upnphost.dll [-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll [-] 2008-04-14 . BD8166A495B02308F364B36249475F22 . 186368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll [-] 2007-02-05 . 385DB2591BF11955F26E0A97728B1B31 . 185344 . . [5.1.2600.3077] . . c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll [-] 2007-02-05 . 96B3C690ED82E36E04C130F916E3AE91 . 185344 . . [5.1.2600.3077] . . c:\windows\$NtServicePackUninstall$\upnphost.dll [-] 2004-08-19 . 0B6A726C2DE9BBB80A48459F0C318F44 . 185344 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB931261$\upnphost.dll c:\windows\system32\svchost.exe ... manque !! . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{DC7A75BF-581D-4675-BDCB-D1B35116EB49}"= "d:\program files\La barre d'outils AIR MILES\Toolbar.dll" [2009-03-30 1265664] [HKEY_CLASSES_ROOT\clsid\{dc7a75bf-581d-4675-bdcb-d1b35116eb49}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{2BA36896-D5E2-425B-85E8-F664D1EA6896}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{DC7A75BF-581D-4675-BDCB-D1B35116EB49}"= "d:\program files\La barre d'outils AIR MILES\Toolbar.dll" [2009-03-30 1265664] [HKEY_CLASSES_ROOT\clsid\{dc7a75bf-581d-4675-bdcb-d1b35116eb49}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{2BA36896-D5E2-425B-85E8-F664D1EA6896}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-19 247144] "WeatherEye"="d:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nmctxth"="c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "nmapp"="c:\program files\Network Magic\nmapp.exe" [2009-02-03 451896] "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214] "Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf d:\program files\iolo\System Mechanic 4 [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WordQCRS.lnk] backup=c:\windows\pss\WordQCRS.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Famille Kelly Begin^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk] backup=c:\windows\pss\Outil de notification Live Search.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fix-It AV HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "WSearch"=2 (0x2) "OAcat"=2 (0x2) "idsvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\mIRC\\mirc.exe"= "d:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Famille Kelly Begin\\Bureau\\Le Bureau\\B- Raccourcis du Bureau\\P2P\\utorrent_343_utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service "23321:TCP"= 23321:TCP:uTorrent R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2008-02-03 19478] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2008-02-03 635012] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2008-02-03 431236] R2 AntiVirSchedulerService;Avira AntiVir Planificateur;d:\program files\Avira\AntiVir Desktop\sched.exe [2009-09-13 108289] R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-02-08 3584] R2 LF30FS;LF30FS;d:\program files\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-19 92008] R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2009-08-18 152576] S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?] S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe --> c:\program files\iolo\common\lib\ioloServiceManager.exe [?] S2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-06-21 12672] S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2008-01-27 11935] S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-06-17 12648] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contenu du dossier 'Tâches planifiées' 2009-09-15 c:\windows\Tasks\GlaryInitialize.job - d:\program files\Glary Utilities\initialize.exe [2009-09-04 20:09] 2009-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1614895754-1801674531-1003Core.job - c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-05 02:20] 2009-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1614895754-1801674531-1003UA.job - c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-05 02:20] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.evolutionsynchro.123.fr/ mWindow Title = uInternet Connection Wizard,ShellNext = iexplore IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: live.com\maps TCP: {B0F2AB3A-D1E7-478C-88C0-07ADF9334145} = 64.18.160.73,64.18.160.74 Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll FF - ProfilePath - c:\documents and settings\Famille Kelly Begin\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.evolutionsynchro.123.fr/|http://www.google.ca/| FF - plugin: c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file) MSConfigStartUp-Gestionnaire Antidote - (no file) AddRemove-CanoCraft CS-P 3.7 - c:\windows\IsUn040c.exe -fd:\program files\canon\Uninst.isu AddRemove-Canon ScanGear Toolbox CS - c:\windows\IsUn040c.exe -fd:\program files\canon\scanner\Uninst.isu ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-15 20:19 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,95,93,14,49,7d,ed,42,9a,5a,7b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,95,93,14,49,7d,ed,42,9a,5a,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,e5,8b,83,c6,cc, 39,30,f7,c8,28,51,af,b0,29,a3,98,e6,cf,6b,13,df,bd,3e,9b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,8f,6f,f4,69, d2,0e,2f,71,3b,04,66,8b,46,0d,96,cc,d8,e6,f9,aa,e7,0d,3c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,b2,f8,ad,e8,dd, 82,f1,3b,25,da,ec,7e,55,20,c9,26,e4,1b,f7,c1,ac,ae,96,fd,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,d9,c3,39,0b,79, 63,15,38,3e,1e,9e,e0,57,5a,93,61,88,0c,f1,ca,b0,70,61,29,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5e,cd,c9,2e,05, 63,9f,48,cd,44,cd,b9,a6,33,6c,cd,be,0b,8e,fa,af,17,3d,df,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,da,9a,29,b4,0b, fd,d1,84,b0,18,ed,a7,3f,8d,37,a4,a7,a1,3c,bd,e7,ba,d4,b3,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,9f,af,e3,43,d9, dd,9d,b7,31,77,e1,ba,b1,f8,68,02,71,48,9a,36,6c,59,3a,23,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,71,52,de,ad,21, 65,da,26,83,6c,56,8b,a0,85,96,ab,1e,28,26,a0,60,aa,0e,6f,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,08,d2,47,51,6f, 57,16,bc,51,fa,6e,91,28,9e,14,cc,a8,b8,09,85,e6,b4,d9,2f,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,2f,b1,15,be,b3, 68,16,56,b1,cd,45,5a,a8,c4,f8,b9,bc,1c,2c,35,49,ba,37,44,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2b,eb,f8,86,0f, 48,34,f5,e3,0e,66,d5,eb,bc,2f,6b,9d,31,91,62,57,16,41,61,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f6,b0,be,c3,14, 4e,e6,16,fa,ea,66,7f,d4,3b,6b,70,7e,10,6d,13,5e,27,a7,5d,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Heure de fin: 2009-09-16 20:28 ComboFix-quarantined-files.txt 2009-09-16 00:28 Avant-CF: 3 051 974 656 octets libres Après-CF: 3 162 312 704 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptOut 718 --- E O F --- 2009-09-13 20:37 Merci, à+ Speck41
  5. speck41
    Re, lorsque j'utilise l'outil TFC, l'ordinateur redémarre aussitot et il n'a pas le temps d'agir. Je fais un combofix et te reviens avec le résultat Speck41
  6. speck41
    Voici les logs demandés: ------------------------------------------------------- Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2803 Windows 5.1.2600 Service Pack 3 2009-09-15 09:21:18 mbam-log-2009-09-15 (09-21-18).txt Type de recherche: Examen rapide Eléments examinés: 105431 Temps écoulé: 11 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ------------------------------------------------------ Avira AntiVir Personal Date de création du fichier de rapport : 15 septembre 2009 12:00 La recherche porte sur 1710547 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows XP Version de Windows : (Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : ORDISALON Informations de version : BUILD.DAT : 9.0.0.67 17958 Bytes 04/08/2009 14:47:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 18:35:43 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 15:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 16:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 15:21:31 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 14:21:42 ANTIVIR2.VDF : 7.1.5.201 3414528 Bytes 03/09/2009 00:47:03 ANTIVIR3.VDF : 7.1.5.242 394240 Bytes 14/09/2009 01:04:22 Version du moteur : 8.2.1.14 AEVDF.DLL : 8.1.1.1 106868 Bytes 28/07/2009 18:17:15 AESCRIPT.DLL : 8.1.2.31 475513 Bytes 14/09/2009 00:47:12 AESCN.DLL : 8.1.2.5 127346 Bytes 14/09/2009 00:47:11 AERDL.DLL : 8.1.2.4 430452 Bytes 23/07/2009 14:59:39 AEPACK.DLL : 8.1.3.18 401783 Bytes 28/07/2009 18:17:14 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 14:59:39 AEHEUR.DLL : 8.1.0.155 1921400 Bytes 14/09/2009 00:47:11 AEHELP.DLL : 8.1.7.0 237940 Bytes 14/09/2009 00:47:08 AEGEN.DLL : 8.1.1.62 364916 Bytes 14/09/2009 00:47:07 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 19:32:40 AECORE.DLL : 8.1.7.8 184692 Bytes 14/09/2009 00:47:06 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 19:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:30 AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 16:39:26 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 19:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 20:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 20:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 15:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 13:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 20:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 17/06/2009 18:44:26 RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 15:07:05 Configuration pour la recherche actuelle : Nom de la tâche...............................: Disques durs locaux Fichier de configuration......................: D:\Program Files\Avira\AntiVir Desktop\alldiscs.avp Documentation.................................: bas Action principale.............................: réparer Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: arrêt Contrôle d'intégrité de fichiers système......: arrêt Fichier mode de recherche.....................: Sélection de fichiers intelligente Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Début de la recherche : 15 septembre 2009 12:00 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'msimn.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'cidaemon.exe' - '1' module(s) sont contrôlés Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'WeatherEye.exe' - '1' module(s) sont contrôlés Processus de recherche 'TomTomHOMERunner.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVComS.exe' - '1' module(s) sont contrôlés Processus de recherche 'nmapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'nmctxth.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'WLIDSVCM.EXE' - '1' module(s) sont contrôlés Processus de recherche 'nmsrvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'WLIDSVC.EXE' - '1' module(s) sont contrôlés Processus de recherche 'WebUpdateSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'TomTomHOMEService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés Processus de recherche 'dllhost.exe' - '1' module(s) sont contrôlés Processus de recherche 'cisvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'InCDsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\System32\svchost.exe' Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\svchost.exe' Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\lsass.exe' Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Module infecté -> 'C:\WINDOWS\system32\winlogon.exe' Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '36' processus ont été contrôlés avec '36' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '49' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\System Volume Information\_restore{C433D082-BE27-4588-ACC1-2E2A356EC200}\RP4\A0000090.dll [RESULTAT] Contient le cheval de Troie TR/Trash.Gen [REMARQUE] Une copie de sécurité a été créée sous le nom 4adfc21b.qua ( QUARANTAINE ) [AVERTISSEMENT] Fichier ignoré. C:\System Volume Information\_restore{C433D082-BE27-4588-ACC1-2E2A356EC200}\RP5\A0000113.dll [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [REMARQUE] Une copie de sécurité a été créée sous le nom 4adfc21e.qua ( QUARANTAINE ) [AVERTISSEMENT] Fichier ignoré. C:\WINDOWS\system32\lsass.exe [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [REMARQUE] Une copie de sécurité a été créée sous le nom 4b10c8b5.qua ( QUARANTAINE ) [AVERTISSEMENT] Fichier ignoré. C:\WINDOWS\system32\svchost.exe [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [REMARQUE] Une copie de sécurité a été créée sous le nom 4b12c8f5.qua ( QUARANTAINE ) [AVERTISSEMENT] Fichier ignoré. C:\WINDOWS\system32\winlogon.exe [RESULTAT] Contient le cheval de Troie TR/Patched.Gen [REMARQUE] Une copie de sécurité a été créée sous le nom 4b1dc8f5.qua ( QUARANTAINE ) [AVERTISSEMENT] Fichier ignoré. Recherche débutant dans 'D:\' D:\Sauvegarde Temp Dossiers\EXE\cluster 1001109.EXE [0] Type d'archive: NSIS --> /goodchroma.jpg [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1001893.EXE [0] Type d'archive: NSIS --> /goodchroma.jpg [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1005714.EXE [0] Type d'archive: NSIS --> Normal/alnav_arrowsbg.bmp [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1006447.EXE [0] Type d'archive: NSIS --> Normal/alnav_arrowsbg.bmp [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1007180.EXE [0] Type d'archive: NSIS --> Normal/alnav_arrowsbg.bmp [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1008641.EXE [0] Type d'archive: NSIS --> ProgramFilesDir/[PluginsDir]/LangDLL.dll [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1010071.EXE [0] Type d'archive: NSIS --> /histogram_modestereo.gif [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1010764.EXE [0] Type d'archive: NSIS --> /histogram_modestereo.gif [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1017325.EXE [0] Type d'archive: NSIS --> [ProgramFilesDir]/Visicom Media/FTP Expert 3/license.txt [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1028854.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1029280.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1029706.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1030132.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1030558.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1030984.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1031410.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1318368.EXE [0] Type d'archive: NSIS --> /goodchroma.jpg [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1319892.EXE [0] Type d'archive: NSIS --> Normal/alnav_arrowsbg.bmp [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1320625.EXE [0] Type d'archive: NSIS --> Normal/alnav_arrowsbg.bmp [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 1327046.EXE [0] Type d'archive: NSIS --> Settings/QuickList.exe [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 2845944.EXE [0] Type d'archive: CAB SFX (self extracting) --> \@promt Professional 7 readme.txt [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 28552.EXE [0] Type d'archive: NSIS --> ProgramFilesDir/libaccess_output_udp_plugin.dll [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 2978547.EXE [0] Type d'archive: CAB SFX (self extracting) --> \kis.en.msi [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 3068547.EXE [0] Type d'archive: NSIS --> ProgramFilesDir/[installDir]/Resources/Devices/PA.jar [AVERTISSEMENT] Impossible d'écrire le fichier ! [AVERTISSEMENT] Impossible d'écrire le fichier ! D:\Sauvegarde Temp Dossiers\EXE\cluster 33880.EXE [0] Type d'archive: NSIS --> [PluginsDir]/modern-wizard.bmp [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. D:\Sauvegarde Temp Dossiers\EXE\cluster 413940.EXE [0] Type d'archive: CAB SFX (self extracting) --> \0x0407.ini [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. [AVERTISSEMENT] Aucun autre fichier n'a pu être décompressé de cette archive. L'archive est refermée. Fin de la recherche : 15 septembre 2009 14:45 Temps nécessaire: 2:45:04 Heure(s) La recherche a été effectuée intégralement 9500 Les répertoires ont été contrôlés 369841 Des fichiers ont été contrôlés 14 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 5 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 369826 Fichiers non infectés 3797 Les archives ont été contrôlées 58 Avertissements 6 Consignes ----------------------------------------------------------------------- Merci Speck41 Au fait, passé un bel été ? Ici à Québec (Canada) l'automne arrive depuis une semaine......... wash
  7. speck41
    Bonjour Apollo, j'avais désinstallé antivir avant de faire le scan HijackThis en mode sans échec et l'ai réinstallé ensuite. Je fais ce que tu me demande et l'ajouterai tout de suite après. Merci Speck41 ---------------------------------------- Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2803 Windows 5.1.2600 Service Pack 3 2009-09-15 09:21:18 mbam-log-2009-09-15 (09-21-18).txt Type de recherche: Examen rapide Eléments examinés: 105431 Temps écoulé: 11 minute(s), 18 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ------------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:00:00, on 2009-09-15 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Nero\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\WebUpdateSvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Network Magic\nmapp.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\TomTom HOME 2\xulrunner\TomTomHOMERuntime.exe D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evolutionsynchro.123.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: La barre d'outils AIR MILES - {DC7A75BF-581D-4675-BDCB-D1B35116EB49} - D:\Program Files\La barre d'outils AIR MILES\Toolbar.dll O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\RunOnce: [uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\DOCUME~1\FAMILL~1\LOCALS~1\Temp\nos_uninstall_Adobe.dll",Uninstall /Get1noarp O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WeatherEye] D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O15 - Trusted Zone: http://maps.live.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F2AB3A-D1E7-478C-88C0-07ADF9334145}: NameServer = 64.18.160.73,64.18.160.74 O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - (no file) O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Nero\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe (file missing) O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe -- End of file - 7784 bytes ----------------------------------------------------------------- j'ajoute un lien vers un print screen de la quarantaine de Malwarebytes: http://moe.mabul.org/up/moe/2009/09/15/img...207wrg.jpg.html --------------------------------------------------------------------- Merci, je reviens voir la suite, Speck41
  8. speck41
    Depuis hier, Antivir a intercepté TR/Patched.gen 306 fois et les a placé dans la quarantaine, mais, au redémarrage le manège recommence. Speck41
  9. speck41
    Je sollicite vraiment votre aide svp Speck41
  10. speck41
    De l'aide serait très apprécié, merci Speck41
  11. speck41
    J'ai fais la procédure de pré désinfection et utilisé HijackThis afin de créer un log que je post ici pour votre analyse. Merci à l'avance pour vos précieux conseils. Daniel Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:18:36, on 2009-09-13 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Nero\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\WebUpdateSvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evolutionsynchro.123.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: La barre d'outils AIR MILES - {DC7A75BF-581D-4675-BDCB-D1B35116EB49} - D:\Program Files\La barre d'outils AIR MILES\Toolbar.dll O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WeatherEye] D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O15 - Trusted Zone: http://maps.live.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B0F2AB3A-D1E7-478C-88C0-07ADF9334145}: NameServer = 64.18.160.73,64.18.160.74 O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - (no file) O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Nero\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe -- End of file - 7013 bytes Print Screen: http://www.megaupload.com/?d=6PYDSKP6
  12. speck41
    Re-bonjour à Falkra et à votre équipe. Je voudrais porter une observation à votre attention. Suite à la réponse que j'ai eu le mardi 14 juillet 2009 à 10h16, j'ai appliqué les conseils recommandés, particulièrement: "Un "vrai" pare-feu est une nécessité, et je n'en vois pas ici, en dehors du pare-feu (basique de l'OS), je te conseille Online Armor free, qui est disponible en français, plutôt facile à prendre en main, et efficace." Il fonctionnais vraiment bien, mais, à partir de ce moment, mon ordinateur redémarrait sans aucun avertissement, tout simplement au moment ou je cliquais sur un bouton sur une quelconque page web. Je doutais un problème avec la mémoire de ma vieille machine..... alors, je l'ai remplacée avec une autre barrette empruntée. Même problème.... J'ai alors tenté autre chose, soit désinstaller Online Armor free pour tester au pire j'ai juste à le ré-installer. Et bien à partir de ce moment tout est parfait plus aucun redémarrage depuis plusieurs jours alors que les redémarrages se produisaient plusieurs fois par jours. Merci de l'aide que vous m'avez procurés. Je voulais simplement vous partager cette expérience. Speck41
  13. speck41
    Tout simplement, Merci beaucoup. Speck41
  14. speck41
    Bonjour Falkra, effectivement tout semble mieux aller. Même Malwarebytes' Anti-Malware fonctionne no 1. Le problème que j'avais au départ ( des fenêtres internet explorer qui s'ouvraient lorsque l'ordi était en veille automatique ) semble être résolu. Je continus à faire mes entretiens habituels, ATF-Cleaner quelques fois par semaine, Malwarebytes' Anti-Malware 1 fois par semaine et un défragmanteur 1 fois par mois. Si tu as d'autres sugestions ne te gêne surtout pas. Merci, des experts comme vous..... on en a besoin. Speck41
  15. speck41
    Bonjour, j'ai fais ce que tu demandais et refais un scan que je te post ici. D'autres choses à faire ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:02:09, on 2009-07-14 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Nero\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\WebUpdateSvc.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Network Magic\nmapp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\TomTom HOME 2\HOMERunner.exe D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe C:\WINDOWS\explorer.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evolutionsynchro.123.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: FCTBPos00Pos - {76A20DB7-AAD4-4EFD-AE21-57811E5E49E4} - D:\Program Files\La barre d'outils AIR MILES\Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: La barre d'outils AIR MILES - {DC7A75BF-581D-4675-BDCB-D1B35116EB49} - D:\Program Files\La barre d'outils AIR MILES\Toolbar.dll O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WeatherEye] D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O15 - Trusted Zone: http://maps.live.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - D:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing) O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\FAMILL~1\LOCALS~1\Temp\AVSETUP_4a5a05d9\basic\avupgsvc.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Nero\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - D:\Program Files\Network Magic\WebServer\bin\nmraapache.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing) O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing) -- End of file - 8000 bytes Merci encore Speck41
  16. speck41
    Bonjour, "Tu n'as pas laissé la console de récupération s'installer ! Laisse-la faire au prochain passage si on en fait un." Je ne crois pas avoir rien fais pour l'empêcher de s'installer. Voici le log demandé: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:24, on 2009-07-13 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\Nero\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\WebUpdateSvc.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Network Magic\nmapp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe D:\Program Files\TomTom HOME 2\HOMERunner.exe D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe C:\WINDOWS\explorer.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.evolutionsynchro.123.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: FCTBPos00Pos - {76A20DB7-AAD4-4EFD-AE21-57811E5E49E4} - D:\Program Files\La barre d'outils AIR MILES\Toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: La barre d'outils AIR MILES - {DC7A75BF-581D-4675-BDCB-D1B35116EB49} - D:\Program Files\La barre d'outils AIR MILES\Toolbar.dll O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Network Magic\nmapp.exe" -autorun -nosplash O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [WeatherEye] D:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O15 - Trusted Zone: http://maps.live.com O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: intu-ir2007 - {52BAEC6B-9405-46F9-A131-6D50720A3CC4} - D:\Program Files\ImpotRapide 2007\ic2007pp.dll (file missing) O18 - Protocol: intu-ir2008 - {729D3592-92E7-4CBC-8E44-3C22B3F457B3} - C:\Program Files\ImpotRapide 2008\ic2008pp.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\FAMILL~1\LOCALS~1\Temp\AVSETUP_4a5a05d9\basic\avupgsvc.exe (file missing) O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - D:\Program Files\Nero\InCD\InCDsrv.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - D:\Program Files\Network Magic\WebServer\bin\nmraapache.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\Windows Live\Messenger\usnsvc.exe (file missing) O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe O23 - Service: Windows Search (WSearch) - Unknown owner - C:\WINDOWS\system32\SearchIndexer.exe (file missing) -- End of file - 8055 bytes Merci Speck41
  17. speck41
    Voici le log demandé: ComboFix 09-07-13.01 - Famille Kelly Begin 2009-07-13 17:20.1.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.510.255 [GMT -4:00] Running from: c:\documents and settings\Famille Kelly Begin\Bureau\combofix\pouet.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\19a45fd.msi c:\windows\Installer\896881.msi c:\windows\Installer\89688a.msi c:\windows\Installer\c3a088.msi c:\windows\Installer\c3a08e.msi c:\windows\Installer\c3a094.msi c:\windows\Installer\c3a09a.msi c:\windows\Installer\c3a0a0.msi c:\windows\Installer\c3a0a6.msi c:\windows\Installer\c3a0b3.msi c:\windows\Installer\c3a0b9.msi c:\windows\Installer\c3a0c3.msi c:\windows\Installer\c3a0df.msi c:\windows\Installer\c3a115.msi c:\windows\Installer\c3a11b.msi c:\windows\Installer\c3a121.msi c:\windows\Installer\c3a12d.msi c:\windows\Installer\c3a134.msi c:\windows\Installer\d8d065.msi c:\windows\jestertb.dll c:\windows\system32\_000111_.tmp.dll c:\windows\system32\_000112_.tmp.dll c:\windows\system32\_000113_.tmp.dll c:\windows\system32\_007686_.tmp.dll c:\windows\system32\_007687_.tmp.dll c:\windows\system32\_007688_.tmp.dll c:\windows\system32\_007689_.tmp.dll c:\windows\system32\_007696_.tmp.dll c:\windows\system32\_007697_.tmp.dll c:\windows\system32\_007698_.tmp.dll c:\windows\system32\_007700_.tmp.dll c:\windows\system32\_007701_.tmp.dll c:\windows\system32\_007704_.tmp.dll c:\windows\system32\_007705_.tmp.dll c:\windows\system32\_007707_.tmp.dll c:\windows\system32\_007708_.tmp.dll c:\windows\system32\_007709_.tmp.dll c:\windows\system32\_007711_.tmp.dll c:\windows\system32\_007712_.tmp.dll c:\windows\system32\_007714_.tmp.dll c:\windows\system32\_007715_.tmp.dll c:\windows\system32\_007719_.tmp.dll c:\windows\system32\_007720_.tmp.dll c:\windows\system32\_007722_.tmp.dll c:\windows\system32\_007725_.tmp.dll c:\windows\system32\_007727_.tmp.dll c:\windows\system32\_007728_.tmp.dll c:\windows\system32\_007729_.tmp.dll c:\windows\system32\_007730_.tmp.dll c:\windows\system32\_007733_.tmp.dll c:\windows\system32\_007734_.tmp.dll c:\windows\system32\_007735_.tmp.dll c:\windows\system32\_007736_.tmp.dll c:\windows\system32\_007737_.tmp.dll c:\windows\system32\_007742_.tmp.dll c:\windows\system32\_007744_.tmp.dll c:\windows\system32\drivers\MSIVXdsgvbvmaivemhhifvowwtqhgajplxaij.sys c:\windows\system32\mfc45.dll c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXdkdlnvkmwusdiawfetfyrtmqfamxnbbu.dll c:\windows\system32\MSIVXpdcgypaiaaquoiraromimexugxwjkkah.dll c:\windows\system32\tmp.reg c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSIVXserv.sys -------\Legacy_NPF -------\Legacy_PERFMONS -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-12 16:01 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-07-12 16:01 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-07-12 16:01 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-07-12 16:01 . 2009-07-12 16:01 -------- d-----w- c:\program files\Avira 2009-07-12 16:01 . 2009-07-12 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-07-12 14:59 . 2009-02-11 14:19 15504 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-12 14:59 . 2009-02-11 14:19 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-12 14:20 . 2009-07-12 14:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE 2009-07-12 12:45 . 2009-07-12 12:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-07-12 12:45 . 2009-07-12 12:45 -------- d-----w- c:\program files\AlfaVid 2009-07-08 23:35 . 2009-07-08 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-07-02 00:45 . 2002-12-10 07:20 102439 ----a-w- c:\windows\system32\sipr3260.dll 2009-07-02 00:45 . 2007-03-19 01:37 65602 ----a-w- c:\windows\system32\cook3260.dll 2009-07-02 00:45 . 2006-05-20 21:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2009-07-02 00:45 . 2006-05-12 00:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2009-06-29 23:30 . 2009-06-29 23:30 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Intuit Canada 2009-06-28 18:21 . 2009-06-28 18:21 -------- d-----w- c:\program files\Verbatim 2009-06-27 22:52 . 2009-07-09 00:56 -------- d-----w- c:\program files\Microsoft Works 2009-06-27 22:47 . 2009-06-27 22:47 -------- d-----w- c:\program files\Microsoft.NET 2009-06-27 22:34 . 2009-06-27 22:34 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-06-27 22:31 . 2009-06-27 22:31 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Microsoft Help 2009-06-27 22:31 . 2009-07-09 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-27 22:27 . 2009-06-27 22:27 -------- d--h--r- C:\MSOCache 2009-06-21 13:47 . 2009-03-27 05:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys 2009-06-20 18:59 . 2009-07-02 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk 2009-06-20 17:58 . 2009-07-03 10:39 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Vso 2009-06-20 17:35 . 2009-06-20 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft 2009-06-18 23:37 . 2009-06-18 23:37 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Desktopicon 2009-06-18 22:49 . 2009-06-18 22:49 -------- d-----w- c:\documents and settings\Administrateur\Local Settings\Application Data\Adobe 2009-06-18 22:49 . 2009-06-18 22:49 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 23:51 . 2008-01-27 20:12 77352 ----a-w- c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-02 00:45 . 2008-02-25 14:23 -------- d-----w- c:\program files\vso 2009-07-02 00:44 . 2009-04-23 01:30 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\uTorrent 2009-06-30 14:52 . 2009-05-06 23:30 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Winamp 2009-06-29 15:11 . 2001-08-28 12:00 86074 ----a-w- c:\windows\system32\perfc00C.dat 2009-06-29 15:11 . 2001-08-28 12:00 513046 ----a-w- c:\windows\system32\perfh00C.dat 2009-06-27 22:51 . 2008-02-10 15:38 -------- d-----w- c:\program files\MSBuild 2009-06-12 16:10 . 2009-01-11 14:06 -------- d-----w- c:\program files\Windows Desktop Search 2009-06-02 14:05 . 2009-06-02 14:04 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\PhotoFiltre Studio X 2009-05-30 19:47 . 2009-05-30 19:47 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\U3 2009-05-28 02:11 . 2009-05-23 13:28 -------- d-----w- c:\program files\ma-config.com 2009-05-28 02:11 . 2009-05-23 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\ma-config.com 2009-05-26 23:33 . 2009-05-26 23:33 -------- d-----w- c:\program files\Virtual Earth 3D 2009-05-23 13:19 . 2009-05-23 13:19 -------- d-----w- c:\program files\SystemRequirementsLab 2009-05-23 13:19 . 2009-05-23 13:19 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\SystemRequirementsLab 2009-05-23 13:19 . 2009-05-23 13:19 207872 ----a-w- c:\documents and settings\Famille Kelly Begin\Application Data\SystemRequirementsLab\SRLProxy_ind_4.dll 2009-05-23 13:19 . 2009-05-23 13:19 207872 ----a-w- c:\documents and settings\Famille Kelly Begin\Application Data\SystemRequirementsLab\SRLProxy_ind_3.dll 2009-05-23 13:19 . 2009-05-23 13:19 207872 ----a-w- c:\documents and settings\Famille Kelly Begin\Application Data\SystemRequirementsLab\SRLProxy_ind_2.dll 2009-05-23 13:19 . 2009-05-23 13:19 207872 ----a-w- c:\documents and settings\Famille Kelly Begin\Application Data\SystemRequirementsLab\SRLProxy_ind_1.dll 2009-05-18 20:56 . 2008-02-01 08:46 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-18 16:38 . 2009-05-18 16:38 -------- d-----w- c:\documents and settings\Famille Kelly Begin\Application Data\Visicom Media 2009-05-13 05:04 . 2004-08-19 20:09 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 19:12 . 2008-01-27 20:19 26144 ----a-w- c:\windows\system32\spupdsvc.exe 2009-05-10 16:12 . 2009-05-10 04:33 9022288 ----a-w- c:\documents and settings\Famille Kelly Begin\Application Data\TomTom\HOME\Profiles\zu927ey9.default\extensions\Navcore.8.010.9369@tomtom.com\8-010-9369-1.dll 2009-05-07 15:33 . 2008-07-29 16:52 348672 ----a-w- c:\windows\system32\localspl.dll 2009-04-27 23:59 . 2009-04-27 23:59 152576 ----a-w- c:\documents and settings\Famille Kelly Begin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-19 19:50 . 2008-07-29 16:52 1847296 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:53 . 2004-08-19 20:09 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-06-12 16:00 . 2009-02-12 14:08 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76A20DB7-AAD4-4EFD-AE21-57811E5E49E4}] 2009-03-30 23:41 1265664 ----a-w- d:\program files\La barre d'outils AIR MILES\Toolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{DC7A75BF-581D-4675-BDCB-D1B35116EB49}"= "d:\program files\La barre d'outils AIR MILES\Toolbar.dll" [2009-03-30 1265664] [HKEY_CLASSES_ROOT\clsid\{dc7a75bf-581d-4675-bdcb-d1b35116eb49}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{2BA36896-D5E2-425B-85E8-F664D1EA6896}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{DC7A75BF-581D-4675-BDCB-D1B35116EB49}"= "d:\program files\La barre d'outils AIR MILES\Toolbar.dll" [2009-03-30 1265664] [HKEY_CLASSES_ROOT\clsid\{dc7a75bf-581d-4675-bdcb-d1b35116eb49}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar.3] [HKEY_CLASSES_ROOT\TypeLib\{2BA36896-D5E2-425B-85E8-F664D1EA6896}] [HKEY_CLASSES_ROOT\FCTB000058373.IEToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "TomTomHOME.exe"="d:\program files\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856] "Google Update"="c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-05 133104] "WeatherEye"="d:\program files\MétéoMédia\MétéoÉclair\WeatherEye.exe" [2009-01-16 4519832] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nmctxth"="c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504] "nmapp"="c:\program files\Network Magic\nmapp.exe" [2009-02-03 451896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf d:\program files\iolo\System Mechanic 4" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WordQCRS.lnk] path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\WordQCRS.lnk backup=c:\windows\pss\WordQCRS.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Famille Kelly Begin^Menu Démarrer^Programmes^Démarrage^Outil de notification Live Search.lnk] path=c:\documents and settings\Famille Kelly Begin\Menu Démarrer\Programmes\Démarrage\Outil de notification Live Search.lnk backup=c:\windows\pss\Outil de notification Live Search.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "Easy-PrintToolBox"=c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\mIRC\\mirc.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "d:\\Program Files\\Shareaza\\Shareaza.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Famille Kelly Begin\\Bureau\\Le Bureau\\B- Raccourcis du Bureau\\P2P\\utorrent_343_utorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "67:UDP"= 67:UDP:DHCP Discovery Service R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sonypvl2.sys [2008-02-03 19478] R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sonypvf2.sys [2008-02-03 635012] R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sonypvt2.sys [2008-02-03 431236] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-07-12 108289] R2 DLPORTIO;DLPORTIO;c:\windows\DLPORTIO.sys [2008-02-08 3584] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-08-09 596336] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2008-08-09 596336] R2 LF30FS;LF30FS;d:\program files\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 101488] R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008] S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\docume~1\FAMILL~1\LOCALS~1\Temp\AVSETUP_4a5a05d9\basic\avupgsvc.exe" /TEMPSTART:""c:\docume~1\FAMILL~1\LOCALS~1\Temp\AVSETUP_4a5a05d9\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\docume~1\FAMILL~1\LOCALS~1\Temp\AVSETUP_4a5a05d9\basic\avupgsvc.exe [?] S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-06-21 12672] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-04-27 33176] S3 iAimFP8;iAimFP8;c:\windows\system32\drivers\wADV11NT.sys [2008-01-27 11935] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1614895754-1801674531-1003Core.job - c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-05 02:20] 2009-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1614895754-1801674531-1003UA.job - c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-05 02:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.evolutionsynchro.123.fr/ mWindow Title = uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: live.com\maps Handler: intu-ir2008 - {729D3592-92E7-4cbc-8E44-3C22B3F457B3} - c:\program files\ImpotRapide 2008\ic2008pp.dll FF - ProfilePath - c:\documents and settings\Famille Kelly Begin\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.evolutionsynchro.123.fr/|http://www.google.ca/|http://www.infofestival.com/index.php?lang=fr FF - plugin: c:\documents and settings\Famille Kelly Begin\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - plugin: d:\program files\Adobe\Reader 8.0\Reader\browser\nppdf32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-13 17:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,95,93,14,49,7d,ed,42,9a,5a,7b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,95,93,14,49,7d,ed,42,9a,5a,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,e5,8b,83,c6,cc, 39,30,f7,c8,28,51,af,b0,29,a3,98,e6,cf,6b,13,df,bd,3e,9b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,c7,8f,6f,f4,69, d2,0e,2f,71,3b,04,66,8b,46,0d,96,cc,d8,e6,f9,aa,e7,0d,3c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,b2,f8,ad,e8,dd, 82,f1,3b,25,da,ec,7e,55,20,c9,26,e4,1b,f7,c1,ac,ae,96,fd,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,d9,c3,39,0b,79, 63,15,38,3e,1e,9e,e0,57,5a,93,61,88,0c,f1,ca,b0,70,61,29,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,5e,cd,c9,2e,05, 63,9f,48,cd,44,cd,b9,a6,33,6c,cd,be,0b,8e,fa,af,17,3d,df,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,da,9a,29,b4,0b, fd,d1,84,b0,18,ed,a7,3f,8d,37,a4,a7,a1,3c,bd,e7,ba,d4,b3,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,9f,af,e3,43,d9, dd,9d,b7,31,77,e1,ba,b1,f8,68,02,71,48,9a,36,6c,59,3a,23,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,71,52,de,ad,21, 65,da,26,83,6c,56,8b,a0,85,96,ab,1e,28,26,a0,60,aa,0e,6f,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,08,d2,47,51,6f, 57,16,bc,51,fa,6e,91,28,9e,14,cc,a8,b8,09,85,e6,b4,d9,2f,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,2f,b1,15,be,b3, 68,16,56,b1,cd,45,5a,a8,c4,f8,b9,bc,1c,2c,35,49,ba,37,44,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2b,eb,f8,86,0f, 48,34,f5,e3,0e,66,d5,eb,bc,2f,6b,9d,31,91,62,57,16,41,61,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,f6,b0,be,c3,14, 4e,e6,16,fa,ea,66,7f,d4,3b,6b,70,7e,10,6d,13,5e,27,a7,5d,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1720) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA . ------------------------ Other Running Processes ------------------------ . d:\program files\Nero\InCD\InCDsrv.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\WebUpdateSvc.exe c:\program files\Fichiers communs\Pure Networks Shared\Platform\nmsrvc.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************** . Completion time: 2009-07-13 17:49 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-13 21:49 Pre-Run: 980 082 688 octets libres Post-Run: 869 060 608 octets libres 344 --- E O F --- 2009-07-09 01:34 Merci, j'attends de vos nouvelles. Speck41
  18. speck41
    Bonjour Falkra, merci de prendre mes problèmes en charge. Il n'y a aucun message d'erreur lorsque j'essais d'ouvrir HijackThis, même que Malwarebytes' Anti-Malware ne s'ouvre pas non plus, je n'y comprends rien. ATF cleaner fonctionne et je l'utilise déjà plusieurs fois par semaine. Merci Speck41
  19. speck41
    Bonjour, j'ai des fenêtres web qui s'ouvrent toutes seule, même lorsqu'il n'y a aucune activité sur mon ordinateur. J'ai une connexion internet par câble et je ne voudrais pas que quelqu'un utilise ma bande passante..... Alors, j'ai commencé la procédure de pré désinfection et lorsque j'arrive à: - Redémarrer le PC en mode normal - installation et utilisation d'HijackThis -- créer un nouveau dossier à la racine de C:\Program Files\HijackThis (double clic sur poste de travail/double clic sur l'icone de C/double clic sur le répertoire Program Files/clic droit dans la fenêtre, choisir nouveau dossier et le nommer HijackThis) ; dézipper le programme précédemment téléchargé lors de la phase 1 dans ce nouveau dossier HijackThis, créer un raccourci sur le bureau. Important: surtout, ne pas créer ce dossier HijackThis dans un répertoire temporaire -- arrêter tous les programmes en cours et fermer toutes les fenêtres -- lancer HijackThis à l'aide du raccourci et cliquer sur le bouton "Do a system scan and save a logfile" -- le rapport HijackThis (fichier log) va être enregistré dans C:\Program Files\HijackThis (penser à ajouter un chiffre à la suite du nom du rapport si vous voulez conserver un historique de vos rapports ex : HijackThis 1, HijackThis 2...) HijackThis ne s'ouvre pas........ Je suis bloqué là, quelqu'un peut m'aider? Je me suis déjà servis de HijackThis et tout avait bien été. Merci Speck41 Je vous joins le rapport de AntiVir: Avira AntiVir Personal Report file date: 12 juillet 2009 12:24 Scanning for 1515293 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Save mode Username : Famille Kelly Begin Computer name : ORDISALON Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 03/06/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 11/05/2009 14:14:47 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 15:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 16:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 15:58:52 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 16:16:23 ANTIVIR2.VDF : 7.1.4.198 778752 Bytes 08/07/2009 16:16:26 ANTIVIR3.VDF : 7.1.4.220 504320 Bytes 11/07/2009 16:16:28 Engineversion : 8.2.0.204 AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 16:52:04 AESCRIPT.DLL : 8.1.2.13 426362 Bytes 12/07/2009 16:16:35 AESCN.DLL : 8.1.2.3 127347 Bytes 14/05/2009 16:02:01 AERDL.DLL : 8.1.2.2 438642 Bytes 12/07/2009 16:16:34 AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 21:07:20 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 12/07/2009 16:16:33 AEHEUR.DLL : 8.1.0.137 1823095 Bytes 12/07/2009 16:16:32 AEHELP.DLL : 8.1.3.6 205174 Bytes 12/07/2009 16:16:30 AEGEN.DLL : 8.1.1.48 348532 Bytes 12/07/2009 16:16:29 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 19:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 21:07:20 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 19:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 15:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 19:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 15:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 20:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 15:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 20:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 13:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 15:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 20:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 15:19:48 Configuration settings for the scan: Jobname.............................: Local Drives Configuration file..................: c:\program files\avira\antivir desktop\alldrives.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, A:, E:, F:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 12 juillet 2009 12:24 The scan of running processes will be started Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Boot sector 'A:\' [iNFO] In the drive 'A:\' no data medium is inserted! Starting to scan executable files (registry). The registry was scanned ( '46' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O5WFQ781\promote[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[2].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[3].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[4].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[5].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[6].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[7].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[8].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[9].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SN6TG18N\468_60[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus Begin scan in 'D:\' D:\Mes documents\Denis Leveques\CN_Europe_NT_2010.1_FULL_Unlocked_\CN_Europe_NT_2010.1_FULL_Unlocked_.zip [0] Archive type: ZIP --> CN_Europe_NT_2010.1_Unlocked/GMAPPROM.IMG [WARNING] The file could not be written! [WARNING] The file could not be written! D:\Sauvegarde Temp Dossiers\EXE\cluster 1001109.EXE [0] Archive type: NSIS --> /goodchroma.jpg [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1001893.EXE [0] Archive type: NSIS --> /goodchroma.jpg [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1005714.EXE [0] Archive type: NSIS --> Normal/alnav_arrowsbg.bmp [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1006447.EXE [0] Archive type: NSIS --> Normal/alnav_arrowsbg.bmp [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1007180.EXE [0] Archive type: NSIS --> Normal/alnav_arrowsbg.bmp [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1008641.EXE [0] Archive type: NSIS --> ProgramFilesDir/[PluginsDir]/LangDLL.dll [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1010071.EXE [0] Archive type: NSIS --> /histogram_modestereo.gif [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1010764.EXE [0] Archive type: NSIS --> /histogram_modestereo.gif [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1017325.EXE [0] Archive type: NSIS --> [ProgramFilesDir]/Visicom Media/FTP Expert 3/license.txt [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1028854.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1029280.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1029706.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1030132.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1030558.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1030984.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1031410.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1318368.EXE [0] Archive type: NSIS --> /goodchroma.jpg [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1319892.EXE [0] Archive type: NSIS --> Normal/alnav_arrowsbg.bmp [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1320625.EXE [0] Archive type: NSIS --> Normal/alnav_arrowsbg.bmp [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 1327046.EXE [0] Archive type: NSIS --> Settings/QuickList.exe [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 2845944.EXE [0] Archive type: CAB SFX (self extracting) --> \@promt Professional 7 readme.txt [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 28552.EXE [0] Archive type: NSIS --> ProgramFilesDir/libaccess_output_udp_plugin.dll [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 2978547.EXE [0] Archive type: CAB SFX (self extracting) --> \kis.en.msi [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 3068547.EXE [0] Archive type: NSIS --> ProgramFilesDir/[installDir]/Resources/Devices/PA.jar [WARNING] The file could not be written! [WARNING] The file could not be written! D:\Sauvegarde Temp Dossiers\EXE\cluster 33880.EXE [0] Archive type: NSIS --> [PluginsDir]/modern-wizard.bmp [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed D:\Sauvegarde Temp Dossiers\EXE\cluster 413940.EXE [0] Archive type: CAB SFX (self extracting) --> \0x0407.ini [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed Begin scan in 'A:\' Search path A:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! System error [21]: Le périphérique n'est pas prêt. Beginning disinfection: C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O5WFQ781\promote[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4ac94d63.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4b68fc04.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[2].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4b69e4fc.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[3].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4b6a8d94.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[4].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4b6d85dc.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[5].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49e6231c.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[6].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49f93b24.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[7].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49f8336c.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[8].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49fbc8b4.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S3ILGZK1\promote[9].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49fac0fc.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SN6TG18N\468_60[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4a924d27.qua'! End of the scan: 12 juillet 2009 16:52 Used time: 2:29:52 Hour(s) The scan has been done completely. 8350 Scanned directories 326161 Files were scanned 11 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 11 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 326149 Files not concerned 2604 Archives were scanned 55 Warnings 12 Notes
  20. speck41
    J'ai suivis tous tes conseils et ça va NO-1 , YESSS Sir, merci A+Speck41 P.S.: je vais surement revenir bientôt avec des rapports sur les portables de mes 2 filles qui commencent à avoir certaines difficultés.
  21. speck41
    Bonjour Apollo, je dirais que depuis hier, j'utilise mon PC et tout semble aller no1 Je te remercie et te rend hommage pour toute l'aide que tu m'as apportée. Speck41 SVP, Comment éditer mon titre comme résolu ?
  22. speck41
    Daccord, je fais ce que tu me dis et je te reviens avec les résultats. Pour ce qui est de MIRC, je m'en sers pour communiquer avec une communauté et je n'échange pas de fichiers. Merci A+ Speck41 --------------------------------------------------------------------------------------- Voici les résultats, et je teste la machine ce soir plus tard. Encore une fois merci. Je reviens plus tard avec les résultats. Speck41 ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1025242.ZIP moved successfully. D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1025708.ZIP moved successfully. D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1026174.ZIP moved successfully. D:\Sauvegarde Temp Dossiers\ZIP moved successfully. ========== REGISTRY ========== ========== COMMANDS ========== File delete failed. C:\DOCUME~1\FAMILL~1\LOCALS~1\Temp\etilqs_yeD75uUVRHgYZZ9xRkET scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\fb_400.lck scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4f0.dat scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04302009_173822 Files moved on Reboot... File C:\DOCUME~1\FAMILL~1\LOCALS~1\Temp\etilqs_yeD75uUVRHgYZZ9xRkET not found! File C:\WINDOWS\temp\fb_400.lck not found! File C:\WINDOWS\temp\Perflib_Perfdata_4f0.dat not found! C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_001_ moved successfully. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_002_ moved successfully. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_003_ moved successfully. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\Cache\_CACHE_MAP_ moved successfully. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\urlclassifier3.sqlite moved successfully. C:\Documents and Settings\Famille Kelly Begin\Local Settings\Application Data\Mozilla\Firefox\Profiles\vws7tw35.default\XUL.mfl moved successfully.
  23. speck41
    Voila le rapport demandé: KASPERSKY ONLINE SCANNER 7.0 REPORT Thursday, April 30, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, April 29, 2009 23:15:23 Records in database: 2101635 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ Scan statistics Files scanned 95513 Threat name 3 Infected objects 16 Suspicious objects 0 Duration of the scan 03:53:34 File name Threat name Threats count C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Install\Mirc 6.16\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1025242.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1025708.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1026174.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1054326.ZIP Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1333681.ZIP Infected: not-a-virus:PSWTool.Win32.RAS.a 2 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 40957.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\EXE\cluster 40957.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1025242.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1025708.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1026174.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1054326.ZIP Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1333681.ZIP Infected: not-a-virus:PSWTool.Win32.RAS.a 2 The selected area was scanned. Merci Speck41 Désolé, avec les gels de souris je l,ai posté 2 fois et ne suis pas capable de l'enlever.
  24. speck41
    Voila le rapport demandé: KASPERSKY ONLINE SCANNER 7.0 REPORT Thursday, April 30, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Wednesday, April 29, 2009 23:15:23 Records in database: 2101635 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ F:\ Scan statistics Files scanned 95513 Threat name 3 Infected objects 16 Suspicious objects 0 Duration of the scan 03:53:34 File name Threat name Threats count C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Install\Mirc 6.16\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1025242.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1025708.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1026174.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1054326.ZIP Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 1333681.ZIP Infected: not-a-virus:PSWTool.Win32.RAS.a 2 D:\Sauvegarde Temp Dossiers\1-Sauvegarde temporaire TOUS MÊLÉS\cluster 40957.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\EXE\cluster 40957.EXE Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1025242.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1025708.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1026174.ZIP Infected: Trojan.Win32.Genome.ite 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1054326.ZIP Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Sauvegarde Temp Dossiers\ZIP\cluster 1333681.ZIP Infected: not-a-virus:PSWTool.Win32.RAS.a 2 The selected area was scanned. Speck41
  25. speck41
    Ouais, j'ai parlé trop vite, aussitôt que j'ai envoyé le post précédent, mon PC a gelé. D'autres idées? Merci Speck41
×
×
  • Créer...